1 page.title=Android 2017 1 2 @jd:body 3 4 <!-- 5 Copyright 2016 The Android Open Source Project 6 7 Licensed under the Apache License, Version 2.0 (the "License"); 8 you may not use this file except in compliance with the License. 9 You may obtain a copy of the License at 10 11 http://www.apache.org/licenses/LICENSE-2.0 12 13 Unless required by applicable law or agreed to in writing, software 14 distributed under the License is distributed on an "AS IS" BASIS, 15 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 See the License for the specific language governing permissions and 17 limitations under the License. 18 --> 19 <p><em>2017 1 3 | 2017 1 5 </em></p> 20 21 <p>Android Android 22 . (OTA) 23 Google . Google 24 <a href="https://developers.google.com/android/nexus/images">Google </a> . 2017 1 5 25 . <a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">Pixel Nexus </a> 26 .</p> 27 28 <p> 2016 12 5 . Android (AOSP) 29 , . 30 31 AOSP .</p> 32 33 <p> 34 , MMS 35 .</p> 36 37 <p> 38 . <a href="#mitigations">SafetyNet</a> Android 39 <a href="{@docRoot}security/enhancements/index.html">Android </a> 40 <a href="https://developer.android.com/training/safetynet/index.html">Android Google </a> .</p> 41 42 <p> .</p> 43 44 <h2 id="announcements"></h2> 45 <ul> 46 <li> Android Android 47 48 . 49 <a href="#common-questions-and-answers"> </a> 50 . 51 <ul> 52 <li><strong>2017-01-01</strong>: . 53 2017-01-01 54 .</li> 55 <li><strong>2017-01-05</strong>: . 56 2017-01-01 2017-01-05 57 .</li> 58 </ul> 59 </li> 60 <li> Google 2017 1 5 OTA 61 .</li> 62 </ul> 63 <h2 id="security-vulnerability-summary"> </h2> 64 <p> , ID(CVE), 65 Google 66 . <a href="{@docRoot}security/overview/updates-resources.html#severity"> </a> 67 68 69 .</p> 70 71 <h3 id="2017-01-01-summary">2017-01-01 72 </h3> 73 <p> 2017-01-01 .</p> 74 75 <table> 76 <col width="55%"> 77 <col width="20%"> 78 <col width="13%"> 79 <col width="12%"> 80 <tr> 81 <th></th> 82 <th>CVE</th> 83 <th></th> 84 <th>Google </th> 85 </tr> 86 <tr> 87 <td>c-ares </td> 88 <td>CVE-2016-5180</td> 89 <td></td> 90 <td></td> 91 </tr> 92 <tr> 93 <td>Framesequence </td> 94 <td>CVE-2017-0382</td> 95 <td></td> 96 <td></td> 97 </tr> 98 <tr> 99 <td> API </td> 100 <td>CVE-2017-0383</td> 101 <td></td> 102 <td></td> 103 </tr> 104 <tr> 105 <td> </td> 106 <td>CVE-2017-0384, CVE-2017-0385</td> 107 <td></td> 108 <td></td> 109 </tr> 110 <tr> 111 <td>libnl </td> 112 <td>CVE-2017-0386</td> 113 <td></td> 114 <td></td> 115 </tr> 116 <tr> 117 <td> </td> 118 <td>CVE-2017-0387</td> 119 <td></td> 120 <td></td> 121 </tr> 122 <tr> 123 <td> </td> 124 <td>CVE-2017-0388</td> 125 <td></td> 126 <td></td> 127 </tr> 128 <tr> 129 <td> (DoS) </td> 130 <td>CVE-2017-0389</td> 131 <td></td> 132 <td></td> 133 </tr> 134 <tr> 135 <td> (DoS) </td> 136 <td>CVE-2017-0390, CVE-2017-0391, CVE-2017-0392, CVE-2017-0393</td> 137 <td></td> 138 <td></td> 139 </tr> 140 <tr> 141 <td> (DoS) </td> 142 <td>CVE-2017-0394</td> 143 <td></td> 144 <td></td> 145 </tr> 146 <tr> 147 <td> </td> 148 <td>CVE-2017-0395</td> 149 <td></td> 150 <td></td> 151 </tr> 152 <tr> 153 <td> </td> 154 <td>CVE-2017-0381, CVE-2017-0396, CVE-2017-0397</td> 155 <td></td> 156 <td></td> 157 </tr> 158 <tr> 159 <td> </td> 160 <td>CVE-2017-0398, CVE-2017-0399, CVE-2017-0400, CVE-2017-0401, CVE-2017-0402</td> 161 <td></td> 162 <td></td> 163 </tr> 164 </table> 165 166 <h3 id="2017-01-05-summary">2017-01-05 </h3> 167 <p>2017-01-01 2017-01-05 168 .</p> 169 170 <table> 171 <col width="55%"> 172 <col width="20%"> 173 <col width="13%"> 174 <col width="12%"> 175 <tr> 176 <th></th> 177 <th>CVE</th> 178 <th></th> 179 <th>Google </th> 180 </tr> 181 <tr> 182 <td> </td> 183 <td>CVE-2015-3288</td> 184 <td></td> 185 <td></td> 186 </tr> 187 <tr> 188 <td>Qualcomm </td> 189 <td>CVE-2016-8422, CVE-2016-8423</td> 190 <td></td> 191 <td></td> 192 </tr> 193 <tr> 194 <td> </td> 195 <td>CVE-2015-5706</td> 196 <td></td> 197 <td>*</td> 198 </tr> 199 <tr> 200 <td>NVIDIA GPU </td> 201 <td>CVE-2016-8424, CVE-2016-8425, CVE-2016-8426, CVE-2016-8482, 202 CVE-2016-8427, CVE-2016-8428, CVE-2016-8429, CVE-2016-8430, 203 CVE-2016-8431, CVE-2016-8432</td> 204 <td></td> 205 <td></td> 206 </tr> 207 <tr> 208 <td>MediaTek </td> 209 <td>CVE-2016-8433</td> 210 <td></td> 211 <td>*</td> 212 </tr> 213 <tr> 214 <td>Qualcomm GPU </td> 215 <td>CVE-2016-8434</td> 216 <td></td> 217 <td></td> 218 </tr> 219 <tr> 220 <td>NVIDIA GPU </td> 221 <td>CVE-2016-8435</td> 222 <td></td> 223 <td></td> 224 </tr> 225 <tr> 226 <td>Qualcomm </td> 227 <td>CVE-2016-8436</td> 228 <td></td> 229 <td>*</td> 230 </tr> 231 <tr> 232 <td>Qualcomm </td> 233 <td>CVE-2016-5080, CVE-2016-8398, CVE-2016-8437, CVE-2016-8438, 234 CVE-2016-8439, CVE-2016-8440, CVE-2016-8441, CVE-2016-8442, 235 CVE-2016-8443, CVE-2016-8459</td> 236 <td></td> 237 <td>*</td> 238 </tr> 239 <tr> 240 <td>Qualcomm </td> 241 <td>CVE-2016-8412, CVE-2016-8444</td> 242 <td></td> 243 <td></td> 244 </tr> 245 <tr> 246 <td>MediaTek </td> 247 <td>CVE-2016-8445, CVE-2016-8446, CVE-2016-8447, CVE-2016-8448</td> 248 <td></td> 249 <td>*</td> 250 </tr> 251 <tr> 252 <td>Qualcomm Wi-Fi </td> 253 <td>CVE-2016-8415</td> 254 <td></td> 255 <td></td> 256 </tr> 257 <tr> 258 <td>NVIDIA GPU </td> 259 <td>CVE-2016-8449</td> 260 <td></td> 261 <td></td> 262 </tr> 263 <tr> 264 <td>Qualcomm </td> 265 <td>CVE-2016-8450</td> 266 <td></td> 267 <td></td> 268 </tr> 269 <tr> 270 <td>Synaptics </td> 271 <td>CVE-2016-8451</td> 272 <td></td> 273 <td>*</td> 274 </tr> 275 <tr> 276 <td> </td> 277 <td>CVE-2016-7042</td> 278 <td></td> 279 <td></td> 280 </tr> 281 <tr> 282 <td> </td> 283 <td>CVE-2017-0403</td> 284 <td></td> 285 <td></td> 286 </tr> 287 <tr> 288 <td> </td> 289 <td>CVE-2017-0404</td> 290 <td></td> 291 <td></td> 292 </tr> 293 <tr> 294 <td>Qualcomm Wi-Fi </td> 295 <td>CVE-2016-8452</td> 296 <td></td> 297 <td></td> 298 </tr> 299 <tr> 300 <td>Qualcomm </td> 301 <td>CVE-2016-5345</td> 302 <td></td> 303 <td></td> 304 </tr> 305 <tr> 306 <td> </td> 307 <td>CVE-2016-9754</td> 308 <td></td> 309 <td></td> 310 </tr> 311 <tr> 312 <td>Broadcom Wi-Fi </td> 313 <td>CVE-2016-8453, CVE-2016-8454, CVE-2016-8455, CVE-2016-8456, CVE-2016-8457</td> 314 <td></td> 315 <td></td> 316 </tr> 317 <tr> 318 <td>Synaptics </td> 319 <td>CVE-2016-8458</td> 320 <td></td> 321 <td></td> 322 </tr> 323 <tr> 324 <td>NVIDIA </td> 325 <td>CVE-2016-8460</td> 326 <td></td> 327 <td></td> 328 </tr> 329 <tr> 330 <td> </td> 331 <td>CVE-2016-8461, CVE-2016-8462</td> 332 <td></td> 333 <td></td> 334 </tr> 335 <tr> 336 <td>Qualcomm FUSE (DoS) </td> 337 <td>CVE-2016-8463</td> 338 <td></td> 339 <td>*</td> 340 </tr> 341 <tr> 342 <td> (DoS) </td> 343 <td>CVE-2016-8467</td> 344 <td></td> 345 <td></td> 346 </tr> 347 <tr> 348 <td>Broadcom Wi-Fi </td> 349 <td>CVE-2016-8464, CVE-2016-8465, CVE-2016-8466</td> 350 <td></td> 351 <td></td> 352 </tr> 353 <tr> 354 <td> </td> 355 <td>CVE-2016-8467</td> 356 <td></td> 357 <td></td> 358 </tr> 359 <tr> 360 <td>Binder </td> 361 <td>CVE-2016-8468</td> 362 <td></td> 363 <td></td> 364 </tr> 365 <tr> 366 <td>NVIDIA </td> 367 <td>CVE-2016-8469</td> 368 <td></td> 369 <td></td> 370 </tr> 371 <tr> 372 <td>MediaTek </td> 373 <td>CVE-2016-8470, CVE-2016-8471, CVE-2016-8472</td> 374 <td></td> 375 <td>*</td> 376 </tr> 377 <tr> 378 <td>STMicroelectronics </td> 379 <td>CVE-2016-8473, CVE-2016-8474</td> 380 <td></td> 381 <td></td> 382 </tr> 383 <tr> 384 <td>Qualcomm </td> 385 <td>CVE-2017-0399, CVE-2017-0400, CVE-2017-0401, CVE-2017-0402</td> 386 <td></td> 387 <td></td> 388 </tr> 389 <tr> 390 <td>HTC </td> 391 <td>CVE-2016-8475</td> 392 <td></td> 393 <td></td> 394 </tr> 395 <tr> 396 <td> (DoS) </td> 397 <td>CVE-2014-9420</td> 398 <td></td> 399 <td></td> 400 </tr> 401 </table> 402 <p>* Android 7.0 Google 403 .</p> 404 405 <h2 id="mitigations">Android Google 406 </h2> 407 <p> SafetyNet <a href="{@docRoot}security/enhancements/index.html">Android </a> 408 . 409 Android 410 .</p> 411 <ul> 412 <li>Android Android 413 . Android 414 .</li> 415 <li>Android <a href="http://static.googleusercontent.com/media/source.android.com/en//security/reports/Google_Android_Security_2015_Report_Final.pdf"> </a> 416 417 <a href="http://static.googleusercontent.com/media/source.android.com/en//security/reports/Google_Android_Security_PHA_classifications.pdf"> SafetyNet</a> 418 . <a href="http://www.android.com/gms">Google </a> 419 Google Play . Google 420 Play 421 422 . 423 424 . 425 .</li> 426 <li> Google 427 .</li> 428 </ul> 429 <h2 id="acknowledgements"> </h2> 430 <p> .</p> 431 <ul> 432 <li>Alexandru Blanda: CVE-2017-0390</li> 433 <li>Copperhead Security Daniel Micay: CVE-2017-0397</li> 434 <li>Tencent Xuanwu Lab 435 Daxing Guo(<a href="https://twitter.com/freener0">@freener0</a>): CVE-2017-0386</li> 436 <li><a href="mailto:derrek.haxx (a] gmail.com">derrek</a>(<a href="https://twitter.com/derrekr6">@derrekr6</a>): CVE-2017-0392</li> 437 <li>Tencent KeenLab(<a href="https://twitter.com/keen_lab">@keen_lab</a>) 438 Di Shen(<a href="https://twitter.com/returnsme">@returnsme</a>): CVE-2016-8412, 439 CVE-2016-8444, CVE-2016-8427, CVE-2017-0403</li> 440 <li>Shellphish Grill Team donfos(Aravind Machiry), UC Santa Barbara: 441 CVE-2016-8448, CVE-2016-8470, CVE-2016-8471, CVE-2016-8472</li> 442 <li><a href="http://www.ms509.com">MS509Team</a> En He(<a href="http://twitter.com/heeeeen4x">@heeeeen4x</a>): CVE-2017-0394</li> 443 <li>Qihoo 360 Technology Co. Ltd. 444 IceSword Lab Gengjia Chen(<a href="https://twitter.com/chengjia4574">@chengjia4574</a>) 445 <a href="http://weibo.com/jfpan">pjf</a>: CVE-2016-8464</li> 446 <li>Google WebM: CVE-2017-0393</li> 447 <li><a href="http://www.360.com">Qihoo 360 Technology Co. Ltd</a>. Alpha 448 Guang Gong()(<a href="http://twitter.com/oldfresher">@oldfresher</a>) 449 : CVE-2017-0387</li> 450 <li>Qihoo 360 Technology Co. Ltd Alpha Team Hao Chen, Guang Gong: 451 CVE-2016-8415, CVE-2016-8454, CVE-2016-8455, CVE-2016-8456, CVE-2016-8457, 452 CVE-2016-8465</li> 453 <li>Qihoo 360 IceSword Lab Jianqiang Zhao(<a href="https://twitter.com/jianqiangzhao">@jianqiangzhao</a>) <a href="http://weibo.com/jfpan">pjf</a>: CVE-2016-8475</li> 454 <li>Jon Sawyer(<a href="http://twitter.com/jcase">@jcase</a>) Sean Beaupre 455 (<a href="https://twitter.com/firewaterdevs">@firewaterdevs</a>): CVE-2016-8462</li> 456 <li>Jon Sawyer(<a href="http://twitter.com/jcase">@jcase</a>), Sean Beaupre(<a href="https://twitter.com/firewaterdevs">@firewaterdevs</a>), Ben Actis(<a href="https://twitter.com/ben_ra">@Ben_RA</a>): CVE-2016-8461</li> 457 <li><a href="http://c0reteam.org">C0RE Team</a> Mingjian Zhou(<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>), Yuqi Lu(<a href="https://twitter.com/nikos233__">@nikos233</a>), Chiachih Wu(<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>), Xuxian Jiang: CVE-2017-0383</li> 458 <li>Monk Avel: CVE-2017-0396, CVE-2017-0399</li> 459 <li>Trend Micro Peter Pi(<a href="https://twitter.com/heisecode">@heisecode</a>): CVE-2016-8469, CVE-2016-8424, CVE-2016-8428, CVE-2016-8429, 460 CVE-2016-8460, CVE-2016-8473, CVE-2016-8474</li> 461 <li>Tencent KeenLab() 462 Qidan He()(<a href="https://twitter.com/flanker_hqd">@flanker_hqd</a>): CVE-2017-0382</li> 463 <li>IBM Security X-Force Roee Hay, Michael Goberman: CVE-2016-8467</li> 464 <li>Trend Micro Mobile Threat Research Team 465 Seven Shen(<a href="https://twitter.com/lingtongshen">@lingtongshen</a>): CVE-2016-8466</li> 466 <li>Stephen Morrow: CVE-2017-0389</li> 467 <li>Mobile Threat Research Team, <a href="http://www.trendmicro.com">Trend Micro</a> 468 V.E.O(<a href="https://twitter.com/vysea">@VYSEa</a>):CVE-2017-0381</li> 469 <li>Alibaba Inc. Weichao Sun(<a href="https://twitter.com/sunblate">@sunblate</a>): 470 CVE-2017-0391</li> 471 <li><a href="http://c0reteam.org">C0RE Team</a> <a href="mailto:vancouverdou (a] gmail.com">Wenke Dou</a>, Chiachih Wu(<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>), Xuxian Jiang: CVE-2017-0402, CVE-2017-0398</li> 472 <li><a href="http://c0reteam.org">C0RE Team</a> <a href="mailto:vancouverdou (a] gmail.com">Wenke Dou</a>, <a href="mailto:arnow117 (a] gmail.com">Hanxiang Wen</a>, Chiachih Wu(<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>), Xuxian Jiang: CVE-2017-0400</li> 473 <li><a href="http://c0reteam.org">C0RE Team</a> <a href="mailto:vancouverdou (a] gmail.com">Wenke Dou</a>, <a href="mailto:hlhan (a] bupt.edu.cn">Hongli Han</a>, Chiachih Wu(<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>), Xuxian Jiang: CVE-2017-0384, CVE-2017-0385</li> 474 <li><a href="http://c0reteam.org">C0RE Team</a> <a href="mailto:vancouverdou (a] gmail.com">Wenke Dou</a>, Yuqi Lu(<a href="https://twitter.com/nikos233__">@nikos233</a>), Chiachih Wu(<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>), Xuxian Jiang: CVE-2017-0401</li> 475 <li><a href="http://c0reteam.org">C0RE Team</a> <a href="mailto:yaojun8558363 (a] gmail.com">Yao Jun</a>, <a href="mailto:computernik (a] gmail.com">Yuan-Tsung Lo</a>, Chiachih Wu(<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>), Xuxian Jiang: CVE-2016-8431, CVE-2016-8432, 476 CVE-2016-8435</li> 477 <li>Alibaba Inc. Yong Wang()(<a href="https://twitter.com/ThomasKing2014">@ThomasKing2014</a>), 478 Jun Cheng: CVE-2017-0404</li> 479 <li><a href="http://c0reteam.org">C0RE Team</a> <a href="mailto:computernik (a] gmail.com">Yuan-Tsung Lo</a>, <a href="mailto:segfault5514 (a] gmail.com">Tong Lin</a>, Chiachih Wu(<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>), Xuxian Jiang: CVE-2016-8425, CVE-2016-8426, 480 CVE-2016-8449</li> 481 <li><a href="http://c0reteam.org">C0RE Team</a> <a href="mailto:computernik (a] gmail.com">Yuan-Tsung Lo</a>, <a href="mailto:bigwyfone (a] gmail.com">Yanfeng Wang</a>, Chiachih Wu(<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>), Xuxian Jiang: CVE-2016-8430, CVE-2016-8482</li> 482 <li>Tencent Security Platform Department 483 Yuxiang Li(<a href="https://twitter.com/xbalien29">@Xbalien29</a>): CVE-2017-0395</li> 484 <li><a href="https://twitter.com/0xr0ot">Cheetah Mobile</a> Security Research Lab 485 Zhanpeng Zhao()(<a href="http://www.cmcm.com/">@0xr0ot</a>): 486 CVE-2016-8451</li> 487 </ul> 488 <p> 489 .</p> 490 <ul> 491 <li>Alibaba Mobile Security Group Baozeng Ding, Chengming Yang, Peng Xiao, Ning You, Yang Dong, Chao Yang, Yi Zhang, Yang Song</li> 492 <li>Trend Micro Peter Pi(<a href="https://twitter.com/heisecode">@heisecode</a>)</li> 493 <li>Google Zubin Mithra</li> 494 </ul> 495 496 <h2 id="2017-01-01-details">2017-01-01 497 </h2> 498 <p> 499 <a href="#2017-01-01-summary">2017-01-01 500 </a> 501 . 502 , CVE, 503 , , Google , 504 AOSP ( ), 505 . 506 AOSP ID 507 . 508 ID .</p> 509 510 511 <h3 id="rce-in-c-ares">c-ares </h3> 512 <p> 513 c-ares 514 515 . 516 . 517 </p> 518 519 <table> 520 <col width="18%"> 521 <col width="17%"> 522 <col width="10%"> 523 <col width="19%"> 524 <col width="18%"> 525 <col width="17%"> 526 <tr> 527 <th>CVE</th> 528 <th></th> 529 <th></th> 530 <th> Google </th> 531 <th> AOSP </th> 532 <th> </th> 533 </tr> 534 <tr> 535 <td>CVE-2016-5180</td> 536 <td><a href="https://android.googlesource.com/platform/external/c-ares/+/f4baf84f285bfbdebb89b2fef8a955720f00c677"> 537 A-32205736</a></td> 538 <td></td> 539 <td></td> 540 <td>7.0</td> 541 <td>2016 9 29</td> 542 </tr> 543 </table> 544 545 546 <h3 id="rce-vulnerability-in-framesequence">Framesequence 547 </h3> 548 <p> 549 Framesequence 550 551 . Framesequence 552 553 . 554 </p> 555 <table> 556 <col width="18%"> 557 <col width="17%"> 558 <col width="10%"> 559 <col width="19%"> 560 <col width="18%"> 561 <col width="17%"> 562 <tr> 563 <th>CVE</th> 564 <th></th> 565 <th></th> 566 <th> Google </th> 567 <th> AOSP </th> 568 <th> </th> 569 </tr> 570 <tr> 571 <td>CVE-2017-0382</td> 572 <td><a href="https://android.googlesource.com/platform/frameworks/ex/+/7f0e3dab5a892228d8dead7f0221cc9ae82474f7"> 573 A-32338390</a></td> 574 <td></td> 575 <td></td> 576 <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 577 <td>2016 10 21</td> 578 </tr> 579 </table> 580 <h3 id="eop-in-framework-apis"> API 581 </h3> 582 <p> 583 API 584 585 . 586 587 . 588 </p> 589 <table> 590 <col width="18%"> 591 <col width="17%"> 592 <col width="10%"> 593 <col width="19%"> 594 <col width="18%"> 595 <col width="17%"> 596 <tr> 597 <th>CVE</th> 598 <th></th> 599 <th></th> 600 <th> Google </th> 601 <th> AOSP </th> 602 <th> </th> 603 </tr> 604 <tr> 605 <td>CVE-2017-0383</td> 606 <td><a href="https://android.googlesource.com/platform/frameworks/native/+/e5753ba087fa59ee02f6026cc13b1ceb42a1f266"> 607 A-31677614</a></td> 608 <td></td> 609 <td></td> 610 <td>7.0, 7.1.1</td> 611 <td>2016 9 21</td> 612 </tr> 613 </table> 614 <h3 id="eop-in-audioserver"> 615 </h3> 616 <p> 617 618 619 . 620 621 . 622 </p> 623 <table> 624 <col width="18%"> 625 <col width="17%"> 626 <col width="10%"> 627 <col width="19%"> 628 <col width="18%"> 629 <col width="17%"> 630 <tr> 631 <th>CVE</th> 632 <th></th> 633 <th></th> 634 <th> Google </th> 635 <th> AOSP </th> 636 <th> </th> 637 </tr> 638 <tr> 639 <td>CVE-2017-0384</td> 640 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/321ea5257e37c8edb26e66fe4ee78cca4cd915fe"> 641 A-32095626</a></td> 642 <td></td> 643 <td></td> 644 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 645 <td>2016 10 11</td> 646 </tr> 647 <tr> 648 <td>CVE-2017-0385</td> 649 <td><a href="https://android.googlesource.com/platform/hardware/qcom/audio/+/ed79f2cc961d7d35fdbbafdd235c1436bcd74358"> 650 A-32585400</a></td> 651 <td></td> 652 <td></td> 653 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 654 <td>2016 10 11</td> 655 </tr> 656 </table> 657 <h3 id="eop-in-libnl">libnl 658 </h3> 659 <p> 660 libnl 661 662 . 663 664 . 665 </p> 666 <table> 667 <col width="18%"> 668 <col width="17%"> 669 <col width="10%"> 670 <col width="19%"> 671 <col width="18%"> 672 <col width="17%"> 673 <tr> 674 <th>CVE</th> 675 <th></th> 676 <th></th> 677 <th> Google </th> 678 <th> AOSP </th> 679 <th> </th> 680 </tr> 681 <tr> 682 <td>CVE-2017-0386</td> 683 <td><a href="https://android.googlesource.com/platform/external/libnl/+/f0b40192efd1af977564ed6335d42a8bbdaf650a"> 684 A-32255299</a></td> 685 <td></td> 686 <td></td> 687 <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 688 <td>2016 10 18</td> 689 </tr> 690 </table> 691 <h3 id="eop-in-mediaserver"> 692 </h3> 693 <p> 694 695 696 . 697 698 . 699 </p> 700 <table> 701 <col width="18%"> 702 <col width="17%"> 703 <col width="10%"> 704 <col width="19%"> 705 <col width="18%"> 706 <col width="17%"> 707 <tr> 708 <th>CVE</th> 709 <th></th> 710 <th></th> 711 <th> Google </th> 712 <th> AOSP </th> 713 <th> </th> 714 </tr> 715 <tr> 716 <td>CVE-2017-0387</td> 717 <td><a href="https://android.googlesource.com/platform/frameworks/native/+/675e212c8c6653825cc3352c603caf2e40b00f9f"> 718 A-32660278</a></td> 719 <td></td> 720 <td></td> 721 <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 722 <td>2016 11 4</td> 723 </tr> 724 </table> 725 <h3 id="id-in-external-storage-provider"> 726 </h3> 727 <p> 728 729 SD 730 . 731 . 732 </p> 733 <table> 734 <col width="18%"> 735 <col width="17%"> 736 <col width="10%"> 737 <col width="19%"> 738 <col width="18%"> 739 <col width="17%"> 740 <tr> 741 <th>CVE</th> 742 <th></th> 743 <th></th> 744 <th> Google </th> 745 <th> AOSP </th> 746 <th> </th> 747 </tr> 748 <tr> 749 <td>CVE-2017-0388</td> 750 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/47e62b7fe6807a274ba760a8fecfd624fe792da9"> 751 A-32523490</a></td> 752 <td></td> 753 <td></td> 754 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 755 <td>Google </td> 756 </tr> 757 </table> 758 <h3 id="dos-in-core-networking"> 759 (DoS) </h3> 760 <p> 761 762 . 763 . 764 </p> 765 <table> 766 <col width="18%"> 767 <col width="17%"> 768 <col width="10%"> 769 <col width="19%"> 770 <col width="18%"> 771 <col width="17%"> 772 <tr> 773 <th>CVE</th> 774 <th></th> 775 <th></th> 776 <th> Google </th> 777 <th> AOSP </th> 778 <th> </th> 779 </tr> 780 <tr> 781 <td>CVE-2017-0389</td> 782 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/a014b6be3c7c6fb5cf9352a05baf84fca7a133c7"> 783 A-31850211</a> 784 [<a href="https://android.googlesource.com/platform/frameworks/base/+/47e81a2596b00ee7aaca58716ff164a1708b0b29">2</a>] 785 [<a href="https://android.googlesource.com/platform/frameworks/base/+/006e0613016c1a0e0627f992f5a93a7b7198edba#">3</a>]</td> 786 <td></td> 787 <td></td> 788 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 789 <td>2016 7 20</td> 790 </tr> 791 </table> 792 <h3 id="dos-in-mediaserver"> 793 (DoS) </h3> 794 <p> 795 796 . 797 . 798 </p> 799 <table> 800 <col width="18%"> 801 <col width="17%"> 802 <col width="10%"> 803 <col width="19%"> 804 <col width="18%"> 805 <col width="17%"> 806 <tr> 807 <th>CVE</th> 808 <th></th> 809 <th></th> 810 <th> Google </th> 811 <th> AOSP </th> 812 <th> </th> 813 </tr> 814 <tr> 815 <td>CVE-2017-0390</td> 816 <td><a href="https://android.googlesource.com/platform/external/tremolo/+/5dc99237d49e73c27d3eca54f6ccd97d13f94de0"> 817 A-31647370</a></td> 818 <td></td> 819 <td></td> 820 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 821 <td>2016 9 19</td> 822 </tr> 823 <tr> 824 <td>CVE-2017-0391</td> 825 <td><a href="https://android.googlesource.com/platform/external/libhevc/+/a33f6725d7e9f92330f995ce2dcf4faa33f6433f"> 826 A-32322258</a></td> 827 <td></td> 828 <td></td> 829 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 830 <td>2016 10 20</td> 831 </tr> 832 <tr> 833 <td>CVE-2017-0392</td> 834 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/453b351ac5bd2b6619925dc966da60adf6b3126c"> 835 A-32577290</a></td> 836 <td></td> 837 <td></td> 838 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 839 <td>2016 10 29</td> 840 </tr> 841 <tr> 842 <td>CVE-2017-0393</td> 843 <td><a href="https://android.googlesource.com/platform/external/libvpx/+/6886e8e0a9db2dbad723dc37a548233e004b33bc"> 844 A-30436808</a></td> 845 <td></td> 846 <td></td> 847 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 848 <td>Google </td> 849 </tr> 850 </table> 851 <h3 id="dos-in-telephony"> 852 (DoS) </h3> 853 <p> 854 855 . 856 . 857 </p> 858 <table> 859 <col width="18%"> 860 <col width="17%"> 861 <col width="10%"> 862 <col width="19%"> 863 <col width="18%"> 864 <col width="17%"> 865 <tr> 866 <th>CVE</th> 867 <th></th> 868 <th></th> 869 <th> Google </th> 870 <th> AOSP </th> 871 <th> </th> 872 </tr> 873 <tr> 874 <td>CVE-2017-0394</td> 875 <td><a href="https://android.googlesource.com/platform/packages/services/Telephony/+/1cdced590675ce526c91c6f8983ceabb8038f58d"> 876 A-31752213</a></td> 877 <td></td> 878 <td></td> 879 <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 880 <td>2016 9 23</td> 881 </tr> 882 </table> 883 <h3 id="eop-in-contacts"> 884 </h3> 885 <p> 886 887 . 888 ( 889 ) 890 . 891 </p> 892 <table> 893 <col width="18%"> 894 <col width="17%"> 895 <col width="10%"> 896 <col width="19%"> 897 <col width="18%"> 898 <col width="17%"> 899 <tr> 900 <th>CVE</th> 901 <th></th> 902 <th></th> 903 <th> Google </th> 904 <th> AOSP </th> 905 <th> </th> 906 </tr> 907 <tr> 908 <td>CVE-2017-0395</td> 909 <td><a href="https://android.googlesource.com/platform/packages/apps/ContactsCommon/+/d47661ad82d402c1e0c90eb83970687d784add1b"> 910 A-32219099</a></td> 911 <td></td> 912 <td></td> 913 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 914 <td>2016 10 15</td> 915 </tr> 916 </table> 917 <h3 id="id-in-mediaserver"> 918 </h3> 919 <p> 920 921 . 922 923 . 924 </p> 925 <table> 926 <col width="18%"> 927 <col width="17%"> 928 <col width="10%"> 929 <col width="19%"> 930 <col width="18%"> 931 <col width="17%"> 932 <tr> 933 <th>CVE</th> 934 <th></th> 935 <th></th> 936 <th> Google </th> 937 <th> AOSP </th> 938 <th> </th> 939 </tr> 940 <tr> 941 <td>CVE-2017-0381</td> 942 <td><a href="https://android.googlesource.com/platform/external/libopus/+/0d052d64480a30e83fcdda80f4774624e044beb7"> 943 A-31607432</a></td> 944 <td></td> 945 <td></td> 946 <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 947 <td>2016 9 18</td> 948 </tr> 949 <tr> 950 <td>CVE-2017-0396</td> 951 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/557bd7bfe6c4895faee09e46fc9b5304a956c8b7"> 952 A-31781965</a></td> 953 <td></td> 954 <td></td> 955 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 956 <td>2016 9 27</td> 957 </tr> 958 <tr> 959 <td>CVE-2017-0397</td> 960 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/7a3246b870ddd11861eda2ab458b11d723c7f62c"> 961 A-32377688</a></td> 962 <td></td> 963 <td></td> 964 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 965 <td>2016 10 21</td> 966 </tr> 967 </table> 968 <h3 id="id-in-audioserver"> 969 </h3> 970 <p> 971 972 . 973 974 . 975 </p> 976 <table> 977 <col width="18%"> 978 <col width="17%"> 979 <col width="10%"> 980 <col width="19%"> 981 <col width="18%"> 982 <col width="17%"> 983 <tr> 984 <th>CVE</th> 985 <th></th> 986 <th></th> 987 <th> Google </th> 988 <th> AOSP </th> 989 <th> </th> 990 </tr> 991 <tr> 992 <td>CVE-2017-0398</td> 993 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/26965db50a617f69bdefca0d7533796c80374f2c"> 994 A-32438594</a></td> 995 <td></td> 996 <td></td> 997 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 998 <td>2016 10 25</td> 999 </tr> 1000 <tr> 1001 <td>CVE-2017-0398</td> 1002 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/26965db50a617f69bdefca0d7533796c80374f2c"> 1003 A-32635664</a></td> 1004 <td></td> 1005 <td></td> 1006 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 1007 <td>2016 10 25</td> 1008 </tr> 1009 <tr> 1010 <td>CVE-2017-0398</td> 1011 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/26965db50a617f69bdefca0d7533796c80374f2c"> 1012 A-32624850</a></td> 1013 <td></td> 1014 <td></td> 1015 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 1016 <td>2016 10 25</td> 1017 </tr> 1018 <tr> 1019 <td>CVE-2017-0399</td> 1020 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/c66c43ad571ed2590dcd55a762c73c90d9744bac"> 1021 A-32247948</a> 1022 [<a href="https://android.googlesource.com/platform/hardware/qcom/audio/+/d72ea85c78a1a68bf99fd5804ad9784b4102fe57">2</a>]</td> 1023 <td></td> 1024 <td></td> 1025 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 1026 <td>2016 10 18</td> 1027 </tr> 1028 <tr> 1029 <td>CVE-2017-0400</td> 1030 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/c66c43ad571ed2590dcd55a762c73c90d9744bac"> 1031 A-32584034</a> 1032 [<a href="https://android.googlesource.com/platform/hardware/qcom/audio/+/d72ea85c78a1a68bf99fd5804ad9784b4102fe57">2</a>]</td> 1033 <td></td> 1034 <td></td> 1035 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 1036 <td>2016 10 25</td> 1037 </tr> 1038 <tr> 1039 <td>CVE-2017-0401</td> 1040 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/321ea5257e37c8edb26e66fe4ee78cca4cd915fe"> 1041 A-32448258</a></td> 1042 <td></td> 1043 <td></td> 1044 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 1045 <td>2016 10 26</td> 1046 </tr> 1047 <tr> 1048 <td>CVE-2017-0402</td> 1049 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/c66c43ad571ed2590dcd55a762c73c90d9744bac"> 1050 A-32436341</a> 1051 [<a href="https://android.googlesource.com/platform/hardware/qcom/audio/+/d72ea85c78a1a68bf99fd5804ad9784b4102fe57">2</a>]</td> 1052 <td></td> 1053 <td></td> 1054 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 1055 <td>2016 10 25</td> 1056 </tr> 1057 </table> 1058 1059 <h2 id="2017-01-05-details">2017-01-05 1060 </h2> 1061 <p> 1062 1063 <a href="#2017-01-05-summary">2017-01-05 1064 </a> 1065 . , 1066 CVE, , , Google , 1067 AOSP ( ), . 1068 AOSP ID 1069 . 1070 ID .</p> 1071 1072 1073 <h3 id="eop-in-kernel-memory-subsystem"> 1074 </h3> 1075 <p> 1076 1077 1078 . 1079 , 1080 . 1081 </p> 1082 1083 <table> 1084 <col width="19%"> 1085 <col width="20%"> 1086 <col width="10%"> 1087 <col width="23%"> 1088 <col width="17%"> 1089 <tr> 1090 <th>CVE</th> 1091 <th></th> 1092 <th></th> 1093 <th> Google </th> 1094 <th> </th> 1095 </tr> 1096 <tr> 1097 <td>CVE-2015-3288</td> 1098 <td>A-32460277<br> 1099 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6b7339f4c31ad69c8e9c0b2859276e22cf72176d"> 1100 </a></td> 1101 <td></td> 1102 <td>Nexus 5X, Nexus 6, Nexus 6P, Android One, Pixel C, Nexus Player, Pixel, 1103 Pixel XL</td> 1104 <td>2016 7 9</td> 1105 </tr> 1106 </table> 1107 1108 1109 <h3 id="eop-in-qualcomm-bootloader">Qualcomm 1110 </h3> 1111 <p> 1112 Qualcomm 1113 1114 . 1115 , 1116 . 1117 </p> 1118 1119 <table> 1120 <col width="19%"> 1121 <col width="20%"> 1122 <col width="10%"> 1123 <col width="23%"> 1124 <col width="17%"> 1125 <tr> 1126 <th>CVE</th> 1127 <th></th> 1128 <th></th> 1129 <th> Google </th> 1130 <th> </th> 1131 </tr> 1132 <tr> 1133 <td>CVE-2016-8422</td> 1134 <td>A-31471220<br> 1135 <a href="https://source.codeaurora.org/quic/la//kernel/lk/commit/?id=d6639f0a77f8ebfc1e05f3acdf12d5588e7e6213"> 1136 QC-CR#979426</a></td> 1137 <td></td> 1138 <td>Nexus 6, Nexus 6P, Pixel, Pixel XL</td> 1139 <td>2016 7 22</td> 1140 </tr> 1141 <tr> 1142 <td>CVE-2016-8423</td> 1143 <td>A-31399736<br> 1144 <a href="https://source.codeaurora.org/quic/la//kernel/lk/commit/?id=98db6cc526fa1677da05d54785937540cdc84867"> 1145 QC-CR#1000546</a></td> 1146 <td></td> 1147 <td>Nexus 6P, Pixel, Pixel XL</td> 1148 <td>2016 8 24</td> 1149 </tr> 1150 </table> 1151 1152 1153 <h3 id="eop-in-kernel-file-system"> 1154 </h3> 1155 <p> 1156 1157 1158 . 1159 , 1160 . 1161 </p> 1162 1163 <table> 1164 <col width="19%"> 1165 <col width="20%"> 1166 <col width="10%"> 1167 <col width="23%"> 1168 <col width="17%"> 1169 <tr> 1170 <th>CVE</th> 1171 <th></th> 1172 <th></th> 1173 <th> Google </th> 1174 <th> </th> 1175 </tr> 1176 <tr> 1177 <td>CVE-2015-5706</td> 1178 <td>A-32289301<br> 1179 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f15133df088ecadd141ea1907f2c96df67c729f0"> 1180 </a></td> 1181 <td></td> 1182 <td>*</td> 1183 <td>2016 8 1</td> 1184 </tr> 1185 </table> 1186 <p> 1187 * Android 7.0 Google 1188 . 1189 </p> 1190 1191 1192 <h3 id="eop-in-nvidia-gpu-driver">NVIDIA GPU 1193 </h3> 1194 <p> 1195 NVIDIA GPU 1196 1197 . 1198 , 1199 . 1200 </p> 1201 1202 <table> 1203 <col width="19%"> 1204 <col width="20%"> 1205 <col width="10%"> 1206 <col width="23%"> 1207 <col width="17%"> 1208 <tr> 1209 <th>CVE</th> 1210 <th></th> 1211 <th></th> 1212 <th> Google </th> 1213 <th> </th> 1214 </tr> 1215 <tr> 1216 <td>CVE-2016-8424</td> 1217 <td>A-31606947*<br> 1218 N-CVE-2016-8424</td> 1219 <td></td> 1220 <td>Nexus 9</td> 1221 <td>2016 9 17</td> 1222 </tr> 1223 <tr> 1224 <td>CVE-2016-8425</td> 1225 <td>A-31797770*<br> 1226 N-CVE-2016-8425</td> 1227 <td></td> 1228 <td>Nexus 9</td> 1229 <td>2016 9 28</td> 1230 </tr> 1231 <tr> 1232 <td>CVE-2016-8426</td> 1233 <td>A-31799206*<br> 1234 N-CVE-2016-8426</td> 1235 <td></td> 1236 <td>Nexus 9</td> 1237 <td>2016 9 28</td> 1238 </tr> 1239 <tr> 1240 <td>CVE-2016-8482</td> 1241 <td>A-31799863*<br> 1242 N-CVE-2016-8482</td> 1243 <td></td> 1244 <td>Nexus 9</td> 1245 <td>2016 9 28</td> 1246 </tr> 1247 <tr> 1248 <td>CVE-2016-8427</td> 1249 <td>A-31799885*<br> 1250 N-CVE-2016-8427</td> 1251 <td></td> 1252 <td>Nexus 9</td> 1253 <td>2016 9 28</td> 1254 </tr> 1255 <tr> 1256 <td>CVE-2016-8428</td> 1257 <td>A-31993456*<br> 1258 N-CVE-2016-8428</td> 1259 <td></td> 1260 <td>Nexus 9</td> 1261 <td>2016 10 6</td> 1262 </tr> 1263 <tr> 1264 <td>CVE-2016-8429</td> 1265 <td>A-32160775*<br> 1266 N-CVE-2016-8429</td> 1267 <td></td> 1268 <td>Nexus 9</td> 1269 <td>2016 10 13</td> 1270 </tr> 1271 <tr> 1272 <td>CVE-2016-8430</td> 1273 <td>A-32225180*<br> 1274 N-CVE-2016-8430</td> 1275 <td></td> 1276 <td>Nexus 9</td> 1277 <td>2016 10 17</td> 1278 </tr> 1279 <tr> 1280 <td>CVE-2016-8431</td> 1281 <td>A-32402179*<br> 1282 N-CVE-2016-8431</td> 1283 <td></td> 1284 <td>Pixel C</td> 1285 <td>2016 10 25</td> 1286 </tr> 1287 <tr> 1288 <td>CVE-2016-8432</td> 1289 <td>A-32447738*<br> 1290 N-CVE-2016-8432</td> 1291 <td></td> 1292 <td>Pixel C</td> 1293 <td>2016 10 26</td> 1294 </tr> 1295 </table> 1296 <p> 1297 * . 1298 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1299 . 1300 </p> 1301 1302 1303 <h3 id="eop-in-mediatek-driver">MediaTek 1304 </h3> 1305 <p> 1306 MediaTek 1307 1308 . 1309 , 1310 . 1311 </p> 1312 1313 <table> 1314 <col width="19%"> 1315 <col width="20%"> 1316 <col width="10%"> 1317 <col width="23%"> 1318 <col width="17%"> 1319 <tr> 1320 <th>CVE</th> 1321 <th></th> 1322 <th></th> 1323 <th> Google </th> 1324 <th> </th> 1325 </tr> 1326 <tr> 1327 <td>CVE-2016-8433</td> 1328 <td>A-31750190*<br> 1329 MT-ALPS02974192</td> 1330 <td></td> 1331 <td>**</td> 1332 <td>2016 9 24</td> 1333 </tr> 1334 </table> 1335 <p> 1336 * . 1337 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1338 . 1339 </p> 1340 <p> 1341 ** Android 7.0 Google 1342 . 1343 </p> 1344 1345 1346 <h3 id="eop-in-qualcomm-gpu-driver">Qualcomm GPU 1347 </h3> 1348 <p> 1349 Qualcomm GPU 1350 1351 . 1352 , 1353 . 1354 </p> 1355 1356 <table> 1357 <col width="19%"> 1358 <col width="20%"> 1359 <col width="10%"> 1360 <col width="23%"> 1361 <col width="17%"> 1362 <tr> 1363 <th>CVE</th> 1364 <th></th> 1365 <th></th> 1366 <th> Google </th> 1367 <th> </th> 1368 </tr> 1369 <tr> 1370 <td>CVE-2016-8434</td> 1371 <td>A-32125137<br> 1372 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.14/commit/?id=3e3866a5fced40ccf9ca442675cf915961efe4d9"> 1373 QC-CR#1081855</a></td> 1374 <td></td> 1375 <td>Nexus 5X, Nexus 6, Nexus 6P, Android One</td> 1376 <td>2016 10 12</td> 1377 </tr> 1378 </table> 1379 1380 1381 <h3 id="eop-in-nvidia-gpu-driver-2">NVIDIA GPU 1382 </h3> 1383 <p> 1384 NVIDIA GPU 1385 1386 . 1387 , 1388 . 1389 </p> 1390 1391 <table> 1392 <col width="19%"> 1393 <col width="20%"> 1394 <col width="10%"> 1395 <col width="23%"> 1396 <col width="17%"> 1397 <tr> 1398 <th>CVE</th> 1399 <th></th> 1400 <th></th> 1401 <th> Google </th> 1402 <th> </th> 1403 </tr> 1404 <tr> 1405 <td>CVE-2016-8435</td> 1406 <td>A-32700935*<br> 1407 N-CVE-2016-8435</td> 1408 <td></td> 1409 <td>Pixel C</td> 1410 <td>2015 11 7</td> 1411 </tr> 1412 </table> 1413 <p> 1414 * . 1415 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1416 1417 . 1418 </p> 1419 1420 1421 <h3 id="eop-in-qualcomm-video-driver">Qualcomm 1422 </h3> 1423 <p> 1424 Qualcomm 1425 1426 . 1427 , 1428 . 1429 </p> 1430 1431 <table> 1432 <col width="19%"> 1433 <col width="20%"> 1434 <col width="10%"> 1435 <col width="23%"> 1436 <col width="17%"> 1437 <tr> 1438 <th>CVE</th> 1439 <th></th> 1440 <th></th> 1441 <th> Google </th> 1442 <th> </th> 1443 </tr> 1444 <tr> 1445 <td>CVE-2016-8436</td> 1446 <td>A-32450261<br> 1447 <a href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=228e8d17b9f5d22cf9896ab8eff88dc6737c2ced"> 1448 QC-CR#1007860</a></td> 1449 <td></td> 1450 <td>*</td> 1451 <td>2016 10 13</td> 1452 </tr> 1453 </table> 1454 <p> 1455 * Android 7.0 Google 1456 . 1457 </p> 1458 1459 1460 <h3 id="vulnerabilities-in-qualcomm-components">Qualcomm 1461 </h3> 1462 <p> 1463 Qualcomm Qualcomm AMSS 2015 11, 2016 8, 2016 9, 2016 10 . 1464 </p> 1465 1466 <table> 1467 <col width="19%"> 1468 <col width="20%"> 1469 <col width="10%"> 1470 <col width="23%"> 1471 <col width="17%"> 1472 <tr> 1473 <th>CVE</th> 1474 <th></th> 1475 <th>*</th> 1476 <th> Google </th> 1477 <th> </th> 1478 </tr> 1479 <tr> 1480 <td>CVE-2016-8438</td> 1481 <td>A-31624565**</td> 1482 <td></td> 1483 <td>***</td> 1484 <td>Qualcomm </td> 1485 </tr> 1486 <tr> 1487 <td>CVE-2016-8442</td> 1488 <td>A-31625910**</td> 1489 <td></td> 1490 <td>***</td> 1491 <td>Qualcomm </td> 1492 </tr> 1493 <tr> 1494 <td>CVE-2016-8443</td> 1495 <td>A-32576499**</td> 1496 <td></td> 1497 <td>***</td> 1498 <td>Qualcomm </td> 1499 </tr> 1500 <tr> 1501 <td>CVE-2016-8437</td> 1502 <td>A-31623057**</td> 1503 <td></td> 1504 <td>***</td> 1505 <td>Qualcomm </td> 1506 </tr> 1507 <tr> 1508 <td>CVE-2016-8439</td> 1509 <td>A-31625204**</td> 1510 <td></td> 1511 <td>***</td> 1512 <td>Qualcomm </td> 1513 </tr> 1514 <tr> 1515 <td>CVE-2016-8440</td> 1516 <td>A-31625306**</td> 1517 <td></td> 1518 <td>***</td> 1519 <td>Qualcomm </td> 1520 </tr> 1521 <tr> 1522 <td>CVE-2016-8441</td> 1523 <td>A-31625904**</td> 1524 <td></td> 1525 <td>***</td> 1526 <td>Qualcomm </td> 1527 </tr> 1528 <tr> 1529 <td>CVE-2016-8398</td> 1530 <td>A-31548486**</td> 1531 <td></td> 1532 <td>Nexus 5X, Nexus 6, Nexus 6P, Android One</td> 1533 <td>Qualcomm </td> 1534 </tr> 1535 <tr> 1536 <td>CVE-2016-8459</td> 1537 <td>A-32577972**</td> 1538 <td></td> 1539 <td>***</td> 1540 <td>Qualcomm </td> 1541 </tr> 1542 <tr> 1543 <td>CVE-2016-5080</td> 1544 <td>A-31115235**</td> 1545 <td></td> 1546 <td>Nexus 5X</td> 1547 <td>Qualcomm </td> 1548 </tr> 1549 </table> 1550 <p> 1551 * . 1552 </p> 1553 <p> 1554 ** . 1555 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1556 1557 . 1558 </p> 1559 <p> 1560 *** Android 7.0 Google 1561 . 1562 </p> 1563 1564 1565 <h3 id="eop-in-qualcomm-camera">Qualcomm 1566 </h3> 1567 <p> 1568 Qualcomm 1569 1570 . 1571 . 1572 </p> 1573 1574 <table> 1575 <col width="19%"> 1576 <col width="20%"> 1577 <col width="10%"> 1578 <col width="23%"> 1579 <col width="17%"> 1580 <tr> 1581 <th>CVE</th> 1582 <th></th> 1583 <th></th> 1584 <th> Google </th> 1585 <th> </th> 1586 </tr> 1587 <tr> 1588 <td>CVE-2016-8412</td> 1589 <td>A-31225246<br> 1590 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=42a98c44669d92dafcf4d6336bdccaeb2db12786"> 1591 QC-CR#1071891</a></td> 1592 <td></td> 1593 <td>Nexus 5X, Nexus 6, Nexus 6P, Android One, Pixel, Pixel XL</td> 1594 <td>2016 8 26</td> 1595 </tr> 1596 <tr> 1597 <td>CVE-2016-8444</td> 1598 <td>A-31243641*<br> 1599 QC-CR#1074310</td> 1600 <td></td> 1601 <td>Nexus 5X, Nexus 6, Nexus 6P</td> 1602 <td>2016 8 26</td> 1603 </tr> 1604 </table> 1605 <p> 1606 * . 1607 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1608 1609 . 1610 </p> 1611 1612 1613 <h3 id="eop-in-mediatek-components">MediaTek 1614 </h3> 1615 <p> 1616 MediaTek 1617 1618 . 1619 1620 . 1621 </p> 1622 1623 <table> 1624 <col width="19%"> 1625 <col width="20%"> 1626 <col width="10%"> 1627 <col width="23%"> 1628 <col width="17%"> 1629 <tr> 1630 <th>CVE</th> 1631 <th></th> 1632 <th></th> 1633 <th> Google </th> 1634 <th> </th> 1635 </tr> 1636 <tr> 1637 <td>CVE-2016-8445</td> 1638 <td>A-31747590*<br> 1639 MT-ALPS02968983</td> 1640 <td></td> 1641 <td>**</td> 1642 <td>2016 9 25</td> 1643 </tr> 1644 <tr> 1645 <td>CVE-2016-8446</td> 1646 <td>A-31747749*<br> 1647 MT-ALPS02968909</td> 1648 <td></td> 1649 <td>**</td> 1650 <td>2016 9 25</td> 1651 </tr> 1652 <tr> 1653 <td>CVE-2016-8447</td> 1654 <td>A-31749463*<br> 1655 MT-ALPS02968886</td> 1656 <td></td> 1657 <td>**</td> 1658 <td>2016 9 25</td> 1659 </tr> 1660 <tr> 1661 <td>CVE-2016-8448</td> 1662 <td>A-31791148*<br> 1663 MT-ALPS02982181</td> 1664 <td></td> 1665 <td>**</td> 1666 <td>2016 9 28</td> 1667 </tr> 1668 </table> 1669 <p> 1670 * . 1671 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1672 1673 . 1674 </p> 1675 <p> 1676 ** Android 7.0 Google 1677 . 1678 </p> 1679 1680 1681 <h3 id="eop-in-qualcomm-wi-fi-driver">Qualcomm Wi-Fi 1682 </h3> 1683 <p> 1684 Qualcomm Wi-Fi 1685 1686 . 1687 . 1688 </p> 1689 1690 <table> 1691 <col width="19%"> 1692 <col width="20%"> 1693 <col width="10%"> 1694 <col width="23%"> 1695 <col width="17%"> 1696 <tr> 1697 <th>CVE</th> 1698 <th></th> 1699 <th></th> 1700 <th> Google </th> 1701 <th> </th> 1702 </tr> 1703 <tr> 1704 <td>CVE-2016-8415</td> 1705 <td>A-31750554<br> 1706 <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=188e12a816508b11771f362c852782ec9a6f9394"> 1707 QC-CR#1079596</a></td> 1708 <td></td> 1709 <td>Nexus 5X, Pixel, Pixel XL</td> 1710 <td>2016 9 26</td> 1711 </tr> 1712 </table> 1713 1714 1715 <h3 id="eop-in-nvidia-gpu-driver-3">NVIDIA GPU 1716 </h3> 1717 <p> 1718 NVIDIA GPU 1719 1720 . 1721 . 1722 </p> 1723 1724 <table> 1725 <col width="19%"> 1726 <col width="20%"> 1727 <col width="10%"> 1728 <col width="23%"> 1729 <col width="17%"> 1730 <tr> 1731 <th>CVE</th> 1732 <th></th> 1733 <th></th> 1734 <th> Google </th> 1735 <th> </th> 1736 </tr> 1737 <tr> 1738 <td>CVE-2016-8449</td> 1739 <td>A-31798848*<br> 1740 N-CVE-2016-8449</td> 1741 <td></td> 1742 <td>Nexus 9</td> 1743 <td>2016 9 28</td> 1744 </tr> 1745 </table> 1746 <p> 1747 * . 1748 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1749 1750 . 1751 </p> 1752 1753 1754 <h3 id="eop-in-qualcomm-sound-driver">Qualcomm 1755 </h3> 1756 <p> 1757 Qualcomm 1758 1759 . 1760 . 1761 </p> 1762 1763 <table> 1764 <col width="19%"> 1765 <col width="20%"> 1766 <col width="10%"> 1767 <col width="23%"> 1768 <col width="17%"> 1769 <tr> 1770 <th>CVE</th> 1771 <th></th> 1772 <th></th> 1773 <th> Google </th> 1774 <th> </th> 1775 </tr> 1776 <tr> 1777 <td>CVE-2016-8450</td> 1778 <td>A-32450563<br> 1779 <a href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=e909d159ad1998ada853ed35be27c7b6ba241bdb"> 1780 QC-CR#880388</a></td> 1781 <td></td> 1782 <td>Nexus 5X, Nexus 6, Nexus 6P, Android One</td> 1783 <td>2016 10 13</td> 1784 </tr> 1785 </table> 1786 1787 1788 <h3 id="eop-in-synaptics-touchscreen-driver">Synaptics 1789 </h3> 1790 <p> 1791 Synaptics 1792 1793 . 1794 . 1795 </p> 1796 1797 <table> 1798 <col width="19%"> 1799 <col width="20%"> 1800 <col width="10%"> 1801 <col width="23%"> 1802 <col width="17%"> 1803 <tr> 1804 <th>CVE</th> 1805 <th></th> 1806 <th></th> 1807 <th> Google </th> 1808 <th> </th> 1809 </tr> 1810 <tr> 1811 <td>CVE-2016-8451</td> 1812 <td>A-32178033*</td> 1813 <td></td> 1814 <td>**</td> 1815 <td>2016 10 13</td> 1816 </tr> 1817 </table> 1818 <p> 1819 * . 1820 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1821 1822 . 1823 </p> 1824 <p> 1825 ** Android 7.0 Google 1826 . 1827 </p> 1828 1829 1830 <h3 id="eop-in-kernel-security-subsystem"> 1831 </h3> 1832 <p> 1833 1834 1835 . 1836 . 1837 </p> 1838 1839 <table> 1840 <col width="19%"> 1841 <col width="20%"> 1842 <col width="10%"> 1843 <col width="23%"> 1844 <col width="17%"> 1845 <tr> 1846 <th>CVE</th> 1847 <th></th> 1848 <th></th> 1849 <th> Google </th> 1850 <th> </th> 1851 </tr> 1852 <tr> 1853 <td>CVE-2016-7042</td> 1854 <td>A-32178986<br> 1855 <a href="http://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=03dab869b7b239c4e013ec82aea22e181e441cfc"> 1856 </a></td> 1857 <td></td> 1858 <td>Pixel C</td> 1859 <td>2016 10 14</td> 1860 </tr> 1861 </table> 1862 1863 1864 <h3 id="eop-in-kernel-performance-subsystem"> 1865 </h3> 1866 <p> 1867 1868 . 1869 . 1870 </p> 1871 1872 <table> 1873 <col width="19%"> 1874 <col width="20%"> 1875 <col width="10%"> 1876 <col width="23%"> 1877 <col width="17%"> 1878 <tr> 1879 <th>CVE</th> 1880 <th></th> 1881 <th></th> 1882 <th> Google </th> 1883 <th> </th> 1884 </tr> 1885 <tr> 1886 <td>CVE-2017-0403</td> 1887 <td>A-32402548*</td> 1888 <td></td> 1889 <td>Nexus 5X, Nexus 6, Nexus 6P, Nexus 9, Android One, Pixel C, Nexus 1890 Player, Pixel, Pixel XL</td> 1891 <td>2016 10 25</td> 1892 </tr> 1893 </table> 1894 <p> 1895 * . 1896 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1897 1898 . 1899 </p> 1900 1901 1902 <h3 id="eop-in-kernel-sound-subsystem"> 1903 </h3> 1904 <p> 1905 1906 1907 . 1908 . 1909 </p> 1910 1911 <table> 1912 <col width="19%"> 1913 <col width="20%"> 1914 <col width="10%"> 1915 <col width="23%"> 1916 <col width="17%"> 1917 <tr> 1918 <th>CVE</th> 1919 <th></th> 1920 <th></th> 1921 <th> Google </th> 1922 <th> </th> 1923 </tr> 1924 <tr> 1925 <td>CVE-2017-0404</td> 1926 <td>A-32510733*</td> 1927 <td></td> 1928 <td>Nexus 5X, Nexus 6P, Nexus 9, Pixel C, Nexus Player, Pixel, Pixel 1929 XL</td> 1930 <td>2016 10 27</td> 1931 </tr> 1932 </table> 1933 <p> 1934 * . 1935 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1936 1937 . 1938 </p> 1939 1940 1941 <h3 id="eop-in-qualcomm-wi-fi-driver-2">Qualcomm Wi-Fi 1942 </h3> 1943 <p> 1944 Qualcomm Wi-Fi 1945 1946 . 1947 . 1948 </p> 1949 1950 <table> 1951 <col width="19%"> 1952 <col width="20%"> 1953 <col width="10%"> 1954 <col width="23%"> 1955 <col width="17%"> 1956 <tr> 1957 <th>CVE</th> 1958 <th></th> 1959 <th></th> 1960 <th> Google </th> 1961 <th> </th> 1962 </tr> 1963 <tr> 1964 <td>CVE-2016-8452</td> 1965 <td>A-32506396<br> 1966 <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=39fa8e972fa1b10dc68a066f4f9432753d8a2526"> 1967 QC-CR#1050323</a></td> 1968 <td></td> 1969 <td>Nexus 5X, Android One, Pixel, Pixel XL</td> 1970 <td>2016 10 28</td> 1971 </tr> 1972 </table> 1973 1974 1975 <h3 id="eop-in-qualcomm-radio-driver">Qualcomm 1976 </h3> 1977 <p> 1978 Qualcomm 1979 1980 . 1981 . 1982 </p> 1983 1984 <table> 1985 <col width="19%"> 1986 <col width="20%"> 1987 <col width="10%"> 1988 <col width="23%"> 1989 <col width="17%"> 1990 <tr> 1991 <th>CVE</th> 1992 <th></th> 1993 <th></th> 1994 <th> Google </th> 1995 <th> </th> 1996 </tr> 1997 <tr> 1998 <td>CVE-2016-5345</td> 1999 <td>A-32639452<br> 2000 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=67118716a2933f6f30a25ea7e3946569a8b191c6"> 2001 QC-CR#1079713</a></td> 2002 <td></td> 2003 <td>Android One</td> 2004 <td>2016 11 3</td> 2005 </tr> 2006 </table> 2007 2008 2009 <h3 id="eop-in-kernel-profiling-subsystem"> 2010 </h3> 2011 <p> 2012 2013 2014 . 2015 . 2016 </p> 2017 2018 <table> 2019 <col width="19%"> 2020 <col width="20%"> 2021 <col width="10%"> 2022 <col width="23%"> 2023 <col width="17%"> 2024 <tr> 2025 <th>CVE</th> 2026 <th></th> 2027 <th></th> 2028 <th> Google </th> 2029 <th> </th> 2030 </tr> 2031 <tr> 2032 <td>CVE-2016-9754</td> 2033 <td>A-32659848<br> 2034 <a href="http://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=59643d1535eb220668692a5359de22545af579f6"> 2035 </a></td> 2036 <td></td> 2037 <td>Nexus 5X, Nexus 6, Nexus 6P, Nexus 9, Android One, Pixel C, Nexus 2038 Player</td> 2039 <td>2016 11 4</td> 2040 </tr> 2041 </table> 2042 2043 2044 <h3 id="eop-in-broadcom-wi-fi-driver">Broadcom Wi-Fi 2045 </h3> 2046 <p> 2047 Broadcom Wi-Fi 2048 2049 . 2050 . 2051 </p> 2052 2053 <table> 2054 <col width="19%"> 2055 <col width="20%"> 2056 <col width="10%"> 2057 <col width="23%"> 2058 <col width="17%"> 2059 <tr> 2060 <th>CVE</th> 2061 <th></th> 2062 <th></th> 2063 <th> Google </th> 2064 <th> </th> 2065 </tr> 2066 <tr> 2067 <td>CVE-2016-8453 2068 </td> 2069 <td>A-24739315*<br> 2070 B-RB#73392</td> 2071 <td></td> 2072 <td>Nexus 6</td> 2073 <td>Google </td> 2074 </tr> 2075 <tr> 2076 <td>CVE-2016-8454</td> 2077 <td>A-32174590*<br> 2078 B-RB#107142</td> 2079 <td></td> 2080 <td>Nexus 6, Nexus 6P, Nexus 9, Pixel C, Nexus Player</td> 2081 <td>2016 10 14</td> 2082 </tr> 2083 <tr> 2084 <td>CVE-2016-8455</td> 2085 <td>A-32219121*<br> 2086 B-RB#106311</td> 2087 <td></td> 2088 <td>Nexus 6P</td> 2089 <td>2016 10 15</td> 2090 </tr> 2091 <tr> 2092 <td>CVE-2016-8456</td> 2093 <td>A-32219255*<br> 2094 B-RB#105580</td> 2095 <td></td> 2096 <td>Nexus 6, Nexus 6P, Nexus 9, Pixel C, Nexus Player</td> 2097 <td>2016 10 15</td> 2098 </tr> 2099 <tr> 2100 <td>CVE-2016-8457</td> 2101 <td>A-32219453*<br> 2102 B-RB#106116</td> 2103 <td></td> 2104 <td>Nexus 6, Nexus 6P, Nexus 9, Pixel C</td> 2105 <td>2016 10 15</td> 2106 </tr> 2107 </table> 2108 <p> 2109 * . 2110 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 2111 2112 . 2113 </p> 2114 2115 2116 <h3 id="eop-in-synaptics-touchscreen-driver-2">Synaptics 2117 </h3> 2118 <p> 2119 Synaptics 2120 2121 . 2122 . 2123 </p> 2124 2125 <table> 2126 <col width="19%"> 2127 <col width="20%"> 2128 <col width="10%"> 2129 <col width="23%"> 2130 <col width="17%"> 2131 <tr> 2132 <th>CVE</th> 2133 <th></th> 2134 <th></th> 2135 <th> Google </th> 2136 <th> </th> 2137 </tr> 2138 <tr> 2139 <td>CVE-2016-8458</td> 2140 <td>A-31968442*</td> 2141 <td></td> 2142 <td>Nexus 5X, Nexus 6P, Nexus 9, Android One, Pixel, Pixel XL</td> 2143 <td>Google </td> 2144 </tr> 2145 </table> 2146 <p> 2147 * . 2148 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 2149 2150 . 2151 </p> 2152 2153 2154 <h3 id="id-in-nvidia-video-driver">NVIDIA 2155 </h3> 2156 <p> 2157 NVIDIA 2158 . 2159 2160 . 2161 </p> 2162 2163 <table> 2164 <col width="19%"> 2165 <col width="20%"> 2166 <col width="10%"> 2167 <col width="23%"> 2168 <col width="17%"> 2169 <tr> 2170 <th>CVE</th> 2171 <th></th> 2172 <th></th> 2173 <th> Google </th> 2174 <th> </th> 2175 </tr> 2176 <tr> 2177 <td>CVE-2016-8460</td> 2178 <td>A-31668540*<br> 2179 N-CVE-2016-8460</td> 2180 <td></td> 2181 <td>Nexus 9</td> 2182 <td>2016 9 21</td> 2183 </tr> 2184 </table> 2185 <p> 2186 * . 2187 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 2188 2189 . 2190 </p> 2191 2192 2193 <h3 id="id-in-bootloader"> 2194 </h3> 2195 <p> 2196 2197 . 2198 . 2199 </p> 2200 2201 <table> 2202 <col width="19%"> 2203 <col width="20%"> 2204 <col width="10%"> 2205 <col width="23%"> 2206 <col width="17%"> 2207 <tr> 2208 <th>CVE</th> 2209 <th></th> 2210 <th></th> 2211 <th> Google </th> 2212 <th> </th> 2213 </tr> 2214 <tr> 2215 <td>CVE-2016-8461</td> 2216 <td>A-32369621*</td> 2217 <td></td> 2218 <td>Nexus 9, Pixel, Pixel XL</td> 2219 <td>2016 10 21</td> 2220 </tr> 2221 <tr> 2222 <td>CVE-2016-8462</td> 2223 <td>A-32510383*</td> 2224 <td></td> 2225 <td>Pixel, Pixel XL</td> 2226 <td>2016 10 27</td> 2227 </tr> 2228 </table> 2229 <p> 2230 * . 2231 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 2232 2233 . 2234 </p> 2235 2236 2237 <h3 id="dos-in-qualcomm-fuse-file-system">Qualcomm FUSE 2238 (DoS) </h3> 2239 <p> 2240 Qualcomm FUSE 2241 2242 . 2243 . 2244 </p> 2245 2246 <table> 2247 <col width="19%"> 2248 <col width="20%"> 2249 <col width="10%"> 2250 <col width="23%"> 2251 <col width="17%"> 2252 <tr> 2253 <th>CVE</th> 2254 <th></th> 2255 <th></th> 2256 <th> Google </th> 2257 <th> </th> 2258 </tr> 2259 <tr> 2260 <td>CVE-2016-8463</td> 2261 <td>A-30786860<br> 2262 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=cd0fa86de6ca1d40c0a93d86d1c0f7846e8a9a10"> 2263 QC-CR#586855</a></td> 2264 <td></td> 2265 <td>*</td> 2266 <td>2014 1 3</td> 2267 </tr> 2268 </table> 2269 <p> 2270 * Android 7.0 Google 2271 . 2272 </p> 2273 2274 2275 <h3 id="dos-in-bootloader"> 2276 (DoS) </h3> 2277 <p> 2278 (DoS) 2279 , 2280 . 2281 . 2282 </p> 2283 2284 <table> 2285 <col width="19%"> 2286 <col width="20%"> 2287 <col width="10%"> 2288 <col width="23%"> 2289 <col width="17%"> 2290 <tr> 2291 <th>CVE</th> 2292 <th></th> 2293 <th></th> 2294 <th> Google </th> 2295 <th> </th> 2296 </tr> 2297 <tr> 2298 <td>CVE-2016-8467</td> 2299 <td>A-30308784*</td> 2300 <td></td> 2301 <td>Nexus 6, Nexus 6P</td> 2302 <td>2016 6 29</td> 2303 </tr> 2304 </table> 2305 <p> 2306 * . 2307 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 2308 2309 . 2310 </p> 2311 2312 2313 <h3 id="eop-in-broadcom-wi-fi-driver-2">Broadcom Wi-Fi 2314 </h3> 2315 <p> 2316 Broadcom Wi-Fi 2317 2318 . 2319 2320 . 2321 </p> 2322 2323 <table> 2324 <col width="19%"> 2325 <col width="20%"> 2326 <col width="10%"> 2327 <col width="23%"> 2328 <col width="17%"> 2329 <tr> 2330 <th>CVE</th> 2331 <th></th> 2332 <th></th> 2333 <th> Google </th> 2334 <th> </th> 2335 </tr> 2336 <tr> 2337 <td>CVE-2016-8464</td> 2338 <td>A-29000183*<br> 2339 B-RB#106314</td> 2340 <td></td> 2341 <td>Nexus 6, Nexus 6P, Nexus 9, Pixel C, Nexus Player</td> 2342 <td>2016 5 26</td> 2343 </tr> 2344 <tr> 2345 <td>CVE-2016-8466</td> 2346 <td>A-31822524*<br> 2347 B-RB#105268</td> 2348 <td></td> 2349 <td>Nexus 6, Nexus 6P, Nexus 9, Pixel C, Nexus Player</td> 2350 <td>2016 9 28</td> 2351 </tr> 2352 <tr> 2353 <td>CVE-2016-8465</td> 2354 <td>A-32474971*<br> 2355 B-RB#106053</td> 2356 <td></td> 2357 <td>Nexus 6, Nexus 6P, Nexus 9, Pixel C, Nexus Player</td> 2358 <td>2016 10 27</td> 2359 </tr> 2360 </table> 2361 <p> 2362 * . 2363 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 2364 2365 . 2366 </p> 2367 2368 2369 <h3 id="eop-in-bootloader"> 2370 </h3> 2371 <p> 2372 2373 . 2374 ( 2375 ) . 2376 </p> 2377 2378 <table> 2379 <col width="19%"> 2380 <col width="20%"> 2381 <col width="10%"> 2382 <col width="23%"> 2383 <col width="17%"> 2384 <tr> 2385 <th>CVE</th> 2386 <th></th> 2387 <th></th> 2388 <th> Google </th> 2389 <th> </th> 2390 </tr> 2391 <tr> 2392 <td>CVE-2016-8467</td> 2393 <td>A-30308784*</td> 2394 <td></td> 2395 <td>Nexus 6, Nexus 6P</td> 2396 <td>2016 6 29</td> 2397 </tr> 2398 </table> 2399 <p> 2400 * . 2401 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 2402 2403 . 2404 </p> 2405 2406 2407 <h3 id="eop-in-binder">Binder 2408 </h3> 2409 <p> 2410 Binder 2411 2412 . 2413 2414 . 2415 </p> 2416 2417 <table> 2418 <col width="19%"> 2419 <col width="20%"> 2420 <col width="10%"> 2421 <col width="23%"> 2422 <col width="17%"> 2423 <tr> 2424 <th>CVE</th> 2425 <th></th> 2426 <th></th> 2427 <th> Google </th> 2428 <th> </th> 2429 </tr> 2430 <tr> 2431 <td>CVE-2016-8468</td> 2432 <td>A-32394425*</td> 2433 <td></td> 2434 <td>Pixel C, Pixel, Pixel XL</td> 2435 <td>Google </td> 2436 </tr> 2437 </table> 2438 <p> 2439 * . 2440 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 2441 2442 . 2443 </p> 2444 2445 2446 <h3 id="id-in-nvidia-camera-driver">NVIDIA 2447 </h3> 2448 <p> 2449 2450 . 2451 . 2452 </p> 2453 2454 <table> 2455 <col width="19%"> 2456 <col width="20%"> 2457 <col width="10%"> 2458 <col width="23%"> 2459 <col width="17%"> 2460 <tr> 2461 <th>CVE</th> 2462 <th></th> 2463 <th></th> 2464 <th> Google </th> 2465 <th> </th> 2466 </tr> 2467 <tr> 2468 <td>CVE-2016-8469</td> 2469 <td>A-31351206*<br> 2470 N-CVE-2016-8469</td> 2471 <td></td> 2472 <td>Nexus 9</td> 2473 <td>2016 9 7</td> 2474 </tr> 2475 </table> 2476 <p> 2477 * . 2478 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 2479 2480 . 2481 </p> 2482 2483 2484 <h3 id="id-in-mediatek-driver">MediaTek 2485 </h3> 2486 <p> 2487 MediaTek 2488 . 2489 2490 2491 . 2492 </p> 2493 2494 <table> 2495 <col width="19%"> 2496 <col width="20%"> 2497 <col width="10%"> 2498 <col width="23%"> 2499 <col width="17%"> 2500 <tr> 2501 <th>CVE</th> 2502 <th></th> 2503 <th></th> 2504 <th> Google </th> 2505 <th> </th> 2506 </tr> 2507 <tr> 2508 <td>CVE-2016-8470</td> 2509 <td>A-31528889*<br> 2510 MT-ALPS02961395</td> 2511 <td></td> 2512 <td>**</td> 2513 <td>2016 9 15</td> 2514 </tr> 2515 <tr> 2516 <td>CVE-2016-8471</td> 2517 <td>A-31528890*<br> 2518 MT-ALPS02961380</td> 2519 <td></td> 2520 <td>**</td> 2521 <td>2016 9 15</td> 2522 </tr> 2523 <tr> 2524 <td>CVE-2016-8472</td> 2525 <td>A-31531758*<br> 2526 MT-ALPS02961384</td> 2527 <td></td> 2528 <td>**</td> 2529 <td>2016 9 15</td> 2530 </tr> 2531 </table> 2532 <p> 2533 * . 2534 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 2535 2536 . 2537 </p> 2538 <p> 2539 ** Android 7.0 Google 2540 . 2541 </p> 2542 2543 2544 <h3 id="id-in-stmicroelectronics-driver">STMicroelectronics 2545 </h3> 2546 <p> 2547 STMicroelectronics 2548 . 2549 . 2550 </p> 2551 2552 <table> 2553 <col width="19%"> 2554 <col width="20%"> 2555 <col width="10%"> 2556 <col width="23%"> 2557 <col width="17%"> 2558 <tr> 2559 <th>CVE</th> 2560 <th></th> 2561 <th></th> 2562 <th> Google </th> 2563 <th> </th> 2564 </tr> 2565 <tr> 2566 <td>CVE-2016-8473</td> 2567 <td>A-31795790*</td> 2568 <td></td> 2569 <td>Nexus 5X, Nexus 6P</td> 2570 <td>2016 9 28</td> 2571 </tr> 2572 <tr> 2573 <td>CVE-2016-8474</td> 2574 <td>A-31799972*</td> 2575 <td></td> 2576 <td>Nexus 5X, Nexus 6P</td> 2577 <td>2016 9 28</td> 2578 </tr> 2579 </table> 2580 <p> 2581 * . 2582 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 2583 2584 . 2585 </p> 2586 2587 2588 <h3 id="id-in-qualcomm-audio-post-processor-">Qualcomm 2589 </h3> 2590 <p> 2591 Qualcomm 2592 . 2593 . 2594 </p> 2595 2596 <table> 2597 <col width="18%"> 2598 <col width="17%"> 2599 <col width="10%"> 2600 <col width="19%"> 2601 <col width="18%"> 2602 <col width="17%"> 2603 <tr> 2604 <th>CVE</th> 2605 <th></th> 2606 <th></th> 2607 <th> Google </th> 2608 <th> AOSP </th> 2609 <th> </th> 2610 </tr> 2611 <tr> 2612 <td>CVE-2017-0399 2613 </td> 2614 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/c66c43ad571ed2590dcd55a762c73c90d9744bac"> 2615 A-32588756</a> 2616 [<a href="https://android.googlesource.com/platform/hardware/qcom/audio/+/d72ea85c78a1a68bf99fd5804ad9784b4102fe57">2</a>]</td> 2617 <td></td> 2618 <td></td> 2619 <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 2620 <td>2016 10 18</td> 2621 </tr> 2622 <tr> 2623 <td>CVE-2017-0400</td> 2624 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/c66c43ad571ed2590dcd55a762c73c90d9744bac"> 2625 A-32438598</a> 2626 [<a href="https://android.googlesource.com/platform/hardware/qcom/audio/+/d72ea85c78a1a68bf99fd5804ad9784b4102fe57">2</a>] 2627 </td> 2628 <td></td> 2629 <td></td> 2630 <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 2631 <td>2016 10 25</td> 2632 </tr> 2633 <tr> 2634 <td>CVE-2017-0401</td> 2635 <td><a href="https://android.googlesource.com/platform/hardware/qcom/audio/+/ed79f2cc961d7d35fdbbafdd235c1436bcd74358"> 2636 A-32588016</a> 2637 </td> 2638 <td></td> 2639 <td></td> 2640 <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 2641 <td>2016 10 26</td> 2642 </tr> 2643 <tr> 2644 <td>CVE-2017-0402</td> 2645 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/c66c43ad571ed2590dcd55a762c73c90d9744bac"> 2646 A-32588352</a> 2647 [<a href="https://android.googlesource.com/platform/hardware/qcom/audio/+/d72ea85c78a1a68bf99fd5804ad9784b4102fe57">2</a>] 2648 </td> 2649 <td></td> 2650 <td></td> 2651 <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 2652 <td>2016 10 25</td> 2653 </tr> 2654 </table> 2655 2656 2657 <h3 id="id-in-htc-input-driver">HTC 2658 </h3> 2659 <p> 2660 HTC 2661 . 2662 . 2663 </p> 2664 2665 <table> 2666 <col width="19%"> 2667 <col width="20%"> 2668 <col width="10%"> 2669 <col width="23%"> 2670 <col width="17%"> 2671 <tr> 2672 <th>CVE</th> 2673 <th></th> 2674 <th></th> 2675 <th> Google </th> 2676 <th> </th> 2677 </tr> 2678 <tr> 2679 <td>CVE-2016-8475</td> 2680 <td>A-32591129*</td> 2681 <td></td> 2682 <td>Pixel, Pixel XL</td> 2683 <td>2016 10 30</td> 2684 </tr> 2685 </table> 2686 <p> 2687 * . 2688 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 2689 2690 . 2691 </p> 2692 2693 2694 <h3 id="dos-in-kernel-file-system"> 2695 (DoS) </h3> 2696 <p> 2697 2698 . 2699 2700 . 2701 </p> 2702 2703 <table> 2704 <col width="19%"> 2705 <col width="20%"> 2706 <col width="10%"> 2707 <col width="23%"> 2708 <col width="17%"> 2709 <tr> 2710 <th>CVE</th> 2711 <th></th> 2712 <th></th> 2713 <th> Google </th> 2714 <th> </th> 2715 </tr> 2716 <tr> 2717 <td>CVE-2014-9420</td> 2718 <td>A-32477499<br> 2719 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f54e18f1b831c92f6512d2eedb224cd63d607d3d"> 2720 </a></td> 2721 <td></td> 2722 <td>Pixel C</td> 2723 <td>2014 12 25</td> 2724 </tr> 2725 </table> 2726 2727 <h2 id="common-questions-and-answers"> </h2> 2728 <p> .</p> 2729 2730 <p><strong>1. ? 2731 </strong></p> 2732 2733 <p> 2734 <a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">Pixel Nexus </a> 2735 .</p> 2736 <ul> 2737 <li>2017-01-01 2017-01-01 2738 .</li> 2739 <li>2017-01-05 2740 2017-01-05 .</li> 2741 </ul> 2742 <p> 2743 .</p> 2744 <ul> 2745 <li>[ro.build.version.security_patch]:[2017-01-01]</li> 2746 <li>[ro.build.version.security_patch]:[2017-01-05]</li> 2747 </ul> 2748 <p><strong>2. ?</strong></p> 2749 2750 <p> Android Android 2751 2752 . Android 2753 .</p> 2754 <ul> 2755 <li>2017 1 1 2756 2757 .</li> 2758 <li>2017 1 5 2759 2760 .</li> 2761 </ul> 2762 <p> .</p> 2763 2764 <p><strong>3. Google ?</strong></p> 2765 2766 <p><a href="#2017-01-01-details">2017 1 1</a> <a href="#2017-01-05-details">2017 1 5</a> <em> Google </em> . Google . .</p> 2767 <ul> 2768 <li><strong> Google </strong>: Google Pixel 2769 <em> Google </em> 2770 '' . '' <a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices"> </a> 2771 . Nexus 5X, Nexus 6, Nexus 6P, Nexus 7(2013), Nexus 9, 2772 Android One, Nexus Player, Pixel C, Pixel, Pixel XL.</li> 2773 <li><strong> Google </strong>: Google 2774 , Google <em> Google </em> 2775 .</li> 2776 <li><strong>Google </strong>: Android 2777 Google 2778 <em> Google </em> '' .</li> 2779 </ul> 2780 <p><strong>4. ?</strong></p> 2781 2782 <p> <em></em> 2783 . 2784 .</p> 2785 2786 <table> 2787 <tr> 2788 <th></th> 2789 <th> </th> 2790 </tr> 2791 <tr> 2792 <td>A-</td> 2793 <td>Android ID</td> 2794 </tr> 2795 <tr> 2796 <td>QC-</td> 2797 <td>Qualcomm </td> 2798 </tr> 2799 <tr> 2800 <td>M-</td> 2801 <td>MediaTek </td> 2802 </tr> 2803 <tr> 2804 <td>N-</td> 2805 <td>NVIDIA </td> 2806 </tr> 2807 <tr> 2808 <td>B-</td> 2809 <td>Broadcom </td> 2810 </tr> 2811 </table> 2812 <h2 id="revisions"> </h2> 2813 <ul> 2814 <li>2017 1 3: </li> 2815 <li>2017 1 4: AOSP </li> 2816 <li>2017 1 5: AOSP 7.1 7.1.1 </li> 2817 </ul> 2818