These page show the practical CVEs that Found. I reported these bugs to Security@amazon.com on On 5/11/2018 and now I have been told they have repaired the bugs and the details can be published. However, Amazon does not have an advisory page at the moment. I think it is a must to list the detailed infomation here.
- 5/11/2018 Bugs were reported to Security@amazon.com.
- 06/27/2018 Amazon confirmation.
- 09/18/2018 Amazon had started updating our FireOS 4 devices with the security patches.
- The advisory for the CVE-2018-11019.
- The advisory for the CVE-2018-11020.
- The advisory for the CVE-2018-11021.
- The advisory for the CVE-2018-11022.
- The advisory for the CVE-2018-11025.