1 <html devsite> 2 <head> 3 <title>Android - 2017 2 </title> 4 <meta name="project_path" value="/_project.yaml" /> 5 <meta name="book_path" value="/_book.yaml" /> 6 </head> 7 <body> 8 <!-- 9 Copyright 2017 The Android Open Source Project 10 11 Licensed under the Apache License, Version 2.0 (the "License"); 12 you may not use this file except in compliance with the License. 13 You may obtain a copy of the License at 14 15 http://www.apache.org/licenses/LICENSE-2.0 16 17 Unless required by applicable law or agreed to in writing, software 18 distributed under the License is distributed on an "AS IS" BASIS, 19 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 20 See the License for the specific language governing permissions and 21 limitations under the License. 22 --> 23 24 25 <p><em>2017 2 6 | 2017 2 8 </em></p> 26 <p> 27 Android Android Google OTAGoogle <a href="https://developers.google.com/android/nexus/images">Google </a>2017 2 5 <a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">Pixel Nexus </a> 28 </p> 29 <p> 30 2017 1 3 Android AOSP AOSP 31 </p> 32 <p> 33 MMS 34 </p> 35 <p> 36 <a href="/security/enhancements/index.html">Android </a> <a href="https://developer.android.com/training/safetynet/index.html">SafetyNet</a> <a href="#mitigations">Android Google </a>Android 37 </p> 38 <p> 39 40 </p> 41 <h2 id="announcements"></h2> 42 <ul> 43 <li>2 Android Android <a href="#common-questions-and-answers"></a> 44 <ul> 45 <li><strong>2017-02-01</strong>: 2017-02-01 </li> 46 <li><strong>2017-02-05</strong>: 2017-02-01 2017-02-05 </li> 47 </ul> 48 </li> 49 <li> Google 2017 2 5 1 OTA </li> 50 </ul> 51 <h2 id="security-vulnerability-summary"></h2> 52 <p> 53 CVEGoogle <a href="/security/overview/updates-resources.html#severity"></a> 54 </p> 55 <h3 id="2017-02-01-summary"> 2017-02-01 </h3> 56 <p> 57 2017-02-01 58 </p> 59 <table> 60 <col width="55%"> 61 <col width="20%"> 62 <col width="13%"> 63 <col width="12%"> 64 <tr> 65 <th></th> 66 <th>CVE</th> 67 <th></th> 68 <th>Google </th> 69 </tr> 70 <tr> 71 <td>Surfaceflinger </td> 72 <td>CVE-2017-0405</td> 73 <td></td> 74 <td></td> 75 </tr> 76 <tr> 77 <td></td> 78 <td>CVE-2017-0406CVE-2017-0407</td> 79 <td></td> 80 <td></td> 81 </tr> 82 <tr> 83 <td>libgdx </td> 84 <td>CVE-2017-0408</td> 85 <td></td> 86 <td></td> 87 </tr> 88 <tr> 89 <td>libstagefright </td> 90 <td>CVE-2017-0409</td> 91 <td></td> 92 <td></td> 93 </tr> 94 <tr> 95 <td>Java.Net </td> 96 <td>CVE-2016-5552</td> 97 <td></td> 98 <td></td> 99 </tr> 100 <tr> 101 <td> API </td> 102 <td>CVE-2017-0410CVE-2017-0411CVE-2017-0412</td> 103 <td></td> 104 <td></td> 105 </tr> 106 <tr> 107 <td></td> 108 <td>CVE-2017-0415</td> 109 <td></td> 110 <td></td> 111 </tr> 112 <tr> 113 <td></td> 114 <td>CVE-2017-0416CVE-2017-0417CVE-2017-0418CVE-2017-0419</td> 115 <td></td> 116 <td></td> 117 </tr> 118 <tr> 119 <td>AOSP </td> 120 <td>CVE-2017-0420</td> 121 <td></td> 122 <td></td> 123 </tr> 124 <tr> 125 <td>AOSP </td> 126 <td>CVE-2017-0413CVE-2017-0414</td> 127 <td></td> 128 <td></td> 129 </tr> 130 <tr> 131 <td> API </td> 132 <td>CVE-2017-0421</td> 133 <td></td> 134 <td></td> 135 </tr> 136 <tr> 137 <td>Bionic DNS </td> 138 <td>CVE-2017-0422</td> 139 <td></td> 140 <td></td> 141 </tr> 142 <tr> 143 <td>Bluetooth </td> 144 <td>CVE-2017-0423</td> 145 <td></td> 146 <td></td> 147 </tr> 148 <tr> 149 <td>AOSP </td> 150 <td>CVE-2017-0424</td> 151 <td></td> 152 <td></td> 153 </tr> 154 <tr> 155 <td></td> 156 <td>CVE-2017-0425</td> 157 <td></td> 158 <td></td> 159 </tr> 160 <tr> 161 <td> </td> 162 <td>CVE-2017-0426</td> 163 <td></td> 164 <td></td> 165 </tr> 166 </table> 167 <h3 id="2017-02-05-summary"> 2017-02-05 </h3> 168 <p> 2017-02-05 2017-02-01 </p> 169 <table> 170 <col width="55%"> 171 <col width="20%"> 172 <col width="13%"> 173 <col width="12%"> 174 <tr> 175 <th></th> 176 <th>CVE</th> 177 <th></th> 178 <th>Google </th> 179 </tr> 180 <tr> 181 <td>Qualcomm crypto </td> 182 <td>CVE-2016-8418</td> 183 <td></td> 184 <td>*</td> 185 </tr> 186 <tr> 187 <td> </td> 188 <td>CVE-2017-0427</td> 189 <td></td> 190 <td></td> 191 </tr> 192 <tr> 193 <td>NVIDIA GPU </td> 194 <td>CVE-2017-0428CVE-2017-0429</td> 195 <td></td> 196 <td></td> 197 </tr> 198 <tr> 199 <td> </td> 200 <td>CVE-2014-9914</td> 201 <td></td> 202 <td></td> 203 </tr> 204 <tr> 205 <td>Broadcom Wi-Fi </td> 206 <td>CVE-2017-0430</td> 207 <td></td> 208 <td></td> 209 </tr> 210 <tr> 211 <td>Qualcomm </td> 212 <td>CVE-2017-0431</td> 213 <td></td> 214 <td>*</td> 215 </tr> 216 <tr> 217 <td>MediaTek </td> 218 <td>CVE-2017-0432</td> 219 <td></td> 220 <td>*</td> 221 </tr> 222 <tr> 223 <td>Synaptics </td> 224 <td>CVE-2017-0433CVE-2017-0434</td> 225 <td></td> 226 <td></td> 227 </tr> 228 <tr> 229 <td>Qualcomm Secure Execution Environment Communicator </td> 230 <td>CVE-2016-8480</td> 231 <td></td> 232 <td></td> 233 </tr> 234 <tr> 235 <td>Qualcomm </td> 236 <td>CVE-2016-8481CVE-2017-0435CVE-2017-0436</td> 237 <td></td> 238 <td></td> 239 </tr> 240 <tr> 241 <td>Qualcomm Wi-Fi </td> 242 <td>CVE-2017-0437CVE-2017-0438CVE-2017-0439CVE-2016-8419 243 CVE-2016-8420CVE-2016-8421CVE-2017-0440CVE-2017-0441 244 CVE-2017-0442CVE-2017-0443CVE-2016-8476</td> 245 <td></td> 246 <td></td> 247 </tr> 248 <tr> 249 <td>Realtek </td> 250 <td>CVE-2017-0444</td> 251 <td></td> 252 <td></td> 253 </tr> 254 <tr> 255 <td>HTC </td> 256 <td>CVE-2017-0445CVE-2017-0446CVE-2017-0447</td> 257 <td></td> 258 <td></td> 259 </tr> 260 <tr> 261 <td>NVIDIA </td> 262 <td>CVE-2017-0448</td> 263 <td></td> 264 <td></td> 265 </tr> 266 <tr> 267 <td>Broadcom Wi-Fi </td> 268 <td>CVE-2017-0449</td> 269 <td></td> 270 <td></td> 271 </tr> 272 <tr> 273 <td></td> 274 <td>CVE-2017-0450</td> 275 <td></td> 276 <td></td> 277 </tr> 278 <tr> 279 <td> </td> 280 <td>CVE-2016-10044</td> 281 <td></td> 282 <td></td> 283 </tr> 284 <tr> 285 <td>Qualcomm Secure Execution Environment Communicator </td> 286 <td>CVE-2016-8414</td> 287 <td></td> 288 <td></td> 289 </tr> 290 <tr> 291 <td>Qualcomm </td> 292 <td>CVE-2017-0451</td> 293 <td></td> 294 <td></td> 295 </tr> 296 </table> 297 298 <p>* Android 7.0 Google </p> 299 300 <h2 id="mitigations">Android Google </h2> 301 <p><a href="/security/enhancements/index.html">Android </a> SafetyNet Android </p> 302 <ul> 303 <li>Android Android Google Android </li> 304 <li>Android <a href="http://static.googleusercontent.com/media/source.android.com/en//security/reports/Google_Android_Security_2015_Report_Final.pdf"> SafetyNet</a> <a href="http://static.googleusercontent.com/media/source.android.com/en//security/reports/Google_Android_Security_PHA_classifications.pdf"></a><a href="http://www.android.com/gms">Google </a>Google Play Google Play </li> 305 <li>Google </li> 306 </ul> 307 <h2 id="acknowledgements"></h2> 308 <p> 309 310 </p> 311 <ul> 312 <li>Daniel Dakhno: CVE-2017-0420</li> 313 <li>Copperhead Security Daniel Micay: CVE-2017-0410</li> 314 <li><a href="http://www.linkedin.com/in/dzima">Dzmitry Lukyanenka</a>: CVE-2017-0414</li> 315 <li>Chrome Frank Liberato: CVE-2017-0409</li> 316 <li>Project Zero Gal Beniamini: CVE-2017-0411CVE-2017-0412</li> 317 <li>Qihoo 360 Technology Co. Ltd.IceSword Lab Gengjia Chen<a href="https://twitter.com/chengjia4574">@chengjia4574</a> <a href="http://weibo.com/jfpan">pjf</a>: CVE-2017-0434CVE-2017-0446CVE-2017-0447CVE-2017-0432</li> 318 <li><a href="http://www.360.com">Qihoo 360 Technology Co. Ltd.</a>Alpha Team Guang Gong<a href="https://twitter.com/oldfresher">@oldfresher</a>: CVE-2017-0415</li> 319 <li><a href="http://c0reteam.org">C0RE Team</a> <a href="mailto:arnow117 (a] gmail.com">Hanxiang Wen</a><a href="mailto:vancouverdou (a] gmail.com">Wenke Dou</a>Mingjian Zhou<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>Xuxian Jiang: CVE-2017-0418</li> 320 <li>Qihoo 360 Technology Co. Ltd.Alpha Team Hao Chen Guang Gong: CVE-2017-0437CVE-2017-0438CVE-2017-0439CVE-2016-8419CVE-2016-8420CVE-2016-8421CVE-2017-0441CVE-2017-0442CVE-2016-8476CVE-2017-0443</li> 321 <li>Google Jeff Sharkey: CVE-2017-0421CVE-2017-0423</li> 322 <li>Jeff Trim: CVE-2017-0422</li> 323 <li>Qihoo 360IceSword Lab Jianqiang Zhao<a href="https://twitter.com/jianqiangzhao">@jianqiangzhao</a> <a href="http://weibo.com/jfpan">pjf</a>: CVE-2017-0445</li> 324 <li>LINE Corporation ma.la Nikolay Elenkov: CVE-2016-5552</li> 325 <li>Google Max Spector: CVE-2017-0416</li> 326 <li><a href="http://c0reteam.org">C0RE Team</a> Mingjian Zhou<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>Yuqi Lu<a href="https://twitter.com/nikos233__">@nikos233</a>Xuxian Jiang: CVE-2017-0425</li> 327 <li>TencentKeenLab Qidan He<a href="https://twitter.com/flanker_hqd">@flanker_hqd</a> Di Shen<a href="https://twitter.com/returnsme">@returnsme</a>: CVE-2017-0427</li> 328 <li>IBM X-Force Research Sagi Kedmi: CVE-2017-0433</li> 329 <li>Copperhead Security Scott Bauer<a href="http://twitter.com/ScottyBauer1">@ScottyBauer1</a> Daniel Micay: CVE-2017-0405</li> 330 <li>Trend Micro Mobile Threat Research Team Seven Shen<a href="https://twitter.com/lingtongshen">@lingtongshen</a>: CVE-2017-0449CVE-2016-8418</li> 331 <li><a href="http://c0reteam.org">C0RE Team</a> <a href="mailto:segfault5514 (a] gmail.com">Tong Lin</a><a href="mailto:computernik (a] gmail.com">Yuan-Tsung Lo</a>Chiachih Wu<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>Xuxian Jiang: CVE-2017-0436CVE-2016-8481CVE-2017-0435</li> 332 <li><a href="http://www.trendmicro.com">Trend Micro</a><a href="http://blog.trendmicro.com/trendlabs-security-intelligence/category/mobile">Mobile Threat Response Team</a> V.E.O<a href="https://twitter.com/vysea">@VYSEa</a>: CVE-2017-0424</li> 333 <li>Alibaba Inc. Weichao Sun<a href="https://twitter.com/sunblate">@sunblate</a>: CVE-2017-0407</li> 334 <li><a href="http://c0reteam.org">C0RE Team</a> <a href="mailto:vancouverdou (a] gmail.com">Wenke Dou</a><a href="mailto:hlhan (a] bupt.edu.cn">Hongli Han</a>Mingjian Zhou<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>Xuxian Jiang: CVE-2017-0450</li> 335 <li><a href="http://c0reteam.org">C0RE Team</a> <a href="mailto:vancouverdou (a] gmail.com">Wenke Dou</a>Yuqi Lu<a href="https://twitter.com/nikos233__">@nikos233</a>Mingjian Zhou<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>Xuxian Jiang: CVE-2017-0417</li> 336 <li>Ant-financial Light-Year Security Lab Wish Wu<a href="https://twitter.com/wish_wu">@wish_wu</a><a href="http://www.weibo.com/wishlinux"></a> : CVE-2017-0408</li> 337 <li><a href="http://c0reteam.org">C0RE Team</a> <a href="mailto:yaojun8558363 (a] gmail.com">Yao Jun</a><a href="mailto:computernik (a] gmail.com">Yuan-Tsung Lo</a>Chiachih Wu<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>Xuxian Jiang: CVE-2016-8480</li> 338 <li><a href="http://c0reteam.org">C0RE Team</a> <a href="mailto:computernik (a] gmail.com">Yuan-Tsung Lo</a>Chiachih Wu<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>Xuxian Jiang: CVE-2017-0444</li> 339 <li><a href="http://c0reteam.org">C0RE Team</a> <a href="mailto:computernik (a] gmail.com">Yuan-Tsung Lo</a><a href="mailto:segfault5514 (a] gmail.com">Tong Lin</a>Chiachih Wu<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>Xuxian Jiang: CVE-2017-0428</li> 340 <li><a href="http://c0reteam.org">C0RE Team</a> <a href="mailto:computernik (a] gmail.com">Yuan-Tsung Lo</a><a href="mailto:wisedd (a] gmail.com">Xiaodong Wang</a>Chiachih Wu<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>Xuxian Jiang: CVE-2017-0448CVE-2017-0429</li> 341 <li><a href="http://www.nsfocus.com">NSFocus</a> <a href="mailto:zhouzhenster (a] gmail.com">Zhen Zhou</a><a href="https://twitter.com/henices">@henices</a> <a href="mailto:sundaywind2004 (a] gmail.com">Zhixin Li</a>: CVE-2017-0406</li> 342 </ul> 343 <p> 344 </p><ul> 345 <li>Baidu X-Lab Pengfei DingChenfu BaoLenx Wei</li> 346 </ul> 347 348 <h2 id="2017-02-01-details"> 2017-02-01 </h2> 349 <p> 350 <a href="#2017-02-01-summary"> 2017-02-01 </a>CVE Google AOSP AOSP ID ID </p> 351 352 353 <h3 id="rce-in-surfaceflinger">Surfaceflinger </h3> 354 <p> 355 Surfaceflinger Surfaceflinger 356 </p> 357 358 <table> 359 <col width="18%"> 360 <col width="17%"> 361 <col width="10%"> 362 <col width="19%"> 363 <col width="18%"> 364 <col width="17%"> 365 <tr> 366 <th>CVE</th> 367 <th></th> 368 <th></th> 369 <th> Google </th> 370 <th> AOSP </th> 371 <th></th> 372 </tr> 373 <tr> 374 <td>CVE-2017-0405</td> 375 <td><a href="https://android.googlesource.com/platform/frameworks/native/+/16110b86db164e8d2b6864fed58f0385fe7d0979"> 376 A-31960359</a></td> 377 <td></td> 378 <td></td> 379 <td>7.07.1.1</td> 380 <td>2016 10 4 </td> 381 </tr> 382 </table> 383 384 385 <h3 id="rce-in-mediaserver"></h3> 386 <p> 387 388 </p> 389 390 <table> 391 <col width="18%"> 392 <col width="17%"> 393 <col width="10%"> 394 <col width="19%"> 395 <col width="18%"> 396 <col width="17%"> 397 <tr> 398 <th>CVE</th> 399 <th></th> 400 <th></th> 401 <th> Google </th> 402 <th> AOSP </th> 403 <th></th> 404 </tr> 405 <tr> 406 <td>CVE-2017-0406</td> 407 <td><a href="https://android.googlesource.com/platform/external/libhevc/+/fed702734d86801cc86b4865a57e2f2028c4b575"> 408 A-32915871</a> 409 [<a href="https://android.googlesource.com/platform/external/libhevc/+/df7b56457184600e3d2b7cbac87ebe7001f7cb48">2</a>]</td> 410 <td></td> 411 <td></td> 412 <td>6.06.0.17.07.1.1</td> 413 <td>2016 11 14 </td> 414 </tr> 415 <tr> 416 <td>CVE-2017-0407</td> 417 <td><a href="https://android.googlesource.com/platform/external/libhevc/+/7546c106004910a4583b2d7d03c6498ecf383da7"> 418 A-32873375</a></td> 419 <td></td> 420 <td></td> 421 <td>6.06.0.17.07.1.1</td> 422 <td>2016 11 12 </td> 423 </tr> 424 </table> 425 426 427 <h3 id="rce-in-libgdx">libgdx </h3> 428 <p> 429 libgdx 430 </p> 431 432 <table> 433 <col width="18%"> 434 <col width="17%"> 435 <col width="10%"> 436 <col width="19%"> 437 <col width="18%"> 438 <col width="17%"> 439 <tr> 440 <th>CVE</th> 441 <th></th> 442 <th></th> 443 <th> Google </th> 444 <th> AOSP </th> 445 <th></th> 446 </tr> 447 <tr> 448 <td>CVE-2017-0408</td> 449 <td><a href="https://android.googlesource.com/platform/external/libgdx/+/e6da772e70c9754966aabf4ddac73bb99eb1742b"> 450 A-32769670</a></td> 451 <td></td> 452 <td></td> 453 <td>7.1.1</td> 454 <td>2016 11 9 </td> 455 </tr> 456 </table> 457 458 459 <h3 id="rce-in-libstagefright">libstagefright </h3> 460 <p> 461 libstagefright 462 </p> 463 464 <table> 465 <col width="18%"> 466 <col width="17%"> 467 <col width="10%"> 468 <col width="19%"> 469 <col width="18%"> 470 <col width="17%"> 471 <tr> 472 <th>CVE</th> 473 <th></th> 474 <th></th> 475 <th> Google </th> 476 <th> AOSP </th> 477 <th></th> 478 </tr> 479 <tr> 480 <td>CVE-2017-0409</td> 481 <td><a href="https://android.googlesource.com/platform/external/libavc/+/72886b6964f6539908c8e127cd13c3091d2e5a8b"> 482 A-31999646</a></td> 483 <td></td> 484 <td></td> 485 <td>6.06.0.17.07.1.1</td> 486 <td>Google </td> 487 </tr> 488 </table> 489 490 491 <h3 id="eop-in-java.net">Java.Net </h3> 492 <p> 493 Java.Net 494 </p> 495 496 <table> 497 <col width="18%"> 498 <col width="17%"> 499 <col width="10%"> 500 <col width="19%"> 501 <col width="18%"> 502 <col width="17%"> 503 <tr> 504 <th>CVE</th> 505 <th></th> 506 <th></th> 507 <th> Google </th> 508 <th> AOSP </th> 509 <th></th> 510 </tr> 511 <tr> 512 <td>CVE-2016-5552</td> 513 <td><a href="https://android.googlesource.com/platform/libcore/+/4b3f2c6c5b84f80fae8eeeb46727811e055715ea"> 514 A-31858037</a></td> 515 <td></td> 516 <td></td> 517 <td>7.07.1.1</td> 518 <td>2016 9 30 </td> 519 </tr> 520 </table> 521 522 523 <h3 id="eop-in-framework-apis"> API </h3> 524 <p> 525 API 526 </p> 527 528 <table> 529 <col width="18%"> 530 <col width="17%"> 531 <col width="10%"> 532 <col width="19%"> 533 <col width="18%"> 534 <col width="17%"> 535 <tr> 536 <th>CVE</th> 537 <th></th> 538 <th></th> 539 <th> Google </th> 540 <th> AOSP </th> 541 <th></th> 542 </tr> 543 <tr> 544 <td>CVE-2017-0410</td> 545 <td><a href="https://android.googlesource.com/platform/frameworks/native/+/b4d6b292bce7d82c93fd454078dedf5a1302b9fa"> 546 A-31929765</a></td> 547 <td></td> 548 <td></td> 549 <td>5.0.25.1.16.06.0.17.07.1.1</td> 550 <td>2016 10 2 </td> 551 </tr> 552 <tr> 553 <td>CVE-2017-0411</td> 554 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/203725e4d58e16334d84998c1483c374f541ed9f"> 555 A-33042690</a> 556 [<a href="https://android.googlesource.com/platform/frameworks/base/+/31a06019d13d7b00ca35fc8512191c643acb8e84">2</a>]</td> 557 <td></td> 558 <td></td> 559 <td>7.07.1.1</td> 560 <td>2016 11 21 </td> 561 </tr> 562 <tr> 563 <td>CVE-2017-0412</td> 564 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/203725e4d58e16334d84998c1483c374f541ed9f"> 565 A-33039926</a> 566 [<a href="https://android.googlesource.com/platform/frameworks/base/+/31a06019d13d7b00ca35fc8512191c643acb8e84">2</a>]</td> 567 <td></td> 568 <td></td> 569 <td>7.07.1.1</td> 570 <td>2016 11 21 </td> 571 </tr> 572 </table> 573 574 <h3 id="eop-in-mediaserver"></h3> 575 <p> 576 577 </p> 578 579 <table> 580 <col width="18%"> 581 <col width="17%"> 582 <col width="10%"> 583 <col width="19%"> 584 <col width="18%"> 585 <col width="17%"> 586 <tr> 587 <th>CVE</th> 588 <th></th> 589 <th></th> 590 <th> Google </th> 591 <th> AOSP </th> 592 <th></th> 593 </tr> 594 <tr> 595 <td>CVE-2017-0415</td> 596 <td><a href="https://android.googlesource.com/platform/frameworks/native/+/2e16d5fac149dab3c3e8f1b2ca89f45cf55a7b34"> 597 A-32706020</a></td> 598 <td></td> 599 <td></td> 600 <td>6.06.0.17.07.1.1</td> 601 <td>2016 11 4 </td> 602 </tr> 603 </table> 604 605 606 <h3 id="eop-in-audioserver"></h3> 607 <p> 608 609 </p> 610 611 <table> 612 <col width="18%"> 613 <col width="17%"> 614 <col width="10%"> 615 <col width="19%"> 616 <col width="18%"> 617 <col width="17%"> 618 <tr> 619 <th>CVE</th> 620 <th></th> 621 <th></th> 622 <th> Google </th> 623 <th> AOSP </th> 624 <th></th> 625 </tr> 626 <tr> 627 <td>CVE-2017-0416</td> 628 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/b0bcddb44d992e74140a3f5eedc7177977ea8e34"> 629 A-32886609</a> 630 [<a href="https://android.googlesource.com/platform/frameworks/av/+/321ea5257e37c8edb26e66fe4ee78cca4cd915fe">2</a>]</td> 631 <td></td> 632 <td></td> 633 <td>4.4.45.0.25.1.16.06.0.17.07.1.1</td> 634 <td>Google </td> 635 </tr> 636 <tr> 637 <td>CVE-2017-0417</td> 638 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/b0bcddb44d992e74140a3f5eedc7177977ea8e34"> 639 A-32705438</a></td> 640 <td></td> 641 <td></td> 642 <td>4.4.45.0.25.1.16.06.0.17.07.1.1</td> 643 <td>2016 11 7 </td> 644 </tr> 645 <tr> 646 <td>CVE-2017-0418</td> 647 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/b0bcddb44d992e74140a3f5eedc7177977ea8e34"> 648 A-32703959</a> 649 [<a href="https://android.googlesource.com/platform/hardware/libhardware/+/534098cb29e1e4151ba2ed83d6a911d0b6f48522">2</a>]</td> 650 <td></td> 651 <td></td> 652 <td>4.4.45.0.25.1.16.06.0.17.07.1.1</td> 653 <td>2016 11 7 </td> 654 </tr> 655 <tr> 656 <td>CVE-2017-0419</td> 657 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/a155de4d70e0b9ac8fc02b2bdcbb2e8e6cca46ff"> 658 A-32220769</a></td> 659 <td></td> 660 <td></td> 661 <td>4.4.45.0.25.1.16.06.0.17.07.1.1</td> 662 <td>2016 10 15 </td> 663 </tr> 664 </table> 665 666 <h3 id="id-in-aosp-mail">AOSP </h3> 667 <p> 668 AOSP 669 </p> 670 671 <table> 672 <col width="18%"> 673 <col width="17%"> 674 <col width="10%"> 675 <col width="19%"> 676 <col width="18%"> 677 <col width="17%"> 678 <tr> 679 <th>CVE</th> 680 <th></th> 681 <th></th> 682 <th> Google </th> 683 <th> AOSP </th> 684 <th></th> 685 </tr> 686 <tr> 687 <td>CVE-2017-0420</td> 688 <td><a href="https://android.googlesource.com/platform/packages/apps/UnifiedEmail/+/2073799a165e6aa15117f8ad76bb0c7618b13909"> 689 A-32615212</a></td> 690 <td></td> 691 <td></td> 692 <td>4.4.45.0.25.1.16.06.0.17.07.1.1</td> 693 <td>2016 9 12 </td> 694 </tr> 695 </table> 696 697 698 <h3 id="id-in-aosp-messaging">AOSP </h3> 699 <p> 700 AOSP 701 </p> 702 703 <table> 704 <col width="18%"> 705 <col width="17%"> 706 <col width="10%"> 707 <col width="19%"> 708 <col width="18%"> 709 <col width="17%"> 710 <tr> 711 <th>CVE</th> 712 <th></th> 713 <th></th> 714 <th> Google </th> 715 <th> AOSP </th> 716 <th></th> 717 </tr> 718 <tr> 719 <td>CVE-2017-0413</td> 720 <td><a href="https://android.googlesource.com/platform/packages/apps/Messaging/+/74059eb379ea07b9c7f46bf2112a60de8e4cfc8e"> 721 A-32161610</a></td> 722 <td></td> 723 <td></td> 724 <td>6.06.0.17.07.1.1</td> 725 <td>2016 10 13 </td> 726 </tr> 727 <tr> 728 <td>CVE-2017-0414</td> 729 <td><a href="https://android.googlesource.com/platform/packages/apps/Messaging/+/30ab77f42d20c33c0aa9e6ffd2b164d096db32dd"> 730 A-32807795</a></td> 731 <td></td> 732 <td></td> 733 <td>6.06.0.17.07.1.1</td> 734 <td>2016 11 10 </td> 735 </tr> 736 </table> 737 738 739 <h3 id="id-in-framework-apis"> API </h3> 740 <p> 741 API 742 </p> 743 744 <table> 745 <col width="18%"> 746 <col width="17%"> 747 <col width="10%"> 748 <col width="19%"> 749 <col width="18%"> 750 <col width="17%"> 751 <tr> 752 <th>CVE</th> 753 <th></th> 754 <th></th> 755 <th> Google </th> 756 <th> AOSP </th> 757 <th></th> 758 </tr> 759 <tr> 760 <td>CVE-2017-0421</td> 761 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/858064e946dc8dbf76bff9387e847e211703e336"> 762 A-32555637</a></td> 763 <td></td> 764 <td></td> 765 <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 766 <td>Google </td> 767 </tr> 768 </table> 769 770 771 <h3 id="dos-in-bionic-dns">Bionic DNS </h3> 772 <p> 773 Bionic DNS 774 775 </p> 776 777 <table> 778 <col width="18%"> 779 <col width="17%"> 780 <col width="10%"> 781 <col width="19%"> 782 <col width="18%"> 783 <col width="17%"> 784 <tr> 785 <th>CVE</th> 786 <th></th> 787 <th></th> 788 <th> Google </th> 789 <th> AOSP </th> 790 <th></th> 791 </tr> 792 <tr> 793 <td>CVE-2017-0422</td> 794 <td><a href="https://android.googlesource.com/platform/bionic/+/dba3df609436d7697305735818f0a840a49f1a0d"> 795 A-32322088</a></td> 796 <td></td> 797 <td></td> 798 <td>4.4.45.0.25.1.16.06.0.17.07.1.1</td> 799 <td>2016 10 20 </td> 800 </tr> 801 </table> 802 803 804 <h3 id="eop-in-bluetooth">Bluetooth </h3> 805 <p> 806 Bluetooth Bluetooth 807 </p> 808 809 <table> 810 <col width="18%"> 811 <col width="17%"> 812 <col width="10%"> 813 <col width="19%"> 814 <col width="18%"> 815 <col width="17%"> 816 <tr> 817 <th>CVE</th> 818 <th></th> 819 <th></th> 820 <th> Google </th> 821 <th> AOSP </th> 822 <th></th> 823 </tr> 824 <tr> 825 <td>CVE-2017-0423</td> 826 <td><a href="https://android.googlesource.com/platform/packages/apps/Bluetooth/+/4c1f39e1cf203cb9db7b85e75b5fc32ec7132083"> 827 A-32612586</a></td> 828 <td></td> 829 <td></td> 830 <td>5.0.25.1.16.06.0.17.07.1.1</td> 831 <td>2016 11 2 </td> 832 </tr> 833 </table> 834 835 836 <h3 id="id-in-aosp-messaging-2">AOSP </h3> 837 <p> 838 AOSP 839 </p> 840 841 <table> 842 <col width="18%"> 843 <col width="17%"> 844 <col width="10%"> 845 <col width="19%"> 846 <col width="18%"> 847 <col width="17%"> 848 <tr> 849 <th>CVE</th> 850 <th></th> 851 <th></th> 852 <th> Google </th> 853 <th> AOSP </th> 854 <th></th> 855 </tr> 856 <tr> 857 <td>CVE-2017-0424</td> 858 <td><a href="https://android.googlesource.com/platform/packages/apps/Messaging/+/e9b7e3a6b7a8886693d298401a20788816a5afdc"> 859 A-32322450</a></td> 860 <td></td> 861 <td></td> 862 <td>6.06.0.17.07.1.1</td> 863 <td>2016 10 20 </td> 864 </tr> 865 </table> 866 867 868 <h3 id="id-in-audioserver"></h3> 869 <p> 870 871 </p> 872 873 <table> 874 <col width="18%"> 875 <col width="17%"> 876 <col width="10%"> 877 <col width="19%"> 878 <col width="18%"> 879 <col width="17%"> 880 <tr> 881 <th>CVE</th> 882 <th></th> 883 <th></th> 884 <th> Google </th> 885 <th> AOSP </th> 886 <th></th> 887 </tr> 888 <tr> 889 <td>CVE-2017-0425</td> 890 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/a155de4d70e0b9ac8fc02b2bdcbb2e8e6cca46ff"> 891 A-32720785</a></td> 892 <td></td> 893 <td></td> 894 <td>4.4.45.0.25.1.16.06.0.17.07.1.1</td> 895 <td>2016 11 7 </td> 896 </tr> 897 </table> 898 899 900 <h3 id="id-in-filesystem"> </h3> 901 <p> 902 903 </p> 904 905 <table> 906 <col width="18%"> 907 <col width="17%"> 908 <col width="10%"> 909 <col width="19%"> 910 <col width="18%"> 911 <col width="17%"> 912 <tr> 913 <th>CVE</th> 914 <th></th> 915 <th></th> 916 <th> Google </th> 917 <th> AOSP </th> 918 <th></th> 919 </tr> 920 <tr> 921 <td>CVE-2017-0426</td> 922 <td><a href="https://android.googlesource.com/platform/system/sepolicy/+/ae46511bfa62b56938b3df824bb2ee737dceaa7a"> 923 A-32799236</a> 924 [<a href="https://android.googlesource.com/platform/system/core/+/0e7324e9095a209d4f06ba00812b2b2976fe2846">2</a>]</td> 925 <td></td> 926 <td></td> 927 <td>7.07.1.1</td> 928 <td>Google </td> 929 </tr> 930 </table> 931 932 933 <h2 id="2017-02-05-details"> 2017-02-05 </h2> 934 <p> 935 <a href="#2017-02-05-summary"> 2017-02-05 </a>CVE Google AOSP AOSP ID ID </p> 936 937 938 <h3 id="rce-in-qualcomm-crypto-driver">Qualcomm crypto </h3> 939 <p> 940 Qualcomm crypto 941 </p> 942 943 <table> 944 <col width="19%"> 945 <col width="20%"> 946 <col width="10%"> 947 <col width="23%"> 948 <col width="17%"> 949 <tr> 950 <th>CVE</th> 951 <th></th> 952 <th></th> 953 <th> Google </th> 954 <th></th> 955 </tr> 956 <tr> 957 <td>CVE-2016-8418</td> 958 <td>A-32652894<br> 959 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=8f8066581a8e575a7d57d27f36c4db63f91ca48f"> 960 QC-CR#1077457</a></td> 961 <td></td> 962 <td>*</td> 963 <td>2016 10 10 </td> 964 </tr> 965 </table> 966 <p> 967 * Android 7.0 Google 968 </p> 969 970 971 <h3 id="eop-in-kernel-file-system"> </h3> 972 <p> 973 </p> 974 975 <table> 976 <col width="19%"> 977 <col width="20%"> 978 <col width="10%"> 979 <col width="23%"> 980 <col width="17%"> 981 <tr> 982 <th>CVE</th> 983 <th></th> 984 <th></th> 985 <th> Google </th> 986 <th></th> 987 </tr> 988 <tr> 989 <td>CVE-2017-0427</td> 990 <td>A-31495866*</td> 991 <td></td> 992 <td>Nexus 5XNexus 6Nexus 6PNexus 9Android OnePixel CNexus PlayerPixelPixel XL</td> 993 <td>2016 9 13 </td> 994 </tr> 995 </table> 996 <p> 997 * <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 998 </p> 999 1000 1001 <h3 id="eop-in-nvidia-gpu-driver">NVIDIA GPU </h3> 1002 <p> 1003 NVIDIA GPU 1004 </p> 1005 1006 <table> 1007 <col width="19%"> 1008 <col width="20%"> 1009 <col width="10%"> 1010 <col width="23%"> 1011 <col width="17%"> 1012 <tr> 1013 <th>CVE</th> 1014 <th></th> 1015 <th></th> 1016 <th> Google </th> 1017 <th></th> 1018 </tr> 1019 <tr> 1020 <td>CVE-2017-0428</td> 1021 <td>A-32401526*<br> 1022 N-CVE-2017-0428</td> 1023 <td></td> 1024 <td>Nexus 9</td> 1025 <td>2016 10 25 </td> 1026 </tr> 1027 <tr> 1028 <td>CVE-2017-0429</td> 1029 <td>A-32636619*<br> 1030 N-CVE-2017-0429</td> 1031 <td></td> 1032 <td>Nexus 9</td> 1033 <td>2016 11 3 </td> 1034 </tr> 1035 </table> 1036 <p> 1037 * <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1038 </p> 1039 1040 1041 <h3 id="eop-in-kernel-networking-subsystem"> </h3> 1042 <p> 1043 1044 </p> 1045 1046 <table> 1047 <col width="19%"> 1048 <col width="20%"> 1049 <col width="10%"> 1050 <col width="23%"> 1051 <col width="17%"> 1052 <tr> 1053 <th>CVE</th> 1054 <th></th> 1055 <th></th> 1056 <th> Google </th> 1057 <th></th> 1058 </tr> 1059 <tr> 1060 <td>CVE-2014-9914</td> 1061 <td>A-32882659<br> 1062 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9709674e68646cee5a24e3000b3558d25412203a"> 1063 </a></td> 1064 <td></td> 1065 <td>Nexus 6Nexus Player</td> 1066 <td>2016 11 9 </td> 1067 </tr> 1068 </table> 1069 1070 1071 <h3 id="eop-in-broadcom-wi-fi-driver">Broadcom Wi-Fi </h3> 1072 <p> 1073 Broadcom Wi-Fi 1074 </p> 1075 1076 <table> 1077 <col width="19%"> 1078 <col width="20%"> 1079 <col width="10%"> 1080 <col width="23%"> 1081 <col width="17%"> 1082 <tr> 1083 <th>CVE</th> 1084 <th></th> 1085 <th></th> 1086 <th> Google </th> 1087 <th></th> 1088 </tr> 1089 <tr> 1090 <td>CVE-2017-0430</td> 1091 <td>A-32838767*<br> 1092 B-RB#107459</td> 1093 <td></td> 1094 <td>Nexus 6Nexus 6PNexus 9Pixel CNexus Player</td> 1095 <td>Google </td> 1096 </tr> 1097 </table> 1098 <p> 1099 * <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1100 </p> 1101 1102 1103 <h3 id="vulnerabilities-in-qualcomm-components">Qualcomm </h3> 1104 <p> 1105 Qualcomm Qualcomm AMSS 2016 9 1106 </p> 1107 1108 <table> 1109 <col width="19%"> 1110 <col width="20%"> 1111 <col width="10%"> 1112 <col width="23%"> 1113 <col width="17%"> 1114 <tr> 1115 <th>CVE</th> 1116 <th></th> 1117 <th>*</th> 1118 <th> Google </th> 1119 <th></th> 1120 </tr> 1121 <tr> 1122 <td>CVE-2017-0431</td> 1123 <td>A-32573899**</td> 1124 <td></td> 1125 <td>***</td> 1126 <td>Qualcomm </td> 1127 </tr> 1128 </table> 1129 <p> 1130 * 1131 </p> 1132 <p> 1133 ** <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1134 </p> 1135 <p>*** Android 7.0 Google 1136 </p> 1137 1138 1139 <h3 id="eop-in-mediatek-driver">MediaTek </h3> 1140 <p> 1141 MediaTek 1142 </p> 1143 1144 <table> 1145 <col width="19%"> 1146 <col width="20%"> 1147 <col width="10%"> 1148 <col width="23%"> 1149 <col width="17%"> 1150 <tr> 1151 <th>CVE</th> 1152 <th></th> 1153 <th></th> 1154 <th> Google </th> 1155 <th></th> 1156 </tr> 1157 <tr> 1158 <td>CVE-2017-0432</td> 1159 <td>A-28332719*<br> 1160 M-ALPS02708925</td> 1161 <td></td> 1162 <td>**</td> 1163 <td>2016 4 21 </td> 1164 </tr> 1165 </table> 1166 <p> 1167 * <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1168 </p> 1169 <p>** Android 7.0 Google 1170 </p> 1171 1172 1173 <h3 id="eop-in-synaptics-touchscreen-driver">Synaptics </h3> 1174 <p> 1175 Synaptics 1176 </p> 1177 1178 <table> 1179 <col width="19%"> 1180 <col width="20%"> 1181 <col width="10%"> 1182 <col width="23%"> 1183 <col width="17%"> 1184 <tr> 1185 <th>CVE</th> 1186 <th></th> 1187 <th></th> 1188 <th> Google </th> 1189 <th></th> 1190 </tr> 1191 <tr> 1192 <td>CVE-2017-0433</td> 1193 <td>A-31913571*</td> 1194 <td></td> 1195 <td>Nexus 6PNexus 9Android OnePixelPixel XL</td> 1196 <td>2016 9 8 </td> 1197 </tr> 1198 <tr> 1199 <td>CVE-2017-0434</td> 1200 <td>A-33001936*</td> 1201 <td></td> 1202 <td>PixelPixel XL</td> 1203 <td>2016 11 18 </td> 1204 </tr> 1205 </table> 1206 <p> 1207 * <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1208 </p> 1209 1210 1211 <h3 id="eop-in-qualcomm-secure-execution-environment-communicator-driver">Qualcomm Secure Execution Environment Communicator </h3> 1212 <p> 1213 Qualcomm Secure Execution Environment Communicator 1214 </p> 1215 1216 <table> 1217 <col width="19%"> 1218 <col width="20%"> 1219 <col width="10%"> 1220 <col width="23%"> 1221 <col width="17%"> 1222 <tr> 1223 <th>CVE</th> 1224 <th></th> 1225 <th></th> 1226 <th> Google </th> 1227 <th></th> 1228 </tr> 1229 <tr> 1230 <td>CVE-2016-8480</td> 1231 <td>A-31804432<br> 1232 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=0ed0f061bcd71940ed65de2ba46e37e709e31471"> 1233 QC-CR#1086186</a> 1234 [<a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=cd70f6025a7bbce89af7a7abf4c40a219fdea406">2</a>]</td> 1235 <td></td> 1236 <td>Nexus 5XNexus 6Nexus 6PAndroid OnePixelPixel XL</td> 1237 <td>2016 9 28 </td> 1238 </tr> 1239 </table> 1240 1241 1242 <h3 id="eop-in-qualcomm-sound-driver">Qualcomm </h3> 1243 <p> 1244 Qualcomm 1245 </p> 1246 1247 <table> 1248 <col width="19%"> 1249 <col width="20%"> 1250 <col width="10%"> 1251 <col width="23%"> 1252 <col width="17%"> 1253 <tr> 1254 <th>CVE</th> 1255 <th></th> 1256 <th></th> 1257 <th> Google </th> 1258 <th></th> 1259 </tr> 1260 <tr> 1261 <td>CVE-2016-8481</td> 1262 <td>A-31906415*<br> 1263 QC-CR#1078000</td> 1264 <td></td> 1265 <td>Nexus 5XNexus 6PPixelPixel XL</td> 1266 <td>2016 10 1 </td> 1267 </tr> 1268 <tr> 1269 <td>CVE-2017-0435</td> 1270 <td>A-31906657*<br> 1271 QC-CR#1078000</td> 1272 <td></td> 1273 <td>Nexus 5XNexus 6PPixelPixel XL</td> 1274 <td>2016 10 1 </td> 1275 </tr> 1276 <tr> 1277 <td>CVE-2017-0436</td> 1278 <td>A-32624661*<br> 1279 QC-CR#1078000</td> 1280 <td></td> 1281 <td>Nexus 5XNexus 6PPixelPixel XL</td> 1282 <td>2016 11 2 </td> 1283 </tr> 1284 </table> 1285 <p> 1286 * <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1287 </p> 1288 1289 1290 <h3 id="eop-in-qualcomm-wi-fi-driver">Qualcomm Wi-Fi </h3> 1291 <p> 1292 Qualcomm Wi-Fi 1293 </p> 1294 1295 <table> 1296 <col width="19%"> 1297 <col width="20%"> 1298 <col width="10%"> 1299 <col width="23%"> 1300 <col width="17%"> 1301 <tr> 1302 <th>CVE</th> 1303 <th></th> 1304 <th></th> 1305 <th> Google </th> 1306 <th></th> 1307 </tr> 1308 <tr> 1309 <td>CVE-2017-0437</td> 1310 <td>A-32402310<br> 1311 <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=1f0b036dc74ccb6e9f0a03a540efdb0876f5ca77"> 1312 QC-CR#1092497</a></td> 1313 <td></td> 1314 <td>Nexus 5XPixelPixel XL</td> 1315 <td>2016 10 25 </td> 1316 </tr> 1317 <tr> 1318 <td>CVE-2017-0438</td> 1319 <td>A-32402604<br> 1320 <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=1f0b036dc74ccb6e9f0a03a540efdb0876f5ca77"> 1321 QC-CR#1092497</a></td> 1322 <td></td> 1323 <td>Nexus 5XPixelPixel XL</td> 1324 <td>2016 10 25 </td> 1325 </tr> 1326 <tr> 1327 <td>CVE-2017-0439</td> 1328 <td>A-32450647<br> 1329 <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=81b6b5538d3227ed4b925fcceedb109abb2a4c61"> 1330 QC-CR#1092059</a></td> 1331 <td></td> 1332 <td>Nexus 5XPixelPixel XL</td> 1333 <td>2016 10 25 </td> 1334 </tr> 1335 <tr> 1336 <td>CVE-2016-8419</td> 1337 <td>A-32454494<br> 1338 <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=9ba50d536227666a5b6abd51f2b122675d950488"> 1339 QC-CR#1087209</a></td> 1340 <td></td> 1341 <td>Nexus 5XPixelPixel XL</td> 1342 <td>2016 10 26 </td> 1343 </tr> 1344 <tr> 1345 <td>CVE-2016-8420</td> 1346 <td>A-32451171<br> 1347 <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=c6597e015a7ce5ee71d3725fc55e64fc50923f4e"> 1348 QC-CR#1087807</a></td> 1349 <td></td> 1350 <td>Nexus 5XPixelPixel XL</td> 1351 <td>2016 10 26 </td> 1352 </tr> 1353 <tr> 1354 <td>CVE-2016-8421</td> 1355 <td>A-32451104<br> 1356 <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=61a5cdb9adc96645583f528ac923e6e59f3abbcb"> 1357 QC-CR#1087797</a></td> 1358 <td></td> 1359 <td>Nexus 5XPixelPixel XL</td> 1360 <td>2016 10 26 </td> 1361 </tr> 1362 <tr> 1363 <td>CVE-2017-0440</td> 1364 <td>A-33252788<br> 1365 <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=10f0051f7b3b9a7635b0762a8cf102f595f7a268"> 1366 QC-CR#1095770</a></td> 1367 <td></td> 1368 <td>Nexus 5XPixelPixel XL</td> 1369 <td>2016 11 11 </td> 1370 </tr> 1371 <tr> 1372 <td>CVE-2017-0441</td> 1373 <td>A-32872662<br> 1374 <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=da87131740351b833f17f05dfa859977bc1e7684"> 1375 QC-CR#1095009</a></td> 1376 <td></td> 1377 <td>Nexus 5XPixelPixel XL</td> 1378 <td>2016 11 11 </td> 1379 </tr> 1380 <tr> 1381 <td>CVE-2017-0442</td> 1382 <td>A-32871330<br> 1383 <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=1f0b036dc74ccb6e9f0a03a540efdb0876f5ca77"> 1384 QC-CR#1092497</a></td> 1385 <td></td> 1386 <td>Nexus 5XPixelPixel XL</td> 1387 <td>2016 11 13 </td> 1388 </tr> 1389 <tr> 1390 <td>CVE-2017-0443</td> 1391 <td>A-32877494<br> 1392 <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=1f0b036dc74ccb6e9f0a03a540efdb0876f5ca77"> 1393 QC-CR#1092497</a></td> 1394 <td></td> 1395 <td>Nexus 5XPixelPixel XL</td> 1396 <td>2016 11 13 </td> 1397 </tr> 1398 <tr> 1399 <td>CVE-2016-8476</td> 1400 <td>A-32879283<br> 1401 <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=bfe8035bce6fec72ed1d064b94529fce8fb09799"> 1402 QC-CR#1091940</a></td> 1403 <td></td> 1404 <td>Nexus 5XPixelPixel XL</td> 1405 <td>2016 11 14 </td> 1406 </tr> 1407 </table> 1408 1409 1410 <h3 id="eop-in-realtek-sound-driver">Realtek </h3> 1411 <p> 1412 Realtek 1413 </p> 1414 1415 <table> 1416 <col width="19%"> 1417 <col width="20%"> 1418 <col width="10%"> 1419 <col width="23%"> 1420 <col width="17%"> 1421 <tr> 1422 <th>CVE</th> 1423 <th></th> 1424 <th></th> 1425 <th> Google </th> 1426 <th></th> 1427 </tr> 1428 <tr> 1429 <td>CVE-2017-0444</td> 1430 <td>A-32705232*</td> 1431 <td></td> 1432 <td>Nexus 9</td> 1433 <td>2016 11 7 </td> 1434 </tr> 1435 </table> 1436 <p> 1437 * <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1438 </p> 1439 1440 1441 <h3 id="eop-in-htc-touchscreen-driver">HTC </h3> 1442 <p> 1443 HTC 1444 </p> 1445 1446 <table> 1447 <col width="19%"> 1448 <col width="20%"> 1449 <col width="10%"> 1450 <col width="23%"> 1451 <col width="17%"> 1452 <tr> 1453 <th>CVE</th> 1454 <th></th> 1455 <th></th> 1456 <th> Google </th> 1457 <th></th> 1458 </tr> 1459 <tr> 1460 <td>CVE-2017-0445</td> 1461 <td>A-32769717*</td> 1462 <td></td> 1463 <td>PixelPixel XL</td> 1464 <td>2016 11 9 </td> 1465 </tr> 1466 <tr> 1467 <td>CVE-2017-0446</td> 1468 <td>A-32917445*</td> 1469 <td></td> 1470 <td>PixelPixel XL</td> 1471 <td>2016 11 15 </td> 1472 </tr> 1473 <tr> 1474 <td>CVE-2017-0447</td> 1475 <td>A-32919560*</td> 1476 <td></td> 1477 <td>PixelPixel XL</td> 1478 <td>2016 11 15 </td> 1479 </tr> 1480 </table> 1481 <p> 1482 * <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1483 </p> 1484 1485 1486 <h3 id="id-in-nvidia-video-driver">NVIDIA </h3> 1487 <p> 1488 NVIDIA 1489 </p> 1490 1491 <table> 1492 <col width="19%"> 1493 <col width="20%"> 1494 <col width="10%"> 1495 <col width="23%"> 1496 <col width="17%"> 1497 <tr> 1498 <th>CVE</th> 1499 <th></th> 1500 <th></th> 1501 <th> Google </th> 1502 <th></th> 1503 </tr> 1504 <tr> 1505 <td>CVE-2017-0448</td> 1506 <td>A-32721029*<br> 1507 N-CVE-2017-0448</td> 1508 <td></td> 1509 <td>Nexus 9</td> 1510 <td>2016 11 7 </td> 1511 </tr> 1512 </table> 1513 <p> 1514 * <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1515 </p> 1516 1517 1518 <h3 id="eop-in-broadcom-wi-fi-driver-2">Broadcom Wi-Fi </h3> 1519 <p> 1520 Broadcom Wi-Fi 1521 </p> 1522 1523 <table> 1524 <col width="19%"> 1525 <col width="20%"> 1526 <col width="10%"> 1527 <col width="23%"> 1528 <col width="17%"> 1529 <tr> 1530 <th>CVE</th> 1531 <th></th> 1532 <th></th> 1533 <th> Google </th> 1534 <th></th> 1535 </tr> 1536 <tr> 1537 <td>CVE-2017-0449</td> 1538 <td>A-31707909*<br> 1539 B-RB#32094</td> 1540 <td></td> 1541 <td>Nexus 6Nexus 6P</td> 1542 <td>2016 9 23 </td> 1543 </tr> 1544 </table> 1545 <p> 1546 * <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1547 </p> 1548 1549 1550 <h3 id="eop-in-audioserver-2"> </h3> 1551 <p> 1552 1553 </p> 1554 1555 <table> 1556 <col width="19%"> 1557 <col width="20%"> 1558 <col width="10%"> 1559 <col width="23%"> 1560 <col width="17%"> 1561 <tr> 1562 <th>CVE</th> 1563 <th></th> 1564 <th></th> 1565 <th> Google </th> 1566 <th></th> 1567 </tr> 1568 <tr> 1569 <td>CVE-2017-0450</td> 1570 <td>A-32917432*</td> 1571 <td></td> 1572 <td>Nexus 9</td> 1573 <td>2016 11 15 </td> 1574 </tr> 1575 </table> 1576 <p> 1577 * <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1578 </p> 1579 1580 1581 <h3 id="eop-in-kernel-file-system-2"> </h3> 1582 <p> 1583 1584 </p> 1585 1586 <table> 1587 <col width="19%"> 1588 <col width="20%"> 1589 <col width="10%"> 1590 <col width="23%"> 1591 <col width="17%"> 1592 <tr> 1593 <th>CVE</th> 1594 <th></th> 1595 <th></th> 1596 <th> Google </th> 1597 <th></th> 1598 </tr> 1599 <tr> 1600 <td>CVE-2016-10044</td> 1601 <td>A-31711619*</td> 1602 <td></td> 1603 <td>Nexus 5XNexus 6Nexus 6PNexus 9Android OnePixel CNexus PlayerPixelPixel XL</td> 1604 <td>Google </td> 1605 </tr> 1606 </table> 1607 <p> 1608 * <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1609 </p> 1610 1611 1612 <h3 id="id-in-qualcomm-secure-execution-environment-communicator">Qualcomm Secure Execution Environment Communicator </h3> 1613 <p> 1614 Qualcomm Secure Execution Environment Communicator 1615 </p> 1616 1617 <table> 1618 <col width="19%"> 1619 <col width="20%"> 1620 <col width="10%"> 1621 <col width="23%"> 1622 <col width="17%"> 1623 <tr> 1624 <th>CVE</th> 1625 <th></th> 1626 <th></th> 1627 <th> Google </th> 1628 <th></th> 1629 </tr> 1630 <tr> 1631 <td>CVE-2016-8414</td> 1632 <td>A-31704078<br> 1633 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=320970d3da9b091e96746424c44649a91852a846"> 1634 QC-CR#1076407</a></td> 1635 <td></td> 1636 <td>Nexus 5XNexus 6PAndroid OnePixelPixel XL</td> 1637 <td>2016 9 23 </td> 1638 </tr> 1639 </table> 1640 1641 1642 <h3 id="id-in-qualcomm-sound-driver">Qualcomm </h3> 1643 <p> 1644 Qualcomm 1645 </p> 1646 1647 <table> 1648 <col width="19%"> 1649 <col width="20%"> 1650 <col width="10%"> 1651 <col width="23%"> 1652 <col width="17%"> 1653 <tr> 1654 <th>CVE</th> 1655 <th></th> 1656 <th></th> 1657 <th> Google </th> 1658 <th></th> 1659 </tr> 1660 <tr> 1661 <td>CVE-2017-0451</td> 1662 <td>A-31796345<br> 1663 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=59f55cd40b5f44941afc78b78e5bf81ad3dd723e"> 1664 QC-CR#1073129</a> 1665 [<a href="https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=35346beb2d8882115f698ab22a96803552b5c57e">2</a>]</td> 1666 <td></td> 1667 <td>Nexus 5XNexus 6PAndroid OnePixelPixel XL</td> 1668 <td>2016 9 27 </td> 1669 </tr> 1670 </table> 1671 1672 <h2 id="common-questions-and-answers"></h2> 1673 <p></p> 1674 <p><strong>1. </strong></p> 1675 <p> <a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">Pixel Nexus </a></p> 1676 <ul> 1677 <li> 2017-02-01 2017-02-01 </li> 1678 <li> 2017-02-05 2017-02-05 1679 </li> 1680 </ul> 1681 <p></p> 1682 <ul> 1683 <li><code>[ro.build.version.security_patch]:[2017-02-01]</code></li> 1684 <li><code>[ro.build.version.security_patch]:[2017-02-05]</code></li> 1685 </ul> 1686 1687 <p><strong>2. 2 </strong></p> 1688 1689 <p>2 Android Android Android </p> 1690 <ul> 1691 <li>2017 1 1 </li> 1692 <li>2017 1 5 </li> 1693 </ul> 1694 <p> 1 </p> 1695 <p><strong>3. Google </strong></p> 1696 <p><a href="#2017-02-01-details">2017-02-01</a> <a href="#2017-02-05-details">2017-02-05</a> Google <em></em> Google 1697 </p> 1698 <ul> 1699 <li><strong> Google </strong>: Pixel Google <em></em><a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices"></a>Nexus 5XNexus 6Nexus 6PNexus 72013Nexus 9Android OneNexus PlayerPixel CPixelPixel XL</li> 1700 <li><strong> Google </strong>: Google Google <em></em> Google </li> 1701 <li><strong> Google </strong>: Android 7.0 Google Google <em></em></li> 1702 </ul> 1703 <p><strong>4. 1704 </strong></p> 1705 <p><em></em></p> 1706 <table> 1707 <tr> 1708 <th></th> 1709 <th></th> 1710 </tr> 1711 <tr> 1712 <td>A-</td> 1713 <td>Android ID</td> 1714 </tr> 1715 <tr> 1716 <td>QC-</td> 1717 <td>Qualcomm </td> 1718 </tr> 1719 <tr> 1720 <td>M-</td> 1721 <td>MediaTek </td> 1722 </tr> 1723 <tr> 1724 <td>N-</td> 1725 <td>NVIDIA </td> 1726 </tr> 1727 <tr> 1728 <td>B-</td> 1729 <td>Broadcom </td> 1730 </tr> 1731 </table> 1732 1733 <h2 id="revisions"></h2> 1734 <ul> 1735 <li>2017 2 6 : </li> 1736 <li>2017 2 8 : AOSP </li> 1737 </ul> 1738 1739 </body> 1740 </html> 1741
