1 page.title=Android - 2017 2 2 @jd:body 3 <!-- 4 Copyright 2017 The Android Open Source Project 5 Licensed under the Apache License, Version 2.0 (the "License"); 6 you may not use this file except in compliance with the License. 7 You may obtain a copy of the License at 8 http://www.apache.org/licenses/LICENSE-2.0 9 Unless required by applicable law or agreed to in writing, software 10 distributed under the License is distributed on an "AS IS" BASIS, 11 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 See the License for the specific language governing permissions and 13 limitations under the License. 14 --> 15 <p><em>2017 2 6 | 2017 2 8 </em></p> 16 <p> 17 Android Android 18 . (OTA) 19 Google . Google 20 <a href="https://developers.google.com/android/nexus/images">Google </a> . 2017 2 5 21 . <a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">Pixel Nexus </a> 22 . 23 </p> 24 <p> 25 26 2017 1 3 . 27 Android (AOSP) . 28 AOSP . 29 </p> 30 <p> 31 32 , MMS 33 . 34 </p> 35 <p> 36 37 . <a href="https://developer.android.com/training/safetynet/index.html">SafetyNet</a> Android 38 <a href="{@docRoot}security/enhancements/index.html">Android </a> 39 <a href="#mitigations">Android Google </a> 40 . 41 </p> 42 <p> 43 . 44 </p> 45 <h2 id="announcements"></h2> 46 <ul> 47 <li> Android Android 48 49 . <a href="#common-questions-and-answers"> 50 </a> . 51 <ul> 52 <li><strong>2017-02-01</strong>: . 53 2017-02-01 54 .</li> 55 <li><strong>2017-02-05</strong>: . 56 2017-02-01 2017-02-05 57 .</li> 58 </ul> 59 </li> 60 <li> Google 2017 2 5 OTA 61 .</li> 62 </ul> 63 <h2 id="security-vulnerability-summary"> </h2> 64 <p> 65 , ID(CVE), 66 Google 67 . <a href="{@docRoot}security/overview/updates-resources.html#severity"> </a> 68 69 70 . 71 </p> 72 <h3 id="2017-02-01-summary">2017-02-01 </h3> 73 <p> 74 2017-02-01 . 75 </p> 76 <table> 77 <col width="55%"> 78 <col width="20%"> 79 <col width="13%"> 80 <col width="12%"> 81 <tr> 82 <th></th> 83 <th>CVE</th> 84 <th></th> 85 <th>Google </th> 86 </tr> 87 <tr> 88 <td>Surfaceflinger </td> 89 <td>CVE-2017-0405</td> 90 <td></td> 91 <td></td> 92 </tr> 93 <tr> 94 <td> </td> 95 <td>CVE-2017-0406, CVE-2017-0407</td> 96 <td></td> 97 <td></td> 98 </tr> 99 <tr> 100 <td>libgdx </td> 101 <td>CVE-2017-0408</td> 102 <td></td> 103 <td></td> 104 </tr> 105 <tr> 106 <td>libstagefright </td> 107 <td>CVE-2017-0409</td> 108 <td></td> 109 <td></td> 110 </tr> 111 <tr> 112 <td>Java.Net </td> 113 <td>CVE-2016-5552</td> 114 <td></td> 115 <td></td> 116 </tr> 117 <tr> 118 <td> API </td> 119 <td>CVE-2017-0410, CVE-2017-0411, CVE-2017-0412</td> 120 <td></td> 121 <td></td> 122 </tr> 123 <tr> 124 <td> </td> 125 <td>CVE-2017-0415</td> 126 <td></td> 127 <td></td> 128 </tr> 129 <tr> 130 <td> </td> 131 <td>CVE-2017-0416, CVE-2017-0417, CVE-2017-0418, CVE-2017-0419</td> 132 <td></td> 133 <td></td> 134 </tr> 135 <tr> 136 <td>AOSP </td> 137 <td>CVE-2017-0420</td> 138 <td></td> 139 <td></td> 140 </tr> 141 <tr> 142 <td>AOSP </td> 143 <td>CVE-2017-0413, CVE-2017-0414</td> 144 <td></td> 145 <td></td> 146 </tr> 147 <tr> 148 <td> API </td> 149 <td>CVE-2017-0421</td> 150 <td></td> 151 <td></td> 152 </tr> 153 <tr> 154 <td>Bionic DNS (DoS) </td> 155 <td>CVE-2017-0422</td> 156 <td></td> 157 <td></td> 158 </tr> 159 <tr> 160 <td> </td> 161 <td>CVE-2017-0423</td> 162 <td></td> 163 <td></td> 164 </tr> 165 <tr> 166 <td>AOSP </td> 167 <td>CVE-2017-0424</td> 168 <td></td> 169 <td></td> 170 </tr> 171 <tr> 172 <td> </td> 173 <td>CVE-2017-0425</td> 174 <td></td> 175 <td></td> 176 </tr> 177 <tr> 178 <td> </td> 179 <td>CVE-2017-0426</td> 180 <td></td> 181 <td></td> 182 </tr> 183 </table> 184 <h3 id="2017-02-05-summary">2017-02-05 185 </h3> 186 <p>2017-02-01 2017-02-05 187 .</p> 188 <table> 189 <col width="55%"> 190 <col width="20%"> 191 <col width="13%"> 192 <col width="12%"> 193 <tr> 194 <th></th> 195 <th>CVE</th> 196 <th></th> 197 <th>Google </th> 198 </tr> 199 <tr> 200 <td>Qualcomm </td> 201 <td>CVE-2016-8418</td> 202 <td></td> 203 <td>*</td> 204 </tr> 205 <tr> 206 <td> </td> 207 <td>CVE-2017-0427</td> 208 <td></td> 209 <td></td> 210 </tr> 211 <tr> 212 <td>NVIDIA GPU </td> 213 <td>CVE-2017-0428, CVE-2017-0429</td> 214 <td></td> 215 <td></td> 216 </tr> 217 <tr> 218 <td> </td> 219 <td>CVE-2014-9914</td> 220 <td></td> 221 <td></td> 222 </tr> 223 <tr> 224 <td>Broadcom Wi-Fi </td> 225 <td>CVE-2017-0430</td> 226 <td></td> 227 <td></td> 228 </tr> 229 <tr> 230 <td>Qualcomm </td> 231 <td>CVE-2017-0431</td> 232 <td></td> 233 <td>*</td> 234 </tr> 235 <tr> 236 <td>MediaTek </td> 237 <td>CVE-2017-0432</td> 238 <td></td> 239 <td>*</td> 240 </tr> 241 <tr> 242 <td>Synaptics </td> 243 <td>CVE-2017-0433, CVE-2017-0434</td> 244 <td></td> 245 <td></td> 246 </tr> 247 <tr> 248 <td>Qualcomm Secure Execution Environment 249 Communicator </td> 250 <td>CVE-2016-8480</td> 251 <td></td> 252 <td></td> 253 </tr> 254 <tr> 255 <td>Qualcomm </td> 256 <td>CVE-2016-8481, CVE-2017-0435, CVE-2017-0436</td> 257 <td></td> 258 <td></td> 259 </tr> 260 <tr> 261 <td>Qualcomm Wi-Fi </td> 262 <td>CVE-2017-0437, CVE-2017-0438, CVE-2017-0439, CVE-2016-8419, 263 CVE-2016-8420, CVE-2016-8421, CVE-2017-0440, CVE-2017-0441, CVE-2017-0442, 264 CVE-2017-0443, CVE-2016-8476</td> 265 <td></td> 266 <td></td> 267 </tr> 268 <tr> 269 <td>Realtek </td> 270 <td>CVE-2017-0444</td> 271 <td></td> 272 <td></td> 273 </tr> 274 <tr> 275 <td>HTC </td> 276 <td>CVE-2017-0445, CVE-2017-0446, CVE-2017-0447</td> 277 <td></td> 278 <td></td> 279 </tr> 280 <tr> 281 <td>NVIDIA </td> 282 <td>CVE-2017-0448</td> 283 <td></td> 284 <td></td> 285 </tr> 286 <tr> 287 <td>Broadcom Wi-Fi </td> 288 <td>CVE-2017-0449</td> 289 <td></td> 290 <td></td> 291 </tr> 292 <tr> 293 <td> </td> 294 <td>CVE-2017-0450</td> 295 <td></td> 296 <td></td> 297 </tr> 298 <tr> 299 <td> </td> 300 <td>CVE-2016-10044</td> 301 <td></td> 302 <td></td> 303 </tr> 304 <tr> 305 <td>Qualcomm Secure Execution 306 Environment Communicator </td> 307 <td>CVE-2016-8414</td> 308 <td></td> 309 <td></td> 310 </tr> 311 <tr> 312 <td>Qualcomm </td> 313 <td>CVE-2017-0451</td> 314 <td></td> 315 <td></td> 316 </tr> 317 </table> 318 319 <p>* Android 7.0 Google 320 .</p> 321 322 <h2 id="mitigations">Android Google </h2> 323 <p> SafetyNet <a href="{@docRoot}security/enhancements/index.html">Android </a> 324 . 325 Android 326 .</p> 327 <ul> 328 <li>Android Android 329 . Android 330 .</li> 331 <li>Android <a href="http://static.googleusercontent.com/media/source.android.com/en//security/reports/Google_Android_Security_PHA_classifications.pdf"> </a> 332 333 <a href="http://static.googleusercontent.com/media/source.android.com/en//security/reports/Google_Android_Security_2015_Report_Final.pdf"> SafetyNet</a> 334 335 . <a href="http://www.android.com/gms">Google </a> 336 337 Google Play . Google 338 Play 339 340 . 341 342 . 343 .</li> 344 <li> Google 345 .</li> 346 </ul> 347 <h2 id="acknowledgements"> </h2> 348 <p> 349 . 350 </p> 351 <ul> 352 <li>Daniel Dakhno: CVE-2017-0420</li> 353 <li>Copperhead Security Daniel Micay: CVE-2017-0410</li> 354 <li><a href="http://www.linkedin.com/in/dzima">Dzmitry Lukyanenka</a>: 355 CVE-2017-0414</li> 356 <li>Chrome Frank Liberato: CVE-2017-0409</li> 357 <li>Project Zero Gal Beniamini: CVE-2017-0411, CVE-2017-0412</li> 358 <li>Qihoo 360 Technology Co. Ltd. 359 IceSword Lab Gengjia Chen(<a href="https://twitter.com/chengjia4574">@chengjia4574</a>), 360 <a href="http://weibo.com/jfpan">pjf</a>: CVE-2017-0434, CVE-2017-0446, CVE-2017-0447, CVE-2017-0432</li> 361 <li><a href="http://www.360.com">Qihoo 360 Technology Co. Ltd</a>. Alpha Team 362 Guang Gong()(<a href="https://twitter.com/oldfresher">@oldfresher</a>): 363 CVE-2017-0415</li> 364 <li><a href="http://c0reteam.org">C0RE Team</a> 365 <a href="mailto:arnow117 (a] gmail.com">Hanxiang Wen</a>, <a href="mailto:vancouverdou (a] gmail.com">Wenke Dou</a>, 366 Mingjian Zhou(<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>), Xuxian Jiang: 367 CVE-2017-0418</li> 368 <li>Qihoo 360 Technology Co. Ltd. Alpha Team Hao Chen, Guang Gong: 369 CVE-2017-0437, CVE-2017-0438, CVE-2017-0439, CVE-2016-8419, CVE-2016-8420, 370 CVE-2016-8421, CVE-2017-0441, CVE-2017-0442, CVE-2016-8476, CVE-2017-0443</li> 371 <li>Google Jeff Sharkey: CVE-2017-0421, CVE-2017-0423</li> 372 <li>Jeff Trim: CVE-2017-0422</li> 373 <li>Qihoo 360 374 IceSword Lab 375 Jianqiang Zhao(<a href="https://twitter.com/jianqiangzhao">@jianqiangzhao</a>), <a href="http://weibo.com/jfpan">pjf</a>: CVE-2017-0445</li> 376 <li>LINE Corporation ma.la, Nikolay Elenkov: CVE-2016-5552</li> 377 <li>Google Max Spector: CVE-2017-0416</li> 378 <li><a href="http://c0reteam.org">C0RE Team</a> 379 Mingjian Zhou(<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>), 380 Yuqi Lu(<a href="https://twitter.com/nikos233__">@nikos233</a>), 381 Xuxian Jiang: CVE-2017-0425</li> 382 <li>Tencent KeenLab() 383 Qidan He()(<a href="https://twitter.com/flanker_hqd">@flanker_hqd</a>), 384 Di Shen()(<a href="https://twitter.com/returnsme">@returnsme</a>): CVE-2017-0427</li> 385 <li>IBM X-Force Research Sagi Kedmi: CVE-2017-0433</li> 386 <li>Copperhead Security 387 Scott Bauer(<a href="http://twitter.com/ScottyBauer1">@ScottyBauer1</a>), Daniel Micay: CVE-2017-0405</li> 388 <li>Trend Micro Mobile Threat Research Team 389 Seven Shen(<a href="https://twitter.com/lingtongshen">@lingtongshen</a>): CVE-2017-0449, CVE-2016-8418</li> 390 <li><a href="http://c0reteam.org">C0RE Team</a> 391 <a href="mailto:segfault5514 (a] gmail.com">Tong Lin</a>, <a href="mailto:computernik (a] gmail.com">Yuan-Tsung Lo</a>, 392 Chiachih Wu(<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>), 393 Xuxian Jiang: CVE-2017-0436, CVE-2016-8481, CVE-2017-0435</li> 394 <li><a href="http://www.trendmicro.com">Trend Micro</a> <a href="http://blog.trendmicro.com/trendlabs-security-intelligence/category/mobile">Mobile Threat 395 Response Team</a> 396 V.E.O(<a href="https://twitter.com/vysea">@VYSEa</a>): 397 CVE-2017-0424</li> 398 <li>Alibaba Inc. Weichao Sun(<a href="https://twitter.com/sunblate">@sunblate</a>): 399 CVE-2017-0407</li> 400 <li><a href="http://c0reteam.org">C0RE Team</a> 401 <a href="mailto:vancouverdou (a] gmail.com">Wenke Dou</a>, <a href="mailto:hlhan (a] bupt.edu.cn">Hongli Han</a>, 402 Mingjian Zhou(<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>), 403 Xuxian Jiang: CVE-2017-0450</li> 404 <li><a href="http://c0reteam.org">C0RE Team</a> 405 <a href="mailto:vancouverdou (a] gmail.com">Wenke Dou</a>, Yuqi Lu(<a href="https://twitter.com/nikos233__">@nikos233</a>), 406 Mingjian Zhou(<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>), 407 Xuxian Jiang: CVE-2017-0417</li> 408 <li>Ant-financial Light-Year 409 Security Lab Wish Wu(<a href="https://twitter.com/wish_wu">@wish_wu</a>) 410 (<a href="http://www.weibo.com/wishlinux"></a> ): CVE-2017-0408</li> 411 <li><a href="http://c0reteam.org">C0RE Team</a> 412 <a href="mailto:yaojun8558363 (a] gmail.com">Yao Jun</a>, <a href="mailto:computernik (a] gmail.com">Yuan-Tsung Lo</a>, 413 Chiachih Wu(<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>), 414 Xuxian Jiang: CVE-2016-8480</li> 415 <li><a href="http://c0reteam.org">C0RE Team</a> 416 <a href="mailto:computernik (a] gmail.com">Yuan-Tsung Lo</a>, Chiachih Wu(<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>), 417 Xuxian Jiang: CVE-2017-0444</li> 418 <li><a href="http://c0reteam.org">C0RE Team</a> 419 <a href="mailto:computernik (a] gmail.com">Yuan-Tsung Lo</a>, <a href="mailto:segfault5514 (a] gmail.com">Tong Lin</a>, 420 Chiachih Wu(<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>), 421 Xuxian Jiang: CVE-2017-0428</li> 422 <li><a href="http://c0reteam.org">C0RE Team</a> 423 <a href="mailto:computernik (a] gmail.com">Yuan-Tsung Lo</a>, <a href="mailto:wisedd (a] gmail.com">Xiaodong Wang</a>, 424 Chiachih Wu(<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>), 425 Xuxian Jiang: CVE-2017-0448, CVE-2017-0429</li> 426 <li><a href="http://www.nsfocus.com">NSFocus</a> 427 <a href="mailto:zhouzhenster (a] gmail.com">Zhen Zhou</a>( 428 <a href="https://twitter.com/henices">@henices</a>), 429 <a href="mailto:sundaywind2004 (a] gmail.com">Zhixin Li</a>: CVE-2017-0406</li> 430 </ul> 431 <p> 432 433 . 434 </p><ul> 435 <li>Baidu X-Lab() Pengfei Ding(), Chenfu Bao(), 436 Lenx Wei()</li> 437 </ul> 438 439 <h2 id="2017-02-01-details">2017-02-01 440 </h2> 441 <p> 442 <a href="#2017-02-01-summary">2017-02-01 443 </a> 444 . 445 , 446 CVE, , , Google , 447 AOSP ( ), . 448 AOSP ID 449 . 450 ID .</p> 451 452 453 <h3 id="rce-in-surfaceflinger">Surfaceflinger 454 </h3> 455 <p> 456 Surfaceflinger 457 458 . Surfaceflinger 459 . 460 </p> 461 462 <table> 463 <col width="18%"> 464 <col width="17%"> 465 <col width="10%"> 466 <col width="19%"> 467 <col width="18%"> 468 <col width="17%"> 469 <tr> 470 <th>CVE</th> 471 <th></th> 472 <th></th> 473 <th> Google </th> 474 <th> AOSP </th> 475 <th> </th> 476 </tr> 477 <tr> 478 <td>CVE-2017-0405</td> 479 <td><a href="https://android.googlesource.com/platform/frameworks/native/+/16110b86db164e8d2b6864fed58f0385fe7d0979"> 480 A-31960359</a></td> 481 <td></td> 482 <td></td> 483 <td>7.0, 7.1.1</td> 484 <td>2016 10 4</td> 485 </tr> 486 </table> 487 488 489 <h3 id="rce-in-mediaserver"> 490 </h3> 491 <p> 492 493 494 . 495 . 496 </p> 497 498 <table> 499 <col width="18%"> 500 <col width="17%"> 501 <col width="10%"> 502 <col width="19%"> 503 <col width="18%"> 504 <col width="17%"> 505 <tr> 506 <th>CVE</th> 507 <th></th> 508 <th></th> 509 <th> Google </th> 510 <th> AOSP </th> 511 <th> </th> 512 </tr> 513 <tr> 514 <td>CVE-2017-0406</td> 515 <td><a href="https://android.googlesource.com/platform/external/libhevc/+/fed702734d86801cc86b4865a57e2f2028c4b575"> 516 A-32915871</a> 517 [<a href="https://android.googlesource.com/platform/external/libhevc/+/df7b56457184600e3d2b7cbac87ebe7001f7cb48">2</a>]</td> 518 <td></td> 519 <td></td> 520 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 521 <td>2016 11 14</td> 522 </tr> 523 <tr> 524 <td>CVE-2017-0407</td> 525 <td><a href="https://android.googlesource.com/platform/external/libhevc/+/7546c106004910a4583b2d7d03c6498ecf383da7"> 526 A-32873375</a></td> 527 <td></td> 528 <td></td> 529 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 530 <td>2016 11 12</td> 531 </tr> 532 </table> 533 534 535 <h3 id="rce-in-libgdx">libgdx </h3> 536 <p> 537 libgdx 538 539 . 540 . 541 </p> 542 543 <table> 544 <col width="18%"> 545 <col width="17%"> 546 <col width="10%"> 547 <col width="19%"> 548 <col width="18%"> 549 <col width="17%"> 550 <tr> 551 <th>CVE</th> 552 <th></th> 553 <th></th> 554 <th> Google </th> 555 <th> AOSP </th> 556 <th> </th> 557 </tr> 558 <tr> 559 <td>CVE-2017-0408</td> 560 <td><a href="https://android.googlesource.com/platform/external/libgdx/+/e6da772e70c9754966aabf4ddac73bb99eb1742b"> 561 A-32769670</a></td> 562 <td></td> 563 <td></td> 564 <td>7.1.1</td> 565 <td>2016 11 9</td> 566 </tr> 567 </table> 568 569 570 <h3 id="rce-in-libstagefright">libstagefright 571 </h3> 572 <p> 573 libstagefright 574 . 575 . 576 </p> 577 578 <table> 579 <col width="18%"> 580 <col width="17%"> 581 <col width="10%"> 582 <col width="19%"> 583 <col width="18%"> 584 <col width="17%"> 585 <tr> 586 <th>CVE</th> 587 <th></th> 588 <th></th> 589 <th> Google </th> 590 <th> AOSP </th> 591 <th> </th> 592 </tr> 593 <tr> 594 <td>CVE-2017-0409</td> 595 <td><a href="https://android.googlesource.com/platform/external/libavc/+/72886b6964f6539908c8e127cd13c3091d2e5a8b"> 596 A-31999646</a></td> 597 <td></td> 598 <td></td> 599 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 600 <td>Google </td> 601 </tr> 602 </table> 603 604 605 <h3 id="eop-in-java.net">Java.Net </h3> 606 <p> 607 Java.Net 608 . 609 610 . 611 </p> 612 613 <table> 614 <col width="18%"> 615 <col width="17%"> 616 <col width="10%"> 617 <col width="19%"> 618 <col width="18%"> 619 <col width="17%"> 620 <tr> 621 <th>CVE</th> 622 <th></th> 623 <th></th> 624 <th> Google </th> 625 <th> AOSP </th> 626 <th> </th> 627 </tr> 628 <tr> 629 <td>CVE-2016-5552</td> 630 <td><a href="https://android.googlesource.com/platform/libcore/+/4b3f2c6c5b84f80fae8eeeb46727811e055715ea"> 631 A-31858037</a></td> 632 <td></td> 633 <td></td> 634 <td>7.0, 7.1.1</td> 635 <td>2016 9 30</td> 636 </tr> 637 </table> 638 639 640 <h3 id="eop-in-framework-apis"> API 641 </h3> 642 <p> 643 API 644 645 . 646 647 . 648 </p> 649 650 <table> 651 <col width="18%"> 652 <col width="17%"> 653 <col width="10%"> 654 <col width="19%"> 655 <col width="18%"> 656 <col width="17%"> 657 <tr> 658 <th>CVE</th> 659 <th></th> 660 <th></th> 661 <th> Google </th> 662 <th> AOSP </th> 663 <th> </th> 664 </tr> 665 <tr> 666 <td>CVE-2017-0410</td> 667 <td><a href="https://android.googlesource.com/platform/frameworks/native/+/b4d6b292bce7d82c93fd454078dedf5a1302b9fa"> 668 A-31929765</a></td> 669 <td></td> 670 <td></td> 671 <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 672 <td>2016 10 2</td> 673 </tr> 674 <tr> 675 <td>CVE-2017-0411</td> 676 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/203725e4d58e16334d84998c1483c374f541ed9f"> 677 A-33042690</a> 678 [<a href="https://android.googlesource.com/platform/frameworks/base/+/31a06019d13d7b00ca35fc8512191c643acb8e84">2</a>]</td> 679 <td></td> 680 <td></td> 681 <td>7.0, 7.1.1</td> 682 <td>2016 11 21</td> 683 </tr> 684 <tr> 685 <td>CVE-2017-0412</td> 686 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/203725e4d58e16334d84998c1483c374f541ed9f"> 687 A-33039926</a> 688 [<a href="https://android.googlesource.com/platform/frameworks/base/+/31a06019d13d7b00ca35fc8512191c643acb8e84">2</a>]</td> 689 <td></td> 690 <td></td> 691 <td>7.0, 7.1.1</td> 692 <td>2016 11 21</td> 693 </tr> 694 </table> 695 696 <h3 id="eop-in-mediaserver"> 697 </h3> 698 <p> 699 700 701 . 702 703 . 704 </p> 705 706 <table> 707 <col width="18%"> 708 <col width="17%"> 709 <col width="10%"> 710 <col width="19%"> 711 <col width="18%"> 712 <col width="17%"> 713 <tr> 714 <th>CVE</th> 715 <th></th> 716 <th></th> 717 <th> Google </th> 718 <th> AOSP </th> 719 <th> </th> 720 </tr> 721 <tr> 722 <td>CVE-2017-0415</td> 723 <td><a href="https://android.googlesource.com/platform/frameworks/native/+/2e16d5fac149dab3c3e8f1b2ca89f45cf55a7b34"> 724 A-32706020</a></td> 725 <td></td> 726 <td></td> 727 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 728 <td>2016 11 4</td> 729 </tr> 730 </table> 731 732 733 <h3 id="eop-in-audioserver"> 734 </h3> 735 <p> 736 737 738 . 739 740 . 741 </p> 742 743 <table> 744 <col width="18%"> 745 <col width="17%"> 746 <col width="10%"> 747 <col width="19%"> 748 <col width="18%"> 749 <col width="17%"> 750 <tr> 751 <th>CVE</th> 752 <th></th> 753 <th></th> 754 <th> Google </th> 755 <th> AOSP </th> 756 <th> </th> 757 </tr> 758 <tr> 759 <td>CVE-2017-0416</td> 760 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/b0bcddb44d992e74140a3f5eedc7177977ea8e34"> 761 A-32886609</a> 762 [<a href="https://android.googlesource.com/platform/frameworks/av/+/321ea5257e37c8edb26e66fe4ee78cca4cd915fe">2</a>]</td> 763 <td></td> 764 <td></td> 765 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 766 <td>Google </td> 767 </tr> 768 <tr> 769 <td>CVE-2017-0417</td> 770 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/b0bcddb44d992e74140a3f5eedc7177977ea8e34"> 771 A-32705438</a></td> 772 <td></td> 773 <td></td> 774 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 775 <td>2016 11 7</td> 776 </tr> 777 <tr> 778 <td>CVE-2017-0418</td> 779 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/b0bcddb44d992e74140a3f5eedc7177977ea8e34"> 780 A-32703959</a> 781 [<a href="https://android.googlesource.com/platform/hardware/libhardware/+/534098cb29e1e4151ba2ed83d6a911d0b6f48522">2</a>]</td> 782 <td></td> 783 <td></td> 784 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 785 <td>2016 11 7</td> 786 </tr> 787 <tr> 788 <td>CVE-2017-0419</td> 789 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/a155de4d70e0b9ac8fc02b2bdcbb2e8e6cca46ff"> 790 A-32220769</a></td> 791 <td></td> 792 <td></td> 793 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 794 <td>2016 10 15</td> 795 </tr> 796 </table> 797 798 <h3 id="id-in-aosp-mail">AOSP </h3> 799 <p> 800 AOSP 801 802 . 803 804 . 805 </p> 806 807 <table> 808 <col width="18%"> 809 <col width="17%"> 810 <col width="10%"> 811 <col width="19%"> 812 <col width="18%"> 813 <col width="17%"> 814 <tr> 815 <th>CVE</th> 816 <th></th> 817 <th></th> 818 <th> Google </th> 819 <th> AOSP </th> 820 <th> </th> 821 </tr> 822 <tr> 823 <td>CVE-2017-0420</td> 824 <td><a href="https://android.googlesource.com/platform/packages/apps/UnifiedEmail/+/2073799a165e6aa15117f8ad76bb0c7618b13909"> 825 A-32615212</a></td> 826 <td></td> 827 <td></td> 828 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 829 <td>2016 9 12</td> 830 </tr> 831 </table> 832 833 834 <h3 id="id-in-aosp-messaging">AOSP 835 </h3> 836 <p> 837 AOSP 838 839 . 840 841 . 842 </p> 843 844 <table> 845 <col width="18%"> 846 <col width="17%"> 847 <col width="10%"> 848 <col width="19%"> 849 <col width="18%"> 850 <col width="17%"> 851 <tr> 852 <th>CVE</th> 853 <th></th> 854 <th></th> 855 <th> Google </th> 856 <th> AOSP </th> 857 <th> </th> 858 </tr> 859 <tr> 860 <td>CVE-2017-0413</td> 861 <td><a href="https://android.googlesource.com/platform/packages/apps/Messaging/+/74059eb379ea07b9c7f46bf2112a60de8e4cfc8e"> 862 A-32161610</a></td> 863 <td></td> 864 <td></td> 865 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 866 <td>2016 10 13</td> 867 </tr> 868 <tr> 869 <td>CVE-2017-0414</td> 870 <td><a href="https://android.googlesource.com/platform/packages/apps/Messaging/+/30ab77f42d20c33c0aa9e6ffd2b164d096db32dd"> 871 A-32807795</a></td> 872 <td></td> 873 <td></td> 874 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 875 <td>2016 11 10</td> 876 </tr> 877 </table> 878 879 880 <h3 id="id-in-framework-apis"> API 881 </h3> 882 <p> 883 API 884 885 . 886 887 . 888 </p> 889 890 <table> 891 <col width="18%"> 892 <col width="17%"> 893 <col width="10%"> 894 <col width="19%"> 895 <col width="18%"> 896 <col width="17%"> 897 <tr> 898 <th>CVE</th> 899 <th></th> 900 <th></th> 901 <th> Google </th> 902 <th> AOSP </th> 903 <th> </th> 904 </tr> 905 <tr> 906 <td>CVE-2017-0421</td> 907 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/858064e946dc8dbf76bff9387e847e211703e336"> 908 A-32555637</a></td> 909 <td></td> 910 <td></td> 911 <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 912 <td>Google </td> 913 </tr> 914 </table> 915 916 917 <h3 id="dos-in-bionic-dns">Bionic DNS (DoS) </h3> 918 <p> 919 Bionic DNS 920 . 921 . 922 923 </p> 924 925 <table> 926 <col width="18%"> 927 <col width="17%"> 928 <col width="10%"> 929 <col width="19%"> 930 <col width="18%"> 931 <col width="17%"> 932 <tr> 933 <th>CVE</th> 934 <th></th> 935 <th></th> 936 <th> Google </th> 937 <th> AOSP </th> 938 <th> </th> 939 </tr> 940 <tr> 941 <td>CVE-2017-0422</td> 942 <td><a href="https://android.googlesource.com/platform/bionic/+/dba3df609436d7697305735818f0a840a49f1a0d"> 943 A-32322088</a></td> 944 <td></td> 945 <td></td> 946 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 947 <td>2016 10 20</td> 948 </tr> 949 </table> 950 951 952 <h3 id="eop-in-bluetooth"> 953 </h3> 954 <p> 955 956 . 957 958 . 959 </p> 960 961 <table> 962 <col width="18%"> 963 <col width="17%"> 964 <col width="10%"> 965 <col width="19%"> 966 <col width="18%"> 967 <col width="17%"> 968 <tr> 969 <th>CVE</th> 970 <th></th> 971 <th></th> 972 <th> Google </th> 973 <th> AOSP </th> 974 <th> </th> 975 </tr> 976 <tr> 977 <td>CVE-2017-0423</td> 978 <td><a href="https://android.googlesource.com/platform/packages/apps/Bluetooth/+/4c1f39e1cf203cb9db7b85e75b5fc32ec7132083"> 979 A-32612586</a></td> 980 <td></td> 981 <td></td> 982 <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 983 <td>2016 11 2</td> 984 </tr> 985 </table> 986 987 988 <h3 id="id-in-aosp-messaging-2">AOSP 989 </h3> 990 <p> 991 AOSP 992 993 . 994 995 . 996 </p> 997 998 <table> 999 <col width="18%"> 1000 <col width="17%"> 1001 <col width="10%"> 1002 <col width="19%"> 1003 <col width="18%"> 1004 <col width="17%"> 1005 <tr> 1006 <th>CVE</th> 1007 <th></th> 1008 <th></th> 1009 <th> Google </th> 1010 <th> AOSP </th> 1011 <th> </th> 1012 </tr> 1013 <tr> 1014 <td>CVE-2017-0424</td> 1015 <td><a href="https://android.googlesource.com/platform/packages/apps/Messaging/+/e9b7e3a6b7a8886693d298401a20788816a5afdc"> 1016 A-32322450</a></td> 1017 <td></td> 1018 <td></td> 1019 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 1020 <td>2016 10 20</td> 1021 </tr> 1022 </table> 1023 1024 1025 <h3 id="id-in-audioserver"> 1026 </h3> 1027 <p> 1028 1029 . 1030 1031 . 1032 </p> 1033 1034 <table> 1035 <col width="18%"> 1036 <col width="17%"> 1037 <col width="10%"> 1038 <col width="19%"> 1039 <col width="18%"> 1040 <col width="17%"> 1041 <tr> 1042 <th>CVE</th> 1043 <th></th> 1044 <th></th> 1045 <th> Google </th> 1046 <th> AOSP </th> 1047 <th> </th> 1048 </tr> 1049 <tr> 1050 <td>CVE-2017-0425</td> 1051 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/a155de4d70e0b9ac8fc02b2bdcbb2e8e6cca46ff"> 1052 A-32720785</a></td> 1053 <td></td> 1054 <td></td> 1055 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 1056 <td>2016 11 7</td> 1057 </tr> 1058 </table> 1059 1060 1061 <h3 id="id-in-filesystem"> 1062 </h3> 1063 <p> 1064 1065 . 1066 1067 . 1068 </p> 1069 1070 <table> 1071 <col width="18%"> 1072 <col width="17%"> 1073 <col width="10%"> 1074 <col width="19%"> 1075 <col width="18%"> 1076 <col width="17%"> 1077 <tr> 1078 <th>CVE</th> 1079 <th></th> 1080 <th></th> 1081 <th> Google </th> 1082 <th> AOSP </th> 1083 <th> </th> 1084 </tr> 1085 <tr> 1086 <td>CVE-2017-0426</td> 1087 <td><a href="https://android.googlesource.com/platform/system/sepolicy/+/ae46511bfa62b56938b3df824bb2ee737dceaa7a"> 1088 A-32799236</a> 1089 [<a href="https://android.googlesource.com/platform/system/core/+/0e7324e9095a209d4f06ba00812b2b2976fe2846">2</a>]</td> 1090 <td></td> 1091 <td></td> 1092 <td>7.0, 7.1.1</td> 1093 <td>Google </td> 1094 </tr> 1095 </table> 1096 1097 1098 <h2 id="2017-02-05-details">2017-02-05 1099 </h2> 1100 <p> 1101 1102 <a href="#2017-02-05-summary">2017-02-05 1103 </a> 1104 . , 1105 CVE, , , Google , 1106 AOSP ( ), . 1107 1108 AOSP ID 1109 . 1110 ID .</p> 1111 1112 1113 <h3 id="rce-in-qualcomm-crypto-driver">Qualcomm 1114 </h3> 1115 <p> 1116 Qualcomm 1117 . 1118 1119 . 1120 </p> 1121 1122 <table> 1123 <col width="19%"> 1124 <col width="20%"> 1125 <col width="10%"> 1126 <col width="23%"> 1127 <col width="17%"> 1128 <tr> 1129 <th>CVE</th> 1130 <th></th> 1131 <th></th> 1132 <th> Google </th> 1133 <th> </th> 1134 </tr> 1135 <tr> 1136 <td>CVE-2016-8418</td> 1137 <td>A-32652894<br> 1138 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=8f8066581a8e575a7d57d27f36c4db63f91ca48f"> 1139 QC-CR#1077457</a></td> 1140 <td></td> 1141 <td>*</td> 1142 <td>2016 10 10</td> 1143 </tr> 1144 </table> 1145 <p> 1146 * Android 7.0 Google 1147 . 1148 </p> 1149 1150 1151 <h3 id="eop-in-kernel-file-system"> 1152 </h3> 1153 <p> 1154 1155 1156 . 1157 , 1158 . 1159 </p> 1160 1161 <table> 1162 <col width="19%"> 1163 <col width="20%"> 1164 <col width="10%"> 1165 <col width="23%"> 1166 <col width="17%"> 1167 <tr> 1168 <th>CVE</th> 1169 <th></th> 1170 <th></th> 1171 <th> Google </th> 1172 <th> </th> 1173 </tr> 1174 <tr> 1175 <td>CVE-2017-0427</td> 1176 <td>A-31495866*</td> 1177 <td></td> 1178 <td>Nexus 5X, Nexus 6, Nexus 6P, Nexus 9, Android One, Pixel C, Nexus 1179 Player, Pixel, Pixel XL</td> 1180 <td>2016 9 13</td> 1181 </tr> 1182 </table> 1183 <p> 1184 * . 1185 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1186 1187 1188 . 1189 </p> 1190 1191 1192 <h3 id="eop-in-nvidia-gpu-driver">NVIDIA GPU 1193 </h3> 1194 <p> 1195 NVIDIA GPU 1196 1197 . 1198 , 1199 . 1200 </p> 1201 1202 <table> 1203 <col width="19%"> 1204 <col width="20%"> 1205 <col width="10%"> 1206 <col width="23%"> 1207 <col width="17%"> 1208 <tr> 1209 <th>CVE</th> 1210 <th></th> 1211 <th></th> 1212 <th> Google </th> 1213 <th> </th> 1214 </tr> 1215 <tr> 1216 <td>CVE-2017-0428</td> 1217 <td>A-32401526*<br> 1218 N-CVE-2017-0428</td> 1219 <td></td> 1220 <td>Nexus 9</td> 1221 <td>2016 10 25</td> 1222 </tr> 1223 <tr> 1224 <td>CVE-2017-0429</td> 1225 <td>A-32636619*<br> 1226 N-CVE-2017-0429</td> 1227 <td></td> 1228 <td>Nexus 9</td> 1229 <td>2016 11 3</td> 1230 </tr> 1231 </table> 1232 <p> 1233 * . 1234 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1235 1236 1237 . 1238 </p> 1239 1240 1241 <h3 id="eop-in-kernel-networking-subsystem"> 1242 </h3> 1243 <p> 1244 1245 1246 . 1247 , 1248 . 1249 </p> 1250 1251 <table> 1252 <col width="19%"> 1253 <col width="20%"> 1254 <col width="10%"> 1255 <col width="23%"> 1256 <col width="17%"> 1257 <tr> 1258 <th>CVE</th> 1259 <th></th> 1260 <th></th> 1261 <th> Google </th> 1262 <th> </th> 1263 </tr> 1264 <tr> 1265 <td>CVE-2014-9914</td> 1266 <td>A-32882659<br> 1267 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9709674e68646cee5a24e3000b3558d25412203a"> 1268 </a></td> 1269 <td></td> 1270 <td>Nexus 6, Nexus Player</td> 1271 <td>2016 11 9</td> 1272 </tr> 1273 </table> 1274 1275 1276 <h3 id="eop-in-broadcom-wi-fi-driver">Broadcom Wi-Fi 1277 </h3> 1278 <p> 1279 Broadcom Wi-Fi 1280 1281 . 1282 , 1283 . 1284 </p> 1285 1286 <table> 1287 <col width="19%"> 1288 <col width="20%"> 1289 <col width="10%"> 1290 <col width="23%"> 1291 <col width="17%"> 1292 <tr> 1293 <th>CVE</th> 1294 <th></th> 1295 <th></th> 1296 <th> Google </th> 1297 <th> </th> 1298 </tr> 1299 <tr> 1300 <td>CVE-2017-0430</td> 1301 <td>A-32838767*<br> 1302 B-RB#107459</td> 1303 <td></td> 1304 <td>Nexus 6, Nexus 6P, Nexus 9, Pixel C, Nexus Player</td> 1305 <td>Google </td> 1306 </tr> 1307 </table> 1308 <p> 1309 * . 1310 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1311 1312 1313 . 1314 </p> 1315 1316 1317 <h3 id="vulnerabilities-in-qualcomm-components">Qualcomm 1318 </h3> 1319 <p> 1320 Qualcomm Qualcomm AMSS 1321 2016 9 . 1322 </p> 1323 1324 <table> 1325 <col width="19%"> 1326 <col width="20%"> 1327 <col width="10%"> 1328 <col width="23%"> 1329 <col width="17%"> 1330 <tr> 1331 <th>CVE</th> 1332 <th></th> 1333 <th>*</th> 1334 <th> Google </th> 1335 <th> </th> 1336 </tr> 1337 <tr> 1338 <td>CVE-2017-0431</td> 1339 <td>A-32573899**</td> 1340 <td></td> 1341 <td>***</td> 1342 <td>Qualcomm </td> 1343 </tr> 1344 </table> 1345 <p> 1346 * . 1347 </p> 1348 <p> 1349 ** . 1350 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1351 1352 1353 . 1354 </p> 1355 <p> 1356 *** Android 7.0 Google 1357 . 1358 </p> 1359 1360 1361 <h3 id="eop-in-mediatek-driver">MediaTek 1362 </h3> 1363 <p> 1364 MediaTek 1365 1366 . 1367 . 1368 </p> 1369 1370 <table> 1371 <col width="19%"> 1372 <col width="20%"> 1373 <col width="10%"> 1374 <col width="23%"> 1375 <col width="17%"> 1376 <tr> 1377 <th>CVE</th> 1378 <th></th> 1379 <th></th> 1380 <th> Google </th> 1381 <th> </th> 1382 </tr> 1383 <tr> 1384 <td>CVE-2017-0432</td> 1385 <td>A-28332719*<br> 1386 M-ALPS02708925</td> 1387 <td></td> 1388 <td>**</td> 1389 <td>2016 4 21</td> 1390 </tr> 1391 </table> 1392 <p> 1393 * . 1394 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1395 1396 1397 . 1398 </p> 1399 <p> 1400 ** Android 7.0 Google 1401 . 1402 </p> 1403 1404 1405 <h3 id="eop-in-synaptics-touchscreen-driver">Synaptics 1406 </h3> 1407 <p> 1408 Synaptics 1409 1410 . 1411 . 1412 </p> 1413 1414 <table> 1415 <col width="19%"> 1416 <col width="20%"> 1417 <col width="10%"> 1418 <col width="23%"> 1419 <col width="17%"> 1420 <tr> 1421 <th>CVE</th> 1422 <th></th> 1423 <th></th> 1424 <th> Google </th> 1425 <th> </th> 1426 </tr> 1427 <tr> 1428 <td>CVE-2017-0433</td> 1429 <td>A-31913571*</td> 1430 <td></td> 1431 <td>Nexus 6P, Nexus 9, Android One, Pixel, Pixel XL</td> 1432 <td>2016 9 8</td> 1433 </tr> 1434 <tr> 1435 <td>CVE-2017-0434</td> 1436 <td>A-33001936*</td> 1437 <td></td> 1438 <td>Pixel, Pixel XL</td> 1439 <td>2016 11 18</td> 1440 </tr> 1441 </table> 1442 <p> 1443 * . 1444 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1445 1446 1447 . 1448 </p> 1449 1450 1451 <h3 id="eop-in-qualcomm-secure-execution-environment-communicator-driver">Qualcomm Secure Execution Environment 1452 Communicator </h3> 1453 <p> 1454 Qualcomm Secure Execution Environment Communicator 1455 1456 . 1457 . 1458 </p> 1459 1460 <table> 1461 <col width="19%"> 1462 <col width="20%"> 1463 <col width="10%"> 1464 <col width="23%"> 1465 <col width="17%"> 1466 <tr> 1467 <th>CVE</th> 1468 <th></th> 1469 <th></th> 1470 <th> Google </th> 1471 <th> </th> 1472 </tr> 1473 <tr> 1474 <td>CVE-2016-8480</td> 1475 <td>A-31804432<br> 1476 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=0ed0f061bcd71940ed65de2ba46e37e709e31471"> 1477 QC-CR#1086186</a> 1478 [<a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=cd70f6025a7bbce89af7a7abf4c40a219fdea406">2</a>]</td> 1479 <td></td> 1480 <td>Nexus 5X, Nexus 6, Nexus 6P, Android One, Pixel, Pixel XL</td> 1481 <td>2016 9 28</td> 1482 </tr> 1483 </table> 1484 1485 1486 <h3 id="eop-in-qualcomm-sound-driver">Qualcomm 1487 </h3> 1488 <p> 1489 Qualcomm 1490 1491 . 1492 . 1493 </p> 1494 1495 <table> 1496 <col width="19%"> 1497 <col width="20%"> 1498 <col width="10%"> 1499 <col width="23%"> 1500 <col width="17%"> 1501 <tr> 1502 <th>CVE</th> 1503 <th></th> 1504 <th></th> 1505 <th> Google </th> 1506 <th> </th> 1507 </tr> 1508 <tr> 1509 <td>CVE-2016-8481</td> 1510 <td>A-31906415*<br> 1511 QC-CR#1078000</td> 1512 <td></td> 1513 <td>Nexus 5X, Nexus 6P, Pixel, Pixel XL</td> 1514 <td>2016 10 1</td> 1515 </tr> 1516 <tr> 1517 <td>CVE-2017-0435</td> 1518 <td>A-31906657*<br> 1519 QC-CR#1078000</td> 1520 <td></td> 1521 <td>Nexus 5X, Nexus 6P, Pixel, Pixel XL</td> 1522 <td>2016 10 1</td> 1523 </tr> 1524 <tr> 1525 <td>CVE-2017-0436</td> 1526 <td>A-32624661*<br> 1527 QC-CR#1078000</td> 1528 <td></td> 1529 <td>Nexus 5X, Nexus 6P, Pixel, Pixel XL</td> 1530 <td>2016 11 2</td> 1531 </tr> 1532 </table> 1533 <p> 1534 * . 1535 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1536 1537 1538 . 1539 </p> 1540 1541 1542 <h3 id="eop-in-qualcomm-wi-fi-driver">Qualcomm Wi-Fi 1543 </h3> 1544 <p> 1545 Qualcomm Wi-Fi 1546 1547 . 1548 . 1549 </p> 1550 1551 <table> 1552 <col width="19%"> 1553 <col width="20%"> 1554 <col width="10%"> 1555 <col width="23%"> 1556 <col width="17%"> 1557 <tr> 1558 <th>CVE</th> 1559 <th></th> 1560 <th></th> 1561 <th> Google </th> 1562 <th> </th> 1563 </tr> 1564 <tr> 1565 <td>CVE-2017-0437</td> 1566 <td>A-32402310<br> 1567 <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=1f0b036dc74ccb6e9f0a03a540efdb0876f5ca77"> 1568 QC-CR#1092497</a></td> 1569 <td></td> 1570 <td>Nexus 5X, Pixel, Pixel XL</td> 1571 <td>2016 10 25</td> 1572 </tr> 1573 <tr> 1574 <td>CVE-2017-0438</td> 1575 <td>A-32402604<br> 1576 <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=1f0b036dc74ccb6e9f0a03a540efdb0876f5ca77"> 1577 QC-CR#1092497</a></td> 1578 <td></td> 1579 <td>Nexus 5X, Pixel, Pixel XL</td> 1580 <td>2016 10 25</td> 1581 </tr> 1582 <tr> 1583 <td>CVE-2017-0439</td> 1584 <td>A-32450647<br> 1585 <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=81b6b5538d3227ed4b925fcceedb109abb2a4c61"> 1586 QC-CR#1092059</a></td> 1587 <td></td> 1588 <td>Nexus 5X, Pixel, Pixel XL</td> 1589 <td>2016 10 25</td> 1590 </tr> 1591 <tr> 1592 <td>CVE-2016-8419</td> 1593 <td>A-32454494<br> 1594 <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=9ba50d536227666a5b6abd51f2b122675d950488"> 1595 QC-CR#1087209</a></td> 1596 <td></td> 1597 <td>Nexus 5X, Pixel, Pixel XL</td> 1598 <td>2016 10 26</td> 1599 </tr> 1600 <tr> 1601 <td>CVE-2016-8420</td> 1602 <td>A-32451171<br> 1603 <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=c6597e015a7ce5ee71d3725fc55e64fc50923f4e"> 1604 QC-CR#1087807</a></td> 1605 <td></td> 1606 <td>Nexus 5X, Pixel, Pixel XL</td> 1607 <td>2016 10 26</td> 1608 </tr> 1609 <tr> 1610 <td>CVE-2016-8421</td> 1611 <td>A-32451104<br> 1612 <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=61a5cdb9adc96645583f528ac923e6e59f3abbcb"> 1613 QC-CR#1087797</a></td> 1614 <td></td> 1615 <td>Nexus 5X, Pixel, Pixel XL</td> 1616 <td>2016 10 26</td> 1617 </tr> 1618 <tr> 1619 <td>CVE-2017-0440</td> 1620 <td>A-33252788<br> 1621 <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=10f0051f7b3b9a7635b0762a8cf102f595f7a268"> 1622 QC-CR#1095770</a></td> 1623 <td></td> 1624 <td>Nexus 5X, Pixel, Pixel XL</td> 1625 <td>2016 11 11</td> 1626 </tr> 1627 <tr> 1628 <td>CVE-2017-0441</td> 1629 <td>A-32872662<br> 1630 <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=da87131740351b833f17f05dfa859977bc1e7684"> 1631 QC-CR#1095009</a></td> 1632 <td></td> 1633 <td>Nexus 5X, Pixel, Pixel XL</td> 1634 <td>2016 11 11</td> 1635 </tr> 1636 <tr> 1637 <td>CVE-2017-0442</td> 1638 <td>A-32871330<br> 1639 <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=1f0b036dc74ccb6e9f0a03a540efdb0876f5ca77"> 1640 QC-CR#1092497</a></td> 1641 <td></td> 1642 <td>Nexus 5X, Pixel, Pixel XL</td> 1643 <td>2016 11 13</td> 1644 </tr> 1645 <tr> 1646 <td>CVE-2017-0443</td> 1647 <td>A-32877494<br> 1648 <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=1f0b036dc74ccb6e9f0a03a540efdb0876f5ca77"> 1649 QC-CR#1092497</a></td> 1650 <td></td> 1651 <td>Nexus 5X, Pixel, Pixel XL</td> 1652 <td>2016 11 13</td> 1653 </tr> 1654 <tr> 1655 <td>CVE-2016-8476</td> 1656 <td>A-32879283<br> 1657 <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=bfe8035bce6fec72ed1d064b94529fce8fb09799"> 1658 QC-CR#1091940</a></td> 1659 <td></td> 1660 <td>Nexus 5X, Pixel, Pixel XL</td> 1661 <td>2016 11 14</td> 1662 </tr> 1663 </table> 1664 1665 1666 <h3 id="eop-in-realtek-sound-driver">Realtek 1667 </h3> 1668 <p> 1669 Realtek 1670 1671 . 1672 . 1673 </p> 1674 1675 <table> 1676 <col width="19%"> 1677 <col width="20%"> 1678 <col width="10%"> 1679 <col width="23%"> 1680 <col width="17%"> 1681 <tr> 1682 <th>CVE</th> 1683 <th></th> 1684 <th></th> 1685 <th> Google </th> 1686 <th> </th> 1687 </tr> 1688 <tr> 1689 <td>CVE-2017-0444</td> 1690 <td>A-32705232*</td> 1691 <td></td> 1692 <td>Nexus 9</td> 1693 <td>2016 11 7</td> 1694 </tr> 1695 </table> 1696 <p> 1697 * . 1698 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1699 1700 1701 . 1702 </p> 1703 1704 1705 <h3 id="eop-in-htc-touchscreen-driver">HTC 1706 </h3> 1707 <p> 1708 HTC 1709 1710 . 1711 . 1712 </p> 1713 1714 <table> 1715 <col width="19%"> 1716 <col width="20%"> 1717 <col width="10%"> 1718 <col width="23%"> 1719 <col width="17%"> 1720 <tr> 1721 <th>CVE</th> 1722 <th></th> 1723 <th></th> 1724 <th> Google </th> 1725 <th> </th> 1726 </tr> 1727 <tr> 1728 <td>CVE-2017-0445</td> 1729 <td>A-32769717*</td> 1730 <td></td> 1731 <td>Pixel, Pixel XL</td> 1732 <td>2016 11 9</td> 1733 </tr> 1734 <tr> 1735 <td>CVE-2017-0446</td> 1736 <td>A-32917445*</td> 1737 <td></td> 1738 <td>Pixel, Pixel XL</td> 1739 <td>2016 11 15</td> 1740 </tr> 1741 <tr> 1742 <td>CVE-2017-0447</td> 1743 <td>A-32919560*</td> 1744 <td></td> 1745 <td>Pixel, Pixel XL</td> 1746 <td>2016 11 15</td> 1747 </tr> 1748 </table> 1749 <p> 1750 * . 1751 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1752 1753 1754 . 1755 </p> 1756 1757 1758 <h3 id="id-in-nvidia-video-driver">NVIDIA 1759 </h3> 1760 <p> 1761 NVIDIA 1762 . 1763 1764 . 1765 </p> 1766 1767 <table> 1768 <col width="19%"> 1769 <col width="20%"> 1770 <col width="10%"> 1771 <col width="23%"> 1772 <col width="17%"> 1773 <tr> 1774 <th>CVE</th> 1775 <th></th> 1776 <th></th> 1777 <th> Google </th> 1778 <th> </th> 1779 </tr> 1780 <tr> 1781 <td>CVE-2017-0448</td> 1782 <td>A-32721029*<br> 1783 N-CVE-2017-0448</td> 1784 <td></td> 1785 <td>Nexus 9</td> 1786 <td>2016 11 7</td> 1787 </tr> 1788 </table> 1789 <p> 1790 * . 1791 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1792 1793 1794 . 1795 </p> 1796 1797 1798 <h3 id="eop-in-broadcom-wi-fi-driver-2">Broadcom Wi-Fi 1799 </h3> 1800 <p> 1801 Broadcom Wi-Fi 1802 1803 . 1804 1805 . 1806 </p> 1807 1808 <table> 1809 <col width="19%"> 1810 <col width="20%"> 1811 <col width="10%"> 1812 <col width="23%"> 1813 <col width="17%"> 1814 <tr> 1815 <th>CVE</th> 1816 <th></th> 1817 <th></th> 1818 <th> Google </th> 1819 <th> </th> 1820 </tr> 1821 <tr> 1822 <td>CVE-2017-0449</td> 1823 <td>A-31707909*<br> 1824 B-RB#32094</td> 1825 <td></td> 1826 <td>Nexus 6, Nexus 6P</td> 1827 <td>2016 9 23</td> 1828 </tr> 1829 </table> 1830 <p> 1831 * . 1832 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1833 1834 1835 . 1836 </p> 1837 1838 1839 <h3 id="eop-in-audioserver-2"> 1840 </h3> 1841 <p> 1842 1843 1844 . 1845 . 1846 </p> 1847 1848 <table> 1849 <col width="19%"> 1850 <col width="20%"> 1851 <col width="10%"> 1852 <col width="23%"> 1853 <col width="17%"> 1854 <tr> 1855 <th>CVE</th> 1856 <th></th> 1857 <th></th> 1858 <th> Google </th> 1859 <th> </th> 1860 </tr> 1861 <tr> 1862 <td>CVE-2017-0450</td> 1863 <td>A-32917432*</td> 1864 <td></td> 1865 <td>Nexus 9</td> 1866 <td>2016 11 15</td> 1867 </tr> 1868 </table> 1869 <p> 1870 * . 1871 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1872 1873 1874 . 1875 </p> 1876 1877 1878 <h3 id="eop-in-kernel-file-system-2"> 1879 </h3> 1880 <p> 1881 1882 . 1883 1884 . 1885 </p> 1886 1887 <table> 1888 <col width="19%"> 1889 <col width="20%"> 1890 <col width="10%"> 1891 <col width="23%"> 1892 <col width="17%"> 1893 <tr> 1894 <th>CVE</th> 1895 <th></th> 1896 <th></th> 1897 <th> Google </th> 1898 <th> </th> 1899 </tr> 1900 <tr> 1901 <td>CVE-2016-10044</td> 1902 <td>A-31711619*</td> 1903 <td></td> 1904 <td>Nexus 5X, Nexus 6, Nexus 6P, Nexus 9, Android One, Pixel C, Nexus 1905 Player, Pixel, Pixel XL</td> 1906 <td>Google </td> 1907 </tr> 1908 </table> 1909 <p> 1910 * . 1911 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1912 1913 1914 . 1915 </p> 1916 1917 1918 <h3 id="id-in-qualcomm-secure-execution-environment-communicator">Qualcomm Secure Execution 1919 Environment Communicator </h3> 1920 <p> 1921 Qualcomm Secure Execution Environment Communicator 1922 1923 . 1924 . 1925 </p> 1926 1927 <table> 1928 <col width="19%"> 1929 <col width="20%"> 1930 <col width="10%"> 1931 <col width="23%"> 1932 <col width="17%"> 1933 <tr> 1934 <th>CVE</th> 1935 <th></th> 1936 <th></th> 1937 <th> Google </th> 1938 <th> </th> 1939 </tr> 1940 <tr> 1941 <td>CVE-2016-8414</td> 1942 <td>A-31704078<br> 1943 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=320970d3da9b091e96746424c44649a91852a846"> 1944 QC-CR#1076407</a></td> 1945 <td></td> 1946 <td>Nexus 5X, Nexus 6P, Android One, Pixel, Pixel XL</td> 1947 <td>2016 9 23</td> 1948 </tr> 1949 </table> 1950 1951 1952 <h3 id="id-in-qualcomm-sound-driver">Qualcomm 1953 </h3> 1954 <p> 1955 Qualcomm 1956 . 1957 . 1958 </p> 1959 1960 <table> 1961 <col width="19%"> 1962 <col width="20%"> 1963 <col width="10%"> 1964 <col width="23%"> 1965 <col width="17%"> 1966 <tr> 1967 <th>CVE</th> 1968 <th></th> 1969 <th></th> 1970 <th> Google </th> 1971 <th> </th> 1972 </tr> 1973 <tr> 1974 <td>CVE-2017-0451</td> 1975 <td>A-31796345<br> 1976 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=59f55cd40b5f44941afc78b78e5bf81ad3dd723e"> 1977 QC-CR#1073129</a> 1978 [<a href="https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=35346beb2d8882115f698ab22a96803552b5c57e">2</a>]</td> 1979 <td></td> 1980 <td>Nexus 5X, Nexus 6P, Android One, Pixel, Pixel XL</td> 1981 <td>2016 9 27</td> 1982 </tr> 1983 </table> 1984 1985 <h2 id="common-questions-and-answers"> </h2> 1986 <p> .</p> 1987 <p><strong>1. 1988 ?</strong></p> 1989 <p> 1990 <a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">Pixel Nexus </a> 1991 .</p> 1992 <ul> 1993 <li>2017-02-01 2017-02-01 1994 .</li> 1995 <li>2017-02-05 1996 2017-02-05 . 1997 </li> 1998 </ul> 1999 <p> 2000 .</p> 2001 <ul> 2002 <li><code>[ro.build.version.security_patch]:[2017-02-01]</code></li> 2003 <li><code>[ro.build.version.security_patch]:[2017-02-05]</code></li> 2004 </ul> 2005 2006 <p><strong>2 ?</strong></p> 2007 2008 <p> Android Android 2009 2010 . Android 2011 .</p> 2012 <ul> 2013 <li>2017 1 1 2014 2015 .</li> 2016 <li>2017 1 5 2017 2018 .</li> 2019 </ul> 2020 <p> .</p> 2021 <p><strong>3. Google ?</strong></p> 2022 <p><a href="#2017-02-01-details">2017-02-01</a> 2023 <a href="#2017-02-05-details">2017-02-05</a> 2024 <em> Google 2025 </em> . 2026 Google . . 2027 </p> 2028 <ul> 2029 <li><strong> Google </strong>: Google Pixel 2030 , <em> Google </em> 2031 '' . '' <a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices"> </a> 2032 . Nexus 5X, Nexus 6, Nexus 6P, Nexus 7(2013), Nexus 9, 2033 Android One, Nexus Player, Pixel C, Pixel, Pixel XL.</li> 2034 <li><strong> Google </strong>: Google 2035 , Google <em> Google </em> 2036 .</li> 2037 <li><strong>Google </strong>: Android 7.0 Google 2038 , <em> Google </em> '' 2039 .</li> 2040 </ul> 2041 <p><strong>4. ?</strong></p> 2042 <p> <em></em> 2043 . 2044 .</p> 2045 <table> 2046 <tr> 2047 <th></th> 2048 <th> </th> 2049 </tr> 2050 <tr> 2051 <td>A-</td> 2052 <td>Android ID</td> 2053 </tr> 2054 <tr> 2055 <td>QC-</td> 2056 <td>Qualcomm </td> 2057 </tr> 2058 <tr> 2059 <td>M-</td> 2060 <td>MediaTek </td> 2061 </tr> 2062 <tr> 2063 <td>N-</td> 2064 <td>NVIDIA </td> 2065 </tr> 2066 <tr> 2067 <td>B-</td> 2068 <td>Broadcom </td> 2069 </tr> 2070 </table> 2071 2072 <h2 id="revisions"> </h2> 2073 <ul> 2074 <li>2017 2 6 </li> 2075 <li>2017 2 8: AOSP </li> 2076 </ul> 2077
