Lucene search

K
androidsecurityAndroid Open Source ProjectANDROID:2019-09-01
HistorySep 03, 2019 - 12:00 a.m.

Pixel Update Bulletin—September 2019

2019-09-0300:00:00
Android Open Source Project
source.android.com
36

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

77.5%

The Pixel Update Bulletin contains details of security vulnerabilities and functional improvements affecting supported Pixel devices (Google devices). For Google devices, security patch levels of 2019-09-05 or later address all issues in this bulletin and all issues in the September 2019 Android Security Bulletin. To learn how to check a device’s security patch level, see Check & update your Android version.

All supported Google devices will receive an update to the 2019-09-05 patch level. We encourage all customers to accept these updates for their devices.

Note: The Google device firmware images are available on the Google Developer site.

Announcements

In addition to the security vulnerabilities described in the September 2019 Android Security Bulletin, supported Google devices that are updated to Android 10 also contain patches for the security vulnerabilities described in this bulletin. Partners were notified that these issues are addressed in Android 10.

Security patches

The following tables include security patches that are addressed on Pixel devices with Android 10. Vulnerabilities are grouped under the component that they affect. Issues are described in the below tables and include CVE ID, associated references, type of vulnerability, severity, and updated Android Open Source Project (AOSP) versions (where applicable). When available, we link the public change that addressed the issue to the bug ID, like the AOSP change list. When multiple changes relate to a single bug, additional references are linked to numbers following the bug ID.

Broadcom components

CVE References Type Severity Component
CVE-2019-9426 A-110460199* EoP Moderate Bluetooth

LG components

CVE References Type Severity Component
CVE-2019-9436 A-127320561* EoP Moderate Bootloader
CVE-2019-2191 A-68770980* ID Moderate Bootloader
CVE-2019-2190 A-68771598* ID Moderate Bootloader

Kernel components

CVE References Type Severity Component
CVE-2019-9345 A-27915347* EoP High Kernel
CVE-2019-9461 A-120209610* ID High VPN
CVE-2019-9248 A-120279144* EoP Moderate Touch driver
CVE-2019-9270 A-65123745* EoP Moderate Wi-Fi
CVE-2019-2182 A-128700140 Upstream kernel EoP Moderate Kernel MMU
CVE-2019-9271 A-69006201* EoP Moderate MNH driver
CVE-2019-9273 A-70241598* EoP Moderate Touch driver
CVE-2019-9274 A-70809925* EoP Moderate MNH driver
CVE-2019-9275 A-71508439* EoP Moderate MNH driver
CVE-2019-9276 A-70294179* EoP Moderate Touch driver
CVE-2019-9441 A-69006882* EoP Moderate MNH driver
CVE-2019-9442 A-69808778* EoP Moderate MNH driver
CVE-2019-9443 A-70896844* EoP Moderate VL53L0 driver
CVE-2019-9446 A-118617506* EoP Moderate Touch driver
CVE-2019-9447 A-119120571 Upstream kernel EoP Moderate Touch driver
CVE-2019-9448 A-120141999 Upstream kernel EoP Moderate Touch driver
CVE-2019-9450 A-120141034 Upstream kernel EoP Moderate Touch driver
CVE-2019-9451 A-120211415 Upstream kernel EoP Moderate Touch driver
CVE-2019-9454 A-129148475 Upstream kernel EoP Moderate I2C driver
CVE-2019-9456 A-71362079 Upstream kernel EoP Moderate USB driver
CVE-2019-9457 A-116716935 Upstream kernel EoP Moderate Kernel
CVE-2019-9458 A-117989855 Upstream kernel EoP Moderate Video driver
CVE-2019-8912 A-125367761 Upstream kernel EoP Moderate Crypto
CVE-2018-18397 A-124036248 Upstream kernel EoP Moderate Storage
CVE-2018-14614 A-116406552 Upstream kernel EoP Moderate Storage
CVE-2018-1000199 A-110918800 Upstream kernel EoP Moderate ptrace
CVE-2018-13096 A-113148557 Upstream kernel EoP Moderate Storage
CVE-2018-5803 A-112406370 Upstream kernel DoS Moderate SCTP
CVE-2019-2189 A-112312381 EoP Moderate Image driver
CVE-2019-2188 A-112309571* EoP Moderate Image driver
CVE-2017-16939 A-70521013 Upstream kernel EoP Moderate Netlink XFRM
CVE-2018-20169 A-120783657 Upstream kernel ID Moderate USB driver
CVE-2019-9245 A-120491338 Upstream kernel ID Moderate Storage driver
CVE-2019-9444 A-78597155 Upstream kernel ID Moderate Storage driver
CVE-2019-9445 A-118153030 Upstream kernel ID Moderate Storage driver
CVE-2019-9449 A-120141031 Upstream kernel ID Moderate Touch driver
CVE-2019-9452 A-120211708 Upstream kernel ID Moderate Touch driver
CVE-2019-9453 A-126558260 Upstream kernel ID Moderate Storage driver
CVE-2019-9455 A-121035792 Upstream kernel ID Moderate Video driver
CVE-2018-19985 A-131963918 Upstream kernel ID Moderate USB driver
CVE-2018-20511 A-123742046 Upstream kernel ID Moderate nNet/AppleTalk
CVE-2018-1000204 A-113096593 Upstream kernel ID Moderate Storage

Qualcomm components

CVE References Type Severity Component
CVE-2017-14888 A-70237718 QC-CR#2119729 N/A Moderate WLAN host
CVE-2018-3573 A-72957667 QC-CR#2124525 N/A Moderate Bootloader
CVE-2017-15844 A-67749071 QC-CR#2127276 N/A Moderate Kernel
CVE-2018-3574 A-72957321 QC-CR#2148121 [2] [3] N/A Moderate Kernel
CVE-2018-5861 A-77527684 QC-CR#2167135 N/A Moderate Bootloader
CVE-2018-11302 A-109741923 QC-CR#2209355 N/A Moderate WLAN host
CVE-2018-5919 A-65423852 QC-CR#2213280 N/A Moderate WLAN host
CVE-2018-11818 A-111127974 QC-CR#2170083 [2] N/A Moderate MDSS driver
CVE-2018-11832 A-111127793 QC-CR#2212896 N/A Moderate Kernel
CVE-2018-11893 A-111127990 QC-CR#2231992 N/A Moderate WLAN host
CVE-2018-11919 A-79217930 QC-CR#2209134 [2] [3] N/A Moderate Kernel
CVE-2018-11939 A-77237693 QC-CR#2254305 N/A Moderate WLAN host
CVE-2018-11823 A-112277122 QC-CR#2204519 N/A Moderate Power
CVE-2018-11929 A-112277631 QC-CR#2231300 N/A Moderate WLAN host
CVE-2018-11943 A-72117228 QC-CR#2257823 N/A Moderate Bootloader
CVE-2018-11947 A-112277911 QC-CR#2246110 [2] N/A Moderate WLAN host
CVE-2018-11947 A-112278406 QC-CR#2272696 N/A Moderate WLAN host
CVE-2018-11942 A-112278151 QC-CR#2257688 N/A Moderate WLAN host
CVE-2018-11983 A-80095430 QC-CR#2262576 N/A Moderate Kernel
CVE-2018-11984 A-80435805 QC-CR#2266693 N/A Moderate Kernel
CVE-2018-11987 A-70638103 QC-CR#2258691 N/A Moderate Kernel
CVE-2018-11985 A-114041193 QC-CR#2163851 N/A Moderate Bootloader
CVE-2018-11988 A-114041748 QC-CR#2172134 [2] N/A Moderate Kernel
CVE-2018-11986 A-62916765 QC-CR#2266969 N/A Moderate Camera
CVE-2018-12010 A-62711756 QC-CR#2268386 N/A Moderate Kernel
CVE-2018-12006 A-77237704 QC-CR#2257685 [2] N/A Moderate Display
CVE-2018-13893 A-80302295 QC-CR#2291309 [2] N/A Moderate diag_mask
CVE-2018-12011 A-109697864 QC-CR#2274853 N/A Moderate Kernel
CVE-2018-13912 A-119053502 QC-CR#2283160 [2] N/A Moderate Camera
CVE-2018-13913 A-119053530 QC-CR#2286485 [2] N/A Moderate Display
CVE-2018-3564 A-119052383 QC-CR#2225279 N/A Moderate DSP services
CVE-2019-2248 A-122474006 QC-CR#2328906 N/A Moderate Display
CVE-2019-2277 A-127512945 QC-CR#2342812 N/A Moderate WLAN host
CVE-2019-2263 A-116024809 QC-CR#2076623 N/A Moderate Kernel
CVE-2019-2345 A-110849476 QC-CR#2115578 N/A Moderate Camera
CVE-2019-2306 A-115907574 QC-CR#2337383 [2] N/A Moderate Display
CVE-2019-2299 A-117988970 QC-CR#2243169 N/A Moderate WLAN host
CVE-2019-2312 A-117885392 QC-CR#2341890 N/A Moderate WLAN host
CVE-2019-2314 A-120028144 QC-CR#2357704 N/A Moderate Display
CVE-2019-2314 A-120029095 QC-CR#2357704 N/A Moderate Display
CVE-2019-2302 A-130565935 QC-CR#2300516 N/A Moderate WLAN host
CVE-2019-10506 A-117885703 QC-CR#2252793 N/A Moderate WLAN host
CVE-2018-13890 A-111274306 QC-CR#2288818 N/A Moderate WLAN host
CVE-2019-10507 A-132170503 QC-CR#2253396 N/A Moderate WLAN host
CVE-2019-10508 A-132173922 QC-CR#2288818 N/A Moderate WLAN host
CVE-2019-2284 A-132173427 QC-CR#2358765 N/A Moderate Camera
CVE-2019-2333 A-132171964 QC-CR#2381014 [2] [3] N/A Moderate Kernel
CVE-2019-2341 A-132172264 QC-CR#2389324 [2] N/A Moderate Audio
CVE-2019-10497 A-132173298 QC-CR#2395102 N/A Moderate Audio
CVE-2019-10542 A-134440623 QC-CR#2359884 N/A Moderate WLAN host
CVE-2019-10502 A-134441002 QC-CR#2401297 [2] [3] N/A Moderate Camera
CVE-2019-10528 A-63528466 QC-CR#2133028 [2] N/A Moderate Kernel
CVE-2018-11825 A-117985523 QC-CR#2205722 N/A Moderate WLAN host
CVE-2019-10565 A-129275872 QC-CR#2213706 N/A Moderate Camera

Qualcomm closed-source components

CVE References Type Severity Component
CVE-2018-11899 A-69383398* N/A Moderate Closed-source component
CVE-2019-2298 A-118897119* N/A Moderate Closed-source component
CVE-2019-2281 A-129765896* N/A Moderate Closed-source component
CVE-2019-2343 A-130566880* N/A Moderate Closed-source component

Functional patches

Please see this post for a description of features included with Android 10.

Common questions and answers

This section answers common questions that may occur after reading this bulletin.

1. How do I determine if my device is updated to address these issues?

Security patch levels of 2019-09-05 or later address all issues associated with the 2019-09-05 security patch level and all previous patch levels. To learn how to check a device’s security patch level, read the instructions on the Google device update schedule.

2. What do the entries in the Type column mean?

Entries in the Type column of the vulnerability details table reference the classification of the security vulnerability.

Abbreviation Definition
RCE Remote code execution
EoP Elevation of privilege
ID Information disclosure
DoS Denial of service
N/A Classification not available

3. What do the entries in the References column mean?

Entries under the References column of the vulnerability details table may contain a prefix identifying the organization to which the reference value belongs.

Prefix Reference
A- Android bug ID
QC- Qualcomm reference number
M- MediaTek reference number
N- NVIDIA reference number
B- Broadcom reference number

4. What does an * next to the Android bug ID in the References column mean?

Issues that are not publicly available have an * next to the Android bug ID in the References column. The update for that issue is generally contained in the latest binary drivers for Pixel devices available from the Google Developer site.

5. Why are security vulnerabilities split between this bulletin and the Android Security Bulletins?

Security vulnerabilities that are documented in the Android Security Bulletins are required to declare the latest security patch level on Android devices. Additional security vulnerabilities, such as those documented in this bulletin are not required for declaring a security patch level.

Versions

Version Date Notes
1.0 September 3, 2019 Bulletin published.
1.1 September 12, 2019 Bulletin updated.

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

8.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.006 Low

EPSS

Percentile

77.5%