1 page.title=Android - 2017 2 2 @jd:body 3 <!-- 4 Copyright 2017 The Android Open Source Project 5 Licensed under the Apache License, Version 2.0 (the "License"); 6 you may not use this file except in compliance with the License. 7 You may obtain a copy of the License at 8 http://www.apache.org/licenses/LICENSE-2.0 9 Unless required by applicable law or agreed to in writing, software 10 distributed under the License is distributed on an "AS IS" BASIS, 11 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 See the License for the specific language governing permissions and 13 limitations under the License. 14 --> 15 <p><em>2017 2 6 | 2017 2 8 </em></p> 16 <p> 17 Android Android Google OTAGoogle <a href="https://developers.google.com/android/nexus/images">Google </a>2017 2 5 <a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">Pixel Nexus </a> 18 </p> 19 <p> 20 2017 1 3 Android AOSP AOSP 21 </p> 22 <p> 23 MMS 24 </p> 25 <p> 26 <a href="{@docRoot}security/enhancements/index.html">Android </a> <a href="https://developer.android.com/training/safetynet/index.html">SafetyNet</a> <a href="#mitigations">Android Google </a>Android 27 </p> 28 <p> 29 30 </p> 31 <h2 id="announcements"></h2> 32 <ul> 33 <li>2 Android Android <a href="#common-questions-and-answers"></a> 34 <ul> 35 <li><strong>2017-02-01</strong>: 2017-02-01 </li> 36 <li><strong>2017-02-05</strong>: 2017-02-01 2017-02-05 </li> 37 </ul> 38 </li> 39 <li> Google 2017 2 5 1 OTA </li> 40 </ul> 41 <h2 id="security-vulnerability-summary"></h2> 42 <p> 43 CVEGoogle <a href="{@docRoot}security/overview/updates-resources.html#severity"></a> 44 </p> 45 <h3 id="2017-02-01-summary"> 2017-02-01 </h3> 46 <p> 47 2017-02-01 48 </p> 49 <table> 50 <col width="55%"> 51 <col width="20%"> 52 <col width="13%"> 53 <col width="12%"> 54 <tr> 55 <th></th> 56 <th>CVE</th> 57 <th></th> 58 <th>Google </th> 59 </tr> 60 <tr> 61 <td>Surfaceflinger </td> 62 <td>CVE-2017-0405</td> 63 <td></td> 64 <td></td> 65 </tr> 66 <tr> 67 <td></td> 68 <td>CVE-2017-0406CVE-2017-0407</td> 69 <td></td> 70 <td></td> 71 </tr> 72 <tr> 73 <td>libgdx </td> 74 <td>CVE-2017-0408</td> 75 <td></td> 76 <td></td> 77 </tr> 78 <tr> 79 <td>libstagefright </td> 80 <td>CVE-2017-0409</td> 81 <td></td> 82 <td></td> 83 </tr> 84 <tr> 85 <td>Java.Net </td> 86 <td>CVE-2016-5552</td> 87 <td></td> 88 <td></td> 89 </tr> 90 <tr> 91 <td> API </td> 92 <td>CVE-2017-0410CVE-2017-0411CVE-2017-0412</td> 93 <td></td> 94 <td></td> 95 </tr> 96 <tr> 97 <td></td> 98 <td>CVE-2017-0415</td> 99 <td></td> 100 <td></td> 101 </tr> 102 <tr> 103 <td></td> 104 <td>CVE-2017-0416CVE-2017-0417CVE-2017-0418CVE-2017-0419</td> 105 <td></td> 106 <td></td> 107 </tr> 108 <tr> 109 <td>AOSP </td> 110 <td>CVE-2017-0420</td> 111 <td></td> 112 <td></td> 113 </tr> 114 <tr> 115 <td>AOSP </td> 116 <td>CVE-2017-0413CVE-2017-0414</td> 117 <td></td> 118 <td></td> 119 </tr> 120 <tr> 121 <td> API </td> 122 <td>CVE-2017-0421</td> 123 <td></td> 124 <td></td> 125 </tr> 126 <tr> 127 <td>Bionic DNS </td> 128 <td>CVE-2017-0422</td> 129 <td></td> 130 <td></td> 131 </tr> 132 <tr> 133 <td>Bluetooth </td> 134 <td>CVE-2017-0423</td> 135 <td></td> 136 <td></td> 137 </tr> 138 <tr> 139 <td>AOSP </td> 140 <td>CVE-2017-0424</td> 141 <td></td> 142 <td></td> 143 </tr> 144 <tr> 145 <td></td> 146 <td>CVE-2017-0425</td> 147 <td></td> 148 <td></td> 149 </tr> 150 <tr> 151 <td> </td> 152 <td>CVE-2017-0426</td> 153 <td></td> 154 <td></td> 155 </tr> 156 </table> 157 <h3 id="2017-02-05-summary"> 2017-02-05 </h3> 158 <p> 2017-02-05 2017-02-01 </p> 159 <table> 160 <col width="55%"> 161 <col width="20%"> 162 <col width="13%"> 163 <col width="12%"> 164 <tr> 165 <th></th> 166 <th>CVE</th> 167 <th></th> 168 <th>Google </th> 169 </tr> 170 <tr> 171 <td>Qualcomm crypto </td> 172 <td>CVE-2016-8418</td> 173 <td></td> 174 <td>*</td> 175 </tr> 176 <tr> 177 <td> </td> 178 <td>CVE-2017-0427</td> 179 <td></td> 180 <td></td> 181 </tr> 182 <tr> 183 <td>NVIDIA GPU </td> 184 <td>CVE-2017-0428CVE-2017-0429</td> 185 <td></td> 186 <td></td> 187 </tr> 188 <tr> 189 <td> </td> 190 <td>CVE-2014-9914</td> 191 <td></td> 192 <td></td> 193 </tr> 194 <tr> 195 <td>Broadcom Wi-Fi </td> 196 <td>CVE-2017-0430</td> 197 <td></td> 198 <td></td> 199 </tr> 200 <tr> 201 <td>Qualcomm </td> 202 <td>CVE-2017-0431</td> 203 <td></td> 204 <td>*</td> 205 </tr> 206 <tr> 207 <td>MediaTek </td> 208 <td>CVE-2017-0432</td> 209 <td></td> 210 <td>*</td> 211 </tr> 212 <tr> 213 <td>Synaptics </td> 214 <td>CVE-2017-0433CVE-2017-0434</td> 215 <td></td> 216 <td></td> 217 </tr> 218 <tr> 219 <td>Qualcomm Secure Execution Environment Communicator </td> 220 <td>CVE-2016-8480</td> 221 <td></td> 222 <td></td> 223 </tr> 224 <tr> 225 <td>Qualcomm </td> 226 <td>CVE-2016-8481CVE-2017-0435CVE-2017-0436</td> 227 <td></td> 228 <td></td> 229 </tr> 230 <tr> 231 <td>Qualcomm Wi-Fi </td> 232 <td>CVE-2017-0437CVE-2017-0438CVE-2017-0439CVE-2016-8419 233 CVE-2016-8420CVE-2016-8421CVE-2017-0440CVE-2017-0441 234 CVE-2017-0442CVE-2017-0443CVE-2016-8476</td> 235 <td></td> 236 <td></td> 237 </tr> 238 <tr> 239 <td>Realtek </td> 240 <td>CVE-2017-0444</td> 241 <td></td> 242 <td></td> 243 </tr> 244 <tr> 245 <td>HTC </td> 246 <td>CVE-2017-0445CVE-2017-0446CVE-2017-0447</td> 247 <td></td> 248 <td></td> 249 </tr> 250 <tr> 251 <td>NVIDIA </td> 252 <td>CVE-2017-0448</td> 253 <td></td> 254 <td></td> 255 </tr> 256 <tr> 257 <td>Broadcom Wi-Fi </td> 258 <td>CVE-2017-0449</td> 259 <td></td> 260 <td></td> 261 </tr> 262 <tr> 263 <td></td> 264 <td>CVE-2017-0450</td> 265 <td></td> 266 <td></td> 267 </tr> 268 <tr> 269 <td> </td> 270 <td>CVE-2016-10044</td> 271 <td></td> 272 <td></td> 273 </tr> 274 <tr> 275 <td>Qualcomm Secure Execution Environment Communicator </td> 276 <td>CVE-2016-8414</td> 277 <td></td> 278 <td></td> 279 </tr> 280 <tr> 281 <td>Qualcomm </td> 282 <td>CVE-2017-0451</td> 283 <td></td> 284 <td></td> 285 </tr> 286 </table> 287 288 <p>* Android 7.0 Google </p> 289 290 <h2 id="mitigations">Android Google </h2> 291 <p><a href="{@docRoot}security/enhancements/index.html">Android </a> SafetyNet Android </p> 292 <ul> 293 <li>Android Android Google Android </li> 294 <li>Android <a href="http://static.googleusercontent.com/media/source.android.com/en//security/reports/Google_Android_Security_2015_Report_Final.pdf"> SafetyNet</a> <a href="http://static.googleusercontent.com/media/source.android.com/en//security/reports/Google_Android_Security_PHA_classifications.pdf"></a><a href="http://www.android.com/gms">Google </a>Google Play Google Play </li> 295 <li>Google </li> 296 </ul> 297 <h2 id="acknowledgements"></h2> 298 <p> 299 300 </p> 301 <ul> 302 <li>Daniel Dakhno: CVE-2017-0420</li> 303 <li>Copperhead Security Daniel Micay: CVE-2017-0410</li> 304 <li><a href="http://www.linkedin.com/in/dzima">Dzmitry Lukyanenka</a>: CVE-2017-0414</li> 305 <li>Chrome Frank Liberato: CVE-2017-0409</li> 306 <li>Project Zero Gal Beniamini: CVE-2017-0411CVE-2017-0412</li> 307 <li>Qihoo 360 Technology Co. Ltd.IceSword Lab Gengjia Chen<a href="https://twitter.com/chengjia4574">@chengjia4574</a> <a href="http://weibo.com/jfpan">pjf</a>: CVE-2017-0434CVE-2017-0446CVE-2017-0447CVE-2017-0432</li> 308 <li><a href="http://www.360.com">Qihoo 360 Technology Co. Ltd.</a>Alpha Team Guang Gong<a href="https://twitter.com/oldfresher">@oldfresher</a>: CVE-2017-0415</li> 309 <li><a href="http://c0reteam.org">C0RE Team</a> <a href="mailto:arnow117 (a] gmail.com">Hanxiang Wen</a><a href="mailto:vancouverdou (a] gmail.com">Wenke Dou</a>Mingjian Zhou<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>Xuxian Jiang: CVE-2017-0418</li> 310 <li>Qihoo 360 Technology Co. Ltd.Alpha Team Hao Chen Guang Gong: CVE-2017-0437CVE-2017-0438CVE-2017-0439CVE-2016-8419CVE-2016-8420CVE-2016-8421CVE-2017-0441CVE-2017-0442CVE-2016-8476CVE-2017-0443</li> 311 <li>Google Jeff Sharkey: CVE-2017-0421CVE-2017-0423</li> 312 <li>Jeff Trim: CVE-2017-0422</li> 313 <li>Qihoo 360IceSword Lab Jianqiang Zhao<a href="https://twitter.com/jianqiangzhao">@jianqiangzhao</a> <a href="http://weibo.com/jfpan">pjf</a>: CVE-2017-0445</li> 314 <li>LINE Corporation ma.la Nikolay Elenkov: CVE-2016-5552</li> 315 <li>Google Max Spector: CVE-2017-0416</li> 316 <li><a href="http://c0reteam.org">C0RE Team</a> Mingjian Zhou<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>Yuqi Lu<a href="https://twitter.com/nikos233__">@nikos233</a>Xuxian Jiang: CVE-2017-0425</li> 317 <li>TencentKeenLab Qidan He<a href="https://twitter.com/flanker_hqd">@flanker_hqd</a> Di Shen<a href="https://twitter.com/returnsme">@returnsme</a>: CVE-2017-0427</li> 318 <li>IBM X-Force Research Sagi Kedmi: CVE-2017-0433</li> 319 <li>Copperhead Security Scott Bauer<a href="http://twitter.com/ScottyBauer1">@ScottyBauer1</a> Daniel Micay: CVE-2017-0405</li> 320 <li>Trend Micro Mobile Threat Research Team Seven Shen<a href="https://twitter.com/lingtongshen">@lingtongshen</a>: CVE-2017-0449CVE-2016-8418</li> 321 <li><a href="http://c0reteam.org">C0RE Team</a> <a href="mailto:segfault5514 (a] gmail.com">Tong Lin</a><a href="mailto:computernik (a] gmail.com">Yuan-Tsung Lo</a>Chiachih Wu<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>Xuxian Jiang: CVE-2017-0436CVE-2016-8481CVE-2017-0435</li> 322 <li><a href="http://www.trendmicro.com">Trend Micro</a><a href="http://blog.trendmicro.com/trendlabs-security-intelligence/category/mobile">Mobile Threat Response Team</a> V.E.O<a href="https://twitter.com/vysea">@VYSEa</a>: CVE-2017-0424</li> 323 <li>Alibaba Inc. Weichao Sun<a href="https://twitter.com/sunblate">@sunblate</a>: CVE-2017-0407</li> 324 <li><a href="http://c0reteam.org">C0RE Team</a> <a href="mailto:vancouverdou (a] gmail.com">Wenke Dou</a><a href="mailto:hlhan (a] bupt.edu.cn">Hongli Han</a>Mingjian Zhou<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>Xuxian Jiang: CVE-2017-0450</li> 325 <li><a href="http://c0reteam.org">C0RE Team</a> <a href="mailto:vancouverdou (a] gmail.com">Wenke Dou</a>Yuqi Lu<a href="https://twitter.com/nikos233__">@nikos233</a>Mingjian Zhou<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>Xuxian Jiang: CVE-2017-0417</li> 326 <li>Ant-financial Light-Year Security Lab Wish Wu<a href="https://twitter.com/wish_wu">@wish_wu</a><a href="http://www.weibo.com/wishlinux"></a> : CVE-2017-0408</li> 327 <li><a href="http://c0reteam.org">C0RE Team</a> <a href="mailto:yaojun8558363 (a] gmail.com">Yao Jun</a><a href="mailto:computernik (a] gmail.com">Yuan-Tsung Lo</a>Chiachih Wu<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>Xuxian Jiang: CVE-2016-8480</li> 328 <li><a href="http://c0reteam.org">C0RE Team</a> <a href="mailto:computernik (a] gmail.com">Yuan-Tsung Lo</a>Chiachih Wu<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>Xuxian Jiang: CVE-2017-0444</li> 329 <li><a href="http://c0reteam.org">C0RE Team</a> <a href="mailto:computernik (a] gmail.com">Yuan-Tsung Lo</a><a href="mailto:segfault5514 (a] gmail.com">Tong Lin</a>Chiachih Wu<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>Xuxian Jiang: CVE-2017-0428</li> 330 <li><a href="http://c0reteam.org">C0RE Team</a> <a href="mailto:computernik (a] gmail.com">Yuan-Tsung Lo</a><a href="mailto:wisedd (a] gmail.com">Xiaodong Wang</a>Chiachih Wu<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>Xuxian Jiang: CVE-2017-0448CVE-2017-0429</li> 331 <li><a href="http://www.nsfocus.com">NSFocus</a> <a href="mailto:zhouzhenster (a] gmail.com">Zhen Zhou</a><a href="https://twitter.com/henices">@henices</a> <a href="mailto:sundaywind2004 (a] gmail.com">Zhixin Li</a>: CVE-2017-0406</li> 332 </ul> 333 <p> 334 </p><ul> 335 <li>Baidu X-Lab Pengfei DingChenfu BaoLenx Wei</li> 336 </ul> 337 338 <h2 id="2017-02-01-details"> 2017-02-01 </h2> 339 <p> 340 <a href="#2017-02-01-summary"> 2017-02-01 </a>CVE Google AOSP AOSP ID ID </p> 341 342 343 <h3 id="rce-in-surfaceflinger">Surfaceflinger </h3> 344 <p> 345 Surfaceflinger Surfaceflinger 346 </p> 347 348 <table> 349 <col width="18%"> 350 <col width="17%"> 351 <col width="10%"> 352 <col width="19%"> 353 <col width="18%"> 354 <col width="17%"> 355 <tr> 356 <th>CVE</th> 357 <th></th> 358 <th></th> 359 <th> Google </th> 360 <th> AOSP </th> 361 <th></th> 362 </tr> 363 <tr> 364 <td>CVE-2017-0405</td> 365 <td><a href="https://android.googlesource.com/platform/frameworks/native/+/16110b86db164e8d2b6864fed58f0385fe7d0979"> 366 A-31960359</a></td> 367 <td></td> 368 <td></td> 369 <td>7.07.1.1</td> 370 <td>2016 10 4 </td> 371 </tr> 372 </table> 373 374 375 <h3 id="rce-in-mediaserver"></h3> 376 <p> 377 378 </p> 379 380 <table> 381 <col width="18%"> 382 <col width="17%"> 383 <col width="10%"> 384 <col width="19%"> 385 <col width="18%"> 386 <col width="17%"> 387 <tr> 388 <th>CVE</th> 389 <th></th> 390 <th></th> 391 <th> Google </th> 392 <th> AOSP </th> 393 <th></th> 394 </tr> 395 <tr> 396 <td>CVE-2017-0406</td> 397 <td><a href="https://android.googlesource.com/platform/external/libhevc/+/fed702734d86801cc86b4865a57e2f2028c4b575"> 398 A-32915871</a> 399 [<a href="https://android.googlesource.com/platform/external/libhevc/+/df7b56457184600e3d2b7cbac87ebe7001f7cb48">2</a>]</td> 400 <td></td> 401 <td></td> 402 <td>6.06.0.17.07.1.1</td> 403 <td>2016 11 14 </td> 404 </tr> 405 <tr> 406 <td>CVE-2017-0407</td> 407 <td><a href="https://android.googlesource.com/platform/external/libhevc/+/7546c106004910a4583b2d7d03c6498ecf383da7"> 408 A-32873375</a></td> 409 <td></td> 410 <td></td> 411 <td>6.06.0.17.07.1.1</td> 412 <td>2016 11 12 </td> 413 </tr> 414 </table> 415 416 417 <h3 id="rce-in-libgdx">libgdx </h3> 418 <p> 419 libgdx 420 </p> 421 422 <table> 423 <col width="18%"> 424 <col width="17%"> 425 <col width="10%"> 426 <col width="19%"> 427 <col width="18%"> 428 <col width="17%"> 429 <tr> 430 <th>CVE</th> 431 <th></th> 432 <th></th> 433 <th> Google </th> 434 <th> AOSP </th> 435 <th></th> 436 </tr> 437 <tr> 438 <td>CVE-2017-0408</td> 439 <td><a href="https://android.googlesource.com/platform/external/libgdx/+/e6da772e70c9754966aabf4ddac73bb99eb1742b"> 440 A-32769670</a></td> 441 <td></td> 442 <td></td> 443 <td>7.1.1</td> 444 <td>2016 11 9 </td> 445 </tr> 446 </table> 447 448 449 <h3 id="rce-in-libstagefright">libstagefright </h3> 450 <p> 451 libstagefright 452 </p> 453 454 <table> 455 <col width="18%"> 456 <col width="17%"> 457 <col width="10%"> 458 <col width="19%"> 459 <col width="18%"> 460 <col width="17%"> 461 <tr> 462 <th>CVE</th> 463 <th></th> 464 <th></th> 465 <th> Google </th> 466 <th> AOSP </th> 467 <th></th> 468 </tr> 469 <tr> 470 <td>CVE-2017-0409</td> 471 <td><a href="https://android.googlesource.com/platform/external/libavc/+/72886b6964f6539908c8e127cd13c3091d2e5a8b"> 472 A-31999646</a></td> 473 <td></td> 474 <td></td> 475 <td>6.06.0.17.07.1.1</td> 476 <td>Google </td> 477 </tr> 478 </table> 479 480 481 <h3 id="eop-in-java.net">Java.Net </h3> 482 <p> 483 Java.Net 484 </p> 485 486 <table> 487 <col width="18%"> 488 <col width="17%"> 489 <col width="10%"> 490 <col width="19%"> 491 <col width="18%"> 492 <col width="17%"> 493 <tr> 494 <th>CVE</th> 495 <th></th> 496 <th></th> 497 <th> Google </th> 498 <th> AOSP </th> 499 <th></th> 500 </tr> 501 <tr> 502 <td>CVE-2016-5552</td> 503 <td><a href="https://android.googlesource.com/platform/libcore/+/4b3f2c6c5b84f80fae8eeeb46727811e055715ea"> 504 A-31858037</a></td> 505 <td></td> 506 <td></td> 507 <td>7.07.1.1</td> 508 <td>2016 9 30 </td> 509 </tr> 510 </table> 511 512 513 <h3 id="eop-in-framework-apis"> API </h3> 514 <p> 515 API 516 </p> 517 518 <table> 519 <col width="18%"> 520 <col width="17%"> 521 <col width="10%"> 522 <col width="19%"> 523 <col width="18%"> 524 <col width="17%"> 525 <tr> 526 <th>CVE</th> 527 <th></th> 528 <th></th> 529 <th> Google </th> 530 <th> AOSP </th> 531 <th></th> 532 </tr> 533 <tr> 534 <td>CVE-2017-0410</td> 535 <td><a href="https://android.googlesource.com/platform/frameworks/native/+/b4d6b292bce7d82c93fd454078dedf5a1302b9fa"> 536 A-31929765</a></td> 537 <td></td> 538 <td></td> 539 <td>5.0.25.1.16.06.0.17.07.1.1</td> 540 <td>2016 10 2 </td> 541 </tr> 542 <tr> 543 <td>CVE-2017-0411</td> 544 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/203725e4d58e16334d84998c1483c374f541ed9f"> 545 A-33042690</a> 546 [<a href="https://android.googlesource.com/platform/frameworks/base/+/31a06019d13d7b00ca35fc8512191c643acb8e84">2</a>]</td> 547 <td></td> 548 <td></td> 549 <td>7.07.1.1</td> 550 <td>2016 11 21 </td> 551 </tr> 552 <tr> 553 <td>CVE-2017-0412</td> 554 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/203725e4d58e16334d84998c1483c374f541ed9f"> 555 A-33039926</a> 556 [<a href="https://android.googlesource.com/platform/frameworks/base/+/31a06019d13d7b00ca35fc8512191c643acb8e84">2</a>]</td> 557 <td></td> 558 <td></td> 559 <td>7.07.1.1</td> 560 <td>2016 11 21 </td> 561 </tr> 562 </table> 563 564 <h3 id="eop-in-mediaserver"></h3> 565 <p> 566 567 </p> 568 569 <table> 570 <col width="18%"> 571 <col width="17%"> 572 <col width="10%"> 573 <col width="19%"> 574 <col width="18%"> 575 <col width="17%"> 576 <tr> 577 <th>CVE</th> 578 <th></th> 579 <th></th> 580 <th> Google </th> 581 <th> AOSP </th> 582 <th></th> 583 </tr> 584 <tr> 585 <td>CVE-2017-0415</td> 586 <td><a href="https://android.googlesource.com/platform/frameworks/native/+/2e16d5fac149dab3c3e8f1b2ca89f45cf55a7b34"> 587 A-32706020</a></td> 588 <td></td> 589 <td></td> 590 <td>6.06.0.17.07.1.1</td> 591 <td>2016 11 4 </td> 592 </tr> 593 </table> 594 595 596 <h3 id="eop-in-audioserver"></h3> 597 <p> 598 599 </p> 600 601 <table> 602 <col width="18%"> 603 <col width="17%"> 604 <col width="10%"> 605 <col width="19%"> 606 <col width="18%"> 607 <col width="17%"> 608 <tr> 609 <th>CVE</th> 610 <th></th> 611 <th></th> 612 <th> Google </th> 613 <th> AOSP </th> 614 <th></th> 615 </tr> 616 <tr> 617 <td>CVE-2017-0416</td> 618 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/b0bcddb44d992e74140a3f5eedc7177977ea8e34"> 619 A-32886609</a> 620 [<a href="https://android.googlesource.com/platform/frameworks/av/+/321ea5257e37c8edb26e66fe4ee78cca4cd915fe">2</a>]</td> 621 <td></td> 622 <td></td> 623 <td>4.4.45.0.25.1.16.06.0.17.07.1.1</td> 624 <td>Google </td> 625 </tr> 626 <tr> 627 <td>CVE-2017-0417</td> 628 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/b0bcddb44d992e74140a3f5eedc7177977ea8e34"> 629 A-32705438</a></td> 630 <td></td> 631 <td></td> 632 <td>4.4.45.0.25.1.16.06.0.17.07.1.1</td> 633 <td>2016 11 7 </td> 634 </tr> 635 <tr> 636 <td>CVE-2017-0418</td> 637 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/b0bcddb44d992e74140a3f5eedc7177977ea8e34"> 638 A-32703959</a> 639 [<a href="https://android.googlesource.com/platform/hardware/libhardware/+/534098cb29e1e4151ba2ed83d6a911d0b6f48522">2</a>]</td> 640 <td></td> 641 <td></td> 642 <td>4.4.45.0.25.1.16.06.0.17.07.1.1</td> 643 <td>2016 11 7 </td> 644 </tr> 645 <tr> 646 <td>CVE-2017-0419</td> 647 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/a155de4d70e0b9ac8fc02b2bdcbb2e8e6cca46ff"> 648 A-32220769</a></td> 649 <td></td> 650 <td></td> 651 <td>4.4.45.0.25.1.16.06.0.17.07.1.1</td> 652 <td>2016 10 15 </td> 653 </tr> 654 </table> 655 656 <h3 id="id-in-aosp-mail">AOSP </h3> 657 <p> 658 AOSP 659 </p> 660 661 <table> 662 <col width="18%"> 663 <col width="17%"> 664 <col width="10%"> 665 <col width="19%"> 666 <col width="18%"> 667 <col width="17%"> 668 <tr> 669 <th>CVE</th> 670 <th></th> 671 <th></th> 672 <th> Google </th> 673 <th> AOSP </th> 674 <th></th> 675 </tr> 676 <tr> 677 <td>CVE-2017-0420</td> 678 <td><a href="https://android.googlesource.com/platform/packages/apps/UnifiedEmail/+/2073799a165e6aa15117f8ad76bb0c7618b13909"> 679 A-32615212</a></td> 680 <td></td> 681 <td></td> 682 <td>4.4.45.0.25.1.16.06.0.17.07.1.1</td> 683 <td>2016 9 12 </td> 684 </tr> 685 </table> 686 687 688 <h3 id="id-in-aosp-messaging">AOSP </h3> 689 <p> 690 AOSP 691 </p> 692 693 <table> 694 <col width="18%"> 695 <col width="17%"> 696 <col width="10%"> 697 <col width="19%"> 698 <col width="18%"> 699 <col width="17%"> 700 <tr> 701 <th>CVE</th> 702 <th></th> 703 <th></th> 704 <th> Google </th> 705 <th> AOSP </th> 706 <th></th> 707 </tr> 708 <tr> 709 <td>CVE-2017-0413</td> 710 <td><a href="https://android.googlesource.com/platform/packages/apps/Messaging/+/74059eb379ea07b9c7f46bf2112a60de8e4cfc8e"> 711 A-32161610</a></td> 712 <td></td> 713 <td></td> 714 <td>6.06.0.17.07.1.1</td> 715 <td>2016 10 13 </td> 716 </tr> 717 <tr> 718 <td>CVE-2017-0414</td> 719 <td><a href="https://android.googlesource.com/platform/packages/apps/Messaging/+/30ab77f42d20c33c0aa9e6ffd2b164d096db32dd"> 720 A-32807795</a></td> 721 <td></td> 722 <td></td> 723 <td>6.06.0.17.07.1.1</td> 724 <td>2016 11 10 </td> 725 </tr> 726 </table> 727 728 729 <h3 id="id-in-framework-apis"> API </h3> 730 <p> 731 API 732 </p> 733 734 <table> 735 <col width="18%"> 736 <col width="17%"> 737 <col width="10%"> 738 <col width="19%"> 739 <col width="18%"> 740 <col width="17%"> 741 <tr> 742 <th>CVE</th> 743 <th></th> 744 <th></th> 745 <th> Google </th> 746 <th> AOSP </th> 747 <th></th> 748 </tr> 749 <tr> 750 <td>CVE-2017-0421</td> 751 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/858064e946dc8dbf76bff9387e847e211703e336"> 752 A-32555637</a></td> 753 <td></td> 754 <td></td> 755 <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 756 <td>Google </td> 757 </tr> 758 </table> 759 760 761 <h3 id="dos-in-bionic-dns">Bionic DNS </h3> 762 <p> 763 Bionic DNS 764 765 </p> 766 767 <table> 768 <col width="18%"> 769 <col width="17%"> 770 <col width="10%"> 771 <col width="19%"> 772 <col width="18%"> 773 <col width="17%"> 774 <tr> 775 <th>CVE</th> 776 <th></th> 777 <th></th> 778 <th> Google </th> 779 <th> AOSP </th> 780 <th></th> 781 </tr> 782 <tr> 783 <td>CVE-2017-0422</td> 784 <td><a href="https://android.googlesource.com/platform/bionic/+/dba3df609436d7697305735818f0a840a49f1a0d"> 785 A-32322088</a></td> 786 <td></td> 787 <td></td> 788 <td>4.4.45.0.25.1.16.06.0.17.07.1.1</td> 789 <td>2016 10 20 </td> 790 </tr> 791 </table> 792 793 794 <h3 id="eop-in-bluetooth">Bluetooth </h3> 795 <p> 796 Bluetooth Bluetooth 797 </p> 798 799 <table> 800 <col width="18%"> 801 <col width="17%"> 802 <col width="10%"> 803 <col width="19%"> 804 <col width="18%"> 805 <col width="17%"> 806 <tr> 807 <th>CVE</th> 808 <th></th> 809 <th></th> 810 <th> Google </th> 811 <th> AOSP </th> 812 <th></th> 813 </tr> 814 <tr> 815 <td>CVE-2017-0423</td> 816 <td><a href="https://android.googlesource.com/platform/packages/apps/Bluetooth/+/4c1f39e1cf203cb9db7b85e75b5fc32ec7132083"> 817 A-32612586</a></td> 818 <td></td> 819 <td></td> 820 <td>5.0.25.1.16.06.0.17.07.1.1</td> 821 <td>2016 11 2 </td> 822 </tr> 823 </table> 824 825 826 <h3 id="id-in-aosp-messaging-2">AOSP </h3> 827 <p> 828 AOSP 829 </p> 830 831 <table> 832 <col width="18%"> 833 <col width="17%"> 834 <col width="10%"> 835 <col width="19%"> 836 <col width="18%"> 837 <col width="17%"> 838 <tr> 839 <th>CVE</th> 840 <th></th> 841 <th></th> 842 <th> Google </th> 843 <th> AOSP </th> 844 <th></th> 845 </tr> 846 <tr> 847 <td>CVE-2017-0424</td> 848 <td><a href="https://android.googlesource.com/platform/packages/apps/Messaging/+/e9b7e3a6b7a8886693d298401a20788816a5afdc"> 849 A-32322450</a></td> 850 <td></td> 851 <td></td> 852 <td>6.06.0.17.07.1.1</td> 853 <td>2016 10 20 </td> 854 </tr> 855 </table> 856 857 858 <h3 id="id-in-audioserver"></h3> 859 <p> 860 861 </p> 862 863 <table> 864 <col width="18%"> 865 <col width="17%"> 866 <col width="10%"> 867 <col width="19%"> 868 <col width="18%"> 869 <col width="17%"> 870 <tr> 871 <th>CVE</th> 872 <th></th> 873 <th></th> 874 <th> Google </th> 875 <th> AOSP </th> 876 <th></th> 877 </tr> 878 <tr> 879 <td>CVE-2017-0425</td> 880 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/a155de4d70e0b9ac8fc02b2bdcbb2e8e6cca46ff"> 881 A-32720785</a></td> 882 <td></td> 883 <td></td> 884 <td>4.4.45.0.25.1.16.06.0.17.07.1.1</td> 885 <td>2016 11 7 </td> 886 </tr> 887 </table> 888 889 890 <h3 id="id-in-filesystem"> </h3> 891 <p> 892 893 </p> 894 895 <table> 896 <col width="18%"> 897 <col width="17%"> 898 <col width="10%"> 899 <col width="19%"> 900 <col width="18%"> 901 <col width="17%"> 902 <tr> 903 <th>CVE</th> 904 <th></th> 905 <th></th> 906 <th> Google </th> 907 <th> AOSP </th> 908 <th></th> 909 </tr> 910 <tr> 911 <td>CVE-2017-0426</td> 912 <td><a href="https://android.googlesource.com/platform/system/sepolicy/+/ae46511bfa62b56938b3df824bb2ee737dceaa7a"> 913 A-32799236</a> 914 [<a href="https://android.googlesource.com/platform/system/core/+/0e7324e9095a209d4f06ba00812b2b2976fe2846">2</a>]</td> 915 <td></td> 916 <td></td> 917 <td>7.07.1.1</td> 918 <td>Google </td> 919 </tr> 920 </table> 921 922 923 <h2 id="2017-02-05-details"> 2017-02-05 </h2> 924 <p> 925 <a href="#2017-02-05-summary"> 2017-02-05 </a>CVE Google AOSP AOSP ID ID </p> 926 927 928 <h3 id="rce-in-qualcomm-crypto-driver">Qualcomm crypto </h3> 929 <p> 930 Qualcomm crypto 931 </p> 932 933 <table> 934 <col width="19%"> 935 <col width="20%"> 936 <col width="10%"> 937 <col width="23%"> 938 <col width="17%"> 939 <tr> 940 <th>CVE</th> 941 <th></th> 942 <th></th> 943 <th> Google </th> 944 <th></th> 945 </tr> 946 <tr> 947 <td>CVE-2016-8418</td> 948 <td>A-32652894<br> 949 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=8f8066581a8e575a7d57d27f36c4db63f91ca48f"> 950 QC-CR#1077457</a></td> 951 <td></td> 952 <td>*</td> 953 <td>2016 10 10 </td> 954 </tr> 955 </table> 956 <p> 957 * Android 7.0 Google 958 </p> 959 960 961 <h3 id="eop-in-kernel-file-system"> </h3> 962 <p> 963 </p> 964 965 <table> 966 <col width="19%"> 967 <col width="20%"> 968 <col width="10%"> 969 <col width="23%"> 970 <col width="17%"> 971 <tr> 972 <th>CVE</th> 973 <th></th> 974 <th></th> 975 <th> Google </th> 976 <th></th> 977 </tr> 978 <tr> 979 <td>CVE-2017-0427</td> 980 <td>A-31495866*</td> 981 <td></td> 982 <td>Nexus 5XNexus 6Nexus 6PNexus 9Android OnePixel CNexus PlayerPixelPixel XL</td> 983 <td>2016 9 13 </td> 984 </tr> 985 </table> 986 <p> 987 * <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 988 </p> 989 990 991 <h3 id="eop-in-nvidia-gpu-driver">NVIDIA GPU </h3> 992 <p> 993 NVIDIA GPU 994 </p> 995 996 <table> 997 <col width="19%"> 998 <col width="20%"> 999 <col width="10%"> 1000 <col width="23%"> 1001 <col width="17%"> 1002 <tr> 1003 <th>CVE</th> 1004 <th></th> 1005 <th></th> 1006 <th> Google </th> 1007 <th></th> 1008 </tr> 1009 <tr> 1010 <td>CVE-2017-0428</td> 1011 <td>A-32401526*<br> 1012 N-CVE-2017-0428</td> 1013 <td></td> 1014 <td>Nexus 9</td> 1015 <td>2016 10 25 </td> 1016 </tr> 1017 <tr> 1018 <td>CVE-2017-0429</td> 1019 <td>A-32636619*<br> 1020 N-CVE-2017-0429</td> 1021 <td></td> 1022 <td>Nexus 9</td> 1023 <td>2016 11 3 </td> 1024 </tr> 1025 </table> 1026 <p> 1027 * <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1028 </p> 1029 1030 1031 <h3 id="eop-in-kernel-networking-subsystem"> </h3> 1032 <p> 1033 1034 </p> 1035 1036 <table> 1037 <col width="19%"> 1038 <col width="20%"> 1039 <col width="10%"> 1040 <col width="23%"> 1041 <col width="17%"> 1042 <tr> 1043 <th>CVE</th> 1044 <th></th> 1045 <th></th> 1046 <th> Google </th> 1047 <th></th> 1048 </tr> 1049 <tr> 1050 <td>CVE-2014-9914</td> 1051 <td>A-32882659<br> 1052 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9709674e68646cee5a24e3000b3558d25412203a"> 1053 </a></td> 1054 <td></td> 1055 <td>Nexus 6Nexus Player</td> 1056 <td>2016 11 9 </td> 1057 </tr> 1058 </table> 1059 1060 1061 <h3 id="eop-in-broadcom-wi-fi-driver">Broadcom Wi-Fi </h3> 1062 <p> 1063 Broadcom Wi-Fi 1064 </p> 1065 1066 <table> 1067 <col width="19%"> 1068 <col width="20%"> 1069 <col width="10%"> 1070 <col width="23%"> 1071 <col width="17%"> 1072 <tr> 1073 <th>CVE</th> 1074 <th></th> 1075 <th></th> 1076 <th> Google </th> 1077 <th></th> 1078 </tr> 1079 <tr> 1080 <td>CVE-2017-0430</td> 1081 <td>A-32838767*<br> 1082 B-RB#107459</td> 1083 <td></td> 1084 <td>Nexus 6Nexus 6PNexus 9Pixel CNexus Player</td> 1085 <td>Google </td> 1086 </tr> 1087 </table> 1088 <p> 1089 * <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1090 </p> 1091 1092 1093 <h3 id="vulnerabilities-in-qualcomm-components">Qualcomm </h3> 1094 <p> 1095 Qualcomm Qualcomm AMSS 2016 9 1096 </p> 1097 1098 <table> 1099 <col width="19%"> 1100 <col width="20%"> 1101 <col width="10%"> 1102 <col width="23%"> 1103 <col width="17%"> 1104 <tr> 1105 <th>CVE</th> 1106 <th></th> 1107 <th>*</th> 1108 <th> Google </th> 1109 <th></th> 1110 </tr> 1111 <tr> 1112 <td>CVE-2017-0431</td> 1113 <td>A-32573899**</td> 1114 <td></td> 1115 <td>***</td> 1116 <td>Qualcomm </td> 1117 </tr> 1118 </table> 1119 <p> 1120 * 1121 </p> 1122 <p> 1123 ** <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1124 </p> 1125 <p>*** Android 7.0 Google 1126 </p> 1127 1128 1129 <h3 id="eop-in-mediatek-driver">MediaTek </h3> 1130 <p> 1131 MediaTek 1132 </p> 1133 1134 <table> 1135 <col width="19%"> 1136 <col width="20%"> 1137 <col width="10%"> 1138 <col width="23%"> 1139 <col width="17%"> 1140 <tr> 1141 <th>CVE</th> 1142 <th></th> 1143 <th></th> 1144 <th> Google </th> 1145 <th></th> 1146 </tr> 1147 <tr> 1148 <td>CVE-2017-0432</td> 1149 <td>A-28332719*<br> 1150 M-ALPS02708925</td> 1151 <td></td> 1152 <td>**</td> 1153 <td>2016 4 21 </td> 1154 </tr> 1155 </table> 1156 <p> 1157 * <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1158 </p> 1159 <p>** Android 7.0 Google 1160 </p> 1161 1162 1163 <h3 id="eop-in-synaptics-touchscreen-driver">Synaptics </h3> 1164 <p> 1165 Synaptics 1166 </p> 1167 1168 <table> 1169 <col width="19%"> 1170 <col width="20%"> 1171 <col width="10%"> 1172 <col width="23%"> 1173 <col width="17%"> 1174 <tr> 1175 <th>CVE</th> 1176 <th></th> 1177 <th></th> 1178 <th> Google </th> 1179 <th></th> 1180 </tr> 1181 <tr> 1182 <td>CVE-2017-0433</td> 1183 <td>A-31913571*</td> 1184 <td></td> 1185 <td>Nexus 6PNexus 9Android OnePixelPixel XL</td> 1186 <td>2016 9 8 </td> 1187 </tr> 1188 <tr> 1189 <td>CVE-2017-0434</td> 1190 <td>A-33001936*</td> 1191 <td></td> 1192 <td>PixelPixel XL</td> 1193 <td>2016 11 18 </td> 1194 </tr> 1195 </table> 1196 <p> 1197 * <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1198 </p> 1199 1200 1201 <h3 id="eop-in-qualcomm-secure-execution-environment-communicator-driver">Qualcomm Secure Execution Environment Communicator </h3> 1202 <p> 1203 Qualcomm Secure Execution Environment Communicator 1204 </p> 1205 1206 <table> 1207 <col width="19%"> 1208 <col width="20%"> 1209 <col width="10%"> 1210 <col width="23%"> 1211 <col width="17%"> 1212 <tr> 1213 <th>CVE</th> 1214 <th></th> 1215 <th></th> 1216 <th> Google </th> 1217 <th></th> 1218 </tr> 1219 <tr> 1220 <td>CVE-2016-8480</td> 1221 <td>A-31804432<br> 1222 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=0ed0f061bcd71940ed65de2ba46e37e709e31471"> 1223 QC-CR#1086186</a> 1224 [<a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=cd70f6025a7bbce89af7a7abf4c40a219fdea406">2</a>]</td> 1225 <td></td> 1226 <td>Nexus 5XNexus 6Nexus 6PAndroid OnePixelPixel XL</td> 1227 <td>2016 9 28 </td> 1228 </tr> 1229 </table> 1230 1231 1232 <h3 id="eop-in-qualcomm-sound-driver">Qualcomm </h3> 1233 <p> 1234 Qualcomm 1235 </p> 1236 1237 <table> 1238 <col width="19%"> 1239 <col width="20%"> 1240 <col width="10%"> 1241 <col width="23%"> 1242 <col width="17%"> 1243 <tr> 1244 <th>CVE</th> 1245 <th></th> 1246 <th></th> 1247 <th> Google </th> 1248 <th></th> 1249 </tr> 1250 <tr> 1251 <td>CVE-2016-8481</td> 1252 <td>A-31906415*<br> 1253 QC-CR#1078000</td> 1254 <td></td> 1255 <td>Nexus 5XNexus 6PPixelPixel XL</td> 1256 <td>2016 10 1 </td> 1257 </tr> 1258 <tr> 1259 <td>CVE-2017-0435</td> 1260 <td>A-31906657*<br> 1261 QC-CR#1078000</td> 1262 <td></td> 1263 <td>Nexus 5XNexus 6PPixelPixel XL</td> 1264 <td>2016 10 1 </td> 1265 </tr> 1266 <tr> 1267 <td>CVE-2017-0436</td> 1268 <td>A-32624661*<br> 1269 QC-CR#1078000</td> 1270 <td></td> 1271 <td>Nexus 5XNexus 6PPixelPixel XL</td> 1272 <td>2016 11 2 </td> 1273 </tr> 1274 </table> 1275 <p> 1276 * <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1277 </p> 1278 1279 1280 <h3 id="eop-in-qualcomm-wi-fi-driver">Qualcomm Wi-Fi </h3> 1281 <p> 1282 Qualcomm Wi-Fi 1283 </p> 1284 1285 <table> 1286 <col width="19%"> 1287 <col width="20%"> 1288 <col width="10%"> 1289 <col width="23%"> 1290 <col width="17%"> 1291 <tr> 1292 <th>CVE</th> 1293 <th></th> 1294 <th></th> 1295 <th> Google </th> 1296 <th></th> 1297 </tr> 1298 <tr> 1299 <td>CVE-2017-0437</td> 1300 <td>A-32402310<br> 1301 <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=1f0b036dc74ccb6e9f0a03a540efdb0876f5ca77"> 1302 QC-CR#1092497</a></td> 1303 <td></td> 1304 <td>Nexus 5XPixelPixel XL</td> 1305 <td>2016 10 25 </td> 1306 </tr> 1307 <tr> 1308 <td>CVE-2017-0438</td> 1309 <td>A-32402604<br> 1310 <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=1f0b036dc74ccb6e9f0a03a540efdb0876f5ca77"> 1311 QC-CR#1092497</a></td> 1312 <td></td> 1313 <td>Nexus 5XPixelPixel XL</td> 1314 <td>2016 10 25 </td> 1315 </tr> 1316 <tr> 1317 <td>CVE-2017-0439</td> 1318 <td>A-32450647<br> 1319 <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=81b6b5538d3227ed4b925fcceedb109abb2a4c61"> 1320 QC-CR#1092059</a></td> 1321 <td></td> 1322 <td>Nexus 5XPixelPixel XL</td> 1323 <td>2016 10 25 </td> 1324 </tr> 1325 <tr> 1326 <td>CVE-2016-8419</td> 1327 <td>A-32454494<br> 1328 <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=9ba50d536227666a5b6abd51f2b122675d950488"> 1329 QC-CR#1087209</a></td> 1330 <td></td> 1331 <td>Nexus 5XPixelPixel XL</td> 1332 <td>2016 10 26 </td> 1333 </tr> 1334 <tr> 1335 <td>CVE-2016-8420</td> 1336 <td>A-32451171<br> 1337 <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=c6597e015a7ce5ee71d3725fc55e64fc50923f4e"> 1338 QC-CR#1087807</a></td> 1339 <td></td> 1340 <td>Nexus 5XPixelPixel XL</td> 1341 <td>2016 10 26 </td> 1342 </tr> 1343 <tr> 1344 <td>CVE-2016-8421</td> 1345 <td>A-32451104<br> 1346 <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=61a5cdb9adc96645583f528ac923e6e59f3abbcb"> 1347 QC-CR#1087797</a></td> 1348 <td></td> 1349 <td>Nexus 5XPixelPixel XL</td> 1350 <td>2016 10 26 </td> 1351 </tr> 1352 <tr> 1353 <td>CVE-2017-0440</td> 1354 <td>A-33252788<br> 1355 <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=10f0051f7b3b9a7635b0762a8cf102f595f7a268"> 1356 QC-CR#1095770</a></td> 1357 <td></td> 1358 <td>Nexus 5XPixelPixel XL</td> 1359 <td>2016 11 11 </td> 1360 </tr> 1361 <tr> 1362 <td>CVE-2017-0441</td> 1363 <td>A-32872662<br> 1364 <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=da87131740351b833f17f05dfa859977bc1e7684"> 1365 QC-CR#1095009</a></td> 1366 <td></td> 1367 <td>Nexus 5XPixelPixel XL</td> 1368 <td>2016 11 11 </td> 1369 </tr> 1370 <tr> 1371 <td>CVE-2017-0442</td> 1372 <td>A-32871330<br> 1373 <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=1f0b036dc74ccb6e9f0a03a540efdb0876f5ca77"> 1374 QC-CR#1092497</a></td> 1375 <td></td> 1376 <td>Nexus 5XPixelPixel XL</td> 1377 <td>2016 11 13 </td> 1378 </tr> 1379 <tr> 1380 <td>CVE-2017-0443</td> 1381 <td>A-32877494<br> 1382 <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=1f0b036dc74ccb6e9f0a03a540efdb0876f5ca77"> 1383 QC-CR#1092497</a></td> 1384 <td></td> 1385 <td>Nexus 5XPixelPixel XL</td> 1386 <td>2016 11 13 </td> 1387 </tr> 1388 <tr> 1389 <td>CVE-2016-8476</td> 1390 <td>A-32879283<br> 1391 <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=bfe8035bce6fec72ed1d064b94529fce8fb09799"> 1392 QC-CR#1091940</a></td> 1393 <td></td> 1394 <td>Nexus 5XPixelPixel XL</td> 1395 <td>2016 11 14 </td> 1396 </tr> 1397 </table> 1398 1399 1400 <h3 id="eop-in-realtek-sound-driver">Realtek </h3> 1401 <p> 1402 Realtek 1403 </p> 1404 1405 <table> 1406 <col width="19%"> 1407 <col width="20%"> 1408 <col width="10%"> 1409 <col width="23%"> 1410 <col width="17%"> 1411 <tr> 1412 <th>CVE</th> 1413 <th></th> 1414 <th></th> 1415 <th> Google </th> 1416 <th></th> 1417 </tr> 1418 <tr> 1419 <td>CVE-2017-0444</td> 1420 <td>A-32705232*</td> 1421 <td></td> 1422 <td>Nexus 9</td> 1423 <td>2016 11 7 </td> 1424 </tr> 1425 </table> 1426 <p> 1427 * <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1428 </p> 1429 1430 1431 <h3 id="eop-in-htc-touchscreen-driver">HTC </h3> 1432 <p> 1433 HTC 1434 </p> 1435 1436 <table> 1437 <col width="19%"> 1438 <col width="20%"> 1439 <col width="10%"> 1440 <col width="23%"> 1441 <col width="17%"> 1442 <tr> 1443 <th>CVE</th> 1444 <th></th> 1445 <th></th> 1446 <th> Google </th> 1447 <th></th> 1448 </tr> 1449 <tr> 1450 <td>CVE-2017-0445</td> 1451 <td>A-32769717*</td> 1452 <td></td> 1453 <td>PixelPixel XL</td> 1454 <td>2016 11 9 </td> 1455 </tr> 1456 <tr> 1457 <td>CVE-2017-0446</td> 1458 <td>A-32917445*</td> 1459 <td></td> 1460 <td>PixelPixel XL</td> 1461 <td>2016 11 15 </td> 1462 </tr> 1463 <tr> 1464 <td>CVE-2017-0447</td> 1465 <td>A-32919560*</td> 1466 <td></td> 1467 <td>PixelPixel XL</td> 1468 <td>2016 11 15 </td> 1469 </tr> 1470 </table> 1471 <p> 1472 * <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1473 </p> 1474 1475 1476 <h3 id="id-in-nvidia-video-driver">NVIDIA </h3> 1477 <p> 1478 NVIDIA 1479 </p> 1480 1481 <table> 1482 <col width="19%"> 1483 <col width="20%"> 1484 <col width="10%"> 1485 <col width="23%"> 1486 <col width="17%"> 1487 <tr> 1488 <th>CVE</th> 1489 <th></th> 1490 <th></th> 1491 <th> Google </th> 1492 <th></th> 1493 </tr> 1494 <tr> 1495 <td>CVE-2017-0448</td> 1496 <td>A-32721029*<br> 1497 N-CVE-2017-0448</td> 1498 <td></td> 1499 <td>Nexus 9</td> 1500 <td>2016 11 7 </td> 1501 </tr> 1502 </table> 1503 <p> 1504 * <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1505 </p> 1506 1507 1508 <h3 id="eop-in-broadcom-wi-fi-driver-2">Broadcom Wi-Fi </h3> 1509 <p> 1510 Broadcom Wi-Fi 1511 </p> 1512 1513 <table> 1514 <col width="19%"> 1515 <col width="20%"> 1516 <col width="10%"> 1517 <col width="23%"> 1518 <col width="17%"> 1519 <tr> 1520 <th>CVE</th> 1521 <th></th> 1522 <th></th> 1523 <th> Google </th> 1524 <th></th> 1525 </tr> 1526 <tr> 1527 <td>CVE-2017-0449</td> 1528 <td>A-31707909*<br> 1529 B-RB#32094</td> 1530 <td></td> 1531 <td>Nexus 6Nexus 6P</td> 1532 <td>2016 9 23 </td> 1533 </tr> 1534 </table> 1535 <p> 1536 * <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1537 </p> 1538 1539 1540 <h3 id="eop-in-audioserver-2"> </h3> 1541 <p> 1542 1543 </p> 1544 1545 <table> 1546 <col width="19%"> 1547 <col width="20%"> 1548 <col width="10%"> 1549 <col width="23%"> 1550 <col width="17%"> 1551 <tr> 1552 <th>CVE</th> 1553 <th></th> 1554 <th></th> 1555 <th> Google </th> 1556 <th></th> 1557 </tr> 1558 <tr> 1559 <td>CVE-2017-0450</td> 1560 <td>A-32917432*</td> 1561 <td></td> 1562 <td>Nexus 9</td> 1563 <td>2016 11 15 </td> 1564 </tr> 1565 </table> 1566 <p> 1567 * <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1568 </p> 1569 1570 1571 <h3 id="eop-in-kernel-file-system-2"> </h3> 1572 <p> 1573 1574 </p> 1575 1576 <table> 1577 <col width="19%"> 1578 <col width="20%"> 1579 <col width="10%"> 1580 <col width="23%"> 1581 <col width="17%"> 1582 <tr> 1583 <th>CVE</th> 1584 <th></th> 1585 <th></th> 1586 <th> Google </th> 1587 <th></th> 1588 </tr> 1589 <tr> 1590 <td>CVE-2016-10044</td> 1591 <td>A-31711619*</td> 1592 <td></td> 1593 <td>Nexus 5XNexus 6Nexus 6PNexus 9Android OnePixel CNexus PlayerPixelPixel XL</td> 1594 <td>Google </td> 1595 </tr> 1596 </table> 1597 <p> 1598 * <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1599 </p> 1600 1601 1602 <h3 id="id-in-qualcomm-secure-execution-environment-communicator">Qualcomm Secure Execution Environment Communicator </h3> 1603 <p> 1604 Qualcomm Secure Execution Environment Communicator 1605 </p> 1606 1607 <table> 1608 <col width="19%"> 1609 <col width="20%"> 1610 <col width="10%"> 1611 <col width="23%"> 1612 <col width="17%"> 1613 <tr> 1614 <th>CVE</th> 1615 <th></th> 1616 <th></th> 1617 <th> Google </th> 1618 <th></th> 1619 </tr> 1620 <tr> 1621 <td>CVE-2016-8414</td> 1622 <td>A-31704078<br> 1623 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=320970d3da9b091e96746424c44649a91852a846"> 1624 QC-CR#1076407</a></td> 1625 <td></td> 1626 <td>Nexus 5XNexus 6PAndroid OnePixelPixel XL</td> 1627 <td>2016 9 23 </td> 1628 </tr> 1629 </table> 1630 1631 1632 <h3 id="id-in-qualcomm-sound-driver">Qualcomm </h3> 1633 <p> 1634 Qualcomm 1635 </p> 1636 1637 <table> 1638 <col width="19%"> 1639 <col width="20%"> 1640 <col width="10%"> 1641 <col width="23%"> 1642 <col width="17%"> 1643 <tr> 1644 <th>CVE</th> 1645 <th></th> 1646 <th></th> 1647 <th> Google </th> 1648 <th></th> 1649 </tr> 1650 <tr> 1651 <td>CVE-2017-0451</td> 1652 <td>A-31796345<br> 1653 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=59f55cd40b5f44941afc78b78e5bf81ad3dd723e"> 1654 QC-CR#1073129</a> 1655 [<a href="https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=35346beb2d8882115f698ab22a96803552b5c57e">2</a>]</td> 1656 <td></td> 1657 <td>Nexus 5XNexus 6PAndroid OnePixelPixel XL</td> 1658 <td>2016 9 27 </td> 1659 </tr> 1660 </table> 1661 1662 <h2 id="common-questions-and-answers"></h2> 1663 <p></p> 1664 <p><strong>1. </strong></p> 1665 <p> <a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">Pixel Nexus </a></p> 1666 <ul> 1667 <li> 2017-02-01 2017-02-01 </li> 1668 <li> 2017-02-05 2017-02-05 1669 </li> 1670 </ul> 1671 <p></p> 1672 <ul> 1673 <li><code>[ro.build.version.security_patch]:[2017-02-01]</code></li> 1674 <li><code>[ro.build.version.security_patch]:[2017-02-05]</code></li> 1675 </ul> 1676 1677 <p><strong>2. 2 </strong></p> 1678 1679 <p>2 Android Android Android </p> 1680 <ul> 1681 <li>2017 1 1 </li> 1682 <li>2017 1 5 </li> 1683 </ul> 1684 <p> 1 </p> 1685 <p><strong>3. Google </strong></p> 1686 <p><a href="#2017-02-01-details">2017-02-01</a> <a href="#2017-02-05-details">2017-02-05</a> Google <em></em> Google 1687 </p> 1688 <ul> 1689 <li><strong> Google </strong>: Pixel Google <em></em><a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices"></a>Nexus 5XNexus 6Nexus 6PNexus 72013Nexus 9Android OneNexus PlayerPixel CPixelPixel XL</li> 1690 <li><strong> Google </strong>: Google Google <em></em> Google </li> 1691 <li><strong> Google </strong>: Android 7.0 Google Google <em></em></li> 1692 </ul> 1693 <p><strong>4. 1694 </strong></p> 1695 <p><em></em></p> 1696 <table> 1697 <tr> 1698 <th></th> 1699 <th></th> 1700 </tr> 1701 <tr> 1702 <td>A-</td> 1703 <td>Android ID</td> 1704 </tr> 1705 <tr> 1706 <td>QC-</td> 1707 <td>Qualcomm </td> 1708 </tr> 1709 <tr> 1710 <td>M-</td> 1711 <td>MediaTek </td> 1712 </tr> 1713 <tr> 1714 <td>N-</td> 1715 <td>NVIDIA </td> 1716 </tr> 1717 <tr> 1718 <td>B-</td> 1719 <td>Broadcom </td> 1720 </tr> 1721 </table> 1722 1723 <h2 id="revisions"></h2> 1724 <ul> 1725 <li>2017 2 6 : </li> 1726 <li>2017 2 8 : AOSP </li> 1727 </ul> 1728