BlackBerry powered by Android Security Bulletin – September 2017
Purpose of this Bulletin
BlackBerry has released a security update to address multiple vulnerabilities in BlackBerry powered by Android smartphones. We recommend users update to the latest available software build.
BlackBerry releases security bulletins to notify users of its Android smartphones about available security fixes; see BlackBerry.com/psirt for a complete list of monthly bulletins. This advisory is in response to the Android Security Bulletin (September 2017) and addresses issues in that bulletin that affect BlackBerry powered by Android smartphones.
Vulnerabilities Fixed in this Update
The following vulnerabilities have been remediated in this update:
| Summary | CVE | ||
|
Elevation of Privilege in WindowManager |
|
|
CVE-2017-0752 |
|
Elevation of Privilege in Libminikin |
|
|
CVE-2017-0755 |
|
Remote Code Execution in Mediaserver |
|
|
CVE-2017-0756 |
|
Remote Code Execution in Mediaserver |
|
|
CVE-2017-0757 |
|
Remote Code Execution in Mediaserver |
|
|
CVE-2017-0758 |
|
Remote Code Execution in Mediaserver |
|
|
CVE-2017-0759 |
|
Remote Code Execution in Mediaserver |
|
|
CVE-2017-0760 |
|
Remote Code Execution in Mediaserver |
|
|
CVE-2017-0761 |
|
Remote Code Execution in Mediaserver |
|
|
CVE-2017-0762 |
|
Remote Code Execution in Mediaserver |
|
|
CVE-2017-0763 |
|
Remote Code Execution in Mediaserver |
|
|
CVE-2017-0764 |
|
Remote Code Execution in Mediaserver |
|
|
CVE-2017-0765 |
|
Remote Code Execution in Mediaserver |
|
|
CVE-2017-0766 |
|
Elevation of Privilege in Mediaserver |
|
|
CVE-2017-0767 |
|
Elevation of Privilege in Mediaserver |
|
|
CVE-2017-0768 |
|
Elevation of Privilege in Mediaserver |
|
|
CVE-2017-0770 |
|
Denial of Service in Mediaserver |
|
|
CVE-2017-0772 |
|
Denial of Service in Mediaserver |
|
|
CVE-2017-0773 |
|
Denial of Service in Mediaserver |
|
|
CVE-2017-0774 |
|
Denial of Service in Mediaserver |
|
|
CVE-2017-0775 |
|
Denial of Service in Mediaserver |
|
|
CVE-2017-0776 |
|
Denial of Service in Mediaserver |
|
|
CVE-2017-0777 |
|
Denial of Service in Mediaserver |
|
|
CVE-2017-0778 |
|
Information Disclosure in Mediaserver |
|
|
CVE-2017-0779 |
|
Elevation of Privilege in NFC |
|
|
CVE-2017-0784 |
|
Elevation of Privilege in Broadcom Wi-Fi Driver |
|
|
CVE-2017-0786 |
|
Elevation of Privilege in Broadcom Wi-Fi Driver |
|
|
CVE-2017-0787 |
|
Elevation of Privilege in Broadcom Wi-Fi Driver |
|
|
CVE-2017-0789 |
|
Elevation of Privilege in Broadcom Wi-Fi Driver |
|
|
CVE-2017-0790 |
|
Elevation of Privilege in Broadcom Wi-Fi Driver |
|
|
CVE-2017-0791 |
|
Information Disclosure in Broadcom Wi-Fi Driver |
|
|
CVE-2017-0792 |
|
Remote Code Execution in Kernel |
|
|
CVE-2017-8890 |
|
Elevation of Privilege in Kernel |
|
|
CVE-2017-9076 |
|
Information Disclosure in Kernel |
|
|
CVE-2017-9150 |
|
Elevation of Privilege in Kernel IPX protocol Driver |
|
|
CVE-2017-7487 |
|
Denial of Service in Kernel |
|
|
CVE-2017-6214 |
|
Elevation of Privilege in Kernel |
|
|
CVE-2017-6346 |
|
Information Disclosure in Kernel |
|
|
CVE-2017-5897 |
|
Information Disclosure in Kernel File System |
|
|
CVE-2017-7495 |
|
Information Disclosure in Kernel |
|
|
CVE-2017-7616 |
|
Elevation of Privilege in Kernel SCSI Driver |
|
|
CVE-2017-0794 |
|
Elevation of Privilege in Qualcomm Memory subSystem |
|
|
CVE-2017-9725 |
|
Elevation of Privilege in Qualcomm |
|
|
CVE-2017-9724 |
|
Elevation of Privilege in Qualcomm Audio Driver |
|
|
CVE-2017-9720 |
|
Elevation of Privilege in Qualcomm GPU Driver |
|
|
CVE-2017-8250 |
|
Elevation of Privilege in Qualcomm Audio Driver |
|
|
CVE-2017-9677 |
|
Information Disclosure in Qualcomm File System |
|
|
CVE-2017-9676 |
|
Elevation of Privilege in Qualcomm WLAN Driver |
|
|
CVE-2017-8280 |
|
Elevation of Privilege in Qualcomm Camera Driver |
|
|
CVE-2017-8251 |
|
Elevation of Privilege in Qualcomm Camera Driver |
|
|
CVE-2017-8247 |
|
Elevation of Privilege in Qualcomm Camera Driver |
|
|
CVE-2017-9720 |
|
Elevation of Privilege in Qualcomm Video Driver |
|
|
CVE-2017-8277 |
|
Information Disclosure in Qualcomm Automotive multimedia |
|
|
CVE-2017-8281 |
|
Remote Code Execution in Mediaserver |
CVE-2017-0781 | ||
|
Remote Code Execution in Mediaserver |
CVE-2017-0782 | ||
|
Information Disclosure in Mediaserver |
CVE-2017-0783 | ||
|
Information Disclosure in Mediaserver |
CVE-2017-0785 |
Available Updates
BlackBerry is making an updated software version available for BlackBerry powered by Android smartphones that have been purchased from ShopBlackBerry.com. Updated software builds may also be available from other retailers or carriers, dependent on their deployment schedules.
To identify an up to date software build, navigate to the Settings>About Phone menu. Look for the following Android security patch level:
- September 5, 2017 or later
If your BlackBerry powered by Android smartphone does not have an up-to-date software build available, please contact your retailer or carrier directly for security maintenance release availability information.
Legal Disclaimer
All data and information provided in this advisory (“Information”) are provided for informational purposes only and are provided “as is” without any warranties or guarantees, express or implied, including without limitation, any warranties or guarantees relating to the accuracy or reliability of the contents of the Information. In no event shall BlackBerry Limited and/or its subsidiaries and affiliates (“BlackBerry”) be liable to any party for any direct, indirect, special, punitive, consequential, or incidental damages in connection with any reliance on or use of the Information, including without limitation, loss of business revenue or earnings, lost data, damages caused by delays, lost profits or a failure to realize expected savings or revenues, even if BlackBerry was expressly advised of the possibility of such damages.
Change Log
09-06-2017
Initial publication
09-15-2017
Updated to include four CVEs that address additional vulnerabilities disclosed on September 12, 2017.
12-15-2017
Aligned to new template.
09-19-2020
Changed BlackBerry.com/bbsirt to BlackBerry.com/psirt