PT-2018-4500 · Google · Android
Publicado
2018-04-18
·
Atualizado
2018-05-11
·
CVE-2015-9166
CVSS v2.0
5.0
Média
| Vetor | AV:N/AC:L/Au:N/C:N/I:P/A:N |
Name of the Vulnerable Software and Affected Versions
Android versions prior to 2018-04-05 security patch level
Description
The issue concerns the DRM provisioning mechanisms in QSEE applications. These mechanisms have a feature to prevent further provisioning by creating an SFS file called
finalize prov flag.data at the end of provisioning. However, the current implementation allows provisioning without sufficient checks, potentially leading to security issues.Recommendations
For Android versions prior to 2018-04-05 security patch level, update to a version with a security patch level of 2018-04-05 or later to resolve the issue.
Correção
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Android