1 <html devsite> 2 <head> 3 <title>Android Security BulletinMay 2017</title> 4 <meta name="project_path" value="/_project.yaml" /> 5 <meta name="book_path" value="/_book.yaml" /> 6 </head> 7 <body> 8 <!-- 9 Copyright 2017 The Android Open Source Project 10 11 Licensed under the Apache License, Version 2.0 (the "License"); 12 you may not use this file except in compliance with the License. 13 You may obtain a copy of the License at 14 15 http://www.apache.org/licenses/LICENSE-2.0 16 17 Unless required by applicable law or agreed to in writing, software 18 distributed under the License is distributed on an "AS IS" BASIS, 19 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 20 See the License for the specific language governing permissions and 21 limitations under the License. 22 --> 23 24 25 <p><em>Published May 01, 2017 | Updated May 02, 2017</em></p> 26 27 <p>The Android Security Bulletin contains details of security vulnerabilities 28 affecting Android devices. Alongside the bulletin, we have released a security 29 update to Nexus devices through an over-the-air (OTA) update. The Google device 30 firmware images have also been released to the <a 31 href="https://developers.google.com/android/nexus/images">Google Developer 32 site</a>. Security patch levels of May 05, 2017 or later address all of these 33 issues. Refer to the <a 34 href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">Pixel 35 and Nexus update schedule</a> to learn how to check a device's security patch 36 level.</p> 37 38 <p>Partners were notified of the issues described in the bulletin on April 03, 2017 39 or earlier. Source code patches for these issues have been released to the 40 Android Open Source Project (AOSP) repository and linked from this bulletin. 41 This bulletin also includes links to patches outside of AOSP.</p> 42 43 <p>The most severe of these issues is a Critical security vulnerability that could 44 enable remote code execution on an affected device through multiple methods such 45 as email, web browsing, and MMS when processing media files. The <a 46 href="/security/overview/updates-resources.html#severity">severity 47 assessment</a> is based on the effect that exploiting the vulnerability would 48 possibly have on an affected device, assuming the platform and service 49 mitigations are disabled for development purposes or if successfully bypassed.</p> 50 51 <p>We have had no reports of active customer exploitation or abuse of these newly 52 reported issues. Refer to the <a 53 href="#mitigations">Android and Google service 54 mitigations</a> section for details on the <a 55 href="/security/enhancements/index.html">Android 56 security platform protections</a> and service protections such as <a 57 href="https://developer.android.com/training/safetynet/index.html">SafetyNet</a>, 58 which improve the security of the Android platform.</p> 59 60 <p>We encourage all customers to accept these updates to their devices.</p> 61 <h2 id="announcements">Announcements</h2> 62 <ul> 63 <li>This bulletin has two security patch level strings to provide Android 64 partners with the flexibility to more quickly fix a subset of vulnerabilities 65 that are similar across all Android devices. See <a 66 href="#common-questions-and-answers">Common questions and answers</a> for 67 additional information: 68 <ul> 69 <li><strong>2017-05-01</strong>: Partial security patch level string. This 70 security patch level string indicates that all issues associated with 2017-05-01 71 (and all previous security patch level strings) are addressed.</li> 72 <li><strong>2017-05-05</strong>: Complete security patch level string. This 73 security patch level string indicates that all issues associated with 2017-05-01 74 and 2017-05-05 (and all previous security patch level strings) are addressed.</li> 75 </ul> 76 </li> 77 <li>Supported Google devices will receive a single OTA update with the May 05, 78 2017 security patch level.</li> 79 </ul> 80 81 <h2 id="mitigations">Android and Google Service Mitigations</h2> 82 83 <p>This is a summary of the mitigations provided by the <a 84 href="/security/enhancements/index.html">Android 85 security platform</a> and service protections such as SafetyNet. These 86 capabilities reduce the likelihood that security vulnerabilities could be 87 successfully exploited on Android.</p> 88 89 <ul> 90 <li>Exploitation for many issues on Android is made more difficult by 91 enhancements in newer versions of the Android platform. We encourage all users 92 to update to the latest version of Android where possible.</li> 93 <li>The Android Security team actively monitors for abuse with <a 94 href="/security/reports/Google_Android_Security_2016_Report_Final.pdf">Verify 95 Apps and SafetyNet</a>, which are designed to warn users about <a 96 href="/security/reports/Google_Android_Security_PHA_classifications.pdf">Potentially 97 Harmful Applications</a>. Verify Apps is enabled by default on devices with <a 98 href="http://www.android.com/gms">Google Mobile Services</a> and is especially 99 important for users who install applications from outside of Google Play. Device 100 rooting tools are prohibited within Google Play, but Verify Apps warns users 101 when they attempt to install a detected rooting applicationno matter where it 102 comes from. Additionally, Verify Apps attempts to identify and block 103 installation of known malicious applications that exploit a privilege escalation 104 vulnerability. If such an application has already been installed, Verify Apps 105 will notify the user and attempt to remove the detected application.</li> 106 <li>As appropriate, Google Hangouts and Messenger applications do not 107 automatically pass media to processes such as Mediaserver.</li> 108 </ul> 109 110 <h2 id="acknowledgements">Acknowledgements</h2> 111 112 <p>We would like to thank these researchers for their contributions:</p> 113 <ul> 114 <li>ADlab of Venustech: CVE-2017-0630</li> 115 <li>Di Shen (<a href="https://twitter.com/returnsme">@returnsme</a>) of 116 KeenLab (<a href="https://twitter.com/keen_lab">@keen_lab</a>), Tencent: 117 CVE-2016-10287</li> 118 <li>Ecular Xu () of Trend Micro: CVE-2017-0599, CVE-2017-0635</li> 119 <li>En He (<a href="https://twitter.com/heeeeen4x">@heeeeen4x</a>) and Bo Liu of 120 <a href="http://www.ms509.com">MS509Team</a>: CVE-2017-0601</li> 121 <li>Ethan Yonker of <a href="https://twrp.me/">Team Win Recovery Project</a>: 122 CVE-2017-0493</li> 123 <li>Gengjia Chen (<a href="https://twitter.com/chengjia4574">@chengjia4574</a>) 124 and <a href="http://weibo.com/jfpan">pjf</a> of IceSword Lab, Qihoo 360 125 Technology Co. Ltd: CVE-2016-10285, CVE-2016-10288, CVE-2016-10290, 126 CVE-2017-0624, CVE-2017-0616, CVE-2017-0617, CVE-2016-10294, CVE-2016-10295, 127 CVE-2016-10296</li> 128 <li>godzheng ( <a 129 href="https://twitter.com/virtualseekers">@VirtualSeekers</a>) of Tencent PC 130 Manager: CVE-2017-0602</li> 131 <li><a href="https://www.linkedin.com/in/g%C3%BCliz-seray-tuncay-952a1b9/">Gliz 132 Seray Tuncay</a> of the <a 133 href="http://tuncay2.web.engr.illinois.edu">University of Illinois at 134 Urbana-Champaign</a>: CVE-2017-0593</li> 135 <li>Hao Chen and Guang Gong of Alpha Team, Qihoo 360 Technology Co. Ltd: 136 CVE-2016-10283</li> 137 <li>Juhu Nie, Yang Cheng, Nan Li, and Qiwu Huang of Xiaomi Inc: CVE-2016-10276</li> 138 <li><a href="https://github.com/michalbednarski">Micha Bednarski</a>: 139 CVE-2017-0598</li> 140 <li>Nathan Crandall (<a href="https://twitter.com/natecray">@natecray</a>) of 141 Tesla's Product Security Team: CVE-2017-0331, CVE-2017-0606</li> 142 <li><a href="mailto:jiych.guru (a] gmail.com">Niky1235</a> (<a 143 href="https://twitter.com/jiych_guru">@jiych_guru</a>): CVE-2017-0603</li> 144 <li>Peng Xiao, Chengming Yang, Ning You, Chao Yang, and Yang song of Alibaba 145 Mobile Security Group: CVE-2016-10281, CVE-2016-10280</li> 146 <li>Roee Hay (<a href="https://twitter.com/roeehay">@roeehay</a>) of <a 147 href="https://alephsecurity.com/">Aleph Research</a>: CVE-2016-10277</li> 148 <li><a href="mailto:sbauer (a] plzdonthack.me">Scott Bauer</a> (<a 149 href="https://twitter.com/ScottyBauer1">@ScottyBauer1</a>): CVE-2016-10274</li> 150 <li><a href="mailto:segfault5514 (a] gmail.com">Tong Lin</a>, <a 151 href="mailto:computernik (a] gmail.com">Yuan-Tsung Lo</a>, and Xuxian Jiang of <a 152 href="http://c0reteam.org">C0RE Team</a>: CVE-2016-10291</li> 153 <li>Vasily Vasiliev: CVE-2017-0589</li> 154 <li>V.E.O (<a href="https://twitter.com/vysea">@VYSEa</a>) of <a 155 href="http://blog.trendmicro.com/trendlabs-security-intelligence/category/mobile">Mobile 156 Threat Response Team</a>, <a href="http://www.trendmicro.com">Trend Micro</a>: 157 CVE-2017-0590, CVE-2017-0587, CVE-2017-0600</li> 158 <li>Xiling Gong of Tencent Security Platform Department: CVE-2017-0597</li> 159 <li>Xingyuan Lin of 360 Marvel Team: CVE-2017-0627</li> 160 <li>Yong Wang () (<a 161 href="https://twitter.com/ThomasKing2014">@ThomasKing2014</a>) of Alibaba Inc: 162 CVE-2017-0588</li> 163 <li>Yonggang Guo (<a href="https://twitter.com/guoygang">@guoygang</a>) of 164 IceSword Lab, Qihoo 360 Technology Co. Ltd: CVE-2016-10289, CVE-2017-0465</li> 165 <li>Yu Pan of Vulpecker Team, Qihoo 360 Technology Co. Ltd: CVE-2016-10282, 166 CVE-2017-0615</li> 167 <li>Yu Pan and Peide Zhang of Vulpecker Team, Qihoo 360 Technology Co. Ltd: 168 CVE-2017-0618, CVE-2017-0625</li> 169 </ul> 170 171 <h2 id="2017-05-01-details">2017-05-01 security patch level-Vulnerability 172 details</h2> 173 174 <p>In the sections below, we provide details for each of the security 175 vulnerabilities that apply to the 2017-05-01 patch level. There is a description 176 of the issue, a severity rationale, and a table with the CVE, associated 177 references, severity, updated Google devices, updated AOSP versions (where 178 applicable), and date reported. When available, we will link the public change 179 that addressed the issue to the bug ID, like the AOSP change list. When multiple 180 changes relate to a single bug, additional references are linked to numbers 181 following the bug ID.</p> 182 183 184 <h3 id="rce-in-mediaserver">Remote code execution vulnerability in 185 Mediaserver</h3> 186 187 <p>A remote code execution vulnerability in Mediaserver could enable an attacker 188 using a specially crafted file to cause memory corruption during media file and 189 data processing. This issue is rated as Critical due to the possibility of 190 remote code execution within the context of the Mediaserver process.</p> 191 192 <table> 193 <col width="18%"> 194 <col width="17%"> 195 <col width="10%"> 196 <col width="19%"> 197 <col width="18%"> 198 <col width="17%"> 199 <tr> 200 <th>CVE</th> 201 <th>References</th> 202 <th>Severity</th> 203 <th>Updated Google devices</th> 204 <th>Updated AOSP versions</th> 205 <th>Date reported</th> 206 </tr> 207 <tr> 208 <td>CVE-2017-0587</td> 209 <td><a href="https://android.googlesource.com/platform/external/libmpeg2/+/a86eb798d077b9b25c8f8c77e3c02c2f287c1ce7">A-35219737</a></td> 210 <td>Critical</td> 211 <td>All</td> 212 <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> 213 <td>Jan 4, 2017</td> 214 </tr> 215 <tr> 216 <td>CVE-2017-0588</td> 217 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/6f1d990ce0f116a205f467d9eb2082795e33872b">A-34618607</a></td> 218 <td>Critical</td> 219 <td>All</td> 220 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> 221 <td>Jan 21, 2017</td> 222 </tr> 223 <tr> 224 <td>CVE-2017-0589</td> 225 <td><a href="https://android.googlesource.com/platform/external/libhevc/+/bcfc7124f6ef9f1ec128fb2e90de774a5b33d199">A-34897036</a></td> 226 <td>Critical</td> 227 <td>All</td> 228 <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> 229 <td>Feb 1, 2017</td> 230 </tr> 231 <tr> 232 <td>CVE-2017-0590</td> 233 <td><a href="https://android.googlesource.com/platform/external/libhevc/+/45c97f878bee15cd97262fe7f57ecea71990fed7">A-35039946</a></td> 234 <td>Critical</td> 235 <td>All</td> 236 <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> 237 <td>Feb 6, 2017</td> 238 </tr> 239 <tr> 240 <td>CVE-2017-0591</td> 241 <td><a href="https://android.googlesource.com/platform/external/libavc/+/5c3fd5d93a268abb20ff22f26009535b40db3c7d">A-34097672</a></td> 242 <td>Critical</td> 243 <td>All</td> 244 <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> 245 <td>Google internal</td> 246 </tr> 247 <tr> 248 <td>CVE-2017-0592</td> 249 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/acc192347665943ca674acf117e4f74a88436922">A-34970788</a></td> 250 <td>Critical</td> 251 <td>All</td> 252 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> 253 <td>Google internal</td> 254 </tr> 255 </table> 256 257 258 <h3 id="eop-in-framework-apis">Elevation of privilege vulnerability in 259 Framework APIs</h3> 260 261 <p>An elevation of privilege vulnerability in the Framework APIs could enable a 262 local malicious application to obtain access to custom permissions. This issue 263 is rated as High because it is a general bypass for operating system 264 protections that isolate application data from other applications.</p> 265 266 <table> 267 <col width="18%"> 268 <col width="17%"> 269 <col width="10%"> 270 <col width="19%"> 271 <col width="18%"> 272 <col width="17%"> 273 <tr> 274 <th>CVE</th> 275 <th>References</th> 276 <th>Severity</th> 277 <th>Updated Google devices</th> 278 <th>Updated AOSP versions</th> 279 <th>Date reported</th> 280 </tr> 281 <tr> 282 <td>CVE-2017-0593</td> 283 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/78efbc95412b8efa9a44d573f5767ae927927d48">A-34114230</a></td> 284 <td>High</td> 285 <td>All</td> 286 <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> 287 <td>Jan 5, 2017</td> 288 </tr> 289 </table> 290 291 292 <h3 id="eop-in-mediaserver">Elevation of privilege vulnerability in 293 Mediaserver</h3> 294 295 <p>An elevation of privilege vulnerability in Mediaserver could enable a local 296 malicious application to execute arbitrary code within the context of a 297 privileged process. This issue is rated as High because it could be used to 298 gain local access to elevated capabilities, which are not normally accessible 299 to a third-party application.</p> 300 301 <table> 302 <col width="18%"> 303 <col width="17%"> 304 <col width="10%"> 305 <col width="19%"> 306 <col width="18%"> 307 <col width="17%"> 308 <tr> 309 <th>CVE</th> 310 <th>References</th> 311 <th>Severity</th> 312 <th>Updated Google devices</th> 313 <th>Updated AOSP versions</th> 314 <th>Date reported</th> 315 </tr> 316 <tr> 317 <td>CVE-2017-0594</td> 318 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/594bf934384920618d2b6ce0bcda1f60144cb3eb">A-34617444</a></td> 319 <td>High</td> 320 <td>All</td> 321 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> 322 <td>Jan 22, 2017</td> 323 </tr> 324 <tr> 325 <td>CVE-2017-0595</td> 326 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/5443b57cc54f2e46b35246637be26a69e9f493e1">A-34705519</a></td> 327 <td>High</td> 328 <td>All</td> 329 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 330 <td>Jan 24, 2017</td> 331 </tr> 332 <tr> 333 <td>CVE-2017-0596</td> 334 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/5443b57cc54f2e46b35246637be26a69e9f493e1">A-34749392</a></td> 335 <td>High</td> 336 <td>All</td> 337 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 338 <td>Jan 24, 2017</td> 339 </tr> 340 </table> 341 342 343 <h3 id="eop-in-audioserver">Elevation of privilege vulnerability in 344 Audioserver</h3> 345 346 <p>An elevation of privilege vulnerability in Audioserver could enable a local 347 malicious application to execute arbitrary code within the context of a 348 privileged process. This issue is rated as High because it could be used to 349 gain local access to elevated capabilities, which are not normally accessible 350 to a third-party application.</p> 351 352 <table> 353 <col width="18%"> 354 <col width="17%"> 355 <col width="10%"> 356 <col width="19%"> 357 <col width="18%"> 358 <col width="17%"> 359 <tr> 360 <th>CVE</th> 361 <th>References</th> 362 <th>Severity</th> 363 <th>Updated Google devices</th> 364 <th>Updated AOSP versions</th> 365 <th>Date reported</th> 366 </tr> 367 <tr> 368 <td>CVE-2017-0597</td> 369 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/a9188f89179a7edd301abaf37d644adf5d647a04">A-34749571</a></td> 370 <td>High</td> 371 <td>All</td> 372 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> 373 <td>Jan 25, 2017</td> 374 </tr> 375 </table> 376 377 378 <h3 id="id-in-framework-apis">Information disclosure vulnerability in Framework 379 APIs</h3> 380 381 <p>An information disclosure vulnerability in the Framework APIs could enable a 382 local malicious application to bypass operating system protections that isolate 383 application data from other applications. This issue is rated as High because 384 it could be used to gain access to data that the application does not have 385 access to.</p> 386 387 <table> 388 <col width="18%"> 389 <col width="17%"> 390 <col width="10%"> 391 <col width="19%"> 392 <col width="18%"> 393 <col width="17%"> 394 <tr> 395 <th>CVE</th> 396 <th>References</th> 397 <th>Severity</th> 398 <th>Updated Google devices</th> 399 <th>Updated AOSP versions</th> 400 <th>Date reported</th> 401 </tr> 402 <tr> 403 <td>CVE-2017-0598</td> 404 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/4e110ab20bb91e945a17c6e166e14e2da9608f08">A-34128677</a> 405 [<a href="https://android.googlesource.com/platform/frameworks/base/+/d42e1204d5dddb78ec9d20d125951b59a8344f40">2</a>]</td> 406 <td>High</td> 407 <td>All</td> 408 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> 409 <td>Jan 6, 2017</td> 410 </tr> 411 </table> 412 413 414 <h3 id="dos-in-mediaserver">Denial of service vulnerability in Mediaserver</h3> 415 416 <p>A remote denial of service vulnerability in Mediaserver could enable an 417 attacker to use a specially crafted file to cause a device hang or reboot. This 418 issue is rated as High severity due to the possibility of remote denial of 419 service.</p> 420 421 <table> 422 <col width="18%"> 423 <col width="17%"> 424 <col width="10%"> 425 <col width="19%"> 426 <col width="18%"> 427 <col width="17%"> 428 <tr> 429 <th>CVE</th> 430 <th>References</th> 431 <th>Severity</th> 432 <th>Updated Google devices</th> 433 <th>Updated AOSP versions</th> 434 <th>Date reported</th> 435 </tr> 436 <tr> 437 <td>CVE-2017-0599</td> 438 <td><a href="https://android.googlesource.com/platform/external/libhevc/+/a1424724a00d62ac5efa0e27953eed66850d662f">A-34672748</a></td> 439 <td>High</td> 440 <td>All</td> 441 <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> 442 <td>Jan 23, 2017</td> 443 </tr> 444 <tr> 445 <td>CVE-2017-0600</td> 446 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/961e5ac5788b52304e64b9a509781beaf5201fb0">A-35269635</a></td> 447 <td>High</td> 448 <td>All</td> 449 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> 450 <td>Feb 10, 2017</td> 451 </tr> 452 </table> 453 454 455 <h3 id="eop-in-bluetooth">Elevation of privilege vulnerability in 456 Bluetooth</h3> 457 458 <p>An Elevation of Privilege vulnerability in Bluetooth could potentially enable a 459 local malicious application to accept harmful files shared via bluetooth 460 without user permission. This issue is rated as Moderate due to local bypass of 461 user interaction requirements. </p> 462 463 <table> 464 <col width="18%"> 465 <col width="17%"> 466 <col width="10%"> 467 <col width="19%"> 468 <col width="18%"> 469 <col width="17%"> 470 <tr> 471 <th>CVE</th> 472 <th>References</th> 473 <th>Severity</th> 474 <th>Updated Google devices</th> 475 <th>Updated AOSP versions</th> 476 <th>Date reported</th> 477 </tr> 478 <tr> 479 <td>CVE-2017-0601</td> 480 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/667d2cbe3eb1450f273a4f6595ccef35e1f0fe4b">A-35258579</a></td> 481 <td>Moderate</td> 482 <td>All</td> 483 <td>7.0, 7.1.1, 7.1.2</td> 484 <td>Feb 9, 2017</td> 485 </tr> 486 </table> 487 488 489 <h3 id="id-in-file-based-encryption">Information disclosure vulnerability in 490 File-Based Encryption</h3> 491 492 <p>An information disclosure vulnerability in File-Based Encryption could enable a 493 local malicious attacker to bypass operating system protections for the lock 494 screen. This issue is rated as Moderate due to the possibility of bypassing the 495 lock screen.</p> 496 497 <table> 498 <col width="18%"> 499 <col width="17%"> 500 <col width="10%"> 501 <col width="19%"> 502 <col width="18%"> 503 <col width="17%"> 504 <tr> 505 <th>CVE</th> 506 <th>References</th> 507 <th>Severity</th> 508 <th>Updated Google devices</th> 509 <th>Updated AOSP versions</th> 510 <th>Date reported</th> 511 </tr> 512 <tr> 513 <td>CVE-2017-0493</td> 514 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/e4cefbf4fce458489b5f1bebc79dfaf566bcc5d5">A-32793550</a> 515 [<a href="https://android.googlesource.com/platform/frameworks/base/+/f806d65e615b942c268a5f68d44bde9d55634972">2</a>]</td> 516 <td>Moderate</td> 517 <td>All</td> 518 <td>7.0, 7.1.1</td> 519 <td>Nov 9, 2016</td> 520 </tr> 521 </table> 522 523 524 <h3 id="id-in-bluetooth">Information disclosure vulnerability in Bluetooth</h3> 525 526 <p>An information disclosure vulnerability in Bluetooth could allow a local 527 malicious application to bypass operating system protections that isolate 528 application data from other applications. This issue is rated as Moderate due 529 to details specific to the vulnerability.</p> 530 531 <table> 532 <col width="18%"> 533 <col width="17%"> 534 <col width="10%"> 535 <col width="19%"> 536 <col width="18%"> 537 <col width="17%"> 538 <tr> 539 <th>CVE</th> 540 <th>References</th> 541 <th>Severity</th> 542 <th>Updated Google devices</th> 543 <th>Updated AOSP versions</th> 544 <th>Date reported</th> 545 </tr> 546 <tr> 547 <td>CVE-2017-0602</td> 548 <td><a href="https://android.googlesource.com/platform/system/bt/+/a4875a49404c544134df37022ae587a4a3321647">A-34946955</a></td> 549 <td>Moderate</td> 550 <td>All</td> 551 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> 552 <td>Dec 5, 2016</td> 553 </tr> 554 </table> 555 556 557 <h3 id="id-in-openssl-&-boringssl">Information disclosure vulnerability in 558 OpenSSL & BoringSSL</h3> 559 560 <p>An information disclosure vulnerability in OpenSSL & BoringSSL could enable a 561 remote attacker to gain access to sensitive information. This issue is rated as 562 Moderate due to details specific to the vulnerability.</p> 563 564 <table> 565 <col width="18%"> 566 <col width="17%"> 567 <col width="10%"> 568 <col width="19%"> 569 <col width="18%"> 570 <col width="17%"> 571 <tr> 572 <th>CVE</th> 573 <th>References</th> 574 <th>Severity</th> 575 <th>Updated Google devices</th> 576 <th>Updated AOSP versions</th> 577 <th>Date reported</th> 578 </tr> 579 <tr> 580 <td>CVE-2016-7056</td> 581 <td><a href="https://android.googlesource.com/platform/external/boringssl/+/13179a8e75fee98740b5ce728752aa7294b3e32d">A-33752052</a></td> 582 <td>Moderate</td> 583 <td>All</td> 584 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> 585 <td>Dec 19, 2016</td> 586 </tr> 587 </table> 588 589 590 <h3 id="dos-in-mediaserver-2">Denial of service vulnerability in 591 Mediaserver</h3> 592 593 <p>A denial of service vulnerability in Mediaserver could enable an attacker to 594 use a specially crafted file to cause a device hang or reboot. This issue is 595 rated as Moderate because it requires an uncommon device configuration.</p> 596 597 <table> 598 <col width="18%"> 599 <col width="17%"> 600 <col width="10%"> 601 <col width="19%"> 602 <col width="18%"> 603 <col width="17%"> 604 <tr> 605 <th>CVE</th> 606 <th>References</th> 607 <th>Severity</th> 608 <th>Updated Google devices</th> 609 <th>Updated AOSP versions</th> 610 <th>Date reported</th> 611 </tr> 612 <tr> 613 <td>CVE-2017-0603</td> 614 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/36b04932bb93cc3269279282686b439a17a89920">A-35763994</a></td> 615 <td>Moderate</td> 616 <td>All</td> 617 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> 618 <td>Feb 23, 2017</td> 619 </tr> 620 </table> 621 622 623 <h3 id="dos-in-mediaserver-3">Denial of service vulnerability in 624 Mediaserver</h3> 625 626 <p>A remote denial of service vulnerability in Mediaserver could enable an 627 attacker to use a specially crafted file to cause a device hang or reboot. This 628 issue is rated as Low due to details specific to the vulnerability.</p> 629 630 <table> 631 <col width="18%"> 632 <col width="17%"> 633 <col width="10%"> 634 <col width="19%"> 635 <col width="18%"> 636 <col width="17%"> 637 <tr> 638 <th>CVE</th> 639 <th>References</th> 640 <th>Severity</th> 641 <th>Updated Google devices</th> 642 <th>Updated AOSP versions</th> 643 <th>Date reported</th> 644 </tr> 645 <tr> 646 <td>CVE-2017-0635</td> 647 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/523f6b49c1a2289161f40cf9fe80b92e592e9441">A-35467107</a></td> 648 <td>Low</td> 649 <td>All</td> 650 <td>7.0, 7.1.1, 7.1.2</td> 651 <td>Feb 16, 2017</td> 652 </tr> 653 </table> 654 655 656 <h2 id="2017-05-05-details">2017-05-05 security patch level-Vulnerability 657 details</h2> 658 659 <p>In the sections below, we provide details for each of the security 660 vulnerabilities that apply to the 2017-05-05 patch level. There is a description 661 of the issue, a severity rationale, and a table with the CVE, associated 662 references, severity, updated Google devices, updated AOSP versions (where 663 applicable), and date reported. When available, we will link the public change 664 that addressed the issue to the bug ID, like the AOSP change list. When multiple 665 changes relate to a single bug, additional references are linked to numbers 666 following the bug ID.</p> 667 668 669 <h3 id="rce-in-giflib">Remote code execution vulnerability in GIFLIB</h3> 670 671 <p>A remote code execution vulnerability in GIFLIB could enable an attacker using 672 a specially crafted file to cause memory corruption during media file and data 673 processing. This issue is rated as Critical due to the possibility of remote 674 code execution within the context of the Mediaserver process.</p> 675 676 <table> 677 <col width="18%"> 678 <col width="17%"> 679 <col width="10%"> 680 <col width="19%"> 681 <col width="18%"> 682 <col width="17%"> 683 <tr> 684 <th>CVE</th> 685 <th>References</th> 686 <th>Severity</th> 687 <th>Updated Google devices</th> 688 <th>Updated AOSP versions</th> 689 <th>Date reported</th> 690 </tr> 691 <tr> 692 <td>CVE-2015-7555</td> 693 <td><a href="https://android.googlesource.com/platform/external/giflib/+/dc07290edccc2c3fc4062da835306f809cea1fdc">A-34697653</a></td> 694 <td>Critical</td> 695 <td>All</td> 696 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> 697 <td>April 13, 2016</td> 698 </tr> 699 </table> 700 701 702 <h3 id="eop-in-mediatek-touchscreen-driver">Elevation of privilege 703 vulnerability in MediaTek touchscreen driver</h3> 704 705 <p>An elevation of privilege vulnerability in the MediaTek touchscreen driver 706 could enable a local malicious application to execute arbitrary code within the 707 context of the kernel. This issue is rated as Critical due to the possibility 708 of a local permanent device compromise, which may require reflashing the 709 operating system to repair the device.</p> 710 711 <table> 712 <col width="19%"> 713 <col width="20%"> 714 <col width="10%"> 715 <col width="23%"> 716 <col width="17%"> 717 <tr> 718 <th>CVE</th> 719 <th>References</th> 720 <th>Severity</th> 721 <th>Updated Google devices</th> 722 <th>Date reported</th> 723 </tr> 724 <tr> 725 <td>CVE-2016-10274</td> 726 <td>A-30202412*<br> 727 M-ALPS02897901</td> 728 <td>Critical</td> 729 <td>None**</td> 730 <td>Jul 16, 2016</td> 731 </tr> 732 </table> 733 734 <p>* The patch for this issue is not publicly available. The update is contained 735 in the latest binary drivers for Nexus devices available from the 736 <a href="https://developers.google.com/android/nexus/drivers"> 737 Google Developer site</a>.</p> 738 739 <p>** Supported Google devices on Android 7.1.1 or later that have installed all 740 available updates are not affected by this vulnerability.</p> 741 742 743 <h3 id="eop-in-qualcomm-bootloader">Elevation of privilege vulnerability in 744 Qualcomm bootloader</h3> 745 746 <p>An elevation of privilege vulnerability in the Qualcomm bootloader could enable 747 a local malicious application to execute arbitrary code within the context of 748 the kernel. This issue is rated as Critical due to the possibility of a local 749 permanent device compromise, which may require reflashing the operating system 750 to repair the device.</p> 751 752 <table> 753 <col width="19%"> 754 <col width="20%"> 755 <col width="10%"> 756 <col width="23%"> 757 <col width="17%"> 758 <tr> 759 <th>CVE</th> 760 <th>References</th> 761 <th>Severity</th> 762 <th>Updated Google devices</th> 763 <th>Date reported</th> 764 </tr> 765 <tr> 766 <td>CVE-2016-10275</td> 767 <td>A-34514954<br> 768 <a 769 href="https://source.codeaurora.org/quic/la//kernel/lk/commit/?id=1a0a15c380e11fc46f8d8706ea5ae22b752bdd0b"> 770 QC-CR#1009111</a></td> 771 <td>Critical</td> 772 <td>Nexus 5X, Nexus 6, Pixel, Pixel XL, Android One</td> 773 <td>Sep 13, 2016</td> 774 </tr> 775 <tr> 776 <td>CVE-2016-10276</td> 777 <td>A-32952839<br> 778 <a 779 href="https://source.codeaurora.org/quic/la//kernel/lk/commit/?id=5dac431748027e8b50a5c4079967def4ea53ad64"> 780 QC-CR#1094105</a></td> 781 <td>Critical</td> 782 <td>Nexus 5X, Nexus 6P, Pixel, Pixel XL</td> 783 <td>Nov 16, 2016</td> 784 </tr> 785 </table> 786 787 788 <h3 id="eop-in-kernel-sound-subsystem">Elevation of privilege vulnerability in 789 kernel sound subsystem</h3> 790 791 <p>An elevation of privilege vulnerability in the kernel sound subsystem could 792 enable a local malicious application to execute arbitrary code within the 793 context of the kernel. This issue is rated as Critical due to the possibility 794 of a local permanent device compromise, which may require reflashing the 795 operating system to repair the device.</p> 796 797 <table> 798 <col width="19%"> 799 <col width="20%"> 800 <col width="10%"> 801 <col width="23%"> 802 <col width="17%"> 803 <tr> 804 <th>CVE</th> 805 <th>References</th> 806 <th>Severity</th> 807 <th>Updated Google devices</th> 808 <th>Date reported</th> 809 </tr> 810 <tr> 811 <td>CVE-2016-9794</td> 812 <td>A-34068036<br> 813 <a 814 href="https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?id=a27178e05b7c332522df40904f27674e36ee3757"> 815 Upstream kernel</a></td> 816 <td>Critical</td> 817 <td>Nexus 5X, Nexus 6, Nexus 6P, Nexus 9, Pixel, Pixel XL, Pixel C, Android 818 One, Nexus Player</td> 819 <td>Dec 3, 2016</td> 820 </tr> 821 </table> 822 823 824 <h3 id="eop-in-motorola-bootloader">Elevation of privilege vulnerability in 825 Motorola bootloader</h3> 826 827 <p>An elevation of privilege vulnerability in the Motorola bootloader could enable 828 a local malicious application to execute arbitrary code within the context of 829 the bootloader. This issue is rated as Critical due to the possibility of a 830 local permanent device compromise, which may require reflashing the operating 831 system to repair the device.</p> 832 833 <table> 834 <col width="19%"> 835 <col width="20%"> 836 <col width="10%"> 837 <col width="23%"> 838 <col width="17%"> 839 <tr> 840 <th>CVE</th> 841 <th>References</th> 842 <th>Severity</th> 843 <th>Updated Google devices</th> 844 <th>Date reported</th> 845 </tr> 846 <tr> 847 <td>CVE-2016-10277</td> 848 <td>A-33840490*<br> 849 </td> 850 <td>Critical</td> 851 <td>Nexus 6</td> 852 <td>Dec 21, 2016</td> 853 </tr> 854 </table> 855 856 <p>* The patch for this issue is not publicly available. The update is contained 857 in the latest binary drivers for Nexus devices available from the 858 <a href="https://developers.google.com/android/nexus/drivers"> 859 Google Developer site</a>.</p> 860 861 862 <h3 id="eop-in-nvidia-video-driver">Elevation of privilege vulnerability in 863 NVIDIA video driver</h3> 864 865 <p>An elevation of privilege vulnerability in the NVIDIA video driver could enable 866 a local malicious application to execute arbitrary code within the context of 867 the kernel. This issue is rated as Critical due to the possibility of a local 868 permanent device compromise, which may require reflashing the operating system 869 to repair the device.</p> 870 871 <table> 872 <col width="19%"> 873 <col width="20%"> 874 <col width="10%"> 875 <col width="23%"> 876 <col width="17%"> 877 <tr> 878 <th>CVE</th> 879 <th>References</th> 880 <th>Severity</th> 881 <th>Updated Google devices</th> 882 <th>Date reported</th> 883 </tr> 884 <tr> 885 <td>CVE-2017-0331</td> 886 <td>A-34113000*<br> 887 N-CVE-2017-0331</td> 888 <td>Critical</td> 889 <td>Nexus 9</td> 890 <td>Jan 4, 2017</td> 891 </tr> 892 </table> 893 894 <p>* The patch for this issue is not publicly available. The update is contained 895 in the latest binary drivers for Nexus devices available from the 896 <a href="https://developers.google.com/android/nexus/drivers"> 897 Google Developer site</a>.</p> 898 899 900 <h3 id="eop-in-qualcomm-power-driver">Elevation of privilege vulnerability in 901 Qualcomm power driver</h3> 902 903 <p>An elevation of privilege vulnerability in the kernel Qualcomm power driver 904 could enable a local malicious application to execute arbitrary code within the 905 context of the kernel. This issue is rated as Critical due to the possibility 906 of a local permanent device compromise, which may require reflashing the 907 operating system to repair the device.</p> 908 909 <table> 910 <col width="19%"> 911 <col width="20%"> 912 <col width="10%"> 913 <col width="23%"> 914 <col width="17%"> 915 <tr> 916 <th>CVE</th> 917 <th>References</th> 918 <th>Severity</th> 919 <th>Updated Google devices</th> 920 <th>Date reported</th> 921 </tr> 922 <tr> 923 <td>CVE-2017-0604</td> 924 <td>A-35392981<br> 925 <a 926 href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=6975e2dd5f37de965093ba3a8a08635a77a960f7"> 927 QC-CR#826589</a></td> 928 <td>Critical</td> 929 <td>None*</td> 930 <td>Feb 15, 2017</td> 931 </tr> 932 </table> 933 934 <p>* Supported Google devices on Android 7.1.1 or later that have installed all 935 available updates are not affected by this vulnerability.</p> 936 937 938 <h3 id="eop-in-kernel-trace-subsystem">Elevation of privilege vulnerability in 939 kernel trace subsystem</h3> 940 941 <p>An elevation of privilege vulnerability in the kernel trace subsystem could 942 enable a local malicious application to execute arbitrary code within the 943 context of the kernel. This issue is rated as Critical due to the possibility 944 of a local permanent device compromise, which may require reflashing the 945 operating system to repair the device.</p> 946 947 <table> 948 <col width="19%"> 949 <col width="20%"> 950 <col width="10%"> 951 <col width="23%"> 952 <col width="17%"> 953 <tr> 954 <th>CVE</th> 955 <th>References</th> 956 <th>Severity</th> 957 <th>Updated Google devices</th> 958 <th>Date reported</th> 959 </tr> 960 <tr> 961 <td>CVE-2017-0605</td> 962 <td>A-35399704<br> 963 <a 964 href="https://source.codeaurora.org/quic/la//kernel/msm-3.10/commit/?id=2161ae9a70b12cf18ac8e5952a20161ffbccb477"> 965 QC-CR#1048480</a></td> 966 <td>Critical</td> 967 <td>Nexus 5X, Nexus 6, Nexus 6P, Nexus 9, Pixel, Pixel XL, Pixel C, Android 968 One, Nexus Player</td> 969 <td>Feb 15, 2017</td> 970 </tr> 971 </table> 972 973 974 <h3 id="vulnerabilities-in-qualcomm-components">Vulnerabilities in Qualcomm 975 components</h3> 976 977 <p>These vulnerabilities affect Qualcomm components and are described in further 978 detail in the Qualcomm AMSS August, September, October, and December 2016 979 security bulletins.</p> 980 981 <table> 982 <col width="19%"> 983 <col width="20%"> 984 <col width="10%"> 985 <col width="23%"> 986 <col width="17%"> 987 <tr> 988 <th>CVE</th> 989 <th>References</th> 990 <th>Severity*</th> 991 <th>Updated Google devices</th> 992 <th>Date reported</th> 993 </tr> 994 <tr> 995 <td>CVE-2016-10240</td> 996 <td>A-32578446**<br> 997 QC-CR#955710</td> 998 <td>Critical</td> 999 <td>Nexus 6P</td> 1000 <td>Qualcomm internal</td> 1001 </tr> 1002 <tr> 1003 <td>CVE-2016-10241</td> 1004 <td>A-35436149**<br> 1005 QC-CR#1068577</td> 1006 <td>Critical</td> 1007 <td>Nexus 5X, Nexus 6, Nexus 6P, Pixel, Pixel XL</td> 1008 <td>Qualcomm internal</td> 1009 </tr> 1010 <tr> 1011 <td>CVE-2016-10278</td> 1012 <td>A-31624008**<br> 1013 QC-CR#1043004</td> 1014 <td>High</td> 1015 <td>Pixel, Pixel XL</td> 1016 <td>Qualcomm internal</td> 1017 </tr> 1018 <tr> 1019 <td>CVE-2016-10279</td> 1020 <td>A-31624421**<br> 1021 QC-CR#1031821</td> 1022 <td>High</td> 1023 <td>Pixel, Pixel XL</td> 1024 <td>Qualcomm internal</td> 1025 </tr> 1026 </table> 1027 1028 <p>* The severity rating for these vulnerabilities was determined by the vendor.</p> 1029 1030 <p>* The patch for this issue is not publicly available. The update is contained 1031 in the latest binary drivers for Nexus devices available from the 1032 <a href="https://developers.google.com/android/nexus/drivers"> 1033 Google Developer site</a>.</p> 1034 1035 <h3 id="rce-in-libxml2">Remote code execution vulnerability in libxml2</h3> 1036 1037 <p>A remote code execution vulnerability in libxml2 could enable an attacker to 1038 use a specially crafted file to execute arbitrary code within the context of an 1039 unprivileged process. This issue is rated as High due to the possibility of 1040 remote code execution in an application that uses this library.</p> 1041 1042 <table> 1043 <col width="18%"> 1044 <col width="17%"> 1045 <col width="10%"> 1046 <col width="19%"> 1047 <col width="18%"> 1048 <col width="17%"> 1049 <tr> 1050 <th>CVE</th> 1051 <th>References</th> 1052 <th>Severity</th> 1053 <th>Updated Google devices</th> 1054 <th>Updated AOSP versions</th> 1055 <th>Date reported</th> 1056 </tr> 1057 <tr> 1058 <td>CVE-2016-5131</td> 1059 <td>A-32956747*</td> 1060 <td>High</td> 1061 <td>None**</td> 1062 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0</td> 1063 <td>July 23, 2016</td> 1064 </tr> 1065 </table> 1066 1067 <p>* The patch for this issue is not publicly available. The update is contained 1068 in the latest binary drivers for Nexus devices available from the <a 1069 href="https://developers.google.com/android/drivers">Google Developer 1070 site</a>.</p> 1071 1072 <p>** Supported Google devices on Android 7.1.1 or later that have installed all 1073 available updates are not affected by this vulnerability.</p> 1074 1075 1076 <h3 id="eop-in-mediatek-thermal-driver">Elevation of privilege vulnerability in 1077 MediaTek thermal driver</h3> 1078 1079 <p>An elevation of privilege vulnerability in the MediaTek thermal driver could 1080 enable a local malicious application to execute arbitrary code within the 1081 context of the kernel. This issue is rated as High because it first requires 1082 compromising a privileged process.</p> 1083 1084 <table> 1085 <col width="19%"> 1086 <col width="20%"> 1087 <col width="10%"> 1088 <col width="23%"> 1089 <col width="17%"> 1090 <tr> 1091 <th>CVE</th> 1092 <th>References</th> 1093 <th>Severity</th> 1094 <th>Updated Google devices</th> 1095 <th>Date reported</th> 1096 </tr> 1097 <tr> 1098 <td>CVE-2016-10280</td> 1099 <td>A-28175767*<br> 1100 M-ALPS02696445</td> 1101 <td>High</td> 1102 <td>None**</td> 1103 <td>Apr 11, 2016</td> 1104 </tr> 1105 <tr> 1106 <td>CVE-2016-10281</td> 1107 <td>A-28175647*<br> 1108 M-ALPS02696475</td> 1109 <td>High</td> 1110 <td>None**</td> 1111 <td>Apr 11, 2016</td> 1112 </tr> 1113 <tr> 1114 <td>CVE-2016-10282</td> 1115 <td>A-33939045*<br> 1116 M-ALPS03149189</td> 1117 <td>High</td> 1118 <td>None**</td> 1119 <td>Dec 27, 2016</td> 1120 </tr> 1121 </table> 1122 1123 <p>* The patch for this issue is not publicly available. The update is contained 1124 in the latest binary drivers for Nexus devices available from the 1125 <a href="https://developers.google.com/android/nexus/drivers"> 1126 Google Developer site</a>.</p> 1127 1128 <p>** Supported Google devices on Android 7.1.1 or later that have installed all 1129 available updates are not affected by this vulnerability.</p> 1130 1131 1132 <h3 id="eop-in-qualcomm-wi-fi-driver">Elevation of privilege vulnerability in 1133 Qualcomm Wi-Fi driver</h3> 1134 1135 <p>An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could 1136 enable a local malicious application to execute arbitrary code within the 1137 context of the kernel. This issue is rated as High because it first requires 1138 compromising a privileged process.</p> 1139 1140 <table> 1141 <col width="19%"> 1142 <col width="20%"> 1143 <col width="10%"> 1144 <col width="23%"> 1145 <col width="17%"> 1146 <tr> 1147 <th>CVE</th> 1148 <th>References</th> 1149 <th>Severity</th> 1150 <th>Updated Google devices</th> 1151 <th>Date reported</th> 1152 </tr> 1153 <tr> 1154 <td>CVE-2016-10283</td> 1155 <td>A-32094986<br> 1156 <a 1157 href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=93863644b4547324309613361d70ad9dc91f8dfd"> 1158 QC-CR#2002052</a></td> 1159 <td>High</td> 1160 <td>Nexus 5X, Pixel, Pixel XL, Android One</td> 1161 <td>Oct 11, 2016</td> 1162 </tr> 1163 </table> 1164 1165 1166 <h3 id="eop-in-qualcomm-video-driver">Elevation of privilege vulnerability in 1167 Qualcomm video driver</h3> 1168 1169 <p>An elevation of privilege vulnerability in the Qualcomm video driver could 1170 enable a local malicious application to execute arbitrary code within the 1171 context of the kernel. This issue is rated as High because it first requires 1172 compromising a privileged process.</p> 1173 1174 <table> 1175 <col width="19%"> 1176 <col width="20%"> 1177 <col width="10%"> 1178 <col width="23%"> 1179 <col width="17%"> 1180 <tr> 1181 <th>CVE</th> 1182 <th>References</th> 1183 <th>Severity</th> 1184 <th>Updated Google devices</th> 1185 <th>Date reported</th> 1186 </tr> 1187 <tr> 1188 <td>CVE-2016-10284</td> 1189 <td>A-32402303*<br> 1190 QC-CR#2000664</td> 1191 <td>High</td> 1192 <td>Nexus 5X, Nexus 6, Nexus 6P, Pixel, Pixel XL, Android One</td> 1193 <td>Oct 24, 2016</td> 1194 </tr> 1195 <tr> 1196 <td>CVE-2016-10285</td> 1197 <td>A-33752702<br> 1198 <a 1199 href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=67dfd3a65336e0b3f55ee83d6312321dc5f2a6f9"> 1200 QC-CR#1104899</a></td> 1201 <td>High</td> 1202 <td>Pixel, Pixel XL</td> 1203 <td>Dec 19, 2016</td> 1204 </tr> 1205 <tr> 1206 <td>CVE-2016-10286</td> 1207 <td>A-35400904<br> 1208 <a 1209 href="https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=5d30a3d0dc04916ddfb972bfc52f8e636642f999"> 1210 QC-CR#1090237</a></td> 1211 <td>High</td> 1212 <td>Pixel, Pixel XL</td> 1213 <td>Feb 15, 2017</td> 1214 </tr> 1215 </table> 1216 1217 <p>* The patch for this issue is not publicly available. The update is contained 1218 in the latest binary drivers for Nexus devices available from the 1219 <a href="https://developers.google.com/android/nexus/drivers"> 1220 Google Developer site</a>.</p> 1221 1222 1223 <h3 id="eop-in-kernel-performance-subsystem">Elevation of privilege 1224 vulnerability in kernel performance subsystem</h3> 1225 1226 <p>An elevation of privilege vulnerability in the kernel performance subsystem 1227 could enable a local malicious application to execute arbitrary code within the 1228 context of the kernel. This issue is rated as High because it first requires 1229 compromising a privileged process.</p> 1230 1231 <table> 1232 <col width="19%"> 1233 <col width="20%"> 1234 <col width="10%"> 1235 <col width="23%"> 1236 <col width="17%"> 1237 <tr> 1238 <th>CVE</th> 1239 <th>References</th> 1240 <th>Severity</th> 1241 <th>Updated Google devices</th> 1242 <th>Date reported</th> 1243 </tr> 1244 <tr> 1245 <td>CVE-2015-9004</td> 1246 <td>A-34515362<br> 1247 <a 1248 href="https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?id=c3c87e770458aa004bd7ed3f29945ff436fd6511"> 1249 Upstream kernel</a></td> 1250 <td>High</td> 1251 <td>Nexus 5X, Nexus 6, Nexus 6P, Nexus 9, Pixel, Pixel XL, Pixel C, Android 1252 One, Nexus Player</td> 1253 <td>Nov 23, 2016</td> 1254 </tr> 1255 </table> 1256 1257 1258 <h3 id="eop-in-qualcomm-sound-driver">Elevation of privilege vulnerability in 1259 Qualcomm sound driver</h3> 1260 1261 <p>An elevation of privilege vulnerability in the Qualcomm sound driver could 1262 enable a local malicious application to execute arbitrary code within the 1263 context of the kernel. This issue is rated as High because it first requires 1264 compromising a privileged process.</p> 1265 1266 <table> 1267 <col width="19%"> 1268 <col width="20%"> 1269 <col width="10%"> 1270 <col width="23%"> 1271 <col width="17%"> 1272 <tr> 1273 <th>CVE</th> 1274 <th>References</th> 1275 <th>Severity</th> 1276 <th>Updated Google devices</th> 1277 <th>Date reported</th> 1278 </tr> 1279 <tr> 1280 <td>CVE-2016-10287</td> 1281 <td>A-33784446<br> 1282 <a 1283 href="https://www.codeaurora.org/gitweb/quic/la/?p=kernel/msm-4.4.git;a=commit;h=937bc9e644180e258c68662095861803f7ba4ded"> 1284 QC-CR#1112751</a></td> 1285 <td>High</td> 1286 <td>Nexus 5X, Nexus 6P, Pixel, Pixel XL, Android One</td> 1287 <td>Dec 20, 2016</td> 1288 </tr> 1289 <tr> 1290 <td>CVE-2017-0606</td> 1291 <td>A-34088848<br> 1292 <a 1293 href="https://www.codeaurora.org/gitweb/quic/la/?p=kernel/msm-4.4.git;a=commit;h=d3237316314c3d6f75a58192971f66e3822cd250"> 1294 QC-CR#1116015</a></td> 1295 <td>High</td> 1296 <td>Nexus 5X, Nexus 6P, Pixel, Pixel XL, Android One</td> 1297 <td>Jan 3, 2017</td> 1298 </tr> 1299 <tr> 1300 <td>CVE-2016-5860</td> 1301 <td>A-34623424<br> 1302 <a 1303 href="https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=9f91ae0d7203714fc39ae78e1f1c4fd71ed40498"> 1304 QC-CR#1100682</a></td> 1305 <td>High</td> 1306 <td>Pixel, Pixel XL</td> 1307 <td>Jan 22, 2017</td> 1308 </tr> 1309 <tr> 1310 <td>CVE-2016-5867</td> 1311 <td>A-35400602<br> 1312 <a 1313 href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=065360da7147003aed8f59782b7652d565f56be5"> 1314 QC-CR#1095947</a></td> 1315 <td>High</td> 1316 <td>None*</td> 1317 <td>Feb 15, 2017</td> 1318 </tr> 1319 <tr> 1320 <td>CVE-2017-0607</td> 1321 <td>A-35400551<br> 1322 <a 1323 href="https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=b003c8d5407773d3aa28a48c9841e4c124da453d"> 1324 QC-CR#1085928</a></td> 1325 <td>High</td> 1326 <td>Pixel, Pixel XL</td> 1327 <td>Feb 15, 2017</td> 1328 </tr> 1329 <tr> 1330 <td>CVE-2017-0608</td> 1331 <td>A-35400458<br> 1332 <a 1333 href="https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=b66f442dd97c781e873e8f7b248e197f86fd2980"> 1334 QC-CR#1098363</a></td> 1335 <td>High</td> 1336 <td>Nexus 5X, Nexus 6, Nexus 6P, Pixel, Pixel XL, Android One</td> 1337 <td>Feb 15, 2017</td> 1338 </tr> 1339 <tr> 1340 <td>CVE-2017-0609</td> 1341 <td>A-35399801<br> 1342 <a 1343 href="https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=38a83df036084c00e8c5a4599c8ee7880b4ee567"> 1344 QC-CR#1090482</a></td> 1345 <td>High</td> 1346 <td>Nexus 5X, Nexus 6P, Pixel, Pixel XL, Android One</td> 1347 <td>Feb 15, 2017</td> 1348 </tr> 1349 <tr> 1350 <td>CVE-2016-5859</td> 1351 <td>A-35399758<br> 1352 <a 1353 href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=97fdb441a9fb330a76245e473bc1a2155c809ebe"> 1354 QC-CR#1096672</a></td> 1355 <td>High</td> 1356 <td>None*</td> 1357 <td>Feb 15, 2017</td> 1358 </tr> 1359 <tr> 1360 <td>CVE-2017-0610</td> 1361 <td>A-35399404<br> 1362 <a 1363 href="https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=65009746a6e649779f73d665934561ea983892fe"> 1364 QC-CR#1094852</a></td> 1365 <td>High</td> 1366 <td>Nexus 5X, Nexus 6, Nexus 6P, Pixel, Pixel XL, Android One</td> 1367 <td>Feb 15, 2017</td> 1368 </tr> 1369 <tr> 1370 <td>CVE-2017-0611</td> 1371 <td>A-35393841<br> 1372 <a 1373 href="https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=1aa5df9246557a98181f03e98530ffd509b954c8"> 1374 QC-CR#1084210</a></td> 1375 <td>High</td> 1376 <td>Nexus 5X, Nexus 6, Nexus 6P, Pixel, Pixel XL, Android One</td> 1377 <td>Feb 15, 2017</td> 1378 </tr> 1379 <tr> 1380 <td>CVE-2016-5853</td> 1381 <td>A-35392629<br> 1382 <a 1383 href="https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=a8f3b894de319718aecfc2ce9c691514696805be"> 1384 QC-CR#1102987</a></td> 1385 <td>High</td> 1386 <td>None*</td> 1387 <td>Feb 15, 2017</td> 1388 </tr> 1389 </table> 1390 1391 <p>* Supported Google devices on Android 7.1.1 or later that have installed all 1392 available updates are not affected by this vulnerability.</p> 1393 1394 1395 <h3 id="eop-in-qualcomm-led-driver">Elevation of privilege vulnerability in 1396 Qualcomm LED driver</h3> 1397 1398 <p>An elevation of privilege vulnerability in the Qualcomm LED driver could enable 1399 a local malicious application to execute arbitrary code within the context of 1400 the kernel. This issue is rated as High because it first requires compromising 1401 a privileged process.</p> 1402 1403 <table> 1404 <col width="19%"> 1405 <col width="20%"> 1406 <col width="10%"> 1407 <col width="23%"> 1408 <col width="17%"> 1409 <tr> 1410 <th>CVE</th> 1411 <th>References</th> 1412 <th>Severity</th> 1413 <th>Updated Google devices</th> 1414 <th>Date reported</th> 1415 </tr> 1416 <tr> 1417 <td>CVE-2016-10288</td> 1418 <td>A-33863909<br> 1419 <a 1420 href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=db2cdc95204bc404f03613d5dd7002251fb33660"> 1421 QC-CR#1109763</a></td> 1422 <td>High</td> 1423 <td>Pixel, Pixel XL</td> 1424 <td>Dec 23, 2016</td> 1425 </tr> 1426 </table> 1427 1428 1429 <h3 id="eop-in-qualcomm-crypto-driver">Elevation of privilege vulnerability in 1430 Qualcomm crypto driver</h3> 1431 1432 <p>An elevation of privilege vulnerability in the Qualcomm crypto driver could 1433 enable a local malicious application to execute arbitrary code within the 1434 context of the kernel. This issue is rated as High because it first requires 1435 compromising a privileged process.</p> 1436 1437 <table> 1438 <col width="19%"> 1439 <col width="20%"> 1440 <col width="10%"> 1441 <col width="23%"> 1442 <col width="17%"> 1443 <tr> 1444 <th>CVE</th> 1445 <th>References</th> 1446 <th>Severity</th> 1447 <th>Updated Google devices</th> 1448 <th>Date reported</th> 1449 </tr> 1450 <tr> 1451 <td>CVE-2016-10289</td> 1452 <td>A-33899710<br> 1453 <a 1454 href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=a604e6f3889ccc343857532b63dea27603381816"> 1455 QC-CR#1116295</a></td> 1456 <td>High</td> 1457 <td>Nexus 5X, Nexus 6, Nexus 6P, Pixel, Pixel XL, Android One</td> 1458 <td>Dec 24, 2016</td> 1459 </tr> 1460 </table> 1461 1462 1463 <h3 id="eop-in-qualcomm-shared-memory-driver">Elevation of privilege 1464 vulnerability in Qualcomm shared memory driver</h3> 1465 1466 <p>An elevation of privilege vulnerability in the Qualcomm shared memory driver 1467 could enable a local malicious application to execute arbitrary code within the 1468 context of the kernel. This issue is rated as High because it first requires 1469 compromising a privileged process.</p> 1470 1471 <table> 1472 <col width="19%"> 1473 <col width="20%"> 1474 <col width="10%"> 1475 <col width="23%"> 1476 <col width="17%"> 1477 <tr> 1478 <th>CVE</th> 1479 <th>References</th> 1480 <th>Severity</th> 1481 <th>Updated Google devices</th> 1482 <th>Date reported</th> 1483 </tr> 1484 <tr> 1485 <td>CVE-2016-10290</td> 1486 <td>A-33898330<br> 1487 <a 1488 href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=a5e46d8635a2e28463b365aacdeab6750abd0d49"> 1489 QC-CR#1109782</a></td> 1490 <td>High</td> 1491 <td>Nexus 5X, Nexus 6P, Pixel, Pixel XL</td> 1492 <td>Dec 24, 2016</td> 1493 </tr> 1494 </table> 1495 1496 1497 <h3 id="eop-in-qualcomm-slimbus-driver">Elevation of privilege vulnerability in 1498 Qualcomm Slimbus driver</h3> 1499 1500 <p>An elevation of privilege vulnerability in the Qualcomm Slimbus driver could 1501 enable a local malicious application to execute arbitrary code within the 1502 context of the kernel. This issue is rated as High because it first requires 1503 compromising a privileged process.</p> 1504 1505 <table> 1506 <col width="19%"> 1507 <col width="20%"> 1508 <col width="10%"> 1509 <col width="23%"> 1510 <col width="17%"> 1511 <tr> 1512 <th>CVE</th> 1513 <th>References</th> 1514 <th>Severity</th> 1515 <th>Updated Google devices</th> 1516 <th>Date reported</th> 1517 </tr> 1518 <tr> 1519 <td>CVE-2016-10291</td> 1520 <td>A-34030871<br> 1521 <a 1522 href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=a225074c0494ca8125ca0ac2f9ebc8a2bd3612de"> 1523 QC-CR#986837</a></td> 1524 <td>High</td> 1525 <td>Nexus 5X, Nexus 6, Nexus 6P, Android One</td> 1526 <td>Dec 31, 2016</td> 1527 </tr> 1528 </table> 1529 1530 1531 <h3 id="eop-in-qualcomm-adsprpc-driver">Elevation of privilege vulnerability in 1532 Qualcomm ADSPRPC driver</h3> 1533 1534 <p>An elevation of privilege vulnerability in the Qualcomm ADSPRPC driver could 1535 enable a local malicious application to execute arbitrary code within the 1536 context of the kernel. This issue is rated as High because it first requires 1537 compromising a privileged process.</p> 1538 1539 <table> 1540 <col width="19%"> 1541 <col width="20%"> 1542 <col width="10%"> 1543 <col width="23%"> 1544 <col width="17%"> 1545 <tr> 1546 <th>CVE</th> 1547 <th>References</th> 1548 <th>Severity</th> 1549 <th>Updated Google devices</th> 1550 <th>Date reported</th> 1551 </tr> 1552 <tr> 1553 <td>CVE-2017-0465</td> 1554 <td>A-34112914<br> 1555 <a 1556 href="https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=3823f0f8d0bbbbd675a42a54691f4051b3c7e544"> 1557 QC-CR#1110747</a></td> 1558 <td>High</td> 1559 <td>Nexus 5X, Nexus 6P, Pixel, Pixel XL, Android One</td> 1560 <td>Jan 5, 2017</td> 1561 </tr> 1562 </table> 1563 1564 1565 <h3 1566 id="eop-in-qualcomm-secure-execution-environment-communicator-driver">Elevation 1567 of privilege vulnerability in Qualcomm Secure Execution Environment 1568 Communicator driver</h3> 1569 1570 <p>An elevation of privilege vulnerability in the Qualcomm Secure Execution 1571 Environment Communicator driver could enable a local malicious application to 1572 execute arbitrary code within the context of the kernel. This issue is rated as 1573 High because it first requires compromising a privileged process.</p> 1574 1575 <table> 1576 <col width="19%"> 1577 <col width="20%"> 1578 <col width="10%"> 1579 <col width="23%"> 1580 <col width="17%"> 1581 <tr> 1582 <th>CVE</th> 1583 <th>References</th> 1584 <th>Severity</th> 1585 <th>Updated Google devices</th> 1586 <th>Date reported</th> 1587 </tr> 1588 <tr> 1589 <td>CVE-2017-0612</td> 1590 <td>A-34389303<br> 1591 <a 1592 href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=05efafc998dc86c3b75af9803ca71255ddd7a8eb"> 1593 QC-CR#1061845</a></td> 1594 <td>High</td> 1595 <td>Pixel, Pixel XL</td> 1596 <td>Jan 10, 2017</td> 1597 </tr> 1598 <tr> 1599 <td>CVE-2017-0613</td> 1600 <td>A-35400457<br> 1601 <a 1602 href="https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=b108c651cae9913da1ab163cb4e5f7f2db87b747"> 1603 QC-CR#1086140</a></td> 1604 <td>High</td> 1605 <td>Nexus 5X, Nexus 6, Nexus 6P, Pixel, Pixel XL, Android One</td> 1606 <td>Feb 15, 2017</td> 1607 </tr> 1608 <tr> 1609 <td>CVE-2017-0614</td> 1610 <td>A-35399405<br> 1611 <a 1612 href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=fc2ae27eb9721a0ce050c2062734fec545cda604"> 1613 QC-CR#1080290</a></td> 1614 <td>High</td> 1615 <td>Nexus 5X, Nexus 6, Nexus 6P, Pixel, Pixel XL, Android One</td> 1616 <td>Feb 15, 2017</td> 1617 </tr> 1618 </table> 1619 1620 1621 <h3 id="eop-in-mediatek-power-driver">Elevation of privilege vulnerability in 1622 MediaTek power driver</h3> 1623 1624 <p>An elevation of privilege vulnerability in the MediaTek power driver could 1625 enable a local malicious application to execute arbitrary code within the 1626 context of the kernel. This issue is rated as High because it first requires 1627 compromising a privileged process.</p> 1628 1629 <table> 1630 <col width="19%"> 1631 <col width="20%"> 1632 <col width="10%"> 1633 <col width="23%"> 1634 <col width="17%"> 1635 <tr> 1636 <th>CVE</th> 1637 <th>References</th> 1638 <th>Severity</th> 1639 <th>Updated Google devices</th> 1640 <th>Date reported</th> 1641 </tr> 1642 <tr> 1643 <td>CVE-2017-0615</td> 1644 <td>A-34259126*<br> 1645 M-ALPS03150278</td> 1646 <td>High</td> 1647 <td>None**</td> 1648 <td>Jan 12, 2017</td> 1649 </tr> 1650 </table> 1651 1652 <p>* The patch for this issue is not publicly available. The update is contained 1653 in the latest binary drivers for Nexus devices available from the 1654 <a href="https://developers.google.com/android/nexus/drivers"> 1655 Google Developer site</a>.</p> 1656 1657 <p>** Supported Google devices on Android 7.1.1 or later that have installed all 1658 available updates are not affected by this vulnerability.</p> 1659 1660 1661 <h3 id="eop-in-mediatek-system-management-interrupt-driver">Elevation of 1662 privilege vulnerability in MediaTek system management interrupt driver</h3> 1663 1664 <p>An elevation of privilege vulnerability in the MediaTek system management 1665 interrupt driver could enable a local malicious application to execute 1666 arbitrary code within the context of the kernel. This issue is rated as High 1667 because it first requires compromising a privileged process.</p> 1668 1669 <table> 1670 <col width="19%"> 1671 <col width="20%"> 1672 <col width="10%"> 1673 <col width="23%"> 1674 <col width="17%"> 1675 <tr> 1676 <th>CVE</th> 1677 <th>References</th> 1678 <th>Severity</th> 1679 <th>Updated Google devices</th> 1680 <th>Date reported</th> 1681 </tr> 1682 <tr> 1683 <td>CVE-2017-0616</td> 1684 <td>A-34470286*<br> 1685 M-ALPS03149160</td> 1686 <td>High</td> 1687 <td>None**</td> 1688 <td>Jan 19, 2017</td> 1689 </tr> 1690 </table> 1691 1692 <p>* The patch for this issue is not publicly available. The update is contained 1693 in the latest binary drivers for Nexus devices available from the 1694 <a href="https://developers.google.com/android/nexus/drivers"> 1695 Google Developer site</a>.</p> 1696 1697 <p>** Supported Google devices on Android 7.1.1 or later that have installed all 1698 available updates are not affected by this vulnerability.</p> 1699 1700 1701 <h3 id="eop-in-mediatek-video-driver">Elevation of privilege vulnerability in 1702 MediaTek video driver</h3> 1703 1704 <p>An elevation of privilege vulnerability in the MediaTek video driver could 1705 enable a local malicious application to execute arbitrary code within the 1706 context of the kernel. This issue is rated as High because it first requires 1707 compromising a privileged process.</p> 1708 1709 <table> 1710 <col width="19%"> 1711 <col width="20%"> 1712 <col width="10%"> 1713 <col width="23%"> 1714 <col width="17%"> 1715 <tr> 1716 <th>CVE</th> 1717 <th>References</th> 1718 <th>Severity</th> 1719 <th>Updated Google devices</th> 1720 <th>Date reported</th> 1721 </tr> 1722 <tr> 1723 <td>CVE-2017-0617</td> 1724 <td>A-34471002*<br> 1725 M-ALPS03149173</td> 1726 <td>High</td> 1727 <td>None**</td> 1728 <td>Jan 19, 2017</td> 1729 </tr> 1730 </table> 1731 1732 <p>* The patch for this issue is not publicly available. The update is contained 1733 in the latest binary drivers for Nexus devices available from the 1734 <a href="https://developers.google.com/android/nexus/drivers"> 1735 Google Developer site</a>.</p> 1736 1737 <p>** Supported Google devices on Android 7.1.1 or later that have installed all 1738 available updates are not affected by this vulnerability.</p> 1739 1740 1741 <h3 id="eop-in-mediatek-command-queue-driver">Elevation of privilege 1742 vulnerability in MediaTek command queue driver</h3> 1743 1744 <p>An elevation of privilege vulnerability in the MediaTek command queue driver 1745 could enable a local malicious application to execute arbitrary code within the 1746 context of the kernel. This issue is rated as High because it first requires 1747 compromising a privileged process.</p> 1748 1749 <table> 1750 <col width="19%"> 1751 <col width="20%"> 1752 <col width="10%"> 1753 <col width="23%"> 1754 <col width="17%"> 1755 <tr> 1756 <th>CVE</th> 1757 <th>References</th> 1758 <th>Severity</th> 1759 <th>Updated Google devices</th> 1760 <th>Date reported</th> 1761 </tr> 1762 <tr> 1763 <td>CVE-2017-0618</td> 1764 <td>A-35100728*<br> 1765 M-ALPS03161536</td> 1766 <td>High</td> 1767 <td>None**</td> 1768 <td>Feb 7, 2017</td> 1769 </tr> 1770 </table> 1771 1772 <p>* The patch for this issue is not publicly available. The update is contained 1773 in the latest binary drivers for Nexus devices available from the 1774 <a href="https://developers.google.com/android/nexus/drivers"> 1775 Google Developer site</a>.</p> 1776 1777 <p>** Supported Google devices on Android 7.1.1 or later that have installed all 1778 available updates are not affected by this vulnerability.</p> 1779 1780 1781 <h3 id="eop-in-qualcomm-pin-controller-driver">Elevation of privilege 1782 vulnerability in Qualcomm pin controller driver</h3> 1783 1784 <p>An elevation of privilege vulnerability in the Qualcomm pin controller driver 1785 could enable a local malicious application to execute arbitrary code within the 1786 context of the kernel. This issue is rated as High because it first requires 1787 compromising a privileged process.</p> 1788 1789 <table> 1790 <col width="19%"> 1791 <col width="20%"> 1792 <col width="10%"> 1793 <col width="23%"> 1794 <col width="17%"> 1795 <tr> 1796 <th>CVE</th> 1797 <th>References</th> 1798 <th>Severity</th> 1799 <th>Updated Google devices</th> 1800 <th>Date reported</th> 1801 </tr> 1802 <tr> 1803 <td>CVE-2017-0619</td> 1804 <td>A-35401152<br> 1805 <a 1806 href="https://source.codeaurora.org/quic/la//kernel/msm-3.14/commit/?id=72f67b29a9c5e6e8d3c34751600c749c5f5e13e1"> 1807 QC-CR#826566</a></td> 1808 <td>High</td> 1809 <td>Nexus 6, Android One</td> 1810 <td>Feb 15, 2017</td> 1811 </tr> 1812 </table> 1813 1814 1815 <h3 id="eop-in-qualcomm-secure-channel-manager-driver">Elevation of privilege 1816 vulnerability in Qualcomm Secure Channel Manager Driver</h3> 1817 1818 <p>An elevation of privilege vulnerability in the Qualcomm Secure Channel Manager 1819 driver could enable a local malicious application to execute arbitrary code 1820 within the context of the kernel. This issue is rated as High because it first 1821 requires compromising a privileged process.</p> 1822 1823 <table> 1824 <col width="19%"> 1825 <col width="20%"> 1826 <col width="10%"> 1827 <col width="23%"> 1828 <col width="17%"> 1829 <tr> 1830 <th>CVE</th> 1831 <th>References</th> 1832 <th>Severity</th> 1833 <th>Updated Google devices</th> 1834 <th>Date reported</th> 1835 </tr> 1836 <tr> 1837 <td>CVE-2017-0620</td> 1838 <td>A-35401052<br> 1839 <a 1840 href="https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=01b2c9a5d728ff6f2f1f28a5d4e927aaeabf56ed"> 1841 QC-CR#1081711</a></td> 1842 <td>High</td> 1843 <td>Nexus 5X, Nexus 6, Nexus 6P, Pixel, Pixel XL, Android One</td> 1844 <td>Feb 15, 2017</td> 1845 </tr> 1846 </table> 1847 1848 1849 <h3 id="eop-in-qualcomm-sound-codec-driver">Elevation of privilege 1850 vulnerability in Qualcomm sound codec driver</h3> 1851 1852 <p>An elevation of privilege vulnerability in the Qualcomm sound codec driver 1853 could enable a local malicious application to execute arbitrary code within the 1854 context of the kernel. This issue is rated as High because it first requires 1855 compromising a privileged process.</p> 1856 1857 <table> 1858 <col width="19%"> 1859 <col width="20%"> 1860 <col width="10%"> 1861 <col width="23%"> 1862 <col width="17%"> 1863 <tr> 1864 <th>CVE</th> 1865 <th>References</th> 1866 <th>Severity</th> 1867 <th>Updated Google devices</th> 1868 <th>Date reported</th> 1869 </tr> 1870 <tr> 1871 <td>CVE-2016-5862</td> 1872 <td>A-35399803<br> 1873 <a 1874 href="https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=4199451e83729a3add781eeafaee32994ff65b04"> 1875 QC-CR#1099607</a></td> 1876 <td>High</td> 1877 <td>Pixel, Pixel XL</td> 1878 <td>Feb 15, 2017</td> 1879 </tr> 1880 </table> 1881 1882 1883 <h3 id="eop-in-kernel-voltage-regulator-driver">Elevation of privilege 1884 vulnerability in kernel voltage regulator driver</h3> 1885 1886 <p>An elevation of privilege vulnerability in the kernel voltage regulator driver 1887 could enable a local malicious application to execute arbitrary code within the 1888 context of the kernel. This issue is rated as High because it first requires 1889 compromising a privileged process.</p> 1890 1891 <table> 1892 <col width="19%"> 1893 <col width="20%"> 1894 <col width="10%"> 1895 <col width="23%"> 1896 <col width="17%"> 1897 <tr> 1898 <th>CVE</th> 1899 <th>References</th> 1900 <th>Severity</th> 1901 <th>Updated Google devices</th> 1902 <th>Date reported</th> 1903 </tr> 1904 <tr> 1905 <td>CVE-2014-9940</td> 1906 <td>A-35399757<br> 1907 <a 1908 href="https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?id=60a2362f769cf549dc466134efe71c8bf9fbaaba"> 1909 Upstream kernel</a></td> 1910 <td>High</td> 1911 <td>Nexus 6, Nexus 9, Pixel C, Android One, Nexus Player</td> 1912 <td>Feb 15, 2017</td> 1913 </tr> 1914 </table> 1915 1916 1917 <h3 id="eop-in-qualcomm-camera-driver">Elevation of privilege vulnerability in 1918 Qualcomm camera driver</h3> 1919 1920 <p>An elevation of privilege vulnerability in the Qualcomm camera driver could 1921 enable a local malicious application to execute arbitrary code within the 1922 context of the kernel. This issue is rated as High because it first requires 1923 compromising a privileged process.</p> 1924 1925 <table> 1926 <col width="19%"> 1927 <col width="20%"> 1928 <col width="10%"> 1929 <col width="23%"> 1930 <col width="17%"> 1931 <tr> 1932 <th>CVE</th> 1933 <th>References</th> 1934 <th>Severity</th> 1935 <th>Updated Google devices</th> 1936 <th>Date reported</th> 1937 </tr> 1938 <tr> 1939 <td>CVE-2017-0621</td> 1940 <td>A-35399703<br> 1941 <a 1942 href="https://source.codeaurora.org/quic/la//kernel/msm-3.10/commit/?id=9656e2c2b3523af20502bf1e933e35a397f5e82f"> 1943 QC-CR#831322</a></td> 1944 <td>High</td> 1945 <td>Android One</td> 1946 <td>Feb 15, 2017</td> 1947 </tr> 1948 </table> 1949 1950 1951 <h3 id="eop-in-qualcomm-networking-driver">Elevation of privilege vulnerability 1952 in Qualcomm networking driver</h3> 1953 1954 <p>An elevation of privilege vulnerability in the Qualcomm networking driver could 1955 enable a local malicious application to execute arbitrary code within the 1956 context of the kernel. This issue is rated as High because it first requires 1957 compromising a privileged process.</p> 1958 1959 <table> 1960 <col width="19%"> 1961 <col width="20%"> 1962 <col width="10%"> 1963 <col width="23%"> 1964 <col width="17%"> 1965 <tr> 1966 <th>CVE</th> 1967 <th>References</th> 1968 <th>Severity</th> 1969 <th>Updated Google devices</th> 1970 <th>Date reported</th> 1971 </tr> 1972 <tr> 1973 <td>CVE-2016-5868</td> 1974 <td>A-35392791<br> 1975 <a 1976 href="https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=fbb765a3f813f5cc85ddab21487fd65f24bf6a8c"> 1977 QC-CR#1104431</a></td> 1978 <td>High</td> 1979 <td>Nexus 5X, Pixel, Pixel XL</td> 1980 <td>Feb 15, 2017</td> 1981 </tr> 1982 </table> 1983 1984 1985 <h3 id="eop-in-kernel-networking-subsystem">Elevation of privilege 1986 vulnerability in kernel networking subsystem</h3> 1987 1988 <p>An elevation of privilege vulnerability in the kernel networking subsystem 1989 could enable a local malicious application to execute arbitrary code within the 1990 context of the kernel. This issue is rated as High because it first requires 1991 compromising a privileged process.</p> 1992 1993 <table> 1994 <col width="19%"> 1995 <col width="20%"> 1996 <col width="10%"> 1997 <col width="23%"> 1998 <col width="17%"> 1999 <tr> 2000 <th>CVE</th> 2001 <th>References</th> 2002 <th>Severity</th> 2003 <th>Updated Google devices</th> 2004 <th>Date reported</th> 2005 </tr> 2006 <tr> 2007 <td>CVE-2017-7184</td> 2008 <td>A-36565222<br> 2009 <a 2010 href="https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=677e806da4d916052585301785d847c3b3e6186a"> 2011 Upstream kernel</a> <a 2012 href="https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f843ee6dd019bcece3e74e76ad9df0155655d0df"> 2013 [2]</a></td> 2014 <td>High</td> 2015 <td>Nexus 5X, Nexus 6, Nexus 6P, Nexus 9, Pixel, Pixel XL, Android One</td> 2016 <td>Mar 23, 2017</td> 2017 </tr> 2018 </table> 2019 2020 2021 <h3 id="eop-in-goodix-touchscreen-driver">Elevation of privilege vulnerability 2022 in Goodix touchscreen driver</h3> 2023 2024 <p>An elevation of privilege vulnerability in the Goodix touchscreen driver could 2025 enable a local malicious application to execute arbitrary code within the 2026 context of the kernel. This issue is rated as High because it first requires 2027 compromising a privileged process.</p> 2028 2029 <table> 2030 <col width="19%"> 2031 <col width="20%"> 2032 <col width="10%"> 2033 <col width="23%"> 2034 <col width="17%"> 2035 <tr> 2036 <th>CVE</th> 2037 <th>References</th> 2038 <th>Severity</th> 2039 <th>Updated Google devices</th> 2040 <th>Date reported</th> 2041 </tr> 2042 <tr> 2043 <td>CVE-2017-0622</td> 2044 <td>A-32749036<br> 2045 <a 2046 href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=40efa25345003a96db34effbd23ed39530b3ac10"> 2047 QC-CR#1098602</a></td> 2048 <td>High</td> 2049 <td>Android One</td> 2050 <td>Google internal</td> 2051 </tr> 2052 </table> 2053 2054 2055 <h3 id="eop-in-htc-bootloader">Elevation of privilege vulnerability in HTC 2056 bootloader</h3> 2057 2058 <p>An elevation of privilege vulnerability in the HTC bootloader could enable a 2059 local malicious application to execute arbitrary code within the context of the 2060 bootloader. This issue is rated as High because it first requires compromising 2061 a privileged process.</p> 2062 2063 <table> 2064 <col width="19%"> 2065 <col width="20%"> 2066 <col width="10%"> 2067 <col width="23%"> 2068 <col width="17%"> 2069 <tr> 2070 <th>CVE</th> 2071 <th>References</th> 2072 <th>Severity</th> 2073 <th>Updated Google devices</th> 2074 <th>Date reported</th> 2075 </tr> 2076 <tr> 2077 <td>CVE-2017-0623</td> 2078 <td>A-32512358*<br> 2079 </td> 2080 <td>High</td> 2081 <td>Pixel, Pixel XL</td> 2082 <td>Google Internal</td> 2083 </tr> 2084 </table> 2085 2086 <p>* The patch for this issue is not publicly available. The update is contained 2087 in the latest binary drivers for Nexus devices available from the 2088 <a href="https://developers.google.com/android/nexus/drivers"> 2089 Google Developer site</a>.</p> 2090 2091 2092 <h3 id="id-in-qualcomm-wi-fi-driver">Information disclosure vulnerability in 2093 Qualcomm Wi-Fi driver</h3> 2094 2095 <p>An information disclosure vulnerability in the Qualcomm Wi-Fi driver could 2096 enable a local malicious application to access data outside of its permission 2097 levels. This issue is rated as High because it could be used to access 2098 sensitive data without explicit user permission.</p> 2099 2100 <table> 2101 <col width="19%"> 2102 <col width="20%"> 2103 <col width="10%"> 2104 <col width="23%"> 2105 <col width="17%"> 2106 <tr> 2107 <th>CVE</th> 2108 <th>References</th> 2109 <th>Severity</th> 2110 <th>Updated Google devices</th> 2111 <th>Date reported</th> 2112 </tr> 2113 <tr> 2114 <td>CVE-2017-0624</td> 2115 <td>A-34327795*<br> 2116 QC-CR#2005832</td> 2117 <td>High</td> 2118 <td>Nexus 5X, Pixel, Pixel XL</td> 2119 <td>Jan 16, 2017</td> 2120 </tr> 2121 </table> 2122 2123 <p>* The patch for this issue is not publicly available. The update is contained 2124 in the latest binary drivers for Nexus devices available from the 2125 <a href="https://developers.google.com/android/nexus/drivers"> 2126 Google Developer site</a>.</p> 2127 2128 2129 <h3 id="id-in-mediatek-command-queue-driver">Information disclosure 2130 vulnerability in MediaTek command queue driver</h3> 2131 2132 <p>An information disclosure vulnerability in the MediaTek command queue driver 2133 could enable a local malicious application to access data outside of its 2134 permission levels. This issue is rated as High because it could be used to 2135 access sensitive data without explicit user permission.</p> 2136 2137 <table> 2138 <col width="19%"> 2139 <col width="20%"> 2140 <col width="10%"> 2141 <col width="23%"> 2142 <col width="17%"> 2143 <tr> 2144 <th>CVE</th> 2145 <th>References</th> 2146 <th>Severity</th> 2147 <th>Updated Google devices</th> 2148 <th>Date reported</th> 2149 </tr> 2150 <tr> 2151 <td>CVE-2017-0625</td> 2152 <td>A-35142799*<br> 2153 M-ALPS03161531</td> 2154 <td>High</td> 2155 <td>None**</td> 2156 <td>Feb 8, 2017</td> 2157 </tr> 2158 </table> 2159 2160 <p>* The patch for this issue is not publicly available. The update is contained 2161 in the latest binary drivers for Nexus devices available from the 2162 <a href="https://developers.google.com/android/nexus/drivers"> 2163 Google Developer site</a>.</p> 2164 2165 <p>** Supported Google devices on Android 7.1.1 or later that have installed all 2166 available updates are not affected by this vulnerability.</p> 2167 2168 2169 <h3 id="id-in-qualcomm-crypto-engine-driver">Information disclosure 2170 vulnerability in Qualcomm crypto engine driver</h3> 2171 2172 <p>An information disclosure vulnerability in the Qualcomm crypto engine driver 2173 could enable a local malicious application to access data outside of its 2174 permission levels. This issue is rated as High because it could be used to 2175 access sensitive data without explicit user permission.</p> 2176 2177 <table> 2178 <col width="19%"> 2179 <col width="20%"> 2180 <col width="10%"> 2181 <col width="23%"> 2182 <col width="17%"> 2183 <tr> 2184 <th>CVE</th> 2185 <th>References</th> 2186 <th>Severity</th> 2187 <th>Updated Google devices</th> 2188 <th>Date reported</th> 2189 </tr> 2190 <tr> 2191 <td>CVE-2017-0626</td> 2192 <td>A-35393124<br> 2193 <a 2194 href="https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=64551bccab9b5b933757f6256b58f9ca0544f004"> 2195 QC-CR#1088050</a></td> 2196 <td>High</td> 2197 <td>Nexus 5X, Nexus 6, Nexus 6P, Pixel, Pixel XL, Android One</td> 2198 <td>Feb 15, 2017</td> 2199 </tr> 2200 </table> 2201 2202 2203 <h3 id="dos-in-qualcomm-wi-fi-driver">Denial of service vulnerability in 2204 Qualcomm Wi-Fi driver</h3> 2205 2206 <p>A denial of service vulnerability in the Qualcomm Wi-Fi driver could enable a 2207 proximate attacker to cause a denial of service in the Wi-Fi subsystem. This 2208 issue is rated as High due to the possibility of remote denial of service.</p> 2209 2210 <table> 2211 <col width="19%"> 2212 <col width="20%"> 2213 <col width="10%"> 2214 <col width="23%"> 2215 <col width="17%"> 2216 <tr> 2217 <th>CVE</th> 2218 <th>References</th> 2219 <th>Severity</th> 2220 <th>Updated Google devices</th> 2221 <th>Date reported</th> 2222 </tr> 2223 <tr> 2224 <td>CVE-2016-10292</td> 2225 <td>A-34514463*<br> 2226 QC-CR#1065466</td> 2227 <td>High</td> 2228 <td>Nexus 5X, Pixel, Pixel XL</td> 2229 <td>Dec 16, 2016</td> 2230 </tr> 2231 </table> 2232 2233 <p>* The patch for this issue is not publicly available. The update is contained 2234 in the latest binary drivers for Nexus devices available from the 2235 <a href="https://developers.google.com/android/nexus/drivers"> 2236 Google Developer site</a>.</p> 2237 2238 2239 <h3 id="id-in-kernel-uvc-driver">Information disclosure vulnerability in kernel 2240 UVC driver</h3> 2241 2242 <p>An information disclosure vulnerability in the kernel UVC driver could enable a 2243 local malicious application to access data outside of its permission levels. 2244 This issue is rated as Moderate because it first requires compromising a 2245 privileged process.</p> 2246 2247 <table> 2248 <col width="19%"> 2249 <col width="20%"> 2250 <col width="10%"> 2251 <col width="23%"> 2252 <col width="17%"> 2253 <tr> 2254 <th>CVE</th> 2255 <th>References</th> 2256 <th>Severity</th> 2257 <th>Updated Google devices</th> 2258 <th>Date reported</th> 2259 </tr> 2260 <tr> 2261 <td>CVE-2017-0627</td> 2262 <td>A-33300353*<br> 2263 </td> 2264 <td>Moderate</td> 2265 <td>Nexus 5X, Nexus 6P, Nexus 9, Pixel C, Nexus Player</td> 2266 <td>Dec 2, 2016</td> 2267 </tr> 2268 </table> 2269 2270 <p>* The patch for this issue is not publicly available. The update is contained 2271 in the latest binary drivers for Nexus devices available from the 2272 <a href="https://developers.google.com/android/nexus/drivers"> 2273 Google Developer site</a>.</p> 2274 2275 2276 <h3 id="id-in-qualcomm-video-driver">Information disclosure vulnerability in 2277 Qualcomm video driver</h3> 2278 2279 <p>An information disclosure vulnerability in the Qualcomm video driver could 2280 enable a local malicious application to access data outside of its permission 2281 levels. This issue is rated as Moderate because it first requires compromising 2282 a privileged process.</p> 2283 2284 <table> 2285 <col width="19%"> 2286 <col width="20%"> 2287 <col width="10%"> 2288 <col width="23%"> 2289 <col width="17%"> 2290 <tr> 2291 <th>CVE</th> 2292 <th>References</th> 2293 <th>Severity</th> 2294 <th>Updated Google devices</th> 2295 <th>Date reported</th> 2296 </tr> 2297 <tr> 2298 <td>CVE-2016-10293</td> 2299 <td>A-33352393<br> 2300 <a 2301 href="https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=2469d5374745a2228f774adbca6fb95a79b9047f"> 2302 QC-CR#1101943</a></td> 2303 <td>Moderate</td> 2304 <td>Nexus 5X, Nexus 6P, Android One</td> 2305 <td>Dec 4, 2016</td> 2306 </tr> 2307 </table> 2308 2309 2310 <h3 id="id-in-qualcomm-power-driver-(device-specific)">Information disclosure 2311 vulnerability in Qualcomm power driver (device specific)</h3> 2312 2313 <p>An information disclosure vulnerability in the Qualcomm power driver could 2314 enable a local malicious application to access data outside of its permission 2315 levels. This issue is rated as Moderate because it first requires compromising 2316 a privileged process.</p> 2317 2318 <table> 2319 <col width="19%"> 2320 <col width="20%"> 2321 <col width="10%"> 2322 <col width="23%"> 2323 <col width="17%"> 2324 <tr> 2325 <th>CVE</th> 2326 <th>References</th> 2327 <th>Severity</th> 2328 <th>Updated Google devices</th> 2329 <th>Date reported</th> 2330 </tr> 2331 <tr> 2332 <td>CVE-2016-10294</td> 2333 <td>A-33621829<br> 2334 <a 2335 href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=9e9bc51ffb8a298f0be5befe346762cdb6e1d49c"> 2336 QC-CR#1105481</a></td> 2337 <td>Moderate</td> 2338 <td>Nexus 5X, Nexus 6P, Pixel, Pixel XL</td> 2339 <td>Dec 14, 2016</td> 2340 </tr> 2341 </table> 2342 2343 2344 <h3 id="id-in-qualcomm-led-driver">Information disclosure vulnerability in 2345 Qualcomm LED driver</h3> 2346 2347 <p>An information disclosure vulnerability in the Qualcomm LED driver could enable 2348 a local malicious application to access data outside of its permission levels. 2349 This issue is rated as Moderate because it first requires compromising a 2350 privileged process.</p> 2351 2352 <table> 2353 <col width="19%"> 2354 <col width="20%"> 2355 <col width="10%"> 2356 <col width="23%"> 2357 <col width="17%"> 2358 <tr> 2359 <th>CVE</th> 2360 <th>References</th> 2361 <th>Severity</th> 2362 <th>Updated Google devices</th> 2363 <th>Date reported</th> 2364 </tr> 2365 <tr> 2366 <td>CVE-2016-10295</td> 2367 <td>A-33781694<br> 2368 <a 2369 href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=f11ae3df500bc2a093ddffee6ea40da859de0fa9"> 2370 QC-CR#1109326</a></td> 2371 <td>Moderate</td> 2372 <td>Pixel, Pixel XL</td> 2373 <td>Dec 20, 2016</td> 2374 </tr> 2375 </table> 2376 2377 2378 <h3 id="id-in-qualcomm-shared-memory-driver">Information disclosure 2379 vulnerability in Qualcomm shared memory driver</h3> 2380 2381 <p>An information disclosure vulnerability in the Qualcomm shared memory driver 2382 could enable a local malicious application to access data outside of its 2383 permission levels. This issue is rated as Moderate because it first requires 2384 compromising a privileged process.</p> 2385 2386 <table> 2387 <col width="19%"> 2388 <col width="20%"> 2389 <col width="10%"> 2390 <col width="23%"> 2391 <col width="17%"> 2392 <tr> 2393 <th>CVE</th> 2394 <th>References</th> 2395 <th>Severity</th> 2396 <th>Updated Google devices</th> 2397 <th>Date reported</th> 2398 </tr> 2399 <tr> 2400 <td>CVE-2016-10296</td> 2401 <td>A-33845464<br> 2402 <a 2403 href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=a5e46d8635a2e28463b365aacdeab6750abd0d49"> 2404 QC-CR#1109782</a></td> 2405 <td>Moderate</td> 2406 <td>Nexus 5X, Nexus 6P, Pixel, Pixel XL, Android One</td> 2407 <td>Dec 22, 2016</td> 2408 </tr> 2409 </table> 2410 2411 2412 <h3 id="id-in-qualcomm-camera-driver">Information disclosure vulnerability in 2413 Qualcomm camera driver</h3> 2414 2415 <p>An information disclosure vulnerability in the Qualcomm camera driver could 2416 enable a local malicious application to access data outside of its permission 2417 levels. This issue is rated as Moderate because it first requires compromising 2418 a privileged process.</p> 2419 2420 <table> 2421 <col width="19%"> 2422 <col width="20%"> 2423 <col width="10%"> 2424 <col width="23%"> 2425 <col width="17%"> 2426 <tr> 2427 <th>CVE</th> 2428 <th>References</th> 2429 <th>Severity</th> 2430 <th>Updated Google devices</th> 2431 <th>Date reported</th> 2432 </tr> 2433 <tr> 2434 <td>CVE-2017-0628</td> 2435 <td>A-34230377<br> 2436 <a 2437 href="https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=012e37bf91490c5b59ba2ab68a4d214b632b613f"> 2438 QC-CR#1086833</a></td> 2439 <td>Moderate</td> 2440 <td>Nexus 5X, Nexus 6, Pixel, Pixel XL</td> 2441 <td>Jan 10, 2017</td> 2442 </tr> 2443 <tr> 2444 <td>CVE-2017-0629</td> 2445 <td>A-35214296<br> 2446 <a 2447 href="https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=012e37bf91490c5b59ba2ab68a4d214b632b613f"> 2448 QC-CR#1086833</a></td> 2449 <td>Moderate</td> 2450 <td>Nexus 5X, Nexus 6, Pixel, Pixel XL</td> 2451 <td>Feb 8, 2017</td> 2452 </tr> 2453 </table> 2454 2455 2456 <h3 id="id-in-kernel-trace-subsystem">Information disclosure vulnerability in 2457 kernel trace subsystem</h3> 2458 2459 <p>An information disclosure vulnerability in the kernel trace subsystem could 2460 enable a local malicious application to access data outside of its permission 2461 levels. This issue is rated as Moderate because it first requires compromising 2462 a privileged process.</p> 2463 2464 <table> 2465 <col width="19%"> 2466 <col width="20%"> 2467 <col width="10%"> 2468 <col width="23%"> 2469 <col width="17%"> 2470 <tr> 2471 <th>CVE</th> 2472 <th>References</th> 2473 <th>Severity</th> 2474 <th>Updated Google devices</th> 2475 <th>Date reported</th> 2476 </tr> 2477 <tr> 2478 <td>CVE-2017-0630</td> 2479 <td>A-34277115*<br> 2480 </td> 2481 <td>Moderate</td> 2482 <td>Nexus 5X, Nexus 6, Nexus 6P, Nexus 9, Pixel, Pixel XL, Pixel C, Android 2483 One, Nexus Player</td> 2484 <td>Jan 11, 2017</td> 2485 </tr> 2486 </table> 2487 2488 <p>* The patch for this issue is not publicly available. The update is contained 2489 in the latest binary drivers for Nexus devices available from the 2490 <a href="https://developers.google.com/android/nexus/drivers"> 2491 Google Developer site</a>.</p> 2492 2493 2494 <h3 id="id-in-qualcomm-sound-codec-driver">Information disclosure vulnerability 2495 in Qualcomm sound codec driver</h3> 2496 2497 <p>An information disclosure vulnerability in the Qualcomm sound codec driver 2498 could enable a local malicious application to access data outside of its 2499 permission levels. This issue is rated as Moderate because it first requires 2500 compromising a privileged process.</p> 2501 2502 <table> 2503 <col width="19%"> 2504 <col width="20%"> 2505 <col width="10%"> 2506 <col width="23%"> 2507 <col width="17%"> 2508 <tr> 2509 <th>CVE</th> 2510 <th>References</th> 2511 <th>Severity</th> 2512 <th>Updated Google devices</th> 2513 <th>Date reported</th> 2514 </tr> 2515 <tr> 2516 <td>CVE-2016-5858</td> 2517 <td>A-35400153<br> 2518 <a 2519 href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=3154eb1d263b9c3eab2c9fa8ebe498390bf5d711"> 2520 QC-CR#1096799</a> <a 2521 href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=afc5bea71bc8f251dad1104568383019f4923af6"> 2522 [2]</a></td> 2523 <td>Moderate</td> 2524 <td>Nexus 5X, Nexus 6, Nexus 6P, Pixel, Pixel XL, Android One</td> 2525 <td>Feb 15, 2017</td> 2526 </tr> 2527 </table> 2528 2529 2530 <h3 id="id-in-qualcomm-camera-driver-2">Information disclosure vulnerability in 2531 Qualcomm camera driver</h3> 2532 2533 <p>An information disclosure vulnerability in the Qualcomm camera driver could 2534 enable a local malicious application to access data outside of its permission 2535 levels. This issue is rated as Moderate because it first requires compromising 2536 a privileged process.</p> 2537 2538 <table> 2539 <col width="19%"> 2540 <col width="20%"> 2541 <col width="10%"> 2542 <col width="23%"> 2543 <col width="17%"> 2544 <tr> 2545 <th>CVE</th> 2546 <th>References</th> 2547 <th>Severity</th> 2548 <th>Updated Google devices</th> 2549 <th>Date reported</th> 2550 </tr> 2551 <tr> 2552 <td>CVE-2017-0631</td> 2553 <td>A-35399756<br> 2554 <a 2555 href="https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=8236d6ebc7e26361ca7078cbeba01509f10941d8"> 2556 QC-CR#1093232</a></td> 2557 <td>Moderate</td> 2558 <td>Nexus 5X, Nexus 6P, Pixel, Pixel XL, Android One</td> 2559 <td>Feb 15, 2017</td> 2560 </tr> 2561 </table> 2562 2563 2564 <h3 id="id-in-qualcomm-sound-driver">Information disclosure vulnerability in 2565 Qualcomm sound driver</h3> 2566 2567 <p>An information disclosure vulnerability in the Qualcomm sound driver could 2568 enable a local malicious application to access data outside of its permission 2569 levels. This issue is rated as Moderate because it first requires compromising 2570 a privileged process.</p> 2571 2572 <table> 2573 <col width="19%"> 2574 <col width="20%"> 2575 <col width="10%"> 2576 <col width="23%"> 2577 <col width="17%"> 2578 <tr> 2579 <th>CVE</th> 2580 <th>References</th> 2581 <th>Severity</th> 2582 <th>Updated Google devices</th> 2583 <th>Date reported</th> 2584 </tr> 2585 <tr> 2586 <td>CVE-2016-5347</td> 2587 <td>A-35394329<br> 2588 <a 2589 href="https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=f14390f13e62460fc6b05fc0acde0e825374fdb6"> 2590 QC-CR#1100878</a></td> 2591 <td>Moderate</td> 2592 <td>Nexus 5X, Nexus 6, Nexus 6P, Pixel, Pixel XL, Android One</td> 2593 <td>Feb 15, 2017</td> 2594 </tr> 2595 </table> 2596 2597 2598 <h3 id="id-in-qualcomm-spcom-driver">Information disclosure vulnerability in 2599 Qualcomm SPCom driver</h3> 2600 2601 <p>An information disclosure vulnerability in the Qualcomm SPCom driver could 2602 enable a local malicious application to access data outside of its permission 2603 levels. This issue is rated as Moderate because it first requires compromising 2604 a privileged process.</p> 2605 2606 <table> 2607 <col width="19%"> 2608 <col width="20%"> 2609 <col width="10%"> 2610 <col width="23%"> 2611 <col width="17%"> 2612 <tr> 2613 <th>CVE</th> 2614 <th>References</th> 2615 <th>Severity</th> 2616 <th>Updated Google devices</th> 2617 <th>Date reported</th> 2618 </tr> 2619 <tr> 2620 <td>CVE-2016-5854</td> 2621 <td>A-35392792<br> 2622 <a 2623 href="https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=28d23d4d7999f683b27b6e0c489635265b67a4c9"> 2624 QC-CR#1092683</a></td> 2625 <td>Moderate</td> 2626 <td>None*</td> 2627 <td>Feb 15, 2017</td> 2628 </tr> 2629 <tr> 2630 <td>CVE-2016-5855</td> 2631 <td>A-35393081<br> 2632 <a 2633 href="https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=a5edb54e93ba85719091fe2bc426d75fa7059834"> 2634 QC-CR#1094143</a></td> 2635 <td>Moderate</td> 2636 <td>None*</td> 2637 <td>Feb 15, 2017</td> 2638 </tr> 2639 </table> 2640 2641 <p>* Supported Google devices on Android 7.1.1 or later that have installed all 2642 available updates are not affected by this vulnerability.</p> 2643 2644 2645 <h3 id="id-in-qualcomm-sound-codec-driver-2">Information disclosure 2646 vulnerability in Qualcomm sound codec driver</h3> 2647 2648 <p>An information disclosure vulnerability in the Qualcomm sound codec driver 2649 could enable a local malicious application to access data outside of its 2650 permission levels. This issue is rated as Moderate because it first requires 2651 compromising a privileged process.</p> 2652 2653 <table> 2654 <col width="19%"> 2655 <col width="20%"> 2656 <col width="10%"> 2657 <col width="23%"> 2658 <col width="17%"> 2659 <tr> 2660 <th>CVE</th> 2661 <th>References</th> 2662 <th>Severity</th> 2663 <th>Updated Google devices</th> 2664 <th>Date reported</th> 2665 </tr> 2666 <tr> 2667 <td>CVE-2017-0632</td> 2668 <td>A-35392586<br> 2669 <a 2670 href="https://source.codeaurora.org/quic/la//kernel/msm-3.10/commit/?id=970d6933e53c1f7ca8c8b67f49147b18505c3b8f"> 2671 QC-CR#832915</a></td> 2672 <td>Moderate</td> 2673 <td>Android One</td> 2674 <td>Feb 15, 2017</td> 2675 </tr> 2676 </table> 2677 2678 2679 <h3 id="id-in-broadcom-wi-fi-driver">Information disclosure vulnerability in 2680 Broadcom Wi-Fi driver</h3> 2681 2682 <p>An information disclosure vulnerability in the Broadcom Wi-Fi driver could 2683 enable a local malicious component to access data outside of its permission 2684 levels. This issue is rated as Moderate because it first requires compromising 2685 a privileged process.</p> 2686 2687 <table> 2688 <col width="19%"> 2689 <col width="20%"> 2690 <col width="10%"> 2691 <col width="23%"> 2692 <col width="17%"> 2693 <tr> 2694 <th>CVE</th> 2695 <th>References</th> 2696 <th>Severity</th> 2697 <th>Updated Google devices</th> 2698 <th>Date reported</th> 2699 </tr> 2700 <tr> 2701 <td>CVE-2017-0633</td> 2702 <td>A-36000515*<br> 2703 B-RB#117131</td> 2704 <td>Moderate</td> 2705 <td>Nexus 6, Nexus 6P, Nexus 9, Pixel C, Nexus Player</td> 2706 <td>Feb 23, 2017</td> 2707 </tr> 2708 </table> 2709 2710 <p>* The patch for this issue is not publicly available. The update is contained 2711 in the latest binary drivers for Nexus devices available from the 2712 <a href="https://developers.google.com/android/nexus/drivers"> 2713 Google Developer site</a>.</p> 2714 2715 2716 <h3 id="id-in-synaptics-touchscreen-driver">Information disclosure 2717 vulnerability in Synaptics touchscreen driver</h3> 2718 2719 <p>An information disclosure vulnerability in the Synaptics touchscreen driver 2720 could enable a local malicious application to access data outside of its 2721 permission levels. This issue is rated as Moderate because it first requires 2722 compromising a privileged process.</p> 2723 2724 <table> 2725 <col width="19%"> 2726 <col width="20%"> 2727 <col width="10%"> 2728 <col width="23%"> 2729 <col width="17%"> 2730 <tr> 2731 <th>CVE</th> 2732 <th>References</th> 2733 <th>Severity</th> 2734 <th>Updated Google devices</th> 2735 <th>Date reported</th> 2736 </tr> 2737 <tr> 2738 <td>CVE-2017-0634</td> 2739 <td>A-32511682*<br> 2740 </td> 2741 <td>Moderate</td> 2742 <td>Pixel, Pixel XL</td> 2743 <td>Google internal</td> 2744 </tr> 2745 </table> 2746 2747 <p>* The patch for this issue is not publicly available. The update is contained 2748 in the latest binary drivers for Nexus devices available from the 2749 <a href="https://developers.google.com/android/nexus/drivers"> 2750 Google Developer site</a>.</p> 2751 2752 2753 <h3 id="vulnerabilities-in-qualcomm-components-2">Vulnerabilities in Qualcomm 2754 components</h3> 2755 2756 <p>These vulnerabilities affecting Qualcomm components were released as part of 2757 Qualcomm AMSS security bulletins between 20142016. They are included in this 2758 Android security bulletin to associate their fixes with an Android security 2759 patch level.</p> 2760 2761 <table> 2762 <col width="19%"> 2763 <col width="20%"> 2764 <col width="10%"> 2765 <col width="23%"> 2766 <col width="17%"> 2767 <tr> 2768 <th>CVE</th> 2769 <th>References</th> 2770 <th>Severity*</th> 2771 <th>Updated Google devices</th> 2772 <th>Date reported</th> 2773 </tr> 2774 <tr> 2775 <td>CVE-2014-9923</td> 2776 <td>A-35434045**<br> 2777 QC-CR#403910</td> 2778 <td>Critical</td> 2779 <td>None***</td> 2780 <td>Qualcomm internal</td> 2781 </tr> 2782 <tr> 2783 <td>CVE-2014-9924</td> 2784 <td>A-35434631**<br> 2785 QC-CR#596102</td> 2786 <td>Critical</td> 2787 <td>None***</td> 2788 <td>Qualcomm internal</td> 2789 </tr> 2790 <tr> 2791 <td>CVE-2014-9925</td> 2792 <td>A-35444657**<br> 2793 QC-CR#638130</td> 2794 <td>Critical</td> 2795 <td>None***</td> 2796 <td>Qualcomm internal</td> 2797 </tr> 2798 <tr> 2799 <td>CVE-2014-9926</td> 2800 <td>A-35433784**<br> 2801 QC-CR#631527</td> 2802 <td>Critical</td> 2803 <td>None***</td> 2804 <td>Qualcomm internal</td> 2805 </tr> 2806 <tr> 2807 <td>CVE-2014-9927</td> 2808 <td>A-35433785**<br> 2809 QC-CR#661111</td> 2810 <td>Critical</td> 2811 <td>None***</td> 2812 <td>Qualcomm internal</td> 2813 </tr> 2814 <tr> 2815 <td>CVE-2014-9928</td> 2816 <td>A-35438623**<br> 2817 QC-CR#696972</td> 2818 <td>Critical</td> 2819 <td>None***</td> 2820 <td>Qualcomm internal</td> 2821 </tr> 2822 <tr> 2823 <td>CVE-2014-9929</td> 2824 <td>A-35443954**<br> 2825 QC-CR#644783</td> 2826 <td>Critical</td> 2827 <td>None***</td> 2828 <td>Qualcomm internal</td> 2829 </tr> 2830 <tr> 2831 <td>CVE-2014-9930</td> 2832 <td>A-35432946**<br> 2833 QC-CR#634637</td> 2834 <td>Critical</td> 2835 <td>None***</td> 2836 <td>Qualcomm internal</td> 2837 </tr> 2838 <tr> 2839 <td>CVE-2015-9005</td> 2840 <td>A-36393500**<br> 2841 QC-CR#741548</td> 2842 <td>Critical</td> 2843 <td>None***</td> 2844 <td>Qualcomm internal</td> 2845 </tr> 2846 <tr> 2847 <td>CVE-2015-9006</td> 2848 <td>A-36393450**<br> 2849 QC-CR#750559</td> 2850 <td>Critical</td> 2851 <td>None***</td> 2852 <td>Qualcomm internal</td> 2853 </tr> 2854 <tr> 2855 <td>CVE-2015-9007</td> 2856 <td>A-36393700**<br> 2857 QC-CR#807173</td> 2858 <td>Critical</td> 2859 <td>None***</td> 2860 <td>Qualcomm internal</td> 2861 </tr> 2862 <tr> 2863 <td>CVE-2016-10297</td> 2864 <td>A-36393451**<br> 2865 QC-CR#1061123</td> 2866 <td>Critical</td> 2867 <td>None***</td> 2868 <td>Qualcomm internal</td> 2869 </tr> 2870 <tr> 2871 <td>CVE-2014-9941</td> 2872 <td>A-36385125**<br> 2873 QC-CR#509915</td> 2874 <td>High</td> 2875 <td>None***</td> 2876 <td>Qualcomm internal</td> 2877 </tr> 2878 <tr> 2879 <td>CVE-2014-9942</td> 2880 <td>A-36385319**<br> 2881 QC-CR#533283</td> 2882 <td>High</td> 2883 <td>None***</td> 2884 <td>Qualcomm internal</td> 2885 </tr> 2886 <tr> 2887 <td>CVE-2014-9943</td> 2888 <td>A-36385219**<br> 2889 QC-CR#546527</td> 2890 <td>High</td> 2891 <td>None***</td> 2892 <td>Qualcomm internal</td> 2893 </tr> 2894 <tr> 2895 <td>CVE-2014-9944</td> 2896 <td>A-36384534**<br> 2897 QC-CR#613175</td> 2898 <td>High</td> 2899 <td>None***</td> 2900 <td>Qualcomm internal</td> 2901 </tr> 2902 <tr> 2903 <td>CVE-2014-9945</td> 2904 <td>A-36386912**<br> 2905 QC-CR#623452</td> 2906 <td>High</td> 2907 <td>None***</td> 2908 <td>Qualcomm internal</td> 2909 </tr> 2910 <tr> 2911 <td>CVE-2014-9946</td> 2912 <td>A-36385281**<br> 2913 QC-CR#520149</td> 2914 <td>High</td> 2915 <td>None***</td> 2916 <td>Qualcomm internal</td> 2917 </tr> 2918 <tr> 2919 <td>CVE-2014-9947</td> 2920 <td>A-36392400**<br> 2921 QC-CR#650540</td> 2922 <td>High</td> 2923 <td>None***</td> 2924 <td>Qualcomm internal</td> 2925 </tr> 2926 <tr> 2927 <td>CVE-2014-9948</td> 2928 <td>A-36385126**<br> 2929 QC-CR#650500</td> 2930 <td>High</td> 2931 <td>None***</td> 2932 <td>Qualcomm internal</td> 2933 </tr> 2934 <tr> 2935 <td>CVE-2014-9949</td> 2936 <td>A-36390608**<br> 2937 QC-CR#652426</td> 2938 <td>High</td> 2939 <td>None***</td> 2940 <td>Qualcomm internal</td> 2941 </tr> 2942 <tr> 2943 <td>CVE-2014-9950</td> 2944 <td>A-36385321**<br> 2945 QC-CR#655530</td> 2946 <td>High</td> 2947 <td>None***</td> 2948 <td>Qualcomm internal</td> 2949 </tr> 2950 <tr> 2951 <td>CVE-2014-9951</td> 2952 <td>A-36389161**<br> 2953 QC-CR#525043</td> 2954 <td>High</td> 2955 <td>None***</td> 2956 <td>Qualcomm internal</td> 2957 </tr> 2958 <tr> 2959 <td>CVE-2014-9952</td> 2960 <td>A-36387019**<br> 2961 QC-CR#674836</td> 2962 <td>High</td> 2963 <td>None***</td> 2964 <td>Qualcomm internal</td> 2965 </tr> 2966 </table> 2967 2968 <p>* The severity rating for these vulnerabilities was determined by the vendor.</p> 2969 2970 <p>* The patch for this issue is not publicly available. The update is contained 2971 in the latest binary drivers for Nexus devices available from the 2972 <a href="https://developers.google.com/android/nexus/drivers"> 2973 Google Developer site</a>.</p> 2974 2975 <p>*** Supported Google devices on Android 7.1.1 or later that have installed all 2976 available updates are not affected by this vulnerability.</p> 2977 2978 <h2 id="common-questions-and-answers">Common Questions and Answers</h2> 2979 <p>This section answers common questions that may occur after reading this 2980 bulletin.</p> 2981 2982 <p><strong>1. How do I determine if my device is updated to address these issues? 2983 </strong></p> 2984 2985 <p>To learn how to check a device's security patch level, read the instructions on 2986 the 2987 <a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">Pixel 2988 and Nexus update schedule</a>.</p> 2989 2990 <ul> 2991 <li>Security patch levels of 2017-05-01 or later address all issues associated 2992 with the 2017-05-01 security patch level.</li> 2993 <li>Security patch levels of 2017-05-05 or later address all issues associated 2994 with the 2017-05-05 security patch level and all previous patch levels. 2995 </li> 2996 </ul> 2997 2998 <p>Device manufacturers that include these updates should set the patch string 2999 level to:</p> 3000 <ul> 3001 <li>[ro.build.version.security_patch]:[2017-05-01]</li> 3002 <li>[ro.build.version.security_patch]:[2017-05-05]</li> 3003 </ul> 3004 3005 <p><strong>2. Why does this bulletin have two security patch levels?</strong></p> 3006 3007 <p>This bulletin has two security patch levels so that Android partners have the 3008 flexibility to fix a subset of vulnerabilities that are similar across all 3009 Android devices more quickly. Android partners are encouraged to fix all issues 3010 in this bulletin and use the latest security patch level.</p> 3011 <ul> 3012 <li>Devices that use the May 01, 2017 security patch level must include all 3013 issues associated with that security patch level, as well as fixes for all 3014 issues reported in previous security bulletins.</li> 3015 <li>Devices that use the security patch level of May 05, 2017 or newer must 3016 include all applicable patches in this (and previous) security 3017 bulletins.</li> 3018 </ul> 3019 3020 <p>Partners are encouraged to bundle the fixes for all issues they are addressing 3021 in a single update.</p> 3022 3023 <p><strong>3. How do I determine which Google devices are affected by each 3024 issue?</strong></p> 3025 3026 <p>In the <a 3027 href="#2017-05-01-details">2017-05-01</a> and 3028 <a href="#2017-05-05-details">2017-05-05</a> 3029 security vulnerability details sections, each table has an <em>Updated Google 3030 devices</em> column that covers the range of affected Google devices updated for 3031 each issue. This column has a few options:</p> 3032 <ul> 3033 <li><strong>All Google devices</strong>: If an issue affects All and Pixel 3034 devices, the table will have "All" in the <em>Updated Google devices</em> 3035 column. "All" encapsulates the following <a 3036 href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">supported 3037 devices</a>: Nexus 5X, Nexus 6, Nexus 6P, Nexus 9, Android One, Nexus Player, 3038 Pixel C, Pixel, and Pixel XL.</li> 3039 <li><strong>Some Google devices</strong>: If an issue doesn't affect all Google 3040 devices, the affected Google devices are listed in the <em>Updated Google 3041 devices</em> column.</li> 3042 <li><strong>No Google devices</strong>: If no Google devices running Android 7.0 3043 are affected by the issue, the table will have "None" in the <em>Updated Google 3044 devices</em> column. </li> 3045 </ul> 3046 <p><strong>4. What do the entries in the references column map to?</strong></p> 3047 3048 <p>Entries under the <em>References</em> column of the vulnerability details table 3049 may contain a prefix identifying the organization to which the reference value 3050 belongs. These prefixes map as follows:</p> 3051 3052 <table> 3053 <tr> 3054 <th>Prefix</th> 3055 <th>Reference</th> 3056 </tr> 3057 <tr> 3058 <td>A-</td> 3059 <td>Android bug ID</td> 3060 </tr> 3061 <tr> 3062 <td>QC-</td> 3063 <td>Qualcomm reference number</td> 3064 </tr> 3065 <tr> 3066 <td>M-</td> 3067 <td>MediaTek reference number</td> 3068 </tr> 3069 <tr> 3070 <td>N-</td> 3071 <td>NVIDIA reference number</td> 3072 </tr> 3073 <tr> 3074 <td>B-</td> 3075 <td>Broadcom reference number</td> 3076 </tr> 3077 </table> 3078 <h2 id="revisions">Revisions</h2> 3079 <ul> 3080 <li>May 01, 2017: Bulletin published.</li> 3081 <li>May 02, 2017: Bulletin revised to include AOSP links.</li> 3082 </ul> 3083 </body> 3084 </html> 3085
