AnsweredAssumed Answered

Stagefright vulnerability (CVE-2015-6603) exists in lib_mp4_parser_arm11_elinux.3.0.so for M6.0.1

Question asked by Stone Hsu on May 24, 2017
Latest reply on May 26, 2017 by Artur Petukhov

Dear all,

 

The latest CTS release for Marshmallow (Android 6.0 R18 CTS) has add a new security test for stagefright:

class : android.security.cts.StagefrightTest

test : testStagefright_cve_2015_6603

 

Our platform is based on the i.mx6QuadPlus SabreSD reference platform with Marshmallow M6.0.1_2.0.0.

I'm attaching the test report and the device logcat.

We also run this CTS test on the reference platform with demo image (M6.0.1_2.1.0) and get the same failure.

The Nexus 9 can pass this CTS test normally.

 

We trying to figure out what caused this failure. According to the device logcat, the failure relates to the lib_mp4_parser_arm11_elinux.3.0.so.

01-01 00:13:18.729 1870 2272 F libc : Fatal signal 11 (SIGSEGV), code 1, fault addr 0xb3f80000 in tid 2272 (generic)
01-01 00:13:18.839 234 234 F DEBUG : *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
01-01 00:13:18.839 234 234 F DEBUG : Build fingerprint: 'Freescale/sabresd_6dq/sabresd_6dq:6.0.1/2.0.0-ga-rc5/20160613:user/release-keys'
01-01 00:13:18.839 234 234 F DEBUG : Revision: '0'
01-01 00:13:18.839 234 234 F DEBUG : ABI: 'arm'
01-01 00:13:18.839 234 234 F DEBUG : pid: 1870, tid: 2272, name: generic >>> /system/bin/mediaserver <<<
01-01 00:13:18.839 234 234 F DEBUG : signal 11 (SIGSEGV), code 1 (SEGV_MAPERR), fault addr 0xb3f80000
01-01 00:13:18.839 535 673 W NativeCrashListener: Couldn't find ProcessRecord for pid 1870
01-01 00:13:18.851 234 234 F DEBUG : r0 b3f7ffc0 r1 b3f7ffe1 r2 ffff029a r3 00000004
01-01 00:13:18.851 234 234 E DEBUG : AM write failed: Broken pipe
01-01 00:13:18.851 234 234 F DEBUG : r4 b39803b0 r5 00000000 r6 0000be4b r7 0000000e
01-01 00:13:18.851 234 234 F DEBUG : r8 0000000f r9 00000008 sl 0000be42 fp 00000004
01-01 00:13:18.851 234 234 F DEBUG : ip 80000000 sp b3980338 lr b37f56cd pc b6a7b68c cpsr a00f0030
01-01 00:13:18.872 234 234 F DEBUG :
01-01 00:13:18.872 234 234 F DEBUG : backtrace:
01-01 00:13:18.872 234 234 F DEBUG : #00 pc 0001768c /system/lib/libc.so (__memcpy_base+111)
01-01 00:13:18.873 234 234 F DEBUG : #01 pc 000206c9 /system/lib/lib_mp4_parser_arm11_elinux.3.0.so (UnsyncRemoveV2_4+184)
01-01 00:13:18.873 234 234 F DEBUG : #02 pc 000207fd /system/lib/lib_mp4_parser_arm11_elinux.3.0.so (ID3V2Parse+164)
01-01 00:13:18.873 234 234 F DEBUG : #03 pc 0001e3e1 /system/lib/lib_mp4_parser_arm11_elinux.3.0.so

 

The lib_mp4_parser_arm11_elinux.3.0.so is a library, we don't have source code to analyse.

I found other guys have similar problem on imx6q with Lollipop L5.1.1_2.0.0 after searching the community.

Stagefright vulnerability (CVE-2015-6603) exists in lib_mp4_parser_arm11_elinux.3.0.so 

Is there a updated for Marshmallow(M6.0.1_2.0.0) at present?

 

Outcomes