142
android Malware and analysis
Table8.1 Android Kernel Vulnerabilities (continued)
NAME DESCRIPTION
CVE-2013-4787 Android 1.6 Donut through 4.2 Jelly Bean does not properly check cryptographic
signatures for applications, which allows attackers to execute arbitrary code via
an application package le (APK) that is modied in a way that does not violate
the cryptographic signature, probably involving multiple entries in a Zip le
with the same name in which one entry is validated but the other entry is
installed, aka Android security bug 8219321 and the “Master Key” vulnerability.
CVE-2013-4777 A certain conguration of Android 2.3.7 on the Motorola Defy XT phone for
Republic Wireless uses init to create a/dev/socket/init_runit socket that
listens for shell commands, which allows local users to gain privileges by
interacting with a LocalSocket object.
CVE-2013-4740 goodix_tool.c in the Goodix gt915 touchscreen driver for the Linux kernel 3.x, as
used in Qualcomm Innovation Center (QuIC) Android contributions for MSM
devices and other products, relies on user-space length values for kernel-
memory copies of procfs le content, which allows attackers to gain
privileges or cause a denial of service (memory corruption) via an application
that provides crafted values.
CVE-2013-4739 The MSM camera driver for the Linux kernel 3.x, as used in Qualcomm
Innovation Center (QuIC) Android contributions for MSM devices and other
products, allows attackers to obtain sensitive information from kernel
stack memory via (1) a crafted MSM_MCR_IOCTL_EVT_GET ioctl call,
related to drivers/media/platform/msm/camera_v1/mercury/msm_
mercury_sync.c, or (2) a crafted MSM_JPEG_IOCTL_EVT_GET ioctl call,
related to drivers/media/platform/msm/camera_v2/jpeg_10/
msm_jpeg_sync.c.
CVE-2013-4738 Multiple stack-based buffer overows in the MSM camera driver for the Linux
kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions
for MSM devices and other products, allow attackers to gain privileges via (1) a
crafted VIDIOC_MSM_VPE_DEQUEUE_STREAM_BUFF_INFO ioctl call, related to
drivers/media/platform/msm/camera_v2/pproc/vpe/msm_vpe.c, or (2) a
crafted VIDIOC_MSM_CPP_DEQUEUE_STREAM_BUFF_INFO ioctl call, related to
drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c.
CVE-2013-4737 The CONFIG_STRICT_MEMORY_RWX implementation for the Linux kernel 3.x,
as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM
devices and other products, does not properly consider certain memory
sections, which makes it easier for attackers to bypass intended access
restrictions by leveraging the presence of RWX memory at a xed location.
CVE-2013-4736 Multiple integer overows in the JPEG engine drivers in the MSM camera driver
for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC)
Android contributions for MSM devices and other products, allow attackers to
cause a denial of service (system crash) via a large number of commands in
an ioctl call, related to (1) camera_v1/gemini/msm_gemini_sync.c, (2)
camera_v2/gemini/msm_gemini_sync.c, (3) camera_v2/jpeg_10/msm_
jpeg_sync.c, (4) gemini/msm_gemini_sync.c, (5) jpeg_10/msm_jpeg_sync.c,
and (6) mercury/msm_mercury_sync.c.
(continued)