1 <html devsite> 2 <head> 3 <title>Android Security BulletinJanuary 2017</title> 4 <meta name="project_path" value="/_project.yaml" /> 5 <meta name="book_path" value="/_book.yaml" /> 6 </head> 7 <body> 8 <!-- 9 Copyright 2017 The Android Open Source Project 10 11 Licensed under the Apache License, Version 2.0 (the "License"); 12 you may not use this file except in compliance with the License. 13 You may obtain a copy of the License at 14 15 http://www.apache.org/licenses/LICENSE-2.0 16 17 Unless required by applicable law or agreed to in writing, software 18 distributed under the License is distributed on an "AS IS" BASIS, 19 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 20 See the License for the specific language governing permissions and 21 limitations under the License. 22 --> 23 24 25 <p><em>Published January 03, 2017 | Updated February 2, 2017</em></p> 26 27 <p>The Android Security Bulletin contains details of security vulnerabilities 28 affecting Android devices. Alongside the bulletin, we have released a security 29 update to Google devices through an over-the-air (OTA) update. The Google device 30 firmware images have also been released to the <a 31 href="https://developers.google.com/android/nexus/images">Google Developer 32 site</a>. Security patch levels of January 05, 2017 or later address all of 33 these issues. Refer to the <a 34 href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">Pixel 35 and Nexus update schedule</a> to learn how to check a device's security patch 36 level.</p> 37 38 <p>Partners were notified of the issues described in the bulletin on December 05, 39 2016 or earlier. Source code patches for these issues have been released to the 40 Android Open Source Project (AOSP) repository and linked from this bulletin. 41 This bulletin also includes links to patches outside of AOSP.</p> 42 43 <p>The most severe of these issues is a Critical security vulnerability that could 44 enable remote code execution on an affected device through multiple methods such 45 as email, web browsing, and MMS when processing media files. The 46 <a href="/security/overview/updates-resources.html#severity">severity 47 assessment</a> is based on the effect that exploiting the vulnerability would 48 possibly have on an affected device, assuming the platform and service 49 mitigations are disabled for development purposes or if successfully bypassed.</p> 50 51 <p>We have had no reports of active customer exploitation or abuse of these newly 52 reported issues. Refer to the <a 53 href="#mitigations">Android and Google service 54 mitigations</a> section for details on the <a 55 href="/security/enhancements/index.html">Android 56 security platform protections</a> and service protections such as <a 57 href="https://developer.android.com/training/safetynet/index.html">SafetyNet</a>, 58 which improve the security of the Android platform.</p> 59 60 <p>We encourage all customers to accept these updates to their devices.</p> 61 62 <h2 id="announcements">Announcements</h2> 63 <ul> 64 <li>This bulletin has two security patch level strings to provide Android 65 partners with the flexibility to more quickly fix a subset of vulnerabilities 66 that are similar across all Android devices. See <a 67 href="#common-questions-and-answers">Common questions and answers</a> for 68 additional information: 69 <ul> 70 <li><strong>2017-01-01</strong>: Partial security patch level string. This 71 security patch level string indicates that all issues associated with 2017-01-01 72 (and all previous security patch level strings) are addressed.</li> 73 <li><strong>2017-01-05</strong>: Complete security patch level string. This 74 security patch level string indicates that all issues associated with 2017-01-01 75 and 2017-01-05 (and all previous security patch level strings) are addressed.</li> 76 </ul> 77 </li> 78 <li>Supported Google devices will receive a single OTA update with the January 79 05, 2017 security patch level.</li> 80 </ul> 81 <h2 id="security-vulnerability-summary">Security vulnerability summary</h2> 82 <p>The tables below contains a list of security vulnerabilities, the Common 83 Vulnerability and Exposures ID (CVE), the assessed severity, and whether or not 84 Google devices are affected. The <a 85 href="/security/overview/updates-resources.html#severity">severity 86 assessment</a> is based on the effect that exploiting the vulnerability would 87 possibly have on an affected device, assuming the platform and service 88 mitigations are disabled for development purposes or if successfully bypassed.</p> 89 90 <h2 id="mitigations">Android and Google service 91 mitigations</h2> 92 <p>This is a summary of the mitigations provided by the <a 93 href="/security/enhancements/index.html">Android 94 security platform</a> and service protections, such as SafetyNet. These 95 capabilities reduce the likelihood that security vulnerabilities could be 96 successfully exploited on Android.</p> 97 <ul> 98 <li>Exploitation for many issues on Android is made more difficult by 99 enhancements in newer versions of the Android platform. We encourage all users 100 to update to the latest version of Android where possible.</li> 101 <li>The Android Security team actively monitors for abuse with 102 <a href="http://static.googleusercontent.com/media/source.android.com/en//security/reports/Google_Android_Security_2015_Report_Final.pdf">Verify 103 Apps and SafetyNet</a>, which are designed to warn users about 104 <a href="http://static.googleusercontent.com/media/source.android.com/en//security/reports/Google_Android_Security_PHA_classifications.pdf">Potentially 105 Harmful Applications</a>. Verify Apps is enabled by default on devices with <a 106 href="http://www.android.com/gms">Google Mobile Services</a> and is especially 107 important for users who install applications from outside of Google Play. Device 108 rooting tools are prohibited within Google Play, but Verify Apps warns users 109 when they attempt to install a detected rooting applicationno matter where it 110 comes from. Additionally, Verify Apps attempts to identify and block 111 installation of known malicious applications that exploit a privilege escalation 112 vulnerability. If such an application has already been installed, Verify Apps 113 will notify the user and attempt to remove the detected application.</li> 114 <li>As appropriate, Google Hangouts and Messenger applications do not 115 automatically pass media to processes such as Mediaserver.</li> 116 </ul> 117 <h2 id="acknowledgements">Acknowledgements</h2> 118 <p>We would like to thank these researchers for their contributions:</p> 119 <ul> 120 <li>Alexandru Blanda: CVE-2017-0390</li> 121 <li>Daniel Micay of Copperhead Security: CVE-2017-0397</li> 122 <li>Daxing Guo (<a href="https://twitter.com/freener0">@freener0</a>) of Xuanwu 123 Lab, Tencent: CVE-2017-0386</li> 124 <li><a href="mailto:derrek.haxx (a] gmail.com">derrek</a> (<a 125 href="https://twitter.com/derrekr6">@derrekr6</a>): CVE-2017-0392</li> 126 <li>Di Shen (<a href="https://twitter.com/returnsme">@returnsme</a>) of KeenLab 127 (<a href="https://twitter.com/keen_lab">@keen_lab</a>), Tencent: CVE-2016-8412, 128 CVE-2016-8444, CVE-2016-8427, CVE-2017-0403</li> 129 <li>donfos (Aravind Machiry) of Shellphish Grill Team, UC Santa Barbara: 130 CVE-2016-8448, CVE-2016-8470, CVE-2016-8471, CVE-2016-8472</li> 131 <li>En He (<a href="http://twitter.com/heeeeen4x">@heeeeen4x</a>) of <a 132 href="http://www.ms509.com">MS509Team</a>: CVE-2017-0394</li> 133 <li>Gengjia Chen (<a href="https://twitter.com/chengjia4574">@chengjia4574</a>) 134 and <a href="http://weibo.com/jfpan">pjf</a> of IceSword Lab, Qihoo 360 135 Technology Co. Ltd.: CVE-2016-8464</li> 136 <li>Google WebM Team: CVE-2017-0393</li> 137 <li>Guang Gong () (<a href="http://twitter.com/oldfresher">@oldfresher</a>) of 138 Alpha Team, <a href="http://www.360.com">Qihoo 360 Technology Co. Ltd.</a>: 139 CVE-2017-0387</li> 140 <li>Hao Chen and Guang Gong of Alpha Team, Qihoo 360 Technology Co. Ltd.: 141 CVE-2016-8415, CVE-2016-8454, CVE-2016-8455, CVE-2016-8456, CVE-2016-8457, 142 CVE-2016-8465</li> 143 <li>Jianqiang Zhao (<a 144 href="https://twitter.com/jianqiangzhao">@jianqiangzhao</a>) and <a 145 href="http://weibo.com/jfpan">pjf</a> of IceSword Lab, Qihoo 360: CVE-2016-8475</li> 146 <li>Jon Sawyer (<a href="http://twitter.com/jcase">@jcase</a>) and Sean Beaupre 147 (<a href="https://twitter.com/firewaterdevs">@firewaterdevs</a>): CVE-2016-8462</li> 148 <li>Jon Sawyer (<a href="http://twitter.com/jcase">@jcase</a>), Sean Beaupre (<a 149 href="https://twitter.com/firewaterdevs">@firewaterdevs</a>), and Ben Actis (<a 150 href="https://twitter.com/ben_ra">@Ben_RA</a>): CVE-2016-8461</li> 151 <li>Mingjian Zhou (<a 152 href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>), Yuqi Lu (<a 153 href="https://twitter.com/nikos233__">@nikos233</a>), Chiachih Wu (<a 154 href="https://twitter.com/chiachih_wu">@chiachih_wu</a>), and Xuxian Jiang of <a 155 href="http://c0reteam.org">C0RE Team</a>: CVE-2017-0383</li> 156 <li>Monk Avel: CVE-2017-0396, CVE-2017-0399</li> 157 <li>Peter Pi (<a href="https://twitter.com/heisecode">@heisecode</a>) of Trend 158 Micro: CVE-2016-8469, CVE-2016-8424, CVE-2016-8428, CVE-2016-8429, 159 CVE-2016-8460, CVE-2016-8473, CVE-2016-8474</li> 160 <li>Qidan He () (<a href="https://twitter.com/flanker_hqd">@flanker_hqd</a>) 161 of KeenLab, Tencent (): CVE-2017-0382</li> 162 <li>Roee Hay and Michael Goberman of IBM Security X-Force: CVE-2016-8467</li> 163 <li>Seven Shen (<a href="https://twitter.com/lingtongshen">@lingtongshen</a>) of 164 Trend Micro Mobile Threat Research Team: CVE-2016-8466</li> 165 <li>Stephen Morrow: CVE-2017-0389</li> 166 <li>V.E.O (<a href="https://twitter.com/vysea">@VYSEa</a>) of Mobile Threat 167 Research Team, <a href="http://www.trendmicro.com">Trend Micro</a>: 168 CVE-2017-0381</li> 169 <li>Weichao Sun (<a href="https://twitter.com/sunblate">@sunblate</a>) of 170 Alibaba Inc.: CVE-2017-0391</li> 171 <li><a href="mailto:vancouverdou (a] gmail.com">Wenke Dou</a>, Chiachih Wu (<a 172 href="https://twitter.com/chiachih_wu">@chiachih_wu</a>), and Xuxian Jiang of <a 173 href="http://c0reteam.org">C0RE Team</a>: CVE-2017-0402, CVE-2017-0398</li> 174 <li><a href="mailto:vancouverdou (a] gmail.com">Wenke Dou</a>, <a 175 href="mailto:arnow117 (a] gmail.com">Hanxiang Wen</a>, Chiachih Wu (<a 176 href="https://twitter.com/chiachih_wu">@chiachih_wu</a>), and Xuxian Jiang of <a 177 href="http://c0reteam.org">C0RE Team</a>: CVE-2017-0400</li> 178 <li><a href="mailto:vancouverdou (a] gmail.com">Wenke Dou</a>, <a 179 href="mailto:hlhan (a] bupt.edu.cn">Hongli Han</a>, Chiachih Wu (<a 180 href="https://twitter.com/chiachih_wu">@chiachih_wu</a>), and Xuxian Jiang of <a 181 href="http://c0reteam.org">C0RE Team</a>: CVE-2017-0384, CVE-2017-0385</li> 182 <li><a href="mailto:vancouverdou (a] gmail.com">Wenke Dou</a>, Yuqi Lu (<a 183 href="https://twitter.com/nikos233__">@nikos233</a>), Chiachih Wu (<a 184 href="https://twitter.com/chiachih_wu">@chiachih_wu</a>), and Xuxian Jiang of <a 185 href="http://c0reteam.org">C0RE Team</a>: CVE-2017-0401</li> 186 <li><a href="mailto:yaojun8558363 (a] gmail.com">Yao Jun</a>, <a 187 href="mailto:computernik (a] gmail.com">Yuan-Tsung Lo</a>, Chiachih Wu (<a 188 href="https://twitter.com/chiachih_wu">@chiachih_wu</a>), and Xuxian Jiang of <a 189 href="http://c0reteam.org">C0RE Team</a>: CVE-2016-8431, CVE-2016-8432, 190 CVE-2016-8435</li> 191 <li>Yong Wang () (<a 192 href="https://twitter.com/ThomasKing2014">@ThomasKing2014</a>) and Jun Cheng of 193 Alibaba Inc.: CVE-2017-0404</li> 194 <li><a href="mailto:computernik (a] gmail.com">Yuan-Tsung Lo</a>, <a 195 href="mailto:segfault5514 (a] gmail.com">Tong Lin</a>, Chiachih Wu (<a 196 href="https://twitter.com/chiachih_wu">@chiachih_wu</a>), and Xuxian Jiang of <a 197 href="http://c0reteam.org">C0RE Team</a>: CVE-2016-8425, CVE-2016-8426, 198 CVE-2016-8449</li> 199 <li><a href="mailto:computernik (a] gmail.com">Yuan-Tsung Lo</a>, <a 200 href="mailto:bigwyfone (a] gmail.com">Yanfeng Wang</a>, Chiachih Wu (<a 201 href="https://twitter.com/chiachih_wu">@chiachih_wu</a>), and Xuxian Jiang of <a 202 href="http://c0reteam.org">C0RE Team</a>: CVE-2016-8430, CVE-2016-8482</li> 203 <li>Yuxiang Li (<a href="https://twitter.com/xbalien29">@Xbalien29</a>) of 204 Tencent Security Platform Department: CVE-2017-0395</li> 205 <li>Zhanpeng Zhao () (<a href="https://twitter.com/0xr0ot">@0xr0ot</a>) of 206 Security Research Lab, <a href="http://www.cmcm.com/">Cheetah Mobile</a>: 207 CVE-2016-8451</li> 208 </ul> 209 <p>We would also like to thank the following researchers for their contributions to 210 this bulletin:</p> 211 <ul> 212 <li>Baozeng Ding, Chengming Yang, Peng Xiao, Ning You, Yang Dong, Chao Yang, Yi 213 Zhang and Yang Song of Alibaba Mobile Security Group</li> 214 <li>Peter Pi (<a href="https://twitter.com/heisecode">@heisecode</a>) of Trend 215 Micro</li> 216 <li>Zubin Mithra of Google</li> 217 </ul> 218 219 <h2 id="2017-01-01-details">2017-01-01 security patch levelVulnerability 220 details</h2> 221 <p> 222 In the sections below, we provide details for each of the security 223 vulnerabilities that apply to the 2017-01-01 patch level. There is a description of 224 the issue, a severity rationale, and a table with the CVE, associated 225 references, severity, updated Google devices, updated AOSP versions (where 226 applicable), and date reported. When available, we will link the public change 227 that addressed the issue to the bug ID, like the AOSP change list. When multiple 228 changes relate to a single bug, additional references are linked to numbers 229 following the bug ID.</p> 230 231 <h3 id="rce-in-c-ares">Remote code execution vulnerability in c-ares</h3> 232 <p> 233 A remote code execution vulnerability in c-ares could enable an attacker using 234 a specially crafted request to execute arbitrary code in the context of an 235 unprivileged process. This issue is rated as High due to the possibility of 236 remote code execution in an application that uses this library. 237 </p> 238 239 <table> 240 <col width="18%"> 241 <col width="17%"> 242 <col width="10%"> 243 <col width="19%"> 244 <col width="18%"> 245 <col width="17%"> 246 <tr> 247 <th>CVE</th> 248 <th>References</th> 249 <th>Severity</th> 250 <th>Updated Google devices</th> 251 <th>Updated AOSP versions</th> 252 <th>Date reported</th> 253 </tr> 254 <tr> 255 <td>CVE-2016-5180</td> 256 <td><a href="https://android.googlesource.com/platform/external/c-ares/+/f4baf84f285bfbdebb89b2fef8a955720f00c677"> 257 A-32205736</a></td> 258 <td>High</td> 259 <td>All</td> 260 <td>7.0</td> 261 <td>Sept 29, 2016</td> 262 </tr> 263 </table> 264 265 266 <h3 id="rce-vulnerability-in-framesequence">Remote code 267 execution vulnerability in Framesequence</h3> 268 <p> 269 A remote code execution vulnerability in the Framesequence library could enable 270 an attacker using a specially crafted file to execute arbitrary code in the 271 context of an unprivileged process. This issue is rated as High due to the 272 possibility of remote code execution in an application that uses the 273 Framesequence library. 274 </p> 275 <table> 276 <col width="18%"> 277 <col width="17%"> 278 <col width="10%"> 279 <col width="19%"> 280 <col width="18%"> 281 <col width="17%"> 282 <tr> 283 <th>CVE</th> 284 <th>References</th> 285 <th>Severity</th> 286 <th>Updated Google devices</th> 287 <th>Updated AOSP versions</th> 288 <th>Date reported</th> 289 </tr> 290 <tr> 291 <td>CVE-2017-0382</td> 292 <td><a href="https://android.googlesource.com/platform/frameworks/ex/+/7f0e3dab5a892228d8dead7f0221cc9ae82474f7"> 293 A-32338390</a></td> 294 <td>High</td> 295 <td>All</td> 296 <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 297 <td>Oct 21, 2016</td> 298 </tr> 299 </table> 300 <h3 id="eop-in-framework-apis">Elevation of 301 privilege vulnerability in Framework APIs</h3> 302 <p> 303 An elevation of privilege vulnerability in the Framework APIs could enable a 304 local malicious application to execute arbitrary code within the context of a 305 privileged process. This issue is rated as High because it could be used to gain 306 local access to elevated capabilities, which are not normally accessible to a 307 third-party application. 308 </p> 309 <table> 310 <col width="18%"> 311 <col width="17%"> 312 <col width="10%"> 313 <col width="19%"> 314 <col width="18%"> 315 <col width="17%"> 316 <tr> 317 <th>CVE</th> 318 <th>References</th> 319 <th>Severity</th> 320 <th>Updated Google devices</th> 321 <th>Updated AOSP versions</th> 322 <th>Date reported</th> 323 </tr> 324 <tr> 325 <td>CVE-2017-0383</td> 326 <td><a href="https://android.googlesource.com/platform/frameworks/native/+/e5753ba087fa59ee02f6026cc13b1ceb42a1f266"> 327 A-31677614</a></td> 328 <td>High</td> 329 <td>All</td> 330 <td>7.0, 7.1.1</td> 331 <td>Sep 21, 2016</td> 332 </tr> 333 </table> 334 <h3 id="eop-in-audioserver">Elevation of 335 privilege vulnerability in Audioserver</h3> 336 <p> 337 An elevation of privilege vulnerability in Audioserver could enable a local 338 malicious application to execute arbitrary code within the context of a 339 privileged process. This issue is rated as High because it could be used to gain 340 local access to elevated capabilities, which are not normally accessible to a 341 third-party application. 342 </p> 343 <table> 344 <col width="18%"> 345 <col width="17%"> 346 <col width="10%"> 347 <col width="19%"> 348 <col width="18%"> 349 <col width="17%"> 350 <tr> 351 <th>CVE</th> 352 <th>References</th> 353 <th>Severity</th> 354 <th>Updated Google devices</th> 355 <th>Updated AOSP versions</th> 356 <th>Date reported</th> 357 </tr> 358 <tr> 359 <td>CVE-2017-0384</td> 360 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/321ea5257e37c8edb26e66fe4ee78cca4cd915fe"> 361 A-32095626</a></td> 362 <td>High</td> 363 <td>All</td> 364 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 365 <td>Oct 11, 2016</td> 366 </tr> 367 <tr> 368 <td>CVE-2017-0385</td> 369 <td><a href="https://android.googlesource.com/platform/hardware/qcom/audio/+/ed79f2cc961d7d35fdbbafdd235c1436bcd74358"> 370 A-32585400</a></td> 371 <td>High</td> 372 <td>All</td> 373 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 374 <td>Oct 11, 2016</td> 375 </tr> 376 </table> 377 <h3 id="eop-in-libnl">Elevation of privilege 378 vulnerability in libnl</h3> 379 <p> 380 An elevation of privilege vulnerability in the libnl library could enable a 381 local malicious application to execute arbitrary code within the context of a 382 privileged process. This issue is rated as High because it could be used to gain 383 local access to elevated capabilities, which are not normally accessible to a 384 third-party application. 385 </p> 386 <table> 387 <col width="18%"> 388 <col width="17%"> 389 <col width="10%"> 390 <col width="19%"> 391 <col width="18%"> 392 <col width="17%"> 393 <tr> 394 <th>CVE</th> 395 <th>References</th> 396 <th>Severity</th> 397 <th>Updated Google devices</th> 398 <th>Updated AOSP versions</th> 399 <th>Date reported</th> 400 </tr> 401 <tr> 402 <td>CVE-2017-0386</td> 403 <td><a href="https://android.googlesource.com/platform/external/libnl/+/f0b40192efd1af977564ed6335d42a8bbdaf650a"> 404 A-32255299</a></td> 405 <td>High</td> 406 <td>All</td> 407 <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 408 <td>Oct 18, 2016</td> 409 </tr> 410 </table> 411 <h3 id="eop-in-mediaserver">Elevation of 412 privilege vulnerability in Mediaserver</h3> 413 <p> 414 An elevation of privilege vulnerability in Mediaserver could enable a local 415 malicious application to execute arbitrary code within the context of a 416 privileged process. This issue is rated as High because it could be used to gain 417 local access to elevated capabilities, which are not normally accessible to a 418 third-party application. 419 </p> 420 <table> 421 <col width="18%"> 422 <col width="17%"> 423 <col width="10%"> 424 <col width="19%"> 425 <col width="18%"> 426 <col width="17%"> 427 <tr> 428 <th>CVE</th> 429 <th>References</th> 430 <th>Severity</th> 431 <th>Updated Google devices</th> 432 <th>Updated AOSP versions</th> 433 <th>Date reported</th> 434 </tr> 435 <tr> 436 <td>CVE-2017-0387</td> 437 <td><a href="https://android.googlesource.com/platform/frameworks/native/+/675e212c8c6653825cc3352c603caf2e40b00f9f"> 438 A-32660278</a></td> 439 <td>High</td> 440 <td>All</td> 441 <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 442 <td>Nov 4, 2016</td> 443 </tr> 444 </table> 445 <h3 id="id-in-external-storage-provider">Information disclosure vulnerability 446 in External Storage Provider</h3> 447 <p> 448 An information disclosure vulnerability in the External Storage Provider could 449 enable a local secondary user to read data from an external storage SD card 450 inserted by the primary user. This issue is rated as High because it could be 451 used to access data without permission. 452 </p> 453 <table> 454 <col width="18%"> 455 <col width="17%"> 456 <col width="10%"> 457 <col width="19%"> 458 <col width="18%"> 459 <col width="17%"> 460 <tr> 461 <th>CVE</th> 462 <th>References</th> 463 <th>Severity</th> 464 <th>Updated Google devices</th> 465 <th>Updated AOSP versions</th> 466 <th>Date reported</th> 467 </tr> 468 <tr> 469 <td>CVE-2017-0388</td> 470 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/47e62b7fe6807a274ba760a8fecfd624fe792da9"> 471 A-32523490</a></td> 472 <td>High</td> 473 <td>All</td> 474 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 475 <td>Google internal</td> 476 </tr> 477 </table> 478 <h3 id="dos-in-core-networking">Denial of service 479 vulnerability in core networking</h3> 480 <p> 481 A denial of service vulnerability in core networking could enable a remote 482 attacker to use specially crafted network packet to cause a device hang or 483 reboot. This issue is rated as High due to the possibility of remote denial of 484 service. 485 </p> 486 <table> 487 <col width="18%"> 488 <col width="17%"> 489 <col width="10%"> 490 <col width="19%"> 491 <col width="18%"> 492 <col width="17%"> 493 <tr> 494 <th>CVE</th> 495 <th>References</th> 496 <th>Severity</th> 497 <th>Updated Google devices</th> 498 <th>Updated AOSP versions</th> 499 <th>Date reported</th> 500 </tr> 501 <tr> 502 <td>CVE-2017-0389</td> 503 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/a014b6be3c7c6fb5cf9352a05baf84fca7a133c7"> 504 A-31850211</a> 505 [<a href="https://android.googlesource.com/platform/frameworks/base/+/47e81a2596b00ee7aaca58716ff164a1708b0b29">2</a>] 506 [<a href="https://android.googlesource.com/platform/frameworks/base/+/006e0613016c1a0e0627f992f5a93a7b7198edba#">3</a>]</td> 507 <td>High</td> 508 <td>All</td> 509 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 510 <td>Jul 20, 2016</td> 511 </tr> 512 </table> 513 <h3 id="dos-in-mediaserver">Denial of service 514 vulnerability in Mediaserver</h3> 515 <p> 516 A denial of service vulnerability in Mediaserver could enable a remote attacker 517 to use a specially crafted file to cause a device hang or reboot. This issue is 518 rated as High due to the possibility of remote denial of service. 519 </p> 520 <table> 521 <col width="18%"> 522 <col width="17%"> 523 <col width="10%"> 524 <col width="19%"> 525 <col width="18%"> 526 <col width="17%"> 527 <tr> 528 <th>CVE</th> 529 <th>References</th> 530 <th>Severity</th> 531 <th>Updated Google devices</th> 532 <th>Updated AOSP versions</th> 533 <th>Date reported</th> 534 </tr> 535 <tr> 536 <td>CVE-2017-0390</td> 537 <td><a href="https://android.googlesource.com/platform/external/tremolo/+/5dc99237d49e73c27d3eca54f6ccd97d13f94de0"> 538 A-31647370</a></td> 539 <td>High</td> 540 <td>All</td> 541 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 542 <td>Sep 19, 2016</td> 543 </tr> 544 <tr> 545 <td>CVE-2017-0391</td> 546 <td><a href="https://android.googlesource.com/platform/external/libhevc/+/a33f6725d7e9f92330f995ce2dcf4faa33f6433f"> 547 A-32322258</a></td> 548 <td>High</td> 549 <td>All</td> 550 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 551 <td>Oct 20, 2016</td> 552 </tr> 553 <tr> 554 <td>CVE-2017-0392</td> 555 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/453b351ac5bd2b6619925dc966da60adf6b3126c"> 556 A-32577290</a></td> 557 <td>High</td> 558 <td>All</td> 559 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 560 <td>Oct 29, 2016</td> 561 </tr> 562 <tr> 563 <td>CVE-2017-0393</td> 564 <td><a href="https://android.googlesource.com/platform/external/libvpx/+/6886e8e0a9db2dbad723dc37a548233e004b33bc"> 565 A-30436808</a></td> 566 <td>High</td> 567 <td>All</td> 568 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 569 <td>Google internal</td> 570 </tr> 571 </table> 572 <h3 id="dos-in-telephony">Denial of service 573 vulnerability in Telephony</h3> 574 <p> 575 A denial of service vulnerability in Telephony could enable a remote attacker to 576 cause a device hang or reboot. This issue is rated as High due to the 577 possibility of remote denial of service. 578 </p> 579 <table> 580 <col width="18%"> 581 <col width="17%"> 582 <col width="10%"> 583 <col width="19%"> 584 <col width="18%"> 585 <col width="17%"> 586 <tr> 587 <th>CVE</th> 588 <th>References</th> 589 <th>Severity</th> 590 <th>Updated Google devices</th> 591 <th>Updated AOSP versions</th> 592 <th>Date reported</th> 593 </tr> 594 <tr> 595 <td>CVE-2017-0394</td> 596 <td><a href="https://android.googlesource.com/platform/packages/services/Telephony/+/1cdced590675ce526c91c6f8983ceabb8038f58d"> 597 A-31752213</a></td> 598 <td>High</td> 599 <td>All</td> 600 <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 601 <td>Sep 23, 2016</td> 602 </tr> 603 </table> 604 <h3 id="eop-in-contacts">Elevation of privilege 605 vulnerability in Contacts</h3> 606 <p> 607 An elevation of privilege vulnerability in Contacts could enable a local 608 malicious application to silently create contact information. This issue is 609 rated as Moderate because it is a local bypass of user interaction requirements 610 (access to functionality that would normally require either user initiation or 611 user permission). 612 </p> 613 <table> 614 <col width="18%"> 615 <col width="17%"> 616 <col width="10%"> 617 <col width="19%"> 618 <col width="18%"> 619 <col width="17%"> 620 <tr> 621 <th>CVE</th> 622 <th>References</th> 623 <th>Severity</th> 624 <th>Updated Google devices</th> 625 <th>Updated AOSP versions</th> 626 <th>Date reported</th> 627 </tr> 628 <tr> 629 <td>CVE-2017-0395</td> 630 <td><a href="https://android.googlesource.com/platform/packages/apps/ContactsCommon/+/d47661ad82d402c1e0c90eb83970687d784add1b"> 631 A-32219099</a></td> 632 <td>Moderate</td> 633 <td>All</td> 634 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 635 <td>Oct 15, 2016</td> 636 </tr> 637 </table> 638 <h3 id="id-in-mediaserver">Information 639 disclosure vulnerability in Mediaserver</h3> 640 <p> 641 An information disclosure vulnerability in Mediaserver could enable a local 642 malicious application to access data outside of its permission levels. This 643 issue is rated as Moderate because it could be used to access sensitive data 644 without permission. 645 </p> 646 <table> 647 <col width="18%"> 648 <col width="17%"> 649 <col width="10%"> 650 <col width="19%"> 651 <col width="18%"> 652 <col width="17%"> 653 <tr> 654 <th>CVE</th> 655 <th>References</th> 656 <th>Severity</th> 657 <th>Updated Google devices</th> 658 <th>Updated AOSP versions</th> 659 <th>Date reported</th> 660 </tr> 661 <tr> 662 <td>CVE-2017-0381</td> 663 <td><a href="https://android.googlesource.com/platform/external/libopus/+/0d052d64480a30e83fcdda80f4774624e044beb7"> 664 A-31607432</a></td> 665 <td>Moderate</td> 666 <td>All</td> 667 <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 668 <td>Sep 18, 2016</td> 669 </tr> 670 <tr> 671 <td>CVE-2017-0396</td> 672 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/557bd7bfe6c4895faee09e46fc9b5304a956c8b7"> 673 A-31781965</a></td> 674 <td>Moderate</td> 675 <td>All</td> 676 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 677 <td>Sep 27, 2016</td> 678 </tr> 679 <tr> 680 <td>CVE-2017-0397</td> 681 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/7a3246b870ddd11861eda2ab458b11d723c7f62c"> 682 A-32377688</a></td> 683 <td>Moderate</td> 684 <td>All</td> 685 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 686 <td>Oct 21, 2016</td> 687 </tr> 688 </table> 689 <h3 id="id-in-audioserver">Information 690 disclosure vulnerability in Audioserver</h3> 691 <p> 692 An information disclosure vulnerability in Audioserver could enable a local 693 malicious application to access data outside of its permission levels. This 694 issue is rated as Moderate because it could be used to access sensitive data 695 without permission. 696 </p> 697 <table> 698 <col width="18%"> 699 <col width="17%"> 700 <col width="10%"> 701 <col width="19%"> 702 <col width="18%"> 703 <col width="17%"> 704 <tr> 705 <th>CVE</th> 706 <th>References</th> 707 <th>Severity</th> 708 <th>Updated Google devices</th> 709 <th>Updated AOSP versions</th> 710 <th>Date reported</th> 711 </tr> 712 <tr> 713 <td>CVE-2017-0398</td> 714 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/26965db50a617f69bdefca0d7533796c80374f2c"> 715 A-32438594</a></td> 716 <td>Moderate</td> 717 <td>All</td> 718 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 719 <td>Oct 25, 2016</td> 720 </tr> 721 <tr> 722 <td>CVE-2017-0398</td> 723 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/26965db50a617f69bdefca0d7533796c80374f2c"> 724 A-32635664</a></td> 725 <td>Moderate</td> 726 <td>All</td> 727 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 728 <td>Oct 25, 2016</td> 729 </tr> 730 <tr> 731 <td>CVE-2017-0398</td> 732 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/26965db50a617f69bdefca0d7533796c80374f2c"> 733 A-32624850</a></td> 734 <td>Moderate</td> 735 <td>All</td> 736 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 737 <td>Oct 25, 2016</td> 738 </tr> 739 <tr> 740 <td>CVE-2017-0399</td> 741 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/c66c43ad571ed2590dcd55a762c73c90d9744bac"> 742 A-32247948</a> 743 [<a href="https://android.googlesource.com/platform/hardware/qcom/audio/+/d72ea85c78a1a68bf99fd5804ad9784b4102fe57">2</a>]</td> 744 <td>Moderate</td> 745 <td>All</td> 746 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 747 <td>Oct 18, 2016</td> 748 </tr> 749 <tr> 750 <td>CVE-2017-0400</td> 751 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/c66c43ad571ed2590dcd55a762c73c90d9744bac"> 752 A-32584034</a> 753 [<a href="https://android.googlesource.com/platform/hardware/qcom/audio/+/d72ea85c78a1a68bf99fd5804ad9784b4102fe57">2</a>]</td> 754 <td>Moderate</td> 755 <td>All</td> 756 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 757 <td>Oct 25, 2016</td> 758 </tr> 759 <tr> 760 <td>CVE-2017-0401</td> 761 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/321ea5257e37c8edb26e66fe4ee78cca4cd915fe"> 762 A-32448258</a></td> 763 <td>Moderate</td> 764 <td>All</td> 765 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 766 <td>Oct 26, 2016</td> 767 </tr> 768 <tr> 769 <td>CVE-2017-0402</td> 770 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/c66c43ad571ed2590dcd55a762c73c90d9744bac"> 771 A-32436341</a> 772 [<a href="https://android.googlesource.com/platform/hardware/qcom/audio/+/d72ea85c78a1a68bf99fd5804ad9784b4102fe57">2</a>]</td> 773 <td>Moderate</td> 774 <td>All</td> 775 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 776 <td>Oct 25, 2016</td> 777 </tr> 778 </table> 779 780 <h2 id="2017-01-05-details">2017-01-05 security patch levelVulnerability 781 details</h2> 782 <p> 783 In the sections below, we provide details for each of the security 784 vulnerabilities that applt to the 2017-01-05 patch level. 785 There is a description of 786 the issue, a severity rationale, and a table with the CVE, associated 787 references, severity, updated Google devices, updated AOSP versions (where 788 applicable), and date reported. When available, we will link the public change 789 that addressed the issue to the bug ID, like the AOSP change list. When multiple 790 changes relate to a single bug, additional references are linked to numbers 791 following the bug ID.</p> 792 793 794 <h3 id="eop-in-kernel-memory-subsystem">Elevation of privilege vulnerability in 795 kernel memory subsystem</h3> 796 <p> 797 An elevation of privilege vulnerability in the kernel memory subsystem could 798 enable a local malicious application to execute arbitrary code within the 799 context of the kernel. This issue is rated as Critical due to the possibility 800 of a local permanent device compromise, which may require reflashing the 801 operating system to repair the device. 802 </p> 803 804 <table> 805 <col width="19%"> 806 <col width="20%"> 807 <col width="10%"> 808 <col width="23%"> 809 <col width="17%"> 810 <tr> 811 <th>CVE</th> 812 <th>References</th> 813 <th>Severity</th> 814 <th>Updated Google devices</th> 815 <th>Date reported</th> 816 </tr> 817 <tr> 818 <td>CVE-2015-3288</td> 819 <td>A-32460277<br> 820 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6b7339f4c31ad69c8e9c0b2859276e22cf72176d"> 821 Upstream kernel</a></td> 822 <td>Critical</td> 823 <td>Nexus 5X, Nexus 6, Nexus 6P, Android One, Pixel C, Nexus Player, Pixel, 824 Pixel XL</td> 825 <td>Jul 9, 2015</td> 826 </tr> 827 </table> 828 829 830 <h3 id="eop-in-qualcomm-bootloader">Elevation of privilege vulnerability in 831 Qualcomm bootloader</h3> 832 <p> 833 An elevation of privilege vulnerability in the Qualcomm bootloader could enable 834 a local malicious application to execute arbitrary code within the context of 835 the kernel. This issue is rated as Critical due to the possibility of a local 836 permanent device compromise, which may require reflashing the operating system 837 to repair the device. 838 </p> 839 840 <table> 841 <col width="19%"> 842 <col width="20%"> 843 <col width="10%"> 844 <col width="23%"> 845 <col width="17%"> 846 <tr> 847 <th>CVE</th> 848 <th>References</th> 849 <th>Severity</th> 850 <th>Updated Google devices</th> 851 <th>Date reported</th> 852 </tr> 853 <tr> 854 <td>CVE-2016-8422</td> 855 <td>A-31471220<br> 856 <a href="https://source.codeaurora.org/quic/la//kernel/lk/commit/?id=d6639f0a77f8ebfc1e05f3acdf12d5588e7e6213"> 857 QC-CR#979426</a></td> 858 <td>Critical</td> 859 <td>Nexus 6, Nexus 6P, Pixel, Pixel XL</td> 860 <td>Jul 22, 2016</td> 861 </tr> 862 <tr> 863 <td>CVE-2016-8423</td> 864 <td>A-31399736<br> 865 <a href="https://source.codeaurora.org/quic/la//kernel/lk/commit/?id=98db6cc526fa1677da05d54785937540cdc84867"> 866 QC-CR#1000546</a></td> 867 <td>Critical</td> 868 <td>Nexus 6P, Pixel, Pixel XL</td> 869 <td>Aug 24, 2016</td> 870 </tr> 871 </table> 872 873 874 <h3 id="eop-in-kernel-file-system">Elevation of privilege vulnerability in 875 kernel file system</h3> 876 <p> 877 An elevation of privilege vulnerability in the kernel file system could enable 878 a local malicious application to execute arbitrary code within the context of 879 the kernel. This issue is rated as Critical due to the possibility of a local 880 permanent device compromise, which may require reflashing the operating system 881 to repair the device. 882 </p> 883 884 <table> 885 <col width="19%"> 886 <col width="20%"> 887 <col width="10%"> 888 <col width="23%"> 889 <col width="17%"> 890 <tr> 891 <th>CVE</th> 892 <th>References</th> 893 <th>Severity</th> 894 <th>Updated Google devices</th> 895 <th>Date reported</th> 896 </tr> 897 <tr> 898 <td>CVE-2015-5706</td> 899 <td>A-32289301<br> 900 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f15133df088ecadd141ea1907f2c96df67c729f0"> 901 Upstream kernel</a></td> 902 <td>Critical</td> 903 <td>None*</td> 904 <td>Aug 1, 2016</td> 905 </tr> 906 </table> 907 <p> 908 * Supported Google devices on Android 7.0 or later that have installed all 909 available updates are not affected by this vulnerability. 910 </p> 911 912 913 <h3 id="eop-in-nvidia-gpu-driver">Elevation of privilege vulnerability in 914 NVIDIA GPU driver</h3> 915 <p> 916 An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a 917 local malicious application to execute arbitrary code within the context of the 918 kernel. This issue is rated as Critical due to the possibility of a local 919 permanent device compromise, which may require reflashing the operating system 920 to repair the device. 921 </p> 922 923 <table> 924 <col width="19%"> 925 <col width="20%"> 926 <col width="10%"> 927 <col width="23%"> 928 <col width="17%"> 929 <tr> 930 <th>CVE</th> 931 <th>References</th> 932 <th>Severity</th> 933 <th>Updated Google devices</th> 934 <th>Date reported</th> 935 </tr> 936 <tr> 937 <td>CVE-2016-8424</td> 938 <td>A-31606947*<br> 939 N-CVE-2016-8424</td> 940 <td>Critical</td> 941 <td>Nexus 9</td> 942 <td>Sep 17, 2016</td> 943 </tr> 944 <tr> 945 <td>CVE-2016-8425</td> 946 <td>A-31797770*<br> 947 N-CVE-2016-8425</td> 948 <td>Critical</td> 949 <td>Nexus 9</td> 950 <td>Sep 28, 2016</td> 951 </tr> 952 <tr> 953 <td>CVE-2016-8426</td> 954 <td>A-31799206*<br> 955 N-CVE-2016-8426</td> 956 <td>Critical</td> 957 <td>Nexus 9</td> 958 <td>Sep 28, 2016</td> 959 </tr> 960 <tr> 961 <td>CVE-2016-8482</td> 962 <td>A-31799863*<br> 963 N-CVE-2016-8482</td> 964 <td>Critical</td> 965 <td>Nexus 9</td> 966 <td>Sep 28, 2016</td> 967 </tr> 968 <tr> 969 <td>CVE-2016-8427</td> 970 <td>A-31799885*<br> 971 N-CVE-2016-8427</td> 972 <td>Critical</td> 973 <td>Nexus 9</td> 974 <td>Sep 28, 2016</td> 975 </tr> 976 <tr> 977 <td>CVE-2016-8428</td> 978 <td>A-31993456*<br> 979 N-CVE-2016-8428</td> 980 <td>Critical</td> 981 <td>Nexus 9</td> 982 <td>Oct 6, 2016</td> 983 </tr> 984 <tr> 985 <td>CVE-2016-8429</td> 986 <td>A-32160775*<br> 987 N-CVE-2016-8429</td> 988 <td>Critical</td> 989 <td>Nexus 9</td> 990 <td>Oct 13, 2016</td> 991 </tr> 992 <tr> 993 <td>CVE-2016-8430</td> 994 <td>A-32225180*<br> 995 N-CVE-2016-8430</td> 996 <td>Critical</td> 997 <td>Nexus 9</td> 998 <td>Oct 17, 2016</td> 999 </tr> 1000 <tr> 1001 <td>CVE-2016-8431</td> 1002 <td>A-32402179*<br> 1003 N-CVE-2016-8431</td> 1004 <td>Critical</td> 1005 <td>Pixel C</td> 1006 <td>Oct 25, 2016</td> 1007 </tr> 1008 <tr> 1009 <td>CVE-2016-8432</td> 1010 <td>A-32447738*<br> 1011 N-CVE-2016-8432</td> 1012 <td>Critical</td> 1013 <td>Pixel C</td> 1014 <td>Oct 26, 2016</td> 1015 </tr> 1016 </table> 1017 <p> 1018 * The patch for this issue is not publicly available. The update is contained 1019 in the latest binary drivers for Nexus devices available from the <a 1020 href="https://developers.google.com/android/nexus/drivers">Google Developer 1021 site</a>. 1022 </p> 1023 1024 1025 <h3 id="eop-in-mediatek-driver">Elevation of privilege vulnerability in 1026 MediaTek driver</h3> 1027 <p> 1028 An elevation of privilege vulnerability in the MediaTek driver could enable a 1029 local malicious application to execute arbitrary code within the context of the 1030 kernel. This issue is rated as Critical due to the possibility of a local 1031 permanent device compromise, which may require reflashing the operating system 1032 to repair the device. 1033 </p> 1034 1035 <table> 1036 <col width="19%"> 1037 <col width="20%"> 1038 <col width="10%"> 1039 <col width="23%"> 1040 <col width="17%"> 1041 <tr> 1042 <th>CVE</th> 1043 <th>References</th> 1044 <th>Severity</th> 1045 <th>Updated Google devices</th> 1046 <th>Date reported</th> 1047 </tr> 1048 <tr> 1049 <td>CVE-2016-8433</td> 1050 <td>A-31750190*<br> 1051 MT-ALPS02974192</td> 1052 <td>Critical</td> 1053 <td>None**</td> 1054 <td>Sep 24, 2016</td> 1055 </tr> 1056 </table> 1057 <p> 1058 * The patch for this issue is not publicly available. The update is contained 1059 in the latest binary drivers for Nexus devices available from the <a 1060 href="https://developers.google.com/android/nexus/drivers">Google Developer 1061 site</a>. 1062 </p> 1063 <p> 1064 ** Supported Google devices on Android 7.0 or later that have installed all 1065 available updates are not affected by this vulnerability. 1066 </p> 1067 1068 1069 <h3 id="eop-in-qualcomm-gpu-driver">Elevation of privilege vulnerability in 1070 Qualcomm GPU driver</h3> 1071 <p> 1072 An elevation of privilege vulnerability in the Qualcomm GPU driver could enable 1073 a local malicious application to execute arbitrary code within the context of 1074 the kernel. This issue is rated as Critical due to the possibility of a local 1075 permanent device compromise, which may require reflashing the operating system 1076 to repair the device. 1077 </p> 1078 1079 <table> 1080 <col width="19%"> 1081 <col width="20%"> 1082 <col width="10%"> 1083 <col width="23%"> 1084 <col width="17%"> 1085 <tr> 1086 <th>CVE</th> 1087 <th>References</th> 1088 <th>Severity</th> 1089 <th>Updated Google devices</th> 1090 <th>Date reported</th> 1091 </tr> 1092 <tr> 1093 <td>CVE-2016-8434</td> 1094 <td>A-32125137<br> 1095 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.14/commit/?id=3e3866a5fced40ccf9ca442675cf915961efe4d9"> 1096 QC-CR#1081855</a></td> 1097 <td>Critical</td> 1098 <td>Nexus 5X, Nexus 6, Nexus 6P, Android One</td> 1099 <td>Oct 12, 2016</td> 1100 </tr> 1101 </table> 1102 1103 1104 <h3 id="eop-in-nvidia-gpu-driver-2">Elevation of privilege vulnerability in 1105 NVIDIA GPU driver</h3> 1106 <p> 1107 An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a 1108 local malicious application to execute arbitrary code within the context of the 1109 kernel. This issue is rated as Critical due to the possibility of a local 1110 permanent device compromise, which may require reflashing the operating system 1111 to repair the device. 1112 </p> 1113 1114 <table> 1115 <col width="19%"> 1116 <col width="20%"> 1117 <col width="10%"> 1118 <col width="23%"> 1119 <col width="17%"> 1120 <tr> 1121 <th>CVE</th> 1122 <th>References</th> 1123 <th>Severity</th> 1124 <th>Updated Google devices</th> 1125 <th>Date reported</th> 1126 </tr> 1127 <tr> 1128 <td>CVE-2016-8435</td> 1129 <td>A-32700935*<br> 1130 N-CVE-2016-8435</td> 1131 <td>Critical</td> 1132 <td>Pixel C</td> 1133 <td>Nov 7, 2016</td> 1134 </tr> 1135 </table> 1136 <p> 1137 * The patch for this issue is not publicly available. The update is contained 1138 in the latest binary drivers for Nexus devices available from the 1139 <a href="https://developers.google.com/android/nexus/drivers">Google Developer 1140 site</a>. 1141 </p> 1142 1143 1144 <h3 id="eop-in-qualcomm-video-driver">Elevation of privilege vulnerability in 1145 Qualcomm video driver</h3> 1146 <p> 1147 An elevation of privilege vulnerability in the Qualcomm video driver could 1148 enable a local malicious application to execute arbitrary code within the 1149 context of the kernel. This issue is rated as Critical due to the possibility 1150 of a local permanent device compromise, which may require reflashing the 1151 operating system to repair the device. 1152 </p> 1153 1154 <table> 1155 <col width="19%"> 1156 <col width="20%"> 1157 <col width="10%"> 1158 <col width="23%"> 1159 <col width="17%"> 1160 <tr> 1161 <th>CVE</th> 1162 <th>References</th> 1163 <th>Severity</th> 1164 <th>Updated Google devices</th> 1165 <th>Date reported</th> 1166 </tr> 1167 <tr> 1168 <td>CVE-2016-8436</td> 1169 <td>A-32450261<br> 1170 <a href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=228e8d17b9f5d22cf9896ab8eff88dc6737c2ced"> 1171 QC-CR#1007860</a></td> 1172 <td>Critical</td> 1173 <td>None*</td> 1174 <td>Oct 13, 2016</td> 1175 </tr> 1176 </table> 1177 <p> 1178 * Supported Google devices on Android 7.0 or later that have installed all 1179 available updates are not affected by this vulnerability. 1180 </p> 1181 1182 1183 <h3 id="vulnerabilities-in-qualcomm-components">Vulnerabilities in Qualcomm 1184 components</h3> 1185 <p> 1186 The following vulnerabilities affects Qualcomm components and are described in 1187 further detail in Qualcomm AMSS November 2015, August 2016, September 2016, and 1188 October 2016 security bulletins. 1189 </p> 1190 1191 <table> 1192 <col width="19%"> 1193 <col width="20%"> 1194 <col width="10%"> 1195 <col width="23%"> 1196 <col width="17%"> 1197 <tr> 1198 <th>CVE</th> 1199 <th>References</th> 1200 <th>Severity*</th> 1201 <th>Updated Google devices</th> 1202 <th>Date reported</th> 1203 </tr> 1204 <tr> 1205 <td>CVE-2016-8438</td> 1206 <td>A-31624565**</td> 1207 <td>Critical</td> 1208 <td>None***</td> 1209 <td>Qualcomm internal</td> 1210 </tr> 1211 <tr> 1212 <td>CVE-2016-8442</td> 1213 <td>A-31625910**</td> 1214 <td>Critical</td> 1215 <td>None***</td> 1216 <td>Qualcomm internal</td> 1217 </tr> 1218 <tr> 1219 <td>CVE-2016-8443</td> 1220 <td>A-32576499**</td> 1221 <td>Critical</td> 1222 <td>None***</td> 1223 <td>Qualcomm internal</td> 1224 </tr> 1225 <tr> 1226 <td>CVE-2016-8437</td> 1227 <td>A-31623057**</td> 1228 <td>High</td> 1229 <td>None***</td> 1230 <td>Qualcomm internal</td> 1231 </tr> 1232 <tr> 1233 <td>CVE-2016-8439</td> 1234 <td>A-31625204**</td> 1235 <td>High</td> 1236 <td>None***</td> 1237 <td>Qualcomm internal</td> 1238 </tr> 1239 <tr> 1240 <td>CVE-2016-8440</td> 1241 <td>A-31625306**</td> 1242 <td>High</td> 1243 <td>None***</td> 1244 <td>Qualcomm internal</td> 1245 </tr> 1246 <tr> 1247 <td>CVE-2016-8441</td> 1248 <td>A-31625904**</td> 1249 <td>High</td> 1250 <td>None***</td> 1251 <td>Qualcomm internal</td> 1252 </tr> 1253 <tr> 1254 <td>CVE-2016-8398</td> 1255 <td>A-31548486**</td> 1256 <td>High</td> 1257 <td>Nexus 5X, Nexus 6, Nexus 6P, Android One</td> 1258 <td>Qualcomm internal</td> 1259 </tr> 1260 <tr> 1261 <td>CVE-2016-8459</td> 1262 <td>A-32577972**</td> 1263 <td>High</td> 1264 <td>None***</td> 1265 <td>Qualcomm internal</td> 1266 </tr> 1267 <tr> 1268 <td>CVE-2016-5080</td> 1269 <td>A-31115235**</td> 1270 <td>Moderate</td> 1271 <td>Nexus 5X</td> 1272 <td>Qualcomm internal</td> 1273 </tr> 1274 </table> 1275 <p> 1276 * The severity rating for these vulnerabilities was determined by the vendor. 1277 </p> 1278 <p> 1279 * The patch for this issue is not publicly available. The update is contained 1280 in the latest binary drivers for Nexus devices available from the 1281 <a href="https://developers.google.com/android/nexus/drivers">Google Developer 1282 site</a>. 1283 </p> 1284 <p> 1285 *** Supported Google devices on Android 7.0 or later that have installed all 1286 available updates are not affected by this vulnerability. 1287 </p> 1288 1289 1290 <h3 id="eop-in-qualcomm-camera">Elevation of privilege vulnerability in 1291 Qualcomm camera</h3> 1292 <p> 1293 An elevation of privilege vulnerability in the Qualcomm camera could enable a 1294 local malicious application to execute arbitrary code within the context of the 1295 kernel. This issue is rated as High because it first requires compromising a 1296 privileged process. 1297 </p> 1298 1299 <table> 1300 <col width="19%"> 1301 <col width="20%"> 1302 <col width="10%"> 1303 <col width="23%"> 1304 <col width="17%"> 1305 <tr> 1306 <th>CVE</th> 1307 <th>References</th> 1308 <th>Severity</th> 1309 <th>Updated Google devices</th> 1310 <th>Date reported</th> 1311 </tr> 1312 <tr> 1313 <td>CVE-2016-8412</td> 1314 <td>A-31225246<br> 1315 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=42a98c44669d92dafcf4d6336bdccaeb2db12786"> 1316 QC-CR#1071891</a></td> 1317 <td>High</td> 1318 <td>Nexus 5X, Nexus 6, Nexus 6P, Android One, Pixel, Pixel XL</td> 1319 <td>Aug 26, 2016</td> 1320 </tr> 1321 <tr> 1322 <td>CVE-2016-8444</td> 1323 <td>A-31243641*<br> 1324 QC-CR#1074310</td> 1325 <td>High</td> 1326 <td>Nexus 5X, Nexus 6, Nexus 6P</td> 1327 <td>Aug 26, 2016</td> 1328 </tr> 1329 </table> 1330 <p> 1331 * The patch for this issue is not publicly available. The update is contained 1332 in the latest binary drivers for Nexus devices available from the 1333 <a href="https://developers.google.com/android/nexus/drivers">Google Developer 1334 site</a>. 1335 </p> 1336 1337 1338 <h3 id="eop-in-mediatek-components">Elevation of privilege vulnerability in 1339 MediaTek components</h3> 1340 <p> 1341 An elevation of privilege vulnerability in MediaTek components, including the 1342 thermal driver and video driver, could enable a local malicious application to 1343 execute arbitrary code within the context of the kernel. This issue is rated as 1344 High because it first requires compromising a privileged process. 1345 </p> 1346 1347 <table> 1348 <col width="19%"> 1349 <col width="20%"> 1350 <col width="10%"> 1351 <col width="23%"> 1352 <col width="17%"> 1353 <tr> 1354 <th>CVE</th> 1355 <th>References</th> 1356 <th>Severity</th> 1357 <th>Updated Google devices</th> 1358 <th>Date reported</th> 1359 </tr> 1360 <tr> 1361 <td>CVE-2016-8445</td> 1362 <td>A-31747590*<br> 1363 MT-ALPS02968983</td> 1364 <td>High</td> 1365 <td>None**</td> 1366 <td>Sep 25, 2016</td> 1367 </tr> 1368 <tr> 1369 <td>CVE-2016-8446</td> 1370 <td>A-31747749*<br> 1371 MT-ALPS02968909</td> 1372 <td>High</td> 1373 <td>None**</td> 1374 <td>Sep 25, 2016</td> 1375 </tr> 1376 <tr> 1377 <td>CVE-2016-8447</td> 1378 <td>A-31749463*<br> 1379 MT-ALPS02968886</td> 1380 <td>High</td> 1381 <td>None**</td> 1382 <td>Sep 25, 2016</td> 1383 </tr> 1384 <tr> 1385 <td>CVE-2016-8448</td> 1386 <td>A-31791148*<br> 1387 MT-ALPS02982181</td> 1388 <td>High</td> 1389 <td>None**</td> 1390 <td>Sep 28, 2016</td> 1391 </tr> 1392 </table> 1393 <p> 1394 * The patch for this issue is not publicly available. The update is contained 1395 in the latest binary drivers for Nexus devices available from the 1396 <a href="https://developers.google.com/android/nexus/drivers">Google Developer 1397 site</a>. 1398 </p> 1399 <p> 1400 ** Supported Google devices on Android 7.0 or later that have installed all 1401 available updates are not affected by this vulnerability. 1402 </p> 1403 1404 1405 <h3 id="eop-in-qualcomm-wi-fi-driver">Elevation of privilege vulnerability in 1406 Qualcomm Wi-Fi driver</h3> 1407 <p> 1408 An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could 1409 enable a local malicious application to execute arbitrary code within the 1410 context of the kernel. This issue is rated as High because it first requires 1411 compromising a privileged process. 1412 </p> 1413 1414 <table> 1415 <col width="19%"> 1416 <col width="20%"> 1417 <col width="10%"> 1418 <col width="23%"> 1419 <col width="17%"> 1420 <tr> 1421 <th>CVE</th> 1422 <th>References</th> 1423 <th>Severity</th> 1424 <th>Updated Google devices</th> 1425 <th>Date reported</th> 1426 </tr> 1427 <tr> 1428 <td>CVE-2016-8415</td> 1429 <td>A-31750554<br> 1430 <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=188e12a816508b11771f362c852782ec9a6f9394"> 1431 QC-CR#1079596</a></td> 1432 <td>High</td> 1433 <td>Nexus 5X, Pixel, Pixel XL</td> 1434 <td>Sep 26, 2016</td> 1435 </tr> 1436 </table> 1437 1438 1439 <h3 id="eop-in-nvidia-gpu-driver-3">Elevation of privilege vulnerability in 1440 NVIDIA GPU driver</h3> 1441 <p> 1442 An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a 1443 local malicious application to execute arbitrary code within the context of the 1444 kernel. This issue is rated as High because it first requires compromising a 1445 privileged process. 1446 </p> 1447 1448 <table> 1449 <col width="19%"> 1450 <col width="20%"> 1451 <col width="10%"> 1452 <col width="23%"> 1453 <col width="17%"> 1454 <tr> 1455 <th>CVE</th> 1456 <th>References</th> 1457 <th>Severity</th> 1458 <th>Updated Google devices</th> 1459 <th>Date reported</th> 1460 </tr> 1461 <tr> 1462 <td>CVE-2016-8449</td> 1463 <td>A-31798848*<br> 1464 N-CVE-2016-8449</td> 1465 <td>High</td> 1466 <td>Nexus 9</td> 1467 <td>Sep 28, 2016</td> 1468 </tr> 1469 </table> 1470 <p> 1471 * The patch for this issue is not publicly available. The update is contained 1472 in the latest binary drivers for Nexus devices available from the 1473 <a href="https://developers.google.com/android/nexus/drivers">Google Developer 1474 site</a>. 1475 </p> 1476 1477 1478 <h3 id="eop-in-qualcomm-sound-driver">Elevation of privilege vulnerability in 1479 Qualcomm sound driver</h3> 1480 <p> 1481 An elevation of privilege vulnerability in the Qualcomm sound driver could 1482 enable a local malicious application to execute arbitrary code within the 1483 context of the kernel. This issue is rated as High because it first requires 1484 compromising a privileged process. 1485 </p> 1486 1487 <table> 1488 <col width="19%"> 1489 <col width="20%"> 1490 <col width="10%"> 1491 <col width="23%"> 1492 <col width="17%"> 1493 <tr> 1494 <th>CVE</th> 1495 <th>References</th> 1496 <th>Severity</th> 1497 <th>Updated Google devices</th> 1498 <th>Date reported</th> 1499 </tr> 1500 <tr> 1501 <td>CVE-2016-8450</td> 1502 <td>A-32450563<br> 1503 <a href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=e909d159ad1998ada853ed35be27c7b6ba241bdb"> 1504 QC-CR#880388</a></td> 1505 <td>High</td> 1506 <td>Nexus 5X, Nexus 6, Nexus 6P, Android One</td> 1507 <td>Oct 13, 2016</td> 1508 </tr> 1509 </table> 1510 1511 1512 <h3 id="eop-in-synaptics-touchscreen-driver">Elevation of privilege 1513 vulnerability in Synaptics touchscreen driver</h3> 1514 <p> 1515 An elevation of privilege vulnerability in the Synaptics touchscreen driver 1516 could enable a local malicious application to execute arbitrary code within the 1517 context of the kernel. This issue is rated as High because it first requires 1518 compromising a privileged process. 1519 </p> 1520 1521 <table> 1522 <col width="19%"> 1523 <col width="20%"> 1524 <col width="10%"> 1525 <col width="23%"> 1526 <col width="17%"> 1527 <tr> 1528 <th>CVE</th> 1529 <th>References</th> 1530 <th>Severity</th> 1531 <th>Updated Google devices</th> 1532 <th>Date reported</th> 1533 </tr> 1534 <tr> 1535 <td>CVE-2016-8451</td> 1536 <td>A-32178033*</td> 1537 <td>High</td> 1538 <td>None**</td> 1539 <td>Oct 13, 2016</td> 1540 </tr> 1541 </table> 1542 <p> 1543 * The patch for this issue is not publicly available. The update is contained 1544 in the latest binary drivers for Nexus devices available from the 1545 <a href="https://developers.google.com/android/nexus/drivers">Google Developer 1546 site</a>. 1547 </p> 1548 <p> 1549 ** Supported Google devices on Android 7.0 or later that have installed all 1550 available updates are not affected by this vulnerability. 1551 </p> 1552 1553 1554 <h3 id="eop-in-kernel-security-subsystem">Elevation of privilege vulnerability 1555 in kernel security subsystem</h3> 1556 <p> 1557 An elevation of privilege vulnerability in kernel security subsystem could 1558 enable a local malicious application to execute arbitrary code within the 1559 context of the kernel. This issue is rated as High because it first requires 1560 compromising a privileged process. 1561 </p> 1562 1563 <table> 1564 <col width="19%"> 1565 <col width="20%"> 1566 <col width="10%"> 1567 <col width="23%"> 1568 <col width="17%"> 1569 <tr> 1570 <th>CVE</th> 1571 <th>References</th> 1572 <th>Severity</th> 1573 <th>Updated Google devices</th> 1574 <th>Date reported</th> 1575 </tr> 1576 <tr> 1577 <td>CVE-2016-7042</td> 1578 <td>A-32178986<br> 1579 <a href="http://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=03dab869b7b239c4e013ec82aea22e181e441cfc"> 1580 Upstream kernel</a></td> 1581 <td>High</td> 1582 <td>Pixel C</td> 1583 <td>Oct 14, 2016</td> 1584 </tr> 1585 </table> 1586 1587 1588 <h3 id="eop-in-kernel-performance-subsystem">Elevation of privilege 1589 vulnerability in kernel performance subsystem</h3> 1590 <p> 1591 An elevation of privilege vulnerability in the kernel performance subsystem 1592 could enable a local malicious application to execute arbitrary code within the 1593 context of the kernel. This issue is rated as High because it first requires 1594 compromising a privileged process. 1595 </p> 1596 1597 <table> 1598 <col width="19%"> 1599 <col width="20%"> 1600 <col width="10%"> 1601 <col width="23%"> 1602 <col width="17%"> 1603 <tr> 1604 <th>CVE</th> 1605 <th>References</th> 1606 <th>Severity</th> 1607 <th>Updated Google devices</th> 1608 <th>Date reported</th> 1609 </tr> 1610 <tr> 1611 <td>CVE-2017-0403</td> 1612 <td>A-32402548*</td> 1613 <td>High</td> 1614 <td>Nexus 5X, Nexus 6, Nexus 6P, Nexus 9, Android One, Pixel C, Nexus 1615 Player, Pixel, Pixel XL</td> 1616 <td>Oct 25, 2016</td> 1617 </tr> 1618 </table> 1619 <p> 1620 * The patch for this issue is not publicly available. The update is contained 1621 in the latest binary drivers for Nexus devices available from the 1622 <a href="https://developers.google.com/android/nexus/drivers">Google Developer 1623 site</a>. 1624 </p> 1625 1626 1627 <h3 id="eop-in-kernel-sound-subsystem">Elevation of privilege vulnerability in 1628 kernel sound subsystem</h3> 1629 <p> 1630 An elevation of privilege vulnerability in the kernel sound subsystem could 1631 enable a local malicious application to execute arbitrary code within the 1632 context of the kernel. This issue is rated as High because it first requires 1633 compromising a privileged process. 1634 </p> 1635 1636 <table> 1637 <col width="19%"> 1638 <col width="20%"> 1639 <col width="10%"> 1640 <col width="23%"> 1641 <col width="17%"> 1642 <tr> 1643 <th>CVE</th> 1644 <th>References</th> 1645 <th>Severity</th> 1646 <th>Updated Google devices</th> 1647 <th>Date reported</th> 1648 </tr> 1649 <tr> 1650 <td>CVE-2017-0404</td> 1651 <td>A-32510733*</td> 1652 <td>High</td> 1653 <td>Nexus 5X, Nexus 6P, Nexus 9, Pixel C, Nexus Player, Pixel, Pixel 1654 XL</td> 1655 <td>Oct 27, 2016</td> 1656 </tr> 1657 </table> 1658 <p> 1659 * The patch for this issue is not publicly available. The update is contained 1660 in the latest binary drivers for Nexus devices available from the 1661 <a href="https://developers.google.com/android/nexus/drivers">Google Developer 1662 site</a>. 1663 </p> 1664 1665 1666 <h3 id="eop-in-qualcomm-wi-fi-driver-2">Elevation of privilege vulnerability in 1667 Qualcomm Wi-Fi driver</h3> 1668 <p> 1669 An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could 1670 enable a local malicious application to execute arbitrary code within the 1671 context of the kernel. This issue is rated as High because it first requires 1672 compromising a privileged process. 1673 </p> 1674 1675 <table> 1676 <col width="19%"> 1677 <col width="20%"> 1678 <col width="10%"> 1679 <col width="23%"> 1680 <col width="17%"> 1681 <tr> 1682 <th>CVE</th> 1683 <th>References</th> 1684 <th>Severity</th> 1685 <th>Updated Google devices</th> 1686 <th>Date reported</th> 1687 </tr> 1688 <tr> 1689 <td>CVE-2016-8452</td> 1690 <td>A-32506396<br> 1691 <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=39fa8e972fa1b10dc68a066f4f9432753d8a2526"> 1692 QC-CR#1050323</a></td> 1693 <td>High</td> 1694 <td>Nexus 5X, Android One, Pixel, Pixel XL</td> 1695 <td>Oct 28, 2016</td> 1696 </tr> 1697 </table> 1698 1699 1700 <h3 id="eop-in-qualcomm-radio-driver">Elevation of privilege vulnerability in 1701 Qualcomm radio driver</h3> 1702 <p> 1703 An elevation of privilege vulnerability in the Qualcomm radio driver could 1704 enable a local malicious application to execute arbitrary code within the 1705 context of the kernel. This issue is rated as High because it first requires 1706 compromising a privileged process. 1707 </p> 1708 1709 <table> 1710 <col width="19%"> 1711 <col width="20%"> 1712 <col width="10%"> 1713 <col width="23%"> 1714 <col width="17%"> 1715 <tr> 1716 <th>CVE</th> 1717 <th>References</th> 1718 <th>Severity</th> 1719 <th>Updated Google devices</th> 1720 <th>Date reported</th> 1721 </tr> 1722 <tr> 1723 <td>CVE-2016-5345</td> 1724 <td>A-32639452<br> 1725 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=67118716a2933f6f30a25ea7e3946569a8b191c6"> 1726 QC-CR#1079713</a></td> 1727 <td>High</td> 1728 <td>Android One</td> 1729 <td>Nov 3, 2016</td> 1730 </tr> 1731 </table> 1732 1733 1734 <h3 id="eop-in-kernel-profiling-subsystem">Elevation of privilege vulnerability 1735 in kernel profiling subsystem</h3> 1736 <p> 1737 An elevation of privilege vulnerability in the kernel profiling subsystem could 1738 enable a local malicious application to execute arbitrary code within the 1739 context of the kernel. This issue is rated as High because it first requires 1740 compromising a privileged process. 1741 </p> 1742 1743 <table> 1744 <col width="19%"> 1745 <col width="20%"> 1746 <col width="10%"> 1747 <col width="23%"> 1748 <col width="17%"> 1749 <tr> 1750 <th>CVE</th> 1751 <th>References</th> 1752 <th>Severity</th> 1753 <th>Updated Google devices</th> 1754 <th>Date reported</th> 1755 </tr> 1756 <tr> 1757 <td>CVE-2016-9754</td> 1758 <td>A-32659848<br> 1759 <a href="http://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=59643d1535eb220668692a5359de22545af579f6"> 1760 Upstream kernel</a></td> 1761 <td>High</td> 1762 <td>Nexus 5X, Nexus 6, Nexus 6P, Nexus 9, Android One, Pixel C, Nexus 1763 Player</td> 1764 <td>Nov 4, 2016</td> 1765 </tr> 1766 </table> 1767 1768 1769 <h3 id="eop-in-broadcom-wi-fi-driver">Elevation of privilege vulnerability in 1770 Broadcom Wi-Fi driver</h3> 1771 <p> 1772 An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could 1773 enable a local malicious application to execute arbitrary code within the 1774 context of the kernel. This issue is rated as High because it first requires 1775 compromising a privileged process. 1776 </p> 1777 1778 <table> 1779 <col width="19%"> 1780 <col width="20%"> 1781 <col width="10%"> 1782 <col width="23%"> 1783 <col width="17%"> 1784 <tr> 1785 <th>CVE</th> 1786 <th>References</th> 1787 <th>Severity</th> 1788 <th>Updated Google devices</th> 1789 <th>Date reported</th> 1790 </tr> 1791 <tr> 1792 <td>CVE-2016-8453 1793 </td> 1794 <td>A-24739315*<br> 1795 B-RB#73392</td> 1796 <td>High</td> 1797 <td>Nexus 6</td> 1798 <td>Google internal</td> 1799 </tr> 1800 <tr> 1801 <td>CVE-2016-8454</td> 1802 <td>A-32174590*<br> 1803 B-RB#107142</td> 1804 <td>High</td> 1805 <td>Nexus 6, Nexus 6P, Nexus 9, Pixel C, Nexus Player</td> 1806 <td>Oct 14, 2016</td> 1807 </tr> 1808 <tr> 1809 <td>CVE-2016-8455</td> 1810 <td>A-32219121*<br> 1811 B-RB#106311</td> 1812 <td>High</td> 1813 <td>Nexus 6P</td> 1814 <td>Oct 15, 2016</td> 1815 </tr> 1816 <tr> 1817 <td>CVE-2016-8456</td> 1818 <td>A-32219255*<br> 1819 B-RB#105580</td> 1820 <td>High</td> 1821 <td>Nexus 6, Nexus 6P, Nexus 9, Pixel C, Nexus Player</td> 1822 <td>Oct 15, 2016</td> 1823 </tr> 1824 <tr> 1825 <td>CVE-2016-8457</td> 1826 <td>A-32219453*<br> 1827 B-RB#106116</td> 1828 <td>High</td> 1829 <td>Nexus 6, Nexus 6P, Nexus 9, Pixel C</td> 1830 <td>Oct 15, 2016</td> 1831 </tr> 1832 </table> 1833 <p> 1834 * The patch for this issue is not publicly available. The update is contained 1835 in the latest binary drivers for Nexus devices available from the 1836 <a href="https://developers.google.com/android/nexus/drivers">Google Developer 1837 site</a>. 1838 </p> 1839 1840 1841 <h3 id="eop-in-synaptics-touchscreen-driver-2">Elevation of privilege 1842 vulnerability in Synaptics touchscreen driver</h3> 1843 <p> 1844 An elevation of privilege vulnerability in the Synaptics touchscreen driver 1845 could enable a local malicious application to execute arbitrary code within the 1846 context of the kernel. This issue is rated as High because it first requires 1847 compromising a privileged process. 1848 </p> 1849 1850 <table> 1851 <col width="19%"> 1852 <col width="20%"> 1853 <col width="10%"> 1854 <col width="23%"> 1855 <col width="17%"> 1856 <tr> 1857 <th>CVE</th> 1858 <th>References</th> 1859 <th>Severity</th> 1860 <th>Updated Google devices</th> 1861 <th>Date reported</th> 1862 </tr> 1863 <tr> 1864 <td>CVE-2016-8458</td> 1865 <td>A-31968442*</td> 1866 <td>High</td> 1867 <td>Nexus 5X, Nexus 6P, Nexus 9, Android One, Pixel, Pixel XL</td> 1868 <td>Google internal</td> 1869 </tr> 1870 </table> 1871 <p> 1872 * The patch for this issue is not publicly available. The update is contained 1873 in the latest binary drivers for Nexus devices available from the 1874 <a href="https://developers.google.com/android/nexus/drivers">Google Developer 1875 site</a>. 1876 </p> 1877 1878 1879 <h3 id="id-in-nvidia-video-driver">Information disclosure vulnerability in 1880 NVIDIA video driver</h3> 1881 <p> 1882 An information disclosure vulnerability in the NVIDIA video driver could enable 1883 a local malicious application to access data outside of its permission levels. 1884 This issue is rated as High because it could be used to access sensitive data 1885 without explicit user permission. 1886 </p> 1887 1888 <table> 1889 <col width="19%"> 1890 <col width="20%"> 1891 <col width="10%"> 1892 <col width="23%"> 1893 <col width="17%"> 1894 <tr> 1895 <th>CVE</th> 1896 <th>References</th> 1897 <th>Severity</th> 1898 <th>Updated Google devices</th> 1899 <th>Date reported</th> 1900 </tr> 1901 <tr> 1902 <td>CVE-2016-8460</td> 1903 <td>A-31668540*<br> 1904 N-CVE-2016-8460</td> 1905 <td>High</td> 1906 <td>Nexus 9</td> 1907 <td>Sep 21, 2016</td> 1908 </tr> 1909 </table> 1910 <p> 1911 * The patch for this issue is not publicly available. The update is contained 1912 in the latest binary drivers for Nexus devices available from the 1913 <a href="https://developers.google.com/android/nexus/drivers">Google Developer 1914 site</a>. 1915 </p> 1916 1917 1918 <h3 id="id-in-bootloader">Information disclosure vulnerability in 1919 bootloader</h3> 1920 <p> 1921 An information disclosure vulnerability in the bootloader could enable a local 1922 attacker to access data outside of its permission level. This issue is rated as 1923 High because it could be used to access sensitive data. 1924 </p> 1925 1926 <table> 1927 <col width="19%"> 1928 <col width="20%"> 1929 <col width="10%"> 1930 <col width="23%"> 1931 <col width="17%"> 1932 <tr> 1933 <th>CVE</th> 1934 <th>References</th> 1935 <th>Severity</th> 1936 <th>Updated Google devices</th> 1937 <th>Date reported</th> 1938 </tr> 1939 <tr> 1940 <td>CVE-2016-8461</td> 1941 <td>A-32369621*</td> 1942 <td>High</td> 1943 <td>Nexus 9, Pixel, Pixel XL</td> 1944 <td>Oct 21, 2016</td> 1945 </tr> 1946 <tr> 1947 <td>CVE-2016-8462</td> 1948 <td>A-32510383*</td> 1949 <td>High</td> 1950 <td>Pixel, Pixel XL</td> 1951 <td>Oct 27, 2016</td> 1952 </tr> 1953 </table> 1954 <p> 1955 * The patch for this issue is not publicly available. The update is contained 1956 in the latest binary drivers for Nexus devices available from the 1957 <a href="https://developers.google.com/android/nexus/drivers">Google Developer 1958 site</a>. 1959 </p> 1960 1961 1962 <h3 id="dos-in-qualcomm-fuse-file-system">Denial of service vulnerability in 1963 Qualcomm FUSE file system</h3> 1964 <p> 1965 A denial of service vulnerability in the Qualcomm FUSE file system could enable 1966 a remote attacker to use a specially crafted file to cause a device hang or 1967 reboot. This issue is rated as High due to the possibility of remote denial of 1968 service. 1969 </p> 1970 1971 <table> 1972 <col width="19%"> 1973 <col width="20%"> 1974 <col width="10%"> 1975 <col width="23%"> 1976 <col width="17%"> 1977 <tr> 1978 <th>CVE</th> 1979 <th>References</th> 1980 <th>Severity</th> 1981 <th>Updated Google devices</th> 1982 <th>Date reported</th> 1983 </tr> 1984 <tr> 1985 <td>CVE-2016-8463</td> 1986 <td>A-30786860<br> 1987 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=cd0fa86de6ca1d40c0a93d86d1c0f7846e8a9a10"> 1988 QC-CR#586855</a></td> 1989 <td>High</td> 1990 <td>None*</td> 1991 <td>Jan 03, 2014</td> 1992 </tr> 1993 </table> 1994 <p> 1995 * Supported Google devices on Android 7.0 or later that have installed all 1996 available updates are not affected by this vulnerability. 1997 </p> 1998 1999 2000 <h3 id="dos-in-bootloader">Denial of service vulnerability in bootloader</h3> 2001 <p> 2002 A denial of service vulnerability in the bootloader could enable an attacker to 2003 cause a local permanent denial of service, which may require reflashing the 2004 operating system to repair the device. This issue is rated as High due to the 2005 possibility of local permanent denial of service. 2006 </p> 2007 2008 <table> 2009 <col width="19%"> 2010 <col width="20%"> 2011 <col width="10%"> 2012 <col width="23%"> 2013 <col width="17%"> 2014 <tr> 2015 <th>CVE</th> 2016 <th>References</th> 2017 <th>Severity</th> 2018 <th>Updated Google devices</th> 2019 <th>Date reported</th> 2020 </tr> 2021 <tr> 2022 <td>CVE-2016-8467</td> 2023 <td>A-30308784*</td> 2024 <td>High</td> 2025 <td>Nexus 6, Nexus 6P</td> 2026 <td>Jun 29, 2016</td> 2027 </tr> 2028 </table> 2029 <p> 2030 * The patch for this issue is not publicly available. The update is contained 2031 in the latest binary drivers for Nexus devices available from the 2032 <a href="https://developers.google.com/android/nexus/drivers">Google Developer 2033 site</a>. 2034 </p> 2035 2036 2037 <h3 id="eop-in-broadcom-wi-fi-driver-2">Elevation of privilege vulnerability in 2038 Broadcom Wi-Fi driver</h3> 2039 <p> 2040 An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could 2041 enable a local malicious application to execute arbitrary code within the 2042 context of the kernel. This issue is rated as Moderate because it first 2043 requires compromising a privileged process and is mitigated by current platform 2044 configurations. 2045 </p> 2046 2047 <table> 2048 <col width="19%"> 2049 <col width="20%"> 2050 <col width="10%"> 2051 <col width="23%"> 2052 <col width="17%"> 2053 <tr> 2054 <th>CVE</th> 2055 <th>References</th> 2056 <th>Severity</th> 2057 <th>Updated Google devices</th> 2058 <th>Date reported</th> 2059 </tr> 2060 <tr> 2061 <td>CVE-2016-8464</td> 2062 <td>A-29000183*<br> 2063 B-RB#106314</td> 2064 <td>Moderate</td> 2065 <td>Nexus 6, Nexus 6P, Nexus 9, Pixel C, Nexus Player</td> 2066 <td>May 26, 2016</td> 2067 </tr> 2068 <tr> 2069 <td>CVE-2016-8466</td> 2070 <td>A-31822524*<br> 2071 B-RB#105268</td> 2072 <td>Moderate</td> 2073 <td>Nexus 6, Nexus 6P, Nexus 9, Pixel C, Nexus Player</td> 2074 <td>Sep 28, 2016</td> 2075 </tr> 2076 <tr> 2077 <td>CVE-2016-8465</td> 2078 <td>A-32474971*<br> 2079 B-RB#106053</td> 2080 <td>Moderate</td> 2081 <td>Nexus 6, Nexus 6P, Nexus 9, Pixel C, Nexus Player</td> 2082 <td>Oct 27, 2016</td> 2083 </tr> 2084 </table> 2085 <p> 2086 * The patch for this issue is not publicly available. The update is contained 2087 in the latest binary drivers for Nexus devices available from the 2088 <a href="https://developers.google.com/android/nexus/drivers">Google Developer 2089 site</a>. 2090 </p> 2091 2092 2093 <h3 id="eop-in-binder">Elevation of privilege vulnerability in Binder</h3> 2094 <p> 2095 An elevation of privilege vulnerability in Binder could enable a local 2096 malicious application to execute arbitrary code within the context of a 2097 privileged process. This issue is rated as Moderate because it first requires 2098 compromising a privileged process and is mitigated by current platform 2099 configurations. 2100 </p> 2101 2102 <table> 2103 <col width="19%"> 2104 <col width="20%"> 2105 <col width="10%"> 2106 <col width="23%"> 2107 <col width="17%"> 2108 <tr> 2109 <th>CVE</th> 2110 <th>References</th> 2111 <th>Severity</th> 2112 <th>Updated Google devices</th> 2113 <th>Date reported</th> 2114 </tr> 2115 <tr> 2116 <td>CVE-2016-8468</td> 2117 <td>A-32394425*</td> 2118 <td>Moderate</td> 2119 <td>Pixel C, Pixel, Pixel XL</td> 2120 <td>Google internal</td> 2121 </tr> 2122 </table> 2123 <p> 2124 * The patch for this issue is not publicly available. The update is contained 2125 in the latest binary drivers for Nexus devices available from the 2126 <a href="https://developers.google.com/android/nexus/drivers">Google Developer 2127 site</a>. 2128 </p> 2129 2130 2131 <h3 id="id-in-nvidia-camera-driver">Information disclosure vulnerability in 2132 NVIDIA camera driver</h3> 2133 <p> 2134 An information disclosure vulnerability in the camera driver could enable a 2135 local malicious application to access data outside of its permission levels. 2136 This issue is rated as Moderate because it first requires compromising a 2137 privileged process. 2138 </p> 2139 2140 <table> 2141 <col width="19%"> 2142 <col width="20%"> 2143 <col width="10%"> 2144 <col width="23%"> 2145 <col width="17%"> 2146 <tr> 2147 <th>CVE</th> 2148 <th>References</th> 2149 <th>Severity</th> 2150 <th>Updated Google devices</th> 2151 <th>Date reported</th> 2152 </tr> 2153 <tr> 2154 <td>CVE-2016-8469</td> 2155 <td>A-31351206*<br> 2156 N-CVE-2016-8469</td> 2157 <td>Moderate</td> 2158 <td>Nexus 9</td> 2159 <td>Sep 7, 2016</td> 2160 </tr> 2161 </table> 2162 <p> 2163 * The patch for this issue is not publicly available. The update is contained 2164 in the latest binary drivers for Nexus devices available from the 2165 <a href="https://developers.google.com/android/nexus/drivers">Google Developer 2166 site</a>. 2167 </p> 2168 2169 2170 <h3 id="id-in-mediatek-driver">Information disclosure vulnerability in MediaTek 2171 driver</h3> 2172 <p> 2173 An information disclosure vulnerability in the MediaTek driver could enable a 2174 local malicious application to access data outside of its permission levels. 2175 This issue is rated as Moderate because it first requires compromising a 2176 privileged process. 2177 </p> 2178 2179 <table> 2180 <col width="19%"> 2181 <col width="20%"> 2182 <col width="10%"> 2183 <col width="23%"> 2184 <col width="17%"> 2185 <tr> 2186 <th>CVE</th> 2187 <th>References</th> 2188 <th>Severity</th> 2189 <th>Updated Google devices</th> 2190 <th>Date reported</th> 2191 </tr> 2192 <tr> 2193 <td>CVE-2016-8470</td> 2194 <td>A-31528889*<br> 2195 MT-ALPS02961395</td> 2196 <td>Moderate</td> 2197 <td>None**</td> 2198 <td>Sep 15, 2016</td> 2199 </tr> 2200 <tr> 2201 <td>CVE-2016-8471</td> 2202 <td>A-31528890*<br> 2203 MT-ALPS02961380</td> 2204 <td>Moderate</td> 2205 <td>None**</td> 2206 <td>Sep 15, 2016</td> 2207 </tr> 2208 <tr> 2209 <td>CVE-2016-8472</td> 2210 <td>A-31531758*<br> 2211 MT-ALPS02961384</td> 2212 <td>Moderate</td> 2213 <td>None**</td> 2214 <td>Sep 15, 2016</td> 2215 </tr> 2216 </table> 2217 <p> 2218 * The patch for this issue is not publicly available. The update is contained 2219 in the latest binary drivers for Nexus devices available from the 2220 <a href="https://developers.google.com/android/nexus/drivers">Google Developer 2221 site</a>. 2222 </p> 2223 <p> 2224 ** Supported Google devices on Android 7.0 or later that have installed all 2225 available updates are not affected by this vulnerability. 2226 </p> 2227 2228 2229 <h3 id="id-in-stmicroelectronics-driver">Information disclosure vulnerability 2230 in STMicroelectronics driver</h3> 2231 <p> 2232 An information disclosure vulnerability in the STMicroelectronics driver could 2233 enable a local malicious application to access data outside of its permission 2234 levels. This issue is rated as Moderate because it first requires compromising 2235 a privileged process. 2236 </p> 2237 2238 <table> 2239 <col width="19%"> 2240 <col width="20%"> 2241 <col width="10%"> 2242 <col width="23%"> 2243 <col width="17%"> 2244 <tr> 2245 <th>CVE</th> 2246 <th>References</th> 2247 <th>Severity</th> 2248 <th>Updated Google devices</th> 2249 <th>Date reported</th> 2250 </tr> 2251 <tr> 2252 <td>CVE-2016-8473</td> 2253 <td>A-31795790*</td> 2254 <td>Moderate</td> 2255 <td>Nexus 5X, Nexus 6P</td> 2256 <td>Sep 28, 2016</td> 2257 </tr> 2258 <tr> 2259 <td>CVE-2016-8474</td> 2260 <td>A-31799972*</td> 2261 <td>Moderate</td> 2262 <td>Nexus 5X, Nexus 6P</td> 2263 <td>Sep 28, 2016</td> 2264 </tr> 2265 </table> 2266 <p> 2267 * The patch for this issue is not publicly available. The update is contained 2268 in the latest binary drivers for Nexus devices available from the 2269 <a href="https://developers.google.com/android/nexus/drivers">Google Developer 2270 site</a>. 2271 </p> 2272 2273 2274 <h3 id="id-in-qualcomm-audio-post-processor-">Information disclosure 2275 vulnerability in Qualcomm audio post processor </h3> 2276 <p> 2277 An information disclosure vulnerability in the Qualcomm audio post processor 2278 could enable a local malicious application to access data outside of its 2279 permission levels. This issue is rated as Moderate because it could be used to 2280 access sensitive data without permission. 2281 </p> 2282 2283 <table> 2284 <col width="18%"> 2285 <col width="17%"> 2286 <col width="10%"> 2287 <col width="19%"> 2288 <col width="18%"> 2289 <col width="17%"> 2290 <tr> 2291 <th>CVE</th> 2292 <th>References</th> 2293 <th>Severity</th> 2294 <th>Updated Google devices</th> 2295 <th>Updated AOSP versions</th> 2296 <th>Date reported</th> 2297 </tr> 2298 <tr> 2299 <td>CVE-2017-0399 2300 </td> 2301 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/c66c43ad571ed2590dcd55a762c73c90d9744bac"> 2302 A-32588756</a> 2303 [<a href="https://android.googlesource.com/platform/hardware/qcom/audio/+/d72ea85c78a1a68bf99fd5804ad9784b4102fe57">2</a>]</td> 2304 <td>Moderate</td> 2305 <td>All</td> 2306 <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 2307 <td>Oct 18, 2016</td> 2308 </tr> 2309 <tr> 2310 <td>CVE-2017-0400</td> 2311 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/c66c43ad571ed2590dcd55a762c73c90d9744bac"> 2312 A-32438598</a> 2313 [<a href="https://android.googlesource.com/platform/hardware/qcom/audio/+/d72ea85c78a1a68bf99fd5804ad9784b4102fe57">2</a>] 2314 </td> 2315 <td>Moderate</td> 2316 <td>All</td> 2317 <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 2318 <td>Oct 25, 2016</td> 2319 </tr> 2320 <tr> 2321 <td>CVE-2017-0401</td> 2322 <td><a href="https://android.googlesource.com/platform/hardware/qcom/audio/+/ed79f2cc961d7d35fdbbafdd235c1436bcd74358"> 2323 A-32588016</a> 2324 </td> 2325 <td>Moderate</td> 2326 <td>All</td> 2327 <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 2328 <td>Oct 26, 2016</td> 2329 </tr> 2330 <tr> 2331 <td>CVE-2017-0402</td> 2332 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/c66c43ad571ed2590dcd55a762c73c90d9744bac"> 2333 A-32588352</a> 2334 [<a href="https://android.googlesource.com/platform/hardware/qcom/audio/+/d72ea85c78a1a68bf99fd5804ad9784b4102fe57">2</a>] 2335 </td> 2336 <td>Moderate</td> 2337 <td>All</td> 2338 <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 2339 <td>Oct 25, 2016</td> 2340 </tr> 2341 </table> 2342 2343 2344 <h3 id="id-in-htc-input-driver">Information disclosure vulnerability in HTC 2345 input driver</h3> 2346 <p> 2347 An information disclosure vulnerability in the HTC input driver could enable a 2348 local malicious application to access data outside of its permission levels. 2349 This issue is rated as Moderate because it first requires compromising a 2350 privileged process. 2351 </p> 2352 2353 <table> 2354 <col width="19%"> 2355 <col width="20%"> 2356 <col width="10%"> 2357 <col width="23%"> 2358 <col width="17%"> 2359 <tr> 2360 <th>CVE</th> 2361 <th>References</th> 2362 <th>Severity</th> 2363 <th>Updated Google devices</th> 2364 <th>Date reported</th> 2365 </tr> 2366 <tr> 2367 <td>CVE-2016-8475</td> 2368 <td>A-32591129*</td> 2369 <td>Moderate</td> 2370 <td>Pixel, Pixel XL</td> 2371 <td>Oct 30, 2016</td> 2372 </tr> 2373 </table> 2374 <p> 2375 * The patch for this issue is not publicly available. The update is contained 2376 in the latest binary drivers for Nexus devices available from the 2377 <a href="https://developers.google.com/android/nexus/drivers">Google Developer 2378 site</a>. 2379 </p> 2380 2381 2382 <h3 id="dos-in-kernel-file-system">Denial of service vulnerability in kernel 2383 file system</h3> 2384 <p> 2385 A denial of service vulnerability in the kernel file system could enable a 2386 local malicious application to cause a device hang or reboot. This issue is 2387 rated as Moderate because it is a temporary denial of service that requires a 2388 factory reset to fix. 2389 </p> 2390 2391 <table> 2392 <col width="19%"> 2393 <col width="20%"> 2394 <col width="10%"> 2395 <col width="23%"> 2396 <col width="17%"> 2397 <tr> 2398 <th>CVE</th> 2399 <th>References</th> 2400 <th>Severity</th> 2401 <th>Updated Google devices</th> 2402 <th>Date reported</th> 2403 </tr> 2404 <tr> 2405 <td>CVE-2014-9420</td> 2406 <td>A-32477499<br> 2407 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f54e18f1b831c92f6512d2eedb224cd63d607d3d"> 2408 Upstream kernel</a></td> 2409 <td>Moderate</td> 2410 <td>Pixel C</td> 2411 <td>Dec 25, 2014</td> 2412 </tr> 2413 </table> 2414 2415 <h2 id="common-questions-and-answers">Common Questions and Answers</h2> 2416 <p>This section answers common questions that may occur after reading this 2417 bulletin.</p> 2418 2419 <p><strong>1. How do I determine if my device is updated to address these issues? 2420 </strong></p> 2421 2422 <p>To learn how to check a device's security patch level, read the instructions on 2423 the <a 2424 href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">Pixel 2425 and Nexus update schedule</a>.</p> 2426 <ul> 2427 <li>Security patch levels of 2017-01-01 or later address all issues associated 2428 with the 2017-01-01 security patch level.</li> 2429 <li>Security patch levels of 2017-01-05 or later address all issues associated 2430 with the 2017-01-05 security patch level and all previous patch levels.</li> 2431 </ul> 2432 <p>Device manufacturers that include these updates should set the patch string 2433 level to:</p> 2434 <ul> 2435 <li>[ro.build.version.security_patch]:[2017-01-01]</li> 2436 <li>[ro.build.version.security_patch]:[2017-01-05]</li> 2437 </ul> 2438 <p><strong>2. Why does this bulletin have two security patch levels?</strong></p> 2439 2440 <p>This bulletin has two security patch levels so that Android partners have the 2441 flexibility to fix a subset of vulnerabilities that are similar across all 2442 Android devices more quickly. Android partners are encouraged to fix all issues 2443 in this bulletin and use the latest security patch level.</p> 2444 <ul> 2445 <li>Devices that use the January 1, 2017 security patch level must include all 2446 issues associated with that security patch level, as well as fixes for all 2447 issues reported in previous security bulletins.</li> 2448 <li>Devices that use the security patch level of January 5, 2017 or newer must 2449 include all applicable patches in this (and previous) security 2450 bulletins.</li> 2451 </ul> 2452 <p>Partners are encouraged to bundle the fixes for all issues they are addressing 2453 in a single update.</p> 2454 2455 <p><strong>3. How do I determine which Google devices are affected by each 2456 issue?</strong></p> 2457 2458 <p>In the <a href="#2017-01-01-details">2017-01-01</a> and 2459 <a href="#2017-01-05-details">2017-01-05</a> 2460 security vulnerability details sections, each table has an <em>Updated Google 2461 devices</em> column that covers the range of affected Google devices updated for 2462 each issue. This column has a few options:</p> 2463 <ul> 2464 <li><strong>All Google devices</strong>: If an issue affects All and Pixel 2465 devices, the table will have "All" in the <em>Updated Google devices</em> 2466 column. "All" encapsulates the following <a 2467 href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">supported 2468 devices</a>: Nexus 5X, Nexus 6, Nexus 6P, Nexus 9, Android One, 2469 Nexus Player, Pixel C, Pixel, and Pixel XL.</li> 2470 <li><strong>Some Google devices</strong>: If an issue doesn't affect all Google 2471 devices, the affected Google devices are listed in the <em>Updated Google 2472 devices</em> column.</li> 2473 <li><strong>No Google devices</strong>: If no Google devices running the 2474 latest available version of Android are affected by the issue, the table 2475 will have "None" in the <em>Updated Google devices</em> column.</li> 2476 </ul> 2477 <p><strong>4. What do the entries in the references column map to?</strong></p> 2478 2479 <p>Entries under the <em>References</em> column of the vulnerability details table 2480 may contain a prefix identifying the organization to which the reference value 2481 belongs. These prefixes map as follows:</p> 2482 2483 <table> 2484 <tr> 2485 <th>Prefix</th> 2486 <th>Reference</th> 2487 </tr> 2488 <tr> 2489 <td>A-</td> 2490 <td>Android bug ID</td> 2491 </tr> 2492 <tr> 2493 <td>QC-</td> 2494 <td>Qualcomm reference number</td> 2495 </tr> 2496 <tr> 2497 <td>M-</td> 2498 <td>MediaTek reference number</td> 2499 </tr> 2500 <tr> 2501 <td>N-</td> 2502 <td>NVIDIA reference number</td> 2503 </tr> 2504 <tr> 2505 <td>B-</td> 2506 <td>Broadcom reference number</td> 2507 </tr> 2508 </table> 2509 <h2 id="revisions">Revisions</h2> 2510 <ul> 2511 <li>January 03, 2017: Bulletin published.</li> 2512 <li>January 04, 2017: Bulletin revised to include AOSP links.</li> 2513 <li>January 05, 2017: Clarified AOSP version number from 7.1 to 7.1.1.</li> 2514 <li>January 12, 2017: Removed duplicate entry for CVE-2016-8467.</li> 2515 <li>January 24, 2017: Updated description and severity for CVE-2017-0381.</li> 2516 <li>February 2, 2017: Updated CVE-2017-0389 with additional patch link.</li> 2517 </ul> 2518 2519 </body> 2520 </html> 2521
