1 <html devsite> 2 <head> 3 <title>Android Security BulletinJune 2017</title> 4 <meta name="project_path" value="/_project.yaml" /> 5 <meta name="book_path" value="/_book.yaml" /> 6 </head> 7 <body> 8 <!-- 9 Copyright 2017 The Android Open Source Project 10 11 Licensed under the Apache License, Version 2.0 (the "License"); 12 you may not use this file except in compliance with the License. 13 You may obtain a copy of the License at 14 15 http://www.apache.org/licenses/LICENSE-2.0 16 17 Unless required by applicable law or agreed to in writing, software 18 distributed under the License is distributed on an "AS IS" BASIS, 19 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 20 See the License for the specific language governing permissions and 21 limitations under the License. 22 --> 23 <p><em>Published June 5, 2017 | Updated June 7, 2017</em></p> 24 25 <p>The Android Security Bulletin contains details of security vulnerabilities 26 affecting Android devices. Security patch levels of June 05, 2017 or later 27 address all of these issues. Refer to the <a 28 href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">Pixel 29 and Nexus update schedule</a> to learn how to check a device's security patch 30 level.</p> 31 32 <p>Partners were notified of the issues described in the bulletin at least a 33 month ago. Source code patches for these issues will be released to the Android 34 Open Source Project (AOSP) repository and linked from this bulletin. This 35 bulletin also includes links to patches outside of AOSP.</p> 36 37 <p>The most severe of these issues is a critical security vulnerability in Media 38 Framework that could enable a remote attacker using a specially crafted file to 39 cause memory corruption during media file and data processing. The <a 40 href="/security/overview/updates-resources.html#severity">severity 41 assessment</a> is based on the effect that exploiting the vulnerability would 42 possibly have on an affected device, assuming the platform and service 43 mitigations are turned off for development purposes or if successfully bypassed.</p> 44 45 <p>We have had no reports of active customer exploitation or abuse of these newly 46 reported issues. Refer to the 47 <a href="#mitigations">Android and Google Play Protect mitigations</a> 48 section for details on the <a 49 href="/security/enhancements/index.html">Android 50 security platform protections</a> and <a 51 href="https://www.android.com/play-protect">Google Play Protect</a>, 52 which improve the security of the Android platform.</p> 53 54 <p>We encourage all customers to accept these updates to their devices.</p> 55 56 <p class="note"><strong>Note:</strong> Information on the latest over-the-air update (OTA) and 57 firmware images for Google devices is available in the <a 58 href="#google-device-updates">Google device updates</a> section.</p> 59 60 <h2 id="announcements">Announcements</h2> 61 <ul> 62 <li>We've streamlined the monthly security bulletin to make 63 it easier to read. As part of this update, vulnerability information is 64 categorized by affected component, sorted by component name within a 65 security patch level, and Google device-specific information 66 is hosted in a <a href="#google-device-updates">dedicated section</a>.</li> 67 <li>This bulletin has two security patch level strings to provide Android 68 partners with the flexibility to more quickly fix a subset of vulnerabilities 69 that are similar across all Android devices. See <a 70 href="#common-questions-and-answers">Common questions and answers</a> for 71 additional information: 72 <ul> 73 <li><strong>2017-06-01</strong>: Partial security patch level string. This 74 security patch level string indicates that all issues associated with 2017-06-01 75 (and all previous security patch level strings) are addressed.</li> 76 <li><strong>2017-06-05</strong>: Complete security patch level string. This 77 security patch level string indicates that all issues associated with 2017-06-01 78 and 2017-06-05 (and all previous security patch level strings) are 79 addressed.</li> 80 </ul> 81 </li> 82 </ul> 83 84 <h2 id="mitigations">Android and Google Play Protect mitigations</h2> 85 <p>This is a summary of the mitigations provided by the <a 86 href="/security/enhancements/index.html">Android 87 security platform</a> and service protections such as 88 <a href="https://www.android.com/play-protect">Google Play Protect</a>. 89 These capabilities reduce the likelihood that security 90 vulnerabilities could be successfully exploited on Android.</p> 91 <ul> 92 <li>Exploitation for many issues on Android is made more difficult by 93 enhancements in newer versions of the Android platform. We encourage all users 94 to update to the latest version of Android where possible.</li> 95 <li>The Android security team actively monitors for abuse through 96 <a href="https://www.android.com/play-protect">Google Play Protect</a> 97 and warns users about <a 98 href="/security/reports/Google_Android_Security_PHA_classifications.pdf">Potentially 99 Harmful Applications</a>. Google Play Protect is enabled by default on devices 100 with <a href="http://www.android.com/gms">Google Mobile Services</a>, and is 101 especially important for users who install apps from outside of Google Play.</li> 102 </ul> 103 104 <h2 id="2017-06-01-details">2017-06-01 security patch levelVulnerability details</h2> 105 <p>In the sections below, we provide details for each of the security 106 vulnerabilities that apply to the 2017-06-01 patch level. Vulnerabilities are 107 grouped under the component that they affect. There is a description of the 108 issue and a table with the CVE, associated references, <a 109 href="#vulnerability-type">type of vulnerability</a>, <a 110 href="/security/overview/updates-resources.html#severity">severity</a>, 111 and updated AOSP versions (where applicable). When available, we link the public 112 change that addressed the issue to the bug ID, like the AOSP change list. When 113 multiple changes relate to a single bug, additional references are linked to 114 numbers following the bug ID.</p> 115 116 <h3 id="bluetooth">Bluetooth</h3> 117 <p>The most severe vulnerability in this section could enable a local malicious app 118 to access data outside of its permission levels.</p> 119 120 <table> 121 <col width="17%"> 122 <col width="19%"> 123 <col width="9%"> 124 <col width="14%"> 125 <col width="39%"> 126 <tr> 127 <th>CVE</th> 128 <th>References</th> 129 <th>Type</th> 130 <th>Severity</th> 131 <th>Updated AOSP versions</th> 132 </tr> 133 <tr> 134 <td>CVE-2017-0639</td> 135 <td><a href="https://android.googlesource.com/platform/packages/apps/Bluetooth/+/f196061addcc56878078e5684f2029ddbf7055ff">A-35310991</a></td> 136 <td>ID</td> 137 <td>High</td> 138 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> 139 </tr> 140 <tr> 141 <td>CVE-2017-0645</td> 142 <td><a href="https://android.googlesource.com/platform/packages/apps/Bluetooth/+/14b7d7e1537af60b7bca6c7b9e55df0dc7c6bf41">A-35385327</a></td> 143 <td>EoP</td> 144 <td>Moderate</td> 145 <td>6.0.1, 7.0, 7.1.1, 7.1.2</td> 146 </tr> 147 <tr> 148 <td>CVE-2017-0646</td> 149 <td><a href="https://android.googlesource.com/platform/system/bt/+/2bcdf8ec7db12c5651c004601901f1fc25153f2c">A-33899337</a></td> 150 <td>ID</td> 151 <td>Moderate</td> 152 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> 153 </tr> 154 </table> 155 <h3 id="libraries">Libraries</h3> 156 <p>The most severe vulnerability in this section could enable a remote attacker 157 using a specially crafted file execute arbitrary code within the context of an 158 unprivileged process.</p> 159 160 <table> 161 <col width="17%"> 162 <col width="19%"> 163 <col width="9%"> 164 <col width="14%"> 165 <col width="39%"> 166 <tr> 167 <th>CVE</th> 168 <th>References</th> 169 <th>Type</th> 170 <th>Severity</th> 171 <th>Updated AOSP versions</th> 172 </tr> 173 <tr> 174 <td>CVE-2015-8871</td> 175 <td>A-35443562<a href="#asterisk">*</a></td> 176 <td>RCE</td> 177 <td>High</td> 178 <td>5.0.2, 5.1.1, 6.0, 6.0.1</td> 179 </tr> 180 <tr> 181 <td>CVE-2016-8332</td> 182 <td>A-37761553<a href="#asterisk">*</a></td> 183 <td>RCE</td> 184 <td>High</td> 185 <td>5.0.2, 5.1.1, 6.0, 6.0.1</td> 186 </tr> 187 <tr> 188 <td>CVE-2016-5131</td> 189 <td><a href="https://android.googlesource.com/platform/external/libxml2/+/0eff71008becb7f2c2b4509708da4b79985948bb">A-36554209</a></td> 190 <td>RCE</td> 191 <td>High</td> 192 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> 193 </tr> 194 <tr> 195 <td>CVE-2016-4658</td> 196 <td><a href="https://android.googlesource.com/platform/external/libxml2/+/8ea80f29ea5fdf383ee3ae59ce35e55421a339f8">A-36554207</a></td> 197 <td>RCE</td> 198 <td>High</td> 199 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> 200 </tr> 201 <tr> 202 <td>CVE-2017-0663</td> 203 <td><a href="https://android.googlesource.com/platform/external/libxml2/+/521b88fbb6d18312923f0df653d045384b500ffc">A-37104170</a></td> 204 <td>RCE</td> 205 <td>High</td> 206 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> 207 </tr> 208 <tr> 209 <td>CVE-2017-7376</td> 210 <td><a href="https://android.googlesource.com/platform/external/libxml2/+/51e0cb2e5ec18eaf6fb331bc573ff27b743898f4">A-36555370</a></td> 211 <td>RCE</td> 212 <td>High</td> 213 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> 214 </tr> 215 <tr> 216 <td>CVE-2017-5056</td> 217 <td><a href="https://android.googlesource.com/platform/external/libxml2/+/3f571b1bb85cf56903f06bab3a820182115c5541">A-36809819</a></td> 218 <td>RCE</td> 219 <td>Moderate</td> 220 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> 221 </tr> 222 <tr> 223 <td>CVE-2017-7375</td> 224 <td><a href="https://android.googlesource.com/platform/external/libxml2/+/308396a55280f69ad4112d4f9892f4cbeff042aa">A-36556310</a></td> 225 <td>RCE</td> 226 <td>Moderate</td> 227 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> 228 </tr> 229 <tr> 230 <td>CVE-2017-0647</td> 231 <td><a href="https://android.googlesource.com/platform/system/core/+/3d6a43155c702bce0e7e2a93a67247b5ce3946a5">A-36392138</a></td> 232 <td>ID</td> 233 <td>Moderate</td> 234 <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> 235 </tr> 236 <tr> 237 <td>CVE-2016-1839</td> 238 <td><a href="https://android.googlesource.com/platform/external/libxml2/+/ff20cd797822dba8569ee518c44e6864d6b4ebfa">A-36553781</a></td> 239 <td>DoS</td> 240 <td>Moderate</td> 241 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> 242 </tr> 243 </table> 244 <h3 id="media-framework">Media framework</h3> 245 <p>The most severe vulnerability in this section could enable a remote attacker 246 using a specially crafted file to cause memory corruption during media file and 247 data processing.</p> 248 249 <table> 250 <col width="17%"> 251 <col width="19%"> 252 <col width="9%"> 253 <col width="14%"> 254 <col width="39%"> 255 <tr> 256 <th>CVE</th> 257 <th>References</th> 258 <th>Type</th> 259 <th>Severity</th> 260 <th>Updated AOSP versions</th> 261 </tr> 262 <tr> 263 <td>CVE-2017-0637</td> 264 <td><a href="https://android.googlesource.com/platform/external/libhevc/+/ebaa71da6362c497310377df509651974401d258">A-34064500</a></td> 265 <td>RCE</td> 266 <td>Critical</td> 267 <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> 268 </tr> 269 <tr> 270 <td>CVE-2017-0391</td> 271 <td><a href="https://android.googlesource.com/platform/external/libhevc/+/14bc1678a80af5be7401cf750ab762ae8c75cc5a">A-32322258</a></td> 272 <td>DoS</td> 273 <td>High</td> 274 <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> 275 </tr> 276 <tr> 277 <td>CVE-2017-0640</td> 278 <td>A-33129467<a href="#asterisk">*</a></td> 279 <td>DoS</td> 280 <td>High</td> 281 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 282 </tr> 283 <tr> 284 <td>CVE-2017-0641</td> 285 <td><a href="https://android.googlesource.com/platform/external/libvpx/+/698796fc930baecf5c3fdebef17e73d5d9a58bcb">A-34360591</a></td> 286 <td>DoS</td> 287 <td>High</td> 288 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> 289 </tr> 290 <tr> 291 <td>CVE-2017-0642</td> 292 <td><a href="https://android.googlesource.com/platform/external/libhevc/+/913d9e8d93d6b81bb8eac3fc2c1426651f5b259d">A-34819017</a></td> 293 <td>DoS</td> 294 <td>High</td> 295 <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> 296 </tr> 297 <tr> 298 <td>CVE-2017-0643</td> 299 <td>A-35645051<a href="#asterisk">*</a></td> 300 <td>DoS</td> 301 <td>High</td> 302 <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 303 </tr> 304 <tr> 305 <td>CVE-2017-0644</td> 306 <td>A-35472997<a href="#asterisk">*</a></td> 307 <td>DoS</td> 308 <td>High</td> 309 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 310 </tr> 311 </table> 312 <h3 id="system-ui">System UI</h3> 313 <p>The most severe vulnerability in this section could enable an attacker using a 314 specially crafted file to execute arbitrary code within the context of an 315 unprivileged process.</p> 316 317 <table> 318 <col width="17%"> 319 <col width="19%"> 320 <col width="9%"> 321 <col width="14%"> 322 <col width="39%"> 323 <tr> 324 <th>CVE</th> 325 <th>References</th> 326 <th>Type</th> 327 <th>Severity</th> 328 <th>Updated AOSP versions</th> 329 </tr> 330 <tr> 331 <td>CVE-2017-0638</td> 332 <td><a href="https://android.googlesource.com/platform/external/libgdx/+/a98943dd4aece3024f023f00256607d50dcbcd1e">A-36368305</a></td> 333 <td>RCE</td> 334 <td>High</td> 335 <td>7.1.1, 7.1.2</td> 336 </tr> 337 </table> 338 <h2 id="2017-06-05-details">2017-06-05 339 security patch levelVulnerability details</h2> 340 <p>In the sections below, we provide details for each of the security 341 vulnerabilities that apply to the 2017-06-05 patch level. Vulnerabilities are 342 grouped under the component that they affect and include details such as the 343 CVE, associated references, <a 344 href="#vulnerability-type">type of vulnerability</a>, <a 345 href="/security/overview/updates-resources.html#severity">severity</a>, 346 component (where 347 applicable), and updated AOSP versions (where applicable). When available, we 348 link the public change that addressed the issue to the bug ID, like the AOSP 349 change list. When multiple changes relate to a single bug, additional references 350 are linked to numbers following the bug ID.</p> 351 352 <h3 id="kernel-components">Kernel components</h3> 353 <p>The most severe vulnerability in this section could enable a local malicious app 354 to execute arbitrary code within the context of the kernel.</p> 355 356 <table> 357 <col width="17%"> 358 <col width="19%"> 359 <col width="9%"> 360 <col width="14%"> 361 <col width="39%"> 362 <tr> 363 <th>CVE</th> 364 <th>References</th> 365 <th>Type</th> 366 <th>Severity</th> 367 <th>Component</th> 368 </tr> 369 <tr> 370 <td>CVE-2017-0648</td> 371 <td>A-36101220<a href="#asterisk">*</a></td> 372 <td>EoP</td> 373 <td>High</td> 374 <td>FIQ debugger</td> 375 </tr> 376 <tr> 377 <td>CVE-2017-0651</td> 378 <td>A-35644815<a href="#asterisk">*</a></td> 379 <td>ID</td> 380 <td>Low</td> 381 <td>ION subsystem</td> 382 </tr> 383 </table> 384 <h3 id="libraries-05">Libraries</h3> 385 <p>The most severe vulnerability in this section could enable a remote attacker 386 using a specially crafted file to gain access to sensitive information.</p> 387 388 <table> 389 <col width="17%"> 390 <col width="19%"> 391 <col width="9%"> 392 <col width="14%"> 393 <col width="39%"> 394 <tr> 395 <th>CVE</th> 396 <th>References</th> 397 <th>Type</th> 398 <th>Severity</th> 399 <th>Updated AOSP versions</th> 400 </tr> 401 <tr> 402 <td>CVE-2015-7995</td> 403 <td>A-36810065<a href="#asterisk">*</a></td> 404 <td>ID</td> 405 <td>Moderate</td> 406 <td>4.4.4</td> 407 </tr> 408 </table> 409 <h3 id="mediatek-components">MediaTek components</h3> 410 <p>The most severe vulnerability in this section could enable a local malicious app 411 to execute arbitrary code within the context of the kernel.</p> 412 413 <table> 414 <col width="17%"> 415 <col width="19%"> 416 <col width="9%"> 417 <col width="14%"> 418 <col width="39%"> 419 <tr> 420 <th>CVE</th> 421 <th>References</th> 422 <th>Type</th> 423 <th>Severity</th> 424 <th>Component</th> 425 </tr> 426 <tr> 427 <td>CVE-2017-0636</td> 428 <td>A-35310230<a href="#asterisk">*</a><br> 429 M-ALPS03162263</td> 430 <td>EoP</td> 431 <td>High</td> 432 <td>Command queue driver</td> 433 </tr> 434 <tr> 435 <td>CVE-2017-0649</td> 436 <td>A-34468195<a href="#asterisk">*</a><br> 437 M-ALPS03162283</td> 438 <td>EoP</td> 439 <td>Moderate</td> 440 <td>Sound driver</td> 441 </tr> 442 </table> 443 <h3 id="nvidia-components">NVIDIA components</h3> 444 <p>The most severe vulnerability in this section could enable a local malicious app 445 to execute arbitrary code within the context of the kernel.</p> 446 447 <table> 448 <col width="17%"> 449 <col width="19%"> 450 <col width="9%"> 451 <col width="14%"> 452 <col width="39%"> 453 <tr> 454 <th>CVE</th> 455 <th>References</th> 456 <th>Type</th> 457 <th>Severity</th> 458 <th>Component</th> 459 </tr> 460 <tr> 461 <td>CVE-2017-6247</td> 462 <td>A-34386301<a href="#asterisk">*</a><br> 463 N-CVE-2017-6247</td> 464 <td>EoP</td> 465 <td>High</td> 466 <td>Sound driver</td> 467 </tr> 468 <tr> 469 <td>CVE-2017-6248</td> 470 <td>A-34372667<a href="#asterisk">*</a><br> 471 N-CVE-2017-6248</td> 472 <td>EoP</td> 473 <td>Moderate</td> 474 <td>Sound driver</td> 475 </tr> 476 <tr> 477 <td>CVE-2017-6249</td> 478 <td>A-34373711<a href="#asterisk">*</a><br> 479 N-CVE-2017-6249</td> 480 <td>EoP</td> 481 <td>Moderate</td> 482 <td>Sound driver</td> 483 </tr> 484 </table> 485 <h3 id="qualcomm-components">Qualcomm components</h3> 486 <p>The most severe vulnerability in this section could enable a proximate attacker 487 to execute arbitrary code within the context of the kernel.</p> 488 489 <table> 490 <col width="17%"> 491 <col width="19%"> 492 <col width="9%"> 493 <col width="14%"> 494 <col width="39%"> 495 <tr> 496 <th>CVE</th> 497 <th>References</th> 498 <th>Type</th> 499 <th>Severity</th> 500 <th>Component</th> 501 </tr> 502 <tr> 503 <td>CVE-2017-7371</td> 504 <td>A-36250786<br> 505 <a href="https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=e02e63b8014f7a0a5ea17a5196fb4ef1283fd1fd">QC-CR#1101054</a></td> 506 <td>RCE</td> 507 <td>Critical</td> 508 <td>Bluetooth driver</td> 509 </tr> 510 <tr> 511 <td>CVE-2017-7365</td> 512 <td>A-32449913<br> 513 <a href="https://source.codeaurora.org/quic/la//kernel/lk/commit/?id=da49bf21d1c19a6293d33c985066dc0273c476db">QC-CR#1017009</a></td> 514 <td>EoP</td> 515 <td>High</td> 516 <td>Bootloader</td> 517 </tr> 518 <tr> 519 <td>CVE-2017-7366</td> 520 <td>A-36252171<br> 521 <a 522 href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=f4c9ffd6cd7960265f38e285ac43cbecf2459e45">QC-CR#1036161</a> 523 [<a 524 href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=7c4d5736d32f91f0cafe6cd86d00e26389970b00">2</a>]</td> 525 <td>EoP</td> 526 <td>High</td> 527 <td>GPU driver</td> 528 </tr> 529 <tr> 530 <td>CVE-2017-7367</td> 531 <td>A-34514708<br> 532 <a href="https://source.codeaurora.org/quic/la//kernel/lk/commit/?id=07174af1af48c60a41c7136f0c80ffdf4ccc0b57">QC-CR#1008421</a></td> 533 <td>DoS</td> 534 <td>High</td> 535 <td>Bootloader</td> 536 </tr> 537 <tr> 538 <td>CVE-2016-5861</td> 539 <td>A-36251375<br> 540 <a href="https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=cf3c97b8b6165f13810e530068fbf94b07f1f77d">QC-CR#1103510</a></td> 541 <td>EoP</td> 542 <td>Moderate</td> 543 <td>Video driver</td> 544 </tr> 545 <tr> 546 <td>CVE-2016-5864</td> 547 <td>A-36251231<br> 548 <a href="https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=cbc21ceb69cb7bca0643423a7ca982abce3ce50a">QC-CR#1105441</a></td> 549 <td>EoP</td> 550 <td>Moderate</td> 551 <td>Sound driver</td> 552 </tr> 553 <tr> 554 <td>CVE-2017-6421</td> 555 <td>A-36251986<br> 556 <a href="https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=be42c7ff1f0396484882451fd18f47144c8f1b6b">QC-CR#1110563</a></td> 557 <td>EoP</td> 558 <td>Moderate</td> 559 <td>MStar touchscreen driver</td> 560 </tr> 561 <tr> 562 <td>CVE-2017-7364</td> 563 <td>A-36252179<br> 564 <a href="https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=3ce6c47d2142fcd2c4c1181afe08630aaae5a267">QC-CR#1113926</a></td> 565 <td>EoP</td> 566 <td>Moderate</td> 567 <td>Video driver</td> 568 </tr> 569 <tr> 570 <td>CVE-2017-7368</td> 571 <td>A-33452365<br> 572 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=143ef972be1621458930ea3fc1def5ebce7b0c5d">QC-CR#1103085</a></td> 573 <td>EoP</td> 574 <td>Moderate</td> 575 <td>Sound driver</td> 576 </tr> 577 <tr> 578 <td>CVE-2017-7369</td> 579 <td>A-33751424<br> 580 <a href="https://source.codeaurora.org/quic/la//kernel/msm-3.10/commit/?id=75ed08a822cf378ffed0d2f177d06555bd77a006">QC-CR#2009216</a> 581 [<a href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=ae8f1d5f60644983aba7fbab469d0e542a187c6e">2</a>]</td> 582 <td>EoP</td> 583 <td>Moderate</td> 584 <td>Sound driver</td> 585 </tr> 586 <tr> 587 <td>CVE-2017-7370</td> 588 <td>A-34328139<br> 589 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=970edf007fbe64b094437541a42477d653802d85">QC-CR#2006159</a></td> 590 <td>EoP</td> 591 <td>Moderate</td> 592 <td>Video driver</td> 593 </tr> 594 <tr> 595 <td>CVE-2017-7372</td> 596 <td>A-36251497<br> 597 <a href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=1806be003731d6d4be55e5b940d14ab772839e13">QC-CR#1110068</a></td> 598 <td>EoP</td> 599 <td>Moderate</td> 600 <td>Video driver</td> 601 </tr> 602 <tr> 603 <td>CVE-2017-7373</td> 604 <td>A-36251984<br> 605 <a href="https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=e5eb0d3aa6fe62ee437a2269a1802b1a72f61b75">QC-CR#1090244</a></td> 606 <td>EoP</td> 607 <td>Moderate</td> 608 <td>Video driver</td> 609 </tr> 610 <tr> 611 <td>CVE-2017-8233</td> 612 <td>A-34621613<br> 613 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=64b7bc25e019dd07e8042e0a6ec6dc6a1dd0c385">QC-CR#2004036</a></td> 614 <td>EoP</td> 615 <td>Moderate</td> 616 <td>Camera driver</td> 617 </tr> 618 <tr> 619 <td>CVE-2017-8234</td> 620 <td>A-36252121<br> 621 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=6266f954a52641f550ef71653ea83c80bdd083be">QC-CR#832920</a></td> 622 <td>EoP</td> 623 <td>Moderate</td> 624 <td>Camera driver</td> 625 </tr> 626 <tr> 627 <td>CVE-2017-8235</td> 628 <td>A-36252376<br> 629 <a href="https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=7e4424a1b5f6a6536066cca7aac2c3a23fd39f6f">QC-CR#1083323</a></td> 630 <td>EoP</td> 631 <td>Moderate</td> 632 <td>Camera driver</td> 633 </tr> 634 <tr> 635 <td>CVE-2017-8236</td> 636 <td>A-35047217<br> 637 <a href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=cf0d31bc3b04cf2db7737d36b11a5bf50af0c1db">QC-CR#2009606</a></td> 638 <td>EoP</td> 639 <td>Moderate</td> 640 <td>IPA driver</td> 641 </tr> 642 <tr> 643 <td>CVE-2017-8237</td> 644 <td>A-36252377<br> 645 <a href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=342d16ac6fb01e304ec75344c693257e00628ecf">QC-CR#1110522</a></td> 646 <td>EoP</td> 647 <td>Moderate</td> 648 <td>Networking driver</td> 649 </tr> 650 <tr> 651 <td>CVE-2017-8242</td> 652 <td>A-34327981<br> 653 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=6a3b8afdf97e77c0b64005b23fa6d32025d922e5">QC-CR#2009231</a></td> 654 <td>EoP</td> 655 <td>Moderate</td> 656 <td>Secure Execution Environment Communicator driver</td> 657 </tr> 658 <tr> 659 <td>CVE-2017-8239</td> 660 <td>A-36251230<br> 661 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=01db0e012f86b8ba6974e5cb9905261a552a0610">QC-CR#1091603</a></td> 662 <td>ID</td> 663 <td>Moderate</td> 664 <td>Camera driver</td> 665 </tr> 666 <tr> 667 <td>CVE-2017-8240</td> 668 <td>A-36251985<br> 669 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=22b8b6608174c1308208d5bc6c143f4998744547">QC-CR#856379</a></td> 670 <td>ID</td> 671 <td>Moderate</td> 672 <td>Pin controller driver</td> 673 </tr> 674 <tr> 675 <td>CVE-2017-8241</td> 676 <td>A-34203184<br> 677 <a href="https://source.codeaurora.org/quic/la//platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=90213394b7efb28fa511b2eaebc1343ae3b54724">QC-CR#1069175</a></td> 678 <td>ID</td> 679 <td>Low</td> 680 <td>Wi-Fi driver</td> 681 </tr> 682 </table> 683 <h3 id="synaptics-components">Synaptics components</h3> 684 <p>The most severe vulnerability in this section could enable a local malicious app 685 to access data outside of its permission levels.</p> 686 687 <table> 688 <col width="17%"> 689 <col width="19%"> 690 <col width="9%"> 691 <col width="14%"> 692 <col width="39%"> 693 <tr> 694 <th>CVE</th> 695 <th>References</th> 696 <th>Type</th> 697 <th>Severity</th> 698 <th>Component</th> 699 </tr> 700 <tr> 701 <td>CVE-2017-0650</td> 702 <td>A-35472278<a href="#asterisk">*</a></td> 703 <td>EoP</td> 704 <td>Low</td> 705 <td>Touchscreen driver</td> 706 </tr> 707 </table> 708 <h3 id="qualcomm-closed-source-components">Qualcomm closed-source 709 components</h3> 710 <p>These vulnerabilities affect Qualcomm components and are described in further 711 detail in Qualcomm AMSS security bulletins from 20142016. They are included in 712 this Android security bulletin to associate their fixes with an Android security 713 patch level. Fixes for these vulnerabilities are available directly from Qualcomm.</p> 714 715 <table> 716 <col width="17%"> 717 <col width="19%"> 718 <col width="9%"> 719 <col width="14%"> 720 <col width="39%"> 721 <tr> 722 <th>CVE</th> 723 <th>References</th> 724 <th>Type</th> 725 <th>Severity</th> 726 <th>Component</th> 727 </tr> 728 <tr> 729 <td>CVE-2014-9960</td> 730 <td>A-37280308<a href="#asterisk">*</a><br> 731 QC-CR#381837</td> 732 <td>N/A</td> 733 <td>Critical</td> 734 <td>Closed-source component</td> 735 </tr> 736 <tr> 737 <td>CVE-2014-9961</td> 738 <td>A-37279724<a href="#asterisk">*</a><br> 739 QC-CR#581093</td> 740 <td>N/A</td> 741 <td>Critical</td> 742 <td>Closed-source component</td> 743 </tr> 744 <tr> 745 <td>CVE-2014-9953</td> 746 <td>A-36714770<a href="#asterisk">*</a><br> 747 QC-CR#642173</td> 748 <td>N/A</td> 749 <td>Critical</td> 750 <td>Closed-source component</td> 751 </tr> 752 <tr> 753 <td>CVE-2014-9967</td> 754 <td>A-37281466<a href="#asterisk">*</a><br> 755 QC-CR#739110</td> 756 <td>N/A</td> 757 <td>Critical</td> 758 <td>Closed-source component</td> 759 </tr> 760 <tr> 761 <td>CVE-2015-9026</td> 762 <td>A-37277231<a href="#asterisk">*</a><br> 763 QC-CR#748397</td> 764 <td>N/A</td> 765 <td>Critical</td> 766 <td>Closed-source component</td> 767 </tr> 768 <tr> 769 <td>CVE-2015-9027</td> 770 <td>A-37279124<a href="#asterisk">*</a><br> 771 QC-CR#748407</td> 772 <td>N/A</td> 773 <td>Critical</td> 774 <td>Closed-source component</td> 775 </tr> 776 <tr> 777 <td>CVE-2015-9008</td> 778 <td>A-36384689<a href="#asterisk">*</a><br> 779 QC-CR#762111</td> 780 <td>N/A</td> 781 <td>Critical</td> 782 <td>Closed-source component</td> 783 </tr> 784 <tr> 785 <td>CVE-2015-9009</td> 786 <td>A-36393600<a href="#asterisk">*</a><br> 787 QC-CR#762182</td> 788 <td>N/A</td> 789 <td>Critical</td> 790 <td>Closed-source component</td> 791 </tr> 792 <tr> 793 <td>CVE-2015-9010</td> 794 <td>A-36393101<a href="#asterisk">*</a><br> 795 QC-CR#758752</td> 796 <td>N/A</td> 797 <td>Critical</td> 798 <td>Closed-source component</td> 799 </tr> 800 <tr> 801 <td>CVE-2015-9011</td> 802 <td>A-36714882<a href="#asterisk">*</a><br> 803 QC-CR#762167</td> 804 <td>N/A</td> 805 <td>Critical</td> 806 <td>Closed-source component</td> 807 </tr> 808 <tr> 809 <td>CVE-2015-9024</td> 810 <td>A-37265657<a href="#asterisk">*</a><br> 811 QC-CR#740680</td> 812 <td>N/A</td> 813 <td>Critical</td> 814 <td>Closed-source component</td> 815 </tr> 816 <tr> 817 <td>CVE-2015-9012</td> 818 <td>A-36384691<a href="#asterisk">*</a><br> 819 QC-CR#746617</td> 820 <td>N/A</td> 821 <td>Critical</td> 822 <td>Closed-source component</td> 823 </tr> 824 <tr> 825 <td>CVE-2015-9013</td> 826 <td>A-36393251<a href="#asterisk">*</a><br> 827 QC-CR#814373</td> 828 <td>N/A</td> 829 <td>Critical</td> 830 <td>Closed-source component</td> 831 </tr> 832 <tr> 833 <td>CVE-2015-9014</td> 834 <td>A-36393750<a href="#asterisk">*</a><br> 835 QC-CR#855220</td> 836 <td>N/A</td> 837 <td>Critical</td> 838 <td>Closed-source component</td> 839 </tr> 840 <tr> 841 <td>CVE-2015-9015</td> 842 <td>A-36714120<a href="#asterisk">*</a><br> 843 QC-CR#701858</td> 844 <td>N/A</td> 845 <td>Critical</td> 846 <td>Closed-source component</td> 847 </tr> 848 <tr> 849 <td>CVE-2015-9029</td> 850 <td>A-37276981<a href="#asterisk">*</a><br> 851 QC-CR#827837</td> 852 <td>N/A</td> 853 <td>Critical</td> 854 <td>Closed-source component</td> 855 </tr> 856 <tr> 857 <td>CVE-2016-10338</td> 858 <td>A-37277738<a href="#asterisk">*</a><br> 859 QC-CR#987699</td> 860 <td>N/A</td> 861 <td>Critical</td> 862 <td>Closed-source component</td> 863 </tr> 864 <tr> 865 <td>CVE-2016-10336</td> 866 <td>A-37278436<a href="#asterisk">*</a><br> 867 QC-CR#973605</td> 868 <td>N/A</td> 869 <td>Critical</td> 870 <td>Closed-source component</td> 871 </tr> 872 <tr> 873 <td>CVE-2016-10333</td> 874 <td>A-37280574<a href="#asterisk">*</a><br> 875 QC-CR#947438</td> 876 <td>N/A</td> 877 <td>Critical</td> 878 <td>Closed-source component</td> 879 </tr> 880 <tr> 881 <td>CVE-2016-10341</td> 882 <td>A-37281667<a href="#asterisk">*</a><br> 883 QC-CR#991476</td> 884 <td>N/A</td> 885 <td>Critical</td> 886 <td>Closed-source component</td> 887 </tr> 888 <tr> 889 <td>CVE-2016-10335</td> 890 <td>A-37282802<a href="#asterisk">*</a><br> 891 QC-CR#961142</td> 892 <td>N/A</td> 893 <td>Critical</td> 894 <td>Closed-source component</td> 895 </tr> 896 <tr> 897 <td>CVE-2016-10340</td> 898 <td>A-37280614<a href="#asterisk">*</a><br> 899 QC-CR#989028</td> 900 <td>N/A</td> 901 <td>Critical</td> 902 <td>Closed-source component</td> 903 </tr> 904 <tr> 905 <td>CVE-2016-10334</td> 906 <td>A-37280664<a href="#asterisk">*</a><br> 907 QC-CR#949933</td> 908 <td>N/A</td> 909 <td>Critical</td> 910 <td>Closed-source component</td> 911 </tr> 912 <tr> 913 <td>CVE-2016-10339</td> 914 <td>A-37280575<a href="#asterisk">*</a><br> 915 QC-CR#988502</td> 916 <td>N/A</td> 917 <td>Critical</td> 918 <td>Closed-source component</td> 919 </tr> 920 <tr> 921 <td>CVE-2016-10298</td> 922 <td>A-36393252<a href="#asterisk">*</a><br> 923 QC-CR#1020465</td> 924 <td>N/A</td> 925 <td>Critical</td> 926 <td>Closed-source component</td> 927 </tr> 928 <tr> 929 <td>CVE-2016-10299</td> 930 <td>A-32577244<a href="#asterisk">*</a><br> 931 QC-CR#1058511</td> 932 <td>N/A</td> 933 <td>Critical</td> 934 <td>Closed-source component</td> 935 </tr> 936 <tr> 937 <td>CVE-2014-9954</td> 938 <td>A-36388559<a href="#asterisk">*</a><br> 939 QC-CR#552880</td> 940 <td>N/A</td> 941 <td>High</td> 942 <td>Closed-source component</td> 943 </tr> 944 <tr> 945 <td>CVE-2014-9955</td> 946 <td>A-36384686<a href="#asterisk">*</a><br> 947 QC-CR#622701</td> 948 <td>N/A</td> 949 <td>High</td> 950 <td>Closed-source component</td> 951 </tr> 952 <tr> 953 <td>CVE-2014-9956</td> 954 <td>A-36389611<a href="#asterisk">*</a><br> 955 QC-CR#638127</td> 956 <td>N/A</td> 957 <td>High</td> 958 <td>Closed-source component</td> 959 </tr> 960 <tr> 961 <td>CVE-2014-9957</td> 962 <td>A-36387564<a href="#asterisk">*</a><br> 963 QC-CR#638984</td> 964 <td>N/A</td> 965 <td>High</td> 966 <td>Closed-source component</td> 967 </tr> 968 <tr> 969 <td>CVE-2014-9958</td> 970 <td>A-36384774<a href="#asterisk">*</a><br> 971 QC-CR#638135</td> 972 <td>N/A</td> 973 <td>High</td> 974 <td>Closed-source component</td> 975 </tr> 976 <tr> 977 <td>CVE-2014-9962</td> 978 <td>A-37275888<a href="#asterisk">*</a><br> 979 QC-CR#656267</td> 980 <td>N/A</td> 981 <td>High</td> 982 <td>Closed-source component</td> 983 </tr> 984 <tr> 985 <td>CVE-2014-9963</td> 986 <td>A-37276741<a href="#asterisk">*</a><br> 987 QC-CR#657771</td> 988 <td>N/A</td> 989 <td>High</td> 990 <td>Closed-source component</td> 991 </tr> 992 <tr> 993 <td>CVE-2014-9959</td> 994 <td>A-36383694<a href="#asterisk">*</a><br> 995 QC-CR#651900</td> 996 <td>N/A</td> 997 <td>High</td> 998 <td>Closed-source component</td> 999 </tr> 1000 <tr> 1001 <td>CVE-2014-9964</td> 1002 <td>A-37280321<a href="#asterisk">*</a><br> 1003 QC-CR#680778</td> 1004 <td>N/A</td> 1005 <td>High</td> 1006 <td>Closed-source component</td> 1007 </tr> 1008 <tr> 1009 <td>CVE-2014-9965</td> 1010 <td>A-37278233<a href="#asterisk">*</a><br> 1011 QC-CR#711585</td> 1012 <td>N/A</td> 1013 <td>High</td> 1014 <td>Closed-source component</td> 1015 </tr> 1016 <tr> 1017 <td>CVE-2014-9966</td> 1018 <td>A-37282854<a href="#asterisk">*</a><br> 1019 QC-CR#727398</td> 1020 <td>N/A</td> 1021 <td>High</td> 1022 <td>Closed-source component</td> 1023 </tr> 1024 <tr> 1025 <td>CVE-2015-9023</td> 1026 <td>A-37276138<a href="#asterisk">*</a><br> 1027 QC-CR#739802</td> 1028 <td>N/A</td> 1029 <td>High</td> 1030 <td>Closed-source component</td> 1031 </tr> 1032 <tr> 1033 <td>CVE-2015-9020</td> 1034 <td>A-37276742<a href="#asterisk">*</a><br> 1035 QC-CR#733455</td> 1036 <td>N/A</td> 1037 <td>High</td> 1038 <td>Closed-source component</td> 1039 </tr> 1040 <tr> 1041 <td>CVE-2015-9021</td> 1042 <td>A-37276743<a href="#asterisk">*</a><br> 1043 QC-CR#735148</td> 1044 <td>N/A</td> 1045 <td>High</td> 1046 <td>Closed-source component</td> 1047 </tr> 1048 <tr> 1049 <td>CVE-2015-9025</td> 1050 <td>A-37276744<a href="#asterisk">*</a><br> 1051 QC-CR#743985</td> 1052 <td>N/A</td> 1053 <td>High</td> 1054 <td>Closed-source component</td> 1055 </tr> 1056 <tr> 1057 <td>CVE-2015-9022</td> 1058 <td>A-37280226<a href="#asterisk">*</a><br> 1059 QC-CR#736146</td> 1060 <td>N/A</td> 1061 <td>High</td> 1062 <td>Closed-source component</td> 1063 </tr> 1064 <tr> 1065 <td>CVE-2015-9028</td> 1066 <td>A-37277982<a href="#asterisk">*</a><br> 1067 QC-CR#762764</td> 1068 <td>N/A</td> 1069 <td>High</td> 1070 <td>Closed-source component</td> 1071 </tr> 1072 <tr> 1073 <td>CVE-2015-9031</td> 1074 <td>A-37275889<a href="#asterisk">*</a><br> 1075 QC-CR#866015</td> 1076 <td>N/A</td> 1077 <td>High</td> 1078 <td>Closed-source component</td> 1079 </tr> 1080 <tr> 1081 <td>CVE-2015-9032</td> 1082 <td>A-37279125<a href="#asterisk">*</a><br> 1083 QC-CR#873202</td> 1084 <td>N/A</td> 1085 <td>High</td> 1086 <td>Closed-source component</td> 1087 </tr> 1088 <tr> 1089 <td>CVE-2015-9033</td> 1090 <td>A-37276139<a href="#asterisk">*</a><br> 1091 QC-CR#892541</td> 1092 <td>N/A</td> 1093 <td>High</td> 1094 <td>Closed-source component</td> 1095 </tr> 1096 <tr> 1097 <td>CVE-2015-9030</td> 1098 <td>A-37282907<a href="#asterisk">*</a><br> 1099 QC-CR#854667</td> 1100 <td>N/A</td> 1101 <td>High</td> 1102 <td>Closed-source component</td> 1103 </tr> 1104 <tr> 1105 <td>CVE-2016-10332</td> 1106 <td>A-37282801<a href="#asterisk">*</a><br> 1107 QC-CR#906713<br> 1108 QC-CR#917701<br> 1109 QC-CR#917702</td> 1110 <td>N/A</td> 1111 <td>High</td> 1112 <td>Closed-source component</td> 1113 </tr> 1114 <tr> 1115 <td>CVE-2016-10337</td> 1116 <td>A-37280665<a href="#asterisk">*</a><br> 1117 QC-CR#977632</td> 1118 <td>N/A</td> 1119 <td>High</td> 1120 <td>Closed-source component</td> 1121 </tr> 1122 <tr> 1123 <td>CVE-2016-10342</td> 1124 <td>A-37281763<a href="#asterisk">*</a><br> 1125 QC-CR#988941</td> 1126 <td>N/A</td> 1127 <td>High</td> 1128 <td>Closed-source component</td> 1129 </tr> 1130 </table> 1131 <h2 id="google-device-updates">Google device updates</h2> 1132 <p>This table contains the security patch level in the latest over-the-air update 1133 (OTA) and firmware images for Google devices. The Google device firmware images 1134 are available on the <a 1135 href="https://developers.google.com/android/nexus/images">Google Developer 1136 site</a>.</p> 1137 1138 <table> 1139 <col width="25%"> 1140 <col width="75%"> 1141 <tr> 1142 <th>Google device</th> 1143 <th>Security patch level</th> 1144 </tr> 1145 <tr> 1146 <td>Pixel / Pixel XL</td> 1147 <td>June 05, 2017</td> 1148 </tr> 1149 <tr> 1150 <td>Nexus 5X</td> 1151 <td>June 05, 2017</td> 1152 </tr> 1153 <tr> 1154 <td>Nexus 6</td> 1155 <td>June 05, 2017</td> 1156 </tr> 1157 <tr> 1158 <td>Nexus 6P</td> 1159 <td>June 05, 2017</td> 1160 </tr> 1161 <tr> 1162 <td>Nexus 9</td> 1163 <td>June 05, 2017</td> 1164 </tr> 1165 <tr> 1166 <td>Nexus Player</td> 1167 <td>June 05, 2017</td> 1168 </tr> 1169 <tr> 1170 <td>Pixel C</td> 1171 <td>June 05, 2017</td> 1172 </tr> 1173 </table> 1174 <h2 id="acknowledgements">Acknowledgements</h2> 1175 <p>We would like to thank these researchers for their contributions:</p> 1176 1177 <table> 1178 <col width="17%"> 1179 <col width="83%"> 1180 <tr> 1181 <th>CVEs</th> 1182 <th>Researchers</th> 1183 </tr> 1184 <tr> 1185 <td>CVE-2017-0643, CVE-2017-0641</td> 1186 <td>Ecular Xu() of Trend Micro</td> 1187 </tr> 1188 <tr> 1189 <td>CVE-2017-0645, CVE-2017-0639</td> 1190 <td>En He (<a href="https://twitter.com/heeeeen4x">@heeeeen4x</a>) and Bo Liu 1191 of <a href="http://www.ms509.com">MS509Team</a></td> 1192 </tr> 1193 <tr> 1194 <td>CVE-2017-0649</td> 1195 <td>Gengjia Chen (<a 1196 href="https://twitter.com/chengjia4574">@chengjia4574</a>) and <a 1197 href="http://weibo.com/jfpan">pjf</a> of IceSword Lab, Qihoo 360 Technology Co. 1198 Ltd.</td> 1199 </tr> 1200 <tr> 1201 <td>CVE-2017-0646</td> 1202 <td>Godzheng ( -<a 1203 href="https://twitter.com/VirtualSeekers">@VirtualSeekers</a>) of Tencent PC 1204 Manager</td> 1205 </tr> 1206 <tr> 1207 <td>CVE-2017-0636</td> 1208 <td>Jake Corina and Nick Stephens of Shellphish Grill Team</td> 1209 </tr> 1210 <tr> 1211 <td>CVE-2017-8233</td> 1212 <td>Jianqiang Zhao (<a 1213 href="https://twitter.com/jianqiangzhao">@jianqiangzhao</a>) and <a 1214 href="http://weibo.com/jfpan">pjf </a>of IceSword Lab, Qihoo 360</td> 1215 </tr> 1216 <tr> 1217 <td>CVE-2017-7368</td> 1218 <td>Lubo Zhang (<a 1219 href="mailto:zlbzlb815 (a] 163.com">zlbzlb815 (a] 163.com</a>),Yuan-Tsung Lo (<a 1220 href="mailto:computernik (a] gmail.com">computernik (a] gmail.com</a>), and Xuxian Jiang 1221 of <a href="http://c0reteam.org">C0RE Team</a></td> 1222 </tr> 1223 <tr> 1224 <td>CVE-2017-8242</td> 1225 <td>Nathan Crandall (<a href="https://twitter.com/natecray">@natecray</a>) of 1226 Tesla's Product Security Team</td> 1227 </tr> 1228 <tr> 1229 <td>CVE-2017-0650</td> 1230 <td>Omer Shwartz, Amir Cohen, Dr. Asaf Shabtai, and Dr. Yossi Oren of Ben 1231 Gurion University Cyber Lab</td> 1232 </tr> 1233 <tr> 1234 <td>CVE-2017-0648</td> 1235 <td>Roee Hay (<a href="https://twitter.com/roeehay">@roeehay</a>) of <a 1236 href="https://alephsecurity.com/">Aleph Research</a>, HCL Technologies</td> 1237 </tr> 1238 <tr> 1239 <td>CVE-2017-7369, CVE-2017-6249, CVE-2017-6247, CVE-2017-6248</td> 1240 <td>sevenshen (<a href="https://twitter.com/lingtongshen">@lingtongshen</a>) 1241 of TrendMicro</td> 1242 </tr> 1243 <tr> 1244 <td>CVE-2017-0642, CVE-2017-0637, CVE-2017-0638</td> 1245 <td>Vasily Vasiliev</td> 1246 </tr> 1247 <tr> 1248 <td>CVE-2017-0640</td> 1249 <td>V.E.O (<a href="https://twitter.com/vysea">@VYSEa</a>) of <a 1250 href="http://blog.trendmicro.com/trendlabs-security-intelligence/category/mobile/">Mobile 1251 Threat Response Team</a>, <a href="http://www.trendmicro.com">Trend Micro</a></td> 1252 </tr> 1253 <tr> 1254 <td>CVE-2017-8236</td> 1255 <td>Xiling Gong of Tencent Security Platform Department</td> 1256 </tr> 1257 <tr> 1258 <td>CVE-2017-0647</td> 1259 <td>Yangkang (<a href="https://twitter.com/dnpushme">@dnpushme</a>) and 1260 Liyadong of Qex Team, Qihoo 360</td> 1261 </tr> 1262 <tr> 1263 <td>CVE-2017-7370</td> 1264 <td>Yonggang Guo (<a href="https://twitter.com/guoygang">@guoygang</a>) of 1265 IceSword Lab, Qihoo 360 Technology Co. Ltd</td> 1266 </tr> 1267 <tr> 1268 <td>CVE-2017-0651</td> 1269 <td>Yuan-Tsung Lo (<a 1270 href="mailto:computernik (a] gmail.com">computernik (a] gmail.com</a>) and Xuxian Jiang 1271 of <a href="http://c0reteam.org">C0RE Team</a></td> 1272 </tr> 1273 <tr> 1274 <td>CVE-2017-8241</td> 1275 <td>Zubin Mithra of Google</td> 1276 </tr> 1277 </table> 1278 <h2 id="common-questions-and-answers">Common questions and answers</h2> 1279 <p>This section answers common questions that may occur after reading this 1280 bulletin.</p> 1281 1282 <p><strong>1. How do I determine if my device is updated to address these issues? 1283 </strong></p> 1284 1285 <p>To learn how to check a device's security patch level, read the instructions on 1286 the <a 1287 href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">Pixel 1288 and Nexus update schedule</a>.</p> 1289 <ul> 1290 <li>Security patch levels of 2017-06-01 or later address all issues associated 1291 with the 2017-06-01 security patch level.</li> 1292 <li>Security patch levels of 2017-06-05 or later address all issues associated 1293 with the 2017-06-05 security patch level and all previous patch levels.</li></ul> 1294 <p>Device manufacturers that include these updates should set the patch string 1295 level to:</p> 1296 <ul> 1297 <li>[ro.build.version.security_patch]:[2017-06-01]</li> 1298 <li>[ro.build.version.security_patch]:[2017-06-05]</li></ul> 1299 <p><strong>2. Why does this bulletin have two security patch levels?</strong></p> 1300 1301 <p>This bulletin has two security patch levels so that Android partners have the 1302 flexibility to fix a subset of vulnerabilities that are similar across all 1303 Android devices more quickly. Android partners are encouraged to fix all issues 1304 in this bulletin and use the latest security patch level.</p> 1305 <ul> 1306 <li>Devices that use the June 01, 2017 security patch level must include all 1307 issues associated with that security patch level, as well as fixes for all 1308 issues reported in previous security bulletins.</li> 1309 <li>Devices that use the security patch level of June 05, 2017 or newer must 1310 include all applicable patches in this (and previous) security 1311 bulletins.</li></ul> 1312 <p>Partners are encouraged to bundle the fixes for all issues they are addressing 1313 in a single update.</p> 1314 1315 <p id="vulnerability-type"><strong>3. What do the entries in the <em>Type</em> column mean?</strong></p> 1316 1317 <p>Entries in the <em>Type</em> column of the vulnerability details table reference 1318 the classification of the security vulnerability.</p> 1319 1320 <table> 1321 <col width="25%"> 1322 <col width="75%"> 1323 <tr> 1324 <th>Abbreviation</th> 1325 <th>Definition</th> 1326 </tr> 1327 <tr> 1328 <td>RCE</td> 1329 <td>Remote code execution</td> 1330 </tr> 1331 <tr> 1332 <td>EoP</td> 1333 <td>Elevation of privilege</td> 1334 </tr> 1335 <tr> 1336 <td>ID</td> 1337 <td>Information disclosure</td> 1338 </tr> 1339 <tr> 1340 <td>DoS</td> 1341 <td>Denial of service</td> 1342 </tr> 1343 <tr> 1344 <td>N/A</td> 1345 <td>Classification not available</td> 1346 </tr> 1347 </table> 1348 <p><strong>4. What do the entries in the <em>References</em> column mean?</strong></p> 1349 1350 <p>Entries under the <em>References</em> column of the vulnerability details table 1351 may contain a prefix identifying the organization to which the reference value 1352 belongs.</p> 1353 1354 <table> 1355 <col width="25%"> 1356 <col width="75%"> 1357 <tr> 1358 <th>Prefix</th> 1359 <th>Reference</th> 1360 </tr> 1361 <tr> 1362 <td>A-</td> 1363 <td>Android bug ID</td> 1364 </tr> 1365 <tr> 1366 <td>QC-</td> 1367 <td>Qualcomm reference number</td> 1368 </tr> 1369 <tr> 1370 <td>M-</td> 1371 <td>MediaTek reference number</td> 1372 </tr> 1373 <tr> 1374 <td>N-</td> 1375 <td>NVIDIA reference number</td> 1376 </tr> 1377 <tr> 1378 <td>B-</td> 1379 <td>Broadcom reference number</td> 1380 </tr> 1381 </table> 1382 <p id="asterisk"><strong>5. What does a <a href="#asterisk">*</a> next to the Android bug ID in the <em>References</em> 1383 column mean?</strong></p> 1384 1385 <p>Issues that are not publicly available have a <a href="#asterisk">*</a> next to the Android bug ID in 1386 the <em>References</em> column. The update for that issue is generally contained 1387 in the latest binary drivers for Nexus devices available from the <a 1388 href="https://developers.google.com/android/nexus/drivers">Google Developer 1389 site</a>.</p> 1390 1391 <h2 id="versions">Versions</h2> 1392 <table> 1393 <col width="25%"> 1394 <col width="25%"> 1395 <col width="50%"> 1396 <tr> 1397 <th>Version</th> 1398 <th>Date</th> 1399 <th>Notes</th> 1400 </tr> 1401 <tr> 1402 <td>1.0</td> 1403 <td>June 5, 2017</td> 1404 <td>Bulletin published.</td> 1405 </tr> 1406 <tr> 1407 <td>1.1</td> 1408 <td>June 7, 2017</td> 1409 <td>Bulletin revised to include AOSP links.</td> 1410 </tr> 1411 <tr> 1412 <td>1.2</td> 1413 <td>July 11, 2017</td> 1414 <td>Bulletin revised to include CVE-2017-6249.</td> 1415 </tr> 1416 </table> 1417 </body> 1418 </html> 1419
