BlackBerry powered by Android Security Bulletin – June 2018

Knowledge Base

BlackBerry powered by Android Security Bulletin – June 2018

Article Number: 000049462 First Published:  Last Modified: October 26, 2020 Type: Security Bulletin

Purpose of this Bulletin

BlackBerry has released a security update to address multiple vulnerabilities in BlackBerry powered by Android smartphones. We recommend users update to the latest available software build. BlackBerry releases security bulletins to notify users of its Android smartphones about available security fixes; see BlackBerry.com/psirt for a complete list of monthly bulletins. This advisory is in response to the Android Security Bulletin (June) and addresses issues in that bulletin that affect BlackBerry powered by Android smartphones.

Vulnerabilities Fixed in this Update

 

Summary  CVE

Elevation of Privilege in Systemserver

 

 

CVE-2018-9338

Information Disclosure in Systemserver

 

 

CVE-2018-9340

Remote Code Execution in Media Framework

 

 

CVE-2018-9341

Remote Code Execution in Media Framework

 

 

CVE-2018-5146

Information Disclosure in Media Framework

 

 

CVE-2018-9345

Information Disclosure in Media Framework

 

 

CVE-2018-9346

Denial of Service in Media Framework

 

 

CVE-2018-9347

Denial of Service in Media Framework

 

 

CVE-2018-9348

Remote Code Execution in Bluetooth

 

 

CVE-2018-9355

Remote Code Execution in Bluetooth

 

 

CVE-2018-9356

Elevation of Privilege in Bluetooth

 

 

CVE-2018-9357

Information Disclosure in Bluetooth

 

 

CVE-2018-9358

Information Disclosure in Bluetooth

 

 

CVE-2018-9359

Information Disclosure in Bluetooth

 

 

CVE-2018-9360

Information Disclosure in Bluetooth

 

 

CVE-2018-9361

Denial of Service in Com.Android.Phone

 

 

CVE-2018-9362

Elevation of Privilege in Kernel Bluetooth

 

 

CVE-2018-9363

Elevation of Privilege in Kernel Crypto

 

 

CVE-2017-17806

Elevation of Privilege in Kernel Keyring

 

 

CVE-2017-17807

Elevation of Privilege in Kernel USB

 

 

CVE-2017-17558

Information Disclosure in Qualcomm Diag Driver

 

 

CVE-2018-5857

Information Disclosure in Qualcomm WLAN

 

 

CVE-2018-5834

Elevation of Privilege in Qualcomm WLAN Host

 

 

CVE-2018-5830

Elevation of Privilege in Qualcomm GPU Driver

 

 

CVE-2018-3569

Elevation of Privilege in Qualcomm WLAN Host

 

 

CVE-2018-5894

Elevation of Privilege in Packagemanager

 

 

CVE-2018-9374

Elevation of Privilege in User Dictionary

 

 

CVE-2018-9375

Information Disclosure in Activitymanager

 

 

CVE-2018-9377

Information Disclosure in Media Framework

 

 

CVE-2018-9378

Information Disclosure in Media Framework

 

 

CVE-2018-9379

Denial of Service in Media Framework

 

 

CVE-2018-9349

Denial of Service in Media Framework

 

 

CVE-2018-9350

Denial of Service in Media Framework

 

 

CVE-2018-9351

Denial of Service in Media Framework

 

 

CVE-2018-9352

Denial of Service in Media Framework

 

 

CVE-2018-9353

Denial of Service in Media Framework

 

 

CVE-2018-9354

Elevation of Privilege in Bluetooth

 

 

CVE-2018-9380

Elevation of Privilege in Wifi Service

 

 

CVE-2018-9382

Information Disclosure in Kernel Asn1_decoder

 

 

CVE-2018-9383

Elevation of Privilege in Kernel Ipv4/ipv6

 

 

CVE-2018-9389

Information Disclosure in Qualcomm Diag

 

 

CVE-2018-5898

Information Disclosure in Qualcomm WLAN

 

 

CVE-2018-5895

Information Disclosure in Qualcomm WLAN

 

 

CVE-2017-13078

Information Disclosure in Qualcomm WLAN

 

 

CVE-2017-13080

Elevation of Privilege in Qualcomm WLAN

 

 

CVE-2018-3574

Elevation of Privilege in Qualcomm Camerav2

 

 

CVE-2018-5829

Elevation of Privilege in Qualcomm Wcd_cpe_core

 

 

CVE-2018-5897

Elevation of Privilege in Qualcomm DSP_Services

 

 

CVE-2018-5893

Elevation of Privilege in Qualcomm DSP_Services

 

 

CVE-2017-14872

 

Available Updates

BlackBerry is making an updated software version available for BlackBerry powered by Android smartphones that have been purchased from ShopBlackBerry.com. Updated software builds may also be available from other retailers or carriers, dependent on their deployment schedules.

To identify an up to date software build, navigate to the Settings>About Phone menu. Look for the following Android security patch level:

June 5, 2018

If your BlackBerry powered by Android smartphone does not have an up-to-date software build available, please contact your retailer or carrier directly for security maintenance release availability information.

Legal Disclaimer 

All data and information provided in this advisory (“Information”) are provided for informational purposes only and are provided “as is” without any warranties or guarantees, express or implied, including without limitation, any warranties or guarantees relating to the accuracy or reliability of the contents of the Information. In no event shall BlackBerry Limited and/or its subsidiaries and affiliates (“BlackBerry”) be liable to any party for any direct, indirect, special, punitive, consequential, or incidental damages in connection with any reliance on or use of the Information, including without limitation, loss of business revenue or earnings, lost data, damages caused by delays, lost profits or a failure to realize expected savings or revenues, even if BlackBerry was expressly advised of the possibility of such damages. 

Change Log

18-6-2018 - First publication

19-08-2020 - Update to Purpose of this Bulletin and changed BlackBerry.com/bbsirt to BlackBerry.com/psirt