BlackBerry powered by Android Security Bulletin – June 2018
Purpose of this Bulletin
BlackBerry has released a security update to address multiple vulnerabilities in BlackBerry powered by Android smartphones. We recommend users update to the latest available software build. BlackBerry releases security bulletins to notify users of its Android smartphones about available security fixes; see BlackBerry.com/psirt for a complete list of monthly bulletins. This advisory is in response to the Android Security Bulletin (June) and addresses issues in that bulletin that affect BlackBerry powered by Android smartphones.
Vulnerabilities Fixed in this Update
| Summary | CVE | ||
|
Elevation of Privilege in Systemserver |
|
|
CVE-2018-9338 |
|
Information Disclosure in Systemserver |
|
|
CVE-2018-9340 |
|
Remote Code Execution in Media Framework |
|
|
CVE-2018-9341 |
|
Remote Code Execution in Media Framework |
|
|
CVE-2018-5146 |
|
Information Disclosure in Media Framework |
|
|
CVE-2018-9345 |
|
Information Disclosure in Media Framework |
|
|
CVE-2018-9346 |
|
Denial of Service in Media Framework |
|
|
CVE-2018-9347 |
|
Denial of Service in Media Framework |
|
|
CVE-2018-9348 |
|
Remote Code Execution in Bluetooth |
|
|
CVE-2018-9355 |
|
Remote Code Execution in Bluetooth |
|
|
CVE-2018-9356 |
|
Elevation of Privilege in Bluetooth |
|
|
CVE-2018-9357 |
|
Information Disclosure in Bluetooth |
|
|
CVE-2018-9358 |
|
Information Disclosure in Bluetooth |
|
|
CVE-2018-9359 |
|
Information Disclosure in Bluetooth |
|
|
CVE-2018-9360 |
|
Information Disclosure in Bluetooth |
|
|
CVE-2018-9361 |
|
Denial of Service in Com.Android.Phone |
|
|
CVE-2018-9362 |
|
Elevation of Privilege in Kernel Bluetooth |
|
|
CVE-2018-9363 |
|
Elevation of Privilege in Kernel Crypto |
|
|
CVE-2017-17806 |
|
Elevation of Privilege in Kernel Keyring |
|
|
CVE-2017-17807 |
|
Elevation of Privilege in Kernel USB |
|
|
CVE-2017-17558 |
|
Information Disclosure in Qualcomm Diag Driver |
|
|
CVE-2018-5857 |
|
Information Disclosure in Qualcomm WLAN |
|
|
CVE-2018-5834 |
|
Elevation of Privilege in Qualcomm WLAN Host |
|
|
CVE-2018-5830 |
|
Elevation of Privilege in Qualcomm GPU Driver |
|
|
CVE-2018-3569 |
|
Elevation of Privilege in Qualcomm WLAN Host |
|
|
CVE-2018-5894 |
|
Elevation of Privilege in Packagemanager |
|
|
CVE-2018-9374 |
|
Elevation of Privilege in User Dictionary |
|
|
CVE-2018-9375 |
|
Information Disclosure in Activitymanager |
|
|
CVE-2018-9377 |
|
Information Disclosure in Media Framework |
|
|
CVE-2018-9378 |
|
Information Disclosure in Media Framework |
|
|
CVE-2018-9379 |
|
Denial of Service in Media Framework |
|
|
CVE-2018-9349 |
|
Denial of Service in Media Framework |
|
|
CVE-2018-9350 |
|
Denial of Service in Media Framework |
|
|
CVE-2018-9351 |
|
Denial of Service in Media Framework |
|
|
CVE-2018-9352 |
|
Denial of Service in Media Framework |
|
|
CVE-2018-9353 |
|
Denial of Service in Media Framework |
|
|
CVE-2018-9354 |
|
Elevation of Privilege in Bluetooth |
|
|
CVE-2018-9380 |
|
Elevation of Privilege in Wifi Service |
|
|
CVE-2018-9382 |
|
Information Disclosure in Kernel Asn1_decoder |
|
|
CVE-2018-9383 |
|
Elevation of Privilege in Kernel Ipv4/ipv6 |
|
|
CVE-2018-9389 |
|
Information Disclosure in Qualcomm Diag |
|
|
CVE-2018-5898 |
|
Information Disclosure in Qualcomm WLAN |
|
|
CVE-2018-5895 |
|
Information Disclosure in Qualcomm WLAN |
|
|
CVE-2017-13078 |
|
Information Disclosure in Qualcomm WLAN |
|
|
CVE-2017-13080 |
|
Elevation of Privilege in Qualcomm WLAN |
|
|
CVE-2018-3574 |
|
Elevation of Privilege in Qualcomm Camerav2 |
|
|
CVE-2018-5829 |
|
Elevation of Privilege in Qualcomm Wcd_cpe_core |
|
|
CVE-2018-5897 |
|
Elevation of Privilege in Qualcomm DSP_Services |
|
|
CVE-2018-5893 |
|
Elevation of Privilege in Qualcomm DSP_Services |
|
|
CVE-2017-14872 |
Available Updates
BlackBerry is making an updated software version available for BlackBerry powered by Android smartphones that have been purchased from ShopBlackBerry.com. Updated software builds may also be available from other retailers or carriers, dependent on their deployment schedules.
To identify an up to date software build, navigate to the Settings>About Phone menu. Look for the following Android security patch level:
June 5, 2018
If your BlackBerry powered by Android smartphone does not have an up-to-date software build available, please contact your retailer or carrier directly for security maintenance release availability information.
Legal Disclaimer
All data and information provided in this advisory (“Information”) are provided for informational purposes only and are provided “as is” without any warranties or guarantees, express or implied, including without limitation, any warranties or guarantees relating to the accuracy or reliability of the contents of the Information. In no event shall BlackBerry Limited and/or its subsidiaries and affiliates (“BlackBerry”) be liable to any party for any direct, indirect, special, punitive, consequential, or incidental damages in connection with any reliance on or use of the Information, including without limitation, loss of business revenue or earnings, lost data, damages caused by delays, lost profits or a failure to realize expected savings or revenues, even if BlackBerry was expressly advised of the possibility of such damages.
Change Log
19-08-2020 - Update to Purpose of this Bulletin and changed BlackBerry.com/bbsirt to BlackBerry.com/psirt