Home | History | Annotate | Download | only in bulletin
      1 <html devsite>
      2   <head>
      3     <title>Android Security BulletinFebruary 2017</title>
      4     <meta name="project_path" value="/_project.yaml" />
      5     <meta name="book_path" value="/_book.yaml" />
      6   </head>
      7   <body>
      8   <!--
      9       Copyright 2017 The Android Open Source Project
     10 
     11       Licensed under the Apache License, Version 2.0 (the "License");
     12       you may not use this file except in compliance with the License.
     13       You may obtain a copy of the License at
     14 
     15           http://www.apache.org/licenses/LICENSE-2.0
     16 
     17       Unless required by applicable law or agreed to in writing, software
     18       distributed under the License is distributed on an "AS IS" BASIS,
     19       WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     20       See the License for the specific language governing permissions and
     21       limitations under the License.
     22   -->
     23 
     24 
     25 <p><em>Published February 06, 2017 | Updated February 8, 2017</em></p>
     26 <p>
     27 The Android Security Bulletin contains details of security vulnerabilities
     28 affecting Android devices. Alongside the bulletin, we have released a security
     29 update to Google devices through an over-the-air (OTA) update. The Google device
     30 firmware images have also been released to the <a
     31 href="https://developers.google.com/android/nexus/images">Google Developer
     32 site</a>. Security patch levels of February 05, 2017 or later address all of
     33 these issues. Refer to the <a
     34 href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">Pixel
     35 and Nexus update schedule</a> to learn how to check a device's security patch
     36 level.
     37 </p>
     38 <p>
     39 Partners were notified of the issues described in the bulletin on January 03,
     40 2017 or earlier. Source code patches for these issues have been released to the
     41 Android Open Source Project (AOSP) repository and linked from this bulletin.
     42 This bulletin also includes links to patches outside of AOSP.
     43 </p>
     44 <p>
     45 The most severe of these issues is a Critical security vulnerability that could
     46 enable remote code execution on an affected device through multiple methods such
     47 as email, web browsing, and MMS when processing media files. The
     48 <a href="/security/overview/updates-resources.html#severity">severity
     49 assessment</a> is based on the effect that exploiting the vulnerability would
     50 possibly have on an affected device, assuming the platform and service
     51 mitigations are disabled for development purposes or if successfully bypassed.
     52 </p>
     53 <p>
     54 We have had no reports of active customer exploitation or abuse of these newly
     55 reported issues. Refer to the <a
     56 href="#mitigations">Android and Google service
     57 mitigations</a> section for details on the <a
     58 href="/security/enhancements/index.html">Android
     59 security platform protections</a> and service protections such as <a
     60 href="https://developer.android.com/training/safetynet/index.html">SafetyNet</a>,
     61 which improve the security of the Android platform.
     62 </p>
     63 <p>
     64 We encourage all customers to accept these updates to their devices.
     65 </p>
     66 <h2 id="announcements">Announcements</h2>
     67 <ul>
     68 <li>This bulletin has two security patch level strings to provide Android
     69 partners with the flexibility to more quickly fix a subset of vulnerabilities
     70 that are similar across all Android devices. See <a
     71 href="#common-questions-and-answers">Common questions and answers</a> for
     72 additional information:
     73   <ul>
     74    <li><strong>2017-02-01</strong>: Partial security patch level string. This
     75   security patch level string indicates that all issues associated with 2017-02-01
     76   (and all previous security patch level strings) are addressed.</li>
     77    <li><strong>2017-02-05</strong>: Complete security patch level string. This
     78   security patch level string indicates that all issues associated with 2017-02-01
     79   and 2017-02-05 (and all previous security patch level strings) are addressed.</li>
     80   </ul>
     81 </li>
     82 <li>Supported Google devices will receive a single OTA update with the February
     83 05, 2017 security patch level.</li>
     84 </ul>
     85 
     86 <h2 id="mitigations">Android and Google service mitigations</h2>
     87 <p>This is a summary of the mitigations provided by the <a
     88 href="/security/enhancements/index.html">Android
     89 security platform</a> and service protections, such as SafetyNet. These
     90 capabilities reduce the likelihood that security vulnerabilities could be
     91 successfully exploited on Android.</p>
     92 <ul>
     93   <li>Exploitation for many issues on Android is made more difficult by
     94   enhancements in newer versions of the Android platform. We encourage all users
     95   to update to the latest version of Android where possible.</li>
     96   <li>The Android Security team actively monitors for abuse with
     97   <a href="http://static.googleusercontent.com/media/source.android.com/en//security/reports/Google_Android_Security_2015_Report_Final.pdf">
     98   Verify Apps and SafetyNet</a>, which are designed to warn users about
     99   <a href="http://static.googleusercontent.com/media/source.android.com/en//security/reports/Google_Android_Security_PHA_classifications.pdf">
    100   Potentially Harmful Applications</a>. Verify Apps is enabled by default on devices with
    101   <a href="http://www.android.com/gms">Google Mobile Services</a> and is especially
    102   important for users who install applications from outside of Google Play. Device
    103   rooting tools are prohibited within Google Play, but Verify Apps warns users
    104   when they attempt to install a detected rooting applicationno matter where it
    105   comes from. Additionally, Verify Apps attempts to identify and block
    106   installation of known malicious applications that exploit a privilege escalation
    107   vulnerability. If such an application has already been installed, Verify Apps
    108   will notify the user and attempt to remove the detected application.</li>
    109   <li>As appropriate, Google Hangouts and Messenger applications do not
    110   automatically pass media to processes such as Mediaserver.</li>
    111 </ul>
    112 <h2 id="acknowledgements">Acknowledgements</h2>
    113 <p>
    114 We would like to thank these researchers for their contributions:
    115 </p>
    116 <ul>
    117   <li>Daniel Dakhno: CVE-2017-0420</li>
    118   <li>Daniel Micay of Copperhead Security: CVE-2017-0410</li>
    119   <li><a href="http://www.linkedin.com/in/dzima">Dzmitry Lukyanenka</a>:
    120   CVE-2017-0414</li>
    121   <li>Frank Liberato of Chrome: CVE-2017-0409</li>
    122   <li>Gal Beniamini of Project Zero: CVE-2017-0411, CVE-2017-0412</li>
    123   <li>Gengjia Chen (<a href="https://twitter.com/chengjia4574">@chengjia4574</a>)
    124   and <a href="http://weibo.com/jfpan">pjf</a> of IceSword Lab, Qihoo 360
    125   Technology Co. Ltd.: CVE-2017-0434, CVE-2017-0446, CVE-2017-0447, CVE-2017-0432</li>
    126   <li>Guang Gong () (<a href="https://twitter.com/oldfresher">@oldfresher</a>)
    127   of Alpha Team, <a href="http://www.360.com">Qihoo 360 Technology Co.Ltd</a>:
    128   CVE-2017-0415</li>
    129   <li><a href="mailto:arnow117 (a] gmail.com">Hanxiang Wen</a>,
    130  <a href="mailto:vancouverdou (a] gmail.com">Wenke Dou</a>, Mingjian Zhou (
    131  <a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>), and Xuxian Jiang
    132   of <a href="http://c0reteam.org">C0RE Team</a>: CVE-2017-0418</li>
    133   <li>Hao Chen and Guang Gong of Alpha Team, Qihoo 360 Technology Co. Ltd.:
    134   CVE-2017-0437, CVE-2017-0438, CVE-2017-0439, CVE-2016-8419, CVE-2016-8420,
    135   CVE-2016-8421, CVE-2017-0441, CVE-2017-0442, CVE-2016-8476, CVE-2017-0443</li>
    136   <li>Jeff Sharkey of Google: CVE-2017-0421, CVE-2017-0423</li>
    137   <li>Jeff Trim: CVE-2017-0422</li>
    138   <li>Jianqiang Zhao (
    139  <a href="https://twitter.com/jianqiangzhao">@jianqiangzhao</a>) and
    140  <a href="http://weibo.com/jfpan">pjf</a> of IceSword Lab, Qihoo 360: CVE-2017-0445</li>
    141   <li>ma.la and Nikolay Elenkov of LINE Corporation: CVE-2016-5552</li>
    142   <li>Max Spector of Google: CVE-2017-0416</li>
    143   <li>Mingjian Zhou (
    144  <a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>), Yuqi Lu (
    145  <a href="https://twitter.com/nikos233__">@nikos233</a>), and Xuxian Jiang of
    146  <a href="http://c0reteam.org">C0RE Team</a>: CVE-2017-0425</li>
    147   <li>Qidan He () (<a href="https://twitter.com/flanker_hqd">@flanker_hqd</a>)
    148   and Di Shen () (<a href="https://twitter.com/returnsme">@returnsme</a>) of
    149   KeenLab, Tencent (): CVE-2017-0427</li>
    150   <li>Sagi Kedmi of IBM X-Force Research: CVE-2017-0433</li>
    151   <li>Scott Bauer (<a href="http://twitter.com/ScottyBauer1">@ScottyBauer1</a>)
    152   and Daniel Micay of Copperhead Security: CVE-2017-0405</li>
    153   <li>Seven Shen (<a href="https://twitter.com/lingtongshen">@lingtongshen</a>) of
    154   Trend Micro Mobile Threat Research Team: CVE-2017-0449, CVE-2016-8418</li>
    155   <li><a href="mailto:segfault5514 (a] gmail.com">Tong Lin</a>,
    156  <a href="mailto:computernik (a] gmail.com">Yuan-Tsung Lo</a>, Chiachih Wu (
    157  <a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>), and Xuxian Jiang of
    158  <a href="http://c0reteam.org">C0RE Team</a>: CVE-2017-0436, CVE-2016-8481, CVE-2017-0435</li>
    159   <li>V.E.O (<a href="https://twitter.com/vysea">@VYSEa</a>) of
    160  <a href="http://blog.trendmicro.com/trendlabs-security-intelligence/category/mobile">Mobile
    161   Threat Response Team</a>, <a href="http://www.trendmicro.com">Trend Micro</a>:
    162   CVE-2017-0424</li>
    163   <li>Weichao Sun (<a href="https://twitter.com/sunblate">@sunblate</a>) of
    164   Alibaba Inc.: CVE-2017-0407</li>
    165   <li><a href="mailto:vancouverdou (a] gmail.com">Wenke Dou</a>,
    166  <a href="mailto:hlhan (a] bupt.edu.cn">Hongli Han</a>, Mingjian Zhou (
    167  <a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>), and Xuxian Jiang
    168   of <a href="http://c0reteam.org">C0RE Team</a>: CVE-2017-0450</li>
    169   <li><a href="mailto:vancouverdou (a] gmail.com">Wenke Dou</a>, Yuqi Lu (
    170  <a href="https://twitter.com/nikos233__">@nikos233</a>), Mingjian Zhou (
    171  <a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>), and Xuxian Jiang
    172   of <a href="http://c0reteam.org">C0RE Team</a>: CVE-2017-0417</li>
    173   <li>Wish Wu (<a href="https://twitter.com/wish_wu">@wish_wu</a>) (
    174  <a href="http://www.weibo.com/wishlinux"></a> ) of Ant-financial Light-Year
    175   Security Lab: CVE-2017-0408</li>
    176   <li><a href="mailto:yaojun8558363 (a] gmail.com">Yao Jun</a>,
    177  <a href="mailto:computernik (a] gmail.com">Yuan-Tsung Lo</a>, Chiachih Wu (
    178  <a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>), and Xuxian Jiang of
    179  <a href="http://c0reteam.org">C0RE Team</a>: CVE-2016-8480</li>
    180   <li><a href="mailto:computernik (a] gmail.com">Yuan-Tsung Lo</a>, Chiachih Wu (
    181  <a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>), and Xuxian Jiang of
    182  <a href="http://c0reteam.org">C0RE Team</a>: CVE-2017-0444</li>
    183   <li><a href="mailto:computernik (a] gmail.com">Yuan-Tsung Lo</a>,
    184  <a href="mailto:segfault5514 (a] gmail.com">Tong Lin</a>, Chiachih Wu (
    185  <a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>), and Xuxian Jiang of
    186  <a href="http://c0reteam.org">C0RE Team</a>: CVE-2017-0428</li>
    187   <li><a href="mailto:computernik (a] gmail.com">Yuan-Tsung Lo</a>,
    188  <a href="mailto:wisedd (a] gmail.com">Xiaodong Wang</a>, Chiachih Wu (
    189  <a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>), and Xuxian Jiang of
    190  <a href="http://c0reteam.org">C0RE Team</a>: CVE-2017-0448, CVE-2017-0429</li>
    191   <li><a href="mailto:zhouzhenster (a] gmail.com">Zhen Zhou</a> (
    192  <a href="https://twitter.com/henices">@henices</a>) and
    193  <a href="mailto:sundaywind2004 (a] gmail.com">Zhixin Li</a> of
    194  <a href="http://www.nsfocus.com">NSFocus</a>: CVE-2017-0406</li>
    195 </ul>
    196 <p>
    197 We would also like to thank the following for their contributions to this
    198 bulletin:
    199 </p><ul>
    200 <li>Pengfei Ding (), Chenfu Bao (), and Lenx Wei () of Baidu X-Lab
    201 ()</li>
    202 </ul>
    203 
    204 <h2 id="2017-02-01-details">2017-02-01 security patch levelVulnerability
    205 details</h2>
    206 <p>
    207 In the sections below, we provide details for each of the security
    208 vulnerabilities that apply to the 2017-02-01 patch level. There is a description
    209 of the issue, a severity rationale, and a table with the CVE, associated
    210 references, severity, updated Google devices, updated AOSP versions (where
    211 applicable), and date reported. When available, we will link the public change
    212 that addressed the issue to the bug ID, like the AOSP change list. When multiple
    213 changes relate to a single bug, additional references are linked to numbers
    214 following the bug ID.</p>
    215 
    216 
    217 <h3 id="rce-in-surfaceflinger">Remote code execution vulnerability in
    218 Surfaceflinger</h3>
    219 <p>
    220 A remote code execution vulnerability in Surfaceflinger could enable an
    221 attacker using a specially crafted file to cause memory corruption during media
    222 file and data processing. This issue is rated as Critical due to the
    223 possibility of remote code execution within the context of the Surfaceflinger
    224 process.
    225 </p>
    226 
    227 <table>
    228   <col width="18%">
    229   <col width="17%">
    230   <col width="10%">
    231   <col width="19%">
    232   <col width="18%">
    233   <col width="17%">
    234   <tr>
    235     <th>CVE</th>
    236     <th>References</th>
    237     <th>Severity</th>
    238     <th>Updated Google devices</th>
    239     <th>Updated AOSP versions</th>
    240     <th>Date reported</th>
    241   </tr>
    242   <tr>
    243     <td>CVE-2017-0405</td>
    244     <td><a href="https://android.googlesource.com/platform/frameworks/native/+/16110b86db164e8d2b6864fed58f0385fe7d0979">
    245     A-31960359</a></td>
    246     <td>Critical</td>
    247     <td>All</td>
    248     <td>7.0, 7.1.1</td>
    249     <td>Oct 4, 2016</td>
    250   </tr>
    251 </table>
    252 
    253 
    254 <h3 id="rce-in-mediaserver">Remote code execution vulnerability in
    255 Mediaserver</h3>
    256 <p>
    257 A remote code execution vulnerability in Mediaserver could enable an attacker
    258 using a specially crafted file to cause memory corruption during media file and
    259 data processing. This issue is rated as Critical due to the possibility of
    260 remote code execution within the context of the Mediaserver process.
    261 </p>
    262 
    263 <table>
    264   <col width="18%">
    265   <col width="17%">
    266   <col width="10%">
    267   <col width="19%">
    268   <col width="18%">
    269   <col width="17%">
    270   <tr>
    271     <th>CVE</th>
    272     <th>References</th>
    273     <th>Severity</th>
    274     <th>Updated Google devices</th>
    275     <th>Updated AOSP versions</th>
    276     <th>Date reported</th>
    277   </tr>
    278   <tr>
    279     <td>CVE-2017-0406</td>
    280     <td><a href="https://android.googlesource.com/platform/external/libhevc/+/fed702734d86801cc86b4865a57e2f2028c4b575">
    281     A-32915871</a>
    282 [<a href="https://android.googlesource.com/platform/external/libhevc/+/df7b56457184600e3d2b7cbac87ebe7001f7cb48">2</a>]</td>
    283     <td>Critical</td>
    284     <td>All</td>
    285     <td>6.0, 6.0.1, 7.0, 7.1.1</td>
    286     <td>Nov 14, 2016</td>
    287   </tr>
    288   <tr>
    289     <td>CVE-2017-0407</td>
    290     <td><a href="https://android.googlesource.com/platform/external/libhevc/+/7546c106004910a4583b2d7d03c6498ecf383da7">
    291     A-32873375</a></td>
    292     <td>Critical</td>
    293     <td>All</td>
    294     <td>6.0, 6.0.1, 7.0, 7.1.1</td>
    295     <td>Nov 12, 2016</td>
    296   </tr>
    297 </table>
    298 
    299 
    300 <h3 id="rce-in-libgdx">Remote code execution vulnerability in libgdx</h3>
    301 <p>
    302 A remote code execution vulnerability in libgdx could enable an attacker using
    303 a specially crafted file to execute arbitrary code in the context of an
    304 unprivileged process. This issue is rated as High due to the possibility of
    305 remote code execution in an application that uses this library.
    306 </p>
    307 
    308 <table>
    309   <col width="18%">
    310   <col width="17%">
    311   <col width="10%">
    312   <col width="19%">
    313   <col width="18%">
    314   <col width="17%">
    315   <tr>
    316     <th>CVE</th>
    317     <th>References</th>
    318     <th>Severity</th>
    319     <th>Updated Google devices</th>
    320     <th>Updated AOSP versions</th>
    321     <th>Date reported</th>
    322   </tr>
    323   <tr>
    324     <td>CVE-2017-0408</td>
    325     <td><a href="https://android.googlesource.com/platform/external/libgdx/+/e6da772e70c9754966aabf4ddac73bb99eb1742b">
    326     A-32769670</a></td>
    327     <td>High</td>
    328     <td>All</td>
    329     <td>7.1.1</td>
    330     <td>Nov 9, 2016</td>
    331   </tr>
    332 </table>
    333 
    334 
    335 <h3 id="rce-in-libstagefright">Remote code execution vulnerability in
    336 libstagefright</h3>
    337 <p>
    338 A remote code execution vulnerability in libstagefright could enable an
    339 attacker using a specially crafted file to execute arbitrary code in the
    340 context of an unprivileged process. This issue is rated as High due to the
    341 possibility of remote code execution in an application that uses this library.
    342 </p>
    343 
    344 <table>
    345   <col width="18%">
    346   <col width="17%">
    347   <col width="10%">
    348   <col width="19%">
    349   <col width="18%">
    350   <col width="17%">
    351   <tr>
    352     <th>CVE</th>
    353     <th>References</th>
    354     <th>Severity</th>
    355     <th>Updated Google devices</th>
    356     <th>Updated AOSP versions</th>
    357     <th>Date reported</th>
    358   </tr>
    359   <tr>
    360     <td>CVE-2017-0409</td>
    361     <td><a href="https://android.googlesource.com/platform/external/libavc/+/72886b6964f6539908c8e127cd13c3091d2e5a8b">
    362     A-31999646</a></td>
    363     <td>High</td>
    364     <td>All</td>
    365     <td>6.0, 6.0.1, 7.0, 7.1.1</td>
    366     <td>Google internal</td>
    367   </tr>
    368 </table>
    369 
    370 
    371 <h3 id="eop-in-java.net">Elevation of privilege vulnerability in Java.Net</h3>
    372 <p>
    373 An elevation of privilege in the Java.Net library could enable malicious web
    374 content to redirect a user to another website without explicit permission. This
    375 issue is rated as High because it is a remote bypass of user interaction
    376 requirements.
    377 </p>
    378 
    379 <table>
    380   <col width="18%">
    381   <col width="17%">
    382   <col width="10%">
    383   <col width="19%">
    384   <col width="18%">
    385   <col width="17%">
    386   <tr>
    387     <th>CVE</th>
    388     <th>References</th>
    389     <th>Severity</th>
    390     <th>Updated Google devices</th>
    391     <th>Updated AOSP versions</th>
    392     <th>Date reported</th>
    393   </tr>
    394   <tr>
    395     <td>CVE-2016-5552</td>
    396     <td><a href="https://android.googlesource.com/platform/libcore/+/4b3f2c6c5b84f80fae8eeeb46727811e055715ea">
    397     A-31858037</a></td>
    398     <td>High</td>
    399     <td>All</td>
    400     <td>7.0, 7.1.1</td>
    401     <td>Sep 30, 2016</td>
    402   </tr>
    403 </table>
    404 
    405 
    406 <h3 id="eop-in-framework-apis">Elevation of privilege vulnerability in
    407 Framework APIs</h3>
    408 <p>
    409 An elevation of privilege vulnerability in the Framework APIs could enable a
    410 local malicious application to execute arbitrary code within the context of a
    411 privileged process. This issue is rated as High because it could be used to
    412 gain local access to elevated capabilities, which are not normally accessible
    413 to a third-party application.
    414 </p>
    415 
    416 <table>
    417   <col width="18%">
    418   <col width="17%">
    419   <col width="10%">
    420   <col width="19%">
    421   <col width="18%">
    422   <col width="17%">
    423   <tr>
    424     <th>CVE</th>
    425     <th>References</th>
    426     <th>Severity</th>
    427     <th>Updated Google devices</th>
    428     <th>Updated AOSP versions</th>
    429     <th>Date reported</th>
    430   </tr>
    431   <tr>
    432     <td>CVE-2017-0410</td>
    433     <td><a href="https://android.googlesource.com/platform/frameworks/native/+/b4d6b292bce7d82c93fd454078dedf5a1302b9fa">
    434     A-31929765</a></td>
    435     <td>High</td>
    436     <td>All</td>
    437     <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td>
    438     <td>Oct 2, 2016</td>
    439   </tr>
    440   <tr>
    441     <td>CVE-2017-0411</td>
    442     <td><a href="https://android.googlesource.com/platform/frameworks/base/+/203725e4d58e16334d84998c1483c374f541ed9f">
    443     A-33042690</a>
    444 [<a href="https://android.googlesource.com/platform/frameworks/base/+/31a06019d13d7b00ca35fc8512191c643acb8e84">2</a>]</td>
    445     <td>High</td>
    446     <td>All</td>
    447     <td>7.0, 7.1.1</td>
    448     <td>Nov 21, 2016</td>
    449   </tr>
    450   <tr>
    451     <td>CVE-2017-0412</td>
    452     <td><a href="https://android.googlesource.com/platform/frameworks/base/+/203725e4d58e16334d84998c1483c374f541ed9f">
    453     A-33039926</a>
    454 [<a href="https://android.googlesource.com/platform/frameworks/base/+/31a06019d13d7b00ca35fc8512191c643acb8e84">2</a>]</td>
    455     <td>High</td>
    456     <td>All</td>
    457     <td>7.0, 7.1.1</td>
    458     <td>Nov 21, 2016</td>
    459   </tr>
    460 </table>
    461 
    462 <h3 id="eop-in-mediaserver">Elevation of privilege vulnerability in
    463 Mediaserver</h3>
    464 <p>
    465 An elevation of privilege vulnerability in Mediaserver could enable a local
    466 malicious application to execute arbitrary code within the context of a
    467 privileged process. This issue is rated as High because it could be used to
    468 gain local access to elevated capabilities, which are not normally accessible
    469 to a third-party application.
    470 </p>
    471 
    472 <table>
    473   <col width="18%">
    474   <col width="17%">
    475   <col width="10%">
    476   <col width="19%">
    477   <col width="18%">
    478   <col width="17%">
    479   <tr>
    480     <th>CVE</th>
    481     <th>References</th>
    482     <th>Severity</th>
    483     <th>Updated Google devices</th>
    484     <th>Updated AOSP versions</th>
    485     <th>Date reported</th>
    486   </tr>
    487   <tr>
    488     <td>CVE-2017-0415</td>
    489     <td><a href="https://android.googlesource.com/platform/frameworks/native/+/2e16d5fac149dab3c3e8f1b2ca89f45cf55a7b34">
    490     A-32706020</a></td>
    491     <td>High</td>
    492     <td>All</td>
    493     <td>6.0, 6.0.1, 7.0, 7.1.1</td>
    494     <td>Nov 4, 2016</td>
    495   </tr>
    496 </table>
    497 
    498 
    499 <h3 id="eop-in-audioserver">Elevation of privilege vulnerability in
    500 Audioserver</h3>
    501 <p>
    502 An elevation of privilege vulnerability in Audioserver could enable a local
    503 malicious application to execute arbitrary code within the context of a
    504 privileged process. This issue is rated as High because it could be used to
    505 gain local access to elevated capabilities, which are not normally accessible
    506 to a third-party application.
    507 </p>
    508 
    509 <table>
    510   <col width="18%">
    511   <col width="17%">
    512   <col width="10%">
    513   <col width="19%">
    514   <col width="18%">
    515   <col width="17%">
    516   <tr>
    517     <th>CVE</th>
    518     <th>References</th>
    519     <th>Severity</th>
    520     <th>Updated Google devices</th>
    521     <th>Updated AOSP versions</th>
    522     <th>Date reported</th>
    523   </tr>
    524   <tr>
    525     <td>CVE-2017-0416</td>
    526     <td><a href="https://android.googlesource.com/platform/frameworks/av/+/b0bcddb44d992e74140a3f5eedc7177977ea8e34">
    527     A-32886609</a>
    528  [<a href="https://android.googlesource.com/platform/frameworks/av/+/321ea5257e37c8edb26e66fe4ee78cca4cd915fe">2</a>]</td>
    529     <td>High</td>
    530     <td>All</td>
    531     <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td>
    532     <td>Google internal</td>
    533   </tr>
    534   <tr>
    535     <td>CVE-2017-0417</td>
    536     <td><a href="https://android.googlesource.com/platform/frameworks/av/+/b0bcddb44d992e74140a3f5eedc7177977ea8e34">
    537     A-32705438</a></td>
    538     <td>High</td>
    539     <td>All</td>
    540     <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td>
    541     <td>Nov 7, 2016</td>
    542   </tr>
    543   <tr>
    544     <td>CVE-2017-0418</td>
    545     <td><a href="https://android.googlesource.com/platform/frameworks/av/+/b0bcddb44d992e74140a3f5eedc7177977ea8e34">
    546     A-32703959</a>
    547 [<a href="https://android.googlesource.com/platform/hardware/libhardware/+/534098cb29e1e4151ba2ed83d6a911d0b6f48522">2</a>]</td>
    548     <td>High</td>
    549     <td>All</td>
    550     <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td>
    551     <td>Nov 7, 2016</td>
    552   </tr>
    553   <tr>
    554     <td>CVE-2017-0419</td>
    555     <td><a href="https://android.googlesource.com/platform/frameworks/av/+/a155de4d70e0b9ac8fc02b2bdcbb2e8e6cca46ff">
    556     A-32220769</a></td>
    557     <td>High</td>
    558     <td>All</td>
    559     <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td>
    560     <td>Oct 15, 2016</td>
    561   </tr>
    562 </table>
    563 
    564 <h3 id="id-in-aosp-mail">Information disclosure vulnerability in AOSP Mail</h3>
    565 <p>
    566 An information disclosure vulnerability in AOSP Mail could enable a local
    567 malicious application to bypass operating system protections that isolate
    568 application data from other applications. This issue is rated as High because
    569 it could be used to gain access to data that the application does not have
    570 access to.
    571 </p>
    572 
    573 <table>
    574   <col width="18%">
    575   <col width="17%">
    576   <col width="10%">
    577   <col width="19%">
    578   <col width="18%">
    579   <col width="17%">
    580   <tr>
    581     <th>CVE</th>
    582     <th>References</th>
    583     <th>Severity</th>
    584     <th>Updated Google devices</th>
    585     <th>Updated AOSP versions</th>
    586     <th>Date reported</th>
    587   </tr>
    588   <tr>
    589     <td>CVE-2017-0420</td>
    590     <td><a href="https://android.googlesource.com/platform/packages/apps/UnifiedEmail/+/2073799a165e6aa15117f8ad76bb0c7618b13909">
    591     A-32615212</a></td>
    592     <td>High</td>
    593     <td>All</td>
    594     <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td>
    595     <td>Sep 12, 2016</td>
    596   </tr>
    597 </table>
    598 
    599 
    600 <h3 id="id-in-aosp-messaging">Information disclosure vulnerability in AOSP
    601 Messaging</h3>
    602 <p>
    603 An information disclosure vulnerability in AOSP Messaging could enable a local
    604 malicious application to bypass operating system protections that isolate
    605 application data from other applications. This issue is rated as High because
    606 it could be used to gain access to data that the application does not have
    607 access to.
    608 </p>
    609 
    610 <table>
    611   <col width="18%">
    612   <col width="17%">
    613   <col width="10%">
    614   <col width="19%">
    615   <col width="18%">
    616   <col width="17%">
    617   <tr>
    618     <th>CVE</th>
    619     <th>References</th>
    620     <th>Severity</th>
    621     <th>Updated Google devices</th>
    622     <th>Updated AOSP versions</th>
    623     <th>Date reported</th>
    624   </tr>
    625   <tr>
    626     <td>CVE-2017-0413</td>
    627     <td><a href="https://android.googlesource.com/platform/packages/apps/Messaging/+/74059eb379ea07b9c7f46bf2112a60de8e4cfc8e">
    628     A-32161610</a></td>
    629     <td>High</td>
    630     <td>All</td>
    631     <td>6.0, 6.0.1, 7.0, 7.1.1</td>
    632     <td>Oct 13, 2016</td>
    633   </tr>
    634   <tr>
    635     <td>CVE-2017-0414</td>
    636     <td><a href="https://android.googlesource.com/platform/packages/apps/Messaging/+/30ab77f42d20c33c0aa9e6ffd2b164d096db32dd">
    637     A-32807795</a></td>
    638     <td>High</td>
    639     <td>All</td>
    640     <td>6.0, 6.0.1, 7.0, 7.1.1</td>
    641     <td>Nov 10, 2016</td>
    642   </tr>
    643 </table>
    644 
    645 
    646 <h3 id="id-in-framework-apis">Information disclosure vulnerability in Framework
    647 APIs</h3>
    648 <p>
    649 An information disclosure vulnerability in the Framework APIs could enable a
    650 local malicious application to bypass operating system protections that isolate
    651 application data from other applications. This issue is rated as High because
    652 it could be used to gain access to data that the application does not have
    653 access to.
    654 </p>
    655 
    656 <table>
    657   <col width="18%">
    658   <col width="17%">
    659   <col width="10%">
    660   <col width="19%">
    661   <col width="18%">
    662   <col width="17%">
    663   <tr>
    664     <th>CVE</th>
    665     <th>References</th>
    666     <th>Severity</th>
    667     <th>Updated Google devices</th>
    668     <th>Updated AOSP versions</th>
    669     <th>Date reported</th>
    670   </tr>
    671   <tr>
    672     <td>CVE-2017-0421</td>
    673     <td><a href="https://android.googlesource.com/platform/frameworks/base/+/858064e946dc8dbf76bff9387e847e211703e336">
    674     A-32555637</a></td>
    675     <td>High</td>
    676     <td>All</td>
    677     <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td>
    678     <td>Google internal</td>
    679   </tr>
    680 </table>
    681 
    682 
    683 <h3 id="dos-in-bionic-dns">Denial of service vulnerability in Bionic DNS</h3>
    684 <p>
    685 A denial of service vulnerability in Bionic DNS could enable a remote attacker
    686 to use a specially crafted network packet to cause a device hang or reboot.
    687 This issue is rated as High due to the possibility of remote denial of service.
    688 
    689 </p>
    690 
    691 <table>
    692   <col width="18%">
    693   <col width="17%">
    694   <col width="10%">
    695   <col width="19%">
    696   <col width="18%">
    697   <col width="17%">
    698   <tr>
    699     <th>CVE</th>
    700     <th>References</th>
    701     <th>Severity</th>
    702     <th>Updated Google devices</th>
    703     <th>Updated AOSP versions</th>
    704     <th>Date reported</th>
    705   </tr>
    706   <tr>
    707     <td>CVE-2017-0422</td>
    708     <td><a href="https://android.googlesource.com/platform/bionic/+/dba3df609436d7697305735818f0a840a49f1a0d">
    709     A-32322088</a></td>
    710     <td>High</td>
    711     <td>All</td>
    712     <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td>
    713     <td>Oct 20, 2016</td>
    714   </tr>
    715 </table>
    716 
    717 
    718 <h3 id="eop-in-bluetooth">Elevation of privilege vulnerability in
    719 Bluetooth</h3>
    720 <p>
    721 An elevation of privilege vulnerability in Bluetooth could enable a proximate
    722 attacker to manage access to documents on the device. This issue is rated as
    723 Moderate because it first requires exploitation of a separate vulnerability in
    724 the Bluetooth stack.
    725 </p>
    726 
    727 <table>
    728   <col width="18%">
    729   <col width="17%">
    730   <col width="10%">
    731   <col width="19%">
    732   <col width="18%">
    733   <col width="17%">
    734   <tr>
    735     <th>CVE</th>
    736     <th>References</th>
    737     <th>Severity</th>
    738     <th>Updated Google devices</th>
    739     <th>Updated AOSP versions</th>
    740     <th>Date reported</th>
    741   </tr>
    742   <tr>
    743     <td>CVE-2017-0423</td>
    744     <td><a href="https://android.googlesource.com/platform/packages/apps/Bluetooth/+/4c1f39e1cf203cb9db7b85e75b5fc32ec7132083">
    745     A-32612586</a></td>
    746     <td>Moderate</td>
    747     <td>All</td>
    748     <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td>
    749     <td>Nov 2, 2016</td>
    750   </tr>
    751 </table>
    752 
    753 
    754 <h3 id="id-in-aosp-messaging-2">Information disclosure vulnerability in AOSP
    755 Messaging</h3>
    756 <p>
    757 An information disclosure vulnerability in AOSP Messaging could enable a remote
    758 attacker using a special crafted file to access data outside of its permission
    759 levels. This issue is rated as Moderate because it is a general bypass for a
    760 user level defense in depth or exploit mitigation technology in a privileged
    761 process.
    762 </p>
    763 
    764 <table>
    765   <col width="18%">
    766   <col width="17%">
    767   <col width="10%">
    768   <col width="19%">
    769   <col width="18%">
    770   <col width="17%">
    771   <tr>
    772     <th>CVE</th>
    773     <th>References</th>
    774     <th>Severity</th>
    775     <th>Updated Google devices</th>
    776     <th>Updated AOSP versions</th>
    777     <th>Date reported</th>
    778   </tr>
    779   <tr>
    780     <td>CVE-2017-0424</td>
    781     <td><a href="https://android.googlesource.com/platform/packages/apps/Messaging/+/e9b7e3a6b7a8886693d298401a20788816a5afdc">
    782     A-32322450</a></td>
    783     <td>Moderate</td>
    784     <td>All</td>
    785     <td>6.0, 6.0.1, 7.0, 7.1.1</td>
    786     <td>Oct 20, 2016</td>
    787   </tr>
    788 </table>
    789 
    790 
    791 <h3 id="id-in-audioserver">Information disclosure vulnerability in
    792 Audioserver</h3>
    793 <p>
    794 An information disclosure vulnerability in Audioserver could enable a local
    795 malicious application to access data outside of its permission levels. This
    796 issue is rated as Moderate because it could be used to access sensitive data
    797 without permission.
    798 </p>
    799 
    800 <table>
    801   <col width="18%">
    802   <col width="17%">
    803   <col width="10%">
    804   <col width="19%">
    805   <col width="18%">
    806   <col width="17%">
    807   <tr>
    808     <th>CVE</th>
    809     <th>References</th>
    810     <th>Severity</th>
    811     <th>Updated Google devices</th>
    812     <th>Updated AOSP versions</th>
    813     <th>Date reported</th>
    814   </tr>
    815   <tr>
    816     <td>CVE-2017-0425</td>
    817     <td><a href="https://android.googlesource.com/platform/frameworks/av/+/a155de4d70e0b9ac8fc02b2bdcbb2e8e6cca46ff">
    818     A-32720785</a></td>
    819     <td>Moderate</td>
    820     <td>All</td>
    821     <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td>
    822     <td>Nov 7, 2016</td>
    823   </tr>
    824 </table>
    825 
    826 
    827 <h3 id="id-in-filesystem">Information disclosure vulnerability in
    828 Filesystem</h3>
    829 <p>
    830 An information disclosure vulnerability in the Filesystem could enable a local
    831 malicious application to access data outside of its permission levels. This
    832 issue is rated as Moderate because it could be used to access sensitive data
    833 without permission.
    834 </p>
    835 
    836 <table>
    837   <col width="18%">
    838   <col width="17%">
    839   <col width="10%">
    840   <col width="19%">
    841   <col width="18%">
    842   <col width="17%">
    843   <tr>
    844     <th>CVE</th>
    845     <th>References</th>
    846     <th>Severity</th>
    847     <th>Updated Google devices</th>
    848     <th>Updated AOSP versions</th>
    849     <th>Date reported</th>
    850   </tr>
    851   <tr>
    852     <td>CVE-2017-0426</td>
    853     <td><a href="https://android.googlesource.com/platform/system/sepolicy/+/ae46511bfa62b56938b3df824bb2ee737dceaa7a">
    854     A-32799236</a>
    855 [<a href="https://android.googlesource.com/platform/system/core/+/0e7324e9095a209d4f06ba00812b2b2976fe2846">2</a>]</td>
    856     <td>Moderate</td>
    857     <td>All</td>
    858     <td>7.0, 7.1.1</td>
    859     <td>Google internal</td>
    860   </tr>
    861 </table>
    862 
    863 
    864 <h2 id="2017-02-05-details">2017-02-05 security patch levelVulnerability
    865 details</h2>
    866 <p>
    867 In the sections below, we provide details for each of the security
    868 vulnerabilities that apply to the 2017-02-05 patch level. 
    869 There is a description of
    870 the issue, a severity rationale, and a table with the CVE, associated
    871 references, severity, updated Google devices, updated AOSP versions (where
    872 applicable), and date reported. When available, we will link the public change
    873 that addressed the issue to the bug ID, like the AOSP change list. When multiple
    874 changes relate to a single bug, additional references are linked to numbers
    875 following the bug ID.</p>
    876 
    877 
    878 <h3 id="rce-in-qualcomm-crypto-driver">Remote code execution vulnerability in
    879 Qualcomm crypto driver</h3>
    880 <p>
    881 A remote code execution vulnerability in the Qualcomm crypto driver could
    882 enable a remote attacker to execute arbitrary code within the context of the
    883 kernel. This issue is rated as Critical due to the possibility of remote code
    884 execution in the context of the kernel.
    885 </p>
    886 
    887 <table>
    888   <col width="19%">
    889   <col width="20%">
    890   <col width="10%">
    891   <col width="23%">
    892   <col width="17%">
    893   <tr>
    894     <th>CVE</th>
    895     <th>References</th>
    896     <th>Severity</th>
    897     <th>Updated Google devices</th>
    898     <th>Date reported</th>
    899   </tr>
    900   <tr>
    901     <td>CVE-2016-8418</td>
    902     <td>A-32652894<br>
    903         <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=8f8066581a8e575a7d57d27f36c4db63f91ca48f">
    904 QC-CR#1077457</a></td>
    905     <td>Critical</td>
    906     <td>None*</td>
    907     <td>Oct 10, 2016</td>
    908   </tr>
    909 </table>
    910 <p>
    911 * Supported Google devices on Android 7.0 or later that have installed all
    912 available updates are not affected by this vulnerability.
    913 </p>
    914 
    915 
    916 <h3 id="eop-in-kernel-file-system">Elevation of privilege vulnerability in
    917 kernel file system</h3>
    918 <p>
    919 An elevation of privilege vulnerability in the kernel file system could enable
    920 a local malicious application to execute arbitrary code within the context of
    921 the kernel. This issue is rated as Critical due to the possibility of a local
    922 permanent device compromise, which may require reflashing the operating system
    923 to repair the device.
    924 </p>
    925 
    926 <table>
    927   <col width="19%">
    928   <col width="20%">
    929   <col width="10%">
    930   <col width="23%">
    931   <col width="17%">
    932   <tr>
    933     <th>CVE</th>
    934     <th>References</th>
    935     <th>Severity</th>
    936     <th>Updated Google devices</th>
    937     <th>Date reported</th>
    938   </tr>
    939   <tr>
    940     <td>CVE-2017-0427</td>
    941     <td>A-31495866*</td>
    942     <td>Critical</td>
    943     <td>Nexus 5X, Nexus 6, Nexus 6P, Nexus 9, Android One, Pixel C, Nexus
    944 Player, Pixel, Pixel XL</td>
    945     <td>Sep 13, 2016</td>
    946   </tr>
    947 </table>
    948 <p>
    949 * The patch for this issue is not publicly available. The update is contained
    950 in the latest binary drivers for Nexus devices available from the
    951 <a href="https://developers.google.com/android/nexus/drivers">
    952 Google Developer site</a>.
    953 </p>
    954 
    955 
    956 <h3 id="eop-in-nvidia-gpu-driver">Elevation of privilege vulnerability in
    957 NVIDIA GPU driver</h3>
    958 <p>
    959 An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a
    960 local malicious application to execute arbitrary code within the context of the
    961 kernel. This issue is rated as Critical due to the possibility of a local
    962 permanent device compromise, which may require reflashing the operating system
    963 to repair the device.
    964 </p>
    965 
    966 <table>
    967   <col width="19%">
    968   <col width="20%">
    969   <col width="10%">
    970   <col width="23%">
    971   <col width="17%">
    972   <tr>
    973     <th>CVE</th>
    974     <th>References</th>
    975     <th>Severity</th>
    976     <th>Updated Google devices</th>
    977     <th>Date reported</th>
    978   </tr>
    979   <tr>
    980     <td>CVE-2017-0428</td>
    981     <td>A-32401526*<br>
    982         N-CVE-2017-0428</td>
    983     <td>Critical</td>
    984     <td>Nexus 9</td>
    985     <td>Oct 25, 2016</td>
    986   </tr>
    987   <tr>
    988     <td>CVE-2017-0429</td>
    989     <td>A-32636619*<br>
    990         N-CVE-2017-0429</td>
    991     <td>Critical</td>
    992     <td>Nexus 9</td>
    993     <td>Nov 3, 2016</td>
    994   </tr>
    995 </table>
    996 <p>
    997 * The patch for this issue is not publicly available. The update is contained
    998 in the latest binary drivers for Nexus devices available from the
    999 <a href="https://developers.google.com/android/nexus/drivers">
   1000 Google Developer site</a>.
   1001 </p>
   1002 
   1003 
   1004 <h3 id="eop-in-kernel-networking-subsystem">Elevation of privilege
   1005 vulnerability in kernel networking subsystem</h3>
   1006 <p>
   1007 An elevation of privilege vulnerability in the kernel networking subsystem
   1008 could enable a local malicious application to execute arbitrary code within the
   1009 context of the kernel. This issue is rated as Critical due to the possibility
   1010 of a local permanent device compromise, which may require reflashing the
   1011 operating system to repair the device.
   1012 </p>
   1013 
   1014 <table>
   1015   <col width="19%">
   1016   <col width="20%">
   1017   <col width="10%">
   1018   <col width="23%">
   1019   <col width="17%">
   1020   <tr>
   1021     <th>CVE</th>
   1022     <th>References</th>
   1023     <th>Severity</th>
   1024     <th>Updated Google devices</th>
   1025     <th>Date reported</th>
   1026   </tr>
   1027   <tr>
   1028     <td>CVE-2014-9914</td>
   1029     <td>A-32882659<br>
   1030         <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9709674e68646cee5a24e3000b3558d25412203a">
   1031 Upstream kernel</a></td>
   1032     <td>Critical</td>
   1033     <td>Nexus 6, Nexus Player</td>
   1034     <td>Nov 9, 2016</td>
   1035   </tr>
   1036 </table>
   1037 
   1038 
   1039 <h3 id="eop-in-broadcom-wi-fi-driver">Elevation of privilege vulnerability in
   1040 Broadcom Wi-Fi driver</h3>
   1041 <p>
   1042 An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could
   1043 enable a local malicious application to execute arbitrary code within the
   1044 context of the kernel. This issue is rated as Critical due to the possibility
   1045 of a local permanent device compromise, which may require reflashing the
   1046 operating system to repair the device.
   1047 </p>
   1048 
   1049 <table>
   1050   <col width="19%">
   1051   <col width="20%">
   1052   <col width="10%">
   1053   <col width="23%">
   1054   <col width="17%">
   1055   <tr>
   1056     <th>CVE</th>
   1057     <th>References</th>
   1058     <th>Severity</th>
   1059     <th>Updated Google devices</th>
   1060     <th>Date reported</th>
   1061   </tr>
   1062   <tr>
   1063     <td>CVE-2017-0430</td>
   1064     <td>A-32838767*<br>
   1065         B-RB#107459</td>
   1066     <td>Critical</td>
   1067     <td>Nexus 6, Nexus 6P, Nexus 9, Pixel C, Nexus Player</td>
   1068     <td>Google internal</td>
   1069   </tr>
   1070 </table>
   1071 <p>
   1072 * The patch for this issue is not publicly available. The update is contained
   1073 in the latest binary drivers for Nexus devices available from the
   1074 <a href="https://developers.google.com/android/nexus/drivers">
   1075 Google Developer site</a>.
   1076 </p>
   1077 
   1078 
   1079 <h3 id="vulnerabilities-in-qualcomm-components">Vulnerabilities in Qualcomm
   1080 components</h3>
   1081 <p>
   1082 The following vulnerability affects Qualcomm components and is described in
   1083 further detail in Qualcomm AMSS September 2016 security bulletin.
   1084 </p>
   1085 
   1086 <table>
   1087   <col width="19%">
   1088   <col width="20%">
   1089   <col width="10%">
   1090   <col width="23%">
   1091   <col width="17%">
   1092   <tr>
   1093     <th>CVE</th>
   1094     <th>References</th>
   1095     <th>Severity*</th>
   1096     <th>Updated Google devices</th>
   1097     <th>Date reported</th>
   1098   </tr>
   1099   <tr>
   1100     <td>CVE-2017-0431</td>
   1101     <td>A-32573899**</td>
   1102     <td>Critical</td>
   1103     <td>None***</td>
   1104     <td>Qualcomm internal</td>
   1105   </tr>
   1106 </table>
   1107 <p>
   1108 * The severity rating for these vulnerabilities was determined by the vendor.
   1109 </p>
   1110 <p>
   1111 ** The patch for this issue is not publicly available. The update is contained
   1112 in the latest binary drivers for Nexus devices available from the
   1113 <a href="https://developers.google.com/android/nexus/drivers">
   1114 Google Developer site</a>.
   1115 </p>
   1116 <p>
   1117 *** Supported Google devices on Android 7.0 or later that have installed all
   1118 available updates are not affected by this vulnerability.
   1119 </p>
   1120 
   1121 
   1122 <h3 id="eop-in-mediatek-driver">Elevation of privilege vulnerability in
   1123 MediaTek driver</h3>
   1124 <p>
   1125 An elevation of privilege vulnerability in the MediaTek driver could enable a
   1126 local malicious application to execute arbitrary code within the context of the
   1127 kernel. This issue is rated as High because it first requires compromising a
   1128 privileged process.
   1129 </p>
   1130 
   1131 <table>
   1132   <col width="19%">
   1133   <col width="20%">
   1134   <col width="10%">
   1135   <col width="23%">
   1136   <col width="17%">
   1137   <tr>
   1138     <th>CVE</th>
   1139     <th>References</th>
   1140     <th>Severity</th>
   1141     <th>Updated Google devices</th>
   1142     <th>Date reported</th>
   1143   </tr>
   1144   <tr>
   1145     <td>CVE-2017-0432</td>
   1146     <td>A-28332719*<br>
   1147         M-ALPS02708925</td>
   1148     <td>High</td>
   1149     <td>None**</td>
   1150     <td>Apr 21, 2016</td>
   1151   </tr>
   1152 </table>
   1153 <p>
   1154 * The patch for this issue is not publicly available. The update is contained
   1155 in the latest binary drivers for Nexus devices available from the
   1156 <a href="https://developers.google.com/android/nexus/drivers">
   1157 Google Developer site</a>.
   1158 </p>
   1159 <p>
   1160 ** Supported Google devices on Android 7.0 or later that have installed all
   1161 available updates are not affected by this vulnerability.
   1162 </p>
   1163 
   1164 
   1165 <h3 id="eop-in-synaptics-touchscreen-driver">Elevation of privilege
   1166 vulnerability in Synaptics touchscreen driver</h3>
   1167 <p>
   1168 An elevation of privilege vulnerability in the Synaptics touchscreen driver
   1169 could enable a local malicious application to execute arbitrary code within the
   1170 context of the touchscreen chipset. This issue is rated as High because it
   1171 first requires compromising a privileged process.
   1172 </p>
   1173 
   1174 <table>
   1175   <col width="19%">
   1176   <col width="20%">
   1177   <col width="10%">
   1178   <col width="23%">
   1179   <col width="17%">
   1180   <tr>
   1181     <th>CVE</th>
   1182     <th>References</th>
   1183     <th>Severity</th>
   1184     <th>Updated Google devices</th>
   1185     <th>Date reported</th>
   1186   </tr>
   1187   <tr>
   1188     <td>CVE-2017-0433</td>
   1189     <td>A-31913571*</td>
   1190     <td>High</td>
   1191     <td>Nexus 6P, Nexus 9, Android One, Pixel, Pixel XL</td>
   1192     <td>Sep 8, 2016</td>
   1193   </tr>
   1194   <tr>
   1195     <td>CVE-2017-0434</td>
   1196     <td>A-33001936*</td>
   1197     <td>High</td>
   1198     <td>Pixel, Pixel XL</td>
   1199     <td>Nov 18, 2016</td>
   1200   </tr>
   1201 </table>
   1202 <p>
   1203 * The patch for this issue is not publicly available. The update is contained
   1204 in the latest binary drivers for Nexus devices available from the
   1205 <a href="https://developers.google.com/android/nexus/drivers">
   1206 Google Developer site</a>.
   1207 </p>
   1208 
   1209 
   1210 <h3
   1211 id="eop-in-qualcomm-secure-execution-environment-communicator-driver">Elevation
   1212 of privilege vulnerability in Qualcomm Secure Execution Environment
   1213 Communicator driver</h3>
   1214 <p>
   1215 An elevation of privilege vulnerability in the Qualcomm Secure Execution
   1216 Environment Communicator drive could enable a local malicious application to
   1217 execute arbitrary code within the context of the kernel. This issue is rated as
   1218 High because it first requires compromising a privileged process.
   1219 </p>
   1220 
   1221 <table>
   1222   <col width="19%">
   1223   <col width="20%">
   1224   <col width="10%">
   1225   <col width="23%">
   1226   <col width="17%">
   1227   <tr>
   1228     <th>CVE</th>
   1229     <th>References</th>
   1230     <th>Severity</th>
   1231     <th>Updated Google devices</th>
   1232     <th>Date reported</th>
   1233   </tr>
   1234   <tr>
   1235     <td>CVE-2016-8480</td>
   1236     <td>A-31804432<br>
   1237         <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=0ed0f061bcd71940ed65de2ba46e37e709e31471">
   1238 QC-CR#1086186</a>
   1239 [<a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=cd70f6025a7bbce89af7a7abf4c40a219fdea406">2</a>]</td>
   1240     <td>High</td>
   1241     <td>Nexus 5X, Nexus 6, Nexus 6P, Android One, Pixel, Pixel XL</td>
   1242     <td>Sep 28, 2016</td>
   1243   </tr>
   1244 </table>
   1245 
   1246 
   1247 <h3 id="eop-in-qualcomm-sound-driver">Elevation of privilege vulnerability in
   1248 Qualcomm sound driver</h3>
   1249 <p>
   1250 An elevation of privilege vulnerability in the Qualcomm sound driver could
   1251 enable a local malicious application to execute arbitrary code within the
   1252 context of the kernel. This issue is rated as High because it first requires
   1253 compromising a privileged process.
   1254 </p>
   1255 
   1256 <table>
   1257   <col width="19%">
   1258   <col width="20%">
   1259   <col width="10%">
   1260   <col width="23%">
   1261   <col width="17%">
   1262   <tr>
   1263     <th>CVE</th>
   1264     <th>References</th>
   1265     <th>Severity</th>
   1266     <th>Updated Google devices</th>
   1267     <th>Date reported</th>
   1268   </tr>
   1269   <tr>
   1270     <td>CVE-2016-8481</td>
   1271     <td>A-31906415*<br>
   1272         QC-CR#1078000</td>
   1273     <td>High</td>
   1274     <td>Nexus 5X, Nexus 6P, Pixel, Pixel XL</td>
   1275     <td>Oct 1, 2016</td>
   1276   </tr>
   1277   <tr>
   1278     <td>CVE-2017-0435</td>
   1279     <td>A-31906657*<br>
   1280         QC-CR#1078000</td>
   1281     <td>High</td>
   1282     <td>Nexus 5X, Nexus 6P, Pixel, Pixel XL</td>
   1283     <td>Oct 1, 2016</td>
   1284   </tr>
   1285   <tr>
   1286     <td>CVE-2017-0436</td>
   1287     <td>A-32624661*<br>
   1288         QC-CR#1078000</td>
   1289     <td>High</td>
   1290     <td>Nexus 5X, Nexus 6P, Pixel, Pixel XL</td>
   1291     <td>Nov 2, 2016</td>
   1292   </tr>
   1293 </table>
   1294 <p>
   1295 * The patch for this issue is not publicly available. The update is contained
   1296 in the latest binary drivers for Nexus devices available from the
   1297 <a href="https://developers.google.com/android/nexus/drivers">
   1298 Google Developer site</a>.
   1299 </p>
   1300 
   1301 
   1302 <h3 id="eop-in-qualcomm-wi-fi-driver">Elevation of privilege vulnerability in
   1303 Qualcomm Wi-Fi driver</h3>
   1304 <p>
   1305 An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could
   1306 enable a local malicious application to execute arbitrary code within the
   1307 context of the kernel. This issue is rated as High because it first requires
   1308 compromising a privileged process.
   1309 </p>
   1310 
   1311 <table>
   1312   <col width="19%">
   1313   <col width="20%">
   1314   <col width="10%">
   1315   <col width="23%">
   1316   <col width="17%">
   1317   <tr>
   1318     <th>CVE</th>
   1319     <th>References</th>
   1320     <th>Severity</th>
   1321     <th>Updated Google devices</th>
   1322     <th>Date reported</th>
   1323   </tr>
   1324   <tr>
   1325     <td>CVE-2017-0437</td>
   1326     <td>A-32402310<br>
   1327         <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=1f0b036dc74ccb6e9f0a03a540efdb0876f5ca77">
   1328 QC-CR#1092497</a></td>
   1329     <td>High</td>
   1330     <td>Nexus 5X, Pixel, Pixel XL</td>
   1331     <td>Oct 25, 2016</td>
   1332   </tr>
   1333   <tr>
   1334     <td>CVE-2017-0438</td>
   1335     <td>A-32402604<br>
   1336         <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=1f0b036dc74ccb6e9f0a03a540efdb0876f5ca77">
   1337 QC-CR#1092497</a></td>
   1338     <td>High</td>
   1339     <td>Nexus 5X, Pixel, Pixel XL</td>
   1340     <td>Oct 25, 2016</td>
   1341   </tr>
   1342   <tr>
   1343     <td>CVE-2017-0439</td>
   1344     <td>A-32450647<br>
   1345         <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=81b6b5538d3227ed4b925fcceedb109abb2a4c61">
   1346 QC-CR#1092059</a></td>
   1347     <td>High</td>
   1348     <td>Nexus 5X, Pixel, Pixel XL</td>
   1349     <td>Oct 25, 2016</td>
   1350   </tr>
   1351   <tr>
   1352     <td>CVE-2016-8419</td>
   1353     <td>A-32454494<br>
   1354         <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=9ba50d536227666a5b6abd51f2b122675d950488">
   1355 QC-CR#1087209</a></td>
   1356     <td>High</td>
   1357     <td>Nexus 5X, Pixel, Pixel XL</td>
   1358     <td>Oct 26, 2016</td>
   1359   </tr>
   1360   <tr>
   1361     <td>CVE-2016-8420</td>
   1362     <td>A-32451171<br>
   1363         <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=c6597e015a7ce5ee71d3725fc55e64fc50923f4e">
   1364 QC-CR#1087807</a></td>
   1365     <td>High</td>
   1366     <td>Nexus 5X, Pixel, Pixel XL</td>
   1367     <td>Oct 26, 2016</td>
   1368   </tr>
   1369   <tr>
   1370     <td>CVE-2016-8421</td>
   1371     <td>A-32451104<br>
   1372         <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=61a5cdb9adc96645583f528ac923e6e59f3abbcb">
   1373 QC-CR#1087797</a></td>
   1374     <td>High</td>
   1375     <td>Nexus 5X, Pixel, Pixel XL</td>
   1376     <td>Oct 26, 2016</td>
   1377   </tr>
   1378   <tr>
   1379     <td>CVE-2017-0440</td>
   1380     <td>A-33252788<br>
   1381         <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=10f0051f7b3b9a7635b0762a8cf102f595f7a268">
   1382 QC-CR#1095770</a></td>
   1383     <td>High</td>
   1384     <td>Nexus 5X, Pixel, Pixel XL</td>
   1385     <td>Nov 11, 2016</td>
   1386   </tr>
   1387   <tr>
   1388     <td>CVE-2017-0441</td>
   1389     <td>A-32872662<br>
   1390         <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=da87131740351b833f17f05dfa859977bc1e7684">
   1391 QC-CR#1095009</a></td>
   1392     <td>High</td>
   1393     <td>Nexus 5X, Pixel, Pixel XL</td>
   1394     <td>Nov 11, 2016</td>
   1395   </tr>
   1396   <tr>
   1397     <td>CVE-2017-0442</td>
   1398     <td>A-32871330<br>
   1399         <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=1f0b036dc74ccb6e9f0a03a540efdb0876f5ca77">
   1400 QC-CR#1092497</a></td>
   1401     <td>High</td>
   1402     <td>Nexus 5X, Pixel, Pixel XL</td>
   1403     <td>Nov 13, 2016</td>
   1404   </tr>
   1405   <tr>
   1406     <td>CVE-2017-0443</td>
   1407     <td>A-32877494<br>
   1408         <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=1f0b036dc74ccb6e9f0a03a540efdb0876f5ca77">
   1409 QC-CR#1092497</a></td>
   1410     <td>High</td>
   1411     <td>Nexus 5X, Pixel, Pixel XL</td>
   1412     <td>Nov 13, 2016</td>
   1413   </tr>
   1414   <tr>
   1415     <td>CVE-2016-8476</td>
   1416     <td>A-32879283<br>
   1417         <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=bfe8035bce6fec72ed1d064b94529fce8fb09799">
   1418 QC-CR#1091940</a></td>
   1419     <td>High</td>
   1420     <td>Nexus 5X, Pixel, Pixel XL</td>
   1421     <td>Nov 14, 2016</td>
   1422   </tr>
   1423 </table>
   1424 
   1425 
   1426 <h3 id="eop-in-realtek-sound-driver">Elevation of privilege vulnerability in
   1427 Realtek sound driver</h3>
   1428 <p>
   1429 An elevation of privilege vulnerability in the Realtek sound driver could
   1430 enable a local malicious application to execute arbitrary code within the
   1431 context of the kernel. This issue is rated as High because it first requires
   1432 compromising a privileged process.
   1433 </p>
   1434 
   1435 <table>
   1436   <col width="19%">
   1437   <col width="20%">
   1438   <col width="10%">
   1439   <col width="23%">
   1440   <col width="17%">
   1441   <tr>
   1442     <th>CVE</th>
   1443     <th>References</th>
   1444     <th>Severity</th>
   1445     <th>Updated Google devices</th>
   1446     <th>Date reported</th>
   1447   </tr>
   1448   <tr>
   1449     <td>CVE-2017-0444</td>
   1450     <td>A-32705232*</td>
   1451     <td>High</td>
   1452     <td>Nexus 9</td>
   1453     <td>Nov 7, 2016</td>
   1454   </tr>
   1455 </table>
   1456 <p>
   1457 * The patch for this issue is not publicly available. The update is contained
   1458 in the latest binary drivers for Nexus devices available from the
   1459 <a href="https://developers.google.com/android/nexus/drivers">
   1460 Google Developer site</a>.
   1461 </p>
   1462 
   1463 
   1464 <h3 id="eop-in-htc-touchscreen-driver">Elevation of privilege vulnerability in
   1465 HTC touchscreen driver</h3>
   1466 <p>
   1467 An elevation of privilege vulnerability in the HTC touchscreen driver could
   1468 enable a local malicious application to execute arbitrary code within the
   1469 context of the kernel. This issue is rated as High because it first requires
   1470 compromising a privileged process.
   1471 </p>
   1472 
   1473 <table>
   1474   <col width="19%">
   1475   <col width="20%">
   1476   <col width="10%">
   1477   <col width="23%">
   1478   <col width="17%">
   1479   <tr>
   1480     <th>CVE</th>
   1481     <th>References</th>
   1482     <th>Severity</th>
   1483     <th>Updated Google devices</th>
   1484     <th>Date reported</th>
   1485   </tr>
   1486   <tr>
   1487     <td>CVE-2017-0445</td>
   1488     <td>A-32769717*</td>
   1489     <td>High</td>
   1490     <td>Pixel, Pixel XL</td>
   1491     <td>Nov 9, 2016</td>
   1492   </tr>
   1493   <tr>
   1494     <td>CVE-2017-0446</td>
   1495     <td>A-32917445*</td>
   1496     <td>High</td>
   1497     <td>Pixel, Pixel XL</td>
   1498     <td>Nov 15, 2016</td>
   1499   </tr>
   1500   <tr>
   1501     <td>CVE-2017-0447</td>
   1502     <td>A-32919560*</td>
   1503     <td>High</td>
   1504     <td>Pixel, Pixel XL</td>
   1505     <td>Nov 15, 2016</td>
   1506   </tr>
   1507 </table>
   1508 <p>
   1509 * The patch for this issue is not publicly available. The update is contained
   1510 in the latest binary drivers for Nexus devices available from the
   1511 <a href="https://developers.google.com/android/nexus/drivers">
   1512 Google Developer site</a>.
   1513 </p>
   1514 
   1515 
   1516 <h3 id="id-in-nvidia-video-driver">Information disclosure vulnerability in
   1517 NVIDIA video driver</h3>
   1518 <p>
   1519 An information disclosure vulnerability in the NVIDIA video driver could enable
   1520 a local malicious application to access data outside of its permission levels.
   1521 This issue is rated as High because it could be used to access sensitive data
   1522 without explicit user permission.
   1523 </p>
   1524 
   1525 <table>
   1526   <col width="19%">
   1527   <col width="20%">
   1528   <col width="10%">
   1529   <col width="23%">
   1530   <col width="17%">
   1531   <tr>
   1532     <th>CVE</th>
   1533     <th>References</th>
   1534     <th>Severity</th>
   1535     <th>Updated Google devices</th>
   1536     <th>Date reported</th>
   1537   </tr>
   1538   <tr>
   1539     <td>CVE-2017-0448</td>
   1540     <td>A-32721029*<br>
   1541         N-CVE-2017-0448</td>
   1542     <td>High</td>
   1543     <td>Nexus 9</td>
   1544     <td>Nov 7, 2016</td>
   1545   </tr>
   1546 </table>
   1547 <p>
   1548 * The patch for this issue is not publicly available. The update is contained
   1549 in the latest binary drivers for Nexus devices available from the
   1550 <a href="https://developers.google.com/android/nexus/drivers">
   1551 Google Developer site</a>.
   1552 </p>
   1553 
   1554 
   1555 <h3 id="eop-in-broadcom-wi-fi-driver-2">Elevation of privilege vulnerability in
   1556 Broadcom Wi-Fi driver</h3>
   1557 <p>
   1558 An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could
   1559 enable a local malicious application to execute arbitrary code within the
   1560 context of the kernel. This issue is rated as Moderate because it first
   1561 requires compromising a privileged process and is mitigated by current platform
   1562 configurations.
   1563 </p>
   1564 
   1565 <table>
   1566   <col width="19%">
   1567   <col width="20%">
   1568   <col width="10%">
   1569   <col width="23%">
   1570   <col width="17%">
   1571   <tr>
   1572     <th>CVE</th>
   1573     <th>References</th>
   1574     <th>Severity</th>
   1575     <th>Updated Google devices</th>
   1576     <th>Date reported</th>
   1577   </tr>
   1578   <tr>
   1579     <td>CVE-2017-0449</td>
   1580     <td>A-31707909*<br>
   1581         B-RB#32094</td>
   1582     <td>Moderate</td>
   1583     <td>Nexus 6, Nexus 6P</td>
   1584     <td>Sep 23, 2016</td>
   1585   </tr>
   1586 </table>
   1587 <p>
   1588 * The patch for this issue is not publicly available. The update is contained
   1589 in the latest binary drivers for Nexus devices available from the
   1590 <a href="https://developers.google.com/android/nexus/drivers">
   1591 Google Developer site</a>.
   1592 </p>
   1593 
   1594 
   1595 <h3 id="eop-in-audioserver-2">Elevation of privilege vulnerability in
   1596 Audioserver</h3>
   1597 <p>
   1598 An elevation of privilege vulnerability in Audioserver could enable a local
   1599 malicious application to execute arbitrary code within the context of a
   1600 privileged process. This issue is rated as Moderate because it is mitigated by
   1601 current platform configurations.
   1602 </p>
   1603 
   1604 <table>
   1605   <col width="19%">
   1606   <col width="20%">
   1607   <col width="10%">
   1608   <col width="23%">
   1609   <col width="17%">
   1610   <tr>
   1611     <th>CVE</th>
   1612     <th>References</th>
   1613     <th>Severity</th>
   1614     <th>Updated Google devices</th>
   1615     <th>Date reported</th>
   1616   </tr>
   1617   <tr>
   1618     <td>CVE-2017-0450</td>
   1619     <td>A-32917432*</td>
   1620     <td>Moderate</td>
   1621     <td>Nexus 9</td>
   1622     <td>Nov 15, 2016</td>
   1623   </tr>
   1624 </table>
   1625 <p>
   1626 * The patch for this issue is not publicly available. The update is contained
   1627 in the latest binary drivers for Nexus devices available from the
   1628 <a href="https://developers.google.com/android/nexus/drivers">
   1629 Google Developer site</a>.
   1630 </p>
   1631 
   1632 
   1633 <h3 id="eop-in-kernel-file-system-2">Elevation of privilege vulnerability in
   1634 kernel file system</h3>
   1635 <p>
   1636 An elevation of privilege vulnerability in the kernel file system could enable
   1637 a local malicious application to bypass protections that prevent an escalation
   1638 of privileges. This issue is rated as Moderate because it is a general bypass
   1639 for a user level defense in depth or exploit mitigation technology.
   1640 </p>
   1641 
   1642 <table>
   1643   <col width="19%">
   1644   <col width="20%">
   1645   <col width="10%">
   1646   <col width="23%">
   1647   <col width="17%">
   1648   <tr>
   1649     <th>CVE</th>
   1650     <th>References</th>
   1651     <th>Severity</th>
   1652     <th>Updated Google devices</th>
   1653     <th>Date reported</th>
   1654   </tr>
   1655   <tr>
   1656     <td>CVE-2016-10044</td>
   1657     <td>A-31711619*</td>
   1658     <td>Moderate</td>
   1659     <td>Nexus 5X, Nexus 6, Nexus 6P, Nexus 9, Android One, Pixel C, Nexus
   1660 Player, Pixel, Pixel XL</td>
   1661     <td>Google internal</td>
   1662   </tr>
   1663 </table>
   1664 <p>
   1665 * The patch for this issue is not publicly available. The update is contained
   1666 in the latest binary drivers for Nexus devices available from the
   1667 <a href="https://developers.google.com/android/nexus/drivers">
   1668 Google Developer site</a>.
   1669 </p>
   1670 
   1671 
   1672 <h3 id="id-in-qualcomm-secure-execution-environment-communicator">Information
   1673 disclosure vulnerability in Qualcomm Secure Execution Environment
   1674 Communicator</h3>
   1675 <p>
   1676 An information disclosure vulnerability in the Qualcomm Secure Execution
   1677 Environment Communicator could enable a local malicious application to access
   1678 data outside of its permission levels. This issue is rated as Moderate because
   1679 it first requires compromising a privileged process.
   1680 </p>
   1681 
   1682 <table>
   1683   <col width="19%">
   1684   <col width="20%">
   1685   <col width="10%">
   1686   <col width="23%">
   1687   <col width="17%">
   1688   <tr>
   1689     <th>CVE</th>
   1690     <th>References</th>
   1691     <th>Severity</th>
   1692     <th>Updated Google devices</th>
   1693     <th>Date reported</th>
   1694   </tr>
   1695   <tr>
   1696     <td>CVE-2016-8414</td>
   1697     <td>A-31704078<br>
   1698         <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=320970d3da9b091e96746424c44649a91852a846">
   1699 QC-CR#1076407</a></td>
   1700     <td>Moderate</td>
   1701     <td>Nexus 5X, Nexus 6P, Android One, Pixel, Pixel XL</td>
   1702     <td>Sep 23, 2016</td>
   1703   </tr>
   1704 </table>
   1705 
   1706 
   1707 <h3 id="id-in-qualcomm-sound-driver">Information disclosure vulnerability in
   1708 Qualcomm sound driver</h3>
   1709 <p>
   1710 An information disclosure vulnerability in the Qualcomm sound driver could
   1711 enable a local malicious application to access data outside of its permission
   1712 levels. This issue is rated as Moderate because it first requires compromising
   1713 a privileged process.
   1714 </p>
   1715 
   1716 <table>
   1717   <col width="19%">
   1718   <col width="20%">
   1719   <col width="10%">
   1720   <col width="23%">
   1721   <col width="17%">
   1722   <tr>
   1723     <th>CVE</th>
   1724     <th>References</th>
   1725     <th>Severity</th>
   1726     <th>Updated Google devices</th>
   1727     <th>Date reported</th>
   1728   </tr>
   1729   <tr>
   1730     <td>CVE-2017-0451</td>
   1731     <td>A-31796345<br>
   1732         <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=59f55cd40b5f44941afc78b78e5bf81ad3dd723e">
   1733 QC-CR#1073129</a>
   1734 [<a href="https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=35346beb2d8882115f698ab22a96803552b5c57e">2</a>]</td>
   1735     <td>Moderate</td>
   1736     <td>Nexus 5X, Nexus 6P, Android One, Pixel, Pixel XL</td>
   1737     <td>Sep 27, 2016</td>
   1738   </tr>
   1739 </table>
   1740 
   1741 <h2 id="common-questions-and-answers">Common Questions and Answers</h2>
   1742 <p>This section answers common questions that may occur after reading this
   1743 bulletin.</p>
   1744 <p><strong>1. How do I determine if my device is updated to address these
   1745 issues?</strong></p>
   1746 <p>To learn how to check a device's security patch level, read the instructions on
   1747 the <a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">
   1748 Pixel and Nexus update schedule</a>.</p>
   1749 <ul>
   1750   <li>Security patch levels of 2017-02-01 or later address all issues associated
   1751   with the 2017-02-01 security patch level.</li>
   1752   <li>Security patch levels of 2017-02-05 or later address all issues associated
   1753   with the 2017-02-05 security patch level and all previous patch levels.
   1754   </li>
   1755 </ul>
   1756 <p>Device manufacturers that include these updates should set the patch string
   1757 level to:</p>
   1758 <ul>
   1759 <li><code>[ro.build.version.security_patch]:[2017-02-01]</code></li>
   1760 <li><code>[ro.build.version.security_patch]:[2017-02-05]</code></li>
   1761 </ul>
   1762 
   1763 <p><strong>2. Why does this bulletin have two security patch levels?</strong></p>
   1764 
   1765 <p>This bulletin has two security patch levels so that Android partners have the
   1766 flexibility to fix a subset of vulnerabilities that are similar across all
   1767 Android devices more quickly. Android partners are encouraged to fix all issues
   1768 in this bulletin and use the latest security patch level.</p>
   1769 <ul>
   1770   <li>Devices that use the February 1, 2017 security patch level must include all
   1771   issues associated with that security patch level, as well as fixes for all
   1772   issues reported in previous security bulletins.</li>
   1773   <li>Devices that use the security patch level of February 5, 2017 or newer must
   1774   include all applicable patches in this (and previous) security
   1775   bulletins.</li>
   1776 </ul>
   1777 <p>Partners are encouraged to bundle the fixes for all issues they are addressing
   1778 in a single update.</p>
   1779 <p><strong>3. How do I determine which Google devices are affected by each
   1780 issue?</strong></p>
   1781 <p>In the <a href="#2017-02-01-details">2017-02-01</a> and
   1782 <a href="#2017-02-05-details">2017-02-05</a>
   1783 security vulnerability details sections, each table has an <em>Updated Google
   1784 devices</em> column that covers the range of affected Google devices updated for
   1785 each issue. This column has a few options:
   1786 </p>
   1787 <ul>
   1788   <li><strong>All Google devices</strong>: If an issue affects All and Pixel
   1789   devices, the table will have "All" in the <em>Updated Google devices</em>
   1790   column. "All" encapsulates the following <a
   1791   href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">supported
   1792   devices</a>: Nexus 5X, Nexus 6, Nexus 6P, Nexus 9, Android One,
   1793   Nexus Player, Pixel C, Pixel, and Pixel XL.</li>
   1794   <li><strong>Some Google devices</strong>: If an issue doesn't affect all Google
   1795   devices, the affected Google devices are listed in the <em>Updated Google
   1796   devices</em> column.</li>
   1797   <li><strong>No Google devices</strong>: If no Google devices running Android 7.0
   1798   are affected by the issue, the table will have "None" in the <em>Updated Google
   1799   devices</em> column.</li>
   1800 </ul>
   1801 <p><strong>4. What do the entries in the references column map to?</strong></p>
   1802 <p>Entries under the <em>References</em> column of the vulnerability details table
   1803 may contain a prefix identifying the organization to which the reference value
   1804 belongs. These prefixes map as follows:</p>
   1805 <table>
   1806   <tr>
   1807    <th>Prefix</th>
   1808    <th>Reference</th>
   1809   </tr>
   1810   <tr>
   1811    <td>A-</td>
   1812    <td>Android bug ID</td>
   1813   </tr>
   1814   <tr>
   1815    <td>QC-</td>
   1816    <td>Qualcomm reference number</td>
   1817   </tr>
   1818   <tr>
   1819    <td>M-</td>
   1820    <td>MediaTek reference number</td>
   1821   </tr>
   1822   <tr>
   1823    <td>N-</td>
   1824    <td>NVIDIA reference number</td>
   1825   </tr>
   1826   <tr>
   1827    <td>B-</td>
   1828    <td>Broadcom reference number</td>
   1829   </tr>
   1830 </table>
   1831 
   1832 <h2 id="revisions">Revisions</h2>
   1833 <ul>
   1834   <li>February 06, 2017: Bulletin published.</li>
   1835   <li>February 08, 2017: Bulletin revised to include AOSP links.</li>
   1836 </ul>
   1837 
   1838   </body>
   1839 </html>
   1840