Google’s November update for Android includes patches for more than a dozen critical vulnerabilities, several of which are in the kernel. The monthly update also includes fixes for a number of remote code execution flaws.
One of the critical vulnerabilities is an issue with the Qualcomm cryptographic driver that could lead to code execution.
“A remote code execution vulnerability in the Qualcomm crypto driver could enable a remote attacker to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of remote code execution in the context of the kernel,” Google said in its Android advisory.
As it has for the last few months, Google separated the Android patches into a couple of different levels. Carriers and device manufacturers have the option of updating their Android distributions to either of the levels, depending upon how quickly they want to get the updates out. The 11-01 patch level contains fixes for 21 vulnerabilities, while the 11-05 level has those fixes plus patches for an additional 26 bugs.
Many of the vulnerabilities that are patched in the 11-05 level are elevation of privilege bugs, but a number of them are considered critical because they have the possibility of allowing an attacker to completely compromise a device. There are three such vulnerabilities in the Android kernel file system, for example.
“An elevation of privilege vulnerability in the kernel file system could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as Critical due to the possibility of a local permanent device compromise, which may require reflashing the operating system to repair the device,” the Android advisory says.
Interestingly, Google this month also included a supplemental patch level, which comprises just one patch. The fix is for the so-called Dirty Cow flaw, which is a privilege escalation bug in the Linux kernel.
“An elevation of privilege vulnerability in the kernel memory subsystem could enable a local malicious application to execute arbitrary code within the context of the kernel,” the advisory says.