[Secure-testing-commits] r52540 - data/CVE

Moritz Muehlenhoff jmm at moszumanska.debian.org
Tue Jun 13 20:22:02 UTC 2017 

Author: jmm
Date: 2017-06-13 20:22:02 +0000 (Tue, 13 Jun 2017)
New Revision: 52540

Modified:
   data/CVE/list
Log:
cleanup some android issues


Modified: data/CVE/list
===================================================================
--- data/CVE/list	2017-06-13 19:51:55 UTC (rev 52539)
+++ data/CVE/list	2017-06-13 20:22:02 UTC (rev 52540)
@@ -24808,8 +24808,9 @@
 CVE-2017-0565 (An elevation of privilege vulnerability in the MediaTek thermal driver ...)
 	NOT-FOR-US: MediaTek driver for Android
 CVE-2017-0564 (An elevation of privilege vulnerability in the kernel ION subsystem ...)
-	- linux <undetermined>
-	NOTE: present in drivers/staging/android/ion
+	NOT-FOR-US: Android ION subsystem
+	NOTE: Linux mainline contains a copy in drivers/staging/android/ion, but since no
+	NOTE: patch has been made available it's likely some closed-source addon
 CVE-2017-0563 (An elevation of privilege vulnerability in the HTC touchscreen driver ...)
 	NOT-FOR-US: HTC driver for Android
 CVE-2017-0562 (An elevation of privilege vulnerability in the MediaTek touchscreen ...)
@@ -24930,11 +24931,13 @@
 CVE-2017-0509 (An elevation of privilege vulnerability in the Broadcom Wi-Fi driver ...)
 	NOT-FOR-US: Broadcom driver for Android
 CVE-2017-0508 (An elevation of privilege vulnerability in the kernel ION subsystem ...)
-	- linux <undetermined>
-	NOTE: present in drivers/staging/android/ion
+	NOT-FOR-US: Android ION subsystem
+	NOTE: Linux mainline contains a copy in drivers/staging/android/ion, but since no
+	NOTE: patch has been made available it's likely some closed-source addon
 CVE-2017-0507 (An elevation of privilege vulnerability in the kernel ION subsystem ...)
-	- linux <undetermined>
-	NOTE: present in drivers/staging/android/ion
+	NOT-FOR-US: Android ION subsystem
+	NOTE: Linux mainline contains a copy in drivers/staging/android/ion, but since no
+	NOTE: patch has been made available it's likely some closed-source addon
 CVE-2017-0506 (An elevation of privilege vulnerability in MediaTek components, ...)
 	NOT-FOR-US: MediaTek driver for Android
 CVE-2017-0505 (An elevation of privilege vulnerability in MediaTek components, ...)
@@ -25094,7 +25097,7 @@
 CVE-2017-0428 (An elevation of privilege vulnerability in the NVIDIA GPU driver could ...)
 	NOT-FOR-US: NVIDIA driver for Android
 CVE-2017-0427 (An elevation of privilege vulnerability in the kernel file system ...)
-	- linux <undetermined>
+	NOT-FOR-US: Unspecified Android filesystem, apparently not in mainline
 	NOTE: https://source.android.com/security/bulletin/2017-02-01.html
 	NOTE: Android bulletin lists all recent devices as affected.
 	NOTE: No source patch available, so may relate to Apache-licensed sdcardfs.

More information about the Secure-testing-commits mailing list