cnvd - cnvd-2017-13524

cnvd-2017-13524

Vulnerability from cnvd

Title

Google Android Nvidia和Qualcomm sound驱动程序存在未明漏洞

Description

Android是美国谷歌（Google）公司和开放手持设备联盟（简称OHA）共同开发的一套以Linux为基础的开源操作系统。Nvidia是其中的图形驱动程序；Qualcomm sound是其中的一个美国高通（Qualcomm）公司开发的声音驱动程序。 Android中的Nvidia和Qualcomm sound驱动程序存在安全漏洞。攻击者可利用该漏洞控制Android内核。

Severity

中

Patch Name

Google Android Nvidia和Qualcomm sound驱动程序存在未明漏洞的补丁

Patch Description

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： http://source.android.com/security/bulletin/2017-06-01

Reference

http://securitytracker.com/id/1038623

Impacted products

Name
Google Android

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2017-6249"
    }
  },
  "description": "Android\u662f\u7f8e\u56fd\u8c37\u6b4c\uff08Google\uff09\u516c\u53f8\u548c\u5f00\u653e\u624b\u6301\u8bbe\u5907\u8054\u76df\uff08\u7b80\u79f0OHA\uff09\u5171\u540c\u5f00\u53d1\u7684\u4e00\u5957\u4ee5Linux\u4e3a\u57fa\u7840\u7684\u5f00\u6e90\u64cd\u4f5c\u7cfb\u7edf\u3002Nvidia\u662f\u5176\u4e2d\u7684\u56fe\u5f62\u9a71\u52a8\u7a0b\u5e8f\uff1bQualcomm sound\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u7f8e\u56fd\u9ad8\u901a\uff08Qualcomm\uff09\u516c\u53f8\u5f00\u53d1\u7684\u58f0\u97f3\u9a71\u52a8\u7a0b\u5e8f\u3002\r\n\r\nAndroid\u4e2d\u7684Nvidia\u548cQualcomm sound\u9a71\u52a8\u7a0b\u5e8f\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63a7\u5236Android\u5185\u6838\u3002",
  "discovererName": "Unknown",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttp://source.android.com/security/bulletin/2017-06-01",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2017-13524",
  "openTime": "2017-07-10",
  "patchDescription": "Android\u662f\u7f8e\u56fd\u8c37\u6b4c\uff08Google\uff09\u516c\u53f8\u548c\u5f00\u653e\u624b\u6301\u8bbe\u5907\u8054\u76df\uff08\u7b80\u79f0OHA\uff09\u5171\u540c\u5f00\u53d1\u7684\u4e00\u5957\u4ee5Linux\u4e3a\u57fa\u7840\u7684\u5f00\u6e90\u64cd\u4f5c\u7cfb\u7edf\u3002Nvidia\u662f\u5176\u4e2d\u7684\u56fe\u5f62\u9a71\u52a8\u7a0b\u5e8f\uff1bQualcomm sound\u662f\u5176\u4e2d\u7684\u4e00\u4e2a\u7f8e\u56fd\u9ad8\u901a\uff08Qualcomm\uff09\u516c\u53f8\u5f00\u53d1\u7684\u58f0\u97f3\u9a71\u52a8\u7a0b\u5e8f\u3002\r\n\r\nAndroid\u4e2d\u7684Nvidia\u548cQualcomm sound\u9a71\u52a8\u7a0b\u5e8f\u5b58\u5728\u5b89\u5168\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u63a7\u5236Android\u5185\u6838\u3002 \u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Google Android Nvidia\u548cQualcomm sound\u9a71\u52a8\u7a0b\u5e8f\u5b58\u5728\u672a\u660e\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Google Android"
  },
  "referenceLink": "http://securitytracker.com/id/1038623",
  "serverity": "\u4e2d",
  "submitTime": "2017-06-23",
  "title": "Google Android Nvidia\u548cQualcomm sound\u9a71\u52a8\u7a0b\u5e8f\u5b58\u5728\u672a\u660e\u6f0f\u6d1e"
}

CVE-2017-6249 (GCVE-0-2017-6249)

Vulnerability from cvelistv5

Published

2017-07-13 16:00

Modified

2024-09-17 04:09

Severity ?

CWE

Elevation of privilege

Summary

An elevation of privilege vulnerability in the NVIDIA sound driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Moderate because it first requires compromising a privileged process. Product: Android. Versions: N/A. Android ID: A-34373711. References: N-CVE-2017-6249.

References

URL

Tags

	http://www.securityfocus.com/bid/99616	vdb-entry, x_refsource_BID
	https://source.android.com/security/bulletin/2017-06-01	x_refsource_CONFIRM
	http://www.securitytracker.com/id/1038623	vdb-entry, x_refsource_SECTRACK