This issue has been fixed in the latest version of the kernel as of version 4.15. The update can be installed using the standard Android update mechanism. If the device is connected to a computer that has the latest version of the kernel, the update will be downloaded and installed automatically.
CVE-2018-5332: Incorrect Access Control in Qualcomm Drivers in Android before November 15, 2017 on Qualcomm Snapdragon phones allows attackers to bypass hardware verification via a crafted application that uses the native function. This issue has been assigned the CVE identifier CVE-2018-5332.
CVE-2018-5333: Incorrect Access Control in Qualcomm Video Driver in Android before November 15, 2017 on Qualcomm Snapdragon phones allows attackers to bypass hardware verification via a crafted application that uses the native function. This issue has been assigned the CVE identifier CVE-2018-5333.
CVE-2018-5334: Incorrect Access Control in Qualcomm Wi-Fi Driver in Android before November 15, 2017 on Qualcomm Snapdragon phones allows attackers to bypass hardware verification via a crafted application that uses the native function. This issue has been assigned the CVE identifier CVE-2018-5334.
CVE-2018-5335: Incorrect Access Control in Qualcomm Ingress Protection Driver in Android before November 15, 2017 on Qualcomm Snapdragon phones allows attackers to bypass hardware verification via a crafted application that uses the native function
Android Things (with QEMU virtualization)
Closing the Loop on an IoT Device
With Android Things, you can use the same Android software development kit (SDK) to develop and deploy apps for devices that run on a Linux kernel. This includes Raspberry Pi, Arduino, and other embedded systems. What’s more, you can use the same SDK to program a virtual machine running on QEMU. The result is a self-contained IoT device that runs your app locally, without needing any additional hardware or cloud services.
Why is it important?
Google has made it easy for developers to create devices using Android Things by providing a wide range of prebuilt reference designs and documentation. These designs come with many features already enabled, including:
• A complete Linux kernel running on QEMU virtualization
• A x86 instruction set architecture (ISA) with support for standard x86 instructions as well as some ARM instructions
• Support for supporting up to 4GB RAM in each partition
What to do if you are affected?
If you are using a Qualcomm-based phone, you should update your device to the latest version of the Android OS (4.16) which has been released on November 15, 2017
If you are using a Samsung-based phone with the Exynos chipset, you should update your device to the latest version of the Android OS (4.4)
How to check if you are affected by these vulnerabilities
Step 1: Open the Settings app
Step 2: Select "About phone"
Step 3: Scroll down to "Android version" and tap it
Step 4: If the number is higher than or equal to "4.15," you are not affected by any of these vulnerabilities.
What to do if your device is vulnerable?
We recommend that all users upgrade to the latest version of Android. You can check which version your device is running by opening Settings > About phone > System update. If you have any concerns, please contact your carrier or the device manufacturer for more information.
If this post has a blog article, please write a paragraph on what should be done in the event that your device becomes vulnerable to one of these vulnerabilities.
Timeline
Published on: 10/11/2022 20:15:00 UTC
Last modified on: 10/13/2022 02:51:00 UTC