1 <html devsite> 2 <head> 3 <title>Android Security BulletinJuly 2017</title> 4 <meta name="project_path" value="/_project.yaml" /> 5 <meta name="book_path" value="/_book.yaml" /> 6 </head> 7 <body> 8 <!-- 9 Copyright 2017 The Android Open Source Project 10 11 Licensed under the Apache License, Version 2.0 (the "License"); 12 you may not use this file except in compliance with the License. 13 You may obtain a copy of the License at 14 15 //www.apache.org/licenses/LICENSE-2.0 16 17 Unless required by applicable law or agreed to in writing, software 18 distributed under the License is distributed on an "AS IS" BASIS, 19 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 20 See the License for the specific language governing permissions and 21 limitations under the License. 22 --> 23 <p><em>Published July 5, 2017 | Updated July 6, 2017</em></p> 24 25 <p>The Android Security Bulletin contains details of security vulnerabilities 26 affecting Android devices. Security patch levels of July 05, 2017 or later 27 address all of these issues. Refer to the <a 28 href="//support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">Pixel 29 and Nexus update schedule</a> to learn how to check a device's security patch 30 level.</p> 31 32 <p>Partners were notified of the issues described in the bulletin at least a month 33 ago. Source code patches for these issues have been released to the Android Open 34 Source Project (AOSP) repository and linked from this bulletin. This bulletin also 35 includes links to patches outside of AOSP.</p> 36 37 <p>The most severe of these issues is a critical security vulnerability in media 38 framework that could enable a remote attacker using a specially crafted file to 39 execute arbitrary code within the context of a privileged process. The <a 40 href="/security/overview/updates-resources.html#severity">severity 41 assessment</a> is based on the effect that exploiting the vulnerability would 42 possibly have on an affected device, assuming the platform and service 43 mitigations are turned off for development purposes or if successfully bypassed.</p> 44 45 <p>We have had no reports of active customer exploitation or abuse of these newly 46 reported issues. Refer to the <a 47 href="#mitigations">Android and Google Play 48 Protect mitigations</a> section for details on the <a 49 href="/security/enhancements/index.html">Android 50 security platform protections</a> and Google Play Protect, which improve the 51 security of the Android platform.</p> 52 53 <p>We encourage all customers to accept these updates to their devices.</p> 54 55 <p class="note"><strong>Note:</strong> Information on the latest over-the-air 56 update (OTA) and firmware images for Google devices is available in the 57 <a href="#google-device-updates">Google device updates</a> section.</p> 58 59 <h2 id="announcements">Announcements</h2> 60 <ul> 61 <li>This bulletin has two security patch level strings to provide Android 62 partners with the flexibility to more quickly fix a subset of vulnerabilities 63 that are similar across all Android devices. See <a 64 href="#common-questions-and-answers">Common questions and answers</a> for 65 additional information: 66 <ul> 67 <li><strong>2017-07-01</strong>: Partial security patch level string. This 68 security patch level string indicates that all issues associated with 2017-07-01 69 (and all previous security patch level strings) are addressed.</li> 70 <li><strong>2017-07-05</strong>: Complete security patch level string. This 71 security patch level string indicates that all issues associated with 2017-07-01 72 and 2017-07-05 (and all previous security patch level strings) are 73 addressed.</li> 74 </ul> 75 </li> 76 </ul> 77 78 <h2 id="mitigations">Android and Google Play Protect mitigations</h2> 79 <p>This is a summary of the mitigations provided by the <a 80 href="/security/enhancements/index.html">Android 81 security platform</a> and service protections such as <a 82 href="//www.android.com/play-protect">Google Play Protect</a>. These 83 capabilities reduce the likelihood that security vulnerabilities could be 84 successfully exploited on Android.</p> 85 <ul> 86 <li>Exploitation for many issues on Android is made more difficult by 87 enhancements in newer versions of the Android platform. We encourage all users 88 to update to the latest version of Android where possible.</li> 89 <li>The Android security team actively monitors for abuse through <a 90 href="//www.android.com/play-protect">Google Play Protect</a> and warns 91 users about <a 92 href="/security/reports/Google_Android_Security_PHA_classifications.pdf">Potentially 93 Harmful Applications</a>. Google Play Protect is enabled by default on devices 94 with <a href="//www.android.com/gms">Google Mobile Services</a>, and is 95 especially important for users who install apps from outside of Google Play. 96 </li> 97 </ul> 98 99 <h2 id="2017-07-01-details">2017-07-01 security patch levelVulnerability details</h2> 100 <p>In the sections below, we provide details for each of the security 101 vulnerabilities that apply to the 2017-07-01 patch level. Vulnerabilities are 102 grouped under the component that they affect. There is a description of the 103 issue and a table with the CVE, associated references, <a 104 href="#common-questions-and-answers">type of vulnerability</a>, <a 105 href="/security/overview/updates-resources.html#severity">severity</a>, 106 and updated AOSP versions (where applicable). When available, we link the public 107 change that addressed the issue to the bug ID, like the AOSP change list. When 108 multiple changes relate to a single bug, additional references are linked to 109 numbers following the bug ID.</p> 110 111 <h3 id="runtime">Runtime</h3> 112 <p>The most severe vulnerability in this section could enable a remote attacker 113 using a specially crafted file to execute arbitrary code within the context of 114 an unprivileged process.</p> 115 116 <table> 117 <col width="17%"> 118 <col width="19%"> 119 <col width="9%"> 120 <col width="14%"> 121 <col width="39%"> 122 <tr> 123 <th>CVE</th> 124 <th>References</th> 125 <th>Type</th> 126 <th>Severity</th> 127 <th>Updated AOSP versions</th> 128 </tr> 129 <tr> 130 <td>CVE-2017-3544</td> 131 <td><a href="https://android.googlesource.com/platform/libcore/+/c5dd90d62590425f04a261e0f6c927acca147f88"> 132 A-35784677</a></td> 133 <td>RCE</td> 134 <td>Moderate</td> 135 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> 136 </tr> 137 </table> 138 <h3 id="framework">Framework</h3> 139 <p>The most severe vulnerability in this section could enable a local malicious 140 application using a specially crafted file to execute arbitrary code within the 141 context of an application that uses the library.</p> 142 143 <table> 144 <col width="17%"> 145 <col width="19%"> 146 <col width="9%"> 147 <col width="14%"> 148 <col width="39%"> 149 <tr> 150 <th>CVE</th> 151 <th>References</th> 152 <th>Type</th> 153 <th>Severity</th> 154 <th>Updated AOSP versions</th> 155 </tr> 156 <tr> 157 <td>CVE-2017-0664</td> 158 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/59773dc2f213c3e645c7e04881afa0a8e6ffccca"> 159 A-36491278</a></td> 160 <td>EoP</td> 161 <td>High</td> 162 <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> 163 </tr> 164 <tr> 165 <td>CVE-2017-0665</td> 166 <td><a href="https://android.googlesource.com/platform/frameworks/native/+/75edf04bf18d37df28fb58e1d75331ed4bcae230"> 167 A-36991414</a></td> 168 <td>EoP</td> 169 <td>High</td> 170 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> 171 </tr> 172 <tr> 173 <td>CVE-2017-0666</td> 174 <td><a href="https://android.googlesource.com/platform/frameworks/native/+/5fc2df253c089b53b3e235a3f237f96a98b53977"> 175 A-37285689</a></td> 176 <td>EoP</td> 177 <td>High</td> 178 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> 179 </tr> 180 <tr> 181 <td>CVE-2017-0667</td> 182 <td><a href="https://android.googlesource.com/platform/frameworks/native/+/5ac63e4547feaa7cb51ac81896250f47f367ffba"> 183 A-37478824</a></td> 184 <td>EoP</td> 185 <td>High</td> 186 <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> 187 </tr> 188 <tr> 189 <td>CVE-2017-0668</td> 190 <td><a href="https://android.googlesource.com/platform/packages/providers/DownloadProvider/+/b3e3325d23289a94e66d8ce36a53a7ccf7b52c6d"> 191 A-22011579</a></td> 192 <td>ID</td> 193 <td>Moderate</td> 194 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> 195 </tr> 196 <tr> 197 <td>CVE-2017-0669</td> 198 <td><a href="https://android.googlesource.com/platform/packages/providers/MediaProvider/+/7b7ef84234cd3daea0e22025b908b0041885736c"> 199 A-34114752</a></td> 200 <td>ID</td> 201 <td>High</td> 202 <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> 203 </tr> 204 <tr> 205 <td>CVE-2017-0670</td> 206 <td><a href="https://android.googlesource.com/platform/bionic/+/e102faee8b2f87c28616e7f5453f9a11eea9b122"> 207 A-36104177</a></td> 208 <td>DoS</td> 209 <td>High</td> 210 <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> 211 </tr> 212 </table> 213 <h3 id="libraries">Libraries</h3> 214 <p>The most severe vulnerability in this section could enable a remote attacker 215 using a specially crafted file to execute arbitrary code within the context of 216 an application that uses the library.</p> 217 218 <table> 219 <col width="17%"> 220 <col width="19%"> 221 <col width="9%"> 222 <col width="14%"> 223 <col width="39%"> 224 <tr> 225 <th>CVE</th> 226 <th>References</th> 227 <th>Type</th> 228 <th>Severity</th> 229 <th>Updated AOSP versions</th> 230 </tr> 231 <tr> 232 <td>CVE-2017-0671</td> 233 <td>A-34514762<a href="#asterisk">*</a></td> 234 <td>RCE</td> 235 <td>High</td> 236 <td>4.4.4</td> 237 </tr> 238 <tr> 239 <td>CVE-2016-2109</td> 240 <td><a href="https://android.googlesource.com/platform/external/boringssl/+/ccb2efe8d3fccb4321e85048d67c8528e03d4652"> 241 A-35443725</a></td> 242 <td>DoS</td> 243 <td>High</td> 244 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> 245 </tr> 246 <tr> 247 <td>CVE-2017-0672</td> 248 <td><a href="https://android.googlesource.com/platform/external/skia/+/c4087ff5486d36a690c681affb668164ec0dd697"> 249 A-34778578</a></td> 250 <td>DoS</td> 251 <td>High</td> 252 <td>7.0, 7.1.1, 7.1.2</td> 253 </tr> 254 </table> 255 <h3 id="media-framework">Media framework</h3> 256 <p>The most severe vulnerability in this section could enable a remote attacker 257 using a specially crafted file to execute arbitrary code within the context of 258 a privileged process.</p> 259 260 <table> 261 <col width="17%"> 262 <col width="19%"> 263 <col width="9%"> 264 <col width="14%"> 265 <col width="39%"> 266 <tr> 267 <th>CVE</th> 268 <th>References</th> 269 <th>Type</th> 270 <th>Severity</th> 271 <th>Updated AOSP versions</th> 272 </tr> 273 <tr> 274 <td>CVE-2017-0540</td> 275 <td><a href="https://android.googlesource.com/platform/external/libhevc/+/a92b39ff0c47d488b81fecd62ba85e48d386aa68"> 276 A-33966031</a></td> 277 <td>RCE</td> 278 <td>Critical</td> 279 <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> 280 </tr> 281 <tr> 282 <td>CVE-2017-0673</td> 283 <td><a href="https://android.googlesource.com/platform/external/libavc/+/381ccb2b7f2ba42490bafab6aa7a63a8212b396f"> 284 A-33974623</a></td> 285 <td>RCE</td> 286 <td>Critical</td> 287 <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> 288 </tr> 289 <tr> 290 <td>CVE-2017-0674</td> 291 <td><a href="https://android.googlesource.com/platform/external/libmpeg2/+/1603112cccbab3dff66a7eb1b82e858c1749f34b"> 292 A-34231163</a></td> 293 <td>RCE</td> 294 <td>Critical</td> 295 <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> 296 </tr> 297 <tr> 298 <td>CVE-2017-0675</td> 299 <td><a href="https://android.googlesource.com/platform/external/libhevc/+/726108468dcfdabb833b8d55333de53cf6350aaa"> 300 A-34779227</a> 301 [<a href="https://android.googlesource.com/platform/external/libhevc/+/4395fc2288e3f692765c73fce416e831fdaa5463">2</a>]</td> 302 <td>RCE</td> 303 <td>Critical</td> 304 <td>6.0.1, 7.0, 7.1.1, 7.1.2</td> 305 </tr> 306 <tr> 307 <td>CVE-2017-0676</td> 308 <td><a href="https://android.googlesource.com/platform/external/libhevc/+/8e415eabb5d2abd2f2bd40a675339d967f81521b"> 309 A-34896431</a></td> 310 <td>RCE</td> 311 <td>Critical</td> 312 <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> 313 </tr> 314 <tr> 315 <td>CVE-2017-0677</td> 316 <td><a href="https://android.googlesource.com/platform/external/libavc/+/b8fee6a6d0a91fb5ddca8f54b0c891e25c1b65ae"> 317 A-36035074</a></td> 318 <td>RCE</td> 319 <td>Critical</td> 320 <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> 321 </tr> 322 <tr> 323 <td>CVE-2017-0678</td> 324 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/64bc0b8c0c495c487604d483aa57978db7f634be"> 325 A-36576151</a></td> 326 <td>RCE</td> 327 <td>Critical</td> 328 <td>7.0, 7.1.1, 7.1.2</td> 329 </tr> 330 <tr> 331 <td>CVE-2017-0679</td> 332 <td><a href="https://android.googlesource.com/platform/external/libavc/+/91cb6b1745f3e9d341cf6decc2b916cb1e4eea77"> 333 A-36996978</a></td> 334 <td>RCE</td> 335 <td>Critical</td> 336 <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> 337 </tr> 338 <tr> 339 <td>CVE-2017-0680</td> 340 <td><a href="https://android.googlesource.com/platform/external/libavc/+/989df73b34a7a698731cab3ee1e4a831a862fbe1"> 341 A-37008096</a></td> 342 <td>RCE</td> 343 <td>Critical</td> 344 <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> 345 </tr> 346 <tr> 347 <td>CVE-2017-0681</td> 348 <td><a href="https://android.googlesource.com/platform/external/tremolo/+/822af05a1364d8dc6189dce5380a2703214dd799"> 349 A-37208566</a></td> 350 <td>RCE</td> 351 <td>Critical</td> 352 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> 353 </tr> 354 <tr> 355 <td>CVE-2017-0682</td> 356 <td>A-36588422<a href="#asterisk">*</a></td> 357 <td>RCE</td> 358 <td>High</td> 359 <td>7.0, 7.1.1, 7.1.2</td> 360 </tr> 361 <tr> 362 <td>CVE-2017-0683</td> 363 <td>A-36591008<a href="#asterisk">*</a></td> 364 <td>RCE</td> 365 <td>High</td> 366 <td>7.0, 7.1.1, 7.1.2</td> 367 </tr> 368 <tr> 369 <td>CVE-2017-0684</td> 370 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/c7c9271740c29c02e7926265ed53a44b8113dbfb"> 371 A-35421151</a></td> 372 <td>EoP</td> 373 <td>High</td> 374 <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> 375 </tr> 376 <tr> 377 <td>CVE-2017-0685</td> 378 <td><a href="https://android.googlesource.com/platform/external/libmpeg2/+/680b75dabb90c8c2e22886826554ad1bc99b36f1"> 379 A-34203195</a></td> 380 <td>DoS</td> 381 <td>High</td> 382 <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> 383 </tr> 384 <tr> 385 <td>CVE-2017-0686</td> 386 <td><a href="https://android.googlesource.com/platform/external/libmpeg2/+/b8d7e85c10cc22e1a5d81ec3d8a2e5bdd6102852"> 387 A-34231231</a></td> 388 <td>DoS</td> 389 <td>High</td> 390 <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> 391 </tr> 392 <tr> 393 <td>CVE-2017-0688</td> 394 <td><a href="https://android.googlesource.com/platform/external/libavc/+/62c07468bc26d1f9487c5298bb2a2f3740db13b1"> 395 A-35584425</a></td> 396 <td>DoS</td> 397 <td>High</td> 398 <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> 399 </tr> 400 <tr> 401 <td>CVE-2017-0689</td> 402 <td><a href="https://android.googlesource.com/platform/external/libhevc/+/2210ff5600d3f965352a3074adff8fedddcf347e"> 403 A-36215950</a></td> 404 <td>DoS</td> 405 <td>High</td> 406 <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> 407 </tr> 408 <tr> 409 <td>CVE-2017-0690</td> 410 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/1f418f10f4319fc829360b7efee7fca4b3880867"> 411 A-36592202</a></td> 412 <td>DoS</td> 413 <td>High</td> 414 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> 415 </tr> 416 <tr> 417 <td>CVE-2017-0691</td> 418 <td><a href="https://android.googlesource.com/platform/external/dng_sdk/+/c70264282305351abbec9b967333db4d896583b9"> 419 A-36724453</a></td> 420 <td>DoS</td> 421 <td>High</td> 422 <td>7.0, 7.1.1, 7.1.2</td> 423 </tr> 424 <tr> 425 <td>CVE-2017-0692</td> 426 <td><a href="https://android.googlesource.com/platform/external/sonivox/+/6db482687caf12ea7d2d07d655b17413bc937c73"> 427 A-36725407</a></td> 428 <td>DoS</td> 429 <td>High</td> 430 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> 431 </tr> 432 <tr> 433 <td>CVE-2017-0693</td> 434 <td><a href="https://android.googlesource.com/platform/external/libavc/+/632ff754836d22415136cb3f97fe4622c862ce81"> 435 A-36993291</a></td> 436 <td>DoS</td> 437 <td>High</td> 438 <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> 439 </tr> 440 <tr> 441 <td>CVE-2017-0694</td> 442 <td><a href="https://android.googlesource.com/platform/external/sonivox/+/47750a5f1b19695ac64d6f7aa6e7e0918d3c8977"> 443 A-37093318</a></td> 444 <td>DoS</td> 445 <td>High</td> 446 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> 447 </tr> 448 <tr> 449 <td>CVE-2017-0695</td> 450 <td><a href="https://android.googlesource.com/platform/external/libhevc/+/cc5683451dd9be1491b54f215e9934d49f11cf70"> 451 A-37094889</a></td> 452 <td>DoS</td> 453 <td>High</td> 454 <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> 455 </tr> 456 <tr> 457 <td>CVE-2017-0696</td> 458 <td><a href="https://android.googlesource.com/platform/external/libavc/+/0d0ddb7cd7618ede5301803c526f066b95ce5089"> 459 A-37207120</a></td> 460 <td>DoS</td> 461 <td>High</td> 462 <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> 463 </tr> 464 <tr> 465 <td>CVE-2017-0697</td> 466 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/c5eaf3ae70d5ea3a7d390294002e4cf9859b3578"> 467 A-37239013</a></td> 468 <td>DoS</td> 469 <td>High</td> 470 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> 471 </tr> 472 <tr> 473 <td>CVE-2017-0698</td> 474 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/1618337cac09284fddb5bb14b5e0cfe2946d3431"> 475 A-35467458</a></td> 476 <td>ID</td> 477 <td>Moderate</td> 478 <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> 479 </tr> 480 <tr> 481 <td>CVE-2017-0699</td> 482 <td><a href="https://android.googlesource.com/platform/external/libavc/+/989b2afc3ebb1bbb4c962e2aff1fd9b3149f83f1"> 483 A-36490809</a></td> 484 <td>ID</td> 485 <td>Moderate</td> 486 <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> 487 </tr> 488 </table> 489 <h3 id="system-ui">System UI</h3> 490 <p>The most severe vulnerability in this section could enable a remote attacker 491 using a specially crafted file to execute arbitrary code within the context of a 492 privileged process.</p> 493 494 <table> 495 <col width="17%"> 496 <col width="19%"> 497 <col width="9%"> 498 <col width="14%"> 499 <col width="39%"> 500 <tr> 501 <th>CVE</th> 502 <th>References</th> 503 <th>Type</th> 504 <th>Severity</th> 505 <th>Updated AOSP versions</th> 506 </tr> 507 <tr> 508 <td>CVE-2017-0700</td> 509 <td><a href="https://android.googlesource.com/platform/external/libgdx/+/38889ebd9b9c682bd1b64fd251ecd69b504a6155"> 510 A-35639138</a></td> 511 <td>RCE</td> 512 <td>High</td> 513 <td>7.1.1, 7.1.2</td> 514 </tr> 515 <tr> 516 <td>CVE-2017-0701</td> 517 <td><a href="https://android.googlesource.com/platform/external/libgdx/+/85e94f5b67c1beb9402c4de82bd481a5202470de"> 518 A-36385715</a> 519 [<a href="https://android.googlesource.com/platform/external/libgdx/+/bd4c825d8fc5dd48f5c602e673ae210909b31fd0">2</a>]</td> 520 <td>RCE</td> 521 <td>High</td> 522 <td>7.1.1, 7.1.2</td> 523 </tr> 524 <tr> 525 <td>CVE-2017-0702</td> 526 <td><a href="https://android.googlesource.com/platform/external/libgdx/+/5d46e9a1784c02f347af107a978fe9fbd7af7fb2"> 527 A-36621442</a></td> 528 <td>RCE</td> 529 <td>High</td> 530 <td>7.1.1, 7.1.2</td> 531 </tr> 532 <tr> 533 <td>CVE-2017-0703</td> 534 <td><a href="https://android.googlesource.com/platform/packages/apps/Settings/+/4af8f912aa1ee714638d0f9694d6f856bc8166f3"> 535 A-33123882</a></td> 536 <td>EoP</td> 537 <td>High</td> 538 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> 539 </tr> 540 <tr> 541 <td>CVE-2017-0704</td> 542 <td><a href="https://android.googlesource.com/platform/packages/apps/Settings/+/179f0e9512100b0a403aab8b2b4cf5510bb20bee"> 543 A-33059280</a></td> 544 <td>EoP</td> 545 <td>Moderate</td> 546 <td>7.1.1, 7.1.2</td> 547 </tr> 548 </table> 549 550 <h2 id="2017-07-05-details">2017-07-05 security patch levelVulnerability details</h2> 551 <p>In the sections below, we provide details for each of the security 552 vulnerabilities that apply to the 2017-07-05 patch level. Vulnerabilities are 553 grouped under the component that they affect and include details such as the 554 CVE, associated references, <a href="#common-questions-and-answers">type of 555 vulnerability</a>, <a 556 href="/security/overview/updates-resources.html#severity">severity</a>, 557 component (where applicable), and updated AOSP versions (where applicable). When 558 available, we link the public change that addressed the issue to the bug ID, 559 like the AOSP change list. When multiple changes relate to a single bug, 560 additional references are linked to numbers following the bug ID.</p> 561 562 <h3 id="broadcom-components">Broadcom components</h3> 563 <p>The most severe vulnerability in this section could enable a proximate attacker 564 to execute arbitrary code within the context of the kernel.</p> 565 566 <table> 567 <col width="17%"> 568 <col width="19%"> 569 <col width="9%"> 570 <col width="14%"> 571 <col width="39%"> 572 <tr> 573 <th>CVE</th> 574 <th>References</th> 575 <th>Type</th> 576 <th>Severity</th> 577 <th>Component</th> 578 </tr> 579 <tr> 580 <td>CVE-2017-9417</td> 581 <td>A-38041027<a href="#asterisk">*</a><br> 582 B-RB#123023</td> 583 <td>RCE</td> 584 <td>Critical</td> 585 <td>Wi-Fi driver</td> 586 </tr> 587 <tr> 588 <td>CVE-2017-0705</td> 589 <td>A-34973477<a href="#asterisk">*</a><br> 590 B-RB#119898</td> 591 <td>EoP</td> 592 <td>Moderate</td> 593 <td>Wi-Fi driver</td> 594 </tr> 595 <tr> 596 <td>CVE-2017-0706</td> 597 <td>A-35195787<a href="#asterisk">*</a><br> 598 B-RB#120532</td> 599 <td>EoP</td> 600 <td>Moderate</td> 601 <td>Wi-Fi driver</td> 602 </tr> 603 </table> 604 <h3 id="htc-components">HTC components</h3> 605 <p>The most severe vulnerability in this section could enable a local malicious 606 application to execute arbitrary code within the context of a privileged 607 process.</p> 608 609 <table> 610 <col width="17%"> 611 <col width="19%"> 612 <col width="9%"> 613 <col width="14%"> 614 <col width="39%"> 615 <tr> 616 <th>CVE</th> 617 <th>References</th> 618 <th>Type</th> 619 <th>Severity</th> 620 <th>Component</th> 621 </tr> 622 <tr> 623 <td>CVE-2017-0707</td> 624 <td>A-36088467<a href="#asterisk">*</a></td> 625 <td>EoP</td> 626 <td>Moderate</td> 627 <td>LED driver</td> 628 </tr> 629 <tr> 630 <td>CVE-2017-0708</td> 631 <td>A-35384879<a href="#asterisk">*</a></td> 632 <td>ID</td> 633 <td>Moderate</td> 634 <td>Sound driver</td> 635 </tr> 636 <tr> 637 <td>CVE-2017-0709</td> 638 <td>A-35468048<a href="#asterisk">*</a></td> 639 <td>ID</td> 640 <td>Low</td> 641 <td>Sensor hub driver</td> 642 </tr> 643 </table> 644 <h3 id="kernel-components">Kernel components</h3> 645 <p>The most severe vulnerability in this section could enable a local malicious 646 application to execute arbitrary code within the context of a privileged 647 process.</p> 648 649 <table> 650 <col width="17%"> 651 <col width="19%"> 652 <col width="9%"> 653 <col width="14%"> 654 <col width="39%"> 655 <tr> 656 <th>CVE</th> 657 <th>References</th> 658 <th>Type</th> 659 <th>Severity</th> 660 <th>Component</th> 661 </tr> 662 <tr> 663 <td>CVE-2017-6074</td> 664 <td>A-35784697<br> 665 <a href="//git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4">Upstream 666 kernel</a></td> 667 <td>EoP</td> 668 <td>High</td> 669 <td>Networking subsystem</td> 670 </tr> 671 <tr> 672 <td>CVE-2017-5970</td> 673 <td>A-35805460<br> 674 <a href="//git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=34b2cef20f19c87999fff3da4071e66937db9644">Upstream 675 kernel</a></td> 676 <td>DoS</td> 677 <td>High</td> 678 <td>Networking subsystem</td> 679 </tr> 680 <tr> 681 <td>CVE-2015-5707</td> 682 <td>A-35841297<br> 683 <a href="//git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=451a2886b6bf90e2fb378f7c46c655450fb96e81">Upstream kernel</a> 684 [<a href="//git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fdc81f45e9f57858da6351836507fbcf1b7583ee">2</a>]</td> 685 <td>EoP</td> 686 <td>Moderate</td> 687 <td>SCSI driver</td> 688 </tr> 689 <tr> 690 <td>CVE-2017-0710</td> 691 <td>A-34951864<a href="#asterisk">*</a></td> 692 <td>EoP</td> 693 <td>Moderate</td> 694 <td>TCB</td> 695 </tr> 696 <tr> 697 <td>CVE-2017-7308</td> 698 <td>A-36725304<br> 699 <a href="//git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2b6867c2ce76c596676bec7d2d525af525fdc6e2">Upstream kernel</a> 700 [<a href="//git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8f8d28e4d6d815a391285e121c3a53a0b6cb9e7b">2</a>] 701 [<a href="//git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=bcc5364bdcfe131e6379363f089e7b4108d35b70">3</a>]</td> 702 <td>EoP</td> 703 <td>Moderate</td> 704 <td>Networking driver</td> 705 </tr> 706 <tr> 707 <td>CVE-2014-9731</td> 708 <td>A-35841292<br> 709 <a href="//git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0e5cc9a40ada6046e6bc3bdfcd0c0d7e4b706b14">Upstream 710 kernel</a></td> 711 <td>ID</td> 712 <td>Moderate</td> 713 <td>File system</td> 714 </tr> 715 </table> 716 <h3 id="mediatek-components">MediaTek components</h3> 717 <p>The most severe vulnerability in this section could enable a local malicious 718 application to execute arbitrary code within the context of a privileged 719 process.</p> 720 721 <table> 722 <col width="17%"> 723 <col width="19%"> 724 <col width="9%"> 725 <col width="14%"> 726 <col width="39%"> 727 <tr> 728 <th>CVE</th> 729 <th>References</th> 730 <th>Type</th> 731 <th>Severity</th> 732 <th>Component</th> 733 </tr> 734 <tr> 735 <td> CVE-2017-0711</td> 736 <td>A-36099953<a href="#asterisk">*</a><br> 737 M-ALPS03206781</td> 738 <td>EoP</td> 739 <td>High</td> 740 <td>Networking driver</td> 741 </tr> 742 </table> 743 <h3 id="nvidia-components">NVIDIA components</h3> 744 <p>The most severe vulnerability in this section could enable a local malicious 745 application to execute arbitrary code within the context of a privileged 746 process.</p> 747 748 <table> 749 <col width="17%"> 750 <col width="19%"> 751 <col width="9%"> 752 <col width="14%"> 753 <col width="39%"> 754 <tr> 755 <th>CVE</th> 756 <th>References</th> 757 <th>Type</th> 758 <th>Severity</th> 759 <th>Component</th> 760 </tr> 761 <tr> 762 <td>CVE-2017-0340</td> 763 <td>A-33968204<a href="#asterisk">*</a><br> 764 N-CVE-2017-0340</td> 765 <td>EoP</td> 766 <td>High</td> 767 <td>Libnvparser</td> 768 </tr> 769 <tr> 770 <td>CVE-2017-0326</td> 771 <td>A-33718700<a href="#asterisk">*</a><br> 772 N-CVE-2017-0326</td> 773 <td>ID</td> 774 <td>Moderate</td> 775 <td>Video driver</td> 776 </tr> 777 </table> 778 <h3 id="qualcomm-components">Qualcomm components</h3> 779 <p>The most severe vulnerability in this section could enable a local malicious 780 application to execute arbitrary code within the context of the kernel.</p> 781 782 <table> 783 <col width="17%"> 784 <col width="19%"> 785 <col width="9%"> 786 <col width="14%"> 787 <col width="39%"> 788 <tr> 789 <th>CVE</th> 790 <th>References</th> 791 <th>Type</th> 792 <th>Severity</th> 793 <th>Component</th> 794 </tr> 795 <tr> 796 <td>CVE-2017-8255</td> 797 <td>A-36251983<br> 798 <a href="//source.codeaurora.org/quic/la/abl/tianocore/edk2/commit/?id=cd42366a73b38c8867b66472f07d67a6eccde599">QC-CR#985205</a></td> 799 <td>EoP</td> 800 <td>High</td> 801 <td>Bootloader</td> 802 </tr> 803 <tr> 804 <td>CVE-2016-10389</td> 805 <td>A-34500449<br> 806 <a href="//source.codeaurora.org/quic/la//kernel/lk/commit/?id=031c27b4b8414bc93a14e773503d9bfc0fc890d2">QC-CR#1009145</a></td> 807 <td>EoP</td> 808 <td>High</td> 809 <td>Bootloader</td> 810 </tr> 811 <tr> 812 <td>CVE-2017-8253</td> 813 <td>A-35400552<br> 814 <a href="//www.codeaurora.org/gitweb/quic/la/?p=kernel/msm-4.4.git;a=commit;h=a5f07894058c4198f61e533d727b343c5be879b0">QC-CR#1086764</a></td> 815 <td>EoP</td> 816 <td>High</td> 817 <td>Camera driver</td> 818 </tr> 819 <tr> 820 <td>CVE-2017-8262</td> 821 <td>A-32938443<br> 822 <a href="//source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=9ef4ee8e3dfaf4e796bda781826851deebbd89bd">QC-CR#2029113</a></td> 823 <td>EoP</td> 824 <td>High</td> 825 <td>GPU driver</td> 826 </tr> 827 <tr> 828 <td>CVE-2017-8263</td> 829 <td>A-34126808<a href="#asterisk">*</a><br> 830 QC-CR#1107034</td> 831 <td>EoP</td> 832 <td>High</td> 833 <td>Anonymous shared memory subsystem</td> 834 </tr> 835 <tr> 836 <td>CVE-2017-8267</td> 837 <td>A-34173755<a href="#asterisk">*</a><br> 838 QC-CR#2001129</td> 839 <td>EoP</td> 840 <td>High</td> 841 <td>Anonymous shared memory subsystem</td> 842 </tr> 843 <tr> 844 <td>CVE-2017-8273</td> 845 <td>A-35400056<br> 846 <a href="//source.codeaurora.org/quic/la//kernel/lk/commit/?id=dfe6691ba301c769179cabab12d74d4e952462b9">QC-CR#1094372</a> 847 [<a 848 href="//source.codeaurora.org/quic/la//kernel/lk/commit/?id=30d94c33dec0ffedc875d7853635a9773921320a">2</a>]</td> 849 <td>EoP</td> 850 <td>High</td> 851 <td>Bootloader</td> 852 </tr> 853 <tr> 854 <td>CVE-2016-5863</td> 855 <td>A-36251182<br> 856 <a href="//source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=daf0acd54a6a80de227baef9a06285e4aa5f8c93">QC-CR#1102936</a></td> 857 <td>EoP</td> 858 <td>Moderate</td> 859 <td>USB HID driver</td> 860 </tr> 861 <tr> 862 <td>CVE-2017-8243</td> 863 <td>A-34112490<a href="#asterisk">*</a><br> 864 QC-CR#2001803</td> 865 <td>EoP</td> 866 <td>Moderate</td> 867 <td>SoC driver</td> 868 </tr> 869 <tr> 870 <td>CVE-2017-8246</td> 871 <td>A-37275839<br> 872 <a href="//source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=30baaec8afb05abf9f794c631ad944838d498ab8">QC-CR#2008031</a></td> 873 <td>EoP</td> 874 <td>Moderate</td> 875 <td>Sound driver</td> 876 </tr> 877 <tr> 878 <td>CVE-2017-8256</td> 879 <td>A-37286701<br> 880 <a href="//source.codeaurora.org/quic/la//platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=75e1e00d6b3cd4cb89fd5314a60c333aa0b03230">QC-CR#1104565</a></td> 881 <td>EoP</td> 882 <td>Moderate</td> 883 <td>Wi-Fi driver</td> 884 </tr> 885 <tr> 886 <td>CVE-2017-8257</td> 887 <td>A-37282763<br> 888 <a href="//source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=0f19fbd00c6679bbc524f7a6d0fc3d54cfd1c9ae">QC-CR#2003129</a></td> 889 <td>EoP</td> 890 <td>Moderate</td> 891 <td>Video driver</td> 892 </tr> 893 <tr> 894 <td>CVE-2017-8259</td> 895 <td>A-34359487<br> 896 <a href="//source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=68020103af00280393da10039b968c95d68e526c">QC-CR#2009016</a></td> 897 <td>EoP</td> 898 <td>Moderate</td> 899 <td>SoC driver</td> 900 </tr> 901 <tr> 902 <td>CVE-2017-8260</td> 903 <td>A-34624155<br> 904 <a href="//source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=8f236391e5187c05f7f4b937856944be0af7aaa5">QC-CR#2008469</a></td> 905 <td>EoP</td> 906 <td>Moderate</td> 907 <td>Camera driver</td> 908 </tr> 909 <tr> 910 <td>CVE-2017-8261</td> 911 <td>A-35139833<a href="#asterisk">*</a><br> 912 QC-CR#2013631</td> 913 <td>EoP</td> 914 <td>Moderate</td> 915 <td>Camera driver</td> 916 </tr> 917 <tr> 918 <td>CVE-2017-8264</td> 919 <td>A-33299365<a href="#asterisk">*</a><br> 920 QC-CR#1107702</td> 921 <td>EoP</td> 922 <td>Moderate</td> 923 <td>Camera driver</td> 924 </tr> 925 <tr> 926 <td>CVE-2017-8265</td> 927 <td>A-32341313<br> 928 <a href="//source.codeaurora.org/quic/la//kernel/msm-3.10/commit/?id=193813a21453ccc7fb6b04bedf881a6feaaa015f">QC-CR#1109755</a></td> 929 <td>EoP</td> 930 <td>Moderate</td> 931 <td>Video driver</td> 932 </tr> 933 <tr> 934 <td>CVE-2017-8266</td> 935 <td>A-33863407<br> 936 <a href="//source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=42627c94cf8c189332a6f5bfdd465ea662777911">QC-CR#1110924</a></td> 937 <td>EoP</td> 938 <td>Moderate</td> 939 <td>Video driver</td> 940 </tr> 941 <tr> 942 <td>CVE-2017-8268</td> 943 <td>A-34620535<a href="#asterisk">*</a><br> 944 QC-CR#2002207</td> 945 <td>EoP</td> 946 <td>Moderate</td> 947 <td>Camera driver</td> 948 </tr> 949 <tr> 950 <td>CVE-2017-8270</td> 951 <td>A-35468665<a href="#asterisk">*</a><br> 952 QC-CR#2021363</td> 953 <td>EoP</td> 954 <td>Moderate</td> 955 <td>Wi-Fi driver</td> 956 </tr> 957 <tr> 958 <td>CVE-2017-8271</td> 959 <td>A-35950388<a href="#asterisk">*</a><br> 960 QC-CR#2028681</td> 961 <td>EoP</td> 962 <td>Moderate</td> 963 <td>Video driver</td> 964 </tr> 965 <tr> 966 <td>CVE-2017-8272</td> 967 <td>A-35950805<a href="#asterisk">*</a><br> 968 QC-CR#2028702</td> 969 <td>EoP</td> 970 <td>Moderate</td> 971 <td>Video driver</td> 972 </tr> 973 <tr> 974 <td>CVE-2017-8254</td> 975 <td>A-36252027<br> 976 <a href="//source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=70afce1d9be745005c48fd565c01ce452a565e7e">QC-CR#832914</a></td> 977 <td>ID</td> 978 <td>Moderate</td> 979 <td>Sound driver</td> 980 </tr> 981 <tr> 982 <td>CVE-2017-8258</td> 983 <td>A-37279737<br> 984 <a href="//source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=31e2a2f0f2f3615cefd4400c707709bbc3e26170">QC-CR#2005647</a></td> 985 <td>ID</td> 986 <td>Moderate</td> 987 <td>Camera driver</td> 988 </tr> 989 <tr> 990 <td>CVE-2017-8269</td> 991 <td>A-33967002<a href="#asterisk">*</a><br> 992 QC-CR#2013145</td> 993 <td>ID</td> 994 <td>Moderate</td> 995 <td>IPA Driver</td> 996 </tr> 997 </table> 998 <h3 id="qualcomm-closed-source-components">Qualcomm closed-source 999 components</h3> 1000 <p>These vulnerabilities affect Qualcomm components and are described in further 1001 detail in Qualcomm AMSS security bulletins in 2014-2016. They are included in 1002 this Android security bulletin in order to associate their fixes with an Android 1003 security patch level. Fixes for these vulnerabilities are available directly 1004 from Qualcomm.</p> 1005 1006 <table> 1007 <col width="17%"> 1008 <col width="19%"> 1009 <col width="9%"> 1010 <col width="14%"> 1011 <col width="39%"> 1012 <tr> 1013 <th>CVE</th> 1014 <th>References</th> 1015 <th>Type</th> 1016 <th>Severity</th> 1017 <th>Component</th> 1018 </tr> 1019 <tr> 1020 <td>CVE-2014-9411</td> 1021 <td>A-37473054<a href="#asterisk">*</a><br> 1022 QC-CR#532956</td> 1023 <td>N/A</td> 1024 <td>High</td> 1025 <td>Secure systems group</td> 1026 </tr> 1027 <tr> 1028 <td>CVE-2014-9968</td> 1029 <td>A-37304413<a href="#asterisk">*</a><br> 1030 QC-CR#642084</td> 1031 <td>N/A</td> 1032 <td>High</td> 1033 <td>Modem</td> 1034 </tr> 1035 <tr> 1036 <td>CVE-2014-9973</td> 1037 <td>A-37470982<a href="#asterisk">*</a><br> 1038 QC-CR#646919</td> 1039 <td>N/A</td> 1040 <td>High</td> 1041 <td>Secure systems group</td> 1042 </tr> 1043 <tr> 1044 <td>CVE-2014-9974</td> 1045 <td>A-37471979<a href="#asterisk">*</a><br> 1046 QC-CR#654072</td> 1047 <td>N/A</td> 1048 <td>High</td> 1049 <td>Secure systems group</td> 1050 </tr> 1051 <tr> 1052 <td>CVE-2014-9975</td> 1053 <td>A-37471230<a href="#asterisk">*</a><br> 1054 QC-CR#700125</td> 1055 <td>N/A</td> 1056 <td>High</td> 1057 <td>Secure systems group</td> 1058 </tr> 1059 <tr> 1060 <td>CVE-2014-9977</td> 1061 <td>A-37471087<a href="#asterisk">*</a><br> 1062 QC-CR#703002</td> 1063 <td>N/A</td> 1064 <td>High</td> 1065 <td>Secure systems group</td> 1066 </tr> 1067 <tr> 1068 <td>CVE-2014-9978</td> 1069 <td>A-37468982<a href="#asterisk">*</a><br> 1070 QC-CR#709939</td> 1071 <td>N/A</td> 1072 <td>High</td> 1073 <td>Secure systems group</td> 1074 </tr> 1075 <tr> 1076 <td>CVE-2014-9979</td> 1077 <td>A-37471088<a href="#asterisk">*</a><br> 1078 QC-CR#717304</td> 1079 <td>N/A</td> 1080 <td>High</td> 1081 <td>Secure systems group</td> 1082 </tr> 1083 <tr> 1084 <td>CVE-2014-9980</td> 1085 <td>A-37471029<a href="#asterisk">*</a><br> 1086 QC-CR#709766</td> 1087 <td>N/A</td> 1088 <td>High</td> 1089 <td>Secure systems group</td> 1090 </tr> 1091 <tr> 1092 <td>CVE-2015-0575</td> 1093 <td>A-37296999<a href="#asterisk">*</a><br> 1094 QC-CR#715815</td> 1095 <td>N/A</td> 1096 <td>High</td> 1097 <td>Modem</td> 1098 </tr> 1099 <tr> 1100 <td>CVE-2015-8592</td> 1101 <td>A-37470090<a href="#asterisk">*</a><br> 1102 QC-CR#775396</td> 1103 <td>N/A</td> 1104 <td>High</td> 1105 <td>Core</td> 1106 </tr> 1107 <tr> 1108 <td>CVE-2015-8595</td> 1109 <td>A-37472411<a href="#asterisk">*</a><br> 1110 QC-CR#790151</td> 1111 <td>N/A</td> 1112 <td>High</td> 1113 <td>Secure systems group</td> 1114 </tr> 1115 <tr> 1116 <td>CVE-2015-8596</td> 1117 <td>A-37472806<a href="#asterisk">*</a><br> 1118 QC-CR#802005</td> 1119 <td>N/A</td> 1120 <td>High</td> 1121 <td>Secure systems group</td> 1122 </tr> 1123 <tr> 1124 <td>CVE-2015-9034</td> 1125 <td>A-37305706<a href="#asterisk">*</a><br> 1126 QC-CR#614512</td> 1127 <td>N/A</td> 1128 <td>High</td> 1129 <td>Modem</td> 1130 </tr> 1131 <tr> 1132 <td>CVE-2015-9035</td> 1133 <td>A-37303626<a href="#asterisk">*</a><br> 1134 QC-CR#750231</td> 1135 <td>N/A</td> 1136 <td>High</td> 1137 <td>Modem</td> 1138 </tr> 1139 <tr> 1140 <td>CVE-2015-9036</td> 1141 <td>A-37303519<a href="#asterisk">*</a><br> 1142 QC-CR#751831</td> 1143 <td>N/A</td> 1144 <td>High</td> 1145 <td>Modem</td> 1146 </tr> 1147 <tr> 1148 <td>CVE-2015-9037</td> 1149 <td>A-37304366<a href="#asterisk">*</a><br> 1150 QC-CR#753315</td> 1151 <td>N/A</td> 1152 <td>High</td> 1153 <td>Modem</td> 1154 </tr> 1155 <tr> 1156 <td>CVE-2015-9038</td> 1157 <td>A-37303027<a href="#asterisk">*</a><br> 1158 QC-CR#758328</td> 1159 <td>N/A</td> 1160 <td>High</td> 1161 <td>Modem</td> 1162 </tr> 1163 <tr> 1164 <td>CVE-2015-9039</td> 1165 <td>A-37302628<a href="#asterisk">*</a><br> 1166 QC-CR#760282</td> 1167 <td>N/A</td> 1168 <td>High</td> 1169 <td>Modem</td> 1170 </tr> 1171 <tr> 1172 <td>CVE-2015-9040</td> 1173 <td>A-37303625<a href="#asterisk">*</a><br> 1174 QC-CR#761216</td> 1175 <td>N/A</td> 1176 <td>High</td> 1177 <td>Modem</td> 1178 </tr> 1179 <tr> 1180 <td>CVE-2015-9041</td> 1181 <td>A-37303518<a href="#asterisk">*</a><br> 1182 QC-CR#762126</td> 1183 <td>N/A</td> 1184 <td>High</td> 1185 <td>Modem</td> 1186 </tr> 1187 <tr> 1188 <td>CVE-2015-9042</td> 1189 <td>A-37301248<a href="#asterisk">*</a><br> 1190 QC-CR#762214</td> 1191 <td>N/A</td> 1192 <td>High</td> 1193 <td>Modem</td> 1194 </tr> 1195 <tr> 1196 <td>CVE-2015-9043</td> 1197 <td>A-37305954<a href="#asterisk">*</a><br> 1198 QC-CR#762954</td> 1199 <td>N/A</td> 1200 <td>High</td> 1201 <td>Modem</td> 1202 </tr> 1203 <tr> 1204 <td>CVE-2015-9044</td> 1205 <td>A-37303520<a href="#asterisk">*</a><br> 1206 QC-CR#764858</td> 1207 <td>N/A</td> 1208 <td>High</td> 1209 <td>Modem</td> 1210 </tr> 1211 <tr> 1212 <td>CVE-2015-9045</td> 1213 <td>A-37302136<a href="#asterisk">*</a><br> 1214 QC-CR#766189</td> 1215 <td>N/A</td> 1216 <td>High</td> 1217 <td>Modem</td> 1218 </tr> 1219 <tr> 1220 <td>CVE-2015-9046</td> 1221 <td>A-37301486<a href="#asterisk">*</a><br> 1222 QC-CR#767335</td> 1223 <td>N/A</td> 1224 <td>High</td> 1225 <td>Modem</td> 1226 </tr> 1227 <tr> 1228 <td>CVE-2015-9047</td> 1229 <td>A-37304367<a href="#asterisk">*</a><br> 1230 QC-CR#779285</td> 1231 <td>N/A</td> 1232 <td>High</td> 1233 <td>Modem</td> 1234 </tr> 1235 <tr> 1236 <td>CVE-2015-9048</td> 1237 <td>A-37305707<a href="#asterisk">*</a><br> 1238 QC-CR#795960</td> 1239 <td>N/A</td> 1240 <td>High</td> 1241 <td>Modem</td> 1242 </tr> 1243 <tr> 1244 <td>CVE-2015-9049</td> 1245 <td>A-37301488<a href="#asterisk">*</a><br> 1246 QC-CR#421589, QC-CR#817165</td> 1247 <td>N/A</td> 1248 <td>High</td> 1249 <td>Modem</td> 1250 </tr> 1251 <tr> 1252 <td>CVE-2015-9050</td> 1253 <td>A-37302137<a href="#asterisk">*</a><br> 1254 QC-CR#830102</td> 1255 <td>N/A</td> 1256 <td>High</td> 1257 <td>Modem</td> 1258 </tr> 1259 <tr> 1260 <td>CVE-2015-9051</td> 1261 <td>A-37300737<a href="#asterisk">*</a><br> 1262 QC-CR#837317</td> 1263 <td>N/A</td> 1264 <td>High</td> 1265 <td>Modem</td> 1266 </tr> 1267 <tr> 1268 <td>CVE-2015-9052</td> 1269 <td>A-37304217<a href="#asterisk">*</a><br> 1270 QC-CR#840483</td> 1271 <td>N/A</td> 1272 <td>High</td> 1273 <td>Modem</td> 1274 </tr> 1275 <tr> 1276 <td>CVE-2015-9053</td> 1277 <td>A-37301249<a href="#asterisk">*</a><br> 1278 QC-CR#843808</td> 1279 <td>N/A</td> 1280 <td>High</td> 1281 <td>Modem</td> 1282 </tr> 1283 <tr> 1284 <td>CVE-2015-9054</td> 1285 <td>A-37303177<a href="#asterisk">*</a><br> 1286 QC-CR#856077</td> 1287 <td>N/A</td> 1288 <td>High</td> 1289 <td>Modem</td> 1290 </tr> 1291 <tr> 1292 <td>CVE-2015-9055</td> 1293 <td>A-37472412<a href="#asterisk">*</a><br> 1294 QC-CR#806464</td> 1295 <td>N/A</td> 1296 <td>High</td> 1297 <td>Core</td> 1298 </tr> 1299 <tr> 1300 <td>CVE-2015-9060</td> 1301 <td>A-37472807<a href="#asterisk">*</a><br> 1302 QC-CR#817343</td> 1303 <td>N/A</td> 1304 <td>High</td> 1305 <td>Secure systems group</td> 1306 </tr> 1307 <tr> 1308 <td>CVE-2015-9061</td> 1309 <td>A-37470436<a href="#asterisk">*</a><br> 1310 QC-CR#824195</td> 1311 <td>N/A</td> 1312 <td>High</td> 1313 <td>Secure systems group</td> 1314 </tr> 1315 <tr> 1316 <td>CVE-2015-9062</td> 1317 <td>A-37472808<a href="#asterisk">*</a><br> 1318 QC-CR#802039</td> 1319 <td>N/A</td> 1320 <td>High</td> 1321 <td>Secure systems group</td> 1322 </tr> 1323 <tr> 1324 <td>CVE-2015-9067</td> 1325 <td>A-37474000<a href="#asterisk">*</a><br> 1326 QC-CR#848926</td> 1327 <td>N/A</td> 1328 <td>High</td> 1329 <td>Secure systems group</td> 1330 </tr> 1331 <tr> 1332 <td>CVE-2015-9068</td> 1333 <td>A-37470144<a href="#asterisk">*</a><br> 1334 QC-CR#851114</td> 1335 <td>N/A</td> 1336 <td>High</td> 1337 <td>Secure systems group</td> 1338 </tr> 1339 <tr> 1340 <td>CVE-2015-9069</td> 1341 <td>A-37470777<a href="#asterisk">*</a><br> 1342 QC-CR#854496</td> 1343 <td>N/A</td> 1344 <td>High</td> 1345 <td>Secure systems group</td> 1346 </tr> 1347 <tr> 1348 <td>CVE-2015-9070</td> 1349 <td>A-37474001<a href="#asterisk">*</a><br> 1350 QC-CR#877102</td> 1351 <td>N/A</td> 1352 <td>High</td> 1353 <td>Secure systems group</td> 1354 </tr> 1355 <tr> 1356 <td>CVE-2015-9071</td> 1357 <td>A-37471819<a href="#asterisk">*</a><br> 1358 QC-CR#877276</td> 1359 <td>N/A</td> 1360 <td>High</td> 1361 <td>Secure systems group</td> 1362 </tr> 1363 <tr> 1364 <td>CVE-2015-9072</td> 1365 <td>A-37474002<a href="#asterisk">*</a><br> 1366 QC-CR#877361</td> 1367 <td>N/A</td> 1368 <td>High</td> 1369 <td>Secure systems group</td> 1370 </tr> 1371 <tr> 1372 <td>CVE-2015-9073</td> 1373 <td>A-37473407<a href="#asterisk">*</a><br> 1374 QC-CR#878073</td> 1375 <td>N/A</td> 1376 <td>High</td> 1377 <td>Secure systems group</td> 1378 </tr> 1379 <tr> 1380 <td>CVE-2016-10343</td> 1381 <td>A-32580186<a href="#asterisk">*</a><br> 1382 QC-CR#972213</td> 1383 <td>N/A</td> 1384 <td>High</td> 1385 <td>Modem</td> 1386 </tr> 1387 <tr> 1388 <td>CVE-2016-10344</td> 1389 <td>A-32583954<a href="#asterisk">*</a><br> 1390 QC-CR#1022360</td> 1391 <td>N/A</td> 1392 <td>High</td> 1393 <td>Modem</td> 1394 </tr> 1395 <tr> 1396 <td>CVE-2016-10346</td> 1397 <td>A-37473408<a href="#asterisk">*</a><br> 1398 QC-CR#896584</td> 1399 <td>N/A</td> 1400 <td>High</td> 1401 <td>Core</td> 1402 </tr> 1403 <tr> 1404 <td>CVE-2016-10347</td> 1405 <td>A-37471089<a href="#asterisk">*</a><br> 1406 QC-CR#899671</td> 1407 <td>N/A</td> 1408 <td>High</td> 1409 <td>Core</td> 1410 </tr> 1411 <tr> 1412 <td>CVE-2016-10382</td> 1413 <td>A-28823584<a href="#asterisk">*</a><br> 1414 QC-CR#944014</td> 1415 <td>N/A</td> 1416 <td>High</td> 1417 <td>Secure systems group</td> 1418 </tr> 1419 <tr> 1420 <td>CVE-2016-10383</td> 1421 <td>A-28822389<a href="#asterisk">*</a><br> 1422 QC-CR#960624</td> 1423 <td>N/A</td> 1424 <td>High</td> 1425 <td>Secure systems group</td> 1426 </tr> 1427 <tr> 1428 <td>CVE-2016-10388</td> 1429 <td>A-32580294<a href="#asterisk">*</a><br> 1430 QC-CR#992749</td> 1431 <td>N/A</td> 1432 <td>High</td> 1433 <td>Secure systems group</td> 1434 </tr> 1435 <tr> 1436 <td>CVE-2016-10391</td> 1437 <td>A-32583804<a href="#asterisk">*</a><br> 1438 QC-CR#970283</td> 1439 <td>N/A</td> 1440 <td>High</td> 1441 <td>WConnect</td> 1442 </tr> 1443 <tr> 1444 <td>CVE-2016-5871</td> 1445 <td>A-37473055<a href="#asterisk">*</a><br> 1446 QC-CR#883013</td> 1447 <td>N/A</td> 1448 <td>High</td> 1449 <td>Secure systems group</td> 1450 </tr> 1451 <tr> 1452 <td>CVE-2016-5872</td> 1453 <td>A-37472809<a href="#asterisk">*</a><br> 1454 QC-CR#886220</td> 1455 <td>N/A</td> 1456 <td>High</td> 1457 <td>Secure systems group</td> 1458 </tr> 1459 </table> 1460 <h2 id="google-device-updates">Google device updates</h2> 1461 <p>This table contains the security patch level in the latest over-the-air update 1462 (OTA) and firmware images for Google devices. The Google device firmware images 1463 are available on the <a 1464 href="//developers.google.com/android/nexus/images">Google Developer 1465 site</a>.</p> 1466 1467 <table> 1468 <col width="25%"> 1469 <col width="75%"> 1470 <tr> 1471 <th>Google device</th> 1472 <th>Security patch level</th> 1473 </tr> 1474 <tr> 1475 <td>Pixel / Pixel XL</td> 1476 <td>July 05, 2017</td> 1477 </tr> 1478 <tr> 1479 <td>Nexus 5X</td> 1480 <td>July 05, 2017</td> 1481 </tr> 1482 <tr> 1483 <td>Nexus 6</td> 1484 <td>July 05, 2017</td> 1485 </tr> 1486 <tr> 1487 <td>Nexus 6P</td> 1488 <td>July 05, 2017</td> 1489 </tr> 1490 <tr> 1491 <td>Nexus 9</td> 1492 <td>July 05, 2017</td> 1493 </tr> 1494 <tr> 1495 <td>Nexus Player</td> 1496 <td>July 05, 2017</td> 1497 </tr> 1498 <tr> 1499 <td>Pixel C</td> 1500 <td>July 05, 2017</td> 1501 </tr> 1502 </table> 1503 <h2 id="acknowledgements">Acknowledgements</h2> 1504 <p>We would like to thank these researchers for their contributions:</p> 1505 1506 <table> 1507 <col width="17%"> 1508 <col width="83%"> 1509 <tr> 1510 <th>CVEs</th> 1511 <th>Researchers</th> 1512 </tr> 1513 <tr> 1514 <td>CVE-2017-0711</td> 1515 <td>Chengming Yang, Baozeng Ding, and Yang Song of Alibaba Mobile Security 1516 Group</td> 1517 </tr> 1518 <tr> 1519 <td>CVE-2017-0706</td> 1520 <td>Daxing Guo (<a href="//twitter.com/freener0">@freener0</a>) of 1521 Xuanwu Lab, Tencent</td> 1522 </tr> 1523 <tr> 1524 <td>CVE-2017-8260</td> 1525 <td>Derrek (<a href="//twitter.com/derrekr6">@derrekr6</a>) and Scott 1526 Bauer</td> 1527 </tr> 1528 <tr> 1529 <td>CVE-2017-8265</td> 1530 <td>Di Shen (<a href="//twitter.com/returnsme?lang=en">@returnsme</a>) 1531 of KeenLab (<a href="//twitter.com/keen_lab?lang=en">@keen_lab</a>), 1532 Tencent</td> 1533 </tr> 1534 <tr> 1535 <td>CVE-2017-0703</td> 1536 <td><a href="//fb.me/dzimka">Dzmitry Lukyanenka</a></td> 1537 </tr> 1538 <tr> 1539 <td>CVE-2017-0692, CVE-2017-0694</td> 1540 <td>Elphet and Gong Guang of Alpha Team, Qihoo 360 Technology Co. Ltd.</td> 1541 </tr> 1542 <tr> 1543 <td>CVE-2017-8266, CVE-2017-8243, CVE-2017-8270</td> 1544 <td>Gengjia Chen (<a 1545 href="//twitter.com/chengjia4574">@chengjia4574</a>) and <a 1546 href="//weibo.com/jfpan">pjf</a> of IceSword Lab, Qihoo 360 Technology Co. 1547 Ltd.</td> 1548 </tr> 1549 <tr> 1550 <td>CVE-2017-0665, CVE-2017-0681</td> 1551 <td><a href="mailto:arnow117 (a] gmail.com">Hanxiang Wen</a>, Mingjian Zhou (<a 1552 href="//twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>), and Xuxian Jiang 1553 of <a href="//c0reteam.org">C0RE Team</a></td> 1554 </tr> 1555 <tr> 1556 <td>CVE-2017-8268, CVE-2017-8261</td> 1557 <td>Jianqiang Zhao (<a 1558 href="//twitter.com/jianqiangzhao">@jianqiangzhao</a>) and <a 1559 href="//weibo.com/jfpan">pjf</a> of IceSword Lab, Qihoo 360</td> 1560 </tr> 1561 <tr> 1562 <td>CVE-2017-0698</td> 1563 <td>Joey Brand of Census Consulting Inc.</td> 1564 </tr> 1565 <tr> 1566 <td>CVE-2017-0666, CVE-2017-0684</td> 1567 <td>Mingjian Zhou (<a 1568 href="//twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>), <a 1569 href="mailto:zc1991 (a] mail.ustc.edu.cn">Chi Zhang</a>, and Xuxian Jiang of <a 1570 href="//c0reteam.org">C0RE Team</a></td> 1571 </tr> 1572 <tr> 1573 <td>CVE-2017-0697, CVE-2017-0670</td> 1574 <td><a href="mailto:jiych.guru (a] gmail.com">Niky1235</a> (<a 1575 href="//twitter.com/jiych_guru">@jiych_guru</a>)</td> 1576 </tr> 1577 <tr> 1578 <td>CVE-2017-9417</td> 1579 <td>Nitay Artenstein of Exodus Intelligence</td> 1580 </tr> 1581 <tr> 1582 <td>CVE-2017-0705, CVE-2017-8259</td> 1583 <td><a href="//twitter.com/ScottyBauer1">Scott Bauer</a></td> 1584 </tr> 1585 <tr> 1586 <td>CVE-2017-0667</td> 1587 <td>Timothy Becker of CSS Inc.</td> 1588 </tr> 1589 <tr> 1590 <td>CVE-2017-0682, CVE-2017-0683, CVE-2017-0676, 1591 CVE-2017-0696, CVE-2017-0675, CVE-2017-0701, CVE-2017-0702, CVE-2017-0699</td> 1592 <td>Vasily Vasiliev</td> 1593 </tr> 1594 <tr> 1595 <td>CVE-2017-0695, CVE-2017-0689, CVE-2017-0540, CVE-2017-0680, 1596 CVE-2017-0679, CVE-2017-0685, CVE-2017-0686, CVE-2017-0693, CVE-2017-0674, 1597 CVE-2017-0677</td> 1598 <td>V.E.O (<a href="//twitter.com/vysea">@VYSEa</a>) of <a 1599 href="//blog.trendmicro.com/trendlabs-security-intelligence/category/mobile/">Mobile 1600 Threat Response Team</a>, <a href="//www.trendmicro.com">Trend Micro</a></td> 1601 </tr> 1602 <tr> 1603 <td>CVE-2017-0708</td> 1604 <td>Xiling Gong of Tencent Security Platform Department</td> 1605 </tr> 1606 <tr> 1607 <td>CVE-2017-0690</td> 1608 <td>Yangkang (<a href="//twitter.com/dnpushme">@dnpushme</a>) and 1609 Liyadong of Qihoo 360 Qex Team</td> 1610 </tr> 1611 <tr> 1612 <td>CVE-2017-8269, CVE-2017-8271, CVE-2017-8272, CVE-2017-8267</td> 1613 <td>Yonggang Guo (<a href="//twitter.com/guoygang">@guoygang</a>) of 1614 IceSword Lab, Qihoo 360 Technology Co. Ltd.</td> 1615 </tr> 1616 <tr> 1617 <td>CVE-2017-8264, CVE-2017-0326, CVE-2017-0709</td> 1618 <td>Yuan-Tsung Lo (<a 1619 href="mailto:computernik (a] gmail.com">computernik (a] gmail.com</a>) and Xuxian Jiang 1620 of <a href="//c0reteam.org">C0RE Team</a></td> 1621 </tr> 1622 <tr> 1623 <td>CVE-2017-0704, CVE-2017-0669</td> 1624 <td>Yuxiang Li (<a href="//twitter.com/xbalien29">@Xbalien29</a>) of 1625 Tencent Security Platform Department</td> 1626 </tr> 1627 <tr> 1628 <td>CVE-2017-0678</td> 1629 <td><a href="//weibo.com/ele7enxxh">Zinuo Han</a> of Chengdu Security 1630 Response Center, Qihoo 360 Technology Co. Ltd.</td> 1631 </tr> 1632 <tr> 1633 <td>CVE-2017-0691, CVE-2017-0700</td> 1634 <td><a href="//weibo.com/ele7enxxh">Zinuo Han</a> of Chengdu Security 1635 Response Center, Qihoo 360 Technology Co. Ltd. and Ao Wang (<a 1636 href="//twitter.com/ArayzSegment">@ArayzSegment</a>) of <a 1637 href="//www.pwnzen.com/">Pangu Team</a></td> 1638 </tr> 1639 </table> 1640 <h2 id="common-questions-and-answers">Common questions and answers</h2> 1641 <p>This section answers common questions that may occur after reading this 1642 bulletin.</p> 1643 1644 <p><strong>1. How do I determine if my device is updated to address these issues? 1645 </strong></p> 1646 1647 <p>To learn how to check a device's security patch level, read the instructions on 1648 the <a href="//support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">Pixel 1649 and Nexus update schedule</a>.</p> 1650 <ul> 1651 <li>Security patch levels of 2017-07-01 or later address all issues associated 1652 with the 2017-07-01 security patch level.</li> 1653 <li>Security patch levels of 2017-07-05 or later address all issues associated 1654 with the 2017-07-05 security patch level and all previous patch levels.</li> 1655 </ul> 1656 <p>Device manufacturers that include these updates should set the patch string 1657 level to:</p> 1658 <ul> 1659 <li>[ro.build.version.security_patch]:[2017-07-01]</li> 1660 <li>[ro.build.version.security_patch]:[2017-07-05]</li> 1661 </ul> 1662 <p><strong>2. Why does this bulletin have two security patch levels?</strong></p> 1663 1664 <p>This bulletin has two security patch levels so that Android partners have the 1665 flexibility to fix a subset of vulnerabilities that are similar across all 1666 Android devices more quickly. Android partners are encouraged to fix all issues 1667 in this bulletin and use the latest security patch level.</p> 1668 <ul> 1669 <li>Devices that use the July 01, 2017 security patch level must include all 1670 issues associated with that security patch level, as well as fixes for all 1671 issues reported in previous security bulletins.</li> 1672 <li>Devices that use the security patch level of July 05, 2017 or newer must 1673 include all applicable patches in this (and previous) security 1674 bulletins.</li> 1675 </ul> 1676 <p>Partners are encouraged to bundle the fixes for all issues they are addressing 1677 in a single update.</p> 1678 1679 <p><strong>3. What do the entries in the <em>Type</em> column mean?</strong></p> 1680 1681 <p>Entries in the <em>Type</em> column of the vulnerability details table reference 1682 the classification of the security vulnerability.</p> 1683 1684 <table> 1685 <col width="25%"> 1686 <col width="75%"> 1687 <tr> 1688 <th>Abbreviation</th> 1689 <th>Definition</th> 1690 </tr> 1691 <tr> 1692 <td>RCE</td> 1693 <td>Remote code execution</td> 1694 </tr> 1695 <tr> 1696 <td>EoP</td> 1697 <td>Elevation of privilege</td> 1698 </tr> 1699 <tr> 1700 <td>ID</td> 1701 <td>Information disclosure</td> 1702 </tr> 1703 <tr> 1704 <td>DoS</td> 1705 <td>Denial of service</td> 1706 </tr> 1707 <tr> 1708 <td>N/A</td> 1709 <td>Classification not available</td> 1710 </tr> 1711 </table> 1712 1713 <p><strong>4. What do the entries in the <em>References</em> column mean?</strong></p> 1714 1715 <p>Entries under the <em>References</em> column of the vulnerability details table 1716 may contain a prefix identifying the organization to which the reference value 1717 belongs.</p> 1718 1719 <table> 1720 <col width="25%"> 1721 <col width="75%"> 1722 <tr> 1723 <th>Prefix</th> 1724 <th>Reference</th> 1725 </tr> 1726 <tr> 1727 <td>A-</td> 1728 <td>Android bug ID</td> 1729 </tr> 1730 <tr> 1731 <td>QC-</td> 1732 <td>Qualcomm reference number</td> 1733 </tr> 1734 <tr> 1735 <td>M-</td> 1736 <td>MediaTek reference number</td> 1737 </tr> 1738 <tr> 1739 <td>N-</td> 1740 <td>NVIDIA reference number</td> 1741 </tr> 1742 <tr> 1743 <td>B-</td> 1744 <td>Broadcom reference number</td> 1745 </tr> 1746 </table> 1747 1748 <p id="asterisk"><strong>5. What does a * next to the Android bug ID in the <em>References</em> 1749 column mean?</strong></p> 1750 1751 <p>Issues that are not publicly available have a * next to the Android bug ID in 1752 the <em>References</em> column. The update for that issue is generally contained 1753 in the latest binary drivers for Nexus devices available from the <a 1754 href="//developers.google.com/android/nexus/drivers">Google Developer 1755 site</a>.</p> 1756 1757 <h2 id="versions">Versions</h2> 1758 <table> 1759 <col width="25%"> 1760 <col width="25%"> 1761 <col width="50%"> 1762 <tr> 1763 <th>Version</th> 1764 <th>Date</th> 1765 <th>Notes</th> 1766 </tr> 1767 <tr> 1768 <td>1.0</td> 1769 <td>July 5, 2017</td> 1770 <td>Bulletin published.</td> 1771 </tr> 1772 <tr> 1773 <td>1.1</td> 1774 <td>July 6, 2017</td> 1775 <td>Bulletin revised to include AOSP links.</td> 1776 </tr> 1777 <tr> 1778 <td>1.2</td> 1779 <td>July 11, 2017</td> 1780 <td>Bulletin revised to update acknowledgements.</td> 1781 </tr> 1782 </table> 1783 </table> 1784 </body> 1785 </html> 1786
