1 <html devsite> 2 <head> 3 <title>Android Security BulletinMarch 2017</title> 4 <meta name="project_path" value="/_project.yaml" /> 5 <meta name="book_path" value="/_book.yaml" /> 6 </head> 7 <body> 8 <!-- 9 Copyright 2017 The Android Open Source Project 10 11 Licensed under the Apache License, Version 2.0 (the "License"); 12 you may not use this file except in compliance with the License. 13 You may obtain a copy of the License at 14 15 http://www.apache.org/licenses/LICENSE-2.0 16 17 Unless required by applicable law or agreed to in writing, software 18 distributed under the License is distributed on an "AS IS" BASIS, 19 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 20 See the License for the specific language governing permissions and 21 limitations under the License. 22 --> 23 24 25 <p><em>Published March 06, 2017 | Updated March 07, 2017</em></p> 26 <p>The Android Security Bulletin contains details of security vulnerabilities 27 affecting Android devices. Alongside the bulletin, we have released a security 28 update to Google devices through an over-the-air (OTA) update. The Google device 29 firmware images have also been released to the <a 30 href="https://developers.google.com/android/nexus/images">Google Developer 31 site</a>. Security patch levels of March 05, 2017 or later address all of these 32 issues. Refer to the <a 33 href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">Pixel 34 and Nexus update schedule</a> to learn how to check a device's security patch 35 level.</p> 36 <p>Partners were notified of the issues described in the bulletin on February 06, 37 2017 or earlier. Source code patches for these issues have been released to the 38 Android Open Source Project (AOSP) repository and linked from this bulletin. 39 This bulletin also includes links to patches outside of AOSP.</p> 40 <p>The most severe of these issues is a Critical security vulnerability that could 41 enable remote code execution on an affected device through multiple methods such 42 as email, web browsing, and MMS when processing media files. The 43 <a href="/security/overview/updates-resources.html#severity">severity 44 assessment</a> is based on the effect that exploiting the vulnerability would 45 possibly have on an affected device, assuming the platform and service 46 mitigations are disabled for development purposes or if successfully bypassed.</p> 47 <p>We have had no reports of active customer exploitation or abuse of these newly 48 reported issues. Refer to the <a 49 href="#mitigations">Android and Google service 50 mitigations</a> section for details on the <a 51 href="/security/enhancements/index.html">Android 52 security platform protections</a> and service protections such as <a 53 href="https://developer.android.com/training/safetynet/index.html">SafetyNet</a>, 54 which improve the security of the Android platform.</p> 55 <p>We encourage all customers to accept these updates to their devices.</p> 56 <h2 id="announcements">Announcements</h2> 57 <ul> 58 <li>This bulletin has two security patch level strings to provide Android 59 partners with the flexibility to more quickly fix a subset of vulnerabilities 60 that are similar across all Android devices. See <a 61 href="#common-questions-and-answers">Common questions and answers</a> for 62 additional information: 63 <ul> 64 <li><strong>2017-03-01</strong>: Partial security patch level string. This 65 security patch level string indicates that all issues associated with 2017-03-01 66 (and all previous security patch level strings) are addressed.</li> 67 <li><strong>2017-03-05</strong>: Complete security patch level string. This 68 security patch level string indicates that all issues associated with 2017-03-01 69 and 2017-03-05 (and all previous security patch level strings) are addressed.</li> 70 </ul> 71 </li> 72 <li>Supported Google devices will receive a single OTA update with the March 73 05, 2017 security patch level.</li> 74 </ul> 75 <h2 id="mitigations">Android and Google service 76 mitigations</h2> 77 <p>This is a summary of the mitigations provided by the <a 78 href="/security/enhancements/index.html">Android 79 security platform</a> and service protections, such as SafetyNet. These 80 capabilities reduce the likelihood that security vulnerabilities could be 81 successfully exploited on Android.</p> 82 <ul> 83 <li>Exploitation for many issues on Android is made more difficult by 84 enhancements in newer versions of the Android platform. We encourage all users 85 to update to the latest version of Android where possible.</li> 86 <li>The Android Security team actively monitors for abuse with <a 87 href="http://static.googleusercontent.com/media/source.android.com/en//security/reports/Google_Android_Security_2015_Report_Final.pdf">Verify 88 Apps and SafetyNet</a>, which are designed to warn users about <a 89 href="http://static.googleusercontent.com/media/source.android.com/en//security/reports/Google_Android_Security_PHA_classifications.pdf">Potentially 90 Harmful Applications</a>. Verify Apps is enabled by default on devices with <a 91 href="http://www.android.com/gms">Google Mobile Services</a> and is especially 92 important for users who install applications from outside of Google Play. Device 93 rooting tools are prohibited within Google Play, but Verify Apps warns users 94 when they attempt to install a detected rooting applicationno matter where it 95 comes from. Additionally, Verify Apps attempts to identify and block 96 installation of known malicious applications that exploit a privilege escalation 97 vulnerability. If such an application has already been installed, Verify Apps 98 will notify the user and attempt to remove the detected application.</li> 99 <li>As appropriate, Google Hangouts and Messenger applications do not 100 automatically pass media to processes such as Mediaserver.</li> 101 </ul> 102 <h2 id="acknowledgements">Acknowledgements</h2> 103 <p>We would like to thank these researchers for their contributions:</p> 104 <ul> 105 <li>Alexander Potapenko of Google Dynamic Tools team: CVE-2017-0537 106 <li>Baozeng Ding, Chengming Yang, Peng Xiao, and Yang Song of Alibaba Mobile 107 Security Group: CVE-2017-0506 108 <li>Baozeng Ding, Ning You, Chengming Yang, Peng Xiao, and Yang Song of Alibaba 109 Mobile Security Group: CVE-2017-0463 110 <li>Billy Lau of Android Security: CVE-2017-0335, CVE-2017-0336, CVE-2017-0338, 111 CVE-2017-0460 112 <li><a href="mailto:derrek.haxx (a] gmail.com">derrek</a> (<a 113 href="https://twitter.com/derrekr6">@derrekr6</a>): CVE-2016-8413, 114 CVE-2016-8477, CVE-2017-0531 115 <li><a href="mailto:derrek.haxx (a] gmail.com">derrek</a> (<a 116 href="https://twitter.com/derrekr6">@derrekr6</a>) and <a 117 href="mailto:sbauer (a] plzdonthack.me">Scott Bauer</a> (<a 118 href="https://twitter.com/ScottyBauer1">@ScottyBauer1</a>): CVE-2017-0521 119 <li>Di Shen (<a href="https://twitter.com/returnsme">@returnsme</a>) of KeenLab 120 (<a href="https://twitter.com/keen_lab">@keen_lab</a>), Tencent: CVE-2017-0334, 121 CVE-2017-0456, CVE-2017-0457, CVE-2017-0525 122 <li>En He (<a href="https://twitter.com/heeeeen4x">@heeeeen4x</a>) and Bo Liu of 123 <a href="http://www.ms509.com">MS509Team</a>: CVE-2017-0490 124 <li>Gengjia Chen (<a href="https://twitter.com/chengjia4574">@chengjia4574</a>) 125 and <a href="http://weibo.com/jfpan">pjf</a> of IceSword Lab, Qihoo 360 126 Technology Co. Ltd.: CVE-2017-0500, CVE-2017-0501, CVE-2017-0502, CVE-2017-0503, 127 CVE-2017-0509, CVE-2017-0524, CVE-2017-0529, CVE-2017-0536 128 <li>Hao Chen and Guang Gong of Alpha Team, Qihoo 360 Technology Co. Ltd.: 129 CVE-2017-0453, CVE-2017-0461, CVE-2017-0464 130 <li>Hiroki Yamamoto and Fang Chen of Sony Mobile Communications Inc.: 131 CVE-2017-0481 132 <li>IBM Security X-Force Researchers Sagi Kedmi and Roee Hay: CVE-2017-0510 133 <li>Jianjun Dai (<a href="https://twitter.com/Jioun_dai">@Jioun_dai</a>) of <a 134 href="https://skyeye.360safe.com">Qihoo 360 Skyeye Labs</a>: CVE-2017-0478 135 <li>Jianqiang Zhao (<a 136 href="https://twitter.com/jianqiangzhao">@jianqiangzhao</a>) and <a 137 href="http://weibo.com/jfpan">pjf</a> of IceSword Lab, Qihoo 360: CVE-2016-8416, 138 CVE-2016-8478, CVE-2017-0458, CVE-2017-0459, CVE-2017-0518, CVE-2017-0519, 139 CVE-2017-0533, CVE-2017-0534 140 <li><a href="mailto:zlbzlb815 (a] 163.com">Lubo Zhang</a>, <a 141 href="mailto:segfault5514 (a] gmail.com">Tong Lin</a>, <a 142 href="mailto:computernik (a] gmail.com">Yuan-Tsung Lo</a>, and Xuxian Jiang of <a 143 href="http://c0reteam.org">C0RE Team</a>: CVE-2016-8479 144 <li>Makoto Onuki of Google: CVE-2017-0491 145 <li>Mingjian Zhou (<a 146 href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>), <a 147 href="mailto:arnow117 (a] gmail.com">Hanxiang Wen</a>, and Xuxian Jiang of <a 148 href="http://c0reteam.org">C0RE Team</a>: CVE-2017-0479, CVE-2017-0480 149 <li>Nathan Crandall (<a href="https://twitter.com/natecray">@natecray</a>): 150 CVE-2017-0535 151 <li>Nathan Crandall (<a href="https://twitter.com/natecray">@natecray</a>) of 152 Tesla Motors Product Security Team: CVE-2017-0306 153 <li>Pengfei Ding (), Chenfu Bao (), Lenx Wei () of Baidu X-Lab 154 (): CVE-2016-8417 155 <li>Qidan He () (<a href="https://twitter.com/flanker_hqd">@flanker_hqd</a>) 156 of KeenLab, Tencent: CVE-2017-0337, CVE-2017-0476 157 <li>Qing Zhang of Qihoo 360 and Guangdong Bai of Singapore Institute of 158 Technology (SIT): CVE-2017-0496 159 <li>Quhe and wanchouchou of Ant-financial Light-Year Security Lab 160 (): CVE-2017-0522 161 <li><a href="mailto:keun-o.park (a] darkmatter.ae">Sahara</a> of Secure 162 Communications in DarkMatter: CVE-2017-0528 163 <li>salls (<a href="https://twitter.com/chris_salls">@chris_salls</a>) of 164 Shellphish Grill Team, UC Santa Barbara: CVE-2017-0505 165 <li><a href="mailto:sbauer (a] plzdonthack.me">Scott Bauer</a> (<a 166 href="https://twitter.com/ScottyBauer1">@ScottyBauer1</a>): CVE-2017-0504, 167 CVE-2017-0516 168 <li>Sean Beaupre (beaups): CVE-2017-0455 169 <li>Seven Shen (<a href="https://twitter.com/lingtongshen">@lingtongshen</a>) of 170 Trend Micro: CVE-2017-0452 171 <li>Shinichi Matsumoto of Fujitsu: CVE-2017-0498 172 <li><a href="mailto:smarques84 (a] gmail.com">Stphane Marques</a> of <a 173 href="http://www.byterev.com">ByteRev</a>: CVE-2017-0489 174 <li>Svetoslav Ganov of Google: CVE-2017-0492 175 <li><a href="mailto:segfault5514 (a] gmail.com">Tong Lin</a>, <a 176 href="mailto:computernik (a] gmail.com">Yuan-Tsung Lo</a>, and Xuxian Jiang of <a 177 href="http://c0reteam.org">C0RE Team</a>: CVE-2017-0333 178 <li>V.E.O (<a href="https://twitter.com/vysea">@VYSEa</a>) of <a 179 href="http://blog.trendmicro.com/trendlabs-security-intelligence/category/mobile">Mobile 180 Threat Response Team</a>, <a href="http://www.trendmicro.com">Trend Micro</a>: 181 CVE-2017-0466, CVE-2017-0467, CVE-2017-0468, CVE-2017-0469, CVE-2017-0470, 182 CVE-2017-0471, CVE-2017-0472, CVE-2017-0473, CVE-2017-0482, CVE-2017-0484, 183 CVE-2017-0485, CVE-2017-0486, CVE-2017-0487, CVE-2017-0494, CVE-2017-0495 184 <li>Wish Wu ( ) (<a href="https://twitter.com/wish_wu">@wish_wu</a>) of 185 Ant-financial Light-Year Security Lab (): CVE-2017-0477 186 <li>Yu Pan of Vulpecker Team, Qihoo 360 Technology Co. Ltd: CVE-2017-0517, 187 CVE-2017-0532 188 <li><a href="mailto:computernik (a] gmail.com">Yuan-Tsung Lo</a>, and Xuxian Jiang 189 of <a href="http://c0reteam.org">C0RE Team</a>: CVE-2017-0526, CVE-2017-0527 190 <li>Yuqi Lu (<a href="https://twitter.com/nikos233__">@nikos233</a>), <a 191 href="mailto:vancouverdou (a] gmail.com">Wenke Dou</a>, <a 192 href="mailto:shaodacheng2016 (a] gmail.com">Dacheng Shao</a>, Mingjian Zhou (<a 193 href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>), and Xuxian Jiang 194 of <a href="http://c0reteam.org">C0RE Team</a>: CVE-2017-0483</li> 195 <li>Zinuo Han (<a href="https://weibo.com/ele7enxxh">weibo.com/ele7enxxh</a>) 196 of Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd.: 197 CVE-2017-0475, CVE-2017-0497 198 </ul> 199 200 <h2 id="2017-03-01-details">2017-03-01 security patch levelVulnerability 201 details</h2> 202 <p>In the sections below, we provide details for each of the security 203 vulnerabilities that apply to the 2017-03-01 patch level. There is a description 204 of the issue, a severity rationale, and a table with the CVE, associated 205 references, severity, updated Google devices, updated AOSP versions (where 206 applicable), and date reported. When available, we will link the public change 207 that addressed the issue to the bug ID, like the AOSP change list. When multiple 208 changes relate to a single bug, additional references are linked to numbers 209 following the bug ID.</p> 210 211 212 <h3 id="rce-in-openssl-&-boringssl">Remote code execution vulnerability in 213 OpenSSL & BoringSSL</h3> 214 <p>A remote code execution vulnerability in OpenSSL and BoringSSL could enable an 215 attacker using a specially crafted file to cause memory corruption during file 216 and data processing. This issue is rated as Critical due to the possibility of 217 remote code execution within the context of a privileged process.</p> 218 219 <table> 220 <col width="18%"> 221 <col width="17%"> 222 <col width="10%"> 223 <col width="19%"> 224 <col width="18%"> 225 <col width="17%"> 226 <tr> 227 <th>CVE</th> 228 <th>References</th> 229 <th>Severity</th> 230 <th>Updated Google devices</th> 231 <th>Updated AOSP versions</th> 232 <th>Date reported</th> 233 </tr> 234 <tr> 235 <td>CVE-2016-2182</td> 236 <td><a href="https://android.googlesource.com/platform/external/boringssl/+/54bf62a81586d99d0a951ca3342d569b59e69b80"> 237 A-32096880</a></td> 238 <td>Critical</td> 239 <td>All</td> 240 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 241 <td>Aug 5, 2016</td> 242 </tr> 243 </table> 244 245 246 <h3 id="rce-in-mediaserver-">Remote code execution vulnerability in Mediaserver 247 </h3> 248 <p>A remote code execution vulnerability in Mediaserver could enable an attacker 249 using a specially crafted file to cause memory corruption during media file and 250 data processing. This issue is rated as Critical due to the possibility of 251 remote code execution within the context of the Mediaserver process.</p> 252 253 <table> 254 <col width="18%"> 255 <col width="17%"> 256 <col width="10%"> 257 <col width="19%"> 258 <col width="18%"> 259 <col width="17%"> 260 <tr> 261 <th>CVE</th> 262 <th>References</th> 263 <th>Severity</th> 264 <th>Updated Google devices</th> 265 <th>Updated AOSP versions</th> 266 <th>Date reported</th> 267 </tr> 268 <tr> 269 <td>CVE-2017-0466</td> 270 <td><a href="https://android.googlesource.com/platform/external/libavc/+/c4f152575bd6d8cc6db1f89806e2ba1fd1bb314f">A-33139050</a> 271 [<a href="https://android.googlesource.com/platform/external/libavc/+/ec9ab83ac437d31f484a86643e2cc66db8efae4c">2</a>] 272 </td> 273 <td>Critical</td> 274 <td>All</td> 275 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 276 <td>Nov 25, 2016</td> 277 </tr> 278 <tr> 279 <td>CVE-2017-0467</td> 280 <td><a href="https://android.googlesource.com/platform/external/libavc/+/c4f152575bd6d8cc6db1f89806e2ba1fd1bb314f">A-33250932</a> 281 [<a href="https://android.googlesource.com/platform/external/libavc/+/fd9a12f9fdd9dd3e66c59dd7037e864b948085f7">2</a>] 282 </td> 283 <td>Critical</td> 284 <td>All</td> 285 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 286 <td>Nov 30, 2016</td> 287 </tr> 288 <tr> 289 <td>CVE-2017-0468</td> 290 <td><a href="https://android.googlesource.com/platform/external/libavc/+/0e8b1dff88e08b9d738d2360f05b96108e190995">A-33351708</a> 291 [<a href="https://android.googlesource.com/platform/external/libavc/+/fd9a12f9fdd9dd3e66c59dd7037e864b948085f7">2</a>] 292 </td> 293 <td>Critical</td> 294 <td>All</td> 295 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 296 <td>Dec 5, 2016</td> 297 </tr> 298 <tr> 299 <td>CVE-2017-0469</td> 300 <td><a href="https://android.googlesource.com/platform/external/libavc/+/21851eaecc814be709cb0c20f732cb858cfe1440"> 301 A-33450635</a></td> 302 <td>Critical</td> 303 <td>All</td> 304 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 305 <td>Dec 8, 2016</td> 306 </tr> 307 <tr> 308 <td>CVE-2017-0470</td> 309 <td><a href="https://android.googlesource.com/platform/external/libavc/+/6aac82003d665708b4e21e9b91693b642e2fa64f"> 310 A-33818500</a></td> 311 <td>Critical</td> 312 <td>All</td> 313 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 314 <td>Dec 21, 2016</td> 315 </tr> 316 <tr> 317 <td>CVE-2017-0471</td> 318 <td><a href="https://android.googlesource.com/platform/external/libavc/+/4a61d15e7b0ab979ba7e80db8ddbde025c1ce6cc"> 319 A-33816782</a></td> 320 <td>Critical</td> 321 <td>All</td> 322 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 323 <td>Dec 21, 2016</td> 324 </tr> 325 <tr> 326 <td>CVE-2017-0472</td> 327 <td><a href="https://android.googlesource.com/platform/external/libhevc/+/dfa7251ff270ae7e12a019e6735542e36b2a47e0"> 328 A-33862021</a></td> 329 <td>Critical</td> 330 <td>All</td> 331 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 332 <td>Dec 23, 2016</td> 333 </tr> 334 <tr> 335 <td>CVE-2017-0473</td> 336 <td><a href="https://android.googlesource.com/platform/external/libavc/+/0a4463e2beddb8290e05ad552e48b17686f854ce"> 337 A-33982658</a></td> 338 <td>Critical</td> 339 <td>All</td> 340 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 341 <td>Dec 30, 2016</td> 342 </tr> 343 <tr> 344 <td>CVE-2017-0474</td> 345 <td><a href="https://android.googlesource.com/platform/external/libvpx/+/6f5927de29337fa532c64d0ef8c7cb68f7c89889"> 346 A-32589224</a></td> 347 <td>Critical</td> 348 <td>All</td> 349 <td>7.0, 7.1.1</td> 350 <td>Google internal</td> 351 </tr> 352 </table> 353 354 <h3 id="eop-in-recovery-verifier">Elevation of privilege vulnerability in 355 recovery verifier</h3> 356 <p>An elevation of privilege vulnerability in the recovery verifier could enable a 357 local malicious application to execute arbitrary code within the context of the 358 kernel. This issue is rated as Critical due to the possibility of a local 359 permanent device compromise, which may require reflashing the operating system 360 to repair the device.</p> 361 362 <table> 363 <col width="18%"> 364 <col width="17%"> 365 <col width="10%"> 366 <col width="19%"> 367 <col width="18%"> 368 <col width="17%"> 369 <tr> 370 <th>CVE</th> 371 <th>References</th> 372 <th>Severity</th> 373 <th>Updated Google devices</th> 374 <th>Updated AOSP versions</th> 375 <th>Date reported</th> 376 </tr> 377 <tr> 378 <td>CVE-2017-0475</td> 379 <td><a href="https://android.googlesource.com/platform/bootable/recovery/+/2c6c23f651abb3d215134dfba463eb72a5e9f8eb"> 380 A-31914369</a></td> 381 <td>Critical</td> 382 <td>All</td> 383 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 384 <td>Oct 2, 2016</td> 385 </tr> 386 </table> 387 388 389 <h3 id="rce-in-aosp-messaging">Remote code execution vulnerability in AOSP 390 Messaging</h3> 391 <p>A remote code execution vulnerability in AOSP Messaging could enable an 392 attacker using a specially crafted file to cause memory corruption during media 393 file and data processing. This issue is rated as High due to the possibility of 394 remote code execution within the context of an unprivileged process.</p> 395 396 <table> 397 <col width="18%"> 398 <col width="17%"> 399 <col width="10%"> 400 <col width="19%"> 401 <col width="18%"> 402 <col width="17%"> 403 <tr> 404 <th>CVE</th> 405 <th>References</th> 406 <th>Severity</th> 407 <th>Updated Google devices</th> 408 <th>Updated AOSP versions</th> 409 <th>Date reported</th> 410 </tr> 411 <tr> 412 <td>CVE-2017-0476</td> 413 <td><a href="https://android.googlesource.com/platform/packages/apps/Messaging/+/8ba22b48ebff50311d7eaa8d512f9d507f0bdd0d"> 414 A-33388925</a></td> 415 <td>High</td> 416 <td>All</td> 417 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 418 <td>Dec 6, 2016</td> 419 </tr> 420 </table> 421 422 423 <h3 id="rce-in-libgdx">Remote code execution vulnerability in libgdx</h3> 424 <p>A remote code execution vulnerability in libgdx could enable an attacker using 425 a specially crafted file to execute arbitrary code within the context of an 426 unprivileged process. This issue is rated as High due to the possibility of 427 remote code execution in an application that uses this library.</p> 428 429 <table> 430 <col width="18%"> 431 <col width="17%"> 432 <col width="10%"> 433 <col width="19%"> 434 <col width="18%"> 435 <col width="17%"> 436 <tr> 437 <th>CVE</th> 438 <th>References</th> 439 <th>Severity</th> 440 <th>Updated Google devices</th> 441 <th>Updated AOSP versions</th> 442 <th>Date reported</th> 443 </tr> 444 <tr> 445 <td>CVE-2017-0477</td> 446 <td><a href="https://android.googlesource.com/platform/external/libgdx/+/fba04a52f43315cdb7dd38766822af0324eab7c5"> 447 A-33621647</a></td> 448 <td>High</td> 449 <td>All</td> 450 <td>7.1.1</td> 451 <td>Dec 14, 2016</td> 452 </tr> 453 </table> 454 455 456 <h3 id="rce-in-framesequence-library">Remote code execution vulnerability in 457 Framesequence library</h3> 458 <p>A remote code execution vulnerability in the Framesequence library could enable 459 an attacker using a specially crafted file to execute arbitrary code in the 460 context of an unprivileged process. This issue is rated as High due to the 461 possibility of remote code execution in an application that uses the 462 Framesequence library.</p> 463 464 <table> 465 <col width="18%"> 466 <col width="17%"> 467 <col width="10%"> 468 <col width="19%"> 469 <col width="18%"> 470 <col width="17%"> 471 <tr> 472 <th>CVE</th> 473 <th>References</th> 474 <th>Severity</th> 475 <th>Updated Google devices</th> 476 <th>Updated AOSP versions</th> 477 <th>Date reported</th> 478 </tr> 479 <tr> 480 <td>CVE-2017-0478</td> 481 <td><a href="https://android.googlesource.com/platform/frameworks/ex/+/7c824f17b3eea976ca58be7ea097cb807126f73b"> 482 A-33718716</a></td> 483 <td>High</td> 484 <td>All</td> 485 <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 486 <td>Dec 16, 2016</td> 487 </tr> 488 </table> 489 490 <h3 id="eop-in-nfc">Elevation of privilege vulnerability in NFC</h3> 491 <p>An elevation of privilege vulnerability in NFC could enable a proximate 492 attacker to execute arbitrary code within the context of a privileged process. 493 This issue is rated as High because it could be used to gain local access to 494 elevated capabilities, which are not normally accessible to a third-party 495 application.</p> 496 497 <table> 498 <col width="18%"> 499 <col width="17%"> 500 <col width="10%"> 501 <col width="19%"> 502 <col width="18%"> 503 <col width="17%"> 504 <tr> 505 <th>CVE</th> 506 <th>References</th> 507 <th>Severity</th> 508 <th>Updated Google devices</th> 509 <th>Updated AOSP versions</th> 510 <th>Date reported</th> 511 </tr> 512 <tr> 513 <td>CVE-2017-0481</td> 514 <td><a href="https://android.googlesource.com/platform/external/libnfc-nci/+/c67cc6ad2addddcb7185a33b08d27290ce54e350"> 515 A-33434992</a></td> 516 <td>High</td> 517 <td>All</td> 518 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 519 <td>Nov 6, 2016</td> 520 </tr> 521 </table> 522 523 <h3 id="eop-in-audioserver">Elevation of privilege vulnerability in 524 Audioserver</h3> 525 <p>An elevation of privilege vulnerability in Audioserver could enable a local 526 malicious application to execute arbitrary code within the context of a 527 privileged process. This issue is rated as High because it could be used to 528 gain local access to elevated capabilities, which are not normally accessible 529 to a third-party application.</p> 530 531 <table> 532 <col width="18%"> 533 <col width="17%"> 534 <col width="10%"> 535 <col width="19%"> 536 <col width="18%"> 537 <col width="17%"> 538 <tr> 539 <th>CVE</th> 540 <th>References</th> 541 <th>Severity</th> 542 <th>Updated Google devices</th> 543 <th>Updated AOSP versions</th> 544 <th>Date reported</th> 545 </tr> 546 <tr> 547 <td>CVE-2017-0479</td> 548 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/22e26d8ee73488c58ba3e7928e5da155151abfd0"> 549 A-32707507</a> 550 [<a href="https://android.googlesource.com/platform/frameworks/av/+/8415635765380be496da9b4578d8f134a527d86b">2</a>] 551 </td> 552 <td>High</td> 553 <td>All</td> 554 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 555 <td>Nov 7, 2016</td> 556 </tr> 557 <tr> 558 <td>CVE-2017-0480</td> 559 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/22e26d8ee73488c58ba3e7928e5da155151abfd0"> 560 A-32705429</a> 561 [<a href="https://android.googlesource.com/platform/frameworks/av/+/8415635765380be496da9b4578d8f134a527d86b">2</a>] 562 </td> 563 <td>High</td> 564 <td>All</td> 565 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 566 <td>Nov 7, 2016</td> 567 </tr> 568 </table> 569 570 571 <h3 id="dos-in-mediaserver">Denial of service vulnerability in Mediaserver</h3> 572 <p>A denial of service vulnerability in Mediaserver could enable an attacker to 573 use a specially crafted file to cause a device hang or reboot. This issue is 574 rated as High severity due to the possibility of remote denial of service.</p> 575 576 <table> 577 <col width="18%"> 578 <col width="17%"> 579 <col width="10%"> 580 <col width="19%"> 581 <col width="18%"> 582 <col width="17%"> 583 <tr> 584 <th>CVE</th> 585 <th>References</th> 586 <th>Severity</th> 587 <th>Updated Google devices</th> 588 <th>Updated AOSP versions</th> 589 <th>Date reported</th> 590 </tr> 591 <tr> 592 <td>CVE-2017-0482</td> 593 <td><a href="https://android.googlesource.com/platform/external/libavc/+/ec9ab83ac437d31f484a86643e2cc66db8efae4c"> 594 A-33090864</a> 595 [<a href="https://android.googlesource.com/platform/external/libavc/+/0e8b1dff88e08b9d738d2360f05b96108e190995">2</a>] 596 [<a href="https://android.googlesource.com/platform/external/libavc/+/a467b1fb2956fdcee5636ab63573a4bca8150dbe">3</a>] 597 [<a href="https://android.googlesource.com/platform/external/libavc/+/3695b6bdaa183bb2852da06b63ebd5b9c2cace36">4</a>] 598 [<a href="https://android.googlesource.com/platform/external/libavc/+/c4f152575bd6d8cc6db1f89806e2ba1fd1bb314f">5</a>] 599 [<a href="https://android.googlesource.com/platform/external/libavc/+/fd9a12f9fdd9dd3e66c59dd7037e864b948085f7">6</a>]</td> 600 <td>High</td> 601 <td>All</td> 602 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 603 <td>Nov 22, 2016</td> 604 </tr> 605 <tr> 606 <td>CVE-2017-0483</td> 607 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/bc62c086e9ba7530723dc8874b83159f4d77d976"> 608 A-33137046</a> 609 [<a href="https://android.googlesource.com/platform/frameworks/av/+/5cabe32a59f9be1e913b6a07a23d4cfa55e3fb2f">2</a>]</td> 610 <td>High</td> 611 <td>All</td> 612 <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 613 <td>Nov 24, 2016</td> 614 </tr> 615 <tr> 616 <td>CVE-2017-0484</td> 617 <td><a href="https://android.googlesource.com/platform/external/libavc/+/fd9a12f9fdd9dd3e66c59dd7037e864b948085f7"> 618 A-33298089</a> 619 [<a href="https://android.googlesource.com/platform/external/libavc/+/a467b1fb2956fdcee5636ab63573a4bca8150dbe">2</a>]</td> 620 <td>High</td> 621 <td>All</td> 622 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 623 <td>Dec 1, 2016</td> 624 </tr> 625 <tr> 626 <td>CVE-2017-0485</td> 627 <td><a href="https://android.googlesource.com/platform/external/libavc/+/3695b6bdaa183bb2852da06b63ebd5b9c2cace36"> 628 A-33387820</a></td> 629 <td>High</td> 630 <td>All</td> 631 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 632 <td>Dec 6, 2016</td> 633 </tr> 634 <tr> 635 <td>CVE-2017-0486</td> 636 <td><a href="https://android.googlesource.com/platform/external/libavc/+/19814b7ad4ea6f0cc4cab34e50ebab2e180fc269"> 637 A-33621215</a></td> 638 <td>High</td> 639 <td>All</td> 640 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 641 <td>Dec 14, 2016</td> 642 </tr> 643 <tr> 644 <td>CVE-2017-0487</td> 645 <td><a href="https://android.googlesource.com/platform/external/libavc/+/aa78b96e842fc1fb70a18acff22be35c7a715b23"> 646 A-33751193</a></td> 647 <td>High</td> 648 <td>All</td> 649 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 650 <td>Dec 19, 2016</td> 651 </tr> 652 <tr> 653 <td>CVE-2017-0488</td> 654 <td><a href="https://android.googlesource.com/platform/external/libavc/+/0340381cd8c220311fd4fe2e8b23e1534657e399"> 655 A-34097213</a></td> 656 <td>High</td> 657 <td>All</td> 658 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 659 <td>Google internal</td> 660 </tr> 661 </table> 662 663 <h3 id="eop-in-location-manager">Elevation of privilege vulnerability in 664 Location Manager</h3> 665 <p>An elevation of privilege vulnerability in Location Manager could enable a 666 local malicious application to bypass operating system protections for location 667 data. This issue is rated as Moderate because it could be used to generate 668 inaccurate data.</p> 669 670 <table> 671 <col width="18%"> 672 <col width="17%"> 673 <col width="10%"> 674 <col width="19%"> 675 <col width="18%"> 676 <col width="17%"> 677 <tr> 678 <th>CVE</th> 679 <th>References</th> 680 <th>Severity</th> 681 <th>Updated Google devices</th> 682 <th>Updated AOSP versions</th> 683 <th>Date reported</th> 684 </tr> 685 <tr> 686 <td>CVE-2017-0489</td> 687 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/d22261fef84481651e12995062105239d551cbc6"> 688 A-33091107</a></td> 689 <td>Moderate</td> 690 <td>All</td> 691 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 692 <td>Nov 20, 2016</td> 693 </tr> 694 </table> 695 696 697 <h3 id="eop-in-wi-fi">Elevation of privilege vulnerability in Wi-Fi</h3> 698 <p>An elevation of privilege vulnerability in Wi-Fi could enable a local malicious 699 application to delete user data. This issue is rated as Moderate because it is 700 a local bypass of user interaction requirements that would normally require 701 either user initiation or user permission. </p> 702 703 <table> 704 <col width="18%"> 705 <col width="17%"> 706 <col width="10%"> 707 <col width="19%"> 708 <col width="18%"> 709 <col width="17%"> 710 <tr> 711 <th>CVE</th> 712 <th>References</th> 713 <th>Severity</th> 714 <th>Updated Google devices</th> 715 <th>Updated AOSP versions</th> 716 <th>Date reported</th> 717 </tr> 718 <tr> 719 <td>CVE-2017-0490</td> 720 <td><a href="https://android.googlesource.com/platform/packages/apps/CertInstaller/+/1166ca8adba9b49c9185dad11b28b02e72124d95"> 721 A-33178389</a> 722 [<a href="https://android.googlesource.com/platform/packages/apps/CertInstaller/+/1ad3b1e3256a226be362de1a4959f2a642d349b7">2</a>] 723 [<a href="https://android.googlesource.com/platform/frameworks/opt/net/wifi/+/41c42f5bb544acf8bede2d05c6325657d92bd83c">3</a>] 724 </td> 725 <td>Moderate</td> 726 <td>All</td> 727 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 728 <td>Nov 25, 2016</td> 729 </tr> 730 </table> 731 732 733 <h3 id="eop-in-package-manager">Elevation of privilege vulnerability in Package 734 Manager</h3> 735 <p>An elevation of privilege vulnerability in Package Manager could enable a local 736 malicious application to prevent users from uninstalling applications or 737 removing permissions from applications. This issue is rated as Moderate because 738 it is a local bypass of user interaction requirements.</p> 739 740 <table> 741 <col width="18%"> 742 <col width="17%"> 743 <col width="10%"> 744 <col width="19%"> 745 <col width="18%"> 746 <col width="17%"> 747 <tr> 748 <th>CVE</th> 749 <th>References</th> 750 <th>Severity</th> 751 <th>Updated Google devices</th> 752 <th>Updated AOSP versions</th> 753 <th>Date reported</th> 754 </tr> 755 <tr> 756 <td>CVE-2017-0491</td> 757 <td><a href="https://android.googlesource.com/platform/packages/apps/PackageInstaller/+/5c49b6bf732c88481466dea341917b8604ce53fa"> 758 A-32553261</a> 759 </td> 760 <td>Moderate</td> 761 <td>All</td> 762 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 763 <td>Google internal</td> 764 </tr> 765 </table> 766 767 768 <h3 id="eop-in-system-ui">Elevation of privilege vulnerability in System 769 UI</h3> 770 <p>An elevation of privilege vulnerability in the System UI could enable a local 771 malicious application to create a UI overlay covering the entire screen. This 772 issue is rated as Moderate because it is a local bypass of user interaction 773 requirements that would normally require either user initiation or user 774 permission.</p> 775 776 <table> 777 <col width="18%"> 778 <col width="17%"> 779 <col width="10%"> 780 <col width="19%"> 781 <col width="18%"> 782 <col width="17%"> 783 <tr> 784 <th>CVE</th> 785 <th>References</th> 786 <th>Severity</th> 787 <th>Updated Google devices</th> 788 <th>Updated AOSP versions</th> 789 <th>Date reported</th> 790 </tr> 791 <tr> 792 <td>CVE-2017-0492</td> 793 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/f4bed684c939b0f8809ef404b8609fe4ef849263"> 794 A-30150688</a> 795 </td> 796 <td>Moderate</td> 797 <td>All</td> 798 <td>7.1.1</td> 799 <td>Google internal</td> 800 </tr> 801 </table> 802 803 804 <h3 id="id-in-aosp-messaging">Information disclosure vulnerability in AOSP 805 Messaging</h3> 806 <p>An information disclosure vulnerability in AOSP Messaging could enable a remote 807 attacker using a special crafted file to access data outside of its permission 808 levels. This issue is rated as Moderate because it could be used to access 809 sensitive data without permission.</p> 810 811 <table> 812 <col width="18%"> 813 <col width="17%"> 814 <col width="10%"> 815 <col width="19%"> 816 <col width="18%"> 817 <col width="17%"> 818 <tr> 819 <th>CVE</th> 820 <th>References</th> 821 <th>Severity</th> 822 <th>Updated Google devices</th> 823 <th>Updated AOSP versions</th> 824 <th>Date reported</th> 825 </tr> 826 <tr> 827 <td>CVE-2017-0494</td> 828 <td><a href="https://android.googlesource.com/platform/packages/apps/Messaging/+/3f9821128abd66c4cd2f040d8243efb334bfad2d"> 829 A-32764144</a></td> 830 <td>Moderate</td> 831 <td>All</td> 832 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 833 <td>Nov 9, 2016</td> 834 </tr> 835 </table> 836 837 838 <h3 id="id-in-mediaserver">Information disclosure vulnerability in 839 Mediaserver</h3> 840 <p>An information disclosure vulnerability in Mediaserver could enable a local 841 malicious application to access data outside of its permission levels. This 842 issue is rated as Moderate because it could be used to access sensitive data 843 without permission.</p> 844 845 <table> 846 <col width="18%"> 847 <col width="17%"> 848 <col width="10%"> 849 <col width="19%"> 850 <col width="18%"> 851 <col width="17%"> 852 <tr> 853 <th>CVE</th> 854 <th>References</th> 855 <th>Severity</th> 856 <th>Updated Google devices</th> 857 <th>Updated AOSP versions</th> 858 <th>Date reported</th> 859 </tr> 860 <tr> 861 <td>CVE-2017-0495</td> 862 <td><a href="https://android.googlesource.com/platform/external/libavc/+/85c0ec4106659a11c220cd1210f8d76c33d9e2ae"> 863 A-33552073</a></td> 864 <td>Moderate</td> 865 <td>All</td> 866 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 867 <td>Dec 11, 2016</td> 868 </tr> 869 </table> 870 871 872 <h3 id="dos-in-setup-wizard">Denial of service vulnerability in Setup 873 Wizard</h3> 874 <p>A denial of service vulnerability in Setup Wizard could allow a local malicious 875 application to temporarily block access to an affected device. This issue is 876 rated as Moderate because it may require a factory reset to repair the device.</p> 877 878 <table> 879 <col width="18%"> 880 <col width="17%"> 881 <col width="10%"> 882 <col width="19%"> 883 <col width="18%"> 884 <col width="17%"> 885 <tr> 886 <th>CVE</th> 887 <th>References</th> 888 <th>Severity</th> 889 <th>Updated Google devices</th> 890 <th>Updated AOSP versions</th> 891 <th>Date reported</th> 892 </tr> 893 <tr> 894 <td>CVE-2017-0496</td> 895 <td>A-31554152*</td> 896 <td>Moderate</td> 897 <td>None**</td> 898 <td>5.0.2, 5.1.1, 6.0, 6.0.1</td> 899 <td>Sep 14, 2016</td> 900 </tr> 901 </table> 902 <p>* The patch for this issue is not publicly available. The update is contained in 903 the latest binary drivers for Google devices available from the <a 904 href="https://developers.google.com/android/nexus/drivers">Google Developer 905 site</a>.</p> 906 <p>** Supported Google devices on Android 7.0 or later that have installed all 907 available updates are not affected by this vulnerability.</p> 908 909 <h3 id="dos-in-mediaserver-2">Denial of service vulnerability in 910 Mediaserver</h3> 911 <p>A denial of service vulnerability in Mediaserver could enable an attacker to 912 use a specially crafted file to cause a device hang or reboot. This issue is 913 rated as Moderate because it requires an uncommon device configuration.</p> 914 915 <table> 916 <col width="18%"> 917 <col width="17%"> 918 <col width="10%"> 919 <col width="19%"> 920 <col width="18%"> 921 <col width="17%"> 922 <tr> 923 <th>CVE</th> 924 <th>References</th> 925 <th>Severity</th> 926 <th>Updated Google devices</th> 927 <th>Updated AOSP versions</th> 928 <th>Date reported</th> 929 </tr> 930 <tr> 931 <td>CVE-2017-0497</td> 932 <td><a href="https://android.googlesource.com/platform/external/skia/+/8888cbf8e74671d44e9ff92ec3847cd647b8cdfb"> 933 A-33300701</a></td> 934 <td>Moderate</td> 935 <td>All</td> 936 <td>7.0, 7.1.1</td> 937 <td>Dec 2, 2016</td> 938 </tr> 939 </table> 940 941 942 <h3 id="dos-in-setup-wizard-2">Denial of service vulnerability in Setup 943 Wizard</h3> 944 <p>A denial of service vulnerability in Setup Wizard could allow a local attacker 945 to require Google account sign-in after a factory reset. This issue is rated as 946 Moderate because it may require a factory reset to repair the device. </p> 947 948 <table> 949 <col width="18%"> 950 <col width="17%"> 951 <col width="10%"> 952 <col width="19%"> 953 <col width="18%"> 954 <col width="17%"> 955 <tr> 956 <th>CVE</th> 957 <th>References</th> 958 <th>Severity</th> 959 <th>Updated Google devices</th> 960 <th>Updated AOSP versions</th> 961 <th>Date reported</th> 962 </tr> 963 <tr> 964 <td>CVE-2017-0498</td> 965 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/1c4d535d0806dbeb6d2fa5cea0373cbd9ab6d33b"> 966 A-30352311</a> 967 [<a href="https://android.googlesource.com/platform/frameworks/base/+/5f621b5b1549e8379aee05807652d5111382ccc6">2</a>] 968 </td> 969 <td>Moderate</td> 970 <td>All</td> 971 <td>5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 972 <td>Google internal</td> 973 </tr> 974 </table> 975 976 977 <h3 id="dos-in-audioserver">Denial of service vulnerability in Audioserver</h3> 978 <p>A denial of service vulnerability in Audioserver could enable a local malicious 979 application to cause a device hang or reboot. This issue is rated as Low due to 980 the possibility of a temporary denial of service.</p> 981 982 <table> 983 <col width="18%"> 984 <col width="17%"> 985 <col width="10%"> 986 <col width="19%"> 987 <col width="18%"> 988 <col width="17%"> 989 <tr> 990 <th>CVE</th> 991 <th>References</th> 992 <th>Severity</th> 993 <th>Updated Google devices</th> 994 <th>Updated AOSP versions</th> 995 <th>Date reported</th> 996 </tr> 997 <tr> 998 <td>CVE-2017-0499</td> 999 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/22e26d8ee73488c58ba3e7928e5da155151abfd0"> 1000 A-32095713</a></td> 1001 <td>Low</td> 1002 <td>All</td> 1003 <td>5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 1004 <td>Oct 11, 2016</td> 1005 </tr> 1006 </table> 1007 1008 1009 <h2 id="2017-03-05-details">2017-03-05 security patch levelVulnerability 1010 details</h2> 1011 <p>In the sections below, we provide details for each of the security 1012 vulnerabilities that apply to the 2017-03-05 patch level. There is a description 1013 of the issue, a severity rationale, and a table with the CVE, associated 1014 references, severity, updated Google devices, updated AOSP versions (where 1015 applicable), and date reported. When available, we will link the public change 1016 that addressed the issue to the bug ID, like the AOSP change list. When multiple 1017 changes relate to a single bug, additional references are linked to numbers 1018 following the bug ID.</p> 1019 1020 1021 <h3 id="eop-in-mediatek-components">Elevation of privilege vulnerability in 1022 MediaTek components</h3> 1023 <p>An elevation of privilege vulnerability in MediaTek components, including the 1024 M4U driver, sound driver, touchscreen driver, GPU driver, and Command Queue 1025 driver, could enable a local malicious application to execute arbitrary code 1026 within the context of the kernel. This issue is rated as Critical due to the 1027 possibility of a local permanent device compromise, which may require 1028 reflashing the operating system to repair the device.</p> 1029 1030 <table> 1031 <col width="19%"> 1032 <col width="20%"> 1033 <col width="10%"> 1034 <col width="23%"> 1035 <col width="17%"> 1036 <tr> 1037 <th>CVE</th> 1038 <th>References</th> 1039 <th>Severity</th> 1040 <th>Updated Google devices</th> 1041 <th>Date reported</th> 1042 </tr> 1043 <tr> 1044 <td>CVE-2017-0500</td> 1045 <td>A-28429685*<br> 1046 M-ALPS02710006</td> 1047 <td>Critical</td> 1048 <td>None**</td> 1049 <td>Apr 27, 2016</td> 1050 </tr> 1051 <tr> 1052 <td>CVE-2017-0501</td> 1053 <td>A-28430015*<br> 1054 M-ALPS02708983</td> 1055 <td>Critical</td> 1056 <td>None**</td> 1057 <td>Apr 27, 2016</td> 1058 </tr> 1059 <tr> 1060 <td>CVE-2017-0502</td> 1061 <td>A-28430164*<br> 1062 M-ALPS02710027</td> 1063 <td>Critical</td> 1064 <td>None**</td> 1065 <td>Apr 27, 2016</td> 1066 </tr> 1067 <tr> 1068 <td>CVE-2017-0503</td> 1069 <td>A-28449045*<br> 1070 M-ALPS02710075</td> 1071 <td>Critical</td> 1072 <td>None**</td> 1073 <td>Apr 28, 2016</td> 1074 </tr> 1075 <tr> 1076 <td>CVE-2017-0504</td> 1077 <td>A-30074628*<br> 1078 M-ALPS02829371</td> 1079 <td>Critical</td> 1080 <td>None**</td> 1081 <td>Jul 9, 2016</td> 1082 </tr> 1083 <tr> 1084 <td>CVE-2017-0505</td> 1085 <td>A-31822282*<br> 1086 M-ALPS02992041</td> 1087 <td>Critical</td> 1088 <td>None**</td> 1089 <td>Sep 28, 2016</td> 1090 </tr> 1091 <tr> 1092 <td>CVE-2017-0506</td> 1093 <td>A-32276718*<br> 1094 M-ALPS03006904</td> 1095 <td>Critical</td> 1096 <td>None**</td> 1097 <td>Oct 18, 2016</td> 1098 </tr> 1099 </table> 1100 <p>* The patch for this issue is not publicly available. The update is contained 1101 in the latest binary drivers for Nexus devices available from the 1102 <a href="https://developers.google.com/android/nexus/drivers"> 1103 Google Developer site</a>.</p> 1104 <p>** Supported Google devices on Android 7.0 or later that have installed all 1105 available updates are not affected by this vulnerability.</p> 1106 1107 1108 <h3 id="eop-in-nvidia-gpu-driver">Elevation of privilege vulnerability in 1109 NVIDIA GPU driver</h3> 1110 <p>An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a 1111 local malicious application to execute arbitrary code within the context of the 1112 kernel. This issue is rated as Critical due to the possibility of a local 1113 permanent device compromise, which may require reflashing the operating system 1114 to repair the device.</p> 1115 1116 <table> 1117 <col width="19%"> 1118 <col width="20%"> 1119 <col width="10%"> 1120 <col width="23%"> 1121 <col width="17%"> 1122 <tr> 1123 <th>CVE</th> 1124 <th>References</th> 1125 <th>Severity</th> 1126 <th>Updated Google devices</th> 1127 <th>Date reported</th> 1128 </tr> 1129 <tr> 1130 <td>CVE-2017-0337</td> 1131 <td>A-31992762*<br> 1132 N-CVE-2017-0337</td> 1133 <td>Critical</td> 1134 <td>Pixel C</td> 1135 <td>Oct 6, 2016</td> 1136 </tr> 1137 <tr> 1138 <td>CVE-2017-0338</td> 1139 <td>A-33057977*<br> 1140 N-CVE-2017-0338</td> 1141 <td>Critical</td> 1142 <td>Pixel C</td> 1143 <td>Nov 21, 2016</td> 1144 </tr> 1145 <tr> 1146 <td>CVE-2017-0333</td> 1147 <td>A-33899363*<br> 1148 N-CVE-2017-0333</td> 1149 <td>Critical</td> 1150 <td>Pixel C</td> 1151 <td>Dec 25, 2016</td> 1152 </tr> 1153 <tr> 1154 <td>CVE-2017-0306</td> 1155 <td>A-34132950*<br> 1156 N-CVE-2017-0306</td> 1157 <td>Critical</td> 1158 <td>Nexus 9</td> 1159 <td>Jan 6, 2017</td> 1160 </tr> 1161 <tr> 1162 <td>CVE-2017-0335</td> 1163 <td>A-33043375*<br> 1164 N-CVE-2017-0335</td> 1165 <td>Critical</td> 1166 <td>Pixel C</td> 1167 <td>Google internal</td> 1168 </tr> 1169 </table> 1170 <p>* The patch for this issue is not publicly available. The update is contained 1171 in the latest binary drivers for Nexus devices available from the 1172 <a href="https://developers.google.com/android/nexus/drivers"> 1173 Google Developer site</a>.</p> 1174 1175 1176 <h3 id="eop-in-kernel-ion-subsystem">Elevation of privilege vulnerability in 1177 kernel ION subsystem</h3> 1178 <p>An elevation of privilege vulnerability in the kernel ION subsystem could 1179 enable a local malicious application to execute arbitrary code within the 1180 context of the kernel. This issue is rated as Critical due to the possibility 1181 of a local permanent device compromise, which may require reflashing the 1182 operating system to repair the device.</p> 1183 1184 <table> 1185 <col width="19%"> 1186 <col width="20%"> 1187 <col width="10%"> 1188 <col width="23%"> 1189 <col width="17%"> 1190 <tr> 1191 <th>CVE</th> 1192 <th>References</th> 1193 <th>Severity</th> 1194 <th>Updated Google devices</th> 1195 <th>Date reported</th> 1196 </tr> 1197 <tr> 1198 <td>CVE-2017-0507</td> 1199 <td>A-31992382*</td> 1200 <td>Critical</td> 1201 <td>Android One, Nexus 5X, Nexus 6, Nexus 6P, Nexus 9, Nexus Player, Pixel 1202 C, Pixel, Pixel XL</td> 1203 <td>Oct 6, 2016</td> 1204 </tr> 1205 <tr> 1206 <td>CVE-2017-0508</td> 1207 <td>A-33940449*</td> 1208 <td>Critical</td> 1209 <td>Pixel C</td> 1210 <td>Dec 28, 2016</td> 1211 </tr> 1212 </table> 1213 <p>* The patch for this issue is not publicly available. The update is contained 1214 in the latest binary drivers for Nexus devices available from the 1215 <a href="https://developers.google.com/android/nexus/drivers"> 1216 Google Developer site</a>.</p> 1217 1218 1219 <h3 id="eop-in-broadcom-wi-fi-driver">Elevation of privilege vulnerability in 1220 Broadcom Wi-Fi driver</h3> 1221 <p>An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could 1222 enable a local malicious application to execute arbitrary code within the 1223 context of the kernel. This issue is rated as Critical due to the possibility 1224 of a local permanent device compromise, which may require reflashing the 1225 operating system to repair the device.</p> 1226 1227 <table> 1228 <col width="19%"> 1229 <col width="20%"> 1230 <col width="10%"> 1231 <col width="23%"> 1232 <col width="17%"> 1233 <tr> 1234 <th>CVE</th> 1235 <th>References</th> 1236 <th>Severity</th> 1237 <th>Updated Google devices</th> 1238 <th>Date reported</th> 1239 </tr> 1240 <tr> 1241 <td>CVE-2017-0509</td> 1242 <td>A-32124445*<br> 1243 B-RB#110688</td> 1244 <td>Critical</td> 1245 <td>None**</td> 1246 <td>Oct 12, 2016</td> 1247 </tr> 1248 </table> 1249 <p>* The patch for this issue is not publicly available. The update is contained 1250 in the latest binary drivers for Nexus devices available from the 1251 <a href="https://developers.google.com/android/nexus/drivers"> 1252 Google Developer site</a>.</p> 1253 <p>** Supported Google devices on Android 7.0 or later that have installed all 1254 available updates are not affected by this vulnerability.</p> 1255 1256 1257 <h3 id="eop-in-kernel-fiq-debugger">Elevation of privilege vulnerability in 1258 kernel FIQ debugger</h3> 1259 <p>An elevation of privilege vulnerability in the kernel FIQ debugger could enable 1260 a local malicious application to execute arbitrary code within the context of 1261 the kernel. This issue is rated as Critical due to the possibility of a local 1262 permanent device compromise, which may require reflashing the operating system 1263 to repair the device.</p> 1264 1265 <table> 1266 <col width="19%"> 1267 <col width="20%"> 1268 <col width="10%"> 1269 <col width="23%"> 1270 <col width="17%"> 1271 <tr> 1272 <th>CVE</th> 1273 <th>References</th> 1274 <th>Severity</th> 1275 <th>Updated Google devices</th> 1276 <th>Date reported</th> 1277 </tr> 1278 <tr> 1279 <td>CVE-2017-0510</td> 1280 <td>A-32402555*</td> 1281 <td>Critical</td> 1282 <td>Nexus 9</td> 1283 <td>Oct 25, 2016</td> 1284 </tr> 1285 </table> 1286 <p>* The patch for this issue is not publicly available. The update is contained 1287 in the latest binary drivers for Nexus devices available from the 1288 <a href="https://developers.google.com/android/nexus/drivers"> 1289 Google Developer site</a>.</p> 1290 1291 1292 <h3 id="eop-in-qualcomm-gpu-driver">Elevation of privilege vulnerability in 1293 Qualcomm GPU driver</h3> 1294 <p>An elevation of privilege vulnerability in the Qualcomm GPU driver could enable 1295 a local malicious application to execute arbitrary code within the context of 1296 the kernel. This issue is rated as Critical due to the possibility of a local 1297 permanent device compromise, which may require reflashing the operating system 1298 to repair the device.</p> 1299 1300 <table> 1301 <col width="19%"> 1302 <col width="20%"> 1303 <col width="10%"> 1304 <col width="23%"> 1305 <col width="17%"> 1306 <tr> 1307 <th>CVE</th> 1308 <th>References</th> 1309 <th>Severity</th> 1310 <th>Updated Google devices</th> 1311 <th>Date reported</th> 1312 </tr> 1313 <tr> 1314 <td>CVE-2016-8479</td> 1315 <td>A-31824853*<br> 1316 QC-CR#1093687</td> 1317 <td>Critical</td> 1318 <td>Android One, Nexus 5X, Nexus 6, Nexus 6P, Pixel, Pixel XL</td> 1319 <td>Sep 29, 2016</td> 1320 </tr> 1321 </table> 1322 <p>* The patch for this issue is not publicly available. The update is contained 1323 in the latest binary drivers for Nexus devices available from the 1324 <a href="https://developers.google.com/android/nexus/drivers"> 1325 Google Developer site</a>.</p> 1326 1327 1328 <h3 id="eop-in-kernel-networking-subsystem">Elevation of privilege 1329 vulnerability in kernel networking subsystem</h3> 1330 <p>An elevation of privilege vulnerability in the kernel networking subsystem 1331 could enable a local malicious application to execute arbitrary code within the 1332 context of the kernel. This issue is rated as Critical due to the possibility 1333 of a local permanent device compromise, which may require reflashing the 1334 operating system to repair the device.</p> 1335 1336 <table> 1337 <col width="19%"> 1338 <col width="20%"> 1339 <col width="10%"> 1340 <col width="23%"> 1341 <col width="17%"> 1342 <tr> 1343 <th>CVE</th> 1344 <th>References</th> 1345 <th>Severity</th> 1346 <th>Updated Google devices</th> 1347 <th>Date reported</th> 1348 </tr> 1349 <tr> 1350 <td>CVE-2016-9806</td> 1351 <td>A-33393474<br> 1352 <a 1353 href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=92964c79b357efd980812c4de5c1fd2ec8bb5520"> 1354 Upstream kernel</a></td> 1355 <td>Critical</td> 1356 <td>Pixel C, Pixel, Pixel XL</td> 1357 <td>Dec 4, 2016</td> 1358 </tr> 1359 <tr> 1360 <td>CVE-2016-10200</td> 1361 <td>A-33753815<br> 1362 <a 1363 href="https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=32c231164b762dddefa13af5a0101032c70b50ef"> 1364 Upstream kernel</a></td> 1365 <td>Critical</td> 1366 <td>Nexus 5X, Nexus 6P, Pixel, Pixel XL</td> 1367 <td>Dec 19, 2016</td> 1368 </tr> 1369 </table> 1370 1371 1372 <h3 id="vulnerabilities-in-qualcomm-components">Vulnerabilities in Qualcomm 1373 components</h3> 1374 <p>The following vulnerability affects Qualcomm components and is described in 1375 further detail in Qualcomm AMSS September 2016 security bulletin.</p> 1376 1377 <table> 1378 <col width="19%"> 1379 <col width="20%"> 1380 <col width="10%"> 1381 <col width="23%"> 1382 <col width="17%"> 1383 <tr> 1384 <th>CVE</th> 1385 <th>References</th> 1386 <th>Severity</th> 1387 <th>Updated Google devices</th> 1388 <th>Date reported</th> 1389 </tr> 1390 <tr> 1391 <td>CVE-2016-8484</td> 1392 <td>A-28823575**</td> 1393 <td>Critical</td> 1394 <td>None***</td> 1395 <td>Qualcomm internal</td> 1396 </tr> 1397 <tr> 1398 <td>CVE-2016-8485</td> 1399 <td>A-28823681**</td> 1400 <td>Critical</td> 1401 <td>None***</td> 1402 <td>Qualcomm internal</td> 1403 </tr> 1404 <tr> 1405 <td>CVE-2016-8486</td> 1406 <td>A-28823691**</td> 1407 <td>Critical</td> 1408 <td>None***</td> 1409 <td>Qualcomm internal</td> 1410 </tr> 1411 <tr> 1412 <td>CVE-2016-8487</td> 1413 <td>A-28823724**</td> 1414 <td>Critical</td> 1415 <td>None***</td> 1416 <td>Qualcomm internal</td> 1417 </tr> 1418 <tr> 1419 <td>CVE-2016-8488</td> 1420 <td>A-31625756**</td> 1421 <td>Critical</td> 1422 <td>None***</td> 1423 <td>Qualcomm internal</td> 1424 </tr> 1425 </table> 1426 <p>* The severity rating for these vulnerabilities was determined by the vendor.</p> 1427 <p>* The patch for this issue is not publicly available. The update is contained 1428 in the latest binary drivers for Nexus devices available from the 1429 <a href="https://developers.google.com/android/nexus/drivers"> 1430 Google Developer site</a>.</p> 1431 <p>*** Supported Google devices on Android 7.0 or later that have installed all 1432 available updates are not affected by this vulnerability.</p> 1433 1434 1435 <h3 id="eop-in-kernel-networking-subsystem-2">Elevation of privilege 1436 vulnerability in kernel networking subsystem</h3> 1437 <p>An elevation of privilege vulnerability in the kernel networking subsystem 1438 could enable a local malicious application to execute arbitrary code within the 1439 context of the kernel. This issue is rated as High because it first requires 1440 compromising a privileged process.</p> 1441 1442 <table> 1443 <col width="19%"> 1444 <col width="20%"> 1445 <col width="10%"> 1446 <col width="23%"> 1447 <col width="17%"> 1448 <tr> 1449 <th>CVE</th> 1450 <th>References</th> 1451 <th>Severity</th> 1452 <th>Updated Google devices</th> 1453 <th>Date reported</th> 1454 </tr> 1455 <tr> 1456 <td>CVE-2016-8655</td> 1457 <td>A-33358926<br> 1458 <a 1459 href="https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=84ac7260236a49c79eede91617700174c2c19b0c"> 1460 Upstream kernel</a></td> 1461 <td>High</td> 1462 <td>Android One, Nexus 5X, Nexus 6, Nexus 6P, Nexus 9, Nexus Player, Pixel 1463 C, Pixel, Pixel XL</td> 1464 <td>Oct 12, 2016</td> 1465 </tr> 1466 <tr> 1467 <td>CVE-2016-9793</td> 1468 <td>A-33363517<br> 1469 <a 1470 href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b98b0bc8c431e3ceb4b26b0dfc8db509518fb290"> 1471 Upstream kernel</a></td> 1472 <td>High</td> 1473 <td>Android One, Nexus 5X, Nexus 6, Nexus 6P, Nexus 9, Nexus Player, Pixel 1474 C, Pixel, Pixel XL</td> 1475 <td>Dec 2, 2016</td> 1476 </tr> 1477 </table> 1478 1479 1480 <h3 id="eop-in-qualcomm-input-hardware-driver">Elevation of privilege 1481 vulnerability in Qualcomm input hardware driver</h3> 1482 <p>An elevation of privilege vulnerability in the Qualcomm input hardware driver 1483 could enable a local malicious application to execute arbitrary code within the 1484 context of the kernel. This issue is rated as High because it first requires 1485 compromising a privileged process.</p> 1486 1487 <table> 1488 <col width="19%"> 1489 <col width="20%"> 1490 <col width="10%"> 1491 <col width="23%"> 1492 <col width="17%"> 1493 <tr> 1494 <th>CVE</th> 1495 <th>References</th> 1496 <th>Severity</th> 1497 <th>Updated Google devices</th> 1498 <th>Date reported</th> 1499 </tr> 1500 <tr> 1501 <td>CVE-2017-0516</td> 1502 <td>A-32341680*<br> 1503 QC-CR#1096301</td> 1504 <td>High</td> 1505 <td>Android One, Pixel, Pixel XL</td> 1506 <td>Oct 21, 2016</td> 1507 </tr> 1508 </table> 1509 <p>* The patch for this issue is not publicly available. The update is contained 1510 in the latest binary drivers for Nexus devices available from the 1511 <a href="https://developers.google.com/android/nexus/drivers"> 1512 Google Developer site</a>.</p> 1513 1514 1515 <h3 id="eop-in-mediatek-hardware-sensor-driver">Elevation of privilege 1516 vulnerability in MediaTek Hardware Sensor Driver</h3> 1517 <p>An elevation of privilege vulnerability in the MediaTek hardware sensor driver 1518 could enable a local malicious application to execute arbitrary code within the 1519 context of the kernel. This issue is rated as High because it first requires 1520 compromising a privileged process.</p> 1521 1522 <table> 1523 <col width="19%"> 1524 <col width="20%"> 1525 <col width="10%"> 1526 <col width="23%"> 1527 <col width="17%"> 1528 <tr> 1529 <th>CVE</th> 1530 <th>References</th> 1531 <th>Severity</th> 1532 <th>Updated Google devices</th> 1533 <th>Date reported</th> 1534 </tr> 1535 <tr> 1536 <td>CVE-2017-0517</td> 1537 <td>A-32372051*<br> 1538 M-ALPS02973195</td> 1539 <td>High</td> 1540 <td>None**</td> 1541 <td>Oct 22, 2016</td> 1542 </tr> 1543 </table> 1544 <p>* The patch for this issue is not publicly available. The update is contained 1545 in the latest binary drivers for Nexus devices available from the 1546 <a href="https://developers.google.com/android/nexus/drivers"> 1547 Google Developer site</a>.</p> 1548 <p>** Supported Google devices on Android 7.0 or later that have installed all 1549 available updates are not affected by this vulnerability.</p> 1550 1551 1552 <h3 id="eop-in-qualcomm-adsprpc-driver">Elevation of privilege vulnerability in 1553 Qualcomm ADSPRPC driver</h3> 1554 <p>An elevation of privilege vulnerability in the Qualcomm ADSPRPC driver could 1555 enable a local malicious application to execute arbitrary code within the 1556 context of the kernel. This issue is rated as High because it first requires 1557 compromising a privileged process.</p> 1558 1559 <table> 1560 <col width="19%"> 1561 <col width="20%"> 1562 <col width="10%"> 1563 <col width="23%"> 1564 <col width="17%"> 1565 <tr> 1566 <th>CVE</th> 1567 <th>References</th> 1568 <th>Severity</th> 1569 <th>Updated Google devices</th> 1570 <th>Date reported</th> 1571 </tr> 1572 <tr> 1573 <td>CVE-2017-0457</td> 1574 <td>A-31695439*<br> 1575 QC-CR#1086123<br> 1576 QC-CR#1100695</td> 1577 <td>High</td> 1578 <td>Nexus 5X, Nexus 6P, Pixel, Pixel XL</td> 1579 <td>Sep 22, 2016</td> 1580 </tr> 1581 </table> 1582 <p>* The patch for this issue is not publicly available. The update is contained 1583 in the latest binary drivers for Nexus devices available from the 1584 <a href="https://developers.google.com/android/nexus/drivers"> 1585 Google Developer site</a>.</p> 1586 1587 1588 <h3 id="eop-in-qualcomm-fingerprint-sensor-driver">Elevation of privilege 1589 vulnerability in Qualcomm fingerprint sensor driver</h3> 1590 <p>An elevation of privilege vulnerability in the Qualcomm fingerprint sensor 1591 driver could enable a local malicious application to execute arbitrary code 1592 within the context of the kernel. This issue is rated as High because it first 1593 requires compromising a privileged process.</p> 1594 1595 <table> 1596 <col width="19%"> 1597 <col width="20%"> 1598 <col width="10%"> 1599 <col width="23%"> 1600 <col width="17%"> 1601 <tr> 1602 <th>CVE</th> 1603 <th>References</th> 1604 <th>Severity</th> 1605 <th>Updated Google devices</th> 1606 <th>Date reported</th> 1607 </tr> 1608 <tr> 1609 <td>CVE-2017-0518</td> 1610 <td>A-32370896*<br> 1611 QC-CR#1086530</td> 1612 <td>High</td> 1613 <td>Pixel, Pixel XL</td> 1614 <td>Oct 24, 2016</td> 1615 </tr> 1616 <tr> 1617 <td>CVE-2017-0519</td> 1618 <td>A-32372915*<br> 1619 QC-CR#1086530</td> 1620 <td>High</td> 1621 <td>Pixel, Pixel XL</td> 1622 <td>Oct 24, 2016</td> 1623 </tr> 1624 </table> 1625 <p>* The patch for this issue is not publicly available. The update is contained 1626 in the latest binary drivers for Nexus devices available from the 1627 <a href="https://developers.google.com/android/nexus/drivers"> 1628 Google Developer site</a>.</p> 1629 1630 1631 <h3 id="eop-in-qualcomm-crypto-engine-driver">Elevation of privilege 1632 vulnerability in Qualcomm crypto engine driver</h3> 1633 <p>An elevation of privilege vulnerability in the Qualcomm crypto engine driver 1634 could enable a local malicious application to execute arbitrary code within the 1635 context of the kernel. This issue is rated as High because it first requires 1636 compromising a privileged process.</p> 1637 1638 <table> 1639 <col width="19%"> 1640 <col width="20%"> 1641 <col width="10%"> 1642 <col width="23%"> 1643 <col width="17%"> 1644 <tr> 1645 <th>CVE</th> 1646 <th>References</th> 1647 <th>Severity</th> 1648 <th>Updated Google devices</th> 1649 <th>Date reported</th> 1650 </tr> 1651 <tr> 1652 <td>CVE-2017-0520</td> 1653 <td>A-31750232<br> 1654 <a 1655 href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=eb2aad752c43f57e88ab9b0c3c5ee7b976ee31dd"> 1656 QC-CR#1082636</a></td> 1657 <td>High</td> 1658 <td>Nexus 5X, Nexus 6, Nexus 6P, Android One, Pixel, Pixel XL</td> 1659 <td>Sep 24, 2016</td> 1660 </tr> 1661 </table> 1662 1663 1664 <h3 id="eop-in-qualcomm-camera-driver">Elevation of privilege vulnerability in 1665 Qualcomm camera driver</h3> 1666 <p>An elevation of privilege vulnerability in the Qualcomm camera driver could 1667 enable a local malicious application to execute arbitrary code within the 1668 context of the kernel. This issue is rated as High because it first requires 1669 compromising a privileged process.</p> 1670 1671 <table> 1672 <col width="19%"> 1673 <col width="20%"> 1674 <col width="10%"> 1675 <col width="23%"> 1676 <col width="17%"> 1677 <tr> 1678 <th>CVE</th> 1679 <th>References</th> 1680 <th>Severity</th> 1681 <th>Updated Google devices</th> 1682 <th>Date reported</th> 1683 </tr> 1684 <tr> 1685 <td>CVE-2017-0458</td> 1686 <td>A-32588962<br> 1687 <a 1688 href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=eba46cb98431ba1d7a6bd859f26f6ad03f1bf4d4"> 1689 QC-CR#1089433</a></td> 1690 <td>High</td> 1691 <td>Pixel, Pixel XL</td> 1692 <td>Oct 31, 2016</td> 1693 </tr> 1694 <tr> 1695 <td>CVE-2017-0521</td> 1696 <td>A-32919951<br> 1697 <a 1698 href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=dbe4f26f200db10deaf38676b96d8738afcc10c8"> 1699 QC-CR#1097709</a></td> 1700 <td>High</td> 1701 <td>Nexus 5X, Nexus 6P, Android One, Pixel, Pixel XL</td> 1702 <td>Nov 15, 2016</td> 1703 </tr> 1704 </table> 1705 1706 1707 <h3 id="eop-in-mediatek-apk">Elevation of privilege vulnerability in MediaTek 1708 APK</h3> 1709 <p>An elevation of privilege vulnerability in a MediaTek APK could enable a local 1710 malicious application to execute arbitrary code within the context of a 1711 privileged process. This issue is rated as High due to the possibility of local 1712 arbitrary code execution in a privileged process.</p> 1713 1714 <table> 1715 <col width="19%"> 1716 <col width="20%"> 1717 <col width="10%"> 1718 <col width="23%"> 1719 <col width="17%"> 1720 <tr> 1721 <th>CVE</th> 1722 <th>References</th> 1723 <th>Severity</th> 1724 <th>Updated Google devices</th> 1725 <th>Date reported</th> 1726 </tr> 1727 <tr> 1728 <td>CVE-2017-0522</td> 1729 <td>A-32916158*<br> 1730 M-ALPS03032516</td> 1731 <td>High</td> 1732 <td>None**</td> 1733 <td>Nov 15, 2016</td> 1734 </tr> 1735 </table> 1736 <p>* The patch for this issue is not publicly available. The update is contained 1737 in the latest binary drivers for Nexus devices available from the 1738 <a href="https://developers.google.com/android/nexus/drivers"> 1739 Google Developer site</a>.</p> 1740 <p>** Supported Google devices on Android 7.0 or later that have installed all 1741 available updates are not affected by this vulnerability.</p> 1742 1743 1744 <h3 id="eop-in-qualcomm-wi-fi-driver">Elevation of privilege vulnerability in 1745 Qualcomm Wi-Fi driver</h3> 1746 <p>An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could 1747 enable a local malicious application to execute arbitrary code within the 1748 context of the kernel. This issue is rated as High because it first requires 1749 compromising a privileged process.</p> 1750 1751 <table> 1752 <col width="19%"> 1753 <col width="20%"> 1754 <col width="10%"> 1755 <col width="23%"> 1756 <col width="17%"> 1757 <tr> 1758 <th>CVE</th> 1759 <th>References</th> 1760 <th>Severity</th> 1761 <th>Updated Google devices</th> 1762 <th>Date reported</th> 1763 </tr> 1764 <tr> 1765 <td>CVE-2017-0464</td> 1766 <td>A-32940193<br> 1767 <a 1768 href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=051597a4fe19fd1292fb7ea2e627d12d1fd2934f"> 1769 QC-CR#1102593</a></td> 1770 <td>High</td> 1771 <td>Nexus 5X, Pixel, Pixel XL</td> 1772 <td>Nov 15, 2016</td> 1773 </tr> 1774 <tr> 1775 <td>CVE-2017-0453</td> 1776 <td>A-33979145<br> 1777 <a 1778 href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=05af1f34723939f477cb7d25adb320d016d68513"> 1779 QC-CR#1105085</a></td> 1780 <td>High</td> 1781 <td>Nexus 5X, Android One</td> 1782 <td>Dec 30, 2016</td> 1783 </tr> 1784 <tr> 1785 <td>CVE-2017-0523</td> 1786 <td>A-32835279<br> 1787 <a 1788 href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=5bb646471da76d3d5cd02cf3da7a03ce6e3cb582"> 1789 QC-CR#1096945</a></td> 1790 <td>High</td> 1791 <td>None*</td> 1792 <td>Google internal</td> 1793 </tr> 1794 </table> 1795 <p>* Supported Google devices on Android 7.0 or later that have installed all 1796 available updates are not affected by this vulnerability.</p> 1797 1798 1799 <h3 id="eop-in-synaptics-touchscreen-driver">Elevation of privilege 1800 vulnerability in Synaptics touchscreen driver</h3> 1801 <p>An elevation of privilege vulnerability in the Synaptics touchscreen driver 1802 could enable a local malicious application to execute arbitrary code within the 1803 context of the kernel. This issue is rated as High because it first requires 1804 compromising a privileged process.</p> 1805 1806 <table> 1807 <col width="19%"> 1808 <col width="20%"> 1809 <col width="10%"> 1810 <col width="23%"> 1811 <col width="17%"> 1812 <tr> 1813 <th>CVE</th> 1814 <th>References</th> 1815 <th>Severity</th> 1816 <th>Updated Google devices</th> 1817 <th>Date reported</th> 1818 </tr> 1819 <tr> 1820 <td>CVE-2017-0524</td> 1821 <td>A-33002026</td> 1822 <td>High</td> 1823 <td>Android One, Nexus 5X, Nexus 6P, Nexus 9, Pixel, Pixel XL</td> 1824 <td>Nov 18, 2016</td> 1825 </tr> 1826 </table> 1827 <p>* The patch for this issue is not publicly available. The update is contained 1828 in the latest binary drivers for Nexus devices available from the 1829 <a href="https://developers.google.com/android/nexus/drivers"> 1830 Google Developer site</a>.</p> 1831 1832 1833 <h3 id="eop-in-qualcomm-ipa-driver">Elevation of privilege vulnerability in 1834 Qualcomm IPA driver</h3> 1835 <p>An elevation of privilege vulnerability in the Qualcomm IPA driver could enable 1836 a local malicious application to execute arbitrary code within the context of 1837 the kernel. This issue is rated as High because it first requires compromising 1838 a privileged process.</p> 1839 1840 <table> 1841 <col width="19%"> 1842 <col width="20%"> 1843 <col width="10%"> 1844 <col width="23%"> 1845 <col width="17%"> 1846 <tr> 1847 <th>CVE</th> 1848 <th>References</th> 1849 <th>Severity</th> 1850 <th>Updated Google devices</th> 1851 <th>Date reported</th> 1852 </tr> 1853 <tr> 1854 <td>CVE-2017-0456</td> 1855 <td>A-33106520*<br> 1856 QC-CR#1099598</td> 1857 <td>High</td> 1858 <td>Nexus 5X, Nexus 6P, Android One, Pixel, Pixel XL</td> 1859 <td>Nov 23, 2016</td> 1860 </tr> 1861 <tr> 1862 <td>CVE-2017-0525</td> 1863 <td>A-33139056*<br> 1864 QC-CR#1097714</td> 1865 <td>High</td> 1866 <td>Nexus 5X, Nexus 6P, Android One, Pixel, Pixel XL</td> 1867 <td>Nov 25, 2016</td> 1868 </tr> 1869 </table> 1870 <p>* The patch for this issue is not publicly available. The update is contained 1871 in the latest binary drivers for Nexus devices available from the 1872 <a href="https://developers.google.com/android/nexus/drivers"> 1873 Google Developer site</a>.</p> 1874 1875 1876 <h3 id="eop-in-htc-sensor-hub-driver">Elevation of privilege vulnerability in 1877 HTC Sensor Hub Driver</h3> 1878 <p>An elevation of privilege vulnerability in the HTC Sensor Hub Driver could 1879 enable a local malicious application to execute arbitrary code within the 1880 context of the kernel. This issue is rated as High because it first requires 1881 compromising a privileged process.</p> 1882 1883 <table> 1884 <col width="19%"> 1885 <col width="20%"> 1886 <col width="10%"> 1887 <col width="23%"> 1888 <col width="17%"> 1889 <tr> 1890 <th>CVE</th> 1891 <th>References</th> 1892 <th>Severity</th> 1893 <th>Updated Google devices</th> 1894 <th>Date reported</th> 1895 </tr> 1896 <tr> 1897 <td>CVE-2017-0526</td> 1898 <td>A-33897738*</td> 1899 <td>High</td> 1900 <td>Nexus 9</td> 1901 <td>Dec 25, 2016</td> 1902 </tr> 1903 <tr> 1904 <td>CVE-2017-0527</td> 1905 <td>A-33899318*</td> 1906 <td>High</td> 1907 <td>Nexus 9, Pixel, Pixel XL</td> 1908 <td>Dec 25, 2016</td> 1909 </tr> 1910 </table> 1911 <p>* The patch for this issue is not publicly available. The update is contained 1912 in the latest binary drivers for Nexus devices available from the 1913 <a href="https://developers.google.com/android/nexus/drivers"> 1914 Google Developer site</a>.</p> 1915 1916 1917 <h3 id="eop-in-nvidia-gpu-driver-2">Elevation of privilege vulnerability in 1918 NVIDIA GPU driver</h3> 1919 <p>An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a 1920 local malicious application to execute arbitrary code within the context of the 1921 kernel. This issue is rated as Critical due to the possibility of a local 1922 permanent device compromise, which may require reflashing the operating system 1923 to repair the device.</p> 1924 1925 <table> 1926 <col width="19%"> 1927 <col width="20%"> 1928 <col width="10%"> 1929 <col width="23%"> 1930 <col width="17%"> 1931 <tr> 1932 <th>CVE</th> 1933 <th>References</th> 1934 <th>Severity</th> 1935 <th>Updated Google devices</th> 1936 <th>Date reported</th> 1937 </tr> 1938 <tr> 1939 <td>CVE-2017-0307</td> 1940 <td>A-33177895*<br> 1941 N-CVE-2017-0307</td> 1942 <td>High</td> 1943 <td>None**</td> 1944 <td>Nov 28, 2016</td> 1945 </tr> 1946 </table> 1947 <p>* The patch for this issue is not publicly available. The update is contained 1948 in the latest binary drivers for Nexus devices available from the 1949 <a href="https://developers.google.com/android/nexus/drivers"> 1950 Google Developer site</a>.</p> 1951 <p>** Supported Google devices on Android 7.0 or later that have installed all 1952 available updates are not affected by this vulnerability.</p> 1953 1954 1955 <h3 id="eop-in-qualcomm-networking-driver">Elevation of privilege vulnerability 1956 in Qualcomm networking driver</h3> 1957 <p>An elevation of privilege vulnerability in the Qualcomm networking driver could 1958 enable a local malicious application to execute arbitrary code within the 1959 context of the kernel. This issue is rated as High because it first requires 1960 compromising a privileged process.</p> 1961 1962 <table> 1963 <col width="19%"> 1964 <col width="20%"> 1965 <col width="10%"> 1966 <col width="23%"> 1967 <col width="17%"> 1968 <tr> 1969 <th>CVE</th> 1970 <th>References</th> 1971 <th>Severity</th> 1972 <th>Updated Google devices</th> 1973 <th>Date reported</th> 1974 </tr> 1975 <tr> 1976 <td>CVE-2017-0463</td> 1977 <td>A-33277611<br> 1978 <a 1979 href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=955bd7e7ac097bdffbadafab90e5378038fefeb2"> 1980 QC-CR#1101792</a></td> 1981 <td>High</td> 1982 <td>Nexus 5X, Nexus 6, Nexus 6P, Android One, Pixel, Pixel XL</td> 1983 <td>Nov 30, 2016</td> 1984 </tr> 1985 <tr> 1986 <td>CVE-2017-0460 </td> 1987 <td>A-31252965*<br> 1988 QC-CR#1098801</td> 1989 <td>High</td> 1990 <td>Nexus 5X, Nexus 6, Nexus 6P, Nexus 9, Android One, Pixel, Pixel XL</td> 1991 <td>Google internal</td> 1992 </tr> 1993 </table> 1994 <p>* The patch for this issue is not publicly available. The update is contained 1995 in the latest binary drivers for Nexus devices available from the 1996 <a href="https://developers.google.com/android/nexus/drivers"> 1997 Google Developer site</a>.</p> 1998 1999 2000 <h3 id="eop-in-kernel-security-subsystem">Elevation of privilege vulnerability 2001 in kernel security subsystem</h3> 2002 <p>An elevation of privilege vulnerability in the kernel security subsystem could 2003 enable a local malicious application to to execute code in the context of a 2004 privileged process. This issue is rated as High because it is a general bypass 2005 for a kernel level defense in depth or exploit mitigation technology.</p> 2006 2007 <table> 2008 <col width="19%"> 2009 <col width="20%"> 2010 <col width="10%"> 2011 <col width="23%"> 2012 <col width="17%"> 2013 <tr> 2014 <th>CVE</th> 2015 <th>References</th> 2016 <th>Severity</th> 2017 <th>Updated Google devices</th> 2018 <th>Date reported</th> 2019 </tr> 2020 <tr> 2021 <td>CVE-2017-0528</td> 2022 <td>A-33351919*</td> 2023 <td>High</td> 2024 <td>Pixel, Pixel XL</td> 2025 <td>Dec 4, 2016</td> 2026 </tr> 2027 </table> 2028 <p>* The patch for this issue is not publicly available. The update is contained 2029 in the latest binary drivers for Nexus devices available from the 2030 <a href="https://developers.google.com/android/nexus/drivers"> 2031 Google Developer site</a>.</p> 2032 2033 2034 <h3 id="eop-in-qualcomm-spcom-driver">Elevation of privilege vulnerability in 2035 Qualcomm SPCom driver</h3> 2036 <p>An elevation of privilege vulnerability in the Qualcomm SPCom driver could 2037 enable a local malicious application to execute arbitrary code within the 2038 context of the kernel. This issue is rated as High because it first requires 2039 compromising a privileged process.</p> 2040 2041 <table> 2042 <col width="19%"> 2043 <col width="20%"> 2044 <col width="10%"> 2045 <col width="23%"> 2046 <col width="17%"> 2047 <tr> 2048 <th>CVE</th> 2049 <th>References</th> 2050 <th>Severity</th> 2051 <th>Updated Google devices</th> 2052 <th>Date reported</th> 2053 </tr> 2054 <tr> 2055 <td>CVE-2016-5856</td> 2056 <td>A-32610665<br> 2057 <a 2058 href="https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=0c0622914ba53cdcb6e79e85f64bfdf7762c0368"> 2059 QC-CR#1094078</a></td> 2060 <td>High</td> 2061 <td>None*</td> 2062 <td>Google internal</td> 2063 </tr> 2064 <tr> 2065 <td>CVE-2016-5857</td> 2066 <td>A-34386529<br> 2067 <a 2068 href="https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=d9d2c405d46ca27b25ed55a8dbd02bd1e633e2d5"> 2069 QC-CR#1094140</a></td> 2070 <td>High</td> 2071 <td>None*</td> 2072 <td>Google internal</td> 2073 </tr> 2074 </table> 2075 <p>* Supported Google devices on Android 7.0 or later that have installed all 2076 available updates are not affected by this vulnerability.</p> 2077 2078 2079 <h3 id="id-in-kernel-networking-subsystem">Information disclosure vulnerability 2080 in kernel networking subsystem</h3> 2081 <p>An information disclosure vulnerability in the kernel networking subsystem 2082 could enable a local proximate attacker to gain access to sensitive 2083 information. This issue is rated as High because it could be used to access 2084 data without permission.</p> 2085 2086 <table> 2087 <col width="19%"> 2088 <col width="20%"> 2089 <col width="10%"> 2090 <col width="23%"> 2091 <col width="17%"> 2092 <tr> 2093 <th>CVE</th> 2094 <th>References</th> 2095 <th>Severity</th> 2096 <th>Updated Google devices</th> 2097 <th>Date reported</th> 2098 </tr> 2099 <tr> 2100 <td>CVE-2014-8709</td> 2101 <td>A-34077221<br> 2102 <a 2103 href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=338f977f4eb441e69bb9a46eaa0ac715c931a67f"> 2104 Upstream kernel</a></td> 2105 <td>High</td> 2106 <td>Nexus Player</td> 2107 <td>Nov 9, 2014</td> 2108 </tr> 2109 </table> 2110 2111 2112 <h3 id="id-in-mediatek-driver">Information disclosure vulnerability in MediaTek 2113 driver</h3> 2114 <p>An information disclosure vulnerability in the MediaTek driver could enable a 2115 local malicious application to access data outside of its permission levels. 2116 This issue is rated as High because it could be used to access sensitive data 2117 without explicit user permission.</p> 2118 2119 <table> 2120 <col width="19%"> 2121 <col width="20%"> 2122 <col width="10%"> 2123 <col width="23%"> 2124 <col width="17%"> 2125 <tr> 2126 <th>CVE</th> 2127 <th>References</th> 2128 <th>Severity</th> 2129 <th>Updated Google devices</th> 2130 <th>Date reported</th> 2131 </tr> 2132 <tr> 2133 <td>CVE-2017-0529</td> 2134 <td>A-28449427*<br> 2135 M-ALPS02710042</td> 2136 <td>High</td> 2137 <td>None**</td> 2138 <td>Apr 27, 2016</td> 2139 </tr> 2140 </table> 2141 <p>* The patch for this issue is not publicly available. The update is contained 2142 in the latest binary drivers for Nexus devices available from the 2143 <a href="https://developers.google.com/android/nexus/drivers"> 2144 Google Developer site</a>.</p> 2145 <p>** Supported Google devices on Android 7.0 or later that have installed all 2146 available updates are not affected by this vulnerability.</p> 2147 2148 2149 <h3 id="id-in-qualcomm-bootloader">Information disclosure vulnerability in 2150 Qualcomm bootloader</h3> 2151 <p>An information disclosure vulnerability in the Qualcomm bootloader could help 2152 to enable a local malicious application to to execute arbitrary code within the 2153 context of the bootloader. This issue is rated as High because it is a general 2154 bypass for a bootloader level defense in depth or exploit mitigation 2155 technology.</p> 2156 2157 <table> 2158 <col width="19%"> 2159 <col width="20%"> 2160 <col width="10%"> 2161 <col width="23%"> 2162 <col width="17%"> 2163 <tr> 2164 <th>CVE</th> 2165 <th>References</th> 2166 <th>Severity</th> 2167 <th>Updated Google devices</th> 2168 <th>Date reported</th> 2169 </tr> 2170 <tr> 2171 <td>CVE-2017-0455</td> 2172 <td>A-32370952<br> 2173 <a 2174 href="https://source.codeaurora.org/quic/la/kernel/lk/commit/?id=2c00928b4884fdb0b1661bcc530d7e68c9561a2f"> 2175 QC-CR#1082755</a></td> 2176 <td>High</td> 2177 <td>Pixel, Pixel XL</td> 2178 <td>Oct 21, 2016</td> 2179 </tr> 2180 </table> 2181 2182 2183 <h3 id="id-in-qualcomm-power-driver">Information disclosure vulnerability in 2184 Qualcomm power driver</h3> 2185 <p>An information disclosure vulnerability in the Qualcomm power driver could 2186 enable a local malicious application to access data outside of its permission 2187 levels. This issue is rated as High because it could be used to access 2188 sensitive data without explicit user permission.</p> 2189 2190 <table> 2191 <col width="19%"> 2192 <col width="20%"> 2193 <col width="10%"> 2194 <col width="23%"> 2195 <col width="17%"> 2196 <tr> 2197 <th>CVE</th> 2198 <th>References</th> 2199 <th>Severity</th> 2200 <th>Updated Google devices</th> 2201 <th>Date reported</th> 2202 </tr> 2203 <tr> 2204 <td>CVE-2016-8483</td> 2205 <td>A-33745862<br> 2206 <a 2207 href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=6997dcb7ade1315474855821e64782205cb0b53a"> 2208 QC-CR#1035099</a></td> 2209 <td>High</td> 2210 <td>Nexus 5X, Nexus 6P</td> 2211 <td>Dec 19, 2016</td> 2212 </tr> 2213 </table> 2214 2215 2216 <h3 id="id-in-nvidia-gpu-driver">Information disclosure vulnerability in NVIDIA 2217 GPU driver</h3> 2218 <p>An information disclosure vulnerability in the NVIDIA GPU driver could enable a 2219 local malicious application to access data outside of its permission levels. 2220 This issue is rated as High because it could be used to access sensitive data 2221 without explicit user permission.</p> 2222 2223 <table> 2224 <col width="19%"> 2225 <col width="20%"> 2226 <col width="10%"> 2227 <col width="23%"> 2228 <col width="17%"> 2229 <tr> 2230 <th>CVE</th> 2231 <th>References</th> 2232 <th>Severity</th> 2233 <th>Updated Google devices</th> 2234 <th>Date reported</th> 2235 </tr> 2236 <tr> 2237 <td>CVE-2017-0334</td> 2238 <td>A-33245849*<br> 2239 N-CVE-2017-0334</td> 2240 <td>High</td> 2241 <td>Pixel C</td> 2242 <td>Nov 30, 2016</td> 2243 </tr> 2244 <tr> 2245 <td>CVE-2017-0336</td> 2246 <td>A-33042679*<br> 2247 N-CVE-2017-0336</td> 2248 <td>High</td> 2249 <td>Pixel C</td> 2250 <td>Google internal</td> 2251 </tr> 2252 </table> 2253 <p>* The patch for this issue is not publicly available. The update is contained 2254 in the latest binary drivers for Nexus devices available from the 2255 <a href="https://developers.google.com/android/nexus/drivers"> 2256 Google Developer site</a>.</p> 2257 2258 2259 <h3 id="dos-in-kernel-cryptographic-subsystem">Denial of service vulnerability 2260 in kernel cryptographic subsystem</h3> 2261 <p>A denial of service vulnerability in the kernel cryptographic subsystem could 2262 enable a remote attacker to use a specially crafted network packet to cause a 2263 device hang or reboot. This issue is rated as High due to the possibility of 2264 remote denial of service.</p> 2265 2266 <table> 2267 <col width="19%"> 2268 <col width="20%"> 2269 <col width="10%"> 2270 <col width="23%"> 2271 <col width="17%"> 2272 <tr> 2273 <th>CVE</th> 2274 <th>References</th> 2275 <th>Severity</th> 2276 <th>Updated Google devices</th> 2277 <th>Date reported</th> 2278 </tr> 2279 <tr> 2280 <td>CVE-2016-8650</td> 2281 <td>A-33401771<br> 2282 <a 2283 href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f5527fffff3f002b0a6b376163613b82f69de073"> 2284 Upstream kernel</a></td> 2285 <td>High</td> 2286 <td>Nexus 5X, Nexus 6P, Pixel, Pixel XL</td> 2287 <td>Oct 12, 2016</td> 2288 </tr> 2289 </table> 2290 2291 2292 <h3 id="eop-in-qualcomm-camera-driver-(device-specific)">Elevation of privilege 2293 vulnerability in Qualcomm camera driver (device specific)</h3> 2294 <p>An elevation of privilege vulnerability in the Qualcomm camera driver could 2295 enable a local malicious application to execute arbitrary code within the 2296 context of the kernel. This issue is rated as Moderate because it first 2297 requires compromising a privileged process and is mitigated by current platform 2298 configurations.</p> 2299 2300 <table> 2301 <col width="19%"> 2302 <col width="20%"> 2303 <col width="10%"> 2304 <col width="23%"> 2305 <col width="17%"> 2306 <tr> 2307 <th>CVE</th> 2308 <th>References</th> 2309 <th>Severity</th> 2310 <th>Updated Google devices</th> 2311 <th>Date reported</th> 2312 </tr> 2313 <tr> 2314 <td>CVE-2016-8417</td> 2315 <td>A-32342399<br> 2316 <a 2317 href="https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=01dcc0a7cc23f23a89adf72393d5a27c6d576cd0"> 2318 QC-CR#1088824</a></td> 2319 <td>Moderate</td> 2320 <td>Nexus 5X, Nexus 6, Nexus 6P, Android One, Pixel, Pixel XL</td> 2321 <td>Oct 21, 2016</td> 2322 </tr> 2323 </table> 2324 2325 2326 <h3 id="id-in-qualcomm-wi-fi-driver">Information disclosure vulnerability in 2327 Qualcomm Wi-Fi driver</h3> 2328 <p>An information disclosure vulnerability in the Qualcomm Wi-Fi driver could 2329 enable a local malicious application to access data outside of its permission 2330 levels. This issue is rated as Moderate because it first requires compromising 2331 a privileged process.</p> 2332 2333 <table> 2334 <col width="19%"> 2335 <col width="20%"> 2336 <col width="10%"> 2337 <col width="23%"> 2338 <col width="17%"> 2339 <tr> 2340 <th>CVE</th> 2341 <th>References</th> 2342 <th>Severity</th> 2343 <th>Updated Google devices</th> 2344 <th>Date reported</th> 2345 </tr> 2346 <tr> 2347 <td>CVE-2017-0461</td> 2348 <td>A-32073794<br> 2349 <a 2350 href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=ce5d6f84420a2e6ca6aad6b866992970dd313a65"> 2351 QC-CR#1100132</a></td> 2352 <td>Moderate</td> 2353 <td>Android One, Nexus 5X, Pixel, Pixel XL</td> 2354 <td>Oct 9, 2016</td> 2355 </tr> 2356 <tr> 2357 <td>CVE-2017-0459</td> 2358 <td>A-32644895<br> 2359 <a 2360 href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?h=rel/msm-3.18&id=ffacf6e2dc41b6063c3564791ed7a2f903e7e3b7"> 2361 QC-CR#1091939</a></td> 2362 <td>Moderate</td> 2363 <td>Pixel, Pixel XL</td> 2364 <td>Nov 3, 2016</td> 2365 </tr> 2366 <tr> 2367 <td>CVE-2017-0531</td> 2368 <td>A-32877245<br> 2369 <a 2370 href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=530f3a0fd837ed105eddaf99810bc13d97dc4302"> 2371 QC-CR#1087469</a></td> 2372 <td>Moderate</td> 2373 <td>Android One, Nexus 5X, Nexus 6P, Pixel, Pixel XL</td> 2374 <td>Nov 13, 2016</td> 2375 </tr> 2376 </table> 2377 2378 2379 <h3 id="id-in-mediatek-video-codec-driver">Information disclosure vulnerability 2380 in MediaTek video codec driver</h3> 2381 <p>An information disclosure vulnerability in the MediaTek video codec driver 2382 could enable a local malicious application to access data outside of its 2383 permission levels. This issue is rated as Moderate because it first requires 2384 compromising a privileged process.</p> 2385 2386 <table> 2387 <col width="19%"> 2388 <col width="20%"> 2389 <col width="10%"> 2390 <col width="23%"> 2391 <col width="17%"> 2392 <tr> 2393 <th>CVE</th> 2394 <th>References</th> 2395 <th>Severity</th> 2396 <th>Updated Google devices</th> 2397 <th>Date reported</th> 2398 </tr> 2399 <tr> 2400 <td>CVE-2017-0532</td> 2401 <td>A-32370398*<br> 2402 M-ALPS03069985</td> 2403 <td>Moderate</td> 2404 <td>None**</td> 2405 <td>Oct 22, 2016</td> 2406 </tr> 2407 </table> 2408 <p>* The patch for this issue is not publicly available. The update is contained 2409 in the latest binary drivers for Nexus devices available from the 2410 <a href="https://developers.google.com/android/nexus/drivers"> 2411 Google Developer site</a>.</p> 2412 <p>** Supported Google devices on Android 7.0 or later that have installed all 2413 available updates are not affected by this vulnerability.</p> 2414 2415 2416 <h3 id="id-in-qualcomm-video-driver">Information disclosure vulnerability in 2417 Qualcomm video driver</h3> 2418 <p>An information disclosure vulnerability in the Qualcomm video driver could 2419 enable a local malicious application to access data outside of its permission 2420 levels. This issue is rated as Moderate because it first requires compromising 2421 a privileged process.</p> 2422 2423 <table> 2424 <col width="19%"> 2425 <col width="20%"> 2426 <col width="10%"> 2427 <col width="23%"> 2428 <col width="17%"> 2429 <tr> 2430 <th>CVE</th> 2431 <th>References</th> 2432 <th>Severity</th> 2433 <th>Updated Google devices</th> 2434 <th>Date reported</th> 2435 </tr> 2436 <tr> 2437 <td>CVE-2017-0533</td> 2438 <td>A-32509422<br> 2439 <a 2440 href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=e3af5e89426f1c8d4e703d415eff5435b925649f"> 2441 QC-CR#1088206</a></td> 2442 <td>Moderate</td> 2443 <td>Pixel, Pixel XL</td> 2444 <td>Oct 27, 2016</td> 2445 </tr> 2446 <tr> 2447 <td>CVE-2017-0534</td> 2448 <td>A-32508732<br> 2449 <a 2450 href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=e3af5e89426f1c8d4e703d415eff5435b925649f"> 2451 QC-CR#1088206</a></td> 2452 <td>Moderate</td> 2453 <td>Pixel, Pixel XL</td> 2454 <td>Oct 28, 2016</td> 2455 </tr> 2456 <tr> 2457 <td>CVE-2016-8416</td> 2458 <td>A-32510746<br> 2459 <a 2460 href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=e3af5e89426f1c8d4e703d415eff5435b925649f"> 2461 QC-CR#1088206</a></td> 2462 <td>Moderate</td> 2463 <td>Pixel, Pixel XL</td> 2464 <td>Oct 28, 2016</td> 2465 </tr> 2466 <tr> 2467 <td>CVE-2016-8478</td> 2468 <td>A-32511270<br> 2469 <a 2470 href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=e3af5e89426f1c8d4e703d415eff5435b925649f"> 2471 QC-CR#1088206</a></td> 2472 <td>Moderate</td> 2473 <td>Pixel, Pixel XL</td> 2474 <td>Oct 28, 2016</td> 2475 </tr> 2476 </table> 2477 2478 2479 <h3 id="id-in-qualcomm-camera-driver">Information disclosure vulnerability in 2480 Qualcomm camera driver</h3> 2481 <p>An information disclosure vulnerability in the Qualcomm camera driver could 2482 enable a local malicious application to access data outside of its permission 2483 levels. This issue is rated as Moderate because it first requires compromising 2484 a privileged process.</p> 2485 2486 <table> 2487 <col width="19%"> 2488 <col width="20%"> 2489 <col width="10%"> 2490 <col width="23%"> 2491 <col width="17%"> 2492 <tr> 2493 <th>CVE</th> 2494 <th>References</th> 2495 <th>Severity</th> 2496 <th>Updated Google devices</th> 2497 <th>Date reported</th> 2498 </tr> 2499 <tr> 2500 <td>CVE-2016-8413</td> 2501 <td>A-32709702<br> 2502 <a 2503 href="https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=bc77232707df371ff6bab9350ae39676535c0e9d"> 2504 QC-CR#518731</a></td> 2505 <td>Moderate</td> 2506 <td>Nexus 5X, Nexus 6, Nexus 6P, Android One, Pixel, Pixel XL</td> 2507 <td>Nov 4, 2016</td> 2508 </tr> 2509 <tr> 2510 <td>CVE-2016-8477</td> 2511 <td>A-32720522<br> 2512 <a 2513 href="https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=33c9042e38506b04461fa99e304482bc20923508"> 2514 QC-CR#1090007</a> 2515 [<a href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=96145eb5f0631f0e105d47abebc8f940f7621eeb">2</a>]</td> 2516 <td>Moderate</td> 2517 <td>Nexus 5X, Nexus 6, Nexus 6P, Android One, Pixel, Pixel XL</td> 2518 <td>Nov 7, 2016</td> 2519 </tr> 2520 </table> 2521 2522 2523 <h3 id="id-in-htc-sound-codec-driver">Information disclosure vulnerability in 2524 HTC sound codec driver</h3> 2525 <p>An information disclosure vulnerability in the HTC sound codec driver could 2526 enable a local malicious application to access data outside of its permission 2527 levels. This issue is rated as Moderate because it first requires compromising 2528 a privileged process.</p> 2529 2530 <table> 2531 <col width="19%"> 2532 <col width="20%"> 2533 <col width="10%"> 2534 <col width="23%"> 2535 <col width="17%"> 2536 <tr> 2537 <th>CVE</th> 2538 <th>References</th> 2539 <th>Severity</th> 2540 <th>Updated Google devices</th> 2541 <th>Date reported</th> 2542 </tr> 2543 <tr> 2544 <td>CVE-2017-0535</td> 2545 <td>A-33547247*</td> 2546 <td>Moderate</td> 2547 <td>Nexus 9</td> 2548 <td>Dec 11, 2016</td> 2549 </tr> 2550 </table> 2551 <p>* The patch for this issue is not publicly available. The update is contained 2552 in the latest binary drivers for Nexus devices available from the 2553 <a href="https://developers.google.com/android/nexus/drivers"> 2554 Google Developer site</a>.</p> 2555 2556 2557 <h3 id="id-in-synaptics-touchscreen-driver">Information disclosure 2558 vulnerability in Synaptics touchscreen driver</h3> 2559 <p>An information disclosure vulnerability in the Synaptics touchscreen driver 2560 could enable a local malicious application to access data outside of its 2561 permission levels. This issue is rated as Moderate because it first requires 2562 compromising a privileged process.</p> 2563 2564 <table> 2565 <col width="19%"> 2566 <col width="20%"> 2567 <col width="10%"> 2568 <col width="23%"> 2569 <col width="17%"> 2570 <tr> 2571 <th>CVE</th> 2572 <th>References</th> 2573 <th>Severity</th> 2574 <th>Updated Google devices</th> 2575 <th>Date reported</th> 2576 </tr> 2577 <tr> 2578 <td>CVE-2017-0536</td> 2579 <td>A-33555878*</td> 2580 <td>Moderate</td> 2581 <td>Android One, Nexus 5X, Nexus 6P, Nexus 9, Pixel, Pixel XL</td> 2582 <td>Dec 12, 2016</td> 2583 </tr> 2584 </table> 2585 <p>* The patch for this issue is not publicly available. The update is contained 2586 in the latest binary drivers for Nexus devices available from the 2587 <a href="https://developers.google.com/android/nexus/drivers"> 2588 Google Developer site</a>.</p> 2589 2590 2591 <h3 id="id-in-kernel-usb-gadget-driver">Information disclosure vulnerability in 2592 kernel USB gadget driver</h3> 2593 <p>An information disclosure vulnerability in the kernel USB gadget driver could 2594 enable a local malicious application to access data outside of its permission 2595 levels. This issue is rated as Moderate because it first requires compromising 2596 a privileged process.</p> 2597 2598 <table> 2599 <col width="19%"> 2600 <col width="20%"> 2601 <col width="10%"> 2602 <col width="23%"> 2603 <col width="17%"> 2604 <tr> 2605 <th>CVE</th> 2606 <th>References</th> 2607 <th>Severity</th> 2608 <th>Updated Google devices</th> 2609 <th>Date reported</th> 2610 </tr> 2611 <tr> 2612 <td>CVE-2017-0537</td> 2613 <td>A-31614969*</td> 2614 <td>Moderate</td> 2615 <td>Pixel C</td> 2616 <td>Google internal</td> 2617 </tr> 2618 </table> 2619 <p>* The patch for this issue is not publicly available. The update is contained 2620 in the latest binary drivers for Nexus devices available from the 2621 <a href="https://developers.google.com/android/nexus/drivers"> 2622 Google Developer site</a>.</p> 2623 2624 2625 <h3 id="id-in-qualcomm-camera-driver-2">Information disclosure vulnerability in 2626 Qualcomm camera driver</h3> 2627 <p>An information disclosure vulnerability in the Qualcomm camera driver could 2628 enable a local malicious application to access data outside of its permission 2629 levels. This issue is rated as Low because it first requires compromising a 2630 privileged process.</p> 2631 2632 <table> 2633 <col width="19%"> 2634 <col width="20%"> 2635 <col width="10%"> 2636 <col width="23%"> 2637 <col width="17%"> 2638 <tr> 2639 <th>CVE</th> 2640 <th>References</th> 2641 <th>Severity</th> 2642 <th>Updated Google devices</th> 2643 <th>Date reported</th> 2644 </tr> 2645 <tr> 2646 <td>CVE-2017-0452</td> 2647 <td>A-32873615*<br> 2648 QC-CR#1093693</td> 2649 <td>Low</td> 2650 <td>Nexus 5X, Nexus 6P, Android One</td> 2651 <td>Nov 10, 2016</td> 2652 </tr> 2653 </table> 2654 <p>* The patch for this issue is not publicly available. The update is contained 2655 in the latest binary drivers for Nexus devices available from the 2656 <a href="https://developers.google.com/android/nexus/drivers"> 2657 Google Developer site</a>.</p> 2658 <h2 id="common-questions-and-answers">Common Questions and Answers</h2> 2659 <p>This section answers common questions that may occur after reading this 2660 bulletin.</p> 2661 <p><strong>1. How do I determine if my device is updated to address these issues? 2662 </strong></p> 2663 <p>To learn how to check a device's security patch level, read the instructions on 2664 the <a 2665 href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">Pixel 2666 and Nexus update schedule</a>.</p> 2667 <ul> 2668 <li>Security patch levels of 2017-03-01 or later address all issues associated 2669 with the 2017-03-01 security patch level.</li> 2670 <li>Security patch levels of 2017-03-05 or later address all issues associated 2671 with the 2017-03-05 security patch level and all previous patch levels. 2672 </li> 2673 </ul> 2674 <p>Device manufacturers that include these updates should set the patch string 2675 level to:</p> 2676 <ul> 2677 <li>[ro.build.version.security_patch]:[2017-03-01]</li> 2678 <li>[ro.build.version.security_patch]:[2017-03-05]</li> 2679 </ul> 2680 <p><strong>2. Why does this bulletin have two security patch levels?</strong></p> 2681 <p>This bulletin has two security patch levels so that Android partners have the 2682 flexibility to fix a subset of vulnerabilities that are similar across all 2683 Android devices more quickly. Android partners are encouraged to fix all issues 2684 in this bulletin and use the latest security patch level.</p> 2685 <ul> 2686 <li>Devices that use the March 1, 2017 security patch level must include all 2687 issues associated with that security patch level, as well as fixes for all 2688 issues reported in previous security bulletins.</li> 2689 <li>Devices that use the security patch level of March 5, 2017 or newer must 2690 include all applicable patches in this (and previous) security 2691 bulletins.</li> 2692 </ul> 2693 <p>Partners are encouraged to bundle the fixes for all issues they are addressing 2694 in a single update.</p> 2695 <p><strong>3. How do I determine which Google devices are affected by each 2696 issue?</strong></p> 2697 <p>In the <a href="#2017-03-01-details">2017-03-01</a> and 2698 <a href="#2017-03-05-details">2017-03-05</a> 2699 security vulnerability details sections, each table has an <em>Updated Google 2700 devices</em> column that covers the range of affected Google devices updated for 2701 each issue. This column has a few options:</p> 2702 <ul> 2703 <li><strong>All Google devices</strong>: If an issue affects All and Pixel 2704 devices, the table will have "All" in the <em>Updated Google devices</em> 2705 column. "All" encapsulates the following <a 2706 href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">supported 2707 devices</a>: Nexus 5X, Nexus 6, Nexus 6P, Nexus 9, Android One, 2708 Nexus Player, Pixel C, Pixel, and Pixel XL.</li> 2709 <li><strong>Some Google devices</strong>: If an issue doesn't affect all Google 2710 devices, the affected Google devices are listed in the <em>Updated Google 2711 devices</em> column.</li> 2712 <li><strong>No Google devices</strong>: If no Google devices running Android 7.0 2713 are affected by the issue, the table will have "None" in the <em>Updated Google 2714 devices</em> column. </li> 2715 </ul> 2716 <p><strong>4. What do the entries in the references column map to?</strong></p> 2717 <p>Entries under the <em>References</em> column of the vulnerability details table 2718 may contain a prefix identifying the organization to which the reference value 2719 belongs. These prefixes map as follows:</p> 2720 <table> 2721 <tr> 2722 <th>Prefix</th> 2723 <th>Reference</th> 2724 </tr> 2725 <tr> 2726 <td>A-</td> 2727 <td>Android bug ID</td> 2728 </tr> 2729 <tr> 2730 <td>QC-</td> 2731 <td>Qualcomm reference number</td> 2732 </tr> 2733 <tr> 2734 <td>M-</td> 2735 <td>MediaTek reference number</td> 2736 </tr> 2737 <tr> 2738 <td>N-</td> 2739 <td>NVIDIA reference number</td> 2740 </tr> 2741 <tr> 2742 <td>B-</td> 2743 <td>Broadcom reference number</td> 2744 </tr> 2745 </table> 2746 <h2 id="revisions">Revisions</h2> 2747 <ul> 2748 <li>March 06, 2017: Bulletin published.</li> 2749 <li>March 07, 2017: Bulletin revised to include AOSP links.</li> 2750 </ul> 2751 2752 2753 </body> 2754 </html> 2755
