1 <html devsite> 2 <head> 3 <title>Android Security BulletinApril 2017</title> 4 <meta name="project_path" value="/_project.yaml" /> 5 <meta name="book_path" value="/_book.yaml" /> 6 </head> 7 <body> 8 <!-- 9 Copyright 2017 The Android Open Source Project 10 11 Licensed under the Apache License, Version 2.0 (the "License"); 12 you may not use this file except in compliance with the License. 13 You may obtain a copy of the License at 14 15 http://www.apache.org/licenses/LICENSE-2.0 16 17 Unless required by applicable law or agreed to in writing, software 18 distributed under the License is distributed on an "AS IS" BASIS, 19 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 20 See the License for the specific language governing permissions and 21 limitations under the License. 22 --> 23 <p><em>Published April 03, 2017 | Updated April 27, 2017</em></p> 24 <p>The Android Security Bulletin contains details of security vulnerabilities 25 affecting Android devices. Alongside the bulletin, we have released a security 26 update to Nexus devices through an over-the-air (OTA) update. The Google device 27 firmware images have also been released to the <a 28 href="https://developers.google.com/android/nexus/images">Google Developer 29 site</a>. Security patch levels of April 05, 2017 or later address all of these 30 issues. Refer to the <a 31 href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">Pixel 32 and Nexus update schedule</a> to learn how to check a device's security patch 33 level.</p> 34 <p>Partners were notified of the issues described in the bulletin on March 06, 2017 35 or earlier. Source code patches for these issues have been released to the Android 36 Open Source Project (AOSP) repository and linked from this bulletin. This bulletin 37 also includes links to patches outside of AOSP.</p> 38 <p>The most severe of these issues is a Critical security vulnerability that could 39 enable remote code execution on an affected device through multiple methods such 40 as email, web browsing, and MMS when processing media files. The 41 <a href="/security/overview/updates-resources.html#severity">severity 42 assessment</a> is based on the effect that exploiting the vulnerability would 43 possibly have on an affected device, assuming the platform and service 44 mitigations are disabled for development purposes or if successfully bypassed.</p> 45 <p>We have had no reports of active customer exploitation or abuse of these newly 46 reported issues. Refer to the <a href="#mitigations">Android and Google service 47 mitigations</a> section for details on the <a 48 href="/security/enhancements/index.html">Android 49 security platform protections</a> and service protections such as <a 50 href="https://developer.android.com/training/safetynet/index.html">SafetyNet</a>, 51 which improve the security of the Android platform.</p> 52 <p>We encourage all customers to accept these updates to their devices.</p> 53 54 <h2 id="announcements">Announcements</h2> 55 <ul> 56 <li>This bulletin has two security patch level strings to provide Android 57 partners with the flexibility to more quickly fix a subset of vulnerabilities 58 that are similar across all Android devices. See <a 59 href="#common-questions-and-answers">Common questions and answers</a> for 60 additional information: 61 <ul> 62 <li><strong>2017-04-01</strong>: Partial security patch level string. This 63 security patch level string indicates that all issues associated with 2017-04-01 64 (and all previous security patch level strings) are addressed.</li> 65 <li><strong>2017-04-05</strong>: Complete security patch level string. This 66 security patch level string indicates that all issues associated with 2017-04-01 67 and 2017-04-05 (and all previous security patch level strings) are addressed.</li> 68 </ul> 69 </li> 70 <li>Supported Google devices will receive a single OTA update with the April 05, 71 2017 security patch level.</li> 72 </ul> 73 74 <h2 id="mitigations">Android and Google Service Mitigations</h2> 75 <p>This is a summary of the mitigations provided by the <a 76 href="/security/enhancements/index.html">Android 77 security platform</a> and service protections such as SafetyNet. These 78 capabilities reduce the likelihood that security vulnerabilities could be 79 successfully exploited on Android.</p> 80 <ul> 81 <li>Exploitation for many issues on Android is made more difficult by 82 enhancements in newer versions of the Android platform. We encourage all users 83 to update to the latest version of Android where possible.</li> 84 <li>The Android Security team actively monitors for abuse with <a 85 href="http://static.googleusercontent.com/media/source.android.com/en//security/reports/Google_Android_Security_2016_Report_Final.pdf">Verify 86 Apps and SafetyNet</a>, which are designed to warn users about <a 87 href="http://static.googleusercontent.com/media/source.android.com/en//security/reports/Google_Android_Security_PHA_classifications.pdf">Potentially 88 Harmful Applications</a>. Verify Apps is enabled by default on devices with <a 89 href="http://www.android.com/gms">Google Mobile Services</a> and is especially 90 important for users who install applications from outside of Google Play. Device 91 rooting tools are prohibited within Google Play, but Verify Apps warns users 92 when they attempt to install a detected rooting applicationno matter where it 93 comes from. Additionally, Verify Apps attempts to identify and block 94 installation of known malicious applications that exploit a privilege escalation 95 vulnerability. If such an application has already been installed, Verify Apps 96 will notify the user and attempt to remove the detected application.</li> 97 <li>As appropriate, Google Hangouts and Messenger applications do not 98 automatically pass media to processes such as Mediaserver.</li> 99 </ul> 100 101 <h2 id="acknowledgements">Acknowledgements</h2> 102 <p>We would like to thank these researchers for their contributions:</p> 103 <ul> 104 <li>Aravind Machiry (donfos) of Shellphish Grill Team: CVE-2016-5349</li> 105 <li>Daxing Guo (<a href="https://twitter.com/freener0">@freener0</a>) of Xuanwu 106 Lab, Tencent: CVE-2017-0585, CVE-2017-0553</li> 107 <li><a href="mailto:derrek.haxx (a] gmail.com">Derrek</a> (<a 108 href="https://twitter.com/derrekr6">@derrekr6</a>) and Scott Bauer: 109 CVE-2017-0576</li> 110 <li>Gal Beniamini of Project Zero: CVE-2017-0571, CVE-2017-0570, CVE-2017-0572, 111 CVE-2017-0569, CVE-2017-0561</li> 112 <li>Gengjia Chen (<a href="https://twitter.com/chengjia4574">@chengjia4574</a>) 113 and <a href="http://weibo.com/jfpan">pjf </a>of IceSword Lab, Qihoo 360 114 Technology Co. Ltd.: CVE-2017-6426, CVE-2017-0581, CVE-2017-0329, CVE-2017-0332, 115 CVE-2017-0566, CVE-2017-0573</li> 116 <li>Guang Gong () (<a href="https://twitter.com/oldfresher">@oldfresher</a>) 117 of Alpha Team, Qihoo 360 Technology Co. Ltd.: CVE-2017-0547</li> 118 <li>Hao Chen and Guang Gong of Alpha Team, Qihoo 360 Technology Co. Ltd.: 119 CVE-2017-6424, CVE-2017-0584, CVE-2017-0454, CVE-2017-0574, CVE-2017-0575, CVE-2017-0567</li> 120 <li>Ian Foster (<a href="https://twitter.com/lanrat">@lanrat</a>): CVE-2017-0554</li> 121 <li>Jack Tang of Trend Micro Inc.: CVE-2017-0579</li> 122 <li>Jianjun Dai (<a href="https://twitter.com/Jioun_dai">@Jioun_dai</a>) of <a 123 href="https://skyeye.360safe.com">Qihoo 360 Skyeye Labs</a>: CVE-2017-0559, 124 CVE-2017-0541</li> 125 <li>Jianqiang Zhao (<a 126 href="https://twitter.com/jianqiangzhao">@jianqiangzhao</a>) and <a 127 href="http://weibo.com/jfpan">pjf</a> of IceSword Lab, Qihoo 360: CVE-2017-6425, 128 CVE-2016-5346</li> 129 <li>Lubo Zhang (<a href="mailto:zlbzlb815 (a] 163.com">zlbzlb815 (a] 163.com</a>) of 130 <a href="http://c0reteam.org">C0RE Team</a> and Yonggang Guo 131 (<a href="https://twitter.com/guoygang">@guoygang</a>) of IceSword Lab, Qihoo 132 360 Technology Co. Ltd.: CVE-2017-0564</li> 133 <li><a href="mailto:salyzyn (a] android.com">Mark Salyzyn</a> of Google: 134 CVE-2017-0558</li> 135 <li>Mike Anderson (<a href="https://twitter.com/manderbot">@manderbot</a>) and 136 Nathan Crandall (<a href="https://twitter.com/natecray">@natecray</a>) of 137 Tesla's Product Security Team: CVE-2017-0327, CVE-2017-0328</li> 138 <li>Peng Xiao, Chengming Yang, Ning You, Chao Yang, and Yang song of Alibaba 139 Mobile Security Group: CVE-2017-0565</li> 140 <li>Pengfei Ding (), Chenfu Bao (), and Lenx Wei () of Baidu X-Lab 141 (): CVE-2016-10236</li> 142 <li>Qidan He ( - <a href="https://twitter.com/flanker_hqd">@flanker_hqd</a>) 143 of KeenLab, Tencent: CVE-2017-0544, CVE-2017-0325</li> 144 <li>Roee Hay (<a href="https://twitter.com/roeehay">@roeehay</a>) of Aleph 145 Research, HCL Technologies: CVE-2017-0582, CVE-2017-0563</li> 146 <li><a href="mailto:sbauer (a] plzdonthack.me">Scott Bauer</a> (<a 147 href="https://twitter.com/ScottyBauer1">@ScottyBauer1</a>): CVE-2017-0562, 148 CVE-2017-0339</li> 149 <li>Seven Shen (<a href="https://twitter.com/lingtongshen">@lingtongshen</a>) of 150 TrendMicro Mobile Threat Research Team: CVE-2016-10231, CVE-2017-0578, CVE-2017-0586</li> 151 <li>Tim Becker: CVE-2017-0546</li> 152 <li>Uma Sankar Pradhan (<a 153 href="https://twitter.com/umasankar_iitd">@umasankar_iitd</a>): CVE-2017-0560</li> 154 <li>V.E.O (<a href="https://twitter.com/vysea">@VYSEa</a>) of <a 155 href="http://blog.trendmicro.com/trendlabs-security-intelligence/category/mobile">Mobile 156 Threat Response Team</a>, <a href="http://www.trendmicro.com">Trend Micro</a>: 157 CVE-2017-0555, CVE-2017-0538, CVE-2017-0539, CVE-2017-0557, 158 CVE-2017-0556</li> 159 <li>Weichao Sun (<a href="https://twitter.com/sunblate">@sunblate</a>) of 160 Alibaba Inc: CVE-2017-0549</li> 161 <li>Wenlin Yang (<a href="https://twitter.com/wenlin_yang">@wenlin_yang</a>), 162 Guang Gong (<a href="https://twitter.com/oldfresher">@oldfresher</a>), and Hao 163 Chen of Alpha Team, Qihoo 360 Technology Co. Ltd.: CVE-2017-0580, CVE-2017-0577</li> 164 <li><a href="http://weibo.com/ele7enxxh">Zinuo Han</a> from Chengdu Security 165 Response Center of Qihoo 360 Technology Co. Ltd.: CVE-2017-0548</li> 166 <li>Zubin Mithra of Google: CVE-2017-0462</li> 167 </ul> 168 169 <h2 id="2017-04-01-details">2017-04-01 security patch levelVulnerability 170 details</h2> 171 <p>In the sections below, we provide details for each of the security 172 vulnerabilities that apply to the 2017-04-01 patch level.There is a description 173 of the issue, a severity rationale, and a table with the CVE, associated 174 references, severity, updated Google devices, updated AOSP versions (where 175 applicable), and date reported. When available, we will link the public change 176 that addressed the issue to the bug ID, like the AOSP change list. When multiple 177 changes relate to a single bug, additional references are linked to numbers 178 following the bug ID.</p> 179 180 181 <h3 id="rce-in-mediaserver">Remote code execution vulnerability in 182 Mediaserver</h3> 183 <p>A remote code execution vulnerability in Mediaserver could enable an attacker 184 using a specially crafted file to cause memory corruption during media file and 185 data processing. This issue is rated as Critical due to the possibility of 186 remote code execution within the context of the Mediaserver process.</p> 187 188 <table> 189 <col width="18%"> 190 <col width="17%"> 191 <col width="10%"> 192 <col width="19%"> 193 <col width="18%"> 194 <col width="17%"> 195 <tr> 196 <th>CVE</th> 197 <th>References</th> 198 <th>Severity</th> 199 <th>Updated Google devices</th> 200 <th>Updated AOSP versions</th> 201 <th>Date reported</th> 202 </tr> 203 <tr> 204 <td>CVE-2017-0538</td> 205 <td><a href="https://android.googlesource.com/platform/external/libavc/+/494561291a503840f385fbcd11d9bc5f4dc502b8">A-33641588</a></td> 206 <td>Critical</td> 207 <td>All</td> 208 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 209 <td>Dec 13, 2016</td> 210 </tr> 211 <tr> 212 <td>CVE-2017-0539</td> 213 <td><a href="https://android.googlesource.com/platform/external/libhevc/+/1ab5ce7e42feccd49e49752e6f58f9097ac5d254">A-33864300</a></td> 214 <td>Critical</td> 215 <td>All</td> 216 <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 217 <td>Dec 23, 2016</td> 218 </tr> 219 <tr> 220 <td>CVE-2017-0541</td> 221 <td><a href="https://android.googlesource.com/platform/external/sonivox/+/56d153259cc3e16a6a0014199a2317dde333c978">A-34031018</a></td> 222 <td>Critical</td> 223 <td>All</td> 224 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 225 <td>Jan 1, 2017</td> 226 </tr> 227 <tr> 228 <td>CVE-2017-0542</td> 229 <td><a href="https://android.googlesource.com/platform/external/libavc/+/33ef7de9ddc8ea7eb9cbc440d1cf89957a0c267b">A-33934721</a></td> 230 <td>Critical</td> 231 <td>All</td> 232 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 233 <td>Google internal</td> 234 </tr> 235 <tr> 236 <td>CVE-2017-0543</td> 237 <td><a href="https://android.googlesource.com/platform/external/libavc/+/f634481e940421020e52f511c1fb34aac1db4b2f">A-34097866</a></td> 238 <td>Critical</td> 239 <td>All</td> 240 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 241 <td>Google internal</td> 242 </tr> 243 </table> 244 245 246 <h3 id="eop-in-camerabase">Elevation of privilege vulnerability in 247 CameraBase</h3> 248 <p>An elevation of privilege vulnerability in CameraBase could enable a local 249 malicious application to execute arbitrary code. This issue is rated as High 250 because it is a local arbitrary code execution in a privileged process.</p> 251 252 <table> 253 <col width="18%"> 254 <col width="17%"> 255 <col width="10%"> 256 <col width="19%"> 257 <col width="18%"> 258 <col width="17%"> 259 <tr> 260 <th>CVE</th> 261 <th>References</th> 262 <th>Severity</th> 263 <th>Updated Google devices</th> 264 <th>Updated AOSP versions</th> 265 <th>Date reported</th> 266 </tr> 267 <tr> 268 <td>CVE-2017-0544</td> 269 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/4b49489c12e6862e9a320ebcb53872e809ed20ec">A-31992879</a></td> 270 <td>High</td> 271 <td>All</td> 272 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 273 <td>Oct 6, 2016</td> 274 </tr> 275 </table> 276 277 278 <h3 id="eop-in-audioserver">Elevation of privilege vulnerability in 279 Audioserver</h3> 280 <p>An elevation of privilege vulnerability in Audioserver could enable a local 281 malicious application to execute arbitrary code within the context of a 282 privileged process. This issue is rated as High because it could be used to 283 gain local access to elevated capabilities, which are not normally accessible 284 to a third-party application.</p> 285 286 <table> 287 <col width="18%"> 288 <col width="17%"> 289 <col width="10%"> 290 <col width="19%"> 291 <col width="18%"> 292 <col width="17%"> 293 <tr> 294 <th>CVE</th> 295 <th>References</th> 296 <th>Severity</th> 297 <th>Updated Google devices</th> 298 <th>Updated AOSP versions</th> 299 <th>Date reported</th> 300 </tr> 301 <tr> 302 <td>CVE-2017-0545</td> 303 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/e5a54485e08400a976092cd5b1c6d909d0e1a4ab">A-32591350</a></td> 304 <td>High</td> 305 <td>All</td> 306 <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 307 <td>Oct 31, 2016</td> 308 </tr> 309 </table> 310 311 312 <h3 id="eop-in-surfaceflinger">Elevation of privilege vulnerability in 313 SurfaceFlinger</h3> 314 <p>An elevation of privilege vulnerability in SurfaceFlinger could enable a local 315 malicious application to execute arbitrary code within the context of a 316 privileged process. This issue is rated as High because it could be used to 317 gain local access to elevated capabilities, which are not normally accessible 318 to a third-party application.</p> 319 320 <table> 321 <col width="18%"> 322 <col width="17%"> 323 <col width="10%"> 324 <col width="19%"> 325 <col width="18%"> 326 <col width="17%"> 327 <tr> 328 <th>CVE</th> 329 <th>References</th> 330 <th>Severity</th> 331 <th>Updated Google devices</th> 332 <th>Updated AOSP versions</th> 333 <th>Date reported</th> 334 </tr> 335 <tr> 336 <td>CVE-2017-0546</td> 337 <td><a href="https://android.googlesource.com/platform/frameworks/native/+/45b202513ba7440beaefbf9928f73fb6683dcfbd">A-32628763</a></td> 338 <td>High</td> 339 <td>All</td> 340 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 341 <td>Nov 2, 2016</td> 342 </tr> 343 </table> 344 345 346 <h3 id="id-in-mediaserver">Information disclosure vulnerability in 347 Mediaserver</h3> 348 <p>An information disclosure vulnerability in Mediaserver could enable a local 349 malicious application to access data outside of its permission levels. This 350 issue is rated as High because it is a general bypass for operating system 351 protections that isolate application data from other applications.</p> 352 353 <table> 354 <col width="18%"> 355 <col width="17%"> 356 <col width="10%"> 357 <col width="19%"> 358 <col width="18%"> 359 <col width="17%"> 360 <tr> 361 <th>CVE</th> 362 <th>References</th> 363 <th>Severity</th> 364 <th>Updated Google devices</th> 365 <th>Updated AOSP versions</th> 366 <th>Date reported</th> 367 </tr> 368 <tr> 369 <td>CVE-2017-0547</td> 370 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/9667e3eff2d34c3797c3b529370de47b2c1f1bf6">A-33861560</a></td> 371 <td>High</td> 372 <td>All</td> 373 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 374 <td>Dec 22, 2016</td> 375 </tr> 376 </table> 377 378 379 <h3 id="dos-in-libskia">Denial of service vulnerability in libskia</h3> 380 <p>A remote denial of service vulnerability in libskia could enable an attacker to 381 use a specially crafted file to cause a device hang or reboot. This issue is 382 rated as High severity due to the possibility of remote denial of service.</p> 383 384 <table> 385 <col width="18%"> 386 <col width="17%"> 387 <col width="10%"> 388 <col width="19%"> 389 <col width="18%"> 390 <col width="17%"> 391 <tr> 392 <th>CVE</th> 393 <th>References</th> 394 <th>Severity</th> 395 <th>Updated Google devices</th> 396 <th>Updated AOSP versions</th> 397 <th>Date reported</th> 398 </tr> 399 <tr> 400 <td>CVE-2017-0548</td> 401 <td><a href="https://android.googlesource.com/platform/external/skia/+/318e3505ac2436c62ec19fd27ebe9f8e7d174544">A-33251605</a></td> 402 <td>High</td> 403 <td>All</td> 404 <td>7.0, 7.1.1</td> 405 <td>Nov 29, 2016</td> 406 </tr> 407 </table> 408 409 410 <h3 id="dos-in-mediaserver">Denial of service vulnerability in Mediaserver</h3> 411 <p>A remote denial of service vulnerability in Mediaserver could enable an 412 attacker to use a specially crafted file to cause a device hang or reboot. This 413 issue is rated as High severity due to the possibility of remote denial of 414 service.</p> 415 416 <table> 417 <col width="18%"> 418 <col width="17%"> 419 <col width="10%"> 420 <col width="19%"> 421 <col width="18%"> 422 <col width="17%"> 423 <tr> 424 <th>CVE</th> 425 <th>References</th> 426 <th>Severity</th> 427 <th>Updated Google devices</th> 428 <th>Updated AOSP versions</th> 429 <th>Date reported</th> 430 </tr> 431 <tr> 432 <td>CVE-2017-0549</td> 433 <td><a href="https://android.googlesource.com/platform/external/libavc/+/37345554fea84afd446d6d8fbb87feea5a0dde3f">A-33818508</a></td> 434 <td>High</td> 435 <td>All</td> 436 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 437 <td>Dec 20, 2016</td> 438 </tr> 439 <tr> 440 <td>CVE-2017-0550</td> 441 <td><a href="https://android.googlesource.com/platform/external/libavc/+/7950bf47b6944546a0aff11a7184947de9591b51">A-33933140</a></td> 442 <td>High</td> 443 <td>All</td> 444 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 445 <td>Google internal</td> 446 </tr> 447 <tr> 448 <td>CVE-2017-0551</td> 449 <td><a href="https://android.googlesource.com/platform/external/libavc/+/8b5fd8f24eba5dd19ab2f80ea11a9125aa882ae2">A-34097231</a> 450 [<a href="https://android.googlesource.com/platform/external/libavc/+/494561291a503840f385fbcd11d9bc5f4dc502b8">2</a>]</td> 451 <td>High</td> 452 <td>All</td> 453 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 454 <td>Google internal</td> 455 </tr> 456 <tr> 457 <td>CVE-2017-0552</td> 458 <td><a href="https://android.googlesource.com/platform/external/libavc/+/9a00f562a612d56e7b2b989d168647db900ba6cf">A-34097915</a></td> 459 <td>High</td> 460 <td>All</td> 461 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 462 <td>Google internal</td> 463 </tr> 464 </table> 465 466 467 <h3 id="eop-in-libnl">Elevation of privilege vulnerability in libnl</h3> 468 <p>An elevation of privilege vulnerability in libnl could enable a local malicious 469 application to execute arbitrary code within the context of the Wi-Fi service. 470 This issue is rated as Moderate because it first requires compromising a 471 privileged process and is mitigated by current platform configurations.</p> 472 473 <table> 474 <col width="18%"> 475 <col width="17%"> 476 <col width="10%"> 477 <col width="19%"> 478 <col width="18%"> 479 <col width="17%"> 480 <tr> 481 <th>CVE</th> 482 <th>References</th> 483 <th>Severity</th> 484 <th>Updated Google devices</th> 485 <th>Updated AOSP versions</th> 486 <th>Date reported</th> 487 </tr> 488 <tr> 489 <td>CVE-2017-0553</td> 490 <td><a href="https://android.googlesource.com/platform/external/libnl/+/f83d9c1c67b6be69a96995e384f50b572b667df0">A-32342065</a></td> 491 <td>Moderate</td> 492 <td>All</td> 493 <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 494 <td>Oct 21, 2016</td> 495 </tr> 496 </table> 497 498 499 <h3 id="eop-in-telephony">Elevation of privilege vulnerability in 500 Telephony</h3> 501 <p>An elevation of privilege vulnerability in the Telephony component could enable 502 a local malicious application to access capabilities outside of its permission 503 levels. This issue is rated as Moderate because it could be used to gain access 504 to elevated capabilities, which are not normally accessible to a third-party 505 application.</p> 506 507 <table> 508 <col width="18%"> 509 <col width="17%"> 510 <col width="10%"> 511 <col width="19%"> 512 <col width="18%"> 513 <col width="17%"> 514 <tr> 515 <th>CVE</th> 516 <th>References</th> 517 <th>Severity</th> 518 <th>Updated Google devices</th> 519 <th>Updated AOSP versions</th> 520 <th>Date reported</th> 521 </tr> 522 <tr> 523 <td>CVE-2017-0554</td> 524 <td><a href="https://android.googlesource.com/platform/packages/services/Telephony/+/aeb795ef2290af1a0e4b14909363bc574e6b3ee7">A-33815946</a> 525 [<a href="https://android.googlesource.com/platform/frameworks/base/+/3294256ba5b9e2ba2d8619d617e3d900e5386564">2</a>]</td> 526 <td>Moderate</td> 527 <td>All</td> 528 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 529 <td>Dec 20, 2016</td> 530 </tr> 531 </table> 532 533 534 <h3 id="id-in-mediaserver-2">Information disclosure vulnerability in 535 Mediaserver</h3> 536 <p>An information disclosure vulnerability in Mediaserver could enable a local 537 malicious application to access data outside of its permission levels. This 538 issue is rated as Moderate because it could be used to access data without 539 permission.</p> 540 541 <table> 542 <col width="18%"> 543 <col width="17%"> 544 <col width="10%"> 545 <col width="19%"> 546 <col width="18%"> 547 <col width="17%"> 548 <tr> 549 <th>CVE</th> 550 <th>References</th> 551 <th>Severity</th> 552 <th>Updated Google devices</th> 553 <th>Updated AOSP versions</th> 554 <th>Date reported</th> 555 </tr> 556 <tr> 557 <td>CVE-2017-0555</td> 558 <td><a href="https://android.googlesource.com/platform/external/libavc/+/0b23c81c3dd9ec38f7e6806a3955fed1925541a0">A-33551775</a></td> 559 <td>Moderate</td> 560 <td>All</td> 561 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 562 <td>Dec 12, 2016</td> 563 </tr> 564 <tr> 565 <td>CVE-2017-0556</td> 566 <td><a href="https://android.googlesource.com/platform/external/libmpeg2/+/f301cff2c1ddd880d9a2c77b22602a137519867b">A-34093952</a></td> 567 <td>Moderate</td> 568 <td>All</td> 569 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 570 <td>Jan 4, 2017</td> 571 </tr> 572 <tr> 573 <td>CVE-2017-0557</td> 574 <td><a href="https://android.googlesource.com/platform/external/libmpeg2/+/227c1f829127405e21dab1664393050c652ef71e">A-34093073</a></td> 575 <td>Moderate</td> 576 <td>All</td> 577 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 578 <td>Jan 4, 2017</td> 579 </tr> 580 <tr> 581 <td>CVE-2017-0558</td> 582 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/50358a80b1724f6cf1bcdf003e1abf9cc141b122">A-34056274</a></td> 583 <td>Moderate</td> 584 <td>All</td> 585 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 586 <td>Google internal</td> 587 </tr> 588 </table> 589 590 591 <h3 id="id-in-libskia">Information disclosure vulnerability in libskia</h3> 592 <p>An information disclosure vulnerability in libskia could enable a local 593 malicious application to access data outside of its permission levels. This 594 issue is rated as Moderate because it could be used to access data without 595 permission.</p> 596 597 <table> 598 <col width="18%"> 599 <col width="17%"> 600 <col width="10%"> 601 <col width="19%"> 602 <col width="18%"> 603 <col width="17%"> 604 <tr> 605 <th>CVE</th> 606 <th>References</th> 607 <th>Severity</th> 608 <th>Updated Google devices</th> 609 <th>Updated AOSP versions</th> 610 <th>Date reported</th> 611 </tr> 612 <tr> 613 <td>CVE-2017-0559</td> 614 <td><a href="https://android.googlesource.com/platform/external/skia/+/16882f721279a82a1c860ac689ce570b16fe26a0">A-33897722</a></td> 615 <td>Moderate</td> 616 <td>All</td> 617 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 618 <td>Dec 25, 2016</td> 619 </tr> 620 </table> 621 622 623 <h3 id="id-in-factory-reset">Information disclosure vulnerability in Factory 624 Reset</h3> 625 <p>An information disclosure vulnerability in the factory reset process could 626 enable a local malicious attacker to access data from the previous owner. This 627 issue is rated as Moderate due to the possibility of bypassing device 628 protection.</p> 629 630 <table> 631 <col width="18%"> 632 <col width="17%"> 633 <col width="10%"> 634 <col width="19%"> 635 <col width="18%"> 636 <col width="17%"> 637 <tr> 638 <th>CVE</th> 639 <th>References</th> 640 <th>Severity</th> 641 <th>Updated Google devices</th> 642 <th>Updated AOSP versions</th> 643 <th>Date reported</th> 644 </tr> 645 <tr> 646 <td>CVE-2017-0560</td> 647 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/efdec8f5688ce6b0a287eddb6d5dad93ffa0e1ee">A-30681079</a></td> 648 <td>Moderate</td> 649 <td>All</td> 650 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 651 <td>Google internal</td> 652 </tr> 653 </table> 654 655 <h2 id="2017-04-05-details">2017-04-05 security patch levelVulnerability 656 details</h2> 657 <p>In the sections below, we provide details for each of the security 658 vulnerabilities that apply to the 2017-04-05 patch level. There is a description 659 of the issue, a severity rationale, and a table with the CVE, associated 660 references, severity, updated Google devices, updated AOSP versions (where 661 applicable), and date reported. When available, we will link the public change 662 that addressed the issue to the bug ID, like the AOSP change list. When multiple 663 changes relate to a single bug, additional references are linked to numbers 664 following the bug ID.</p> 665 666 667 <h3 id="rce-in-broadcom-wi-fi-firmware">Remote code execution vulnerability in 668 Broadcom Wi-Fi firmware</h3> 669 <p>A remote code execution vulnerability in the Broadcom Wi-Fi firmware could 670 enable a remote attacker to execute arbitrary code within the context of the 671 Wi-Fi SoC. This issue is rated as Critical due to the possibility of remote 672 code execution in the context of the Wi-Fi SoC.</p> 673 674 <table> 675 <col width="19%"> 676 <col width="20%"> 677 <col width="10%"> 678 <col width="23%"> 679 <col width="17%"> 680 <tr> 681 <th>CVE</th> 682 <th>References</th> 683 <th>Severity</th> 684 <th>Updated Google devices</th> 685 <th>Date reported</th> 686 </tr> 687 <tr> 688 <td>CVE-2017-0561</td> 689 <td>A-34199105*<br> 690 B-RB#110814</td> 691 <td>Critical</td> 692 <td>Nexus 6, Nexus 6P, Nexus 9, Pixel C, Nexus Player</td> 693 <td>Jan 9, 2017</td> 694 </tr> 695 </table> 696 <p>* The patch for this issue is not publicly available. The update is contained 697 in the latest binary drivers for Nexus devices available from the 698 <a href="https://developers.google.com/android/nexus/drivers"> 699 Google Developer site</a>.</p> 700 701 702 <h3 id="rce-in-qualcomm-crypto-engine-driver">Remote code execution 703 vulnerability in Qualcomm crypto engine driver</h3> 704 <p>A remote code execution vulnerability in the Qualcomm crypto engine driver 705 could enable a remote attacker to execute arbitrary code within the context of 706 the kernel. This issue is rated as Critical due to the possibility of remote 707 code execution in the context of the kernel.</p> 708 709 <table> 710 <col width="19%"> 711 <col width="20%"> 712 <col width="10%"> 713 <col width="23%"> 714 <col width="17%"> 715 <tr> 716 <th>CVE</th> 717 <th>References</th> 718 <th>Severity</th> 719 <th>Updated Google devices</th> 720 <th>Date reported</th> 721 </tr> 722 <tr> 723 <td>CVE-2016-10230</td> 724 <td>A-34389927<br> 725 <a 726 href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=bd9a8fc6d7f6bd1a0b936994630006de450df657"> 727 QC-CR#1091408</a></td> 728 <td>Critical</td> 729 <td>Nexus 5X, Nexus 6, Nexus 6P, Pixel, Pixel XL, Android One</td> 730 <td>Jan 10, 2017</td> 731 </tr> 732 </table> 733 734 735 <h3 id="rce-in-kernel-networking-subsystem">Remote code execution vulnerability 736 in kernel networking subsystem</h3> 737 <p>A remote code execution vulnerability in the kernel networking subsystem could 738 enable a remote attacker to execute arbitrary code within the context of the 739 kernel. This issue is rated as Critical due to the possibility of remote code 740 execution in the context of the kernel.</p> 741 742 <table> 743 <col width="19%"> 744 <col width="20%"> 745 <col width="10%"> 746 <col width="23%"> 747 <col width="17%"> 748 <tr> 749 <th>CVE</th> 750 <th>References</th> 751 <th>Severity</th> 752 <th>Updated Google devices</th> 753 <th>Date reported</th> 754 </tr> 755 <tr> 756 <td>CVE-2016-10229</td> 757 <td>A-32813456<br> 758 <a 759 href="http://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=197c949e7798fbf28cfadc69d9ca0c2abbf93191"> 760 Upstream kernel</a></td> 761 <td>Critical</td> 762 <td>Nexus 5X, Nexus 6, Nexus 6P, Pixel, Pixel XL, Pixel C, Android One, 763 Nexus Player</td> 764 <td>Google internal</td> 765 </tr> 766 </table> 767 768 769 <h3 id="eop-in-mediatek-touchscreen-driver">Elevation of privilege 770 vulnerability in MediaTek touchscreen driver</h3> 771 <p>An elevation of privilege vulnerability in the MediaTek touchscreen driver 772 could enable a local malicious application to execute arbitrary code within the 773 context of the kernel. This issue is rated as Critical due to the possibility 774 of a local permanent device compromise, which may require reflashing the 775 operating system to repair the device.</p> 776 777 <table> 778 <col width="19%"> 779 <col width="20%"> 780 <col width="10%"> 781 <col width="23%"> 782 <col width="17%"> 783 <tr> 784 <th>CVE</th> 785 <th>References</th> 786 <th>Severity</th> 787 <th>Updated Google devices</th> 788 <th>Date reported</th> 789 </tr> 790 <tr> 791 <td>CVE-2017-0562</td> 792 <td>A-30202425*<br> 793 M-ALPS02898189</td> 794 <td>Critical*</td> 795 <td>None**</td> 796 <td>Jul 16, 2016</td> 797 </tr> 798 </table> 799 <p>* The patch for this issue is not publicly available. The update is contained 800 in the latest binary drivers for Nexus devices available from the 801 <a href="https://developers.google.com/android/nexus/drivers"> 802 Google Developer site</a>.</p> 803 <p>** Supported Google devices on Android 7.0 or later that have installed all 804 available updates are not affected by this vulnerability.</p> 805 806 807 <h3 id="eop-in-htc-touchscreen-driver">Elevation of privilege vulnerability in 808 HTC touchscreen driver</h3> 809 <p>An elevation of privilege vulnerability in the HTC touchscreen driver could 810 enable a local malicious application to execute arbitrary code within the 811 context of the kernel. This issue is rated as Critical due to the possibility 812 of a local permanent device compromise, which may require reflashing the 813 operating system to repair the device.</p> 814 815 <table> 816 <col width="19%"> 817 <col width="20%"> 818 <col width="10%"> 819 <col width="23%"> 820 <col width="17%"> 821 <tr> 822 <th>CVE</th> 823 <th>References</th> 824 <th>Severity</th> 825 <th>Updated Google devices</th> 826 <th>Date reported</th> 827 </tr> 828 <tr> 829 <td>CVE-2017-0563</td> 830 <td>A-32089409*<br> 831 </td> 832 <td>Critical</td> 833 <td>Nexus 9</td> 834 <td>Oct 9, 2016</td> 835 </tr> 836 </table> 837 <p>* The patch for this issue is not publicly available. The update is contained 838 in the latest binary drivers for Nexus devices available from the 839 <a href="https://developers.google.com/android/nexus/drivers"> 840 Google Developer site</a>.</p> 841 842 843 <h3 id="eop-in-kernel-ion-subsystem">Elevation of privilege vulnerability in 844 kernel ION subsystem</h3> 845 <p>An elevation of privilege vulnerability in the kernel ION subsystem could 846 enable a local malicious application to execute arbitrary code within the 847 context of the kernel. This issue is rated as Critical due to the possibility 848 of a local permanent device compromise, which may require reflashing the 849 operating system to repair the device.</p> 850 851 <table> 852 <col width="19%"> 853 <col width="20%"> 854 <col width="10%"> 855 <col width="23%"> 856 <col width="17%"> 857 <tr> 858 <th>CVE</th> 859 <th>References</th> 860 <th>Severity</th> 861 <th>Updated Google devices</th> 862 <th>Date reported</th> 863 </tr> 864 <tr> 865 <td>CVE-2017-0564</td> 866 <td>A-34276203*<br> 867 </td> 868 <td>Critical</td> 869 <td>Nexus 5X, Nexus 6, Nexus 6P, Pixel, Pixel XL, Pixel C, Android One, 870 Nexus Player</td> 871 <td>Jan 12, 2017</td> 872 </tr> 873 </table> 874 <p>* The patch for this issue is not publicly available. The update is contained 875 in the latest binary drivers for Nexus devices available from the 876 <a href="https://developers.google.com/android/nexus/drivers"> 877 Google Developer site</a>.</p> 878 879 880 <h3 id="vulnerabilities-in-qualcomm-components">Vulnerabilities in Qualcomm 881 components</h3> 882 <p>These vulnerabilities affect Qualcomm components and are described in further 883 detail in the Qualcomm AMSS October 2016 security bulletin.</p> 884 885 <table> 886 <col width="19%"> 887 <col width="20%"> 888 <col width="10%"> 889 <col width="23%"> 890 <col width="17%"> 891 <tr> 892 <th>CVE</th> 893 <th>References</th> 894 <th>Severity</th> 895 <th>Updated Google devices</th> 896 <th>Date reported</th> 897 </tr> 898 <tr> 899 <td>CVE-2016-10237</td> 900 <td>A-31628601**<br> 901 QC-CR#1046751</td> 902 <td>Critical</td> 903 <td>None**</td> 904 <td>Qualcomm internal</td> 905 </tr> 906 <tr> 907 <td>CVE-2016-10238</td> 908 <td>A-35358527**<br> 909 QC-CR#1042558</td> 910 <td>Critical</td> 911 <td>None***</td> 912 <td>Qualcomm internal</td> 913 </tr> 914 <tr> 915 <td>CVE-2016-10239</td> 916 <td>A-31624618**<br> 917 QC-CR#1032929</td> 918 <td>High</td> 919 <td>Pixel, Pixel XL</td> 920 <td>Qualcomm internal</td> 921 </tr> 922 </table> 923 <p>* The severity rating for these vulnerabilities was determined by the vendor.</p> 924 <p>* The patch for this issue is not publicly available. The update is contained 925 in the latest binary drivers for Nexus devices available from the 926 <a href="https://developers.google.com/android/nexus/drivers"> 927 Google Developer site</a>.</p> 928 <p>*** Supported Google devices on Android 7.0 or later that have installed all 929 available updates are not affected by this vulnerability.</p> 930 931 932 <h3 id="rce-in-v8">Remote code execution vulnerability in v8</h3> 933 <p>A remote code execution vulnerability in v8 could enable remote attackers to 934 execute arbitrary code within the context of a privileged process. This issue 935 is rated as High due to the possibility of remote code execution in websites. </p> 936 937 <table> 938 <col width="18%"> 939 <col width="17%"> 940 <col width="10%"> 941 <col width="19%"> 942 <col width="18%"> 943 <col width="17%"> 944 <tr> 945 <th>CVE</th> 946 <th>References</th> 947 <th>Severity</th> 948 <th>Updated Google devices</th> 949 <th>Updated AOSP versions</th> 950 <th>Date reported</th> 951 </tr> 952 <tr> 953 <td>CVE-2016-5129</td> 954 <td>A-29178923</td> 955 <td>High</td> 956 <td>None*</td> 957 <td>6.0, 6.0.1, 7.0</td> 958 <td>Jul 20, 2016</td> 959 </tr> 960 </table> 961 <p>* Supported Google devices on Android 7.0 or later that have installed all 962 available updates are not affected by this vulnerability.</p> 963 964 <h3 id="rce-in-freetype">Remote code execution vulnerability in Freetype</h3> 965 <p>A remote code execution vulnerability in Freetype could enable a local 966 malicious application to load a specially crafted font to cause memory 967 corruption in an unprivileged process. This issue is rated as High due to the 968 possibility of remote code execution in an application that uses this library.</p> 969 970 <table> 971 <col width="18%"> 972 <col width="17%"> 973 <col width="10%"> 974 <col width="19%"> 975 <col width="18%"> 976 <col width="17%"> 977 <tr> 978 <th>CVE</th> 979 <th>References</th> 980 <th>Severity</th> 981 <th>Updated Google devices</th> 982 <th>Updated AOSP versions</th> 983 <th>Date reported</th> 984 </tr> 985 <tr> 986 <td>CVE-2016-10244</td> 987 <td>A-31470908</td> 988 <td>High</td> 989 <td>None*</td> 990 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0</td> 991 <td>Sep 13, 2016</td> 992 </tr> 993 </table> 994 <p>* Supported Google devices on Android 7.0 or later that have installed all 995 available updates are not affected by this vulnerability.</p> 996 997 <h3 id="eop-in-kernel-sound-subsystem">Elevation of privilege vulnerability in 998 kernel sound subsystem</h3> 999 <p>An elevation of privilege vulnerability in the kernel sound subsystem could 1000 enable a local malicious application to execute arbitrary code within the 1001 context of the kernel. This issue is rated as High because it first requires 1002 compromising a privileged process.</p> 1003 1004 <table> 1005 <col width="19%"> 1006 <col width="20%"> 1007 <col width="10%"> 1008 <col width="23%"> 1009 <col width="17%"> 1010 <tr> 1011 <th>CVE</th> 1012 <th>References</th> 1013 <th>Severity</th> 1014 <th>Updated Google devices</th> 1015 <th>Date reported</th> 1016 </tr> 1017 <tr> 1018 <td>CVE-2014-4656</td> 1019 <td>A-34464977<br> 1020 <a 1021 href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=883a1d49f0d77d30012f114b2e19fc141beb3e8e"> 1022 Upstream kernel</a></td> 1023 <td>High</td> 1024 <td>Nexus 6, Nexus Player</td> 1025 <td>Jun 26, 2014</td> 1026 </tr> 1027 </table> 1028 1029 1030 <h3 id="eop-in-nvidia-crypto-driver">Elevation of privilege vulnerability in 1031 NVIDIA crypto driver</h3> 1032 <p>An elevation of privilege vulnerability in the NVIDIA crypto driver could 1033 enable a local malicious application to execute arbitrary code within the 1034 context of the kernel. This issue is rated as High because it first requires 1035 compromising a privileged process.</p> 1036 1037 <table> 1038 <col width="19%"> 1039 <col width="20%"> 1040 <col width="10%"> 1041 <col width="23%"> 1042 <col width="17%"> 1043 <tr> 1044 <th>CVE</th> 1045 <th>References</th> 1046 <th>Severity</th> 1047 <th>Updated Google devices</th> 1048 <th>Date reported</th> 1049 </tr> 1050 <tr> 1051 <td>CVE-2017-0339</td> 1052 <td>A-27930566*<br> 1053 N-CVE-2017-0339</td> 1054 <td>High</td> 1055 <td>Nexus 9</td> 1056 <td>Mar 29, 2016</td> 1057 </tr> 1058 <tr> 1059 <td>CVE-2017-0332</td> 1060 <td>A-33812508*<br> 1061 N-CVE-2017-0332</td> 1062 <td>High</td> 1063 <td>Nexus 9</td> 1064 <td>Dec 21, 2016</td> 1065 </tr> 1066 <tr> 1067 <td>CVE-2017-0327</td> 1068 <td>A-33893669*<br> 1069 N-CVE-2017-0327</td> 1070 <td>High</td> 1071 <td>Nexus 9</td> 1072 <td>Dec 24, 2016</td> 1073 </tr> 1074 </table> 1075 <p>* The patch for this issue is not publicly available. The update is contained 1076 in the latest binary drivers for Nexus devices available from the 1077 <a href="https://developers.google.com/android/nexus/drivers"> 1078 Google Developer site</a>.</p> 1079 1080 1081 <h3 id="eop-in-mediatek-thermal-driver">Elevation of privilege vulnerability in 1082 MediaTek thermal driver</h3> 1083 <p>An elevation of privilege vulnerability in the MediaTek thermal driver could 1084 enable a local malicious application to execute arbitrary code within the 1085 context of the kernel. This issue is rated as High because it first requires 1086 compromising a privileged process.</p> 1087 1088 <table> 1089 <col width="19%"> 1090 <col width="20%"> 1091 <col width="10%"> 1092 <col width="23%"> 1093 <col width="17%"> 1094 <tr> 1095 <th>CVE</th> 1096 <th>References</th> 1097 <th>Severity</th> 1098 <th>Updated Google devices</th> 1099 <th>Date reported</th> 1100 </tr> 1101 <tr> 1102 <td>CVE-2017-0565</td> 1103 <td>A-28175904*<br> 1104 M-ALPS02696516</td> 1105 <td>High</td> 1106 <td>None**</td> 1107 <td>Apr 11, 2016</td> 1108 </tr> 1109 </table> 1110 <p>* The patch for this issue is not publicly available. The update is contained 1111 in the latest binary drivers for Nexus devices available from the 1112 <a href="https://developers.google.com/android/nexus/drivers"> 1113 Google Developer site</a>.</p> 1114 <p>** Supported Google devices on Android 7.0 or later that have installed all 1115 available updates are not affected by this vulnerability.</p> 1116 1117 1118 <h3 id="eop-in-mediatek-camera-driver">Elevation of privilege vulnerability in 1119 MediaTek camera driver</h3> 1120 <p>An elevation of privilege vulnerability in the MediaTek camera driver could 1121 enable a local malicious application to execute arbitrary code within the 1122 context of the kernel. This issue is rated as High because it first requires 1123 compromising a privileged process.</p> 1124 1125 <table> 1126 <col width="19%"> 1127 <col width="20%"> 1128 <col width="10%"> 1129 <col width="23%"> 1130 <col width="17%"> 1131 <tr> 1132 <th>CVE</th> 1133 <th>References</th> 1134 <th>Severity</th> 1135 <th>Updated Google devices</th> 1136 <th>Date reported</th> 1137 </tr> 1138 <tr> 1139 <td>CVE-2017-0566</td> 1140 <td>A-28470975*<br> 1141 M-ALPS02696367</td> 1142 <td>High</td> 1143 <td>None**</td> 1144 <td>Apr 29, 2016</td> 1145 </tr> 1146 </table> 1147 <p>* The patch for this issue is not publicly available. The update is contained 1148 in the latest binary drivers for Nexus devices available from the 1149 <a href="https://developers.google.com/android/nexus/drivers"> 1150 Google Developer site</a>.</p> 1151 <p>** Supported Google devices on Android 7.0 or later that have installed all 1152 available updates are not affected by this vulnerability.</p> 1153 1154 1155 <h3 id="eop-in-broadcom-wi-fi-driver">Elevation of privilege vulnerability in 1156 Broadcom Wi-Fi driver</h3> 1157 <p>An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could 1158 enable a local malicious application to execute arbitrary code within the 1159 context of the kernel. This issue is rated as High because it first requires 1160 compromising a privileged process.</p> 1161 1162 <table> 1163 <col width="19%"> 1164 <col width="20%"> 1165 <col width="10%"> 1166 <col width="23%"> 1167 <col width="17%"> 1168 <tr> 1169 <th>CVE</th> 1170 <th>References</th> 1171 <th>Severity</th> 1172 <th>Updated Google devices</th> 1173 <th>Date reported</th> 1174 </tr> 1175 <tr> 1176 <td>CVE-2017-0567</td> 1177 <td>A-32125310*<br> 1178 B-RB#112575</td> 1179 <td>High</td> 1180 <td>Nexus 6, Nexus 6P, Nexus 9, Pixel C, Nexus Player</td> 1181 <td>Oct 12, 2016</td> 1182 </tr> 1183 <tr> 1184 <td>CVE-2017-0568</td> 1185 <td>A-34197514*<br> 1186 B-RB#112600</td> 1187 <td>High</td> 1188 <td>Nexus 6, Nexus 6P, Nexus 9, Pixel C, Nexus Player</td> 1189 <td>Jan 9, 2017</td> 1190 </tr> 1191 <tr> 1192 <td>CVE-2017-0569</td> 1193 <td>A-34198729*<br> 1194 B-RB#110666</td> 1195 <td>High</td> 1196 <td>Nexus 6, Nexus 6P, Nexus 9, Pixel C, Nexus Player</td> 1197 <td>Jan 9, 2017</td> 1198 </tr> 1199 <tr> 1200 <td>CVE-2017-0570</td> 1201 <td>A-34199963*<br> 1202 B-RB#110688</td> 1203 <td>High</td> 1204 <td>Nexus 6, Nexus 6P, Nexus 9, Pixel C, Nexus Player</td> 1205 <td>Jan 9, 2017</td> 1206 </tr> 1207 <tr> 1208 <td>CVE-2017-0571</td> 1209 <td>A-34203305*<br> 1210 B-RB#111541</td> 1211 <td>High</td> 1212 <td>Nexus 6, Nexus 6P, Pixel C, Nexus Player</td> 1213 <td>Jan 9, 2017</td> 1214 </tr> 1215 <tr> 1216 <td>CVE-2017-0572</td> 1217 <td>A-34198931*<br> 1218 B-RB#112597</td> 1219 <td>High</td> 1220 <td>None**</td> 1221 <td>Jan 9, 2017</td> 1222 </tr> 1223 <tr> 1224 <td>CVE-2017-0573</td> 1225 <td>A-34469904*<br> 1226 B-RB#91539</td> 1227 <td>High</td> 1228 <td>Nexus 6, Nexus 6P, Nexus 9, Pixel C, Nexus Player</td> 1229 <td>Jan 18, 2017</td> 1230 </tr> 1231 <tr> 1232 <td>CVE-2017-0574</td> 1233 <td>A-34624457*<br> 1234 B-RB#113189</td> 1235 <td>High</td> 1236 <td>Nexus 6, Nexus 6P, Nexus 9, Pixel C</td> 1237 <td>Jan 22, 2017</td> 1238 </tr> 1239 </table> 1240 <p>* The patch for this issue is not publicly available. The update is contained 1241 in the latest binary drivers for Nexus devices available from the 1242 <a href="https://developers.google.com/android/nexus/drivers"> 1243 Google Developer site</a>.</p> 1244 <p>** Supported Google devices on Android 7.0 or later that have installed all 1245 available updates are not affected by this vulnerability.</p> 1246 1247 1248 <h3 id="eop-in-qualcomm-wi-fi-driver">Elevation of privilege vulnerability in 1249 Qualcomm Wi-Fi driver</h3> 1250 <p>An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could 1251 enable a local malicious application to execute arbitrary code within the 1252 context of the kernel. This issue is rated as High because it first requires 1253 compromising a privileged process.</p> 1254 1255 <table> 1256 <col width="19%"> 1257 <col width="20%"> 1258 <col width="10%"> 1259 <col width="23%"> 1260 <col width="17%"> 1261 <tr> 1262 <th>CVE</th> 1263 <th>References</th> 1264 <th>Severity</th> 1265 <th>Updated Google devices</th> 1266 <th>Date reported</th> 1267 </tr> 1268 <tr> 1269 <td>CVE-2017-0575</td> 1270 <td>A-32658595*<br> 1271 QC-CR#1103099</td> 1272 <td>High</td> 1273 <td>Nexus 5X, Pixel, Pixel XL</td> 1274 <td>Nov 3, 2016</td> 1275 </tr> 1276 </table> 1277 <p>* The patch for this issue is not publicly available. The update is contained 1278 in the latest binary drivers for Nexus devices available from the 1279 <a href="https://developers.google.com/android/nexus/drivers"> 1280 Google Developer site</a>.</p> 1281 1282 1283 <h3 id="eop-in-nvidia-i2c-hid-driver">Elevation of privilege vulnerability in 1284 NVIDIA I2C HID driver</h3> 1285 <p>An elevation of privilege vulnerability in the NVIDIA I2C HID driver could 1286 enable a local malicious application to execute arbitrary code within the 1287 context of the kernel. This issue is rated as High because it first requires 1288 compromising a privileged process.</p> 1289 1290 <table> 1291 <col width="19%"> 1292 <col width="20%"> 1293 <col width="10%"> 1294 <col width="23%"> 1295 <col width="17%"> 1296 <tr> 1297 <th>CVE</th> 1298 <th>References</th> 1299 <th>Severity</th> 1300 <th>Updated Google devices</th> 1301 <th>Date reported</th> 1302 </tr> 1303 <tr> 1304 <td>CVE-2017-0325</td> 1305 <td>A-33040280*<br> 1306 N-CVE-2017-0325</td> 1307 <td>High</td> 1308 <td>Nexus 9, Pixel C</td> 1309 <td>Nov 20, 2016</td> 1310 </tr> 1311 </table> 1312 <p>* The patch for this issue is not publicly available. The update is contained 1313 in the latest binary drivers for Nexus devices available from the 1314 <a href="https://developers.google.com/android/nexus/drivers"> 1315 Google Developer site</a>.</p> 1316 1317 1318 <h3 id="eop-in-qualcomm-audio-driver">Elevation of privilege vulnerability in 1319 Qualcomm audio driver</h3> 1320 <p>An elevation of privilege vulnerability in the Qualcomm audio driver could 1321 enable a local malicious application to execute arbitrary code within the 1322 context of the kernel. This issue is rated as High because it first requires 1323 compromising a privileged process.</p> 1324 1325 <table> 1326 <col width="19%"> 1327 <col width="20%"> 1328 <col width="10%"> 1329 <col width="23%"> 1330 <col width="17%"> 1331 <tr> 1332 <th>CVE</th> 1333 <th>References</th> 1334 <th>Severity</th> 1335 <th>Updated Google devices</th> 1336 <th>Date reported</th> 1337 </tr> 1338 <tr> 1339 <td>CVE-2017-0454</td> 1340 <td>A-33353700<br> 1341 <a 1342 href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=cb0701a2f99fa19f01fbd4249bda9a8eadb0241f"> 1343 QC-CR#1104067</a></td> 1344 <td>High</td> 1345 <td>Nexus 5X, Nexus 6P, Pixel, Pixel XL</td> 1346 <td>Dec 5, 2016</td> 1347 </tr> 1348 </table> 1349 1350 1351 <h3 id="eop-in-qualcomm-crypto-engine-driver">Elevation of privilege 1352 vulnerability in Qualcomm crypto engine driver</h3> 1353 <p>An elevation of privilege vulnerability in the Qualcomm crypto engine driver 1354 could enable a local malicious application to execute arbitrary code within the 1355 context of the kernel. This issue is rated as High because it first requires 1356 compromising a privileged process.</p> 1357 1358 <table> 1359 <col width="19%"> 1360 <col width="20%"> 1361 <col width="10%"> 1362 <col width="23%"> 1363 <col width="17%"> 1364 <tr> 1365 <th>CVE</th> 1366 <th>References</th> 1367 <th>Severity</th> 1368 <th>Updated Google devices</th> 1369 <th>Date reported</th> 1370 </tr> 1371 <tr> 1372 <td>CVE-2017-0576</td> 1373 <td>A-33544431<br> 1374 <a 1375 href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=2b09507d78b25637df6879cd2ee2031b208b3532"> 1376 QC-CR#1103089</a></td> 1377 <td>High</td> 1378 <td>Nexus 5X, Nexus 6, Nexus 6P, Pixel, Pixel XL, Android One</td> 1379 <td>Dec 9, 2016</td> 1380 </tr> 1381 </table> 1382 1383 1384 <h3 id="eop-in-htc-touchscreen-driver-2">Elevation of privilege vulnerability 1385 in HTC touchscreen driver</h3> 1386 <p>An elevation of privilege vulnerability in the HTC touchscreen driver could 1387 enable a local malicious application to execute arbitrary code within the 1388 context of the kernel. This issue is rated as High because it first requires 1389 compromising a privileged process.</p> 1390 1391 <table> 1392 <col width="19%"> 1393 <col width="20%"> 1394 <col width="10%"> 1395 <col width="23%"> 1396 <col width="17%"> 1397 <tr> 1398 <th>CVE</th> 1399 <th>References</th> 1400 <th>Severity</th> 1401 <th>Updated Google devices</th> 1402 <th>Date reported</th> 1403 </tr> 1404 <tr> 1405 <td>CVE-2017-0577</td> 1406 <td>A-33842951*<br> 1407 </td> 1408 <td>High</td> 1409 <td>None**</td> 1410 <td>Dec 21, 2016</td> 1411 </tr> 1412 </table> 1413 <p>* The patch for this issue is not publicly available. The update is contained 1414 in the latest binary drivers for Nexus devices available from the 1415 <a href="https://developers.google.com/android/nexus/drivers"> 1416 Google Developer site</a>.</p> 1417 <p>** Supported Google devices on Android 7.0 or later that have installed all 1418 available updates are not affected by this vulnerability.</p> 1419 1420 1421 <h3 id="eop-in-dts-sound-driver">Elevation of privilege vulnerability in DTS 1422 sound driver</h3> 1423 <p>An elevation of privilege vulnerability in the DTS sound driver could enable a 1424 local malicious application to execute arbitrary code within the context of the 1425 kernel. This issue is rated as High because it first requires compromising a 1426 privileged process.</p> 1427 1428 <table> 1429 <col width="19%"> 1430 <col width="20%"> 1431 <col width="10%"> 1432 <col width="23%"> 1433 <col width="17%"> 1434 <tr> 1435 <th>CVE</th> 1436 <th>References</th> 1437 <th>Severity</th> 1438 <th>Updated Google devices</th> 1439 <th>Date reported</th> 1440 </tr> 1441 <tr> 1442 <td>CVE-2017-0578</td> 1443 <td>A-33964406*<br> 1444 </td> 1445 <td>High</td> 1446 <td>None**</td> 1447 <td>Dec 28, 2016</td> 1448 </tr> 1449 </table> 1450 <p>* The patch for this issue is not publicly available. The update is contained 1451 in the latest binary drivers for Nexus devices available from the 1452 <a href="https://developers.google.com/android/nexus/drivers"> 1453 Google Developer site</a>.</p> 1454 <p>** Supported Google devices on Android 7.0 or later that have installed all 1455 available updates are not affected by this vulnerability.</p> 1456 1457 1458 <h3 id="eop-in-qualcomm-sound-codec-driver">Elevation of privilege 1459 vulnerability in Qualcomm sound codec driver</h3> 1460 <p>An elevation of privilege vulnerability in the Qualcomm sound codec driver 1461 could enable a local malicious application to execute arbitrary code within the 1462 context of the kernel. This issue is rated as High because it first requires 1463 compromising a privileged process.</p> 1464 1465 <table> 1466 <col width="19%"> 1467 <col width="20%"> 1468 <col width="10%"> 1469 <col width="23%"> 1470 <col width="17%"> 1471 <tr> 1472 <th>CVE</th> 1473 <th>References</th> 1474 <th>Severity</th> 1475 <th>Updated Google devices</th> 1476 <th>Date reported</th> 1477 </tr> 1478 <tr> 1479 <td>CVE-2016-10231</td> 1480 <td>A-33966912<br> 1481 <a 1482 href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=3bfe5a89916f7d29492e9f6d941d108b688cb804"> 1483 QC-CR#1096799</a></td> 1484 <td>High</td> 1485 <td>Pixel, Pixel XL</td> 1486 <td>Dec 29, 2016</td> 1487 </tr> 1488 </table> 1489 1490 1491 <h3 id="eop-in-qualcomm-video-driver">Elevation of privilege vulnerability in 1492 Qualcomm video driver</h3> 1493 <p>An elevation of privilege vulnerability in the Qualcomm video driver could 1494 enable a local malicious application to execute arbitrary code within the 1495 context of the kernel. This issue is rated as High because it first requires 1496 compromising a privileged process.</p> 1497 1498 <table> 1499 <col width="19%"> 1500 <col width="20%"> 1501 <col width="10%"> 1502 <col width="23%"> 1503 <col width="17%"> 1504 <tr> 1505 <th>CVE</th> 1506 <th>References</th> 1507 <th>Severity</th> 1508 <th>Updated Google devices</th> 1509 <th>Date reported</th> 1510 </tr> 1511 <tr> 1512 <td>CVE-2017-0579</td> 1513 <td>A-34125463*<br> 1514 QC-CR#1115406</td> 1515 <td>High</td> 1516 <td>Nexus 5X, Nexus 6P, Pixel, Pixel XL</td> 1517 <td>Jan 5, 2017</td> 1518 </tr> 1519 <tr> 1520 <td>CVE-2016-10232</td> 1521 <td>A-34386696<br> 1522 <a 1523 href="https://source.codeaurora.org/quic/la//kernel/msm-3.10/commit/?id=21e0ead58e47798567d846b84f16f89cf69a57ae"> 1524 QC-CR#1024872</a> <a 1525 href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=27f7b3b3059f6181e2786f886f4cd92f413bc30c"> 1526 [2]</a></td> 1527 <td>High</td> 1528 <td>Nexus 5X, Nexus 6P, Pixel, Pixel XL, Android One</td> 1529 <td>Jan 10, 2017</td> 1530 </tr> 1531 <tr> 1532 <td>CVE-2016-10233</td> 1533 <td>A-34389926<br> 1534 <a 1535 href="https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=d793c6d91ecba2a1fd206ad47a4fd408d290addf"> 1536 QC-CR#897452</a></td> 1537 <td>High</td> 1538 <td>None**</td> 1539 <td>Jan 10, 2017</td> 1540 </tr> 1541 </table> 1542 <p>* The patch for this issue is not publicly available. The update is contained 1543 in the latest binary drivers for Nexus devices available from the 1544 <a href="https://developers.google.com/android/nexus/drivers"> 1545 Google Developer site</a>.</p> 1546 <p>** Supported Google devices on Android 7.0 or later that have installed all 1547 available updates are not affected by this vulnerability.</p> 1548 1549 1550 <h3 id="eop-in-nvidia-boot-and-power-management-processor-driver">Elevation of 1551 privilege vulnerability in NVIDIA boot and power management processor 1552 driver</h3> 1553 <p>An elevation of privilege vulnerability in the NVIDIA boot and power management 1554 processor driver could enable a local malicious application to execute 1555 arbitrary code within the context of the boot and power management processor. 1556 This issue is rated as High because it first requires compromising a privileged 1557 process.</p> 1558 1559 <table> 1560 <col width="19%"> 1561 <col width="20%"> 1562 <col width="10%"> 1563 <col width="23%"> 1564 <col width="17%"> 1565 <tr> 1566 <th>CVE</th> 1567 <th>References</th> 1568 <th>Severity</th> 1569 <th>Updated Google devices</th> 1570 <th>Date reported</th> 1571 </tr> 1572 <tr> 1573 <td>CVE-2017-0329</td> 1574 <td>A-34115304*<br> 1575 N-CVE-2017-0329</td> 1576 <td>High</td> 1577 <td>Pixel C</td> 1578 <td>Jan 5, 2017</td> 1579 </tr> 1580 </table> 1581 <p>* The patch for this issue is not publicly available. The update is contained 1582 in the latest binary drivers for Nexus devices available from the 1583 <a href="https://developers.google.com/android/nexus/drivers"> 1584 Google Developer site</a>.</p> 1585 1586 1587 <h3 id="eop-in-synaptics-touchscreen-driver">Elevation of privilege 1588 vulnerability in Synaptics touchscreen driver</h3> 1589 <p>An elevation of privilege vulnerability in the Synaptics Touchscreen driver 1590 could enable a local malicious application to execute arbitrary code within the 1591 context of the kernel. This issue is rated as High because it first requires 1592 compromising a privileged process.</p> 1593 1594 <table> 1595 <col width="19%"> 1596 <col width="20%"> 1597 <col width="10%"> 1598 <col width="23%"> 1599 <col width="17%"> 1600 <tr> 1601 <th>CVE</th> 1602 <th>References</th> 1603 <th>Severity</th> 1604 <th>Updated Google devices</th> 1605 <th>Date reported</th> 1606 </tr> 1607 <tr> 1608 <td>CVE-2017-0580</td> 1609 <td>A-34325986*<br> 1610 </td> 1611 <td>High</td> 1612 <td>None**</td> 1613 <td>Jan 16, 2017</td> 1614 </tr> 1615 <tr> 1616 <td>CVE-2017-0581</td> 1617 <td>A-34614485*<br> 1618 </td> 1619 <td>High</td> 1620 <td>None**</td> 1621 <td>Jan 22, 2017</td> 1622 </tr> 1623 </table> 1624 <p>* The patch for this issue is not publicly available. The update is contained 1625 in the latest binary drivers for Nexus devices available from the 1626 <a href="https://developers.google.com/android/nexus/drivers"> 1627 Google Developer site</a>.</p> 1628 <p>** Supported Google devices on Android 7.0 or later that have installed all 1629 available updates are not affected by this vulnerability.</p> 1630 1631 1632 <h3 id="eop-in-qualcomm-seemp-driver">Elevation of privilege vulnerability in 1633 Qualcomm Seemp driver</h3> 1634 <p>An elevation of privilege vulnerability in the Qualcomm Seemp driver could 1635 enable a local malicious application to execute arbitrary code within the 1636 context of the kernel. This issue is rated as High because it first requires 1637 compromising a privileged process.</p> 1638 1639 <table> 1640 <col width="19%"> 1641 <col width="20%"> 1642 <col width="10%"> 1643 <col width="23%"> 1644 <col width="17%"> 1645 <tr> 1646 <th>CVE</th> 1647 <th>References</th> 1648 <th>Severity</th> 1649 <th>Updated Google devices</th> 1650 <th>Date reported</th> 1651 </tr> 1652 <tr> 1653 <td>CVE-2017-0462</td> 1654 <td>A-33353601<br> 1655 <a 1656 href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=eb7b1426279e751b1fc3e86f434dc349945c1ae7"> 1657 QC-CR#1102288</a></td> 1658 <td>High</td> 1659 <td>Pixel, Pixel XL</td> 1660 <td>Google internal</td> 1661 </tr> 1662 </table> 1663 1664 1665 <h3 id="eop-in-qualcomm-kyro-l2-driver">Elevation of privilege vulnerability in 1666 Qualcomm Kyro L2 driver</h3> 1667 <p>An elevation of privilege vulnerability in the Qualcomm Kyro L2 driver could 1668 enable a local malicious application to execute arbitrary code within the 1669 context of the kernel. This issue is rated as High because it first requires 1670 compromising a privileged process.</p> 1671 1672 <table> 1673 <col width="19%"> 1674 <col width="20%"> 1675 <col width="10%"> 1676 <col width="23%"> 1677 <col width="17%"> 1678 <tr> 1679 <th>CVE</th> 1680 <th>References</th> 1681 <th>Severity</th> 1682 <th>Updated Google devices</th> 1683 <th>Date reported</th> 1684 </tr> 1685 <tr> 1686 <td>CVE-2017-6423</td> 1687 <td>A-32831370<br> 1688 <a 1689 href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=0f264f812b61884390b432fdad081a3e995ba768"> 1690 QC-CR#1103158</a></td> 1691 <td>High</td> 1692 <td>Pixel, Pixel XL</td> 1693 <td>Google internal</td> 1694 </tr> 1695 </table> 1696 1697 1698 <h3 id="eop-in-kernel-file-system">Elevation of privilege vulnerability in 1699 kernel file system</h3> 1700 <p>An elevation of privilege vulnerability in the kernel file system could enable 1701 a local malicious application to execute arbitrary code within the context of 1702 the kernel. This issue is rated as High because it first requires compromising 1703 a privileged process.</p> 1704 1705 <table> 1706 <col width="19%"> 1707 <col width="20%"> 1708 <col width="10%"> 1709 <col width="23%"> 1710 <col width="17%"> 1711 <tr> 1712 <th>CVE</th> 1713 <th>References</th> 1714 <th>Severity</th> 1715 <th>Updated Google devices</th> 1716 <th>Date reported</th> 1717 </tr> 1718 <tr> 1719 <td>CVE-2014-9922</td> 1720 <td>A-32761463<br> 1721 <a 1722 href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=69c433ed2ecd2d3264efd7afec4439524b319121"> 1723 Upstream kernel</a></td> 1724 <td>High</td> 1725 <td>Nexus 5X, Nexus 6, Nexus 6P, Nexus 9, Pixel, Pixel XL, Pixel C, Android 1726 One, Nexus Player</td> 1727 <td>Oct 24, 2014</td> 1728 </tr> 1729 </table> 1730 1731 1732 <h3 id="id-in-kernel-memory-subsystem">Information disclosure vulnerability in 1733 kernel memory subsystem</h3> 1734 <p>An information disclosure vulnerability in the kernel memory subsystem could 1735 enable a local malicious application to access data outside of its permission 1736 levels. This issue is rated as High because it could be used to access 1737 sensitive data without explicit user permission.</p> 1738 1739 <table> 1740 <col width="19%"> 1741 <col width="20%"> 1742 <col width="10%"> 1743 <col width="23%"> 1744 <col width="17%"> 1745 <tr> 1746 <th>CVE</th> 1747 <th>References</th> 1748 <th>Severity</th> 1749 <th>Updated Google devices</th> 1750 <th>Date reported</th> 1751 </tr> 1752 <tr> 1753 <td>CVE-2014-0206</td> 1754 <td>A-34465735<br> 1755 <a 1756 href="https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=d36db46c2cba973557eb6138d22210c4e0cf17d6"> 1757 Upstream kernel</a></td> 1758 <td>High</td> 1759 <td>Nexus 6, Nexus Player</td> 1760 <td>May 6, 2014</td> 1761 </tr> 1762 </table> 1763 1764 1765 <h3 id="id-in-kernel-networking-subsystem">Information disclosure vulnerability 1766 in kernel networking subsystem</h3> 1767 <p>An information disclosure vulnerability in the kernel networking subsystem 1768 could enable a local malicious application to access data outside of its 1769 permission levels. This issue is rated as High because it could be used to 1770 access sensitive data without explicit user permission.</p> 1771 1772 <table> 1773 <col width="19%"> 1774 <col width="20%"> 1775 <col width="10%"> 1776 <col width="23%"> 1777 <col width="17%"> 1778 <tr> 1779 <th>CVE</th> 1780 <th>References</th> 1781 <th>Severity</th> 1782 <th>Updated Google devices</th> 1783 <th>Date reported</th> 1784 </tr> 1785 <tr> 1786 <td>CVE-2014-3145</td> 1787 <td>A-34469585<br> 1788 <a 1789 href="https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=314760e66c35c8ffa51b4c4ca6948d207e783079"> 1790 Upstream kernel</a> <a 1791 href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=05ab8f2647e4221cbdb3856dd7d32bd5407316b3"> 1792 [2]</a></td> 1793 <td>High</td> 1794 <td>Nexus 6, Nexus Player</td> 1795 <td>May 9, 2014</td> 1796 </tr> 1797 </table> 1798 1799 1800 <h3 id="id-in-qualcomm-trustzone">Information disclosure vulnerability in 1801 Qualcomm TrustZone</h3> 1802 <p>An information disclosure vulnerability in the Qualcomm TrustZone could enable 1803 a local malicious application to access data outside of its permission levels. 1804 This issue is rated as High because it could be used to access sensitive data 1805 without explicit user permission.</p> 1806 1807 <table> 1808 <col width="19%"> 1809 <col width="20%"> 1810 <col width="10%"> 1811 <col width="23%"> 1812 <col width="17%"> 1813 <tr> 1814 <th>CVE</th> 1815 <th>References</th> 1816 <th>Severity</th> 1817 <th>Updated Google devices</th> 1818 <th>Date reported</th> 1819 </tr> 1820 <tr> 1821 <td>CVE-2016-5349</td> 1822 <td>A-29083830<br> 1823 <a 1824 href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=7c3bf6557c62d904b15507eb451fda8fd7ef750c"> 1825 QC-CR#1021945</a> <a 1826 href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=03853a58952834ac3e1e3007c9c680dd4c001a2f"> 1827 [2]</a> <a 1828 href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=e3d969000fb60ecb9bc01667fa89957f67763514"> 1829 [3]</a> <a 1830 href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=9bd398661cae758ffc557adc7de74ba32654e1f9"> 1831 [4]</a></td> 1832 <td>High</td> 1833 <td>Nexus 5X, Nexus 6, Nexus 6P, Pixel, Pixel XL, Android One</td> 1834 <td>Jun 1, 2016</td> 1835 </tr> 1836 </table> 1837 1838 1839 <h3 id="id-in-qualcomm-ipa-driver">Information disclosure vulnerability in 1840 Qualcomm IPA driver</h3> 1841 <p>An information disclosure vulnerability in the Qualcomm IPA driver could enable 1842 a local malicious application to access data outside of its permission levels. 1843 This issue is rated as High because it could be used to access sensitive data 1844 without explicit user permission.</p> 1845 1846 <table> 1847 <col width="19%"> 1848 <col width="20%"> 1849 <col width="10%"> 1850 <col width="23%"> 1851 <col width="17%"> 1852 <tr> 1853 <th>CVE</th> 1854 <th>References</th> 1855 <th>Severity</th> 1856 <th>Updated Google devices</th> 1857 <th>Date reported</th> 1858 </tr> 1859 <tr> 1860 <td>CVE-2016-10234</td> 1861 <td>A-34390017<br> 1862 <a 1863 href="https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=c7d7492c1e329fdeb28a7901c4cd634d41a996b1"> 1864 QC-CR#1069060</a> <a 1865 href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=d12370c7f3ecded1867fbd6b70ded35db55cab1d"> 1866 [2]</a></td> 1867 <td>High</td> 1868 <td>Nexus 5X, Nexus 6P, Pixel, Pixel XL</td> 1869 <td>Jan 10, 2017</td> 1870 </tr> 1871 </table> 1872 1873 1874 <h3 id="dos-in-kernel-networking-subsystem">Denial of service vulnerability in 1875 kernel networking subsystem</h3> 1876 <p>A denial of service vulnerability in the kernel networking subsystem could 1877 enable a remote attacker to use a specially crafted network packet to cause a 1878 device hang or reboot. This issue is rated as High due to the possibility of 1879 remote denial of service.</p> 1880 1881 <table> 1882 <col width="19%"> 1883 <col width="20%"> 1884 <col width="10%"> 1885 <col width="23%"> 1886 <col width="17%"> 1887 <tr> 1888 <th>CVE</th> 1889 <th>References</th> 1890 <th>Severity</th> 1891 <th>Updated Google devices</th> 1892 <th>Date reported</th> 1893 </tr> 1894 <tr> 1895 <td>CVE-2014-2706</td> 1896 <td>A-34160553<br> 1897 <a 1898 href="https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=1d147bfa64293b2723c4fec50922168658e613ba"> 1899 Upstream kernel</a></td> 1900 <td>High</td> 1901 <td>Nexus Player</td> 1902 <td>Apr 1, 2014</td> 1903 </tr> 1904 </table> 1905 1906 1907 <h3 id="dos-in-qualcomm-wi-fi-driver">Denial of service vulnerability in 1908 Qualcomm Wi-Fi driver</h3> 1909 <p>A denial of service vulnerability in the Qualcomm Wi-Fi driver could enable a 1910 proximate attacker to cause a denial of service in the Wi-Fi subsystem. This 1911 issue is rated as High due to the possibility of remote denial of service.</p> 1912 1913 <table> 1914 <col width="19%"> 1915 <col width="20%"> 1916 <col width="10%"> 1917 <col width="23%"> 1918 <col width="17%"> 1919 <tr> 1920 <th>CVE</th> 1921 <th>References</th> 1922 <th>Severity</th> 1923 <th>Updated Google devices</th> 1924 <th>Date reported</th> 1925 </tr> 1926 <tr> 1927 <td>CVE-2016-10235</td> 1928 <td>A-34390620<br> 1929 <a 1930 href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=5bb0059243515ecdac138cfdb4cee7259bbd0bbc"> 1931 QC-CR#1046409</a></td> 1932 <td>High</td> 1933 <td>None**</td> 1934 <td>Jan 10, 2017</td> 1935 </tr> 1936 </table> 1937 <p>** Supported Google devices on Android 7.0 or later that have installed all 1938 available updates are not affected by this vulnerability.</p> 1939 1940 1941 <h3 id="eop-in-kernel-file-system-2">Elevation of privilege vulnerability in 1942 kernel file system</h3> 1943 <p>An elevation of privilege vulnerability in the kernel file system could enable 1944 a local malicious application to execute arbitrary code outside of its 1945 permission levels. This issue is rated as Moderate because it first requires 1946 compromising a privileged process and is mitigated by current platform 1947 configurations.</p> 1948 1949 <table> 1950 <col width="19%"> 1951 <col width="20%"> 1952 <col width="10%"> 1953 <col width="23%"> 1954 <col width="17%"> 1955 <tr> 1956 <th>CVE</th> 1957 <th>References</th> 1958 <th>Severity</th> 1959 <th>Updated Google devices</th> 1960 <th>Date reported</th> 1961 </tr> 1962 <tr> 1963 <td>CVE-2016-7097</td> 1964 <td>A-32458736<br> 1965 <a 1966 href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=073931017b49d9458aa351605b43a7e34598caef"> 1967 Upstream kernel</a></td> 1968 <td>Moderate</td> 1969 <td>Nexus 5X, Nexus 6, Nexus 6P, Nexus 9, Pixel, Pixel XL, Pixel C, Nexus 1970 Player</td> 1971 <td>Aug 28, 2016</td> 1972 </tr> 1973 </table> 1974 1975 1976 <h3 id="eop-in-qualcomm-wi-fi-driver-2">Elevation of privilege vulnerability in 1977 Qualcomm Wi-Fi driver</h3> 1978 <p>An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could 1979 enable a local malicious application to execute arbitrary code within the 1980 context of the kernel. This issue is rated as Moderate because it first 1981 requires compromising a privileged process and because of vulnerability 1982 specific details which limit the impact of the issue.</p> 1983 1984 <table> 1985 <col width="19%"> 1986 <col width="20%"> 1987 <col width="10%"> 1988 <col width="23%"> 1989 <col width="17%"> 1990 <tr> 1991 <th>CVE</th> 1992 <th>References</th> 1993 <th>Severity</th> 1994 <th>Updated Google devices</th> 1995 <th>Date reported</th> 1996 </tr> 1997 <tr> 1998 <td>CVE-2017-6424</td> 1999 <td>A-32086742<br> 2000 <a 2001 href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=5cc2ac840e36a3342c5194c20b314f0bb95ef7e1"> 2002 QC-CR#1102648</a></td> 2003 <td>Moderate</td> 2004 <td>Nexus 5X, Pixel, Pixel XL, Android One</td> 2005 <td>Oct 9, 2016</td> 2006 </tr> 2007 </table> 2008 2009 2010 <h3 id="eop-in-broadcom-wi-fi-driver-2">Elevation of privilege vulnerability in 2011 Broadcom Wi-Fi driver</h3> 2012 <p>An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could 2013 enable a local malicious application to execute arbitrary code within the 2014 context of the kernel. This issue is rated as Moderate because it first 2015 requires compromising a privileged process and is mitigated by current platform 2016 configurations.</p> 2017 2018 <table> 2019 <col width="19%"> 2020 <col width="20%"> 2021 <col width="10%"> 2022 <col width="23%"> 2023 <col width="17%"> 2024 <tr> 2025 <th>CVE</th> 2026 <th>References</th> 2027 <th>Severity</th> 2028 <th>Updated Google devices</th> 2029 <th>Date reported</th> 2030 </tr> 2031 <tr> 2032 <td>CVE-2016-8465</td> 2033 <td>A-32474971*<br> 2034 B-RB#106053</td> 2035 <td>Moderate</td> 2036 <td>Nexus 6, Nexus 6P, Nexus 9, Pixel C, Nexus Player</td> 2037 <td>Oct 27, 2016</td> 2038 </tr> 2039 </table> 2040 <p>* The patch for this issue is not publicly available. The update is contained 2041 in the latest binary drivers for Nexus devices available from the 2042 <a href="https://developers.google.com/android/nexus/drivers"> 2043 Google Developer site</a>.</p> 2044 2045 2046 <h3 id="eop-in-htc-oem-fastboot-command">Elevation of privilege vulnerability 2047 in HTC OEM fastboot command</h3> 2048 <p>An elevation of privilege vulnerability in the HTC OEM fastboot command could 2049 enable a local malicious application to execute arbitrary code within the 2050 context of the sensor hub. This issue is rated as Moderate because it first 2051 requires exploitation of separate vulnerabilities.</p> 2052 2053 <table> 2054 <col width="19%"> 2055 <col width="20%"> 2056 <col width="10%"> 2057 <col width="23%"> 2058 <col width="17%"> 2059 <tr> 2060 <th>CVE</th> 2061 <th>References</th> 2062 <th>Severity</th> 2063 <th>Updated Google devices</th> 2064 <th>Date reported</th> 2065 </tr> 2066 <tr> 2067 <td>CVE-2017-0582</td> 2068 <td>A-33178836*<br> 2069 </td> 2070 <td>Moderate</td> 2071 <td>Nexus 9</td> 2072 <td>Nov 28, 2016</td> 2073 </tr> 2074 </table> 2075 <p>* The patch for this issue is not publicly available. The update is contained 2076 in the latest binary drivers for Nexus devices available from the 2077 <a href="https://developers.google.com/android/nexus/drivers"> 2078 Google Developer site</a>.</p> 2079 2080 2081 <h3 id="eop-in-qualcomm-cp-access-driver">Elevation of privilege vulnerability 2082 in Qualcomm CP access driver</h3> 2083 <p>An elevation of privilege vulnerability in the Qualcomm CP access driver could 2084 enable a local malicious application to execute arbitrary code within the 2085 context of the kernel. This issue is rated as Moderate because it first 2086 requires compromising a privileged process and because of vulnerability 2087 specific details which limit the impact of the issue.</p> 2088 2089 <table> 2090 <col width="19%"> 2091 <col width="20%"> 2092 <col width="10%"> 2093 <col width="23%"> 2094 <col width="17%"> 2095 <tr> 2096 <th>CVE</th> 2097 <th>References</th> 2098 <th>Severity</th> 2099 <th>Updated Google devices</th> 2100 <th>Date reported</th> 2101 </tr> 2102 <tr> 2103 <td>CVE-2017-0583</td> 2104 <td>A-32068683<br> 2105 <a 2106 href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=452d2ad331d20b19e8a0768c4b6e7fe1b65abe8f"> 2107 QC-CR#1103788</a></td> 2108 <td>Moderate</td> 2109 <td>Nexus 5X, Nexus 6P, Pixel, Pixel XL, Android One</td> 2110 <td>Google internal</td> 2111 </tr> 2112 </table> 2113 2114 2115 <h3 id="id-in-kernel-media-driver">Information disclosure vulnerability in 2116 kernel media driver</h3> 2117 <p>An information disclosure vulnerability in the kernel media driver could enable 2118 a local malicious application to access data outside of its permission levels. 2119 This issue is rated as Moderate because it first requires compromising a 2120 privileged process.</p> 2121 2122 <table> 2123 <col width="19%"> 2124 <col width="20%"> 2125 <col width="10%"> 2126 <col width="23%"> 2127 <col width="17%"> 2128 <tr> 2129 <th>CVE</th> 2130 <th>References</th> 2131 <th>Severity</th> 2132 <th>Updated Google devices</th> 2133 <th>Date reported</th> 2134 </tr> 2135 <tr> 2136 <td>CVE-2014-1739</td> 2137 <td>A-34460642<br> 2138 <a 2139 href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e6a623460e5fc960ac3ee9f946d3106233fd28d8"> 2140 Upstream kernel</a></td> 2141 <td>Moderate</td> 2142 <td>Nexus 6, Nexus 9, Nexus Player</td> 2143 <td>Jun 15, 2014</td> 2144 </tr> 2145 </table> 2146 2147 2148 <h3 id="id-in-qualcomm-wi-fi-driver">Information disclosure vulnerability in 2149 Qualcomm Wi-Fi driver</h3> 2150 <p>An information disclosure vulnerability in the Qualcomm Wi-Fi driver could 2151 enable a local malicious application to access data outside of its permission 2152 levels. This issue is rated as Moderate because it first requires compromising 2153 a privileged process.</p> 2154 2155 <table> 2156 <col width="19%"> 2157 <col width="20%"> 2158 <col width="10%"> 2159 <col width="23%"> 2160 <col width="17%"> 2161 <tr> 2162 <th>CVE</th> 2163 <th>References</th> 2164 <th>Severity</th> 2165 <th>Updated Google devices</th> 2166 <th>Date reported</th> 2167 </tr> 2168 <tr> 2169 <td>CVE-2017-0584</td> 2170 <td>A-32074353*<br> 2171 QC-CR#1104731</td> 2172 <td>Moderate</td> 2173 <td>Nexus 5X, Pixel, Pixel XL</td> 2174 <td>Oct 9, 2016</td> 2175 </tr> 2176 </table> 2177 <p>* The patch for this issue is not publicly available. The update is contained 2178 in the latest binary drivers for Nexus devices available from the 2179 <a href="https://developers.google.com/android/nexus/drivers"> 2180 Google Developer site</a>.</p> 2181 2182 2183 <h3 id="id-in-broadcom-wi-fi-driver">Information disclosure vulnerability in 2184 Broadcom Wi-Fi driver</h3> 2185 <p>An information disclosure vulnerability in the Broadcom Wi-Fi driver could 2186 enable a local malicious application to access data outside of its permission 2187 levels. This issue is rated as Moderate because it first requires compromising 2188 a privileged process.</p> 2189 2190 <table> 2191 <col width="19%"> 2192 <col width="20%"> 2193 <col width="10%"> 2194 <col width="23%"> 2195 <col width="17%"> 2196 <tr> 2197 <th>CVE</th> 2198 <th>References</th> 2199 <th>Severity</th> 2200 <th>Updated Google devices</th> 2201 <th>Date reported</th> 2202 </tr> 2203 <tr> 2204 <td>CVE-2017-0585</td> 2205 <td>A-32475556*<br> 2206 B-RB#112953</td> 2207 <td>Moderate</td> 2208 <td>Nexus 6, Nexus 6P, Nexus 9, Pixel C, Nexus Player</td> 2209 <td>Oct 27, 2016</td> 2210 </tr> 2211 </table> 2212 <p>* The patch for this issue is not publicly available. The update is contained 2213 in the latest binary drivers for Nexus devices available from the 2214 <a href="https://developers.google.com/android/nexus/drivers"> 2215 Google Developer site</a>.</p> 2216 2217 2218 <h3 id="id-in-qualcomm-avtimer-driver">Information disclosure vulnerability in 2219 Qualcomm Avtimer driver</h3> 2220 <p>An information disclosure vulnerability in the Qualcomm Avtimer driver could 2221 enable a local malicious application to access data outside of its permission 2222 levels. This issue is rated as Moderate because it first requires compromising 2223 a privileged process.</p> 2224 2225 <table> 2226 <col width="19%"> 2227 <col width="20%"> 2228 <col width="10%"> 2229 <col width="23%"> 2230 <col width="17%"> 2231 <tr> 2232 <th>CVE</th> 2233 <th>References</th> 2234 <th>Severity</th> 2235 <th>Updated Google devices</th> 2236 <th>Date reported</th> 2237 </tr> 2238 <tr> 2239 <td>CVE-2016-5346</td> 2240 <td>A-32551280<br> 2241 <a 2242 href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=6298a474322fb2182f795a622b2faa64abfd8474"> 2243 QC-CR#1097878</a></td> 2244 <td>Moderate</td> 2245 <td>Pixel, Pixel XL</td> 2246 <td>Oct 29, 2016</td> 2247 </tr> 2248 </table> 2249 2250 2251 <h3 id="id-in-qualcomm-video-driver">Information disclosure vulnerability in 2252 Qualcomm video driver</h3> 2253 <p>An information disclosure vulnerability in the Qualcomm video driver could 2254 enable a local malicious application to access data outside of its permission 2255 levels. This issue is rated as Moderate because it first requires compromising 2256 a privileged process.</p> 2257 2258 <table> 2259 <col width="19%"> 2260 <col width="20%"> 2261 <col width="10%"> 2262 <col width="23%"> 2263 <col width="17%"> 2264 <tr> 2265 <th>CVE</th> 2266 <th>References</th> 2267 <th>Severity</th> 2268 <th>Updated Google devices</th> 2269 <th>Date reported</th> 2270 </tr> 2271 <tr> 2272 <td>CVE-2017-6425</td> 2273 <td>A-32577085<br> 2274 <a 2275 href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=ef86560a21fe1f256f6ba772a195201ff202c657"> 2276 QC-CR#1103689</a></td> 2277 <td>Moderate</td> 2278 <td>Pixel, Pixel XL</td> 2279 <td>Oct 29, 2016</td> 2280 </tr> 2281 </table> 2282 2283 2284 <h3 id="id-in-qualcomm-usb-driver">Information disclosure vulnerability in 2285 Qualcomm USB driver</h3> 2286 <p>An information disclosure vulnerability in the Qualcomm USB driver could enable 2287 a local malicious application to access data outside of its permission levels. 2288 This issue is rated as Moderate because it first requires compromising a 2289 privileged process.</p> 2290 2291 <table> 2292 <col width="19%"> 2293 <col width="20%"> 2294 <col width="10%"> 2295 <col width="23%"> 2296 <col width="17%"> 2297 <tr> 2298 <th>CVE</th> 2299 <th>References</th> 2300 <th>Severity</th> 2301 <th>Updated Google devices</th> 2302 <th>Date reported</th> 2303 </tr> 2304 <tr> 2305 <td>CVE-2016-10236</td> 2306 <td>A-33280689<br> 2307 <a 2308 href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=b8199c2b852f1e23c988e10b8fbb8d34c98b4a1c"> 2309 QC-CR#1102418</a></td> 2310 <td>Moderate</td> 2311 <td>Pixel, Pixel XL</td> 2312 <td>Nov 30, 2016</td> 2313 </tr> 2314 </table> 2315 2316 2317 <h3 id="id-in-qualcomm-sound-driver">Information disclosure vulnerability in 2318 Qualcomm sound driver</h3> 2319 <p>An information disclosure vulnerability in the Qualcomm sound driver could 2320 enable a local malicious application to access data outside of its permission 2321 levels. This issue is rated as Moderate because it first requires compromising 2322 a privileged process.</p> 2323 2324 <table> 2325 <col width="19%"> 2326 <col width="20%"> 2327 <col width="10%"> 2328 <col width="23%"> 2329 <col width="17%"> 2330 <tr> 2331 <th>CVE</th> 2332 <th>References</th> 2333 <th>Severity</th> 2334 <th>Updated Google devices</th> 2335 <th>Date reported</th> 2336 </tr> 2337 <tr> 2338 <td>CVE-2017-0586</td> 2339 <td>A-33649808<br> 2340 QC-CR#1097569</td> 2341 <td>Moderate</td> 2342 <td>Nexus 5X, Nexus 6, Nexus 6P, Pixel, Pixel XL, Android One</td> 2343 <td>Dec 13, 2016</td> 2344 </tr> 2345 </table> 2346 2347 2348 <h3 id="id-in-qualcomm-spmi-driver">Information disclosure vulnerability in 2349 Qualcomm SPMI driver</h3> 2350 <p>An information disclosure vulnerability in the Qualcomm SPMI driver could 2351 enable a local malicious application to access data outside of its permission 2352 levels. This issue is rated as Moderate because it first requires compromising 2353 a privileged process.</p> 2354 2355 <table> 2356 <col width="19%"> 2357 <col width="20%"> 2358 <col width="10%"> 2359 <col width="23%"> 2360 <col width="17%"> 2361 <tr> 2362 <th>CVE</th> 2363 <th>References</th> 2364 <th>Severity</th> 2365 <th>Updated Google devices</th> 2366 <th>Date reported</th> 2367 </tr> 2368 <tr> 2369 <td>CVE-2017-6426</td> 2370 <td>A-33644474<br> 2371 <a 2372 href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=80decd6365deec08c35ecb902a58f9210599b39a"> 2373 QC-CR#1106842</a></td> 2374 <td>Moderate</td> 2375 <td>Pixel, Pixel XL</td> 2376 <td>Dec 14, 2016</td> 2377 </tr> 2378 </table> 2379 2380 2381 <h3 id="id-in-nvidia-crypto-driver">Information disclosure vulnerability in 2382 NVIDIA crypto driver</h3> 2383 <p>An information disclosure vulnerability in the NVIDIA crypto driver could 2384 enable a local malicious application to access data outside of its permission 2385 levels. This issue is rated as Moderate because it first requires compromising 2386 a privileged process.</p> 2387 2388 <table> 2389 <col width="19%"> 2390 <col width="20%"> 2391 <col width="10%"> 2392 <col width="23%"> 2393 <col width="17%"> 2394 <tr> 2395 <th>CVE</th> 2396 <th>References</th> 2397 <th>Severity</th> 2398 <th>Updated Google devices</th> 2399 <th>Date reported</th> 2400 </tr> 2401 <tr> 2402 <td>CVE-2017-0328</td> 2403 <td>A-33898322*<br> 2404 N-CVE-2017-0328</td> 2405 <td>Moderate</td> 2406 <td>None**</td> 2407 <td>Dec 24, 2016</td> 2408 </tr> 2409 <tr> 2410 <td>CVE-2017-0330</td> 2411 <td>A-33899858*<br> 2412 N-CVE-2017-0330</td> 2413 <td>Moderate</td> 2414 <td>None**</td> 2415 <td>Dec 24, 2016</td> 2416 </tr> 2417 </table> 2418 <p>* The patch for this issue is not publicly available. The update is contained 2419 in the latest binary drivers for Nexus devices available from the 2420 <a href="https://developers.google.com/android/nexus/drivers"> 2421 Google Developer site</a>.</p> 2422 <p>** Supported Google devices on Android 7.0 or later that have installed all 2423 available updates are not affected by this vulnerability.</p> 2424 2425 2426 <h3 id="vulnerabilities-in-qualcomm-components-2">Vulnerabilities in Qualcomm 2427 components</h3> 2428 <p>These vulnerabilities affecting Qualcomm components were released as part of 2429 Qualcomm AMSS security bulletins between 20142016. They are included in this 2430 Android security bulletin to associate their fixes with an Android security 2431 patch level. </p> 2432 2433 <table> 2434 <col width="19%"> 2435 <col width="20%"> 2436 <col width="10%"> 2437 <col width="23%"> 2438 <col width="17%"> 2439 <tr> 2440 <th>CVE</th> 2441 <th>References</th> 2442 <th>Severity</th> 2443 <th>Updated Google devices</th> 2444 <th>Date reported</th> 2445 </tr> 2446 <tr> 2447 <td>CVE-2014-9931</td> 2448 <td>A-35445101**<br> 2449 QC-CR#612410</td> 2450 <td>Critical</td> 2451 <td>None**</td> 2452 <td>Qualcomm internal</td> 2453 </tr> 2454 <tr> 2455 <td>CVE-2014-9932</td> 2456 <td>A-35434683**<br> 2457 QC-CR#626734</td> 2458 <td>Critical</td> 2459 <td>Pixel, Pixel XL</td> 2460 <td>Qualcomm internal</td> 2461 </tr> 2462 <tr> 2463 <td>CVE-2014-9933</td> 2464 <td>A-35442512<br> 2465 QC-CR#675463</td> 2466 <td>Critical</td> 2467 <td>None**</td> 2468 <td>Qualcomm internal</td> 2469 </tr> 2470 <tr> 2471 <td>CVE-2014-9934</td> 2472 <td>A-35439275**<br> 2473 QC-CR#658249</td> 2474 <td>Critical</td> 2475 <td>None**</td> 2476 <td>Qualcomm internal</td> 2477 </tr> 2478 <tr> 2479 <td>CVE-2014-9935</td> 2480 <td>A-35444951**<br> 2481 QC-CR#717626</td> 2482 <td>Critical</td> 2483 <td>None**</td> 2484 <td>Qualcomm internal</td> 2485 </tr> 2486 <tr> 2487 <td>CVE-2014-9936</td> 2488 <td>A-35442420**<br> 2489 QC-CR#727389</td> 2490 <td>Critical</td> 2491 <td>None**</td> 2492 <td>Qualcomm internal</td> 2493 </tr> 2494 <tr> 2495 <td>CVE-2014-9937</td> 2496 <td>A-35445102**<br> 2497 QC-CR#734095</td> 2498 <td>Critical</td> 2499 <td>None**</td> 2500 <td>Qualcomm internal</td> 2501 </tr> 2502 <tr> 2503 <td>CVE-2015-8995</td> 2504 <td>A-35445002**<br> 2505 QC-CR#733690</td> 2506 <td>Critical</td> 2507 <td>None**</td> 2508 <td>Qualcomm internal</td> 2509 </tr> 2510 <tr> 2511 <td>CVE-2015-8996</td> 2512 <td>A-35444658**<br> 2513 QC-CR#734698</td> 2514 <td>Critical</td> 2515 <td>None**</td> 2516 <td>Qualcomm internal</td> 2517 </tr> 2518 <tr> 2519 <td>CVE-2015-8997</td> 2520 <td>A-35432947**<br> 2521 QC-CR#734707</td> 2522 <td>Critical</td> 2523 <td>None**</td> 2524 <td>Qualcomm internal</td> 2525 </tr> 2526 <tr> 2527 <td>CVE-2015-8998</td> 2528 <td>A-35441175**<br> 2529 QC-CR#735337</td> 2530 <td>Critical</td> 2531 <td>None**</td> 2532 <td>Qualcomm internal</td> 2533 </tr> 2534 <tr> 2535 <td>CVE-2015-8999</td> 2536 <td>A-35445401**<br> 2537 QC-CR#736119</td> 2538 <td>Critical</td> 2539 <td>None**</td> 2540 <td>Qualcomm internal</td> 2541 </tr> 2542 <tr> 2543 <td>CVE-2015-9000</td> 2544 <td>A-35441076**<br> 2545 QC-CR#740632</td> 2546 <td>Critical</td> 2547 <td>None**</td> 2548 <td>Qualcomm internal</td> 2549 </tr> 2550 <tr> 2551 <td>CVE-2015-9001</td> 2552 <td>A-35445400**<br> 2553 QC-CR#736083</td> 2554 <td>Critical</td> 2555 <td>None**</td> 2556 <td>Qualcomm internal</td> 2557 </tr> 2558 <tr> 2559 <td>CVE-2015-9002</td> 2560 <td>A-35442421**<br> 2561 QC-CR#748428</td> 2562 <td>Critical</td> 2563 <td>None**</td> 2564 <td>Qualcomm internal</td> 2565 </tr> 2566 <tr> 2567 <td>CVE-2015-9003</td> 2568 <td>A-35440626**<br> 2569 QC-CR#749215</td> 2570 <td>Critical</td> 2571 <td>None**</td> 2572 <td>Qualcomm internal</td> 2573 </tr> 2574 <tr> 2575 <td>CVE-2016-10242</td> 2576 <td>A-35434643**<br> 2577 QC-CR#985139</td> 2578 <td>Critical</td> 2579 <td>None**</td> 2580 <td>Qualcomm internal</td> 2581 </tr> 2582 </table> 2583 <p>* The severity rating for these vulnerabilities was determined by the vendor.</p> 2584 <p>* The patch for this issue is not publicly available. The update is contained 2585 in the latest binary drivers for Nexus devices available from the 2586 <a href="https://developers.google.com/android/nexus/drivers"> 2587 Google Developer site</a>.</p> 2588 <p>*** Supported Google devices on Android 7.0 or later that have installed all 2589 available updates are not affected by this vulnerability.</p> 2590 2591 <h2 id="common-questions-and-answers">Common Questions and Answers</h2> 2592 <p>This section answers common questions that may occur after reading this 2593 bulletin.</p> 2594 <p><strong>1. How do I determine if my device is updated to address these issues?</strong></p> 2595 <p>To learn how to check a device's security patch level, read the instructions on 2596 the <a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">Pixel 2597 and Nexus update schedule</a>.</p> 2598 <ul> 2599 <li>Security patch levels of 2017-04-01 or later address all issues associated 2600 with the 2017-04-01 security patch level.</li> 2601 <li>Security patch levels of 2017-04-05 or later address all issues associated 2602 with the 2017-04-05 security patch level and all previous patch levels.</li> 2603 </ul> 2604 <p>Device manufacturers that include these updates should set the patch string 2605 level to:</p> 2606 <ul> 2607 <li>[ro.build.version.security_patch]:[2017-04-01]</li> 2608 <li>[ro.build.version.security_patch]:[2017-04-05]</li> 2609 </ul> 2610 2611 <p><strong>2. Why does this bulletin have two security patch levels?</strong></p> 2612 <p>This bulletin has two security patch levels so that Android partners have the 2613 flexibility to fix a subset of vulnerabilities that are similar across all 2614 Android devices more quickly. Android partners are encouraged to fix all issues 2615 in this bulletin and use the latest security patch level.</p> 2616 <ul> 2617 <li>Devices that use the April 01, 2017 security patch level must include all 2618 issues associated with that security patch level, as well as fixes for all 2619 issues reported in previous security bulletins.</li> 2620 <li>Devices that use the security patch level of April 05, 2017 or newer must 2621 include all applicable patches in this (and previous) security 2622 bulletins.</li> 2623 </ul> 2624 <p>Partners are encouraged to bundle the fixes for all issues they are addressing 2625 in a single update.</p> 2626 <p><strong>3. How do I determine which Google devices are affected by each 2627 issue?</strong></p> 2628 <p>In the <a 2629 href="#2017-04-01-details">2017-04-01</a> and 2630 <a href="#2017-04-05-details">2017-04-05</a> 2631 security vulnerability details sections, each table has an <em>Updated Google 2632 devices</em> column that covers the range of affected Google devices updated for 2633 each issue. This column has a few options:</p> 2634 <ul> 2635 <li><strong>All Google devices</strong>: If an issue affects All and Pixel 2636 devices, the table will have "All" in the <em>Updated Google devices</em> 2637 column. "All" encapsulates the following <a 2638 href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">supported 2639 devices</a>: Nexus 5X, Nexus 6, Nexus 6P, Nexus 9, Android One, 2640 Nexus Player, Pixel C, Pixel, and Pixel XL.</li> 2641 <li><strong>Some Google devices</strong>: If an issue doesn't affect all Google 2642 devices, the affected Google devices are listed in the <em>Updated Google 2643 devices</em> column.</li> 2644 <li><strong>No Google devices</strong>: If no Google devices running Android 7.0 2645 are affected by the issue, the table will have "None" in the <em>Updated Google 2646 devices</em> column. </li> 2647 </ul> 2648 <p><strong>4. What do the entries in the references column map to?</strong></p> 2649 <p>Entries under the <em>References</em> column of the vulnerability details table 2650 may contain a prefix identifying the organization to which the reference value 2651 belongs. These prefixes map as follows:</p> 2652 <table> 2653 <tr> 2654 <th>Prefix</th> 2655 <th>Reference</th> 2656 </tr> 2657 <tr> 2658 <td>A-</td> 2659 <td>Android bug ID</td> 2660 </tr> 2661 <tr> 2662 <td>QC-</td> 2663 <td>Qualcomm reference number</td> 2664 </tr> 2665 <tr> 2666 <td>M-</td> 2667 <td>MediaTek reference number</td> 2668 </tr> 2669 <tr> 2670 <td>N-</td> 2671 <td>NVIDIA reference number</td> 2672 </tr> 2673 <tr> 2674 <td>B-</td> 2675 <td>Broadcom reference number</td> 2676 </tr> 2677 </table> 2678 2679 <h2 id="revisions">Revisions</h2> 2680 <ul> 2681 <li>April 03, 2017: Bulletin published.</li> 2682 <li>April 05, 2017: Bulletin revised to include AOSP links.</li> 2683 <li>April 21, 2017: Attribution for CVE-2016-10231 and CVE-2017-0586 corrected.</li> 2684 <li>April 27, 2017: CVE-2017-0540 removed from bulletin.</li> 2685 </ul> 2686 2687 </body> 2688 </html> 2689
