1 page.title=Android Security BulletinMarch 2017 2 @jd:body 3 4 <!-- 5 Copyright 2016 The Android Open Source Project 6 7 Licensed under the Apache License, Version 2.0 (the "License"); 8 you may not use this file except in compliance with the License. 9 You may obtain a copy of the License at 10 11 http://www.apache.org/licenses/LICENSE-2.0 12 13 Unless required by applicable law or agreed to in writing, software 14 distributed under the License is distributed on an "AS IS" BASIS, 15 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 See the License for the specific language governing permissions and 17 limitations under the License. 18 --> 19 <p><em>Published March 06, 2017 | Updated March 07, 2017</em></p> 20 <p>The Android Security Bulletin contains details of security vulnerabilities 21 affecting Android devices. Alongside the bulletin, we have released a security 22 update to Google devices through an over-the-air (OTA) update. The Google device 23 firmware images have also been released to the <a 24 href="https://developers.google.com/android/nexus/images">Google Developer 25 site</a>. Security patch levels of March 05, 2017 or later address all of these 26 issues. Refer to the <a 27 href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">Pixel 28 and Nexus update schedule</a> to learn how to check a device's security patch 29 level.</p> 30 <p>Partners were notified of the issues described in the bulletin on February 06, 31 2017 or earlier. Source code patches for these issues have been released to the 32 Android Open Source Project (AOSP) repository and linked from this bulletin. 33 This bulletin also includes links to patches outside of AOSP.</p> 34 <p>The most severe of these issues is a Critical security vulnerability that could 35 enable remote code execution on an affected device through multiple methods such 36 as email, web browsing, and MMS when processing media files.</p> 37 <p>We have had no reports of active customer exploitation or abuse of these newly 38 reported issues. Refer to the <a 39 href="#mitigations">Android and Google service 40 mitigations</a> section for details on the <a 41 href="{@docRoot}security/enhancements/index.html">Android 42 security platform protections</a> and service protections such as <a 43 href="https://developer.android.com/training/safetynet/index.html">SafetyNet</a>, 44 which improve the security of the Android platform.</p> 45 <p>We encourage all customers to accept these updates to their devices.</p> 46 <h2 id="announcements">Announcements</h2> 47 <ul> 48 <li>This bulletin has two security patch level strings to provide Android 49 partners with the flexibility to more quickly fix a subset of vulnerabilities 50 that are similar across all Android devices. See <a 51 href="#common-questions-and-answers">Common questions and answers</a> for 52 additional information: 53 <ul> 54 <li><strong>2017-03-01</strong>: Partial security patch level string. This 55 security patch level string indicates that all issues associated with 2017-03-01 56 (and all previous security patch level strings) are addressed.</li> 57 <li><strong>2017-03-05</strong>: Complete security patch level string. This 58 security patch level string indicates that all issues associated with 2017-03-01 59 and 2017-03-05 (and all previous security patch level strings) are addressed.</li> 60 </ul> 61 </li> 62 <li>Supported Google devices will receive a single OTA update with the March 63 05, 2017 security patch level.</li> 64 </ul> 65 <h2 id="security-vulnerability-summary">Security vulnerability summary</h2> 66 <p>The tables below contains a list of security vulnerabilities, the Common 67 Vulnerability and Exposures ID (CVE), the assessed severity, and whether or not 68 Google devices are affected. The <a 69 href="{@docRoot}security/overview/updates-resources.html#severity">severity 70 assessment</a> is based on the effect that exploiting the vulnerability would 71 possibly have on an affected device, assuming the platform and service 72 mitigations are disabled for development purposes or if successfully bypassed.</p> 73 <h3 id="2017-03-01-summary">2017-03-01 74 security patch levelVulnerability summary</h3> 75 <p>Security patch levels of 2017-03-01 or later must address the following issues.</p> 76 <table> 77 <col width="55%"> 78 <col width="20%"> 79 <col width="13%"> 80 <col width="12%"> 81 <tr> 82 <th>Issue</th> 83 <th>CVE</th> 84 <th>Severity</th> 85 <th>Affects Google devices?</th> 86 </tr> 87 <tr> 88 <td>Remote code execution vulnerability in OpenSSL & BoringSSL</td> 89 <td>CVE-2016-2182</td> 90 <td>Critical</td> 91 <td>Yes</td> 92 </tr> 93 <tr> 94 <td>Remote code execution vulnerability in Mediaserver</td> 95 <td>CVE-2017-0466, CVE-2017-0467, CVE-2017-0468, CVE-2017-0469, 96 CVE-2017-0470, CVE-2017-0471, CVE-2017-0472, CVE-2017-0473, CVE-2017-0474</td> 97 <td>Critical</td> 98 <td>Yes</td> 99 </tr> 100 <tr> 101 <td>Elevation of privilege vulnerability in recovery verifier</td> 102 <td>CVE-2017-0475</td> 103 <td>Critical</td> 104 <td>Yes</td> 105 </tr> 106 <tr> 107 <td>Remote code execution vulnerability in AOSP Messaging</td> 108 <td>CVE-2017-0476</td> 109 <td>High</td> 110 <td>Yes</td> 111 </tr> 112 <tr> 113 <td>Remote code execution vulnerability in libgdx</td> 114 <td>CVE-2017-0477</td> 115 <td>High</td> 116 <td>Yes</td> 117 </tr> 118 <tr> 119 <td>Remote code execution vulnerability in Framesequence library</td> 120 <td>CVE-2017-0478</td> 121 <td>High</td> 122 <td>Yes</td> 123 </tr> 124 <tr> 125 <td>Elevation of privilege vulnerability in NFC</td> 126 <td>CVE-2017-0481</td> 127 <td>High</td> 128 <td>Yes</td> 129 </tr> 130 <tr> 131 <td>Elevation of privilege vulnerability in Audioserver</td> 132 <td>CVE-2017-0479, CVE-2017-0480</td> 133 <td>High</td> 134 <td>Yes</td> 135 </tr> 136 <tr> 137 <td>Denial of service vulnerability in Mediaserver</td> 138 <td>CVE-2017-0482, CVE-2017-0483, CVE-2017-0484, CVE-2017-0485, 139 CVE-2017-0486, CVE-2017-0487, CVE-2017-0488</td> 140 <td>High</td> 141 <td>Yes</td> 142 </tr> 143 <tr> 144 <td>Elevation of privilege vulnerability in Location Manager</td> 145 <td>CVE-2017-0489</td> 146 <td>Moderate</td> 147 <td>Yes</td> 148 </tr> 149 <tr> 150 <td>Elevation of privilege vulnerability in Wi-Fi</td> 151 <td>CVE-2017-0490</td> 152 <td>Moderate</td> 153 <td>Yes</td> 154 </tr> 155 <tr> 156 <td>Elevation of privilege vulnerability in Package Manager</td> 157 <td>CVE-2017-0491</td> 158 <td>Moderate</td> 159 <td>Yes</td> 160 </tr> 161 <tr> 162 <td>Elevation of privilege vulnerability in System UI</td> 163 <td>CVE-2017-0492</td> 164 <td>Moderate</td> 165 <td>Yes</td> 166 </tr> 167 <tr> 168 <td>Information disclosure vulnerability in AOSP Messaging</td> 169 <td>CVE-2017-0494</td> 170 <td>Moderate</td> 171 <td>Yes</td> 172 </tr> 173 <tr> 174 <td>Information disclosure vulnerability in Mediaserver</td> 175 <td>CVE-2017-0495</td> 176 <td>Moderate</td> 177 <td>Yes</td> 178 </tr> 179 <tr> 180 <td>Denial of service vulnerability in Setup Wizard</td> 181 <td>CVE-2017-0496</td> 182 <td>Moderate</td> 183 <td>Yes</td> 184 </tr> 185 <tr> 186 <td>Denial of service vulnerability in Mediaserver</td> 187 <td>CVE-2017-0497</td> 188 <td>Moderate</td> 189 <td>Yes</td> 190 </tr> 191 <tr> 192 <td>Denial of service vulnerability in Setup Wizard</td> 193 <td>CVE-2017-0498</td> 194 <td>Moderate</td> 195 <td>No*</td> 196 </tr> 197 <tr> 198 <td>Denial of service vulnerability in Audioserver</td> 199 <td>CVE-2017-0499</td> 200 <td>Low</td> 201 <td>Yes</td> 202 </tr> 203 </table> 204 <p>* Supported Google devices on Android 7.0 or later that have installed all 205 available updates are not affected by this vulnerability.</p> 206 <h3 id="2017-03-05-summary">2017-03-05 207 security patch levelVulnerability summary</h3> 208 <p>Security patch levels of 2017-03-05 or later must address all of the 2017-03-01 209 issues, as well as the following issues.</p> 210 <table> 211 <col width="55%"> 212 <col width="20%"> 213 <col width="13%"> 214 <col width="12%"> 215 <tr> 216 <th>Issue</th> 217 <th>CVE</th> 218 <th>Severity</th> 219 <th>Affects Google devices?</th> 220 </tr> 221 <tr> 222 <td>Elevation of privilege vulnerability in MediaTek components</td> 223 <td>CVE-2017-0500, CVE-2017-0501, CVE-2017-0502, CVE-2017-0503, 224 CVE-2017-0504, CVE-2017-0505, CVE-2017-0506</td> 225 <td>Critical</td> 226 <td>No*</td> 227 </tr> 228 <tr> 229 <td>Elevation of privilege vulnerability in NVIDIA GPU driver</td> 230 <td>CVE-2017-0337, CVE-2017-0338, CVE-2017-0333, CVE-2017-0306, CVE-2017-0335</td> 231 <td>Critical</td> 232 <td>Yes</td> 233 </tr> 234 <tr> 235 <td>Elevation of privilege vulnerability in kernel ION subsystem</td> 236 <td>CVE-2017-0507, CVE-2017-0508</td> 237 <td>Critical</td> 238 <td>Yes</td> 239 </tr> 240 <tr> 241 <td>Elevation of privilege vulnerability in Broadcom Wi-Fi driver</td> 242 <td>CVE-2017-0509</td> 243 <td>Critical</td> 244 <td>No*</td> 245 </tr> 246 <tr> 247 <td>Elevation of privilege vulnerability in kernel FIQ debugger</td> 248 <td>CVE-2017-0510</td> 249 <td>Critical</td> 250 <td>Yes</td> 251 </tr> 252 <tr> 253 <td>Elevation of privilege vulnerability in Qualcomm GPU driver</td> 254 <td>CVE-2016-8479</td> 255 <td>Critical</td> 256 <td>Yes</td> 257 </tr> 258 <tr> 259 <td>Elevation of privilege vulnerability in kernel networking subsystem</td> 260 <td>CVE-2016-9806, CVE-2016-10200</td> 261 <td>Critical</td> 262 <td>Yes</td> 263 </tr> 264 <tr> 265 <td>Vulnerabilities in Qualcomm components</td> 266 <td>CVE-2016-8484, CVE-2016-8485, CVE-2016-8486, CVE-2016-8487, CVE-2016-8488</td> 267 <td>Critical</td> 268 <td>No*</td> 269 </tr> 270 <tr> 271 <td>Elevation of privilege vulnerability in kernel networking subsystem</td> 272 <td>CVE-2016-8655, CVE-2016-9793</td> 273 <td>High</td> 274 <td>Yes</td> 275 </tr> 276 <tr> 277 <td>Elevation of privilege vulnerability in Qualcomm input hardware driver</td> 278 <td>CVE-2017-0516</td> 279 <td>High</td> 280 <td>Yes</td> 281 </tr> 282 <tr> 283 <td>Elevation of privilege vulnerability in MediaTek Hardware Sensor Driver</td> 284 <td>CVE-2017-0517</td> 285 <td>High</td> 286 <td>No*</td> 287 </tr> 288 <tr> 289 <td>Elevation of privilege vulnerability in Qualcomm ADSPRPC driver</td> 290 <td>CVE-2017-0457</td> 291 <td>High</td> 292 <td>Yes</td> 293 </tr> 294 <tr> 295 <td>Elevation of privilege vulnerability in Qualcomm fingerprint sensor 296 driver</td> 297 <td>CVE-2017-0518, CVE-2017-0519</td> 298 <td>High</td> 299 <td>Yes</td> 300 </tr> 301 <tr> 302 <td>Elevation of privilege vulnerability in Qualcomm crypto engine driver</td> 303 <td>CVE-2017-0520</td> 304 <td>High</td> 305 <td>Yes</td> 306 </tr> 307 <tr> 308 <td>Elevation of privilege vulnerability in Qualcomm camera driver</td> 309 <td>CVE-2017-0458, CVE-2017-0521</td> 310 <td>High</td> 311 <td>Yes</td> 312 </tr> 313 <tr> 314 <td>Elevation of privilege vulnerability in MediaTek APK</td> 315 <td>CVE-2017-0522</td> 316 <td>High</td> 317 <td>No*</td> 318 </tr> 319 <tr> 320 <td>Elevation of privilege vulnerability in Qualcomm Wi-Fi driver</td> 321 <td>CVE-2017-0464, CVE-2017-0453, CVE-2017-0523</td> 322 <td>High</td> 323 <td>Yes</td> 324 </tr> 325 <tr> 326 <td>Elevation of privilege vulnerability in Synaptics touchscreen driver</td> 327 <td>CVE-2017-0524</td> 328 <td>High</td> 329 <td>Yes</td> 330 </tr> 331 <tr> 332 <td>Elevation of privilege vulnerability in Qualcomm IPA driver</td> 333 <td>CVE-2017-0456, CVE-2017-0525</td> 334 <td>High</td> 335 <td>Yes</td> 336 </tr> 337 <tr> 338 <td>Elevation of privilege vulnerability in HTC Sensor Hub Driver</td> 339 <td>CVE-2017-0526, CVE-2017-0527</td> 340 <td>High</td> 341 <td>Yes</td> 342 </tr> 343 <tr> 344 <td>Elevation of privilege vulnerability in NVIDIA GPU driver</td> 345 <td>CVE-2017-0307</td> 346 <td>High</td> 347 <td>No*</td> 348 </tr> 349 <tr> 350 <td>Elevation of privilege vulnerability in Qualcomm networking driver</td> 351 <td>CVE-2017-0463, CVE-2017-0460</td> 352 <td>High</td> 353 <td>Yes</td> 354 </tr> 355 <tr> 356 <td>Elevation of privilege vulnerability in kernel security subsystem</td> 357 <td>CVE-2017-0528</td> 358 <td>High</td> 359 <td>Yes</td> 360 </tr> 361 <tr> 362 <td>Elevation of privilege vulnerability in Qualcomm SPCom driver</td> 363 <td>CVE-2016-5856, CVE-2016-5857</td> 364 <td>High</td> 365 <td>No*</td> 366 </tr> 367 <tr> 368 <td>Information disclosure vulnerability in kernel networking subsystem</td> 369 <td>CVE-2014-8709</td> 370 <td>High</td> 371 <td>Yes</td> 372 </tr> 373 <tr> 374 <td>Information disclosure vulnerability in MediaTek driver</td> 375 <td>CVE-2017-0529</td> 376 <td>High</td> 377 <td>No*</td> 378 </tr> 379 <tr> 380 <td>Information disclosure vulnerability in Qualcomm bootloader</td> 381 <td>CVE-2017-0455</td> 382 <td>High</td> 383 <td>Yes</td> 384 </tr> 385 <tr> 386 <td>Information disclosure vulnerability in Qualcomm power driver</td> 387 <td>CVE-2016-8483</td> 388 <td>High</td> 389 <td>Yes</td> 390 </tr> 391 <tr> 392 <td>Information disclosure vulnerability in NVIDIA GPU driver</td> 393 <td>CVE-2017-0334, CVE-2017-0336</td> 394 <td>High</td> 395 <td>Yes</td> 396 </tr> 397 <tr> 398 <td>Denial of service vulnerability in kernel cryptographic subsystem</td> 399 <td>CVE-2016-8650</td> 400 <td>High</td> 401 <td>Yes</td> 402 </tr> 403 <tr> 404 <td>Elevation of privilege vulnerability in Qualcomm camera driver (device 405 specific)</td> 406 <td>CVE-2016-8417</td> 407 <td>Moderate</td> 408 <td>Yes</td> 409 </tr> 410 <tr> 411 <td>Information disclosure vulnerability in Qualcomm Wi-Fi driver</td> 412 <td>CVE-2017-0461, CVE-2017-0459, CVE-2017-0531</td> 413 <td>Moderate</td> 414 <td>Yes</td> 415 </tr> 416 <tr> 417 <td>Information disclosure vulnerability in MediaTek video codec driver</td> 418 <td>CVE-2017-0532</td> 419 <td>Moderate</td> 420 <td>No*</td> 421 </tr> 422 <tr> 423 <td>Information disclosure vulnerability in Qualcomm video driver</td> 424 <td>CVE-2017-0533, CVE-2017-0534, CVE-2016-8416, CVE-2016-8478</td> 425 <td>Moderate</td> 426 <td>Yes</td> 427 </tr> 428 <tr> 429 <td>Information disclosure vulnerability in Qualcomm camera driver</td> 430 <td>CVE-2016-8413, CVE-2016-8477</td> 431 <td>Moderate</td> 432 <td>Yes</td> 433 </tr> 434 <tr> 435 <td>Information disclosure vulnerability in HTC sound codec driver</td> 436 <td>CVE-2017-0535</td> 437 <td>Moderate</td> 438 <td>Yes</td> 439 </tr> 440 <tr> 441 <td>Information disclosure vulnerability in Synaptics touchscreen driver</td> 442 <td>CVE-2017-0536</td> 443 <td>Moderate</td> 444 <td>Yes</td> 445 </tr> 446 <tr> 447 <td>Information disclosure vulnerability in kernel USB gadget driver</td> 448 <td>CVE-2017-0537</td> 449 <td>Moderate</td> 450 <td>Yes</td> 451 </tr> 452 <tr> 453 <td>Information disclosure vulnerability in Qualcomm camera driver</td> 454 <td>CVE-2017-0452</td> 455 <td>Low</td> 456 <td>Yes</td> 457 </tr> 458 </table> 459 <p>* Supported Google devices on Android 7.0 or later that have installed all 460 available updates are not affected by this vulnerability.</p> 461 <h2 id="mitigations">Android and Google service 462 mitigations</h2> 463 <p>This is a summary of the mitigations provided by the <a 464 href="{@docRoot}security/enhancements/index.html">Android 465 security platform</a> and service protections, such as SafetyNet. These 466 capabilities reduce the likelihood that security vulnerabilities could be 467 successfully exploited on Android.</p> 468 <ul> 469 <li>Exploitation for many issues on Android is made more difficult by 470 enhancements in newer versions of the Android platform. We encourage all users 471 to update to the latest version of Android where possible.</li> 472 <li>The Android Security team actively monitors for abuse with <a 473 href="http://static.googleusercontent.com/media/source.android.com/en//security/reports/Google_Android_Security_2015_Report_Final.pdf">Verify 474 Apps and SafetyNet</a>, which are designed to warn users about <a 475 href="http://static.googleusercontent.com/media/source.android.com/en//security/reports/Google_Android_Security_PHA_classifications.pdf">Potentially 476 Harmful Applications</a>. Verify Apps is enabled by default on devices with <a 477 href="http://www.android.com/gms">Google Mobile Services</a> and is especially 478 important for users who install applications from outside of Google Play. Device 479 rooting tools are prohibited within Google Play, but Verify Apps warns users 480 when they attempt to install a detected rooting applicationno matter where it 481 comes from. Additionally, Verify Apps attempts to identify and block 482 installation of known malicious applications that exploit a privilege escalation 483 vulnerability. If such an application has already been installed, Verify Apps 484 will notify the user and attempt to remove the detected application.</li> 485 <li>As appropriate, Google Hangouts and Messenger applications do not 486 automatically pass media to processes such as Mediaserver.</li> 487 </ul> 488 <h2 id="acknowledgements">Acknowledgements</h2> 489 <p>We would like to thank these researchers for their contributions:</p> 490 <ul> 491 <li>Alexander Potapenko of Google Dynamic Tools team: CVE-2017-0537 492 <li>Baozeng Ding, Chengming Yang, Peng Xiao, and Yang Song of Alibaba Mobile 493 Security Group: CVE-2017-0506 494 <li>Baozeng Ding, Ning You, Chengming Yang, Peng Xiao, and Yang Song of Alibaba 495 Mobile Security Group: CVE-2017-0463 496 <li>Billy Lau of Android Security: CVE-2017-0335, CVE-2017-0336, CVE-2017-0338, 497 CVE-2017-0460 498 <li><a href="mailto:derrek.haxx (a] gmail.com">derrek</a> (<a 499 href="https://twitter.com/derrekr6">@derrekr6</a>): CVE-2016-8413, 500 CVE-2016-8477, CVE-2017-0531 501 <li><a href="mailto:derrek.haxx (a] gmail.com">derrek</a> (<a 502 href="https://twitter.com/derrekr6">@derrekr6</a>) and <a 503 href="mailto:sbauer (a] plzdonthack.me">Scott Bauer</a> (<a 504 href="https://twitter.com/ScottyBauer1">@ScottyBauer1</a>): CVE-2017-0521 505 <li>Di Shen (<a href="https://twitter.com/returnsme">@returnsme</a>) of KeenLab 506 (<a href="https://twitter.com/keen_lab">@keen_lab</a>), Tencent: CVE-2017-0334, 507 CVE-2017-0456, CVE-2017-0457, CVE-2017-0525 508 <li>En He (<a href="https://twitter.com/heeeeen4x">@heeeeen4x</a>) and Bo Liu of 509 <a href="http://www.ms509.com">MS509Team</a>: CVE-2017-0490 510 <li>Gengjia Chen (<a href="https://twitter.com/chengjia4574">@chengjia4574</a>) 511 and <a href="http://weibo.com/jfpan">pjf</a> of IceSword Lab, Qihoo 360 512 Technology Co. Ltd.: CVE-2017-0500, CVE-2017-0501, CVE-2017-0502, CVE-2017-0503, 513 CVE-2017-0509, CVE-2017-0524, CVE-2017-0529, CVE-2017-0536 514 <li>Hao Chen and Guang Gong of Alpha Team, Qihoo 360 Technology Co. Ltd.: 515 CVE-2017-0453, CVE-2017-0461, CVE-2017-0464 516 <li>Hiroki Yamamoto and Fang Chen of Sony Mobile Communications Inc.: 517 CVE-2017-0481 518 <li>IBM Security X-Force Researchers Sagi Kedmi and Roee Hay: CVE-2017-0510 519 <li>Jianjun Dai (<a href="https://twitter.com/Jioun_dai">@Jioun_dai</a>) of <a 520 href="https://skyeye.360safe.com">Qihoo 360 Skyeye Labs</a>: CVE-2017-0478 521 <li>Jianqiang Zhao (<a 522 href="https://twitter.com/jianqiangzhao">@jianqiangzhao</a>) and <a 523 href="http://weibo.com/jfpan">pjf</a> of IceSword Lab, Qihoo 360: CVE-2016-8416, 524 CVE-2016-8478, CVE-2017-0458, CVE-2017-0459, CVE-2017-0518, CVE-2017-0519, 525 CVE-2017-0533, CVE-2017-0534 526 <li><a href="mailto:zlbzlb815 (a] 163.com">Lubo Zhang</a>, <a 527 href="mailto:segfault5514 (a] gmail.com">Tong Lin</a>, <a 528 href="mailto:computernik (a] gmail.com">Yuan-Tsung Lo</a>, and Xuxian Jiang of <a 529 href="http://c0reteam.org">C0RE Team</a>: CVE-2016-8479 530 <li>Makoto Onuki of Google: CVE-2017-0491 531 <li>Mingjian Zhou (<a 532 href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>), <a 533 href="mailto:arnow117 (a] gmail.com">Hanxiang Wen</a>, and Xuxian Jiang of <a 534 href="http://c0reteam.org">C0RE Team</a>: CVE-2017-0479, CVE-2017-0480 535 <li>Nathan Crandall (<a href="https://twitter.com/natecray">@natecray</a>): 536 CVE-2017-0535 537 <li>Nathan Crandall (<a href="https://twitter.com/natecray">@natecray</a>) of 538 Tesla Motors Product Security Team: CVE-2017-0306 539 <li>Pengfei Ding (), Chenfu Bao (), Lenx Wei () of Baidu X-Lab 540 (): CVE-2016-8417 541 <li>Qidan He () (<a href="https://twitter.com/flanker_hqd">@flanker_hqd</a>) 542 of KeenLab, Tencent: CVE-2017-0337, CVE-2017-0476 543 <li>Qing Zhang of Qihoo 360 and Guangdong Bai of Singapore Institute of 544 Technology (SIT): CVE-2017-0496 545 <li>Quhe and wanchouchou of Ant-financial Light-Year Security Lab 546 (): CVE-2017-0522 547 <li><a href="mailto:keun-o.park (a] darkmatter.ae">Sahara</a> of Secure 548 Communications in DarkMatter: CVE-2017-0528 549 <li>salls (<a href="https://twitter.com/chris_salls">@chris_salls</a>) of 550 Shellphish Grill Team, UC Santa Barbara: CVE-2017-0505 551 <li><a href="mailto:sbauer (a] plzdonthack.me">Scott Bauer</a> (<a 552 href="https://twitter.com/ScottyBauer1">@ScottyBauer1</a>): CVE-2017-0504, 553 CVE-2017-0516 554 <li>Sean Beaupre (beaups): CVE-2017-0455 555 <li>Seven Shen (<a href="https://twitter.com/lingtongshen">@lingtongshen</a>) of 556 Trend Micro: CVE-2017-0452 557 <li>Shinichi Matsumoto of Fujitsu: CVE-2017-0498 558 <li><a href="mailto:smarques84 (a] gmail.com">Stphane Marques</a> of <a 559 href="http://www.byterev.com">ByteRev</a>: CVE-2017-0489 560 <li>Svetoslav Ganov of Google: CVE-2017-0492 561 <li><a href="mailto:segfault5514 (a] gmail.com">Tong Lin</a>, <a 562 href="mailto:computernik (a] gmail.com">Yuan-Tsung Lo</a>, and Xuxian Jiang of <a 563 href="http://c0reteam.org">C0RE Team</a>: CVE-2017-0333 564 <li>V.E.O (<a href="https://twitter.com/vysea">@VYSEa</a>) of <a 565 href="http://blog.trendmicro.com/trendlabs-security-intelligence/category/mobile">Mobile 566 Threat Response Team</a>, <a href="http://www.trendmicro.com">Trend Micro</a>: 567 CVE-2017-0466, CVE-2017-0467, CVE-2017-0468, CVE-2017-0469, CVE-2017-0470, 568 CVE-2017-0471, CVE-2017-0472, CVE-2017-0473, CVE-2017-0482, CVE-2017-0485, 569 CVE-2017-0486, CVE-2017-0487, CVE-2017-0494, CVE-2017-0495 570 <li>Wish Wu ( ) (<a href="https://twitter.com/wish_wu">@wish_wu</a>) of 571 Ant-financial Light-Year Security Lab (): CVE-2017-0477 572 <li>Yu Pan of Vulpecker Team, Qihoo 360 Technology Co. Ltd: CVE-2017-0517, 573 CVE-2017-0532 574 <li><a href="mailto:computernik (a] gmail.com">Yuan-Tsung Lo</a>, and Xuxian Jiang 575 of <a href="http://c0reteam.org">C0RE Team</a>: CVE-2017-0526, CVE-2017-0527 576 <li>Yuqi Lu (<a href="https://twitter.com/nikos233__">@nikos233</a>), <a 577 href="mailto:vancouverdou (a] gmail.com">Wenke Dou</a>, <a 578 href="mailto:shaodacheng2016 (a] gmail.com">Dacheng Shao</a>, Mingjian Zhou (<a 579 href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>), and Xuxian Jiang 580 of <a href="http://c0reteam.org">C0RE Team</a>: CVE-2017-0483</li></ul> 581 582 <h2 id="2017-03-01-details">2017-03-01 security patch levelVulnerability 583 details</h2> 584 <p>In the sections below, we provide details for each of the security 585 vulnerabilities listed in the 586 <a href="#2017-03-01-summary">2017-03-01 587 security patch levelVulnerability summary</a> above. There is a description of 588 the issue, a severity rationale, and a table with the CVE, associated 589 references, severity, updated Google devices, updated AOSP versions (where 590 applicable), and date reported. When available, we will link the public change 591 that addressed the issue to the bug ID, like the AOSP change list. When multiple 592 changes relate to a single bug, additional references are linked to numbers 593 following the bug ID.</p> 594 595 596 <h3 id="rce-in-openssl-&-boringssl">Remote code execution vulnerability in 597 OpenSSL & BoringSSL</h3> 598 <p>A remote code execution vulnerability in OpenSSL and BoringSSL could enable an 599 attacker using a specially crafted file to cause memory corruption during file 600 and data processing. This issue is rated as Critical due to the possibility of 601 remote code execution within the context of a privileged process.</p> 602 603 <table> 604 <col width="18%"> 605 <col width="17%"> 606 <col width="10%"> 607 <col width="19%"> 608 <col width="18%"> 609 <col width="17%"> 610 <tr> 611 <th>CVE</th> 612 <th>References</th> 613 <th>Severity</th> 614 <th>Updated Google devices</th> 615 <th>Updated AOSP versions</th> 616 <th>Date reported</th> 617 </tr> 618 <tr> 619 <td>CVE-2016-2182</td> 620 <td><a href="https://android.googlesource.com/platform/external/boringssl/+/54bf62a81586d99d0a951ca3342d569b59e69b80"> 621 A-32096880</a></td> 622 <td>Critical</td> 623 <td>All</td> 624 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 625 <td>Aug 5, 2016</td> 626 </tr> 627 </table> 628 629 630 <h3 id="rce-in-mediaserver-">Remote code execution vulnerability in Mediaserver 631 </h3> 632 <p>A remote code execution vulnerability in Mediaserver could enable an attacker 633 using a specially crafted file to cause memory corruption during media file and 634 data processing. This issue is rated as Critical due to the possibility of 635 remote code execution within the context of the Mediaserver process.</p> 636 637 <table> 638 <col width="18%"> 639 <col width="17%"> 640 <col width="10%"> 641 <col width="19%"> 642 <col width="18%"> 643 <col width="17%"> 644 <tr> 645 <th>CVE</th> 646 <th>References</th> 647 <th>Severity</th> 648 <th>Updated Google devices</th> 649 <th>Updated AOSP versions</th> 650 <th>Date reported</th> 651 </tr> 652 <tr> 653 <td>CVE-2017-0466</td> 654 <td><a href="https://android.googlesource.com/platform/external/libavc/+/c4f152575bd6d8cc6db1f89806e2ba1fd1bb314f">A-33139050</a> 655 [<a href="https://android.googlesource.com/platform/external/libavc/+/ec9ab83ac437d31f484a86643e2cc66db8efae4c">2</a>] 656 </td> 657 <td>Critical</td> 658 <td>All</td> 659 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 660 <td>Nov 25, 2016</td> 661 </tr> 662 <tr> 663 <td>CVE-2017-0467</td> 664 <td><a href="https://android.googlesource.com/platform/external/libavc/+/c4f152575bd6d8cc6db1f89806e2ba1fd1bb314f">A-33250932</a> 665 [<a href="https://android.googlesource.com/platform/external/libavc/+/fd9a12f9fdd9dd3e66c59dd7037e864b948085f7">2</a>] 666 </td> 667 <td>Critical</td> 668 <td>All</td> 669 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 670 <td>Nov 30, 2016</td> 671 </tr> 672 <tr> 673 <td>CVE-2017-0468</td> 674 <td><a href="https://android.googlesource.com/platform/external/libavc/+/0e8b1dff88e08b9d738d2360f05b96108e190995">A-33351708</a> 675 [<a href="https://android.googlesource.com/platform/external/libavc/+/fd9a12f9fdd9dd3e66c59dd7037e864b948085f7">2</a>] 676 </td> 677 <td>Critical</td> 678 <td>All</td> 679 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 680 <td>Dec 5, 2016</td> 681 </tr> 682 <tr> 683 <td>CVE-2017-0469</td> 684 <td><a href="https://android.googlesource.com/platform/external/libavc/+/21851eaecc814be709cb0c20f732cb858cfe1440"> 685 A-33450635</a></td> 686 <td>Critical</td> 687 <td>All</td> 688 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 689 <td>Dec 8, 2016</td> 690 </tr> 691 <tr> 692 <td>CVE-2017-0470</td> 693 <td><a href="https://android.googlesource.com/platform/external/libavc/+/6aac82003d665708b4e21e9b91693b642e2fa64f"> 694 A-33818500</a></td> 695 <td>Critical</td> 696 <td>All</td> 697 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 698 <td>Dec 21, 2016</td> 699 </tr> 700 <tr> 701 <td>CVE-2017-0471</td> 702 <td><a href="https://android.googlesource.com/platform/external/libavc/+/4a61d15e7b0ab979ba7e80db8ddbde025c1ce6cc"> 703 A-33816782</a></td> 704 <td>Critical</td> 705 <td>All</td> 706 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 707 <td>Dec 21, 2016</td> 708 </tr> 709 <tr> 710 <td>CVE-2017-0472</td> 711 <td><a href="https://android.googlesource.com/platform/external/libhevc/+/dfa7251ff270ae7e12a019e6735542e36b2a47e0"> 712 A-33862021</a></td> 713 <td>Critical</td> 714 <td>All</td> 715 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 716 <td>Dec 23, 2016</td> 717 </tr> 718 <tr> 719 <td>CVE-2017-0473</td> 720 <td><a href="https://android.googlesource.com/platform/external/libavc/+/0a4463e2beddb8290e05ad552e48b17686f854ce"> 721 A-33982658</a></td> 722 <td>Critical</td> 723 <td>All</td> 724 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 725 <td>Dec 30, 2016</td> 726 </tr> 727 <tr> 728 <td>CVE-2017-0474</td> 729 <td><a href="https://android.googlesource.com/platform/external/libvpx/+/6f5927de29337fa532c64d0ef8c7cb68f7c89889"> 730 A-32589224</a></td> 731 <td>Critical</td> 732 <td>All</td> 733 <td>7.0, 7.1.1</td> 734 <td>Google internal</td> 735 </tr> 736 </table> 737 738 <h3 id="eop-in-recovery-verifier">Elevation of privilege vulnerability in 739 recovery verifier</h3> 740 <p>An elevation of privilege vulnerability in the recovery verifier could enable a 741 local malicious application to execute arbitrary code within the context of the 742 kernel. This issue is rated as Critical due to the possibility of a local 743 permanent device compromise, which may require reflashing the operating system 744 to repair the device.</p> 745 746 <table> 747 <col width="18%"> 748 <col width="17%"> 749 <col width="10%"> 750 <col width="19%"> 751 <col width="18%"> 752 <col width="17%"> 753 <tr> 754 <th>CVE</th> 755 <th>References</th> 756 <th>Severity</th> 757 <th>Updated Google devices</th> 758 <th>Updated AOSP versions</th> 759 <th>Date reported</th> 760 </tr> 761 <tr> 762 <td>CVE-2017-0475</td> 763 <td><a href="https://android.googlesource.com/platform/bootable/recovery/+/2c6c23f651abb3d215134dfba463eb72a5e9f8eb"> 764 A-31914369</a></td> 765 <td>Critical</td> 766 <td>All</td> 767 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 768 <td>Oct 2, 2016</td> 769 </tr> 770 </table> 771 772 773 <h3 id="rce-in-aosp-messaging">Remote code execution vulnerability in AOSP 774 Messaging</h3> 775 <p>A remote code execution vulnerability in AOSP Messaging could enable an 776 attacker using a specially crafted file to cause memory corruption during media 777 file and data processing. This issue is rated as High due to the possibility of 778 remote code execution within the context of an unprivileged process.</p> 779 780 <table> 781 <col width="18%"> 782 <col width="17%"> 783 <col width="10%"> 784 <col width="19%"> 785 <col width="18%"> 786 <col width="17%"> 787 <tr> 788 <th>CVE</th> 789 <th>References</th> 790 <th>Severity</th> 791 <th>Updated Google devices</th> 792 <th>Updated AOSP versions</th> 793 <th>Date reported</th> 794 </tr> 795 <tr> 796 <td>CVE-2017-0476</td> 797 <td><a href="https://android.googlesource.com/platform/packages/apps/Messaging/+/8ba22b48ebff50311d7eaa8d512f9d507f0bdd0d"> 798 A-33388925</a></td> 799 <td>High</td> 800 <td>All</td> 801 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 802 <td>Dec 6, 2016</td> 803 </tr> 804 </table> 805 806 807 <h3 id="rce-in-libgdx">Remote code execution vulnerability in libgdx</h3> 808 <p>A remote code execution vulnerability in libgdx could enable an attacker using 809 a specially crafted file to execute arbitrary code within the context of an 810 unprivileged process. This issue is rated as High due to the possibility of 811 remote code execution in an application that uses this library.</p> 812 813 <table> 814 <col width="18%"> 815 <col width="17%"> 816 <col width="10%"> 817 <col width="19%"> 818 <col width="18%"> 819 <col width="17%"> 820 <tr> 821 <th>CVE</th> 822 <th>References</th> 823 <th>Severity</th> 824 <th>Updated Google devices</th> 825 <th>Updated AOSP versions</th> 826 <th>Date reported</th> 827 </tr> 828 <tr> 829 <td>CVE-2017-0477</td> 830 <td><a href="https://android.googlesource.com/platform/external/libgdx/+/fba04a52f43315cdb7dd38766822af0324eab7c5"> 831 A-33621647</a></td> 832 <td>High</td> 833 <td>All</td> 834 <td>7.1.1</td> 835 <td>Dec 14, 2016</td> 836 </tr> 837 </table> 838 839 840 <h3 id="rce-in-framesequence-library">Remote code execution vulnerability in 841 Framesequence library</h3> 842 <p>A remote code execution vulnerability in the Framesequence library could enable 843 an attacker using a specially crafted file to execute arbitrary code in the 844 context of an unprivileged process. This issue is rated as High due to the 845 possibility of remote code execution in an application that uses the 846 Framesequence library.</p> 847 848 <table> 849 <col width="18%"> 850 <col width="17%"> 851 <col width="10%"> 852 <col width="19%"> 853 <col width="18%"> 854 <col width="17%"> 855 <tr> 856 <th>CVE</th> 857 <th>References</th> 858 <th>Severity</th> 859 <th>Updated Google devices</th> 860 <th>Updated AOSP versions</th> 861 <th>Date reported</th> 862 </tr> 863 <tr> 864 <td>CVE-2017-0478</td> 865 <td><a href="https://android.googlesource.com/platform/frameworks/ex/+/7c824f17b3eea976ca58be7ea097cb807126f73b"> 866 A-33718716</a></td> 867 <td>High</td> 868 <td>All</td> 869 <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 870 <td>Dec 16, 2016</td> 871 </tr> 872 </table> 873 874 <h3 id="eop-in-nfc">Elevation of privilege vulnerability in NFC</h3> 875 <p>An elevation of privilege vulnerability in NFC could enable a proximate 876 attacker to execute arbitrary code within the context of a privileged process. 877 This issue is rated as High because it could be used to gain local access to 878 elevated capabilities, which are not normally accessible to a third-party 879 application.</p> 880 881 <table> 882 <col width="18%"> 883 <col width="17%"> 884 <col width="10%"> 885 <col width="19%"> 886 <col width="18%"> 887 <col width="17%"> 888 <tr> 889 <th>CVE</th> 890 <th>References</th> 891 <th>Severity</th> 892 <th>Updated Google devices</th> 893 <th>Updated AOSP versions</th> 894 <th>Date reported</th> 895 </tr> 896 <tr> 897 <td>CVE-2017-0481</td> 898 <td><a href="https://android.googlesource.com/platform/external/libnfc-nci/+/c67cc6ad2addddcb7185a33b08d27290ce54e350"> 899 A-33434992</a></td> 900 <td>High</td> 901 <td>All</td> 902 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 903 <td>Nov 6, 2016</td> 904 </tr> 905 </table> 906 907 <h3 id="eop-in-audioserver">Elevation of privilege vulnerability in 908 Audioserver</h3> 909 <p>An elevation of privilege vulnerability in Audioserver could enable a local 910 malicious application to execute arbitrary code within the context of a 911 privileged process. This issue is rated as High because it could be used to 912 gain local access to elevated capabilities, which are not normally accessible 913 to a third-party application.</p> 914 915 <table> 916 <col width="18%"> 917 <col width="17%"> 918 <col width="10%"> 919 <col width="19%"> 920 <col width="18%"> 921 <col width="17%"> 922 <tr> 923 <th>CVE</th> 924 <th>References</th> 925 <th>Severity</th> 926 <th>Updated Google devices</th> 927 <th>Updated AOSP versions</th> 928 <th>Date reported</th> 929 </tr> 930 <tr> 931 <td>CVE-2017-0479</td> 932 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/22e26d8ee73488c58ba3e7928e5da155151abfd0"> 933 A-32707507</a> 934 [<a href="https://android.googlesource.com/platform/frameworks/av/+/8415635765380be496da9b4578d8f134a527d86b">2</a>] 935 </td> 936 <td>High</td> 937 <td>All</td> 938 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 939 <td>Nov 7, 2016</td> 940 </tr> 941 <tr> 942 <td>CVE-2017-0480</td> 943 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/22e26d8ee73488c58ba3e7928e5da155151abfd0"> 944 A-32705429</a> 945 [<a href="https://android.googlesource.com/platform/frameworks/av/+/8415635765380be496da9b4578d8f134a527d86b">2</a>] 946 </td> 947 <td>High</td> 948 <td>All</td> 949 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 950 <td>Nov 7, 2016</td> 951 </tr> 952 </table> 953 954 955 <h3 id="dos-in-mediaserver">Denial of service vulnerability in Mediaserver</h3> 956 <p>A denial of service vulnerability in Mediaserver could enable an attacker to 957 use a specially crafted file to cause a device hang or reboot. This issue is 958 rated as High severity due to the possibility of remote denial of service.</p> 959 960 <table> 961 <col width="18%"> 962 <col width="17%"> 963 <col width="10%"> 964 <col width="19%"> 965 <col width="18%"> 966 <col width="17%"> 967 <tr> 968 <th>CVE</th> 969 <th>References</th> 970 <th>Severity</th> 971 <th>Updated Google devices</th> 972 <th>Updated AOSP versions</th> 973 <th>Date reported</th> 974 </tr> 975 <tr> 976 <td>CVE-2017-0482</td> 977 <td><a href="https://android.googlesource.com/platform/external/libavc/+/ec9ab83ac437d31f484a86643e2cc66db8efae4c"> 978 A-33090864</a> 979 [<a href="https://android.googlesource.com/platform/external/libavc/+/0e8b1dff88e08b9d738d2360f05b96108e190995">2</a>] 980 [<a href="https://android.googlesource.com/platform/external/libavc/+/a467b1fb2956fdcee5636ab63573a4bca8150dbe">3</a>] 981 [<a href="https://android.googlesource.com/platform/external/libavc/+/3695b6bdaa183bb2852da06b63ebd5b9c2cace36">4</a>] 982 [<a href="https://android.googlesource.com/platform/external/libavc/+/c4f152575bd6d8cc6db1f89806e2ba1fd1bb314f">5</a>] 983 [<a href="https://android.googlesource.com/platform/external/libavc/+/fd9a12f9fdd9dd3e66c59dd7037e864b948085f7">6</a>]</td> 984 <td>High</td> 985 <td>All</td> 986 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 987 <td>Nov 22, 2016</td> 988 </tr> 989 <tr> 990 <td>CVE-2017-0483</td> 991 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/bc62c086e9ba7530723dc8874b83159f4d77d976"> 992 A-33137046</a> 993 [<a href="https://android.googlesource.com/platform/frameworks/av/+/5cabe32a59f9be1e913b6a07a23d4cfa55e3fb2f">2</a>]</td> 994 <td>High</td> 995 <td>All</td> 996 <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 997 <td>Nov 24, 2016</td> 998 </tr> 999 <tr> 1000 <td>CVE-2017-0484</td> 1001 <td><a href="https://android.googlesource.com/platform/external/libavc/+/fd9a12f9fdd9dd3e66c59dd7037e864b948085f7"> 1002 A-33298089</a> 1003 [<a href="https://android.googlesource.com/platform/external/libavc/+/a467b1fb2956fdcee5636ab63573a4bca8150dbe">2</a>]</td> 1004 <td>High</td> 1005 <td>All</td> 1006 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 1007 <td>Dec 1, 2016</td> 1008 </tr> 1009 <tr> 1010 <td>CVE-2017-0485</td> 1011 <td><a href="https://android.googlesource.com/platform/external/libavc/+/3695b6bdaa183bb2852da06b63ebd5b9c2cace36"> 1012 A-33387820</a></td> 1013 <td>High</td> 1014 <td>All</td> 1015 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 1016 <td>Dec 6, 2016</td> 1017 </tr> 1018 <tr> 1019 <td>CVE-2017-0486</td> 1020 <td><a href="https://android.googlesource.com/platform/external/libavc/+/19814b7ad4ea6f0cc4cab34e50ebab2e180fc269"> 1021 A-33621215</a></td> 1022 <td>High</td> 1023 <td>All</td> 1024 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 1025 <td>Dec 14, 2016</td> 1026 </tr> 1027 <tr> 1028 <td>CVE-2017-0487</td> 1029 <td><a href="https://android.googlesource.com/platform/external/libavc/+/aa78b96e842fc1fb70a18acff22be35c7a715b23"> 1030 A-33751193</a></td> 1031 <td>High</td> 1032 <td>All</td> 1033 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 1034 <td>Dec 19, 2016</td> 1035 </tr> 1036 <tr> 1037 <td>CVE-2017-0488</td> 1038 <td><a href="https://android.googlesource.com/platform/external/libavc/+/0340381cd8c220311fd4fe2e8b23e1534657e399"> 1039 A-34097213</a></td> 1040 <td>High</td> 1041 <td>All</td> 1042 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 1043 <td>Google internal</td> 1044 </tr> 1045 </table> 1046 1047 <h3 id="eop-in-location-manager">Elevation of privilege vulnerability in 1048 Location Manager</h3> 1049 <p>An elevation of privilege vulnerability in Location Manager could enable a 1050 local malicious application to bypass operating system protections for location 1051 data. This issue is rated as Moderate because it could be used to generate 1052 inaccurate data.</p> 1053 1054 <table> 1055 <col width="18%"> 1056 <col width="17%"> 1057 <col width="10%"> 1058 <col width="19%"> 1059 <col width="18%"> 1060 <col width="17%"> 1061 <tr> 1062 <th>CVE</th> 1063 <th>References</th> 1064 <th>Severity</th> 1065 <th>Updated Google devices</th> 1066 <th>Updated AOSP versions</th> 1067 <th>Date reported</th> 1068 </tr> 1069 <tr> 1070 <td>CVE-2017-0489</td> 1071 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/d22261fef84481651e12995062105239d551cbc6"> 1072 A-33091107</a></td> 1073 <td>Moderate</td> 1074 <td>All</td> 1075 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 1076 <td>Nov 20, 2016</td> 1077 </tr> 1078 </table> 1079 1080 1081 <h3 id="eop-in-wi-fi">Elevation of privilege vulnerability in Wi-Fi</h3> 1082 <p>An elevation of privilege vulnerability in Wi-Fi could enable a local malicious 1083 application to delete user data. This issue is rated as Moderate because it is 1084 a local bypass of user interaction requirements that would normally require 1085 either user initiation or user permission. </p> 1086 1087 <table> 1088 <col width="18%"> 1089 <col width="17%"> 1090 <col width="10%"> 1091 <col width="19%"> 1092 <col width="18%"> 1093 <col width="17%"> 1094 <tr> 1095 <th>CVE</th> 1096 <th>References</th> 1097 <th>Severity</th> 1098 <th>Updated Google devices</th> 1099 <th>Updated AOSP versions</th> 1100 <th>Date reported</th> 1101 </tr> 1102 <tr> 1103 <td>CVE-2017-0490</td> 1104 <td><a href="https://android.googlesource.com/platform/packages/apps/CertInstaller/+/1166ca8adba9b49c9185dad11b28b02e72124d95"> 1105 A-33178389</a> 1106 [<a href="https://android.googlesource.com/platform/packages/apps/CertInstaller/+/1ad3b1e3256a226be362de1a4959f2a642d349b7">2</a>] 1107 [<a href="https://android.googlesource.com/platform/frameworks/opt/net/wifi/+/41c42f5bb544acf8bede2d05c6325657d92bd83c">3</a>] 1108 </td> 1109 <td>Moderate</td> 1110 <td>All</td> 1111 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 1112 <td>Nov 25, 2016</td> 1113 </tr> 1114 </table> 1115 1116 1117 <h3 id="eop-in-package-manager">Elevation of privilege vulnerability in Package 1118 Manager</h3> 1119 <p>An elevation of privilege vulnerability in Package Manager could enable a local 1120 malicious application to prevent users from uninstalling applications or 1121 removing permissions from applications. This issue is rated as Moderate because 1122 it is a local bypass of user interaction requirements.</p> 1123 1124 <table> 1125 <col width="18%"> 1126 <col width="17%"> 1127 <col width="10%"> 1128 <col width="19%"> 1129 <col width="18%"> 1130 <col width="17%"> 1131 <tr> 1132 <th>CVE</th> 1133 <th>References</th> 1134 <th>Severity</th> 1135 <th>Updated Google devices</th> 1136 <th>Updated AOSP versions</th> 1137 <th>Date reported</th> 1138 </tr> 1139 <tr> 1140 <td>CVE-2017-0491</td> 1141 <td><a href="https://android.googlesource.com/platform/packages/apps/PackageInstaller/+/5c49b6bf732c88481466dea341917b8604ce53fa"> 1142 A-32553261</a> 1143 </td> 1144 <td>Moderate</td> 1145 <td>All</td> 1146 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 1147 <td>Google internal</td> 1148 </tr> 1149 </table> 1150 1151 1152 <h3 id="eop-in-system-ui">Elevation of privilege vulnerability in System 1153 UI</h3> 1154 <p>An elevation of privilege vulnerability in the System UI could enable a local 1155 malicious application to create a UI overlay covering the entire screen. This 1156 issue is rated as Moderate because it is a local bypass of user interaction 1157 requirements that would normally require either user initiation or user 1158 permission.</p> 1159 1160 <table> 1161 <col width="18%"> 1162 <col width="17%"> 1163 <col width="10%"> 1164 <col width="19%"> 1165 <col width="18%"> 1166 <col width="17%"> 1167 <tr> 1168 <th>CVE</th> 1169 <th>References</th> 1170 <th>Severity</th> 1171 <th>Updated Google devices</th> 1172 <th>Updated AOSP versions</th> 1173 <th>Date reported</th> 1174 </tr> 1175 <tr> 1176 <td>CVE-2017-0492</td> 1177 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/f4bed684c939b0f8809ef404b8609fe4ef849263"> 1178 A-30150688</a> 1179 </td> 1180 <td>Moderate</td> 1181 <td>All</td> 1182 <td>7.1.1</td> 1183 <td>Google internal</td> 1184 </tr> 1185 </table> 1186 1187 1188 <h3 id="id-in-aosp-messaging">Information disclosure vulnerability in AOSP 1189 Messaging</h3> 1190 <p>An information disclosure vulnerability in AOSP Messaging could enable a remote 1191 attacker using a special crafted file to access data outside of its permission 1192 levels. This issue is rated as Moderate because it could be used to access 1193 sensitive data without permission.</p> 1194 1195 <table> 1196 <col width="18%"> 1197 <col width="17%"> 1198 <col width="10%"> 1199 <col width="19%"> 1200 <col width="18%"> 1201 <col width="17%"> 1202 <tr> 1203 <th>CVE</th> 1204 <th>References</th> 1205 <th>Severity</th> 1206 <th>Updated Google devices</th> 1207 <th>Updated AOSP versions</th> 1208 <th>Date reported</th> 1209 </tr> 1210 <tr> 1211 <td>CVE-2017-0494</td> 1212 <td><a href="https://android.googlesource.com/platform/packages/apps/Messaging/+/3f9821128abd66c4cd2f040d8243efb334bfad2d"> 1213 A-32764144</a></td> 1214 <td>Moderate</td> 1215 <td>All</td> 1216 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 1217 <td>Nov 9, 2016</td> 1218 </tr> 1219 </table> 1220 1221 1222 <h3 id="id-in-mediaserver">Information disclosure vulnerability in 1223 Mediaserver</h3> 1224 <p>An information disclosure vulnerability in Mediaserver could enable a local 1225 malicious application to access data outside of its permission levels. This 1226 issue is rated as Moderate because it could be used to access sensitive data 1227 without permission.</p> 1228 1229 <table> 1230 <col width="18%"> 1231 <col width="17%"> 1232 <col width="10%"> 1233 <col width="19%"> 1234 <col width="18%"> 1235 <col width="17%"> 1236 <tr> 1237 <th>CVE</th> 1238 <th>References</th> 1239 <th>Severity</th> 1240 <th>Updated Google devices</th> 1241 <th>Updated AOSP versions</th> 1242 <th>Date reported</th> 1243 </tr> 1244 <tr> 1245 <td>CVE-2017-0495</td> 1246 <td><a href="https://android.googlesource.com/platform/external/libavc/+/85c0ec4106659a11c220cd1210f8d76c33d9e2ae"> 1247 A-33552073</a></td> 1248 <td>Moderate</td> 1249 <td>All</td> 1250 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 1251 <td>Dec 11, 2016</td> 1252 </tr> 1253 </table> 1254 1255 1256 <h3 id="dos-in-setup-wizard">Denial of service vulnerability in Setup 1257 Wizard</h3> 1258 <p>A denial of service vulnerability in Setup Wizard could allow a local malicious 1259 application to temporarily block access to an affected device. This issue is 1260 rated as Moderate because it may require a factory reset to repair the device.</p> 1261 1262 <table> 1263 <col width="18%"> 1264 <col width="17%"> 1265 <col width="10%"> 1266 <col width="19%"> 1267 <col width="18%"> 1268 <col width="17%"> 1269 <tr> 1270 <th>CVE</th> 1271 <th>References</th> 1272 <th>Severity</th> 1273 <th>Updated Google devices</th> 1274 <th>Updated AOSP versions</th> 1275 <th>Date reported</th> 1276 </tr> 1277 <tr> 1278 <td>CVE-2017-0496</td> 1279 <td>A-31554152*</td> 1280 <td>Moderate</td> 1281 <td>None**</td> 1282 <td>5.0.2, 5.1.1, 6.0, 6.0.1</td> 1283 <td>Sep 14, 2016</td> 1284 </tr> 1285 </table> 1286 <p>* The patch for this issue is not publicly available. The update is contained in 1287 the latest binary drivers for Google devices available from the <a 1288 href="https://developers.google.com/android/nexus/drivers">Google Developer 1289 site</a>.</p> 1290 <p>** Supported Google devices on Android 7.0 or later that have installed all 1291 available updates are not affected by this vulnerability.</p> 1292 1293 <h3 id="dos-in-mediaserver-2">Denial of service vulnerability in 1294 Mediaserver</h3> 1295 <p>A denial of service vulnerability in Mediaserver could enable an attacker to 1296 use a specially crafted file to cause a device hang or reboot. This issue is 1297 rated as Moderate because it requires an uncommon device configuration.</p> 1298 1299 <table> 1300 <col width="18%"> 1301 <col width="17%"> 1302 <col width="10%"> 1303 <col width="19%"> 1304 <col width="18%"> 1305 <col width="17%"> 1306 <tr> 1307 <th>CVE</th> 1308 <th>References</th> 1309 <th>Severity</th> 1310 <th>Updated Google devices</th> 1311 <th>Updated AOSP versions</th> 1312 <th>Date reported</th> 1313 </tr> 1314 <tr> 1315 <td>CVE-2017-0497</td> 1316 <td><a href="https://android.googlesource.com/platform/external/skia/+/8888cbf8e74671d44e9ff92ec3847cd647b8cdfb"> 1317 A-33300701</a></td> 1318 <td>Moderate</td> 1319 <td>All</td> 1320 <td>7.0, 7.1.1</td> 1321 <td>Dec 2, 2016</td> 1322 </tr> 1323 </table> 1324 1325 1326 <h3 id="dos-in-setup-wizard-2">Denial of service vulnerability in Setup 1327 Wizard</h3> 1328 <p>A denial of service vulnerability in Setup Wizard could allow a local attacker 1329 to require Google account sign-in after a factory reset. This issue is rated as 1330 Moderate because it may require a factory reset to repair the device. </p> 1331 1332 <table> 1333 <col width="18%"> 1334 <col width="17%"> 1335 <col width="10%"> 1336 <col width="19%"> 1337 <col width="18%"> 1338 <col width="17%"> 1339 <tr> 1340 <th>CVE</th> 1341 <th>References</th> 1342 <th>Severity</th> 1343 <th>Updated Google devices</th> 1344 <th>Updated AOSP versions</th> 1345 <th>Date reported</th> 1346 </tr> 1347 <tr> 1348 <td>CVE-2017-0498</td> 1349 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/1c4d535d0806dbeb6d2fa5cea0373cbd9ab6d33b"> 1350 A-30352311</a> 1351 [<a href="https://android.googlesource.com/platform/frameworks/base/+/5f621b5b1549e8379aee05807652d5111382ccc6">2</a>] 1352 </td> 1353 <td>Moderate</td> 1354 <td>All</td> 1355 <td>5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 1356 <td>Google internal</td> 1357 </tr> 1358 </table> 1359 1360 1361 <h3 id="dos-in-audioserver">Denial of service vulnerability in Audioserver</h3> 1362 <p>A denial of service vulnerability in Audioserver could enable a local malicious 1363 application to cause a device hang or reboot. This issue is rated as Low due to 1364 the possibility of a temporary denial of service.</p> 1365 1366 <table> 1367 <col width="18%"> 1368 <col width="17%"> 1369 <col width="10%"> 1370 <col width="19%"> 1371 <col width="18%"> 1372 <col width="17%"> 1373 <tr> 1374 <th>CVE</th> 1375 <th>References</th> 1376 <th>Severity</th> 1377 <th>Updated Google devices</th> 1378 <th>Updated AOSP versions</th> 1379 <th>Date reported</th> 1380 </tr> 1381 <tr> 1382 <td>CVE-2017-0499</td> 1383 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/22e26d8ee73488c58ba3e7928e5da155151abfd0"> 1384 A-32095713</a></td> 1385 <td>Low</td> 1386 <td>All</td> 1387 <td>5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 1388 <td>Oct 11, 2016</td> 1389 </tr> 1390 </table> 1391 1392 1393 <h2 id="2017-03-05-details">2017-03-05 security patch levelVulnerability 1394 details</h2> 1395 <p>In the sections below, we provide details for each of the security 1396 vulnerabilities listed in the 1397 <a href="#2017-03-05-summary">2017-03-05 1398 security patch levelVulnerability summary</a> above. There is a description of 1399 the issue, a severity rationale, and a table with the CVE, associated 1400 references, severity, updated Google devices, updated AOSP versions (where 1401 applicable), and date reported. When available, we will link the public change 1402 that addressed the issue to the bug ID, like the AOSP change list. When multiple 1403 changes relate to a single bug, additional references are linked to numbers 1404 following the bug ID.</p> 1405 1406 1407 <h3 id="eop-in-mediatek-components">Elevation of privilege vulnerability in 1408 MediaTek components</h3> 1409 <p>An elevation of privilege vulnerability in MediaTek components, including the 1410 M4U driver, sound driver, touchscreen driver, GPU driver, and Command Queue 1411 driver, could enable a local malicious application to execute arbitrary code 1412 within the context of the kernel. This issue is rated as Critical due to the 1413 possibility of a local permanent device compromise, which may require 1414 reflashing the operating system to repair the device.</p> 1415 1416 <table> 1417 <col width="19%"> 1418 <col width="20%"> 1419 <col width="10%"> 1420 <col width="23%"> 1421 <col width="17%"> 1422 <tr> 1423 <th>CVE</th> 1424 <th>References</th> 1425 <th>Severity</th> 1426 <th>Updated Google devices</th> 1427 <th>Date reported</th> 1428 </tr> 1429 <tr> 1430 <td>CVE-2017-0500</td> 1431 <td>A-28429685*<br> 1432 M-ALPS02710006</td> 1433 <td>Critical</td> 1434 <td>None**</td> 1435 <td>Apr 27, 2016</td> 1436 </tr> 1437 <tr> 1438 <td>CVE-2017-0501</td> 1439 <td>A-28430015*<br> 1440 M-ALPS02708983</td> 1441 <td>Critical</td> 1442 <td>None**</td> 1443 <td>Apr 27, 2016</td> 1444 </tr> 1445 <tr> 1446 <td>CVE-2017-0502</td> 1447 <td>A-28430164*<br> 1448 M-ALPS02710027</td> 1449 <td>Critical</td> 1450 <td>None**</td> 1451 <td>Apr 27, 2016</td> 1452 </tr> 1453 <tr> 1454 <td>CVE-2017-0503</td> 1455 <td>A-28449045*<br> 1456 M-ALPS02710075</td> 1457 <td>Critical</td> 1458 <td>None**</td> 1459 <td>Apr 28, 2016</td> 1460 </tr> 1461 <tr> 1462 <td>CVE-2017-0504</td> 1463 <td>A-30074628*<br> 1464 M-ALPS02829371</td> 1465 <td>Critical</td> 1466 <td>None**</td> 1467 <td>Jul 9, 2016</td> 1468 </tr> 1469 <tr> 1470 <td>CVE-2017-0505</td> 1471 <td>A-31822282*<br> 1472 M-ALPS02992041</td> 1473 <td>Critical</td> 1474 <td>None**</td> 1475 <td>Sep 28, 2016</td> 1476 </tr> 1477 <tr> 1478 <td>CVE-2017-0506</td> 1479 <td>A-32276718*<br> 1480 M-ALPS03006904</td> 1481 <td>Critical</td> 1482 <td>None**</td> 1483 <td>Oct 18, 2016</td> 1484 </tr> 1485 </table> 1486 <p>* The patch for this issue is not publicly available. The update is contained 1487 in the latest binary drivers for Nexus devices available from the 1488 <a href="https://developers.google.com/android/nexus/drivers"> 1489 Google Developer site</a>.</p> 1490 <p>** Supported Google devices on Android 7.0 or later that have installed all 1491 available updates are not affected by this vulnerability.</p> 1492 1493 1494 <h3 id="eop-in-nvidia-gpu-driver">Elevation of privilege vulnerability in 1495 NVIDIA GPU driver</h3> 1496 <p>An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a 1497 local malicious application to execute arbitrary code within the context of the 1498 kernel. This issue is rated as Critical due to the possibility of a local 1499 permanent device compromise, which may require reflashing the operating system 1500 to repair the device.</p> 1501 1502 <table> 1503 <col width="19%"> 1504 <col width="20%"> 1505 <col width="10%"> 1506 <col width="23%"> 1507 <col width="17%"> 1508 <tr> 1509 <th>CVE</th> 1510 <th>References</th> 1511 <th>Severity</th> 1512 <th>Updated Google devices</th> 1513 <th>Date reported</th> 1514 </tr> 1515 <tr> 1516 <td>CVE-2017-0337</td> 1517 <td>A-31992762*<br> 1518 N-CVE-2017-0337</td> 1519 <td>Critical</td> 1520 <td>Pixel C</td> 1521 <td>Oct 6, 2016</td> 1522 </tr> 1523 <tr> 1524 <td>CVE-2017-0338</td> 1525 <td>A-33057977*<br> 1526 N-CVE-2017-0338</td> 1527 <td>Critical</td> 1528 <td>Pixel C</td> 1529 <td>Nov 21, 2016</td> 1530 </tr> 1531 <tr> 1532 <td>CVE-2017-0333</td> 1533 <td>A-33899363*<br> 1534 N-CVE-2017-0333</td> 1535 <td>Critical</td> 1536 <td>Pixel C</td> 1537 <td>Dec 25, 2016</td> 1538 </tr> 1539 <tr> 1540 <td>CVE-2017-0306</td> 1541 <td>A-34132950*<br> 1542 N-CVE-2017-0306</td> 1543 <td>Critical</td> 1544 <td>Nexus 9</td> 1545 <td>Jan 6, 2017</td> 1546 </tr> 1547 <tr> 1548 <td>CVE-2017-0335</td> 1549 <td>A-33043375*<br> 1550 N-CVE-2017-0335</td> 1551 <td>Critical</td> 1552 <td>Pixel C</td> 1553 <td>Google internal</td> 1554 </tr> 1555 </table> 1556 <p>* The patch for this issue is not publicly available. The update is contained 1557 in the latest binary drivers for Nexus devices available from the 1558 <a href="https://developers.google.com/android/nexus/drivers"> 1559 Google Developer site</a>.</p> 1560 1561 1562 <h3 id="eop-in-kernel-ion-subsystem">Elevation of privilege vulnerability in 1563 kernel ION subsystem</h3> 1564 <p>An elevation of privilege vulnerability in the kernel ION subsystem could 1565 enable a local malicious application to execute arbitrary code within the 1566 context of the kernel. This issue is rated as Critical due to the possibility 1567 of a local permanent device compromise, which may require reflashing the 1568 operating system to repair the device.</p> 1569 1570 <table> 1571 <col width="19%"> 1572 <col width="20%"> 1573 <col width="10%"> 1574 <col width="23%"> 1575 <col width="17%"> 1576 <tr> 1577 <th>CVE</th> 1578 <th>References</th> 1579 <th>Severity</th> 1580 <th>Updated Google devices</th> 1581 <th>Date reported</th> 1582 </tr> 1583 <tr> 1584 <td>CVE-2017-0507</td> 1585 <td>A-31992382*</td> 1586 <td>Critical</td> 1587 <td>Android One, Nexus 5X, Nexus 6, Nexus 6P, Nexus 9, Nexus Player, Pixel 1588 C, Pixel, Pixel XL</td> 1589 <td>Oct 6, 2016</td> 1590 </tr> 1591 <tr> 1592 <td>CVE-2017-0508</td> 1593 <td>A-33940449*</td> 1594 <td>Critical</td> 1595 <td>Pixel C</td> 1596 <td>Dec 28, 2016</td> 1597 </tr> 1598 </table> 1599 <p>* The patch for this issue is not publicly available. The update is contained 1600 in the latest binary drivers for Nexus devices available from the 1601 <a href="https://developers.google.com/android/nexus/drivers"> 1602 Google Developer site</a>.</p> 1603 1604 1605 <h3 id="eop-in-broadcom-wi-fi-driver">Elevation of privilege vulnerability in 1606 Broadcom Wi-Fi driver</h3> 1607 <p>An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could 1608 enable a local malicious application to execute arbitrary code within the 1609 context of the kernel. This issue is rated as Critical due to the possibility 1610 of a local permanent device compromise, which may require reflashing the 1611 operating system to repair the device.</p> 1612 1613 <table> 1614 <col width="19%"> 1615 <col width="20%"> 1616 <col width="10%"> 1617 <col width="23%"> 1618 <col width="17%"> 1619 <tr> 1620 <th>CVE</th> 1621 <th>References</th> 1622 <th>Severity</th> 1623 <th>Updated Google devices</th> 1624 <th>Date reported</th> 1625 </tr> 1626 <tr> 1627 <td>CVE-2017-0509</td> 1628 <td>A-32124445*<br> 1629 B-RB#110688</td> 1630 <td>Critical</td> 1631 <td>None**</td> 1632 <td>Oct 12, 2016</td> 1633 </tr> 1634 </table> 1635 <p>* The patch for this issue is not publicly available. The update is contained 1636 in the latest binary drivers for Nexus devices available from the 1637 <a href="https://developers.google.com/android/nexus/drivers"> 1638 Google Developer site</a>.</p> 1639 <p>** Supported Google devices on Android 7.0 or later that have installed all 1640 available updates are not affected by this vulnerability.</p> 1641 1642 1643 <h3 id="eop-in-kernel-fiq-debugger">Elevation of privilege vulnerability in 1644 kernel FIQ debugger</h3> 1645 <p>An elevation of privilege vulnerability in the kernel FIQ debugger could enable 1646 a local malicious application to execute arbitrary code within the context of 1647 the kernel. This issue is rated as Critical due to the possibility of a local 1648 permanent device compromise, which may require reflashing the operating system 1649 to repair the device.</p> 1650 1651 <table> 1652 <col width="19%"> 1653 <col width="20%"> 1654 <col width="10%"> 1655 <col width="23%"> 1656 <col width="17%"> 1657 <tr> 1658 <th>CVE</th> 1659 <th>References</th> 1660 <th>Severity</th> 1661 <th>Updated Google devices</th> 1662 <th>Date reported</th> 1663 </tr> 1664 <tr> 1665 <td>CVE-2017-0510</td> 1666 <td>A-32402555*</td> 1667 <td>Critical</td> 1668 <td>Nexus 9</td> 1669 <td>Oct 25, 2016</td> 1670 </tr> 1671 </table> 1672 <p>* The patch for this issue is not publicly available. The update is contained 1673 in the latest binary drivers for Nexus devices available from the 1674 <a href="https://developers.google.com/android/nexus/drivers"> 1675 Google Developer site</a>.</p> 1676 1677 1678 <h3 id="eop-in-qualcomm-gpu-driver">Elevation of privilege vulnerability in 1679 Qualcomm GPU driver</h3> 1680 <p>An elevation of privilege vulnerability in the Qualcomm GPU driver could enable 1681 a local malicious application to execute arbitrary code within the context of 1682 the kernel. This issue is rated as Critical due to the possibility of a local 1683 permanent device compromise, which may require reflashing the operating system 1684 to repair the device.</p> 1685 1686 <table> 1687 <col width="19%"> 1688 <col width="20%"> 1689 <col width="10%"> 1690 <col width="23%"> 1691 <col width="17%"> 1692 <tr> 1693 <th>CVE</th> 1694 <th>References</th> 1695 <th>Severity</th> 1696 <th>Updated Google devices</th> 1697 <th>Date reported</th> 1698 </tr> 1699 <tr> 1700 <td>CVE-2016-8479</td> 1701 <td>A-31824853*<br> 1702 QC-CR#1093687</td> 1703 <td>Critical</td> 1704 <td>Android One, Nexus 5X, Nexus 6, Nexus 6P, Pixel, Pixel XL</td> 1705 <td>Sep 29, 2016</td> 1706 </tr> 1707 </table> 1708 <p>* The patch for this issue is not publicly available. The update is contained 1709 in the latest binary drivers for Nexus devices available from the 1710 <a href="https://developers.google.com/android/nexus/drivers"> 1711 Google Developer site</a>.</p> 1712 1713 1714 <h3 id="eop-in-kernel-networking-subsystem">Elevation of privilege 1715 vulnerability in kernel networking subsystem</h3> 1716 <p>An elevation of privilege vulnerability in the kernel networking subsystem 1717 could enable a local malicious application to execute arbitrary code within the 1718 context of the kernel. This issue is rated as Critical due to the possibility 1719 of a local permanent device compromise, which may require reflashing the 1720 operating system to repair the device.</p> 1721 1722 <table> 1723 <col width="19%"> 1724 <col width="20%"> 1725 <col width="10%"> 1726 <col width="23%"> 1727 <col width="17%"> 1728 <tr> 1729 <th>CVE</th> 1730 <th>References</th> 1731 <th>Severity</th> 1732 <th>Updated Google devices</th> 1733 <th>Date reported</th> 1734 </tr> 1735 <tr> 1736 <td>CVE-2016-9806</td> 1737 <td>A-33393474<br> 1738 <a 1739 href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=92964c79b357efd980812c4de5c1fd2ec8bb5520"> 1740 Upstream kernel</a></td> 1741 <td>Critical</td> 1742 <td>Pixel C, Pixel, Pixel XL</td> 1743 <td>Dec 4, 2016</td> 1744 </tr> 1745 <tr> 1746 <td>CVE-2016-10200</td> 1747 <td>A-33753815<br> 1748 <a 1749 href="https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=32c231164b762dddefa13af5a0101032c70b50ef"> 1750 Upstream kernel</a></td> 1751 <td>Critical</td> 1752 <td>Nexus 5X, Nexus 6P, Pixel, Pixel XL</td> 1753 <td>Dec 19, 2016</td> 1754 </tr> 1755 </table> 1756 1757 1758 <h3 id="vulnerabilities-in-qualcomm-components">Vulnerabilities in Qualcomm 1759 components</h3> 1760 <p>The following vulnerability affects Qualcomm components and is described in 1761 further detail in Qualcomm AMSS September 2016 security bulletin.</p> 1762 1763 <table> 1764 <col width="19%"> 1765 <col width="20%"> 1766 <col width="10%"> 1767 <col width="23%"> 1768 <col width="17%"> 1769 <tr> 1770 <th>CVE</th> 1771 <th>References</th> 1772 <th>Severity</th> 1773 <th>Updated Google devices</th> 1774 <th>Date reported</th> 1775 </tr> 1776 <tr> 1777 <td>CVE-2016-8484</td> 1778 <td>A-28823575**</td> 1779 <td>Critical</td> 1780 <td>None***</td> 1781 <td>Qualcomm internal</td> 1782 </tr> 1783 <tr> 1784 <td>CVE-2016-8485</td> 1785 <td>A-28823681**</td> 1786 <td>Critical</td> 1787 <td>None***</td> 1788 <td>Qualcomm internal</td> 1789 </tr> 1790 <tr> 1791 <td>CVE-2016-8486</td> 1792 <td>A-28823691**</td> 1793 <td>Critical</td> 1794 <td>None***</td> 1795 <td>Qualcomm internal</td> 1796 </tr> 1797 <tr> 1798 <td>CVE-2016-8487</td> 1799 <td>A-28823724**</td> 1800 <td>Critical</td> 1801 <td>None***</td> 1802 <td>Qualcomm internal</td> 1803 </tr> 1804 <tr> 1805 <td>CVE-2016-8488</td> 1806 <td>A-31625756**</td> 1807 <td>Critical</td> 1808 <td>None***</td> 1809 <td>Qualcomm internal</td> 1810 </tr> 1811 </table> 1812 <p>* The severity rating for these vulnerabilities was determined by the vendor.</p> 1813 <p>* The patch for this issue is not publicly available. The update is contained 1814 in the latest binary drivers for Nexus devices available from the 1815 <a href="https://developers.google.com/android/nexus/drivers"> 1816 Google Developer site</a>.</p> 1817 <p>*** Supported Google devices on Android 7.0 or later that have installed all 1818 available updates are not affected by this vulnerability.</p> 1819 1820 1821 <h3 id="eop-in-kernel-networking-subsystem-2">Elevation of privilege 1822 vulnerability in kernel networking subsystem</h3> 1823 <p>An elevation of privilege vulnerability in the kernel networking subsystem 1824 could enable a local malicious application to execute arbitrary code within the 1825 context of the kernel. This issue is rated as High because it first requires 1826 compromising a privileged process.</p> 1827 1828 <table> 1829 <col width="19%"> 1830 <col width="20%"> 1831 <col width="10%"> 1832 <col width="23%"> 1833 <col width="17%"> 1834 <tr> 1835 <th>CVE</th> 1836 <th>References</th> 1837 <th>Severity</th> 1838 <th>Updated Google devices</th> 1839 <th>Date reported</th> 1840 </tr> 1841 <tr> 1842 <td>CVE-2016-8655</td> 1843 <td>A-33358926<br> 1844 <a 1845 href="https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=84ac7260236a49c79eede91617700174c2c19b0c"> 1846 Upstream kernel</a></td> 1847 <td>High</td> 1848 <td>Android One, Nexus 5X, Nexus 6, Nexus 6P, Nexus 9, Nexus Player, Pixel 1849 C, Pixel, Pixel XL</td> 1850 <td>Oct 12, 2016</td> 1851 </tr> 1852 <tr> 1853 <td>CVE-2016-9793</td> 1854 <td>A-33363517<br> 1855 <a 1856 href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b98b0bc8c431e3ceb4b26b0dfc8db509518fb290"> 1857 Upstream kernel</a></td> 1858 <td>High</td> 1859 <td>Android One, Nexus 5X, Nexus 6, Nexus 6P, Nexus 9, Nexus Player, Pixel 1860 C, Pixel, Pixel XL</td> 1861 <td>Dec 2, 2016</td> 1862 </tr> 1863 </table> 1864 1865 1866 <h3 id="eop-in-qualcomm-input-hardware-driver">Elevation of privilege 1867 vulnerability in Qualcomm input hardware driver</h3> 1868 <p>An elevation of privilege vulnerability in the Qualcomm input hardware driver 1869 could enable a local malicious application to execute arbitrary code within the 1870 context of the kernel. This issue is rated as High because it first requires 1871 compromising a privileged process.</p> 1872 1873 <table> 1874 <col width="19%"> 1875 <col width="20%"> 1876 <col width="10%"> 1877 <col width="23%"> 1878 <col width="17%"> 1879 <tr> 1880 <th>CVE</th> 1881 <th>References</th> 1882 <th>Severity</th> 1883 <th>Updated Google devices</th> 1884 <th>Date reported</th> 1885 </tr> 1886 <tr> 1887 <td>CVE-2017-0516</td> 1888 <td>A-32341680*<br> 1889 QC-CR#1096301</td> 1890 <td>High</td> 1891 <td>Android One, Pixel, Pixel XL</td> 1892 <td>Oct 21, 2016</td> 1893 </tr> 1894 </table> 1895 <p>* The patch for this issue is not publicly available. The update is contained 1896 in the latest binary drivers for Nexus devices available from the 1897 <a href="https://developers.google.com/android/nexus/drivers"> 1898 Google Developer site</a>.</p> 1899 1900 1901 <h3 id="eop-in-mediatek-hardware-sensor-driver">Elevation of privilege 1902 vulnerability in MediaTek Hardware Sensor Driver</h3> 1903 <p>An elevation of privilege vulnerability in the MediaTek hardware sensor driver 1904 could enable a local malicious application to execute arbitrary code within the 1905 context of the kernel. This issue is rated as High because it first requires 1906 compromising a privileged process.</p> 1907 1908 <table> 1909 <col width="19%"> 1910 <col width="20%"> 1911 <col width="10%"> 1912 <col width="23%"> 1913 <col width="17%"> 1914 <tr> 1915 <th>CVE</th> 1916 <th>References</th> 1917 <th>Severity</th> 1918 <th>Updated Google devices</th> 1919 <th>Date reported</th> 1920 </tr> 1921 <tr> 1922 <td>CVE-2017-0517</td> 1923 <td>A-32372051*<br> 1924 M-ALPS02973195</td> 1925 <td>High</td> 1926 <td>None**</td> 1927 <td>Oct 22, 2016</td> 1928 </tr> 1929 </table> 1930 <p>* The patch for this issue is not publicly available. The update is contained 1931 in the latest binary drivers for Nexus devices available from the 1932 <a href="https://developers.google.com/android/nexus/drivers"> 1933 Google Developer site</a>.</p> 1934 <p>** Supported Google devices on Android 7.0 or later that have installed all 1935 available updates are not affected by this vulnerability.</p> 1936 1937 1938 <h3 id="eop-in-qualcomm-adsprpc-driver">Elevation of privilege vulnerability in 1939 Qualcomm ADSPRPC driver</h3> 1940 <p>An elevation of privilege vulnerability in the Qualcomm ADSPRPC driver could 1941 enable a local malicious application to execute arbitrary code within the 1942 context of the kernel. This issue is rated as High because it first requires 1943 compromising a privileged process.</p> 1944 1945 <table> 1946 <col width="19%"> 1947 <col width="20%"> 1948 <col width="10%"> 1949 <col width="23%"> 1950 <col width="17%"> 1951 <tr> 1952 <th>CVE</th> 1953 <th>References</th> 1954 <th>Severity</th> 1955 <th>Updated Google devices</th> 1956 <th>Date reported</th> 1957 </tr> 1958 <tr> 1959 <td>CVE-2017-0457</td> 1960 <td>A-31695439*<br> 1961 QC-CR#1086123<br> 1962 QC-CR#1100695</td> 1963 <td>High</td> 1964 <td>Nexus 5X, Nexus 6P, Pixel, Pixel XL</td> 1965 <td>Sep 22, 2016</td> 1966 </tr> 1967 </table> 1968 <p>* The patch for this issue is not publicly available. The update is contained 1969 in the latest binary drivers for Nexus devices available from the 1970 <a href="https://developers.google.com/android/nexus/drivers"> 1971 Google Developer site</a>.</p> 1972 1973 1974 <h3 id="eop-in-qualcomm-fingerprint-sensor-driver">Elevation of privilege 1975 vulnerability in Qualcomm fingerprint sensor driver</h3> 1976 <p>An elevation of privilege vulnerability in the Qualcomm fingerprint sensor 1977 driver could enable a local malicious application to execute arbitrary code 1978 within the context of the kernel. This issue is rated as High because it first 1979 requires compromising a privileged process.</p> 1980 1981 <table> 1982 <col width="19%"> 1983 <col width="20%"> 1984 <col width="10%"> 1985 <col width="23%"> 1986 <col width="17%"> 1987 <tr> 1988 <th>CVE</th> 1989 <th>References</th> 1990 <th>Severity</th> 1991 <th>Updated Google devices</th> 1992 <th>Date reported</th> 1993 </tr> 1994 <tr> 1995 <td>CVE-2017-0518</td> 1996 <td>A-32370896*<br> 1997 QC-CR#1086530</td> 1998 <td>High</td> 1999 <td>Pixel, Pixel XL</td> 2000 <td>Oct 24, 2016</td> 2001 </tr> 2002 <tr> 2003 <td>CVE-2017-0519</td> 2004 <td>A-32372915*<br> 2005 QC-CR#1086530</td> 2006 <td>High</td> 2007 <td>Pixel, Pixel XL</td> 2008 <td>Oct 24, 2016</td> 2009 </tr> 2010 </table> 2011 <p>* The patch for this issue is not publicly available. The update is contained 2012 in the latest binary drivers for Nexus devices available from the 2013 <a href="https://developers.google.com/android/nexus/drivers"> 2014 Google Developer site</a>.</p> 2015 2016 2017 <h3 id="eop-in-qualcomm-crypto-engine-driver">Elevation of privilege 2018 vulnerability in Qualcomm crypto engine driver</h3> 2019 <p>An elevation of privilege vulnerability in the Qualcomm crypto engine driver 2020 could enable a local malicious application to execute arbitrary code within the 2021 context of the kernel. This issue is rated as High because it first requires 2022 compromising a privileged process.</p> 2023 2024 <table> 2025 <col width="19%"> 2026 <col width="20%"> 2027 <col width="10%"> 2028 <col width="23%"> 2029 <col width="17%"> 2030 <tr> 2031 <th>CVE</th> 2032 <th>References</th> 2033 <th>Severity</th> 2034 <th>Updated Google devices</th> 2035 <th>Date reported</th> 2036 </tr> 2037 <tr> 2038 <td>CVE-2017-0520</td> 2039 <td>A-31750232<br> 2040 <a 2041 href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=eb2aad752c43f57e88ab9b0c3c5ee7b976ee31dd"> 2042 QC-CR#1082636</a></td> 2043 <td>High</td> 2044 <td>Nexus 5X, Nexus 6, Nexus 6P, Android One, Pixel, Pixel XL</td> 2045 <td>Sep 24, 2016</td> 2046 </tr> 2047 </table> 2048 2049 2050 <h3 id="eop-in-qualcomm-camera-driver">Elevation of privilege vulnerability in 2051 Qualcomm camera driver</h3> 2052 <p>An elevation of privilege vulnerability in the Qualcomm camera driver could 2053 enable a local malicious application to execute arbitrary code within the 2054 context of the kernel. This issue is rated as High because it first requires 2055 compromising a privileged process.</p> 2056 2057 <table> 2058 <col width="19%"> 2059 <col width="20%"> 2060 <col width="10%"> 2061 <col width="23%"> 2062 <col width="17%"> 2063 <tr> 2064 <th>CVE</th> 2065 <th>References</th> 2066 <th>Severity</th> 2067 <th>Updated Google devices</th> 2068 <th>Date reported</th> 2069 </tr> 2070 <tr> 2071 <td>CVE-2017-0458</td> 2072 <td>A-32588962<br> 2073 <a 2074 href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=eba46cb98431ba1d7a6bd859f26f6ad03f1bf4d4"> 2075 QC-CR#1089433</a></td> 2076 <td>High</td> 2077 <td>Pixel, Pixel XL</td> 2078 <td>Oct 31, 2016</td> 2079 </tr> 2080 <tr> 2081 <td>CVE-2017-0521</td> 2082 <td>A-32919951<br> 2083 <a 2084 href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=dbe4f26f200db10deaf38676b96d8738afcc10c8"> 2085 QC-CR#1097709</a></td> 2086 <td>High</td> 2087 <td>Nexus 5X, Nexus 6P, Android One, Pixel, Pixel XL</td> 2088 <td>Nov 15, 2016</td> 2089 </tr> 2090 </table> 2091 2092 2093 <h3 id="eop-in-mediatek-apk">Elevation of privilege vulnerability in MediaTek 2094 APK</h3> 2095 <p>An elevation of privilege vulnerability in a MediaTek APK could enable a local 2096 malicious application to execute arbitrary code within the context of a 2097 privileged process. This issue is rated as High due to the possibility of local 2098 arbitrary code execution in a privileged process.</p> 2099 2100 <table> 2101 <col width="19%"> 2102 <col width="20%"> 2103 <col width="10%"> 2104 <col width="23%"> 2105 <col width="17%"> 2106 <tr> 2107 <th>CVE</th> 2108 <th>References</th> 2109 <th>Severity</th> 2110 <th>Updated Google devices</th> 2111 <th>Date reported</th> 2112 </tr> 2113 <tr> 2114 <td>CVE-2017-0522</td> 2115 <td>A-32916158*<br> 2116 M-ALPS03032516</td> 2117 <td>High</td> 2118 <td>None**</td> 2119 <td>Nov 15, 2016</td> 2120 </tr> 2121 </table> 2122 <p>* The patch for this issue is not publicly available. The update is contained 2123 in the latest binary drivers for Nexus devices available from the 2124 <a href="https://developers.google.com/android/nexus/drivers"> 2125 Google Developer site</a>.</p> 2126 <p>** Supported Google devices on Android 7.0 or later that have installed all 2127 available updates are not affected by this vulnerability.</p> 2128 2129 2130 <h3 id="eop-in-qualcomm-wi-fi-driver">Elevation of privilege vulnerability in 2131 Qualcomm Wi-Fi driver</h3> 2132 <p>An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could 2133 enable a local malicious application to execute arbitrary code within the 2134 context of the kernel. This issue is rated as High because it first requires 2135 compromising a privileged process.</p> 2136 2137 <table> 2138 <col width="19%"> 2139 <col width="20%"> 2140 <col width="10%"> 2141 <col width="23%"> 2142 <col width="17%"> 2143 <tr> 2144 <th>CVE</th> 2145 <th>References</th> 2146 <th>Severity</th> 2147 <th>Updated Google devices</th> 2148 <th>Date reported</th> 2149 </tr> 2150 <tr> 2151 <td>CVE-2017-0464</td> 2152 <td>A-32940193<br> 2153 <a 2154 href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=051597a4fe19fd1292fb7ea2e627d12d1fd2934f"> 2155 QC-CR#1102593</a></td> 2156 <td>High</td> 2157 <td>Nexus 5X, Pixel, Pixel XL</td> 2158 <td>Nov 15, 2016</td> 2159 </tr> 2160 <tr> 2161 <td>CVE-2017-0453</td> 2162 <td>A-33979145<br> 2163 <a 2164 href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=05af1f34723939f477cb7d25adb320d016d68513"> 2165 QC-CR#1105085</a></td> 2166 <td>High</td> 2167 <td>Nexus 5X, Android One</td> 2168 <td>Dec 30, 2016</td> 2169 </tr> 2170 <tr> 2171 <td>CVE-2017-0523</td> 2172 <td>A-32835279<br> 2173 <a 2174 href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=5bb646471da76d3d5cd02cf3da7a03ce6e3cb582"> 2175 QC-CR#1096945</a></td> 2176 <td>High</td> 2177 <td>None*</td> 2178 <td>Google internal</td> 2179 </tr> 2180 </table> 2181 <p>* Supported Google devices on Android 7.0 or later that have installed all 2182 available updates are not affected by this vulnerability.</p> 2183 2184 2185 <h3 id="eop-in-synaptics-touchscreen-driver">Elevation of privilege 2186 vulnerability in Synaptics touchscreen driver</h3> 2187 <p>An elevation of privilege vulnerability in the Synaptics touchscreen driver 2188 could enable a local malicious application to execute arbitrary code within the 2189 context of the kernel. This issue is rated as High because it first requires 2190 compromising a privileged process.</p> 2191 2192 <table> 2193 <col width="19%"> 2194 <col width="20%"> 2195 <col width="10%"> 2196 <col width="23%"> 2197 <col width="17%"> 2198 <tr> 2199 <th>CVE</th> 2200 <th>References</th> 2201 <th>Severity</th> 2202 <th>Updated Google devices</th> 2203 <th>Date reported</th> 2204 </tr> 2205 <tr> 2206 <td>CVE-2017-0524</td> 2207 <td>A-33002026</td> 2208 <td>High</td> 2209 <td>Android One, Nexus 5X, Nexus 6P, Nexus 9, Pixel, Pixel XL</td> 2210 <td>Nov 18, 2016</td> 2211 </tr> 2212 </table> 2213 <p>* The patch for this issue is not publicly available. The update is contained 2214 in the latest binary drivers for Nexus devices available from the 2215 <a href="https://developers.google.com/android/nexus/drivers"> 2216 Google Developer site</a>.</p> 2217 2218 2219 <h3 id="eop-in-qualcomm-ipa-driver">Elevation of privilege vulnerability in 2220 Qualcomm IPA driver</h3> 2221 <p>An elevation of privilege vulnerability in the Qualcomm IPA driver could enable 2222 a local malicious application to execute arbitrary code within the context of 2223 the kernel. This issue is rated as High because it first requires compromising 2224 a privileged process.</p> 2225 2226 <table> 2227 <col width="19%"> 2228 <col width="20%"> 2229 <col width="10%"> 2230 <col width="23%"> 2231 <col width="17%"> 2232 <tr> 2233 <th>CVE</th> 2234 <th>References</th> 2235 <th>Severity</th> 2236 <th>Updated Google devices</th> 2237 <th>Date reported</th> 2238 </tr> 2239 <tr> 2240 <td>CVE-2017-0456</td> 2241 <td>A-33106520*<br> 2242 QC-CR#1099598</td> 2243 <td>High</td> 2244 <td>Nexus 5X, Nexus 6P, Android One, Pixel, Pixel XL</td> 2245 <td>Nov 23, 2016</td> 2246 </tr> 2247 <tr> 2248 <td>CVE-2017-0525</td> 2249 <td>A-33139056*<br> 2250 QC-CR#1097714</td> 2251 <td>High</td> 2252 <td>Nexus 5X, Nexus 6P, Android One, Pixel, Pixel XL</td> 2253 <td>Nov 25, 2016</td> 2254 </tr> 2255 </table> 2256 <p>* The patch for this issue is not publicly available. The update is contained 2257 in the latest binary drivers for Nexus devices available from the 2258 <a href="https://developers.google.com/android/nexus/drivers"> 2259 Google Developer site</a>.</p> 2260 2261 2262 <h3 id="eop-in-htc-sensor-hub-driver">Elevation of privilege vulnerability in 2263 HTC Sensor Hub Driver</h3> 2264 <p>An elevation of privilege vulnerability in the HTC Sensor Hub Driver could 2265 enable a local malicious application to execute arbitrary code within the 2266 context of the kernel. This issue is rated as High because it first requires 2267 compromising a privileged process.</p> 2268 2269 <table> 2270 <col width="19%"> 2271 <col width="20%"> 2272 <col width="10%"> 2273 <col width="23%"> 2274 <col width="17%"> 2275 <tr> 2276 <th>CVE</th> 2277 <th>References</th> 2278 <th>Severity</th> 2279 <th>Updated Google devices</th> 2280 <th>Date reported</th> 2281 </tr> 2282 <tr> 2283 <td>CVE-2017-0526</td> 2284 <td>A-33897738*</td> 2285 <td>High</td> 2286 <td>Nexus 9</td> 2287 <td>Dec 25, 2016</td> 2288 </tr> 2289 <tr> 2290 <td>CVE-2017-0527</td> 2291 <td>A-33899318*</td> 2292 <td>High</td> 2293 <td>Nexus 9, Pixel, Pixel XL</td> 2294 <td>Dec 25, 2016</td> 2295 </tr> 2296 </table> 2297 <p>* The patch for this issue is not publicly available. The update is contained 2298 in the latest binary drivers for Nexus devices available from the 2299 <a href="https://developers.google.com/android/nexus/drivers"> 2300 Google Developer site</a>.</p> 2301 2302 2303 <h3 id="eop-in-nvidia-gpu-driver-2">Elevation of privilege vulnerability in 2304 NVIDIA GPU driver</h3> 2305 <p>An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a 2306 local malicious application to execute arbitrary code within the context of the 2307 kernel. This issue is rated as Critical due to the possibility of a local 2308 permanent device compromise, which may require reflashing the operating system 2309 to repair the device.</p> 2310 2311 <table> 2312 <col width="19%"> 2313 <col width="20%"> 2314 <col width="10%"> 2315 <col width="23%"> 2316 <col width="17%"> 2317 <tr> 2318 <th>CVE</th> 2319 <th>References</th> 2320 <th>Severity</th> 2321 <th>Updated Google devices</th> 2322 <th>Date reported</th> 2323 </tr> 2324 <tr> 2325 <td>CVE-2017-0307</td> 2326 <td>A-33177895*<br> 2327 N-CVE-2017-0307</td> 2328 <td>High</td> 2329 <td>None**</td> 2330 <td>Nov 28, 2016</td> 2331 </tr> 2332 </table> 2333 <p>* The patch for this issue is not publicly available. The update is contained 2334 in the latest binary drivers for Nexus devices available from the 2335 <a href="https://developers.google.com/android/nexus/drivers"> 2336 Google Developer site</a>.</p> 2337 <p>** Supported Google devices on Android 7.0 or later that have installed all 2338 available updates are not affected by this vulnerability.</p> 2339 2340 2341 <h3 id="eop-in-qualcomm-networking-driver">Elevation of privilege vulnerability 2342 in Qualcomm networking driver</h3> 2343 <p>An elevation of privilege vulnerability in the Qualcomm networking driver could 2344 enable a local malicious application to execute arbitrary code within the 2345 context of the kernel. This issue is rated as High because it first requires 2346 compromising a privileged process.</p> 2347 2348 <table> 2349 <col width="19%"> 2350 <col width="20%"> 2351 <col width="10%"> 2352 <col width="23%"> 2353 <col width="17%"> 2354 <tr> 2355 <th>CVE</th> 2356 <th>References</th> 2357 <th>Severity</th> 2358 <th>Updated Google devices</th> 2359 <th>Date reported</th> 2360 </tr> 2361 <tr> 2362 <td>CVE-2017-0463</td> 2363 <td>A-33277611<br> 2364 <a 2365 href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=955bd7e7ac097bdffbadafab90e5378038fefeb2"> 2366 QC-CR#1101792</a></td> 2367 <td>High</td> 2368 <td>Nexus 5X, Nexus 6, Nexus 6P, Android One, Pixel, Pixel XL</td> 2369 <td>Nov 30, 2016</td> 2370 </tr> 2371 <tr> 2372 <td>CVE-2017-0460 </td> 2373 <td>A-31252965*<br> 2374 QC-CR#1098801</td> 2375 <td>High</td> 2376 <td>Nexus 5X, Nexus 6, Nexus 6P, Nexus 9, Android One, Pixel, Pixel XL</td> 2377 <td>Google internal</td> 2378 </tr> 2379 </table> 2380 <p>* The patch for this issue is not publicly available. The update is contained 2381 in the latest binary drivers for Nexus devices available from the 2382 <a href="https://developers.google.com/android/nexus/drivers"> 2383 Google Developer site</a>.</p> 2384 2385 2386 <h3 id="eop-in-kernel-security-subsystem">Elevation of privilege vulnerability 2387 in kernel security subsystem</h3> 2388 <p>An elevation of privilege vulnerability in the kernel security subsystem could 2389 enable a local malicious application to to execute code in the context of a 2390 privileged process. This issue is rated as High because it is a general bypass 2391 for a kernel level defense in depth or exploit mitigation technology.</p> 2392 2393 <table> 2394 <col width="19%"> 2395 <col width="20%"> 2396 <col width="10%"> 2397 <col width="23%"> 2398 <col width="17%"> 2399 <tr> 2400 <th>CVE</th> 2401 <th>References</th> 2402 <th>Severity</th> 2403 <th>Updated Google devices</th> 2404 <th>Date reported</th> 2405 </tr> 2406 <tr> 2407 <td>CVE-2017-0528</td> 2408 <td>A-33351919*</td> 2409 <td>High</td> 2410 <td>Pixel, Pixel XL</td> 2411 <td>Dec 4, 2016</td> 2412 </tr> 2413 </table> 2414 <p>* The patch for this issue is not publicly available. The update is contained 2415 in the latest binary drivers for Nexus devices available from the 2416 <a href="https://developers.google.com/android/nexus/drivers"> 2417 Google Developer site</a>.</p> 2418 2419 2420 <h3 id="eop-in-qualcomm-spcom-driver">Elevation of privilege vulnerability in 2421 Qualcomm SPCom driver</h3> 2422 <p>An elevation of privilege vulnerability in the Qualcomm SPCom driver could 2423 enable a local malicious application to execute arbitrary code within the 2424 context of the kernel. This issue is rated as High because it first requires 2425 compromising a privileged process.</p> 2426 2427 <table> 2428 <col width="19%"> 2429 <col width="20%"> 2430 <col width="10%"> 2431 <col width="23%"> 2432 <col width="17%"> 2433 <tr> 2434 <th>CVE</th> 2435 <th>References</th> 2436 <th>Severity</th> 2437 <th>Updated Google devices</th> 2438 <th>Date reported</th> 2439 </tr> 2440 <tr> 2441 <td>CVE-2016-5856</td> 2442 <td>A-32610665<br> 2443 <a 2444 href="https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=0c0622914ba53cdcb6e79e85f64bfdf7762c0368"> 2445 QC-CR#1094078</a></td> 2446 <td>High</td> 2447 <td>None*</td> 2448 <td>Google internal</td> 2449 </tr> 2450 <tr> 2451 <td>CVE-2016-5857</td> 2452 <td>A-34386529<br> 2453 <a 2454 href="https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=d9d2c405d46ca27b25ed55a8dbd02bd1e633e2d5"> 2455 QC-CR#1094140</a></td> 2456 <td>High</td> 2457 <td>None*</td> 2458 <td>Google internal</td> 2459 </tr> 2460 </table> 2461 <p>* Supported Google devices on Android 7.0 or later that have installed all 2462 available updates are not affected by this vulnerability.</p> 2463 2464 2465 <h3 id="id-in-kernel-networking-subsystem">Information disclosure vulnerability 2466 in kernel networking subsystem</h3> 2467 <p>An information disclosure vulnerability in the kernel networking subsystem 2468 could enable a local proximate attacker to gain access to sensitive 2469 information. This issue is rated as High because it could be used to access 2470 data without permission.</p> 2471 2472 <table> 2473 <col width="19%"> 2474 <col width="20%"> 2475 <col width="10%"> 2476 <col width="23%"> 2477 <col width="17%"> 2478 <tr> 2479 <th>CVE</th> 2480 <th>References</th> 2481 <th>Severity</th> 2482 <th>Updated Google devices</th> 2483 <th>Date reported</th> 2484 </tr> 2485 <tr> 2486 <td>CVE-2014-8709</td> 2487 <td>A-34077221<br> 2488 <a 2489 href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=338f977f4eb441e69bb9a46eaa0ac715c931a67f"> 2490 Upstream kernel</a></td> 2491 <td>High</td> 2492 <td>Nexus Player</td> 2493 <td>Nov 9, 2014</td> 2494 </tr> 2495 </table> 2496 2497 2498 <h3 id="id-in-mediatek-driver">Information disclosure vulnerability in MediaTek 2499 driver</h3> 2500 <p>An information disclosure vulnerability in the MediaTek driver could enable a 2501 local malicious application to access data outside of its permission levels. 2502 This issue is rated as High because it could be used to access sensitive data 2503 without explicit user permission.</p> 2504 2505 <table> 2506 <col width="19%"> 2507 <col width="20%"> 2508 <col width="10%"> 2509 <col width="23%"> 2510 <col width="17%"> 2511 <tr> 2512 <th>CVE</th> 2513 <th>References</th> 2514 <th>Severity</th> 2515 <th>Updated Google devices</th> 2516 <th>Date reported</th> 2517 </tr> 2518 <tr> 2519 <td>CVE-2017-0529</td> 2520 <td>A-28449427*<br> 2521 M-ALPS02710042</td> 2522 <td>High</td> 2523 <td>None**</td> 2524 <td>Apr 27, 2016</td> 2525 </tr> 2526 </table> 2527 <p>* The patch for this issue is not publicly available. The update is contained 2528 in the latest binary drivers for Nexus devices available from the 2529 <a href="https://developers.google.com/android/nexus/drivers"> 2530 Google Developer site</a>.</p> 2531 <p>** Supported Google devices on Android 7.0 or later that have installed all 2532 available updates are not affected by this vulnerability.</p> 2533 2534 2535 <h3 id="id-in-qualcomm-bootloader">Information disclosure vulnerability in 2536 Qualcomm bootloader</h3> 2537 <p>An information disclosure vulnerability in the Qualcomm bootloader could help 2538 to enable a local malicious application to to execute arbitrary code within the 2539 context of the bootloader. This issue is rated as High because it is a general 2540 bypass for a bootloader level defense in depth or exploit mitigation 2541 technology.</p> 2542 2543 <table> 2544 <col width="19%"> 2545 <col width="20%"> 2546 <col width="10%"> 2547 <col width="23%"> 2548 <col width="17%"> 2549 <tr> 2550 <th>CVE</th> 2551 <th>References</th> 2552 <th>Severity</th> 2553 <th>Updated Google devices</th> 2554 <th>Date reported</th> 2555 </tr> 2556 <tr> 2557 <td>CVE-2017-0455</td> 2558 <td>A-32370952<br> 2559 <a 2560 href="https://source.codeaurora.org/quic/la/kernel/lk/commit/?id=2c00928b4884fdb0b1661bcc530d7e68c9561a2f"> 2561 QC-CR#1082755</a></td> 2562 <td>High</td> 2563 <td>Pixel, Pixel XL</td> 2564 <td>Oct 21, 2016</td> 2565 </tr> 2566 </table> 2567 2568 2569 <h3 id="id-in-qualcomm-power-driver">Information disclosure vulnerability in 2570 Qualcomm power driver</h3> 2571 <p>An information disclosure vulnerability in the Qualcomm power driver could 2572 enable a local malicious application to access data outside of its permission 2573 levels. This issue is rated as High because it could be used to access 2574 sensitive data without explicit user permission.</p> 2575 2576 <table> 2577 <col width="19%"> 2578 <col width="20%"> 2579 <col width="10%"> 2580 <col width="23%"> 2581 <col width="17%"> 2582 <tr> 2583 <th>CVE</th> 2584 <th>References</th> 2585 <th>Severity</th> 2586 <th>Updated Google devices</th> 2587 <th>Date reported</th> 2588 </tr> 2589 <tr> 2590 <td>CVE-2016-8483</td> 2591 <td>A-33745862<br> 2592 <a 2593 href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=6997dcb7ade1315474855821e64782205cb0b53a"> 2594 QC-CR#1035099</a></td> 2595 <td>High</td> 2596 <td>Nexus 5X, Nexus 6P</td> 2597 <td>Dec 19, 2016</td> 2598 </tr> 2599 </table> 2600 2601 2602 <h3 id="id-in-nvidia-gpu-driver">Information disclosure vulnerability in NVIDIA 2603 GPU driver</h3> 2604 <p>An information disclosure vulnerability in the NVIDIA GPU driver could enable a 2605 local malicious application to access data outside of its permission levels. 2606 This issue is rated as High because it could be used to access sensitive data 2607 without explicit user permission.</p> 2608 2609 <table> 2610 <col width="19%"> 2611 <col width="20%"> 2612 <col width="10%"> 2613 <col width="23%"> 2614 <col width="17%"> 2615 <tr> 2616 <th>CVE</th> 2617 <th>References</th> 2618 <th>Severity</th> 2619 <th>Updated Google devices</th> 2620 <th>Date reported</th> 2621 </tr> 2622 <tr> 2623 <td>CVE-2017-0334</td> 2624 <td>A-33245849*<br> 2625 N-CVE-2017-0334</td> 2626 <td>High</td> 2627 <td>Pixel C</td> 2628 <td>Nov 30, 2016</td> 2629 </tr> 2630 <tr> 2631 <td>CVE-2017-0336</td> 2632 <td>A-33042679*<br> 2633 N-CVE-2017-0336</td> 2634 <td>High</td> 2635 <td>Pixel C</td> 2636 <td>Google internal</td> 2637 </tr> 2638 </table> 2639 <p>* The patch for this issue is not publicly available. The update is contained 2640 in the latest binary drivers for Nexus devices available from the 2641 <a href="https://developers.google.com/android/nexus/drivers"> 2642 Google Developer site</a>.</p> 2643 2644 2645 <h3 id="dos-in-kernel-cryptographic-subsystem">Denial of service vulnerability 2646 in kernel cryptographic subsystem</h3> 2647 <p>A denial of service vulnerability in the kernel cryptographic subsystem could 2648 enable a remote attacker to use a specially crafted network packet to cause a 2649 device hang or reboot. This issue is rated as High due to the possibility of 2650 remote denial of service.</p> 2651 2652 <table> 2653 <col width="19%"> 2654 <col width="20%"> 2655 <col width="10%"> 2656 <col width="23%"> 2657 <col width="17%"> 2658 <tr> 2659 <th>CVE</th> 2660 <th>References</th> 2661 <th>Severity</th> 2662 <th>Updated Google devices</th> 2663 <th>Date reported</th> 2664 </tr> 2665 <tr> 2666 <td>CVE-2016-8650</td> 2667 <td>A-33401771<br> 2668 <a 2669 href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f5527fffff3f002b0a6b376163613b82f69de073"> 2670 Upstream kernel</a></td> 2671 <td>High</td> 2672 <td>Nexus 5X, Nexus 6P, Pixel, Pixel XL</td> 2673 <td>Oct 12, 2016</td> 2674 </tr> 2675 </table> 2676 2677 2678 <h3 id="eop-in-qualcomm-camera-driver-(device-specific)">Elevation of privilege 2679 vulnerability in Qualcomm camera driver (device specific)</h3> 2680 <p>An elevation of privilege vulnerability in the Qualcomm camera driver could 2681 enable a local malicious application to execute arbitrary code within the 2682 context of the kernel. This issue is rated as Moderate because it first 2683 requires compromising a privileged process and is mitigated by current platform 2684 configurations.</p> 2685 2686 <table> 2687 <col width="19%"> 2688 <col width="20%"> 2689 <col width="10%"> 2690 <col width="23%"> 2691 <col width="17%"> 2692 <tr> 2693 <th>CVE</th> 2694 <th>References</th> 2695 <th>Severity</th> 2696 <th>Updated Google devices</th> 2697 <th>Date reported</th> 2698 </tr> 2699 <tr> 2700 <td>CVE-2016-8417</td> 2701 <td>A-32342399<br> 2702 <a 2703 href="https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=01dcc0a7cc23f23a89adf72393d5a27c6d576cd0"> 2704 QC-CR#1088824</a></td> 2705 <td>Moderate</td> 2706 <td>Nexus 5X, Nexus 6, Nexus 6P, Android One, Pixel, Pixel XL</td> 2707 <td>Oct 21, 2016</td> 2708 </tr> 2709 </table> 2710 2711 2712 <h3 id="id-in-qualcomm-wi-fi-driver">Information disclosure vulnerability in 2713 Qualcomm Wi-Fi driver</h3> 2714 <p>An information disclosure vulnerability in the Qualcomm Wi-Fi driver could 2715 enable a local malicious application to access data outside of its permission 2716 levels. This issue is rated as Moderate because it first requires compromising 2717 a privileged process.</p> 2718 2719 <table> 2720 <col width="19%"> 2721 <col width="20%"> 2722 <col width="10%"> 2723 <col width="23%"> 2724 <col width="17%"> 2725 <tr> 2726 <th>CVE</th> 2727 <th>References</th> 2728 <th>Severity</th> 2729 <th>Updated Google devices</th> 2730 <th>Date reported</th> 2731 </tr> 2732 <tr> 2733 <td>CVE-2017-0461</td> 2734 <td>A-32073794<br> 2735 <a 2736 href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=ce5d6f84420a2e6ca6aad6b866992970dd313a65"> 2737 QC-CR#1100132</a></td> 2738 <td>Moderate</td> 2739 <td>Android One, Nexus 5X, Pixel, Pixel XL</td> 2740 <td>Oct 9, 2016</td> 2741 </tr> 2742 <tr> 2743 <td>CVE-2017-0459</td> 2744 <td>A-32644895<br> 2745 <a 2746 href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?h=rel/msm-3.18&id=ffacf6e2dc41b6063c3564791ed7a2f903e7e3b7"> 2747 QC-CR#1091939</a></td> 2748 <td>Moderate</td> 2749 <td>Pixel, Pixel XL</td> 2750 <td>Nov 3, 2016</td> 2751 </tr> 2752 <tr> 2753 <td>CVE-2017-0531</td> 2754 <td>A-32877245<br> 2755 <a 2756 href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=530f3a0fd837ed105eddaf99810bc13d97dc4302"> 2757 QC-CR#1087469</a></td> 2758 <td>Moderate</td> 2759 <td>Android One, Nexus 5X, Nexus 6P, Pixel, Pixel XL</td> 2760 <td>Nov 13, 2016</td> 2761 </tr> 2762 </table> 2763 2764 2765 <h3 id="id-in-mediatek-video-codec-driver">Information disclosure vulnerability 2766 in MediaTek video codec driver</h3> 2767 <p>An information disclosure vulnerability in the MediaTek video codec driver 2768 could enable a local malicious application to access data outside of its 2769 permission levels. This issue is rated as Moderate because it first requires 2770 compromising a privileged process.</p> 2771 2772 <table> 2773 <col width="19%"> 2774 <col width="20%"> 2775 <col width="10%"> 2776 <col width="23%"> 2777 <col width="17%"> 2778 <tr> 2779 <th>CVE</th> 2780 <th>References</th> 2781 <th>Severity</th> 2782 <th>Updated Google devices</th> 2783 <th>Date reported</th> 2784 </tr> 2785 <tr> 2786 <td>CVE-2017-0532</td> 2787 <td>A-32370398*<br> 2788 M-ALPS03069985</td> 2789 <td>Moderate</td> 2790 <td>None**</td> 2791 <td>Oct 22, 2016</td> 2792 </tr> 2793 </table> 2794 <p>* The patch for this issue is not publicly available. The update is contained 2795 in the latest binary drivers for Nexus devices available from the 2796 <a href="https://developers.google.com/android/nexus/drivers"> 2797 Google Developer site</a>.</p> 2798 <p>** Supported Google devices on Android 7.0 or later that have installed all 2799 available updates are not affected by this vulnerability.</p> 2800 2801 2802 <h3 id="id-in-qualcomm-video-driver">Information disclosure vulnerability in 2803 Qualcomm video driver</h3> 2804 <p>An information disclosure vulnerability in the Qualcomm video driver could 2805 enable a local malicious application to access data outside of its permission 2806 levels. This issue is rated as Moderate because it first requires compromising 2807 a privileged process.</p> 2808 2809 <table> 2810 <col width="19%"> 2811 <col width="20%"> 2812 <col width="10%"> 2813 <col width="23%"> 2814 <col width="17%"> 2815 <tr> 2816 <th>CVE</th> 2817 <th>References</th> 2818 <th>Severity</th> 2819 <th>Updated Google devices</th> 2820 <th>Date reported</th> 2821 </tr> 2822 <tr> 2823 <td>CVE-2017-0533</td> 2824 <td>A-32509422<br> 2825 <a 2826 href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=e3af5e89426f1c8d4e703d415eff5435b925649f"> 2827 QC-CR#1088206</a></td> 2828 <td>Moderate</td> 2829 <td>Pixel, Pixel XL</td> 2830 <td>Oct 27, 2016</td> 2831 </tr> 2832 <tr> 2833 <td>CVE-2017-0534</td> 2834 <td>A-32508732<br> 2835 <a 2836 href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=e3af5e89426f1c8d4e703d415eff5435b925649f"> 2837 QC-CR#1088206</a></td> 2838 <td>Moderate</td> 2839 <td>Pixel, Pixel XL</td> 2840 <td>Oct 28, 2016</td> 2841 </tr> 2842 <tr> 2843 <td>CVE-2016-8416</td> 2844 <td>A-32510746<br> 2845 <a 2846 href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=e3af5e89426f1c8d4e703d415eff5435b925649f"> 2847 QC-CR#1088206</a></td> 2848 <td>Moderate</td> 2849 <td>Pixel, Pixel XL</td> 2850 <td>Oct 28, 2016</td> 2851 </tr> 2852 <tr> 2853 <td>CVE-2016-8478</td> 2854 <td>A-32511270<br> 2855 <a 2856 href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=e3af5e89426f1c8d4e703d415eff5435b925649f"> 2857 QC-CR#1088206</a></td> 2858 <td>Moderate</td> 2859 <td>Pixel, Pixel XL</td> 2860 <td>Oct 28, 2016</td> 2861 </tr> 2862 </table> 2863 2864 2865 <h3 id="id-in-qualcomm-camera-driver">Information disclosure vulnerability in 2866 Qualcomm camera driver</h3> 2867 <p>An information disclosure vulnerability in the Qualcomm camera driver could 2868 enable a local malicious application to access data outside of its permission 2869 levels. This issue is rated as Moderate because it first requires compromising 2870 a privileged process.</p> 2871 2872 <table> 2873 <col width="19%"> 2874 <col width="20%"> 2875 <col width="10%"> 2876 <col width="23%"> 2877 <col width="17%"> 2878 <tr> 2879 <th>CVE</th> 2880 <th>References</th> 2881 <th>Severity</th> 2882 <th>Updated Google devices</th> 2883 <th>Date reported</th> 2884 </tr> 2885 <tr> 2886 <td>CVE-2016-8413</td> 2887 <td>A-32709702<br> 2888 <a 2889 href="https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=bc77232707df371ff6bab9350ae39676535c0e9d"> 2890 QC-CR#518731</a></td> 2891 <td>Moderate</td> 2892 <td>Nexus 5X, Nexus 6, Nexus 6P, Android One, Pixel, Pixel XL</td> 2893 <td>Nov 4, 2016</td> 2894 </tr> 2895 <tr> 2896 <td>CVE-2016-8477</td> 2897 <td>A-32720522<br> 2898 <a 2899 href="https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=33c9042e38506b04461fa99e304482bc20923508"> 2900 QC-CR#1090007</a> 2901 [<a href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=96145eb5f0631f0e105d47abebc8f940f7621eeb">2</a>]</td> 2902 <td>Moderate</td> 2903 <td>Nexus 5X, Nexus 6, Nexus 6P, Android One, Pixel, Pixel XL</td> 2904 <td>Nov 7, 2016</td> 2905 </tr> 2906 </table> 2907 2908 2909 <h3 id="id-in-htc-sound-codec-driver">Information disclosure vulnerability in 2910 HTC sound codec driver</h3> 2911 <p>An information disclosure vulnerability in the HTC sound codec driver could 2912 enable a local malicious application to access data outside of its permission 2913 levels. This issue is rated as Moderate because it first requires compromising 2914 a privileged process.</p> 2915 2916 <table> 2917 <col width="19%"> 2918 <col width="20%"> 2919 <col width="10%"> 2920 <col width="23%"> 2921 <col width="17%"> 2922 <tr> 2923 <th>CVE</th> 2924 <th>References</th> 2925 <th>Severity</th> 2926 <th>Updated Google devices</th> 2927 <th>Date reported</th> 2928 </tr> 2929 <tr> 2930 <td>CVE-2017-0535</td> 2931 <td>A-33547247*</td> 2932 <td>Moderate</td> 2933 <td>Nexus 9</td> 2934 <td>Dec 11, 2016</td> 2935 </tr> 2936 </table> 2937 <p>* The patch for this issue is not publicly available. The update is contained 2938 in the latest binary drivers for Nexus devices available from the 2939 <a href="https://developers.google.com/android/nexus/drivers"> 2940 Google Developer site</a>.</p> 2941 2942 2943 <h3 id="id-in-synaptics-touchscreen-driver">Information disclosure 2944 vulnerability in Synaptics touchscreen driver</h3> 2945 <p>An information disclosure vulnerability in the Synaptics touchscreen driver 2946 could enable a local malicious application to access data outside of its 2947 permission levels. This issue is rated as Moderate because it first requires 2948 compromising a privileged process.</p> 2949 2950 <table> 2951 <col width="19%"> 2952 <col width="20%"> 2953 <col width="10%"> 2954 <col width="23%"> 2955 <col width="17%"> 2956 <tr> 2957 <th>CVE</th> 2958 <th>References</th> 2959 <th>Severity</th> 2960 <th>Updated Google devices</th> 2961 <th>Date reported</th> 2962 </tr> 2963 <tr> 2964 <td>CVE-2017-0536</td> 2965 <td>A-33555878*</td> 2966 <td>Moderate</td> 2967 <td>Android One, Nexus 5X, Nexus 6P, Nexus 9, Pixel, Pixel XL</td> 2968 <td>Dec 12, 2016</td> 2969 </tr> 2970 </table> 2971 <p>* The patch for this issue is not publicly available. The update is contained 2972 in the latest binary drivers for Nexus devices available from the 2973 <a href="https://developers.google.com/android/nexus/drivers"> 2974 Google Developer site</a>.</p> 2975 2976 2977 <h3 id="id-in-kernel-usb-gadget-driver">Information disclosure vulnerability in 2978 kernel USB gadget driver</h3> 2979 <p>An information disclosure vulnerability in the kernel USB gadget driver could 2980 enable a local malicious application to access data outside of its permission 2981 levels. This issue is rated as Moderate because it first requires compromising 2982 a privileged process.</p> 2983 2984 <table> 2985 <col width="19%"> 2986 <col width="20%"> 2987 <col width="10%"> 2988 <col width="23%"> 2989 <col width="17%"> 2990 <tr> 2991 <th>CVE</th> 2992 <th>References</th> 2993 <th>Severity</th> 2994 <th>Updated Google devices</th> 2995 <th>Date reported</th> 2996 </tr> 2997 <tr> 2998 <td>CVE-2017-0537</td> 2999 <td>A-31614969*</td> 3000 <td>Moderate</td> 3001 <td>Pixel C</td> 3002 <td>Google internal</td> 3003 </tr> 3004 </table> 3005 <p>* The patch for this issue is not publicly available. The update is contained 3006 in the latest binary drivers for Nexus devices available from the 3007 <a href="https://developers.google.com/android/nexus/drivers"> 3008 Google Developer site</a>.</p> 3009 3010 3011 <h3 id="id-in-qualcomm-camera-driver-2">Information disclosure vulnerability in 3012 Qualcomm camera driver</h3> 3013 <p>An information disclosure vulnerability in the Qualcomm camera driver could 3014 enable a local malicious application to access data outside of its permission 3015 levels. This issue is rated as Low because it first requires compromising a 3016 privileged process.</p> 3017 3018 <table> 3019 <col width="19%"> 3020 <col width="20%"> 3021 <col width="10%"> 3022 <col width="23%"> 3023 <col width="17%"> 3024 <tr> 3025 <th>CVE</th> 3026 <th>References</th> 3027 <th>Severity</th> 3028 <th>Updated Google devices</th> 3029 <th>Date reported</th> 3030 </tr> 3031 <tr> 3032 <td>CVE-2017-0452</td> 3033 <td>A-32873615*<br> 3034 QC-CR#1093693</td> 3035 <td>Low</td> 3036 <td>Nexus 5X, Nexus 6P, Android One</td> 3037 <td>Nov 10, 2016</td> 3038 </tr> 3039 </table> 3040 <p>* The patch for this issue is not publicly available. The update is contained 3041 in the latest binary drivers for Nexus devices available from the 3042 <a href="https://developers.google.com/android/nexus/drivers"> 3043 Google Developer site</a>.</p> 3044 <h2 id="common-questions-and-answers">Common Questions and Answers</h2> 3045 <p>This section answers common questions that may occur after reading this 3046 bulletin.</p> 3047 <p><strong>1. How do I determine if my device is updated to address these issues? 3048 </strong></p> 3049 <p>To learn how to check a device's security patch level, read the instructions on 3050 the <a 3051 href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">Pixel 3052 and Nexus update schedule</a>.</p> 3053 <ul> 3054 <li>Security patch levels of 2017-03-01 or later address all issues associated 3055 with the 2017-03-01 security patch level.</li> 3056 <li>Security patch levels of 2017-03-05 or later address all issues associated 3057 with the 2017-03-05 security patch level and all previous patch levels. 3058 </li> 3059 </ul> 3060 <p>Device manufacturers that include these updates should set the patch string 3061 level to:</p> 3062 <ul> 3063 <li>[ro.build.version.security_patch]:[2017-03-01]</li> 3064 <li>[ro.build.version.security_patch]:[2017-03-05]</li> 3065 </ul> 3066 <p><strong>2. Why does this bulletin have two security patch levels?</strong></p> 3067 <p>This bulletin has two security patch levels so that Android partners have the 3068 flexibility to fix a subset of vulnerabilities that are similar across all 3069 Android devices more quickly. Android partners are encouraged to fix all issues 3070 in this bulletin and use the latest security patch level.</p> 3071 <ul> 3072 <li>Devices that use the March 1, 2017 security patch level must include all 3073 issues associated with that security patch level, as well as fixes for all 3074 issues reported in previous security bulletins.</li> 3075 <li>Devices that use the security patch level of March 5, 2017 or newer must 3076 include all applicable patches in this (and previous) security 3077 bulletins.</li> 3078 </ul> 3079 <p>Partners are encouraged to bundle the fixes for all issues they are addressing 3080 in a single update.</p> 3081 <p><strong>3. How do I determine which Google devices are affected by each 3082 issue?</strong></p> 3083 <p>In the <a href="#2017-03-01-details">2017-03-01</a> and 3084 <a href="#2017-03-05-details">2017-03-05</a> 3085 security vulnerability details sections, each table has an <em>Updated Google 3086 devices</em> column that covers the range of affected Google devices updated for 3087 each issue. This column has a few options:</p> 3088 <ul> 3089 <li><strong>All Google devices</strong>: If an issue affects All and Pixel 3090 devices, the table will have "All" in the <em>Updated Google devices</em> 3091 column. "All" encapsulates the following <a 3092 href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">supported 3093 devices</a>: Nexus 5X, Nexus 6, Nexus 6P, Nexus 7 (2013), Nexus 9, Android One, 3094 Nexus Player, Pixel C, Pixel, and Pixel XL.</li> 3095 <li><strong>Some Google devices</strong>: If an issue doesn't affect all Google 3096 devices, the affected Google devices are listed in the <em>Updated Google 3097 devices</em> column.</li> 3098 <li><strong>No Google devices</strong>: If no Google devices running Android 7.0 3099 are affected by the issue, the table will have "None" in the <em>Updated Google 3100 devices</em> column. </li> 3101 </ul> 3102 <p><strong>4. What do the entries in the references column map to?</strong></p> 3103 <p>Entries under the <em>References</em> column of the vulnerability details table 3104 may contain a prefix identifying the organization to which the reference value 3105 belongs. These prefixes map as follows:</p> 3106 <table> 3107 <tr> 3108 <th>Prefix</th> 3109 <th>Reference</th> 3110 </tr> 3111 <tr> 3112 <td>A-</td> 3113 <td>Android bug ID</td> 3114 </tr> 3115 <tr> 3116 <td>QC-</td> 3117 <td>Qualcomm reference number</td> 3118 </tr> 3119 <tr> 3120 <td>M-</td> 3121 <td>MediaTek reference number</td> 3122 </tr> 3123 <tr> 3124 <td>N-</td> 3125 <td>NVIDIA reference number</td> 3126 </tr> 3127 <tr> 3128 <td>B-</td> 3129 <td>Broadcom reference number</td> 3130 </tr> 3131 </table> 3132 <h2 id="revisions">Revisions</h2> 3133 <ul> 3134 <li>March 06, 2017: Bulletin published.</li> 3135 <li>March 07, 2017: Bulletin revised to include AOSP links.</li> 3136 </ul> 3137 3138