1 <html devsite> 2 <head> 3 <title>Android Security BulletinFebruary 2017</title> 4 <meta name="project_path" value="/_project.yaml" /> 5 <meta name="book_path" value="/_book.yaml" /> 6 </head> 7 <body> 8 <!-- 9 Copyright 2017 The Android Open Source Project 10 11 Licensed under the Apache License, Version 2.0 (the "License"); 12 you may not use this file except in compliance with the License. 13 You may obtain a copy of the License at 14 15 http://www.apache.org/licenses/LICENSE-2.0 16 17 Unless required by applicable law or agreed to in writing, software 18 distributed under the License is distributed on an "AS IS" BASIS, 19 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 20 See the License for the specific language governing permissions and 21 limitations under the License. 22 --> 23 24 25 <p><em>Published February 06, 2017 | Updated February 8, 2017</em></p> 26 <p> 27 The Android Security Bulletin contains details of security vulnerabilities 28 affecting Android devices. Alongside the bulletin, we have released a security 29 update to Google devices through an over-the-air (OTA) update. The Google device 30 firmware images have also been released to the <a 31 href="https://developers.google.com/android/nexus/images">Google Developer 32 site</a>. Security patch levels of February 05, 2017 or later address all of 33 these issues. Refer to the <a 34 href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">Pixel 35 and Nexus update schedule</a> to learn how to check a device's security patch 36 level. 37 </p> 38 <p> 39 Partners were notified of the issues described in the bulletin on January 03, 40 2017 or earlier. Source code patches for these issues have been released to the 41 Android Open Source Project (AOSP) repository and linked from this bulletin. 42 This bulletin also includes links to patches outside of AOSP. 43 </p> 44 <p> 45 The most severe of these issues is a Critical security vulnerability that could 46 enable remote code execution on an affected device through multiple methods such 47 as email, web browsing, and MMS when processing media files. The 48 <a href="/security/overview/updates-resources.html#severity">severity 49 assessment</a> is based on the effect that exploiting the vulnerability would 50 possibly have on an affected device, assuming the platform and service 51 mitigations are disabled for development purposes or if successfully bypassed. 52 </p> 53 <p> 54 We have had no reports of active customer exploitation or abuse of these newly 55 reported issues. Refer to the <a 56 href="#mitigations">Android and Google service 57 mitigations</a> section for details on the <a 58 href="/security/enhancements/index.html">Android 59 security platform protections</a> and service protections such as <a 60 href="https://developer.android.com/training/safetynet/index.html">SafetyNet</a>, 61 which improve the security of the Android platform. 62 </p> 63 <p> 64 We encourage all customers to accept these updates to their devices. 65 </p> 66 <h2 id="announcements">Announcements</h2> 67 <ul> 68 <li>This bulletin has two security patch level strings to provide Android 69 partners with the flexibility to more quickly fix a subset of vulnerabilities 70 that are similar across all Android devices. See <a 71 href="#common-questions-and-answers">Common questions and answers</a> for 72 additional information: 73 <ul> 74 <li><strong>2017-02-01</strong>: Partial security patch level string. This 75 security patch level string indicates that all issues associated with 2017-02-01 76 (and all previous security patch level strings) are addressed.</li> 77 <li><strong>2017-02-05</strong>: Complete security patch level string. This 78 security patch level string indicates that all issues associated with 2017-02-01 79 and 2017-02-05 (and all previous security patch level strings) are addressed.</li> 80 </ul> 81 </li> 82 <li>Supported Google devices will receive a single OTA update with the February 83 05, 2017 security patch level.</li> 84 </ul> 85 86 <h2 id="mitigations">Android and Google service mitigations</h2> 87 <p>This is a summary of the mitigations provided by the <a 88 href="/security/enhancements/index.html">Android 89 security platform</a> and service protections, such as SafetyNet. These 90 capabilities reduce the likelihood that security vulnerabilities could be 91 successfully exploited on Android.</p> 92 <ul> 93 <li>Exploitation for many issues on Android is made more difficult by 94 enhancements in newer versions of the Android platform. We encourage all users 95 to update to the latest version of Android where possible.</li> 96 <li>The Android Security team actively monitors for abuse with 97 <a href="http://static.googleusercontent.com/media/source.android.com/en//security/reports/Google_Android_Security_2015_Report_Final.pdf"> 98 Verify Apps and SafetyNet</a>, which are designed to warn users about 99 <a href="http://static.googleusercontent.com/media/source.android.com/en//security/reports/Google_Android_Security_PHA_classifications.pdf"> 100 Potentially Harmful Applications</a>. Verify Apps is enabled by default on devices with 101 <a href="http://www.android.com/gms">Google Mobile Services</a> and is especially 102 important for users who install applications from outside of Google Play. Device 103 rooting tools are prohibited within Google Play, but Verify Apps warns users 104 when they attempt to install a detected rooting applicationno matter where it 105 comes from. Additionally, Verify Apps attempts to identify and block 106 installation of known malicious applications that exploit a privilege escalation 107 vulnerability. If such an application has already been installed, Verify Apps 108 will notify the user and attempt to remove the detected application.</li> 109 <li>As appropriate, Google Hangouts and Messenger applications do not 110 automatically pass media to processes such as Mediaserver.</li> 111 </ul> 112 <h2 id="acknowledgements">Acknowledgements</h2> 113 <p> 114 We would like to thank these researchers for their contributions: 115 </p> 116 <ul> 117 <li>Daniel Dakhno: CVE-2017-0420</li> 118 <li>Daniel Micay of Copperhead Security: CVE-2017-0410</li> 119 <li><a href="http://www.linkedin.com/in/dzima">Dzmitry Lukyanenka</a>: 120 CVE-2017-0414</li> 121 <li>Frank Liberato of Chrome: CVE-2017-0409</li> 122 <li>Gal Beniamini of Project Zero: CVE-2017-0411, CVE-2017-0412</li> 123 <li>Gengjia Chen (<a href="https://twitter.com/chengjia4574">@chengjia4574</a>) 124 and <a href="http://weibo.com/jfpan">pjf</a> of IceSword Lab, Qihoo 360 125 Technology Co. Ltd.: CVE-2017-0434, CVE-2017-0446, CVE-2017-0447, CVE-2017-0432</li> 126 <li>Guang Gong () (<a href="https://twitter.com/oldfresher">@oldfresher</a>) 127 of Alpha Team, <a href="http://www.360.com">Qihoo 360 Technology Co.Ltd</a>: 128 CVE-2017-0415</li> 129 <li><a href="mailto:arnow117 (a] gmail.com">Hanxiang Wen</a>, 130 <a href="mailto:vancouverdou (a] gmail.com">Wenke Dou</a>, Mingjian Zhou ( 131 <a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>), and Xuxian Jiang 132 of <a href="http://c0reteam.org">C0RE Team</a>: CVE-2017-0418</li> 133 <li>Hao Chen and Guang Gong of Alpha Team, Qihoo 360 Technology Co. Ltd.: 134 CVE-2017-0437, CVE-2017-0438, CVE-2017-0439, CVE-2016-8419, CVE-2016-8420, 135 CVE-2016-8421, CVE-2017-0441, CVE-2017-0442, CVE-2016-8476, CVE-2017-0443</li> 136 <li>Jeff Sharkey of Google: CVE-2017-0421, CVE-2017-0423</li> 137 <li>Jeff Trim: CVE-2017-0422</li> 138 <li>Jianqiang Zhao ( 139 <a href="https://twitter.com/jianqiangzhao">@jianqiangzhao</a>) and 140 <a href="http://weibo.com/jfpan">pjf</a> of IceSword Lab, Qihoo 360: CVE-2017-0445</li> 141 <li>ma.la and Nikolay Elenkov of LINE Corporation: CVE-2016-5552</li> 142 <li>Max Spector of Google: CVE-2017-0416</li> 143 <li>Mingjian Zhou ( 144 <a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>), Yuqi Lu ( 145 <a href="https://twitter.com/nikos233__">@nikos233</a>), and Xuxian Jiang of 146 <a href="http://c0reteam.org">C0RE Team</a>: CVE-2017-0425</li> 147 <li>Qidan He () (<a href="https://twitter.com/flanker_hqd">@flanker_hqd</a>) 148 and Di Shen () (<a href="https://twitter.com/returnsme">@returnsme</a>) of 149 KeenLab, Tencent (): CVE-2017-0427</li> 150 <li>Sagi Kedmi of IBM X-Force Research: CVE-2017-0433</li> 151 <li>Scott Bauer (<a href="http://twitter.com/ScottyBauer1">@ScottyBauer1</a>) 152 and Daniel Micay of Copperhead Security: CVE-2017-0405</li> 153 <li>Seven Shen (<a href="https://twitter.com/lingtongshen">@lingtongshen</a>) of 154 Trend Micro Mobile Threat Research Team: CVE-2017-0449, CVE-2016-8418</li> 155 <li><a href="mailto:segfault5514 (a] gmail.com">Tong Lin</a>, 156 <a href="mailto:computernik (a] gmail.com">Yuan-Tsung Lo</a>, Chiachih Wu ( 157 <a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>), and Xuxian Jiang of 158 <a href="http://c0reteam.org">C0RE Team</a>: CVE-2017-0436, CVE-2016-8481, CVE-2017-0435</li> 159 <li>V.E.O (<a href="https://twitter.com/vysea">@VYSEa</a>) of 160 <a href="http://blog.trendmicro.com/trendlabs-security-intelligence/category/mobile">Mobile 161 Threat Response Team</a>, <a href="http://www.trendmicro.com">Trend Micro</a>: 162 CVE-2017-0424</li> 163 <li>Weichao Sun (<a href="https://twitter.com/sunblate">@sunblate</a>) of 164 Alibaba Inc.: CVE-2017-0407</li> 165 <li><a href="mailto:vancouverdou (a] gmail.com">Wenke Dou</a>, 166 <a href="mailto:hlhan (a] bupt.edu.cn">Hongli Han</a>, Mingjian Zhou ( 167 <a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>), and Xuxian Jiang 168 of <a href="http://c0reteam.org">C0RE Team</a>: CVE-2017-0450</li> 169 <li><a href="mailto:vancouverdou (a] gmail.com">Wenke Dou</a>, Yuqi Lu ( 170 <a href="https://twitter.com/nikos233__">@nikos233</a>), Mingjian Zhou ( 171 <a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>), and Xuxian Jiang 172 of <a href="http://c0reteam.org">C0RE Team</a>: CVE-2017-0417</li> 173 <li>Wish Wu (<a href="https://twitter.com/wish_wu">@wish_wu</a>) ( 174 <a href="http://www.weibo.com/wishlinux"></a> ) of Ant-financial Light-Year 175 Security Lab: CVE-2017-0408</li> 176 <li><a href="mailto:yaojun8558363 (a] gmail.com">Yao Jun</a>, 177 <a href="mailto:computernik (a] gmail.com">Yuan-Tsung Lo</a>, Chiachih Wu ( 178 <a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>), and Xuxian Jiang of 179 <a href="http://c0reteam.org">C0RE Team</a>: CVE-2016-8480</li> 180 <li><a href="mailto:computernik (a] gmail.com">Yuan-Tsung Lo</a>, Chiachih Wu ( 181 <a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>), and Xuxian Jiang of 182 <a href="http://c0reteam.org">C0RE Team</a>: CVE-2017-0444</li> 183 <li><a href="mailto:computernik (a] gmail.com">Yuan-Tsung Lo</a>, 184 <a href="mailto:segfault5514 (a] gmail.com">Tong Lin</a>, Chiachih Wu ( 185 <a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>), and Xuxian Jiang of 186 <a href="http://c0reteam.org">C0RE Team</a>: CVE-2017-0428</li> 187 <li><a href="mailto:computernik (a] gmail.com">Yuan-Tsung Lo</a>, 188 <a href="mailto:wisedd (a] gmail.com">Xiaodong Wang</a>, Chiachih Wu ( 189 <a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>), and Xuxian Jiang of 190 <a href="http://c0reteam.org">C0RE Team</a>: CVE-2017-0448, CVE-2017-0429</li> 191 <li><a href="mailto:zhouzhenster (a] gmail.com">Zhen Zhou</a> ( 192 <a href="https://twitter.com/henices">@henices</a>) and 193 <a href="mailto:sundaywind2004 (a] gmail.com">Zhixin Li</a> of 194 <a href="http://www.nsfocus.com">NSFocus</a>: CVE-2017-0406</li> 195 </ul> 196 <p> 197 We would also like to thank the following for their contributions to this 198 bulletin: 199 </p><ul> 200 <li>Pengfei Ding (), Chenfu Bao (), and Lenx Wei () of Baidu X-Lab 201 ()</li> 202 </ul> 203 204 <h2 id="2017-02-01-details">2017-02-01 security patch levelVulnerability 205 details</h2> 206 <p> 207 In the sections below, we provide details for each of the security 208 vulnerabilities that apply to the 2017-02-01 patch level. There is a description 209 of the issue, a severity rationale, and a table with the CVE, associated 210 references, severity, updated Google devices, updated AOSP versions (where 211 applicable), and date reported. When available, we will link the public change 212 that addressed the issue to the bug ID, like the AOSP change list. When multiple 213 changes relate to a single bug, additional references are linked to numbers 214 following the bug ID.</p> 215 216 217 <h3 id="rce-in-surfaceflinger">Remote code execution vulnerability in 218 Surfaceflinger</h3> 219 <p> 220 A remote code execution vulnerability in Surfaceflinger could enable an 221 attacker using a specially crafted file to cause memory corruption during media 222 file and data processing. This issue is rated as Critical due to the 223 possibility of remote code execution within the context of the Surfaceflinger 224 process. 225 </p> 226 227 <table> 228 <col width="18%"> 229 <col width="17%"> 230 <col width="10%"> 231 <col width="19%"> 232 <col width="18%"> 233 <col width="17%"> 234 <tr> 235 <th>CVE</th> 236 <th>References</th> 237 <th>Severity</th> 238 <th>Updated Google devices</th> 239 <th>Updated AOSP versions</th> 240 <th>Date reported</th> 241 </tr> 242 <tr> 243 <td>CVE-2017-0405</td> 244 <td><a href="https://android.googlesource.com/platform/frameworks/native/+/16110b86db164e8d2b6864fed58f0385fe7d0979"> 245 A-31960359</a></td> 246 <td>Critical</td> 247 <td>All</td> 248 <td>7.0, 7.1.1</td> 249 <td>Oct 4, 2016</td> 250 </tr> 251 </table> 252 253 254 <h3 id="rce-in-mediaserver">Remote code execution vulnerability in 255 Mediaserver</h3> 256 <p> 257 A remote code execution vulnerability in Mediaserver could enable an attacker 258 using a specially crafted file to cause memory corruption during media file and 259 data processing. This issue is rated as Critical due to the possibility of 260 remote code execution within the context of the Mediaserver process. 261 </p> 262 263 <table> 264 <col width="18%"> 265 <col width="17%"> 266 <col width="10%"> 267 <col width="19%"> 268 <col width="18%"> 269 <col width="17%"> 270 <tr> 271 <th>CVE</th> 272 <th>References</th> 273 <th>Severity</th> 274 <th>Updated Google devices</th> 275 <th>Updated AOSP versions</th> 276 <th>Date reported</th> 277 </tr> 278 <tr> 279 <td>CVE-2017-0406</td> 280 <td><a href="https://android.googlesource.com/platform/external/libhevc/+/fed702734d86801cc86b4865a57e2f2028c4b575"> 281 A-32915871</a> 282 [<a href="https://android.googlesource.com/platform/external/libhevc/+/df7b56457184600e3d2b7cbac87ebe7001f7cb48">2</a>]</td> 283 <td>Critical</td> 284 <td>All</td> 285 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 286 <td>Nov 14, 2016</td> 287 </tr> 288 <tr> 289 <td>CVE-2017-0407</td> 290 <td><a href="https://android.googlesource.com/platform/external/libhevc/+/7546c106004910a4583b2d7d03c6498ecf383da7"> 291 A-32873375</a></td> 292 <td>Critical</td> 293 <td>All</td> 294 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 295 <td>Nov 12, 2016</td> 296 </tr> 297 </table> 298 299 300 <h3 id="rce-in-libgdx">Remote code execution vulnerability in libgdx</h3> 301 <p> 302 A remote code execution vulnerability in libgdx could enable an attacker using 303 a specially crafted file to execute arbitrary code in the context of an 304 unprivileged process. This issue is rated as High due to the possibility of 305 remote code execution in an application that uses this library. 306 </p> 307 308 <table> 309 <col width="18%"> 310 <col width="17%"> 311 <col width="10%"> 312 <col width="19%"> 313 <col width="18%"> 314 <col width="17%"> 315 <tr> 316 <th>CVE</th> 317 <th>References</th> 318 <th>Severity</th> 319 <th>Updated Google devices</th> 320 <th>Updated AOSP versions</th> 321 <th>Date reported</th> 322 </tr> 323 <tr> 324 <td>CVE-2017-0408</td> 325 <td><a href="https://android.googlesource.com/platform/external/libgdx/+/e6da772e70c9754966aabf4ddac73bb99eb1742b"> 326 A-32769670</a></td> 327 <td>High</td> 328 <td>All</td> 329 <td>7.1.1</td> 330 <td>Nov 9, 2016</td> 331 </tr> 332 </table> 333 334 335 <h3 id="rce-in-libstagefright">Remote code execution vulnerability in 336 libstagefright</h3> 337 <p> 338 A remote code execution vulnerability in libstagefright could enable an 339 attacker using a specially crafted file to execute arbitrary code in the 340 context of an unprivileged process. This issue is rated as High due to the 341 possibility of remote code execution in an application that uses this library. 342 </p> 343 344 <table> 345 <col width="18%"> 346 <col width="17%"> 347 <col width="10%"> 348 <col width="19%"> 349 <col width="18%"> 350 <col width="17%"> 351 <tr> 352 <th>CVE</th> 353 <th>References</th> 354 <th>Severity</th> 355 <th>Updated Google devices</th> 356 <th>Updated AOSP versions</th> 357 <th>Date reported</th> 358 </tr> 359 <tr> 360 <td>CVE-2017-0409</td> 361 <td><a href="https://android.googlesource.com/platform/external/libavc/+/72886b6964f6539908c8e127cd13c3091d2e5a8b"> 362 A-31999646</a></td> 363 <td>High</td> 364 <td>All</td> 365 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 366 <td>Google internal</td> 367 </tr> 368 </table> 369 370 371 <h3 id="eop-in-java.net">Elevation of privilege vulnerability in Java.Net</h3> 372 <p> 373 An elevation of privilege in the Java.Net library could enable malicious web 374 content to redirect a user to another website without explicit permission. This 375 issue is rated as High because it is a remote bypass of user interaction 376 requirements. 377 </p> 378 379 <table> 380 <col width="18%"> 381 <col width="17%"> 382 <col width="10%"> 383 <col width="19%"> 384 <col width="18%"> 385 <col width="17%"> 386 <tr> 387 <th>CVE</th> 388 <th>References</th> 389 <th>Severity</th> 390 <th>Updated Google devices</th> 391 <th>Updated AOSP versions</th> 392 <th>Date reported</th> 393 </tr> 394 <tr> 395 <td>CVE-2016-5552</td> 396 <td><a href="https://android.googlesource.com/platform/libcore/+/4b3f2c6c5b84f80fae8eeeb46727811e055715ea"> 397 A-31858037</a></td> 398 <td>High</td> 399 <td>All</td> 400 <td>7.0, 7.1.1</td> 401 <td>Sep 30, 2016</td> 402 </tr> 403 </table> 404 405 406 <h3 id="eop-in-framework-apis">Elevation of privilege vulnerability in 407 Framework APIs</h3> 408 <p> 409 An elevation of privilege vulnerability in the Framework APIs could enable a 410 local malicious application to execute arbitrary code within the context of a 411 privileged process. This issue is rated as High because it could be used to 412 gain local access to elevated capabilities, which are not normally accessible 413 to a third-party application. 414 </p> 415 416 <table> 417 <col width="18%"> 418 <col width="17%"> 419 <col width="10%"> 420 <col width="19%"> 421 <col width="18%"> 422 <col width="17%"> 423 <tr> 424 <th>CVE</th> 425 <th>References</th> 426 <th>Severity</th> 427 <th>Updated Google devices</th> 428 <th>Updated AOSP versions</th> 429 <th>Date reported</th> 430 </tr> 431 <tr> 432 <td>CVE-2017-0410</td> 433 <td><a href="https://android.googlesource.com/platform/frameworks/native/+/b4d6b292bce7d82c93fd454078dedf5a1302b9fa"> 434 A-31929765</a></td> 435 <td>High</td> 436 <td>All</td> 437 <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 438 <td>Oct 2, 2016</td> 439 </tr> 440 <tr> 441 <td>CVE-2017-0411</td> 442 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/203725e4d58e16334d84998c1483c374f541ed9f"> 443 A-33042690</a> 444 [<a href="https://android.googlesource.com/platform/frameworks/base/+/31a06019d13d7b00ca35fc8512191c643acb8e84">2</a>]</td> 445 <td>High</td> 446 <td>All</td> 447 <td>7.0, 7.1.1</td> 448 <td>Nov 21, 2016</td> 449 </tr> 450 <tr> 451 <td>CVE-2017-0412</td> 452 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/203725e4d58e16334d84998c1483c374f541ed9f"> 453 A-33039926</a> 454 [<a href="https://android.googlesource.com/platform/frameworks/base/+/31a06019d13d7b00ca35fc8512191c643acb8e84">2</a>]</td> 455 <td>High</td> 456 <td>All</td> 457 <td>7.0, 7.1.1</td> 458 <td>Nov 21, 2016</td> 459 </tr> 460 </table> 461 462 <h3 id="eop-in-mediaserver">Elevation of privilege vulnerability in 463 Mediaserver</h3> 464 <p> 465 An elevation of privilege vulnerability in Mediaserver could enable a local 466 malicious application to execute arbitrary code within the context of a 467 privileged process. This issue is rated as High because it could be used to 468 gain local access to elevated capabilities, which are not normally accessible 469 to a third-party application. 470 </p> 471 472 <table> 473 <col width="18%"> 474 <col width="17%"> 475 <col width="10%"> 476 <col width="19%"> 477 <col width="18%"> 478 <col width="17%"> 479 <tr> 480 <th>CVE</th> 481 <th>References</th> 482 <th>Severity</th> 483 <th>Updated Google devices</th> 484 <th>Updated AOSP versions</th> 485 <th>Date reported</th> 486 </tr> 487 <tr> 488 <td>CVE-2017-0415</td> 489 <td><a href="https://android.googlesource.com/platform/frameworks/native/+/2e16d5fac149dab3c3e8f1b2ca89f45cf55a7b34"> 490 A-32706020</a></td> 491 <td>High</td> 492 <td>All</td> 493 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 494 <td>Nov 4, 2016</td> 495 </tr> 496 </table> 497 498 499 <h3 id="eop-in-audioserver">Elevation of privilege vulnerability in 500 Audioserver</h3> 501 <p> 502 An elevation of privilege vulnerability in Audioserver could enable a local 503 malicious application to execute arbitrary code within the context of a 504 privileged process. This issue is rated as High because it could be used to 505 gain local access to elevated capabilities, which are not normally accessible 506 to a third-party application. 507 </p> 508 509 <table> 510 <col width="18%"> 511 <col width="17%"> 512 <col width="10%"> 513 <col width="19%"> 514 <col width="18%"> 515 <col width="17%"> 516 <tr> 517 <th>CVE</th> 518 <th>References</th> 519 <th>Severity</th> 520 <th>Updated Google devices</th> 521 <th>Updated AOSP versions</th> 522 <th>Date reported</th> 523 </tr> 524 <tr> 525 <td>CVE-2017-0416</td> 526 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/b0bcddb44d992e74140a3f5eedc7177977ea8e34"> 527 A-32886609</a> 528 [<a href="https://android.googlesource.com/platform/frameworks/av/+/321ea5257e37c8edb26e66fe4ee78cca4cd915fe">2</a>]</td> 529 <td>High</td> 530 <td>All</td> 531 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 532 <td>Google internal</td> 533 </tr> 534 <tr> 535 <td>CVE-2017-0417</td> 536 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/b0bcddb44d992e74140a3f5eedc7177977ea8e34"> 537 A-32705438</a></td> 538 <td>High</td> 539 <td>All</td> 540 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 541 <td>Nov 7, 2016</td> 542 </tr> 543 <tr> 544 <td>CVE-2017-0418</td> 545 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/b0bcddb44d992e74140a3f5eedc7177977ea8e34"> 546 A-32703959</a> 547 [<a href="https://android.googlesource.com/platform/hardware/libhardware/+/534098cb29e1e4151ba2ed83d6a911d0b6f48522">2</a>]</td> 548 <td>High</td> 549 <td>All</td> 550 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 551 <td>Nov 7, 2016</td> 552 </tr> 553 <tr> 554 <td>CVE-2017-0419</td> 555 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/a155de4d70e0b9ac8fc02b2bdcbb2e8e6cca46ff"> 556 A-32220769</a></td> 557 <td>High</td> 558 <td>All</td> 559 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 560 <td>Oct 15, 2016</td> 561 </tr> 562 </table> 563 564 <h3 id="id-in-aosp-mail">Information disclosure vulnerability in AOSP Mail</h3> 565 <p> 566 An information disclosure vulnerability in AOSP Mail could enable a local 567 malicious application to bypass operating system protections that isolate 568 application data from other applications. This issue is rated as High because 569 it could be used to gain access to data that the application does not have 570 access to. 571 </p> 572 573 <table> 574 <col width="18%"> 575 <col width="17%"> 576 <col width="10%"> 577 <col width="19%"> 578 <col width="18%"> 579 <col width="17%"> 580 <tr> 581 <th>CVE</th> 582 <th>References</th> 583 <th>Severity</th> 584 <th>Updated Google devices</th> 585 <th>Updated AOSP versions</th> 586 <th>Date reported</th> 587 </tr> 588 <tr> 589 <td>CVE-2017-0420</td> 590 <td><a href="https://android.googlesource.com/platform/packages/apps/UnifiedEmail/+/2073799a165e6aa15117f8ad76bb0c7618b13909"> 591 A-32615212</a></td> 592 <td>High</td> 593 <td>All</td> 594 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 595 <td>Sep 12, 2016</td> 596 </tr> 597 </table> 598 599 600 <h3 id="id-in-aosp-messaging">Information disclosure vulnerability in AOSP 601 Messaging</h3> 602 <p> 603 An information disclosure vulnerability in AOSP Messaging could enable a local 604 malicious application to bypass operating system protections that isolate 605 application data from other applications. This issue is rated as High because 606 it could be used to gain access to data that the application does not have 607 access to. 608 </p> 609 610 <table> 611 <col width="18%"> 612 <col width="17%"> 613 <col width="10%"> 614 <col width="19%"> 615 <col width="18%"> 616 <col width="17%"> 617 <tr> 618 <th>CVE</th> 619 <th>References</th> 620 <th>Severity</th> 621 <th>Updated Google devices</th> 622 <th>Updated AOSP versions</th> 623 <th>Date reported</th> 624 </tr> 625 <tr> 626 <td>CVE-2017-0413</td> 627 <td><a href="https://android.googlesource.com/platform/packages/apps/Messaging/+/74059eb379ea07b9c7f46bf2112a60de8e4cfc8e"> 628 A-32161610</a></td> 629 <td>High</td> 630 <td>All</td> 631 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 632 <td>Oct 13, 2016</td> 633 </tr> 634 <tr> 635 <td>CVE-2017-0414</td> 636 <td><a href="https://android.googlesource.com/platform/packages/apps/Messaging/+/30ab77f42d20c33c0aa9e6ffd2b164d096db32dd"> 637 A-32807795</a></td> 638 <td>High</td> 639 <td>All</td> 640 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 641 <td>Nov 10, 2016</td> 642 </tr> 643 </table> 644 645 646 <h3 id="id-in-framework-apis">Information disclosure vulnerability in Framework 647 APIs</h3> 648 <p> 649 An information disclosure vulnerability in the Framework APIs could enable a 650 local malicious application to bypass operating system protections that isolate 651 application data from other applications. This issue is rated as High because 652 it could be used to gain access to data that the application does not have 653 access to. 654 </p> 655 656 <table> 657 <col width="18%"> 658 <col width="17%"> 659 <col width="10%"> 660 <col width="19%"> 661 <col width="18%"> 662 <col width="17%"> 663 <tr> 664 <th>CVE</th> 665 <th>References</th> 666 <th>Severity</th> 667 <th>Updated Google devices</th> 668 <th>Updated AOSP versions</th> 669 <th>Date reported</th> 670 </tr> 671 <tr> 672 <td>CVE-2017-0421</td> 673 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/858064e946dc8dbf76bff9387e847e211703e336"> 674 A-32555637</a></td> 675 <td>High</td> 676 <td>All</td> 677 <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 678 <td>Google internal</td> 679 </tr> 680 </table> 681 682 683 <h3 id="dos-in-bionic-dns">Denial of service vulnerability in Bionic DNS</h3> 684 <p> 685 A denial of service vulnerability in Bionic DNS could enable a remote attacker 686 to use a specially crafted network packet to cause a device hang or reboot. 687 This issue is rated as High due to the possibility of remote denial of service. 688 689 </p> 690 691 <table> 692 <col width="18%"> 693 <col width="17%"> 694 <col width="10%"> 695 <col width="19%"> 696 <col width="18%"> 697 <col width="17%"> 698 <tr> 699 <th>CVE</th> 700 <th>References</th> 701 <th>Severity</th> 702 <th>Updated Google devices</th> 703 <th>Updated AOSP versions</th> 704 <th>Date reported</th> 705 </tr> 706 <tr> 707 <td>CVE-2017-0422</td> 708 <td><a href="https://android.googlesource.com/platform/bionic/+/dba3df609436d7697305735818f0a840a49f1a0d"> 709 A-32322088</a></td> 710 <td>High</td> 711 <td>All</td> 712 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 713 <td>Oct 20, 2016</td> 714 </tr> 715 </table> 716 717 718 <h3 id="eop-in-bluetooth">Elevation of privilege vulnerability in 719 Bluetooth</h3> 720 <p> 721 An elevation of privilege vulnerability in Bluetooth could enable a proximate 722 attacker to manage access to documents on the device. This issue is rated as 723 Moderate because it first requires exploitation of a separate vulnerability in 724 the Bluetooth stack. 725 </p> 726 727 <table> 728 <col width="18%"> 729 <col width="17%"> 730 <col width="10%"> 731 <col width="19%"> 732 <col width="18%"> 733 <col width="17%"> 734 <tr> 735 <th>CVE</th> 736 <th>References</th> 737 <th>Severity</th> 738 <th>Updated Google devices</th> 739 <th>Updated AOSP versions</th> 740 <th>Date reported</th> 741 </tr> 742 <tr> 743 <td>CVE-2017-0423</td> 744 <td><a href="https://android.googlesource.com/platform/packages/apps/Bluetooth/+/4c1f39e1cf203cb9db7b85e75b5fc32ec7132083"> 745 A-32612586</a></td> 746 <td>Moderate</td> 747 <td>All</td> 748 <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 749 <td>Nov 2, 2016</td> 750 </tr> 751 </table> 752 753 754 <h3 id="id-in-aosp-messaging-2">Information disclosure vulnerability in AOSP 755 Messaging</h3> 756 <p> 757 An information disclosure vulnerability in AOSP Messaging could enable a remote 758 attacker using a special crafted file to access data outside of its permission 759 levels. This issue is rated as Moderate because it is a general bypass for a 760 user level defense in depth or exploit mitigation technology in a privileged 761 process. 762 </p> 763 764 <table> 765 <col width="18%"> 766 <col width="17%"> 767 <col width="10%"> 768 <col width="19%"> 769 <col width="18%"> 770 <col width="17%"> 771 <tr> 772 <th>CVE</th> 773 <th>References</th> 774 <th>Severity</th> 775 <th>Updated Google devices</th> 776 <th>Updated AOSP versions</th> 777 <th>Date reported</th> 778 </tr> 779 <tr> 780 <td>CVE-2017-0424</td> 781 <td><a href="https://android.googlesource.com/platform/packages/apps/Messaging/+/e9b7e3a6b7a8886693d298401a20788816a5afdc"> 782 A-32322450</a></td> 783 <td>Moderate</td> 784 <td>All</td> 785 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 786 <td>Oct 20, 2016</td> 787 </tr> 788 </table> 789 790 791 <h3 id="id-in-audioserver">Information disclosure vulnerability in 792 Audioserver</h3> 793 <p> 794 An information disclosure vulnerability in Audioserver could enable a local 795 malicious application to access data outside of its permission levels. This 796 issue is rated as Moderate because it could be used to access sensitive data 797 without permission. 798 </p> 799 800 <table> 801 <col width="18%"> 802 <col width="17%"> 803 <col width="10%"> 804 <col width="19%"> 805 <col width="18%"> 806 <col width="17%"> 807 <tr> 808 <th>CVE</th> 809 <th>References</th> 810 <th>Severity</th> 811 <th>Updated Google devices</th> 812 <th>Updated AOSP versions</th> 813 <th>Date reported</th> 814 </tr> 815 <tr> 816 <td>CVE-2017-0425</td> 817 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/a155de4d70e0b9ac8fc02b2bdcbb2e8e6cca46ff"> 818 A-32720785</a></td> 819 <td>Moderate</td> 820 <td>All</td> 821 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 822 <td>Nov 7, 2016</td> 823 </tr> 824 </table> 825 826 827 <h3 id="id-in-filesystem">Information disclosure vulnerability in 828 Filesystem</h3> 829 <p> 830 An information disclosure vulnerability in the Filesystem could enable a local 831 malicious application to access data outside of its permission levels. This 832 issue is rated as Moderate because it could be used to access sensitive data 833 without permission. 834 </p> 835 836 <table> 837 <col width="18%"> 838 <col width="17%"> 839 <col width="10%"> 840 <col width="19%"> 841 <col width="18%"> 842 <col width="17%"> 843 <tr> 844 <th>CVE</th> 845 <th>References</th> 846 <th>Severity</th> 847 <th>Updated Google devices</th> 848 <th>Updated AOSP versions</th> 849 <th>Date reported</th> 850 </tr> 851 <tr> 852 <td>CVE-2017-0426</td> 853 <td><a href="https://android.googlesource.com/platform/system/sepolicy/+/ae46511bfa62b56938b3df824bb2ee737dceaa7a"> 854 A-32799236</a> 855 [<a href="https://android.googlesource.com/platform/system/core/+/0e7324e9095a209d4f06ba00812b2b2976fe2846">2</a>]</td> 856 <td>Moderate</td> 857 <td>All</td> 858 <td>7.0, 7.1.1</td> 859 <td>Google internal</td> 860 </tr> 861 </table> 862 863 864 <h2 id="2017-02-05-details">2017-02-05 security patch levelVulnerability 865 details</h2> 866 <p> 867 In the sections below, we provide details for each of the security 868 vulnerabilities that apply to the 2017-02-05 patch level. 869 There is a description of 870 the issue, a severity rationale, and a table with the CVE, associated 871 references, severity, updated Google devices, updated AOSP versions (where 872 applicable), and date reported. When available, we will link the public change 873 that addressed the issue to the bug ID, like the AOSP change list. When multiple 874 changes relate to a single bug, additional references are linked to numbers 875 following the bug ID.</p> 876 877 878 <h3 id="rce-in-qualcomm-crypto-driver">Remote code execution vulnerability in 879 Qualcomm crypto driver</h3> 880 <p> 881 A remote code execution vulnerability in the Qualcomm crypto driver could 882 enable a remote attacker to execute arbitrary code within the context of the 883 kernel. This issue is rated as Critical due to the possibility of remote code 884 execution in the context of the kernel. 885 </p> 886 887 <table> 888 <col width="19%"> 889 <col width="20%"> 890 <col width="10%"> 891 <col width="23%"> 892 <col width="17%"> 893 <tr> 894 <th>CVE</th> 895 <th>References</th> 896 <th>Severity</th> 897 <th>Updated Google devices</th> 898 <th>Date reported</th> 899 </tr> 900 <tr> 901 <td>CVE-2016-8418</td> 902 <td>A-32652894<br> 903 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=8f8066581a8e575a7d57d27f36c4db63f91ca48f"> 904 QC-CR#1077457</a></td> 905 <td>Critical</td> 906 <td>None*</td> 907 <td>Oct 10, 2016</td> 908 </tr> 909 </table> 910 <p> 911 * Supported Google devices on Android 7.0 or later that have installed all 912 available updates are not affected by this vulnerability. 913 </p> 914 915 916 <h3 id="eop-in-kernel-file-system">Elevation of privilege vulnerability in 917 kernel file system</h3> 918 <p> 919 An elevation of privilege vulnerability in the kernel file system could enable 920 a local malicious application to execute arbitrary code within the context of 921 the kernel. This issue is rated as Critical due to the possibility of a local 922 permanent device compromise, which may require reflashing the operating system 923 to repair the device. 924 </p> 925 926 <table> 927 <col width="19%"> 928 <col width="20%"> 929 <col width="10%"> 930 <col width="23%"> 931 <col width="17%"> 932 <tr> 933 <th>CVE</th> 934 <th>References</th> 935 <th>Severity</th> 936 <th>Updated Google devices</th> 937 <th>Date reported</th> 938 </tr> 939 <tr> 940 <td>CVE-2017-0427</td> 941 <td>A-31495866*</td> 942 <td>Critical</td> 943 <td>Nexus 5X, Nexus 6, Nexus 6P, Nexus 9, Android One, Pixel C, Nexus 944 Player, Pixel, Pixel XL</td> 945 <td>Sep 13, 2016</td> 946 </tr> 947 </table> 948 <p> 949 * The patch for this issue is not publicly available. The update is contained 950 in the latest binary drivers for Nexus devices available from the 951 <a href="https://developers.google.com/android/nexus/drivers"> 952 Google Developer site</a>. 953 </p> 954 955 956 <h3 id="eop-in-nvidia-gpu-driver">Elevation of privilege vulnerability in 957 NVIDIA GPU driver</h3> 958 <p> 959 An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a 960 local malicious application to execute arbitrary code within the context of the 961 kernel. This issue is rated as Critical due to the possibility of a local 962 permanent device compromise, which may require reflashing the operating system 963 to repair the device. 964 </p> 965 966 <table> 967 <col width="19%"> 968 <col width="20%"> 969 <col width="10%"> 970 <col width="23%"> 971 <col width="17%"> 972 <tr> 973 <th>CVE</th> 974 <th>References</th> 975 <th>Severity</th> 976 <th>Updated Google devices</th> 977 <th>Date reported</th> 978 </tr> 979 <tr> 980 <td>CVE-2017-0428</td> 981 <td>A-32401526*<br> 982 N-CVE-2017-0428</td> 983 <td>Critical</td> 984 <td>Nexus 9</td> 985 <td>Oct 25, 2016</td> 986 </tr> 987 <tr> 988 <td>CVE-2017-0429</td> 989 <td>A-32636619*<br> 990 N-CVE-2017-0429</td> 991 <td>Critical</td> 992 <td>Nexus 9</td> 993 <td>Nov 3, 2016</td> 994 </tr> 995 </table> 996 <p> 997 * The patch for this issue is not publicly available. The update is contained 998 in the latest binary drivers for Nexus devices available from the 999 <a href="https://developers.google.com/android/nexus/drivers"> 1000 Google Developer site</a>. 1001 </p> 1002 1003 1004 <h3 id="eop-in-kernel-networking-subsystem">Elevation of privilege 1005 vulnerability in kernel networking subsystem</h3> 1006 <p> 1007 An elevation of privilege vulnerability in the kernel networking subsystem 1008 could enable a local malicious application to execute arbitrary code within the 1009 context of the kernel. This issue is rated as Critical due to the possibility 1010 of a local permanent device compromise, which may require reflashing the 1011 operating system to repair the device. 1012 </p> 1013 1014 <table> 1015 <col width="19%"> 1016 <col width="20%"> 1017 <col width="10%"> 1018 <col width="23%"> 1019 <col width="17%"> 1020 <tr> 1021 <th>CVE</th> 1022 <th>References</th> 1023 <th>Severity</th> 1024 <th>Updated Google devices</th> 1025 <th>Date reported</th> 1026 </tr> 1027 <tr> 1028 <td>CVE-2014-9914</td> 1029 <td>A-32882659<br> 1030 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9709674e68646cee5a24e3000b3558d25412203a"> 1031 Upstream kernel</a></td> 1032 <td>Critical</td> 1033 <td>Nexus 6, Nexus Player</td> 1034 <td>Nov 9, 2016</td> 1035 </tr> 1036 </table> 1037 1038 1039 <h3 id="eop-in-broadcom-wi-fi-driver">Elevation of privilege vulnerability in 1040 Broadcom Wi-Fi driver</h3> 1041 <p> 1042 An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could 1043 enable a local malicious application to execute arbitrary code within the 1044 context of the kernel. This issue is rated as Critical due to the possibility 1045 of a local permanent device compromise, which may require reflashing the 1046 operating system to repair the device. 1047 </p> 1048 1049 <table> 1050 <col width="19%"> 1051 <col width="20%"> 1052 <col width="10%"> 1053 <col width="23%"> 1054 <col width="17%"> 1055 <tr> 1056 <th>CVE</th> 1057 <th>References</th> 1058 <th>Severity</th> 1059 <th>Updated Google devices</th> 1060 <th>Date reported</th> 1061 </tr> 1062 <tr> 1063 <td>CVE-2017-0430</td> 1064 <td>A-32838767*<br> 1065 B-RB#107459</td> 1066 <td>Critical</td> 1067 <td>Nexus 6, Nexus 6P, Nexus 9, Pixel C, Nexus Player</td> 1068 <td>Google internal</td> 1069 </tr> 1070 </table> 1071 <p> 1072 * The patch for this issue is not publicly available. The update is contained 1073 in the latest binary drivers for Nexus devices available from the 1074 <a href="https://developers.google.com/android/nexus/drivers"> 1075 Google Developer site</a>. 1076 </p> 1077 1078 1079 <h3 id="vulnerabilities-in-qualcomm-components">Vulnerabilities in Qualcomm 1080 components</h3> 1081 <p> 1082 The following vulnerability affects Qualcomm components and is described in 1083 further detail in Qualcomm AMSS September 2016 security bulletin. 1084 </p> 1085 1086 <table> 1087 <col width="19%"> 1088 <col width="20%"> 1089 <col width="10%"> 1090 <col width="23%"> 1091 <col width="17%"> 1092 <tr> 1093 <th>CVE</th> 1094 <th>References</th> 1095 <th>Severity*</th> 1096 <th>Updated Google devices</th> 1097 <th>Date reported</th> 1098 </tr> 1099 <tr> 1100 <td>CVE-2017-0431</td> 1101 <td>A-32573899**</td> 1102 <td>Critical</td> 1103 <td>None***</td> 1104 <td>Qualcomm internal</td> 1105 </tr> 1106 </table> 1107 <p> 1108 * The severity rating for these vulnerabilities was determined by the vendor. 1109 </p> 1110 <p> 1111 ** The patch for this issue is not publicly available. The update is contained 1112 in the latest binary drivers for Nexus devices available from the 1113 <a href="https://developers.google.com/android/nexus/drivers"> 1114 Google Developer site</a>. 1115 </p> 1116 <p> 1117 *** Supported Google devices on Android 7.0 or later that have installed all 1118 available updates are not affected by this vulnerability. 1119 </p> 1120 1121 1122 <h3 id="eop-in-mediatek-driver">Elevation of privilege vulnerability in 1123 MediaTek driver</h3> 1124 <p> 1125 An elevation of privilege vulnerability in the MediaTek driver could enable a 1126 local malicious application to execute arbitrary code within the context of the 1127 kernel. This issue is rated as High because it first requires compromising a 1128 privileged process. 1129 </p> 1130 1131 <table> 1132 <col width="19%"> 1133 <col width="20%"> 1134 <col width="10%"> 1135 <col width="23%"> 1136 <col width="17%"> 1137 <tr> 1138 <th>CVE</th> 1139 <th>References</th> 1140 <th>Severity</th> 1141 <th>Updated Google devices</th> 1142 <th>Date reported</th> 1143 </tr> 1144 <tr> 1145 <td>CVE-2017-0432</td> 1146 <td>A-28332719*<br> 1147 M-ALPS02708925</td> 1148 <td>High</td> 1149 <td>None**</td> 1150 <td>Apr 21, 2016</td> 1151 </tr> 1152 </table> 1153 <p> 1154 * The patch for this issue is not publicly available. The update is contained 1155 in the latest binary drivers for Nexus devices available from the 1156 <a href="https://developers.google.com/android/nexus/drivers"> 1157 Google Developer site</a>. 1158 </p> 1159 <p> 1160 ** Supported Google devices on Android 7.0 or later that have installed all 1161 available updates are not affected by this vulnerability. 1162 </p> 1163 1164 1165 <h3 id="eop-in-synaptics-touchscreen-driver">Elevation of privilege 1166 vulnerability in Synaptics touchscreen driver</h3> 1167 <p> 1168 An elevation of privilege vulnerability in the Synaptics touchscreen driver 1169 could enable a local malicious application to execute arbitrary code within the 1170 context of the touchscreen chipset. This issue is rated as High because it 1171 first requires compromising a privileged process. 1172 </p> 1173 1174 <table> 1175 <col width="19%"> 1176 <col width="20%"> 1177 <col width="10%"> 1178 <col width="23%"> 1179 <col width="17%"> 1180 <tr> 1181 <th>CVE</th> 1182 <th>References</th> 1183 <th>Severity</th> 1184 <th>Updated Google devices</th> 1185 <th>Date reported</th> 1186 </tr> 1187 <tr> 1188 <td>CVE-2017-0433</td> 1189 <td>A-31913571*</td> 1190 <td>High</td> 1191 <td>Nexus 6P, Nexus 9, Android One, Pixel, Pixel XL</td> 1192 <td>Sep 8, 2016</td> 1193 </tr> 1194 <tr> 1195 <td>CVE-2017-0434</td> 1196 <td>A-33001936*</td> 1197 <td>High</td> 1198 <td>Pixel, Pixel XL</td> 1199 <td>Nov 18, 2016</td> 1200 </tr> 1201 </table> 1202 <p> 1203 * The patch for this issue is not publicly available. The update is contained 1204 in the latest binary drivers for Nexus devices available from the 1205 <a href="https://developers.google.com/android/nexus/drivers"> 1206 Google Developer site</a>. 1207 </p> 1208 1209 1210 <h3 1211 id="eop-in-qualcomm-secure-execution-environment-communicator-driver">Elevation 1212 of privilege vulnerability in Qualcomm Secure Execution Environment 1213 Communicator driver</h3> 1214 <p> 1215 An elevation of privilege vulnerability in the Qualcomm Secure Execution 1216 Environment Communicator drive could enable a local malicious application to 1217 execute arbitrary code within the context of the kernel. This issue is rated as 1218 High because it first requires compromising a privileged process. 1219 </p> 1220 1221 <table> 1222 <col width="19%"> 1223 <col width="20%"> 1224 <col width="10%"> 1225 <col width="23%"> 1226 <col width="17%"> 1227 <tr> 1228 <th>CVE</th> 1229 <th>References</th> 1230 <th>Severity</th> 1231 <th>Updated Google devices</th> 1232 <th>Date reported</th> 1233 </tr> 1234 <tr> 1235 <td>CVE-2016-8480</td> 1236 <td>A-31804432<br> 1237 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=0ed0f061bcd71940ed65de2ba46e37e709e31471"> 1238 QC-CR#1086186</a> 1239 [<a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=cd70f6025a7bbce89af7a7abf4c40a219fdea406">2</a>]</td> 1240 <td>High</td> 1241 <td>Nexus 5X, Nexus 6, Nexus 6P, Android One, Pixel, Pixel XL</td> 1242 <td>Sep 28, 2016</td> 1243 </tr> 1244 </table> 1245 1246 1247 <h3 id="eop-in-qualcomm-sound-driver">Elevation of privilege vulnerability in 1248 Qualcomm sound driver</h3> 1249 <p> 1250 An elevation of privilege vulnerability in the Qualcomm sound driver could 1251 enable a local malicious application to execute arbitrary code within the 1252 context of the kernel. This issue is rated as High because it first requires 1253 compromising a privileged process. 1254 </p> 1255 1256 <table> 1257 <col width="19%"> 1258 <col width="20%"> 1259 <col width="10%"> 1260 <col width="23%"> 1261 <col width="17%"> 1262 <tr> 1263 <th>CVE</th> 1264 <th>References</th> 1265 <th>Severity</th> 1266 <th>Updated Google devices</th> 1267 <th>Date reported</th> 1268 </tr> 1269 <tr> 1270 <td>CVE-2016-8481</td> 1271 <td>A-31906415*<br> 1272 QC-CR#1078000</td> 1273 <td>High</td> 1274 <td>Nexus 5X, Nexus 6P, Pixel, Pixel XL</td> 1275 <td>Oct 1, 2016</td> 1276 </tr> 1277 <tr> 1278 <td>CVE-2017-0435</td> 1279 <td>A-31906657*<br> 1280 QC-CR#1078000</td> 1281 <td>High</td> 1282 <td>Nexus 5X, Nexus 6P, Pixel, Pixel XL</td> 1283 <td>Oct 1, 2016</td> 1284 </tr> 1285 <tr> 1286 <td>CVE-2017-0436</td> 1287 <td>A-32624661*<br> 1288 QC-CR#1078000</td> 1289 <td>High</td> 1290 <td>Nexus 5X, Nexus 6P, Pixel, Pixel XL</td> 1291 <td>Nov 2, 2016</td> 1292 </tr> 1293 </table> 1294 <p> 1295 * The patch for this issue is not publicly available. The update is contained 1296 in the latest binary drivers for Nexus devices available from the 1297 <a href="https://developers.google.com/android/nexus/drivers"> 1298 Google Developer site</a>. 1299 </p> 1300 1301 1302 <h3 id="eop-in-qualcomm-wi-fi-driver">Elevation of privilege vulnerability in 1303 Qualcomm Wi-Fi driver</h3> 1304 <p> 1305 An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could 1306 enable a local malicious application to execute arbitrary code within the 1307 context of the kernel. This issue is rated as High because it first requires 1308 compromising a privileged process. 1309 </p> 1310 1311 <table> 1312 <col width="19%"> 1313 <col width="20%"> 1314 <col width="10%"> 1315 <col width="23%"> 1316 <col width="17%"> 1317 <tr> 1318 <th>CVE</th> 1319 <th>References</th> 1320 <th>Severity</th> 1321 <th>Updated Google devices</th> 1322 <th>Date reported</th> 1323 </tr> 1324 <tr> 1325 <td>CVE-2017-0437</td> 1326 <td>A-32402310<br> 1327 <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=1f0b036dc74ccb6e9f0a03a540efdb0876f5ca77"> 1328 QC-CR#1092497</a></td> 1329 <td>High</td> 1330 <td>Nexus 5X, Pixel, Pixel XL</td> 1331 <td>Oct 25, 2016</td> 1332 </tr> 1333 <tr> 1334 <td>CVE-2017-0438</td> 1335 <td>A-32402604<br> 1336 <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=1f0b036dc74ccb6e9f0a03a540efdb0876f5ca77"> 1337 QC-CR#1092497</a></td> 1338 <td>High</td> 1339 <td>Nexus 5X, Pixel, Pixel XL</td> 1340 <td>Oct 25, 2016</td> 1341 </tr> 1342 <tr> 1343 <td>CVE-2017-0439</td> 1344 <td>A-32450647<br> 1345 <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=81b6b5538d3227ed4b925fcceedb109abb2a4c61"> 1346 QC-CR#1092059</a></td> 1347 <td>High</td> 1348 <td>Nexus 5X, Pixel, Pixel XL</td> 1349 <td>Oct 25, 2016</td> 1350 </tr> 1351 <tr> 1352 <td>CVE-2016-8419</td> 1353 <td>A-32454494<br> 1354 <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=9ba50d536227666a5b6abd51f2b122675d950488"> 1355 QC-CR#1087209</a></td> 1356 <td>High</td> 1357 <td>Nexus 5X, Pixel, Pixel XL</td> 1358 <td>Oct 26, 2016</td> 1359 </tr> 1360 <tr> 1361 <td>CVE-2016-8420</td> 1362 <td>A-32451171<br> 1363 <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=c6597e015a7ce5ee71d3725fc55e64fc50923f4e"> 1364 QC-CR#1087807</a></td> 1365 <td>High</td> 1366 <td>Nexus 5X, Pixel, Pixel XL</td> 1367 <td>Oct 26, 2016</td> 1368 </tr> 1369 <tr> 1370 <td>CVE-2016-8421</td> 1371 <td>A-32451104<br> 1372 <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=61a5cdb9adc96645583f528ac923e6e59f3abbcb"> 1373 QC-CR#1087797</a></td> 1374 <td>High</td> 1375 <td>Nexus 5X, Pixel, Pixel XL</td> 1376 <td>Oct 26, 2016</td> 1377 </tr> 1378 <tr> 1379 <td>CVE-2017-0440</td> 1380 <td>A-33252788<br> 1381 <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=10f0051f7b3b9a7635b0762a8cf102f595f7a268"> 1382 QC-CR#1095770</a></td> 1383 <td>High</td> 1384 <td>Nexus 5X, Pixel, Pixel XL</td> 1385 <td>Nov 11, 2016</td> 1386 </tr> 1387 <tr> 1388 <td>CVE-2017-0441</td> 1389 <td>A-32872662<br> 1390 <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=da87131740351b833f17f05dfa859977bc1e7684"> 1391 QC-CR#1095009</a></td> 1392 <td>High</td> 1393 <td>Nexus 5X, Pixel, Pixel XL</td> 1394 <td>Nov 11, 2016</td> 1395 </tr> 1396 <tr> 1397 <td>CVE-2017-0442</td> 1398 <td>A-32871330<br> 1399 <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=1f0b036dc74ccb6e9f0a03a540efdb0876f5ca77"> 1400 QC-CR#1092497</a></td> 1401 <td>High</td> 1402 <td>Nexus 5X, Pixel, Pixel XL</td> 1403 <td>Nov 13, 2016</td> 1404 </tr> 1405 <tr> 1406 <td>CVE-2017-0443</td> 1407 <td>A-32877494<br> 1408 <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=1f0b036dc74ccb6e9f0a03a540efdb0876f5ca77"> 1409 QC-CR#1092497</a></td> 1410 <td>High</td> 1411 <td>Nexus 5X, Pixel, Pixel XL</td> 1412 <td>Nov 13, 2016</td> 1413 </tr> 1414 <tr> 1415 <td>CVE-2016-8476</td> 1416 <td>A-32879283<br> 1417 <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=bfe8035bce6fec72ed1d064b94529fce8fb09799"> 1418 QC-CR#1091940</a></td> 1419 <td>High</td> 1420 <td>Nexus 5X, Pixel, Pixel XL</td> 1421 <td>Nov 14, 2016</td> 1422 </tr> 1423 </table> 1424 1425 1426 <h3 id="eop-in-realtek-sound-driver">Elevation of privilege vulnerability in 1427 Realtek sound driver</h3> 1428 <p> 1429 An elevation of privilege vulnerability in the Realtek sound driver could 1430 enable a local malicious application to execute arbitrary code within the 1431 context of the kernel. This issue is rated as High because it first requires 1432 compromising a privileged process. 1433 </p> 1434 1435 <table> 1436 <col width="19%"> 1437 <col width="20%"> 1438 <col width="10%"> 1439 <col width="23%"> 1440 <col width="17%"> 1441 <tr> 1442 <th>CVE</th> 1443 <th>References</th> 1444 <th>Severity</th> 1445 <th>Updated Google devices</th> 1446 <th>Date reported</th> 1447 </tr> 1448 <tr> 1449 <td>CVE-2017-0444</td> 1450 <td>A-32705232*</td> 1451 <td>High</td> 1452 <td>Nexus 9</td> 1453 <td>Nov 7, 2016</td> 1454 </tr> 1455 </table> 1456 <p> 1457 * The patch for this issue is not publicly available. The update is contained 1458 in the latest binary drivers for Nexus devices available from the 1459 <a href="https://developers.google.com/android/nexus/drivers"> 1460 Google Developer site</a>. 1461 </p> 1462 1463 1464 <h3 id="eop-in-htc-touchscreen-driver">Elevation of privilege vulnerability in 1465 HTC touchscreen driver</h3> 1466 <p> 1467 An elevation of privilege vulnerability in the HTC touchscreen driver could 1468 enable a local malicious application to execute arbitrary code within the 1469 context of the kernel. This issue is rated as High because it first requires 1470 compromising a privileged process. 1471 </p> 1472 1473 <table> 1474 <col width="19%"> 1475 <col width="20%"> 1476 <col width="10%"> 1477 <col width="23%"> 1478 <col width="17%"> 1479 <tr> 1480 <th>CVE</th> 1481 <th>References</th> 1482 <th>Severity</th> 1483 <th>Updated Google devices</th> 1484 <th>Date reported</th> 1485 </tr> 1486 <tr> 1487 <td>CVE-2017-0445</td> 1488 <td>A-32769717*</td> 1489 <td>High</td> 1490 <td>Pixel, Pixel XL</td> 1491 <td>Nov 9, 2016</td> 1492 </tr> 1493 <tr> 1494 <td>CVE-2017-0446</td> 1495 <td>A-32917445*</td> 1496 <td>High</td> 1497 <td>Pixel, Pixel XL</td> 1498 <td>Nov 15, 2016</td> 1499 </tr> 1500 <tr> 1501 <td>CVE-2017-0447</td> 1502 <td>A-32919560*</td> 1503 <td>High</td> 1504 <td>Pixel, Pixel XL</td> 1505 <td>Nov 15, 2016</td> 1506 </tr> 1507 </table> 1508 <p> 1509 * The patch for this issue is not publicly available. The update is contained 1510 in the latest binary drivers for Nexus devices available from the 1511 <a href="https://developers.google.com/android/nexus/drivers"> 1512 Google Developer site</a>. 1513 </p> 1514 1515 1516 <h3 id="id-in-nvidia-video-driver">Information disclosure vulnerability in 1517 NVIDIA video driver</h3> 1518 <p> 1519 An information disclosure vulnerability in the NVIDIA video driver could enable 1520 a local malicious application to access data outside of its permission levels. 1521 This issue is rated as High because it could be used to access sensitive data 1522 without explicit user permission. 1523 </p> 1524 1525 <table> 1526 <col width="19%"> 1527 <col width="20%"> 1528 <col width="10%"> 1529 <col width="23%"> 1530 <col width="17%"> 1531 <tr> 1532 <th>CVE</th> 1533 <th>References</th> 1534 <th>Severity</th> 1535 <th>Updated Google devices</th> 1536 <th>Date reported</th> 1537 </tr> 1538 <tr> 1539 <td>CVE-2017-0448</td> 1540 <td>A-32721029*<br> 1541 N-CVE-2017-0448</td> 1542 <td>High</td> 1543 <td>Nexus 9</td> 1544 <td>Nov 7, 2016</td> 1545 </tr> 1546 </table> 1547 <p> 1548 * The patch for this issue is not publicly available. The update is contained 1549 in the latest binary drivers for Nexus devices available from the 1550 <a href="https://developers.google.com/android/nexus/drivers"> 1551 Google Developer site</a>. 1552 </p> 1553 1554 1555 <h3 id="eop-in-broadcom-wi-fi-driver-2">Elevation of privilege vulnerability in 1556 Broadcom Wi-Fi driver</h3> 1557 <p> 1558 An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could 1559 enable a local malicious application to execute arbitrary code within the 1560 context of the kernel. This issue is rated as Moderate because it first 1561 requires compromising a privileged process and is mitigated by current platform 1562 configurations. 1563 </p> 1564 1565 <table> 1566 <col width="19%"> 1567 <col width="20%"> 1568 <col width="10%"> 1569 <col width="23%"> 1570 <col width="17%"> 1571 <tr> 1572 <th>CVE</th> 1573 <th>References</th> 1574 <th>Severity</th> 1575 <th>Updated Google devices</th> 1576 <th>Date reported</th> 1577 </tr> 1578 <tr> 1579 <td>CVE-2017-0449</td> 1580 <td>A-31707909*<br> 1581 B-RB#32094</td> 1582 <td>Moderate</td> 1583 <td>Nexus 6, Nexus 6P</td> 1584 <td>Sep 23, 2016</td> 1585 </tr> 1586 </table> 1587 <p> 1588 * The patch for this issue is not publicly available. The update is contained 1589 in the latest binary drivers for Nexus devices available from the 1590 <a href="https://developers.google.com/android/nexus/drivers"> 1591 Google Developer site</a>. 1592 </p> 1593 1594 1595 <h3 id="eop-in-audioserver-2">Elevation of privilege vulnerability in 1596 Audioserver</h3> 1597 <p> 1598 An elevation of privilege vulnerability in Audioserver could enable a local 1599 malicious application to execute arbitrary code within the context of a 1600 privileged process. This issue is rated as Moderate because it is mitigated by 1601 current platform configurations. 1602 </p> 1603 1604 <table> 1605 <col width="19%"> 1606 <col width="20%"> 1607 <col width="10%"> 1608 <col width="23%"> 1609 <col width="17%"> 1610 <tr> 1611 <th>CVE</th> 1612 <th>References</th> 1613 <th>Severity</th> 1614 <th>Updated Google devices</th> 1615 <th>Date reported</th> 1616 </tr> 1617 <tr> 1618 <td>CVE-2017-0450</td> 1619 <td>A-32917432*</td> 1620 <td>Moderate</td> 1621 <td>Nexus 9</td> 1622 <td>Nov 15, 2016</td> 1623 </tr> 1624 </table> 1625 <p> 1626 * The patch for this issue is not publicly available. The update is contained 1627 in the latest binary drivers for Nexus devices available from the 1628 <a href="https://developers.google.com/android/nexus/drivers"> 1629 Google Developer site</a>. 1630 </p> 1631 1632 1633 <h3 id="eop-in-kernel-file-system-2">Elevation of privilege vulnerability in 1634 kernel file system</h3> 1635 <p> 1636 An elevation of privilege vulnerability in the kernel file system could enable 1637 a local malicious application to bypass protections that prevent an escalation 1638 of privileges. This issue is rated as Moderate because it is a general bypass 1639 for a user level defense in depth or exploit mitigation technology. 1640 </p> 1641 1642 <table> 1643 <col width="19%"> 1644 <col width="20%"> 1645 <col width="10%"> 1646 <col width="23%"> 1647 <col width="17%"> 1648 <tr> 1649 <th>CVE</th> 1650 <th>References</th> 1651 <th>Severity</th> 1652 <th>Updated Google devices</th> 1653 <th>Date reported</th> 1654 </tr> 1655 <tr> 1656 <td>CVE-2016-10044</td> 1657 <td>A-31711619*</td> 1658 <td>Moderate</td> 1659 <td>Nexus 5X, Nexus 6, Nexus 6P, Nexus 9, Android One, Pixel C, Nexus 1660 Player, Pixel, Pixel XL</td> 1661 <td>Google internal</td> 1662 </tr> 1663 </table> 1664 <p> 1665 * The patch for this issue is not publicly available. The update is contained 1666 in the latest binary drivers for Nexus devices available from the 1667 <a href="https://developers.google.com/android/nexus/drivers"> 1668 Google Developer site</a>. 1669 </p> 1670 1671 1672 <h3 id="id-in-qualcomm-secure-execution-environment-communicator">Information 1673 disclosure vulnerability in Qualcomm Secure Execution Environment 1674 Communicator</h3> 1675 <p> 1676 An information disclosure vulnerability in the Qualcomm Secure Execution 1677 Environment Communicator could enable a local malicious application to access 1678 data outside of its permission levels. This issue is rated as Moderate because 1679 it first requires compromising a privileged process. 1680 </p> 1681 1682 <table> 1683 <col width="19%"> 1684 <col width="20%"> 1685 <col width="10%"> 1686 <col width="23%"> 1687 <col width="17%"> 1688 <tr> 1689 <th>CVE</th> 1690 <th>References</th> 1691 <th>Severity</th> 1692 <th>Updated Google devices</th> 1693 <th>Date reported</th> 1694 </tr> 1695 <tr> 1696 <td>CVE-2016-8414</td> 1697 <td>A-31704078<br> 1698 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=320970d3da9b091e96746424c44649a91852a846"> 1699 QC-CR#1076407</a></td> 1700 <td>Moderate</td> 1701 <td>Nexus 5X, Nexus 6P, Android One, Pixel, Pixel XL</td> 1702 <td>Sep 23, 2016</td> 1703 </tr> 1704 </table> 1705 1706 1707 <h3 id="id-in-qualcomm-sound-driver">Information disclosure vulnerability in 1708 Qualcomm sound driver</h3> 1709 <p> 1710 An information disclosure vulnerability in the Qualcomm sound driver could 1711 enable a local malicious application to access data outside of its permission 1712 levels. This issue is rated as Moderate because it first requires compromising 1713 a privileged process. 1714 </p> 1715 1716 <table> 1717 <col width="19%"> 1718 <col width="20%"> 1719 <col width="10%"> 1720 <col width="23%"> 1721 <col width="17%"> 1722 <tr> 1723 <th>CVE</th> 1724 <th>References</th> 1725 <th>Severity</th> 1726 <th>Updated Google devices</th> 1727 <th>Date reported</th> 1728 </tr> 1729 <tr> 1730 <td>CVE-2017-0451</td> 1731 <td>A-31796345<br> 1732 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=59f55cd40b5f44941afc78b78e5bf81ad3dd723e"> 1733 QC-CR#1073129</a> 1734 [<a href="https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=35346beb2d8882115f698ab22a96803552b5c57e">2</a>]</td> 1735 <td>Moderate</td> 1736 <td>Nexus 5X, Nexus 6P, Android One, Pixel, Pixel XL</td> 1737 <td>Sep 27, 2016</td> 1738 </tr> 1739 </table> 1740 1741 <h2 id="common-questions-and-answers">Common Questions and Answers</h2> 1742 <p>This section answers common questions that may occur after reading this 1743 bulletin.</p> 1744 <p><strong>1. How do I determine if my device is updated to address these 1745 issues?</strong></p> 1746 <p>To learn how to check a device's security patch level, read the instructions on 1747 the <a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices"> 1748 Pixel and Nexus update schedule</a>.</p> 1749 <ul> 1750 <li>Security patch levels of 2017-02-01 or later address all issues associated 1751 with the 2017-02-01 security patch level.</li> 1752 <li>Security patch levels of 2017-02-05 or later address all issues associated 1753 with the 2017-02-05 security patch level and all previous patch levels. 1754 </li> 1755 </ul> 1756 <p>Device manufacturers that include these updates should set the patch string 1757 level to:</p> 1758 <ul> 1759 <li><code>[ro.build.version.security_patch]:[2017-02-01]</code></li> 1760 <li><code>[ro.build.version.security_patch]:[2017-02-05]</code></li> 1761 </ul> 1762 1763 <p><strong>2. Why does this bulletin have two security patch levels?</strong></p> 1764 1765 <p>This bulletin has two security patch levels so that Android partners have the 1766 flexibility to fix a subset of vulnerabilities that are similar across all 1767 Android devices more quickly. Android partners are encouraged to fix all issues 1768 in this bulletin and use the latest security patch level.</p> 1769 <ul> 1770 <li>Devices that use the February 1, 2017 security patch level must include all 1771 issues associated with that security patch level, as well as fixes for all 1772 issues reported in previous security bulletins.</li> 1773 <li>Devices that use the security patch level of February 5, 2017 or newer must 1774 include all applicable patches in this (and previous) security 1775 bulletins.</li> 1776 </ul> 1777 <p>Partners are encouraged to bundle the fixes for all issues they are addressing 1778 in a single update.</p> 1779 <p><strong>3. How do I determine which Google devices are affected by each 1780 issue?</strong></p> 1781 <p>In the <a href="#2017-02-01-details">2017-02-01</a> and 1782 <a href="#2017-02-05-details">2017-02-05</a> 1783 security vulnerability details sections, each table has an <em>Updated Google 1784 devices</em> column that covers the range of affected Google devices updated for 1785 each issue. This column has a few options: 1786 </p> 1787 <ul> 1788 <li><strong>All Google devices</strong>: If an issue affects All and Pixel 1789 devices, the table will have "All" in the <em>Updated Google devices</em> 1790 column. "All" encapsulates the following <a 1791 href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">supported 1792 devices</a>: Nexus 5X, Nexus 6, Nexus 6P, Nexus 9, Android One, 1793 Nexus Player, Pixel C, Pixel, and Pixel XL.</li> 1794 <li><strong>Some Google devices</strong>: If an issue doesn't affect all Google 1795 devices, the affected Google devices are listed in the <em>Updated Google 1796 devices</em> column.</li> 1797 <li><strong>No Google devices</strong>: If no Google devices running Android 7.0 1798 are affected by the issue, the table will have "None" in the <em>Updated Google 1799 devices</em> column.</li> 1800 </ul> 1801 <p><strong>4. What do the entries in the references column map to?</strong></p> 1802 <p>Entries under the <em>References</em> column of the vulnerability details table 1803 may contain a prefix identifying the organization to which the reference value 1804 belongs. These prefixes map as follows:</p> 1805 <table> 1806 <tr> 1807 <th>Prefix</th> 1808 <th>Reference</th> 1809 </tr> 1810 <tr> 1811 <td>A-</td> 1812 <td>Android bug ID</td> 1813 </tr> 1814 <tr> 1815 <td>QC-</td> 1816 <td>Qualcomm reference number</td> 1817 </tr> 1818 <tr> 1819 <td>M-</td> 1820 <td>MediaTek reference number</td> 1821 </tr> 1822 <tr> 1823 <td>N-</td> 1824 <td>NVIDIA reference number</td> 1825 </tr> 1826 <tr> 1827 <td>B-</td> 1828 <td>Broadcom reference number</td> 1829 </tr> 1830 </table> 1831 1832 <h2 id="revisions">Revisions</h2> 1833 <ul> 1834 <li>February 06, 2017: Bulletin published.</li> 1835 <li>February 08, 2017: Bulletin revised to include AOSP links.</li> 1836 </ul> 1837 1838 </body> 1839 </html> 1840