1 <html devsite> 2 <head> 3 <title>Android 2017 1</title> 4 <meta name="project_path" value="/_project.yaml" /> 5 <meta name="book_path" value="/_book.yaml" /> 6 </head> 7 <body> 8 <!-- 9 Copyright 2017 The Android Open Source Project 10 11 Licensed under the Apache License, Version 2.0 (the "License"); 12 you may not use this file except in compliance with the License. 13 You may obtain a copy of the License at 14 15 http://www.apache.org/licenses/LICENSE-2.0 16 17 Unless required by applicable law or agreed to in writing, software 18 distributed under the License is distributed on an "AS IS" BASIS, 19 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 20 See the License for the specific language governing permissions and 21 limitations under the License. 22 --> 23 24 25 <p><em>2017 1 3 | 2017 1 5 </em></p> 26 27 <p>Android Android 28 . (OTA) 29 Google . Google 30 <a href="https://developers.google.com/android/nexus/images">Google </a> . 2017 1 5 31 . <a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">Pixel Nexus </a> 32 .</p> 33 34 <p> 2016 12 5 . Android (AOSP) 35 , . 36 37 AOSP .</p> 38 39 <p> 40 , MMS 41 .</p> 42 43 <p> 44 . <a href="#mitigations">SafetyNet</a> Android 45 <a href="/security/enhancements/index.html">Android </a> 46 <a href="https://developer.android.com/training/safetynet/index.html">Android Google </a> .</p> 47 48 <p> .</p> 49 50 <h2 id="announcements"></h2> 51 <ul> 52 <li> Android Android 53 54 . 55 <a href="#common-questions-and-answers"> </a> 56 . 57 <ul> 58 <li><strong>2017-01-01</strong>: . 59 2017-01-01 60 .</li> 61 <li><strong>2017-01-05</strong>: . 62 2017-01-01 2017-01-05 63 .</li> 64 </ul> 65 </li> 66 <li> Google 2017 1 5 OTA 67 .</li> 68 </ul> 69 <h2 id="security-vulnerability-summary"> </h2> 70 <p> , ID(CVE), 71 Google 72 . <a href="/security/overview/updates-resources.html#severity"> </a> 73 74 75 .</p> 76 77 <h3 id="2017-01-01-summary">2017-01-01 78 </h3> 79 <p> 2017-01-01 .</p> 80 81 <table> 82 <col width="55%"> 83 <col width="20%"> 84 <col width="13%"> 85 <col width="12%"> 86 <tr> 87 <th></th> 88 <th>CVE</th> 89 <th></th> 90 <th>Google </th> 91 </tr> 92 <tr> 93 <td>c-ares </td> 94 <td>CVE-2016-5180</td> 95 <td></td> 96 <td></td> 97 </tr> 98 <tr> 99 <td>Framesequence </td> 100 <td>CVE-2017-0382</td> 101 <td></td> 102 <td></td> 103 </tr> 104 <tr> 105 <td> API </td> 106 <td>CVE-2017-0383</td> 107 <td></td> 108 <td></td> 109 </tr> 110 <tr> 111 <td> </td> 112 <td>CVE-2017-0384, CVE-2017-0385</td> 113 <td></td> 114 <td></td> 115 </tr> 116 <tr> 117 <td>libnl </td> 118 <td>CVE-2017-0386</td> 119 <td></td> 120 <td></td> 121 </tr> 122 <tr> 123 <td> </td> 124 <td>CVE-2017-0387</td> 125 <td></td> 126 <td></td> 127 </tr> 128 <tr> 129 <td> </td> 130 <td>CVE-2017-0388</td> 131 <td></td> 132 <td></td> 133 </tr> 134 <tr> 135 <td> (DoS) </td> 136 <td>CVE-2017-0389</td> 137 <td></td> 138 <td></td> 139 </tr> 140 <tr> 141 <td> (DoS) </td> 142 <td>CVE-2017-0390, CVE-2017-0391, CVE-2017-0392, CVE-2017-0393</td> 143 <td></td> 144 <td></td> 145 </tr> 146 <tr> 147 <td> (DoS) </td> 148 <td>CVE-2017-0394</td> 149 <td></td> 150 <td></td> 151 </tr> 152 <tr> 153 <td> </td> 154 <td>CVE-2017-0395</td> 155 <td></td> 156 <td></td> 157 </tr> 158 <tr> 159 <td> </td> 160 <td>CVE-2017-0381, CVE-2017-0396, CVE-2017-0397</td> 161 <td></td> 162 <td></td> 163 </tr> 164 <tr> 165 <td> </td> 166 <td>CVE-2017-0398, CVE-2017-0399, CVE-2017-0400, CVE-2017-0401, CVE-2017-0402</td> 167 <td></td> 168 <td></td> 169 </tr> 170 </table> 171 172 <h3 id="2017-01-05-summary">2017-01-05 </h3> 173 <p>2017-01-01 2017-01-05 174 .</p> 175 176 <table> 177 <col width="55%"> 178 <col width="20%"> 179 <col width="13%"> 180 <col width="12%"> 181 <tr> 182 <th></th> 183 <th>CVE</th> 184 <th></th> 185 <th>Google </th> 186 </tr> 187 <tr> 188 <td> </td> 189 <td>CVE-2015-3288</td> 190 <td></td> 191 <td></td> 192 </tr> 193 <tr> 194 <td>Qualcomm </td> 195 <td>CVE-2016-8422, CVE-2016-8423</td> 196 <td></td> 197 <td></td> 198 </tr> 199 <tr> 200 <td> </td> 201 <td>CVE-2015-5706</td> 202 <td></td> 203 <td>*</td> 204 </tr> 205 <tr> 206 <td>NVIDIA GPU </td> 207 <td>CVE-2016-8424, CVE-2016-8425, CVE-2016-8426, CVE-2016-8482, 208 CVE-2016-8427, CVE-2016-8428, CVE-2016-8429, CVE-2016-8430, 209 CVE-2016-8431, CVE-2016-8432</td> 210 <td></td> 211 <td></td> 212 </tr> 213 <tr> 214 <td>MediaTek </td> 215 <td>CVE-2016-8433</td> 216 <td></td> 217 <td>*</td> 218 </tr> 219 <tr> 220 <td>Qualcomm GPU </td> 221 <td>CVE-2016-8434</td> 222 <td></td> 223 <td></td> 224 </tr> 225 <tr> 226 <td>NVIDIA GPU </td> 227 <td>CVE-2016-8435</td> 228 <td></td> 229 <td></td> 230 </tr> 231 <tr> 232 <td>Qualcomm </td> 233 <td>CVE-2016-8436</td> 234 <td></td> 235 <td>*</td> 236 </tr> 237 <tr> 238 <td>Qualcomm </td> 239 <td>CVE-2016-5080, CVE-2016-8398, CVE-2016-8437, CVE-2016-8438, 240 CVE-2016-8439, CVE-2016-8440, CVE-2016-8441, CVE-2016-8442, 241 CVE-2016-8443, CVE-2016-8459</td> 242 <td></td> 243 <td>*</td> 244 </tr> 245 <tr> 246 <td>Qualcomm </td> 247 <td>CVE-2016-8412, CVE-2016-8444</td> 248 <td></td> 249 <td></td> 250 </tr> 251 <tr> 252 <td>MediaTek </td> 253 <td>CVE-2016-8445, CVE-2016-8446, CVE-2016-8447, CVE-2016-8448</td> 254 <td></td> 255 <td>*</td> 256 </tr> 257 <tr> 258 <td>Qualcomm Wi-Fi </td> 259 <td>CVE-2016-8415</td> 260 <td></td> 261 <td></td> 262 </tr> 263 <tr> 264 <td>NVIDIA GPU </td> 265 <td>CVE-2016-8449</td> 266 <td></td> 267 <td></td> 268 </tr> 269 <tr> 270 <td>Qualcomm </td> 271 <td>CVE-2016-8450</td> 272 <td></td> 273 <td></td> 274 </tr> 275 <tr> 276 <td>Synaptics </td> 277 <td>CVE-2016-8451</td> 278 <td></td> 279 <td>*</td> 280 </tr> 281 <tr> 282 <td> </td> 283 <td>CVE-2016-7042</td> 284 <td></td> 285 <td></td> 286 </tr> 287 <tr> 288 <td> </td> 289 <td>CVE-2017-0403</td> 290 <td></td> 291 <td></td> 292 </tr> 293 <tr> 294 <td> </td> 295 <td>CVE-2017-0404</td> 296 <td></td> 297 <td></td> 298 </tr> 299 <tr> 300 <td>Qualcomm Wi-Fi </td> 301 <td>CVE-2016-8452</td> 302 <td></td> 303 <td></td> 304 </tr> 305 <tr> 306 <td>Qualcomm </td> 307 <td>CVE-2016-5345</td> 308 <td></td> 309 <td></td> 310 </tr> 311 <tr> 312 <td> </td> 313 <td>CVE-2016-9754</td> 314 <td></td> 315 <td></td> 316 </tr> 317 <tr> 318 <td>Broadcom Wi-Fi </td> 319 <td>CVE-2016-8453, CVE-2016-8454, CVE-2016-8455, CVE-2016-8456, CVE-2016-8457</td> 320 <td></td> 321 <td></td> 322 </tr> 323 <tr> 324 <td>Synaptics </td> 325 <td>CVE-2016-8458</td> 326 <td></td> 327 <td></td> 328 </tr> 329 <tr> 330 <td>NVIDIA </td> 331 <td>CVE-2016-8460</td> 332 <td></td> 333 <td></td> 334 </tr> 335 <tr> 336 <td> </td> 337 <td>CVE-2016-8461, CVE-2016-8462</td> 338 <td></td> 339 <td></td> 340 </tr> 341 <tr> 342 <td>Qualcomm FUSE (DoS) </td> 343 <td>CVE-2016-8463</td> 344 <td></td> 345 <td>*</td> 346 </tr> 347 <tr> 348 <td> (DoS) </td> 349 <td>CVE-2016-8467</td> 350 <td></td> 351 <td></td> 352 </tr> 353 <tr> 354 <td>Broadcom Wi-Fi </td> 355 <td>CVE-2016-8464, CVE-2016-8465, CVE-2016-8466</td> 356 <td></td> 357 <td></td> 358 </tr> 359 <tr> 360 <td> </td> 361 <td>CVE-2016-8467</td> 362 <td></td> 363 <td></td> 364 </tr> 365 <tr> 366 <td>Binder </td> 367 <td>CVE-2016-8468</td> 368 <td></td> 369 <td></td> 370 </tr> 371 <tr> 372 <td>NVIDIA </td> 373 <td>CVE-2016-8469</td> 374 <td></td> 375 <td></td> 376 </tr> 377 <tr> 378 <td>MediaTek </td> 379 <td>CVE-2016-8470, CVE-2016-8471, CVE-2016-8472</td> 380 <td></td> 381 <td>*</td> 382 </tr> 383 <tr> 384 <td>STMicroelectronics </td> 385 <td>CVE-2016-8473, CVE-2016-8474</td> 386 <td></td> 387 <td></td> 388 </tr> 389 <tr> 390 <td>Qualcomm </td> 391 <td>CVE-2017-0399, CVE-2017-0400, CVE-2017-0401, CVE-2017-0402</td> 392 <td></td> 393 <td></td> 394 </tr> 395 <tr> 396 <td>HTC </td> 397 <td>CVE-2016-8475</td> 398 <td></td> 399 <td></td> 400 </tr> 401 <tr> 402 <td> (DoS) </td> 403 <td>CVE-2014-9420</td> 404 <td></td> 405 <td></td> 406 </tr> 407 </table> 408 <p>* Android 7.0 Google 409 .</p> 410 411 <h2 id="mitigations">Android Google 412 </h2> 413 <p> SafetyNet <a href="/security/enhancements/index.html">Android </a> 414 . 415 Android 416 .</p> 417 <ul> 418 <li>Android Android 419 . Android 420 .</li> 421 <li>Android <a href="http://static.googleusercontent.com/media/source.android.com/en//security/reports/Google_Android_Security_2015_Report_Final.pdf"> </a> 422 423 <a href="http://static.googleusercontent.com/media/source.android.com/en//security/reports/Google_Android_Security_PHA_classifications.pdf"> SafetyNet</a> 424 . <a href="http://www.android.com/gms">Google </a> 425 Google Play . Google 426 Play 427 428 . 429 430 . 431 .</li> 432 <li> Google 433 .</li> 434 </ul> 435 <h2 id="acknowledgements"> </h2> 436 <p> .</p> 437 <ul> 438 <li>Alexandru Blanda: CVE-2017-0390</li> 439 <li>Copperhead Security Daniel Micay: CVE-2017-0397</li> 440 <li>Tencent Xuanwu Lab 441 Daxing Guo(<a href="https://twitter.com/freener0">@freener0</a>): CVE-2017-0386</li> 442 <li><a href="mailto:derrek.haxx (a] gmail.com">derrek</a>(<a href="https://twitter.com/derrekr6">@derrekr6</a>): CVE-2017-0392</li> 443 <li>Tencent KeenLab(<a href="https://twitter.com/keen_lab">@keen_lab</a>) 444 Di Shen(<a href="https://twitter.com/returnsme">@returnsme</a>): CVE-2016-8412, 445 CVE-2016-8444, CVE-2016-8427, CVE-2017-0403</li> 446 <li>Shellphish Grill Team donfos(Aravind Machiry), UC Santa Barbara: 447 CVE-2016-8448, CVE-2016-8470, CVE-2016-8471, CVE-2016-8472</li> 448 <li><a href="http://www.ms509.com">MS509Team</a> En He(<a href="http://twitter.com/heeeeen4x">@heeeeen4x</a>): CVE-2017-0394</li> 449 <li>Qihoo 360 Technology Co. Ltd. 450 IceSword Lab Gengjia Chen(<a href="https://twitter.com/chengjia4574">@chengjia4574</a>) 451 <a href="http://weibo.com/jfpan">pjf</a>: CVE-2016-8464</li> 452 <li>Google WebM: CVE-2017-0393</li> 453 <li><a href="http://www.360.com">Qihoo 360 Technology Co. Ltd</a>. Alpha 454 Guang Gong()(<a href="http://twitter.com/oldfresher">@oldfresher</a>) 455 : CVE-2017-0387</li> 456 <li>Qihoo 360 Technology Co. Ltd Alpha Team Hao Chen, Guang Gong: 457 CVE-2016-8415, CVE-2016-8454, CVE-2016-8455, CVE-2016-8456, CVE-2016-8457, 458 CVE-2016-8465</li> 459 <li>Qihoo 360 IceSword Lab Jianqiang Zhao(<a href="https://twitter.com/jianqiangzhao">@jianqiangzhao</a>) <a href="http://weibo.com/jfpan">pjf</a>: CVE-2016-8475</li> 460 <li>Jon Sawyer(<a href="http://twitter.com/jcase">@jcase</a>) Sean Beaupre 461 (<a href="https://twitter.com/firewaterdevs">@firewaterdevs</a>): CVE-2016-8462</li> 462 <li>Jon Sawyer(<a href="http://twitter.com/jcase">@jcase</a>), Sean Beaupre(<a href="https://twitter.com/firewaterdevs">@firewaterdevs</a>), Ben Actis(<a href="https://twitter.com/ben_ra">@Ben_RA</a>): CVE-2016-8461</li> 463 <li><a href="http://c0reteam.org">C0RE Team</a> Mingjian Zhou(<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>), Yuqi Lu(<a href="https://twitter.com/nikos233__">@nikos233</a>), Chiachih Wu(<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>), Xuxian Jiang: CVE-2017-0383</li> 464 <li>Monk Avel: CVE-2017-0396, CVE-2017-0399</li> 465 <li>Trend Micro Peter Pi(<a href="https://twitter.com/heisecode">@heisecode</a>): CVE-2016-8469, CVE-2016-8424, CVE-2016-8428, CVE-2016-8429, 466 CVE-2016-8460, CVE-2016-8473, CVE-2016-8474</li> 467 <li>Tencent KeenLab() 468 Qidan He()(<a href="https://twitter.com/flanker_hqd">@flanker_hqd</a>): CVE-2017-0382</li> 469 <li>IBM Security X-Force Roee Hay, Michael Goberman: CVE-2016-8467</li> 470 <li>Trend Micro Mobile Threat Research Team 471 Seven Shen(<a href="https://twitter.com/lingtongshen">@lingtongshen</a>): CVE-2016-8466</li> 472 <li>Stephen Morrow: CVE-2017-0389</li> 473 <li>Mobile Threat Research Team, <a href="http://www.trendmicro.com">Trend Micro</a> 474 V.E.O(<a href="https://twitter.com/vysea">@VYSEa</a>):CVE-2017-0381</li> 475 <li>Alibaba Inc. Weichao Sun(<a href="https://twitter.com/sunblate">@sunblate</a>): 476 CVE-2017-0391</li> 477 <li><a href="http://c0reteam.org">C0RE Team</a> <a href="mailto:vancouverdou (a] gmail.com">Wenke Dou</a>, Chiachih Wu(<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>), Xuxian Jiang: CVE-2017-0402, CVE-2017-0398</li> 478 <li><a href="http://c0reteam.org">C0RE Team</a> <a href="mailto:vancouverdou (a] gmail.com">Wenke Dou</a>, <a href="mailto:arnow117 (a] gmail.com">Hanxiang Wen</a>, Chiachih Wu(<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>), Xuxian Jiang: CVE-2017-0400</li> 479 <li><a href="http://c0reteam.org">C0RE Team</a> <a href="mailto:vancouverdou (a] gmail.com">Wenke Dou</a>, <a href="mailto:hlhan (a] bupt.edu.cn">Hongli Han</a>, Chiachih Wu(<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>), Xuxian Jiang: CVE-2017-0384, CVE-2017-0385</li> 480 <li><a href="http://c0reteam.org">C0RE Team</a> <a href="mailto:vancouverdou (a] gmail.com">Wenke Dou</a>, Yuqi Lu(<a href="https://twitter.com/nikos233__">@nikos233</a>), Chiachih Wu(<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>), Xuxian Jiang: CVE-2017-0401</li> 481 <li><a href="http://c0reteam.org">C0RE Team</a> <a href="mailto:yaojun8558363 (a] gmail.com">Yao Jun</a>, <a href="mailto:computernik (a] gmail.com">Yuan-Tsung Lo</a>, Chiachih Wu(<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>), Xuxian Jiang: CVE-2016-8431, CVE-2016-8432, 482 CVE-2016-8435</li> 483 <li>Alibaba Inc. Yong Wang()(<a href="https://twitter.com/ThomasKing2014">@ThomasKing2014</a>), 484 Jun Cheng: CVE-2017-0404</li> 485 <li><a href="http://c0reteam.org">C0RE Team</a> <a href="mailto:computernik (a] gmail.com">Yuan-Tsung Lo</a>, <a href="mailto:segfault5514 (a] gmail.com">Tong Lin</a>, Chiachih Wu(<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>), Xuxian Jiang: CVE-2016-8425, CVE-2016-8426, 486 CVE-2016-8449</li> 487 <li><a href="http://c0reteam.org">C0RE Team</a> <a href="mailto:computernik (a] gmail.com">Yuan-Tsung Lo</a>, <a href="mailto:bigwyfone (a] gmail.com">Yanfeng Wang</a>, Chiachih Wu(<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>), Xuxian Jiang: CVE-2016-8430, CVE-2016-8482</li> 488 <li>Tencent Security Platform Department 489 Yuxiang Li(<a href="https://twitter.com/xbalien29">@Xbalien29</a>): CVE-2017-0395</li> 490 <li><a href="https://twitter.com/0xr0ot">Cheetah Mobile</a> Security Research Lab 491 Zhanpeng Zhao()(<a href="http://www.cmcm.com/">@0xr0ot</a>): 492 CVE-2016-8451</li> 493 </ul> 494 <p> 495 .</p> 496 <ul> 497 <li>Alibaba Mobile Security Group Baozeng Ding, Chengming Yang, Peng Xiao, Ning You, Yang Dong, Chao Yang, Yi Zhang, Yang Song</li> 498 <li>Trend Micro Peter Pi(<a href="https://twitter.com/heisecode">@heisecode</a>)</li> 499 <li>Google Zubin Mithra</li> 500 </ul> 501 502 <h2 id="2017-01-01-details">2017-01-01 503 </h2> 504 <p> 505 <a href="#2017-01-01-summary">2017-01-01 506 </a> 507 . 508 , CVE, 509 , , Google , 510 AOSP ( ), 511 . 512 AOSP ID 513 . 514 ID .</p> 515 516 517 <h3 id="rce-in-c-ares">c-ares </h3> 518 <p> 519 c-ares 520 521 . 522 . 523 </p> 524 525 <table> 526 <col width="18%"> 527 <col width="17%"> 528 <col width="10%"> 529 <col width="19%"> 530 <col width="18%"> 531 <col width="17%"> 532 <tr> 533 <th>CVE</th> 534 <th></th> 535 <th></th> 536 <th> Google </th> 537 <th> AOSP </th> 538 <th> </th> 539 </tr> 540 <tr> 541 <td>CVE-2016-5180</td> 542 <td><a href="https://android.googlesource.com/platform/external/c-ares/+/f4baf84f285bfbdebb89b2fef8a955720f00c677"> 543 A-32205736</a></td> 544 <td></td> 545 <td></td> 546 <td>7.0</td> 547 <td>2016 9 29</td> 548 </tr> 549 </table> 550 551 552 <h3 id="rce-vulnerability-in-framesequence">Framesequence 553 </h3> 554 <p> 555 Framesequence 556 557 . Framesequence 558 559 . 560 </p> 561 <table> 562 <col width="18%"> 563 <col width="17%"> 564 <col width="10%"> 565 <col width="19%"> 566 <col width="18%"> 567 <col width="17%"> 568 <tr> 569 <th>CVE</th> 570 <th></th> 571 <th></th> 572 <th> Google </th> 573 <th> AOSP </th> 574 <th> </th> 575 </tr> 576 <tr> 577 <td>CVE-2017-0382</td> 578 <td><a href="https://android.googlesource.com/platform/frameworks/ex/+/7f0e3dab5a892228d8dead7f0221cc9ae82474f7"> 579 A-32338390</a></td> 580 <td></td> 581 <td></td> 582 <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 583 <td>2016 10 21</td> 584 </tr> 585 </table> 586 <h3 id="eop-in-framework-apis"> API 587 </h3> 588 <p> 589 API 590 591 . 592 593 . 594 </p> 595 <table> 596 <col width="18%"> 597 <col width="17%"> 598 <col width="10%"> 599 <col width="19%"> 600 <col width="18%"> 601 <col width="17%"> 602 <tr> 603 <th>CVE</th> 604 <th></th> 605 <th></th> 606 <th> Google </th> 607 <th> AOSP </th> 608 <th> </th> 609 </tr> 610 <tr> 611 <td>CVE-2017-0383</td> 612 <td><a href="https://android.googlesource.com/platform/frameworks/native/+/e5753ba087fa59ee02f6026cc13b1ceb42a1f266"> 613 A-31677614</a></td> 614 <td></td> 615 <td></td> 616 <td>7.0, 7.1.1</td> 617 <td>2016 9 21</td> 618 </tr> 619 </table> 620 <h3 id="eop-in-audioserver"> 621 </h3> 622 <p> 623 624 625 . 626 627 . 628 </p> 629 <table> 630 <col width="18%"> 631 <col width="17%"> 632 <col width="10%"> 633 <col width="19%"> 634 <col width="18%"> 635 <col width="17%"> 636 <tr> 637 <th>CVE</th> 638 <th></th> 639 <th></th> 640 <th> Google </th> 641 <th> AOSP </th> 642 <th> </th> 643 </tr> 644 <tr> 645 <td>CVE-2017-0384</td> 646 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/321ea5257e37c8edb26e66fe4ee78cca4cd915fe"> 647 A-32095626</a></td> 648 <td></td> 649 <td></td> 650 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 651 <td>2016 10 11</td> 652 </tr> 653 <tr> 654 <td>CVE-2017-0385</td> 655 <td><a href="https://android.googlesource.com/platform/hardware/qcom/audio/+/ed79f2cc961d7d35fdbbafdd235c1436bcd74358"> 656 A-32585400</a></td> 657 <td></td> 658 <td></td> 659 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 660 <td>2016 10 11</td> 661 </tr> 662 </table> 663 <h3 id="eop-in-libnl">libnl 664 </h3> 665 <p> 666 libnl 667 668 . 669 670 . 671 </p> 672 <table> 673 <col width="18%"> 674 <col width="17%"> 675 <col width="10%"> 676 <col width="19%"> 677 <col width="18%"> 678 <col width="17%"> 679 <tr> 680 <th>CVE</th> 681 <th></th> 682 <th></th> 683 <th> Google </th> 684 <th> AOSP </th> 685 <th> </th> 686 </tr> 687 <tr> 688 <td>CVE-2017-0386</td> 689 <td><a href="https://android.googlesource.com/platform/external/libnl/+/f0b40192efd1af977564ed6335d42a8bbdaf650a"> 690 A-32255299</a></td> 691 <td></td> 692 <td></td> 693 <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 694 <td>2016 10 18</td> 695 </tr> 696 </table> 697 <h3 id="eop-in-mediaserver"> 698 </h3> 699 <p> 700 701 702 . 703 704 . 705 </p> 706 <table> 707 <col width="18%"> 708 <col width="17%"> 709 <col width="10%"> 710 <col width="19%"> 711 <col width="18%"> 712 <col width="17%"> 713 <tr> 714 <th>CVE</th> 715 <th></th> 716 <th></th> 717 <th> Google </th> 718 <th> AOSP </th> 719 <th> </th> 720 </tr> 721 <tr> 722 <td>CVE-2017-0387</td> 723 <td><a href="https://android.googlesource.com/platform/frameworks/native/+/675e212c8c6653825cc3352c603caf2e40b00f9f"> 724 A-32660278</a></td> 725 <td></td> 726 <td></td> 727 <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 728 <td>2016 11 4</td> 729 </tr> 730 </table> 731 <h3 id="id-in-external-storage-provider"> 732 </h3> 733 <p> 734 735 SD 736 . 737 . 738 </p> 739 <table> 740 <col width="18%"> 741 <col width="17%"> 742 <col width="10%"> 743 <col width="19%"> 744 <col width="18%"> 745 <col width="17%"> 746 <tr> 747 <th>CVE</th> 748 <th></th> 749 <th></th> 750 <th> Google </th> 751 <th> AOSP </th> 752 <th> </th> 753 </tr> 754 <tr> 755 <td>CVE-2017-0388</td> 756 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/47e62b7fe6807a274ba760a8fecfd624fe792da9"> 757 A-32523490</a></td> 758 <td></td> 759 <td></td> 760 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 761 <td>Google </td> 762 </tr> 763 </table> 764 <h3 id="dos-in-core-networking"> 765 (DoS) </h3> 766 <p> 767 768 . 769 . 770 </p> 771 <table> 772 <col width="18%"> 773 <col width="17%"> 774 <col width="10%"> 775 <col width="19%"> 776 <col width="18%"> 777 <col width="17%"> 778 <tr> 779 <th>CVE</th> 780 <th></th> 781 <th></th> 782 <th> Google </th> 783 <th> AOSP </th> 784 <th> </th> 785 </tr> 786 <tr> 787 <td>CVE-2017-0389</td> 788 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/a014b6be3c7c6fb5cf9352a05baf84fca7a133c7"> 789 A-31850211</a> 790 [<a href="https://android.googlesource.com/platform/frameworks/base/+/47e81a2596b00ee7aaca58716ff164a1708b0b29">2</a>] 791 [<a href="https://android.googlesource.com/platform/frameworks/base/+/006e0613016c1a0e0627f992f5a93a7b7198edba#">3</a>]</td> 792 <td></td> 793 <td></td> 794 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 795 <td>2016 7 20</td> 796 </tr> 797 </table> 798 <h3 id="dos-in-mediaserver"> 799 (DoS) </h3> 800 <p> 801 802 . 803 . 804 </p> 805 <table> 806 <col width="18%"> 807 <col width="17%"> 808 <col width="10%"> 809 <col width="19%"> 810 <col width="18%"> 811 <col width="17%"> 812 <tr> 813 <th>CVE</th> 814 <th></th> 815 <th></th> 816 <th> Google </th> 817 <th> AOSP </th> 818 <th> </th> 819 </tr> 820 <tr> 821 <td>CVE-2017-0390</td> 822 <td><a href="https://android.googlesource.com/platform/external/tremolo/+/5dc99237d49e73c27d3eca54f6ccd97d13f94de0"> 823 A-31647370</a></td> 824 <td></td> 825 <td></td> 826 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 827 <td>2016 9 19</td> 828 </tr> 829 <tr> 830 <td>CVE-2017-0391</td> 831 <td><a href="https://android.googlesource.com/platform/external/libhevc/+/a33f6725d7e9f92330f995ce2dcf4faa33f6433f"> 832 A-32322258</a></td> 833 <td></td> 834 <td></td> 835 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 836 <td>2016 10 20</td> 837 </tr> 838 <tr> 839 <td>CVE-2017-0392</td> 840 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/453b351ac5bd2b6619925dc966da60adf6b3126c"> 841 A-32577290</a></td> 842 <td></td> 843 <td></td> 844 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 845 <td>2016 10 29</td> 846 </tr> 847 <tr> 848 <td>CVE-2017-0393</td> 849 <td><a href="https://android.googlesource.com/platform/external/libvpx/+/6886e8e0a9db2dbad723dc37a548233e004b33bc"> 850 A-30436808</a></td> 851 <td></td> 852 <td></td> 853 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 854 <td>Google </td> 855 </tr> 856 </table> 857 <h3 id="dos-in-telephony"> 858 (DoS) </h3> 859 <p> 860 861 . 862 . 863 </p> 864 <table> 865 <col width="18%"> 866 <col width="17%"> 867 <col width="10%"> 868 <col width="19%"> 869 <col width="18%"> 870 <col width="17%"> 871 <tr> 872 <th>CVE</th> 873 <th></th> 874 <th></th> 875 <th> Google </th> 876 <th> AOSP </th> 877 <th> </th> 878 </tr> 879 <tr> 880 <td>CVE-2017-0394</td> 881 <td><a href="https://android.googlesource.com/platform/packages/services/Telephony/+/1cdced590675ce526c91c6f8983ceabb8038f58d"> 882 A-31752213</a></td> 883 <td></td> 884 <td></td> 885 <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 886 <td>2016 9 23</td> 887 </tr> 888 </table> 889 <h3 id="eop-in-contacts"> 890 </h3> 891 <p> 892 893 . 894 ( 895 ) 896 . 897 </p> 898 <table> 899 <col width="18%"> 900 <col width="17%"> 901 <col width="10%"> 902 <col width="19%"> 903 <col width="18%"> 904 <col width="17%"> 905 <tr> 906 <th>CVE</th> 907 <th></th> 908 <th></th> 909 <th> Google </th> 910 <th> AOSP </th> 911 <th> </th> 912 </tr> 913 <tr> 914 <td>CVE-2017-0395</td> 915 <td><a href="https://android.googlesource.com/platform/packages/apps/ContactsCommon/+/d47661ad82d402c1e0c90eb83970687d784add1b"> 916 A-32219099</a></td> 917 <td></td> 918 <td></td> 919 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 920 <td>2016 10 15</td> 921 </tr> 922 </table> 923 <h3 id="id-in-mediaserver"> 924 </h3> 925 <p> 926 927 . 928 929 . 930 </p> 931 <table> 932 <col width="18%"> 933 <col width="17%"> 934 <col width="10%"> 935 <col width="19%"> 936 <col width="18%"> 937 <col width="17%"> 938 <tr> 939 <th>CVE</th> 940 <th></th> 941 <th></th> 942 <th> Google </th> 943 <th> AOSP </th> 944 <th> </th> 945 </tr> 946 <tr> 947 <td>CVE-2017-0381</td> 948 <td><a href="https://android.googlesource.com/platform/external/libopus/+/0d052d64480a30e83fcdda80f4774624e044beb7"> 949 A-31607432</a></td> 950 <td></td> 951 <td></td> 952 <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 953 <td>2016 9 18</td> 954 </tr> 955 <tr> 956 <td>CVE-2017-0396</td> 957 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/557bd7bfe6c4895faee09e46fc9b5304a956c8b7"> 958 A-31781965</a></td> 959 <td></td> 960 <td></td> 961 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 962 <td>2016 9 27</td> 963 </tr> 964 <tr> 965 <td>CVE-2017-0397</td> 966 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/7a3246b870ddd11861eda2ab458b11d723c7f62c"> 967 A-32377688</a></td> 968 <td></td> 969 <td></td> 970 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 971 <td>2016 10 21</td> 972 </tr> 973 </table> 974 <h3 id="id-in-audioserver"> 975 </h3> 976 <p> 977 978 . 979 980 . 981 </p> 982 <table> 983 <col width="18%"> 984 <col width="17%"> 985 <col width="10%"> 986 <col width="19%"> 987 <col width="18%"> 988 <col width="17%"> 989 <tr> 990 <th>CVE</th> 991 <th></th> 992 <th></th> 993 <th> Google </th> 994 <th> AOSP </th> 995 <th> </th> 996 </tr> 997 <tr> 998 <td>CVE-2017-0398</td> 999 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/26965db50a617f69bdefca0d7533796c80374f2c"> 1000 A-32438594</a></td> 1001 <td></td> 1002 <td></td> 1003 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 1004 <td>2016 10 25</td> 1005 </tr> 1006 <tr> 1007 <td>CVE-2017-0398</td> 1008 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/26965db50a617f69bdefca0d7533796c80374f2c"> 1009 A-32635664</a></td> 1010 <td></td> 1011 <td></td> 1012 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 1013 <td>2016 10 25</td> 1014 </tr> 1015 <tr> 1016 <td>CVE-2017-0398</td> 1017 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/26965db50a617f69bdefca0d7533796c80374f2c"> 1018 A-32624850</a></td> 1019 <td></td> 1020 <td></td> 1021 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 1022 <td>2016 10 25</td> 1023 </tr> 1024 <tr> 1025 <td>CVE-2017-0399</td> 1026 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/c66c43ad571ed2590dcd55a762c73c90d9744bac"> 1027 A-32247948</a> 1028 [<a href="https://android.googlesource.com/platform/hardware/qcom/audio/+/d72ea85c78a1a68bf99fd5804ad9784b4102fe57">2</a>]</td> 1029 <td></td> 1030 <td></td> 1031 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 1032 <td>2016 10 18</td> 1033 </tr> 1034 <tr> 1035 <td>CVE-2017-0400</td> 1036 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/c66c43ad571ed2590dcd55a762c73c90d9744bac"> 1037 A-32584034</a> 1038 [<a href="https://android.googlesource.com/platform/hardware/qcom/audio/+/d72ea85c78a1a68bf99fd5804ad9784b4102fe57">2</a>]</td> 1039 <td></td> 1040 <td></td> 1041 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 1042 <td>2016 10 25</td> 1043 </tr> 1044 <tr> 1045 <td>CVE-2017-0401</td> 1046 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/321ea5257e37c8edb26e66fe4ee78cca4cd915fe"> 1047 A-32448258</a></td> 1048 <td></td> 1049 <td></td> 1050 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 1051 <td>2016 10 26</td> 1052 </tr> 1053 <tr> 1054 <td>CVE-2017-0402</td> 1055 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/c66c43ad571ed2590dcd55a762c73c90d9744bac"> 1056 A-32436341</a> 1057 [<a href="https://android.googlesource.com/platform/hardware/qcom/audio/+/d72ea85c78a1a68bf99fd5804ad9784b4102fe57">2</a>]</td> 1058 <td></td> 1059 <td></td> 1060 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 1061 <td>2016 10 25</td> 1062 </tr> 1063 </table> 1064 1065 <h2 id="2017-01-05-details">2017-01-05 1066 </h2> 1067 <p> 1068 1069 <a href="#2017-01-05-summary">2017-01-05 1070 </a> 1071 . , 1072 CVE, , , Google , 1073 AOSP ( ), . 1074 AOSP ID 1075 . 1076 ID .</p> 1077 1078 1079 <h3 id="eop-in-kernel-memory-subsystem"> 1080 </h3> 1081 <p> 1082 1083 1084 . 1085 , 1086 . 1087 </p> 1088 1089 <table> 1090 <col width="19%"> 1091 <col width="20%"> 1092 <col width="10%"> 1093 <col width="23%"> 1094 <col width="17%"> 1095 <tr> 1096 <th>CVE</th> 1097 <th></th> 1098 <th></th> 1099 <th> Google </th> 1100 <th> </th> 1101 </tr> 1102 <tr> 1103 <td>CVE-2015-3288</td> 1104 <td>A-32460277<br> 1105 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6b7339f4c31ad69c8e9c0b2859276e22cf72176d"> 1106 </a></td> 1107 <td></td> 1108 <td>Nexus 5X, Nexus 6, Nexus 6P, Android One, Pixel C, Nexus Player, Pixel, 1109 Pixel XL</td> 1110 <td>2016 7 9</td> 1111 </tr> 1112 </table> 1113 1114 1115 <h3 id="eop-in-qualcomm-bootloader">Qualcomm 1116 </h3> 1117 <p> 1118 Qualcomm 1119 1120 . 1121 , 1122 . 1123 </p> 1124 1125 <table> 1126 <col width="19%"> 1127 <col width="20%"> 1128 <col width="10%"> 1129 <col width="23%"> 1130 <col width="17%"> 1131 <tr> 1132 <th>CVE</th> 1133 <th></th> 1134 <th></th> 1135 <th> Google </th> 1136 <th> </th> 1137 </tr> 1138 <tr> 1139 <td>CVE-2016-8422</td> 1140 <td>A-31471220<br> 1141 <a href="https://source.codeaurora.org/quic/la//kernel/lk/commit/?id=d6639f0a77f8ebfc1e05f3acdf12d5588e7e6213"> 1142 QC-CR#979426</a></td> 1143 <td></td> 1144 <td>Nexus 6, Nexus 6P, Pixel, Pixel XL</td> 1145 <td>2016 7 22</td> 1146 </tr> 1147 <tr> 1148 <td>CVE-2016-8423</td> 1149 <td>A-31399736<br> 1150 <a href="https://source.codeaurora.org/quic/la//kernel/lk/commit/?id=98db6cc526fa1677da05d54785937540cdc84867"> 1151 QC-CR#1000546</a></td> 1152 <td></td> 1153 <td>Nexus 6P, Pixel, Pixel XL</td> 1154 <td>2016 8 24</td> 1155 </tr> 1156 </table> 1157 1158 1159 <h3 id="eop-in-kernel-file-system"> 1160 </h3> 1161 <p> 1162 1163 1164 . 1165 , 1166 . 1167 </p> 1168 1169 <table> 1170 <col width="19%"> 1171 <col width="20%"> 1172 <col width="10%"> 1173 <col width="23%"> 1174 <col width="17%"> 1175 <tr> 1176 <th>CVE</th> 1177 <th></th> 1178 <th></th> 1179 <th> Google </th> 1180 <th> </th> 1181 </tr> 1182 <tr> 1183 <td>CVE-2015-5706</td> 1184 <td>A-32289301<br> 1185 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f15133df088ecadd141ea1907f2c96df67c729f0"> 1186 </a></td> 1187 <td></td> 1188 <td>*</td> 1189 <td>2016 8 1</td> 1190 </tr> 1191 </table> 1192 <p> 1193 * Android 7.0 Google 1194 . 1195 </p> 1196 1197 1198 <h3 id="eop-in-nvidia-gpu-driver">NVIDIA GPU 1199 </h3> 1200 <p> 1201 NVIDIA GPU 1202 1203 . 1204 , 1205 . 1206 </p> 1207 1208 <table> 1209 <col width="19%"> 1210 <col width="20%"> 1211 <col width="10%"> 1212 <col width="23%"> 1213 <col width="17%"> 1214 <tr> 1215 <th>CVE</th> 1216 <th></th> 1217 <th></th> 1218 <th> Google </th> 1219 <th> </th> 1220 </tr> 1221 <tr> 1222 <td>CVE-2016-8424</td> 1223 <td>A-31606947*<br> 1224 N-CVE-2016-8424</td> 1225 <td></td> 1226 <td>Nexus 9</td> 1227 <td>2016 9 17</td> 1228 </tr> 1229 <tr> 1230 <td>CVE-2016-8425</td> 1231 <td>A-31797770*<br> 1232 N-CVE-2016-8425</td> 1233 <td></td> 1234 <td>Nexus 9</td> 1235 <td>2016 9 28</td> 1236 </tr> 1237 <tr> 1238 <td>CVE-2016-8426</td> 1239 <td>A-31799206*<br> 1240 N-CVE-2016-8426</td> 1241 <td></td> 1242 <td>Nexus 9</td> 1243 <td>2016 9 28</td> 1244 </tr> 1245 <tr> 1246 <td>CVE-2016-8482</td> 1247 <td>A-31799863*<br> 1248 N-CVE-2016-8482</td> 1249 <td></td> 1250 <td>Nexus 9</td> 1251 <td>2016 9 28</td> 1252 </tr> 1253 <tr> 1254 <td>CVE-2016-8427</td> 1255 <td>A-31799885*<br> 1256 N-CVE-2016-8427</td> 1257 <td></td> 1258 <td>Nexus 9</td> 1259 <td>2016 9 28</td> 1260 </tr> 1261 <tr> 1262 <td>CVE-2016-8428</td> 1263 <td>A-31993456*<br> 1264 N-CVE-2016-8428</td> 1265 <td></td> 1266 <td>Nexus 9</td> 1267 <td>2016 10 6</td> 1268 </tr> 1269 <tr> 1270 <td>CVE-2016-8429</td> 1271 <td>A-32160775*<br> 1272 N-CVE-2016-8429</td> 1273 <td></td> 1274 <td>Nexus 9</td> 1275 <td>2016 10 13</td> 1276 </tr> 1277 <tr> 1278 <td>CVE-2016-8430</td> 1279 <td>A-32225180*<br> 1280 N-CVE-2016-8430</td> 1281 <td></td> 1282 <td>Nexus 9</td> 1283 <td>2016 10 17</td> 1284 </tr> 1285 <tr> 1286 <td>CVE-2016-8431</td> 1287 <td>A-32402179*<br> 1288 N-CVE-2016-8431</td> 1289 <td></td> 1290 <td>Pixel C</td> 1291 <td>2016 10 25</td> 1292 </tr> 1293 <tr> 1294 <td>CVE-2016-8432</td> 1295 <td>A-32447738*<br> 1296 N-CVE-2016-8432</td> 1297 <td></td> 1298 <td>Pixel C</td> 1299 <td>2016 10 26</td> 1300 </tr> 1301 </table> 1302 <p> 1303 * . 1304 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1305 . 1306 </p> 1307 1308 1309 <h3 id="eop-in-mediatek-driver">MediaTek 1310 </h3> 1311 <p> 1312 MediaTek 1313 1314 . 1315 , 1316 . 1317 </p> 1318 1319 <table> 1320 <col width="19%"> 1321 <col width="20%"> 1322 <col width="10%"> 1323 <col width="23%"> 1324 <col width="17%"> 1325 <tr> 1326 <th>CVE</th> 1327 <th></th> 1328 <th></th> 1329 <th> Google </th> 1330 <th> </th> 1331 </tr> 1332 <tr> 1333 <td>CVE-2016-8433</td> 1334 <td>A-31750190*<br> 1335 MT-ALPS02974192</td> 1336 <td></td> 1337 <td>**</td> 1338 <td>2016 9 24</td> 1339 </tr> 1340 </table> 1341 <p> 1342 * . 1343 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1344 . 1345 </p> 1346 <p> 1347 ** Android 7.0 Google 1348 . 1349 </p> 1350 1351 1352 <h3 id="eop-in-qualcomm-gpu-driver">Qualcomm GPU 1353 </h3> 1354 <p> 1355 Qualcomm GPU 1356 1357 . 1358 , 1359 . 1360 </p> 1361 1362 <table> 1363 <col width="19%"> 1364 <col width="20%"> 1365 <col width="10%"> 1366 <col width="23%"> 1367 <col width="17%"> 1368 <tr> 1369 <th>CVE</th> 1370 <th></th> 1371 <th></th> 1372 <th> Google </th> 1373 <th> </th> 1374 </tr> 1375 <tr> 1376 <td>CVE-2016-8434</td> 1377 <td>A-32125137<br> 1378 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.14/commit/?id=3e3866a5fced40ccf9ca442675cf915961efe4d9"> 1379 QC-CR#1081855</a></td> 1380 <td></td> 1381 <td>Nexus 5X, Nexus 6, Nexus 6P, Android One</td> 1382 <td>2016 10 12</td> 1383 </tr> 1384 </table> 1385 1386 1387 <h3 id="eop-in-nvidia-gpu-driver-2">NVIDIA GPU 1388 </h3> 1389 <p> 1390 NVIDIA GPU 1391 1392 . 1393 , 1394 . 1395 </p> 1396 1397 <table> 1398 <col width="19%"> 1399 <col width="20%"> 1400 <col width="10%"> 1401 <col width="23%"> 1402 <col width="17%"> 1403 <tr> 1404 <th>CVE</th> 1405 <th></th> 1406 <th></th> 1407 <th> Google </th> 1408 <th> </th> 1409 </tr> 1410 <tr> 1411 <td>CVE-2016-8435</td> 1412 <td>A-32700935*<br> 1413 N-CVE-2016-8435</td> 1414 <td></td> 1415 <td>Pixel C</td> 1416 <td>2015 11 7</td> 1417 </tr> 1418 </table> 1419 <p> 1420 * . 1421 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1422 1423 . 1424 </p> 1425 1426 1427 <h3 id="eop-in-qualcomm-video-driver">Qualcomm 1428 </h3> 1429 <p> 1430 Qualcomm 1431 1432 . 1433 , 1434 . 1435 </p> 1436 1437 <table> 1438 <col width="19%"> 1439 <col width="20%"> 1440 <col width="10%"> 1441 <col width="23%"> 1442 <col width="17%"> 1443 <tr> 1444 <th>CVE</th> 1445 <th></th> 1446 <th></th> 1447 <th> Google </th> 1448 <th> </th> 1449 </tr> 1450 <tr> 1451 <td>CVE-2016-8436</td> 1452 <td>A-32450261<br> 1453 <a href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=228e8d17b9f5d22cf9896ab8eff88dc6737c2ced"> 1454 QC-CR#1007860</a></td> 1455 <td></td> 1456 <td>*</td> 1457 <td>2016 10 13</td> 1458 </tr> 1459 </table> 1460 <p> 1461 * Android 7.0 Google 1462 . 1463 </p> 1464 1465 1466 <h3 id="vulnerabilities-in-qualcomm-components">Qualcomm 1467 </h3> 1468 <p> 1469 Qualcomm Qualcomm AMSS 2015 11, 2016 8, 2016 9, 2016 10 . 1470 </p> 1471 1472 <table> 1473 <col width="19%"> 1474 <col width="20%"> 1475 <col width="10%"> 1476 <col width="23%"> 1477 <col width="17%"> 1478 <tr> 1479 <th>CVE</th> 1480 <th></th> 1481 <th>*</th> 1482 <th> Google </th> 1483 <th> </th> 1484 </tr> 1485 <tr> 1486 <td>CVE-2016-8438</td> 1487 <td>A-31624565**</td> 1488 <td></td> 1489 <td>***</td> 1490 <td>Qualcomm </td> 1491 </tr> 1492 <tr> 1493 <td>CVE-2016-8442</td> 1494 <td>A-31625910**</td> 1495 <td></td> 1496 <td>***</td> 1497 <td>Qualcomm </td> 1498 </tr> 1499 <tr> 1500 <td>CVE-2016-8443</td> 1501 <td>A-32576499**</td> 1502 <td></td> 1503 <td>***</td> 1504 <td>Qualcomm </td> 1505 </tr> 1506 <tr> 1507 <td>CVE-2016-8437</td> 1508 <td>A-31623057**</td> 1509 <td></td> 1510 <td>***</td> 1511 <td>Qualcomm </td> 1512 </tr> 1513 <tr> 1514 <td>CVE-2016-8439</td> 1515 <td>A-31625204**</td> 1516 <td></td> 1517 <td>***</td> 1518 <td>Qualcomm </td> 1519 </tr> 1520 <tr> 1521 <td>CVE-2016-8440</td> 1522 <td>A-31625306**</td> 1523 <td></td> 1524 <td>***</td> 1525 <td>Qualcomm </td> 1526 </tr> 1527 <tr> 1528 <td>CVE-2016-8441</td> 1529 <td>A-31625904**</td> 1530 <td></td> 1531 <td>***</td> 1532 <td>Qualcomm </td> 1533 </tr> 1534 <tr> 1535 <td>CVE-2016-8398</td> 1536 <td>A-31548486**</td> 1537 <td></td> 1538 <td>Nexus 5X, Nexus 6, Nexus 6P, Android One</td> 1539 <td>Qualcomm </td> 1540 </tr> 1541 <tr> 1542 <td>CVE-2016-8459</td> 1543 <td>A-32577972**</td> 1544 <td></td> 1545 <td>***</td> 1546 <td>Qualcomm </td> 1547 </tr> 1548 <tr> 1549 <td>CVE-2016-5080</td> 1550 <td>A-31115235**</td> 1551 <td></td> 1552 <td>Nexus 5X</td> 1553 <td>Qualcomm </td> 1554 </tr> 1555 </table> 1556 <p> 1557 * . 1558 </p> 1559 <p> 1560 ** . 1561 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1562 1563 . 1564 </p> 1565 <p> 1566 *** Android 7.0 Google 1567 . 1568 </p> 1569 1570 1571 <h3 id="eop-in-qualcomm-camera">Qualcomm 1572 </h3> 1573 <p> 1574 Qualcomm 1575 1576 . 1577 . 1578 </p> 1579 1580 <table> 1581 <col width="19%"> 1582 <col width="20%"> 1583 <col width="10%"> 1584 <col width="23%"> 1585 <col width="17%"> 1586 <tr> 1587 <th>CVE</th> 1588 <th></th> 1589 <th></th> 1590 <th> Google </th> 1591 <th> </th> 1592 </tr> 1593 <tr> 1594 <td>CVE-2016-8412</td> 1595 <td>A-31225246<br> 1596 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=42a98c44669d92dafcf4d6336bdccaeb2db12786"> 1597 QC-CR#1071891</a></td> 1598 <td></td> 1599 <td>Nexus 5X, Nexus 6, Nexus 6P, Android One, Pixel, Pixel XL</td> 1600 <td>2016 8 26</td> 1601 </tr> 1602 <tr> 1603 <td>CVE-2016-8444</td> 1604 <td>A-31243641*<br> 1605 QC-CR#1074310</td> 1606 <td></td> 1607 <td>Nexus 5X, Nexus 6, Nexus 6P</td> 1608 <td>2016 8 26</td> 1609 </tr> 1610 </table> 1611 <p> 1612 * . 1613 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1614 1615 . 1616 </p> 1617 1618 1619 <h3 id="eop-in-mediatek-components">MediaTek 1620 </h3> 1621 <p> 1622 MediaTek 1623 1624 . 1625 1626 . 1627 </p> 1628 1629 <table> 1630 <col width="19%"> 1631 <col width="20%"> 1632 <col width="10%"> 1633 <col width="23%"> 1634 <col width="17%"> 1635 <tr> 1636 <th>CVE</th> 1637 <th></th> 1638 <th></th> 1639 <th> Google </th> 1640 <th> </th> 1641 </tr> 1642 <tr> 1643 <td>CVE-2016-8445</td> 1644 <td>A-31747590*<br> 1645 MT-ALPS02968983</td> 1646 <td></td> 1647 <td>**</td> 1648 <td>2016 9 25</td> 1649 </tr> 1650 <tr> 1651 <td>CVE-2016-8446</td> 1652 <td>A-31747749*<br> 1653 MT-ALPS02968909</td> 1654 <td></td> 1655 <td>**</td> 1656 <td>2016 9 25</td> 1657 </tr> 1658 <tr> 1659 <td>CVE-2016-8447</td> 1660 <td>A-31749463*<br> 1661 MT-ALPS02968886</td> 1662 <td></td> 1663 <td>**</td> 1664 <td>2016 9 25</td> 1665 </tr> 1666 <tr> 1667 <td>CVE-2016-8448</td> 1668 <td>A-31791148*<br> 1669 MT-ALPS02982181</td> 1670 <td></td> 1671 <td>**</td> 1672 <td>2016 9 28</td> 1673 </tr> 1674 </table> 1675 <p> 1676 * . 1677 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1678 1679 . 1680 </p> 1681 <p> 1682 ** Android 7.0 Google 1683 . 1684 </p> 1685 1686 1687 <h3 id="eop-in-qualcomm-wi-fi-driver">Qualcomm Wi-Fi 1688 </h3> 1689 <p> 1690 Qualcomm Wi-Fi 1691 1692 . 1693 . 1694 </p> 1695 1696 <table> 1697 <col width="19%"> 1698 <col width="20%"> 1699 <col width="10%"> 1700 <col width="23%"> 1701 <col width="17%"> 1702 <tr> 1703 <th>CVE</th> 1704 <th></th> 1705 <th></th> 1706 <th> Google </th> 1707 <th> </th> 1708 </tr> 1709 <tr> 1710 <td>CVE-2016-8415</td> 1711 <td>A-31750554<br> 1712 <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=188e12a816508b11771f362c852782ec9a6f9394"> 1713 QC-CR#1079596</a></td> 1714 <td></td> 1715 <td>Nexus 5X, Pixel, Pixel XL</td> 1716 <td>2016 9 26</td> 1717 </tr> 1718 </table> 1719 1720 1721 <h3 id="eop-in-nvidia-gpu-driver-3">NVIDIA GPU 1722 </h3> 1723 <p> 1724 NVIDIA GPU 1725 1726 . 1727 . 1728 </p> 1729 1730 <table> 1731 <col width="19%"> 1732 <col width="20%"> 1733 <col width="10%"> 1734 <col width="23%"> 1735 <col width="17%"> 1736 <tr> 1737 <th>CVE</th> 1738 <th></th> 1739 <th></th> 1740 <th> Google </th> 1741 <th> </th> 1742 </tr> 1743 <tr> 1744 <td>CVE-2016-8449</td> 1745 <td>A-31798848*<br> 1746 N-CVE-2016-8449</td> 1747 <td></td> 1748 <td>Nexus 9</td> 1749 <td>2016 9 28</td> 1750 </tr> 1751 </table> 1752 <p> 1753 * . 1754 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1755 1756 . 1757 </p> 1758 1759 1760 <h3 id="eop-in-qualcomm-sound-driver">Qualcomm 1761 </h3> 1762 <p> 1763 Qualcomm 1764 1765 . 1766 . 1767 </p> 1768 1769 <table> 1770 <col width="19%"> 1771 <col width="20%"> 1772 <col width="10%"> 1773 <col width="23%"> 1774 <col width="17%"> 1775 <tr> 1776 <th>CVE</th> 1777 <th></th> 1778 <th></th> 1779 <th> Google </th> 1780 <th> </th> 1781 </tr> 1782 <tr> 1783 <td>CVE-2016-8450</td> 1784 <td>A-32450563<br> 1785 <a href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=e909d159ad1998ada853ed35be27c7b6ba241bdb"> 1786 QC-CR#880388</a></td> 1787 <td></td> 1788 <td>Nexus 5X, Nexus 6, Nexus 6P, Android One</td> 1789 <td>2016 10 13</td> 1790 </tr> 1791 </table> 1792 1793 1794 <h3 id="eop-in-synaptics-touchscreen-driver">Synaptics 1795 </h3> 1796 <p> 1797 Synaptics 1798 1799 . 1800 . 1801 </p> 1802 1803 <table> 1804 <col width="19%"> 1805 <col width="20%"> 1806 <col width="10%"> 1807 <col width="23%"> 1808 <col width="17%"> 1809 <tr> 1810 <th>CVE</th> 1811 <th></th> 1812 <th></th> 1813 <th> Google </th> 1814 <th> </th> 1815 </tr> 1816 <tr> 1817 <td>CVE-2016-8451</td> 1818 <td>A-32178033*</td> 1819 <td></td> 1820 <td>**</td> 1821 <td>2016 10 13</td> 1822 </tr> 1823 </table> 1824 <p> 1825 * . 1826 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1827 1828 . 1829 </p> 1830 <p> 1831 ** Android 7.0 Google 1832 . 1833 </p> 1834 1835 1836 <h3 id="eop-in-kernel-security-subsystem"> 1837 </h3> 1838 <p> 1839 1840 1841 . 1842 . 1843 </p> 1844 1845 <table> 1846 <col width="19%"> 1847 <col width="20%"> 1848 <col width="10%"> 1849 <col width="23%"> 1850 <col width="17%"> 1851 <tr> 1852 <th>CVE</th> 1853 <th></th> 1854 <th></th> 1855 <th> Google </th> 1856 <th> </th> 1857 </tr> 1858 <tr> 1859 <td>CVE-2016-7042</td> 1860 <td>A-32178986<br> 1861 <a href="http://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=03dab869b7b239c4e013ec82aea22e181e441cfc"> 1862 </a></td> 1863 <td></td> 1864 <td>Pixel C</td> 1865 <td>2016 10 14</td> 1866 </tr> 1867 </table> 1868 1869 1870 <h3 id="eop-in-kernel-performance-subsystem"> 1871 </h3> 1872 <p> 1873 1874 . 1875 . 1876 </p> 1877 1878 <table> 1879 <col width="19%"> 1880 <col width="20%"> 1881 <col width="10%"> 1882 <col width="23%"> 1883 <col width="17%"> 1884 <tr> 1885 <th>CVE</th> 1886 <th></th> 1887 <th></th> 1888 <th> Google </th> 1889 <th> </th> 1890 </tr> 1891 <tr> 1892 <td>CVE-2017-0403</td> 1893 <td>A-32402548*</td> 1894 <td></td> 1895 <td>Nexus 5X, Nexus 6, Nexus 6P, Nexus 9, Android One, Pixel C, Nexus 1896 Player, Pixel, Pixel XL</td> 1897 <td>2016 10 25</td> 1898 </tr> 1899 </table> 1900 <p> 1901 * . 1902 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1903 1904 . 1905 </p> 1906 1907 1908 <h3 id="eop-in-kernel-sound-subsystem"> 1909 </h3> 1910 <p> 1911 1912 1913 . 1914 . 1915 </p> 1916 1917 <table> 1918 <col width="19%"> 1919 <col width="20%"> 1920 <col width="10%"> 1921 <col width="23%"> 1922 <col width="17%"> 1923 <tr> 1924 <th>CVE</th> 1925 <th></th> 1926 <th></th> 1927 <th> Google </th> 1928 <th> </th> 1929 </tr> 1930 <tr> 1931 <td>CVE-2017-0404</td> 1932 <td>A-32510733*</td> 1933 <td></td> 1934 <td>Nexus 5X, Nexus 6P, Nexus 9, Pixel C, Nexus Player, Pixel, Pixel 1935 XL</td> 1936 <td>2016 10 27</td> 1937 </tr> 1938 </table> 1939 <p> 1940 * . 1941 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1942 1943 . 1944 </p> 1945 1946 1947 <h3 id="eop-in-qualcomm-wi-fi-driver-2">Qualcomm Wi-Fi 1948 </h3> 1949 <p> 1950 Qualcomm Wi-Fi 1951 1952 . 1953 . 1954 </p> 1955 1956 <table> 1957 <col width="19%"> 1958 <col width="20%"> 1959 <col width="10%"> 1960 <col width="23%"> 1961 <col width="17%"> 1962 <tr> 1963 <th>CVE</th> 1964 <th></th> 1965 <th></th> 1966 <th> Google </th> 1967 <th> </th> 1968 </tr> 1969 <tr> 1970 <td>CVE-2016-8452</td> 1971 <td>A-32506396<br> 1972 <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=39fa8e972fa1b10dc68a066f4f9432753d8a2526"> 1973 QC-CR#1050323</a></td> 1974 <td></td> 1975 <td>Nexus 5X, Android One, Pixel, Pixel XL</td> 1976 <td>2016 10 28</td> 1977 </tr> 1978 </table> 1979 1980 1981 <h3 id="eop-in-qualcomm-radio-driver">Qualcomm 1982 </h3> 1983 <p> 1984 Qualcomm 1985 1986 . 1987 . 1988 </p> 1989 1990 <table> 1991 <col width="19%"> 1992 <col width="20%"> 1993 <col width="10%"> 1994 <col width="23%"> 1995 <col width="17%"> 1996 <tr> 1997 <th>CVE</th> 1998 <th></th> 1999 <th></th> 2000 <th> Google </th> 2001 <th> </th> 2002 </tr> 2003 <tr> 2004 <td>CVE-2016-5345</td> 2005 <td>A-32639452<br> 2006 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=67118716a2933f6f30a25ea7e3946569a8b191c6"> 2007 QC-CR#1079713</a></td> 2008 <td></td> 2009 <td>Android One</td> 2010 <td>2016 11 3</td> 2011 </tr> 2012 </table> 2013 2014 2015 <h3 id="eop-in-kernel-profiling-subsystem"> 2016 </h3> 2017 <p> 2018 2019 2020 . 2021 . 2022 </p> 2023 2024 <table> 2025 <col width="19%"> 2026 <col width="20%"> 2027 <col width="10%"> 2028 <col width="23%"> 2029 <col width="17%"> 2030 <tr> 2031 <th>CVE</th> 2032 <th></th> 2033 <th></th> 2034 <th> Google </th> 2035 <th> </th> 2036 </tr> 2037 <tr> 2038 <td>CVE-2016-9754</td> 2039 <td>A-32659848<br> 2040 <a href="http://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=59643d1535eb220668692a5359de22545af579f6"> 2041 </a></td> 2042 <td></td> 2043 <td>Nexus 5X, Nexus 6, Nexus 6P, Nexus 9, Android One, Pixel C, Nexus 2044 Player</td> 2045 <td>2016 11 4</td> 2046 </tr> 2047 </table> 2048 2049 2050 <h3 id="eop-in-broadcom-wi-fi-driver">Broadcom Wi-Fi 2051 </h3> 2052 <p> 2053 Broadcom Wi-Fi 2054 2055 . 2056 . 2057 </p> 2058 2059 <table> 2060 <col width="19%"> 2061 <col width="20%"> 2062 <col width="10%"> 2063 <col width="23%"> 2064 <col width="17%"> 2065 <tr> 2066 <th>CVE</th> 2067 <th></th> 2068 <th></th> 2069 <th> Google </th> 2070 <th> </th> 2071 </tr> 2072 <tr> 2073 <td>CVE-2016-8453 2074 </td> 2075 <td>A-24739315*<br> 2076 B-RB#73392</td> 2077 <td></td> 2078 <td>Nexus 6</td> 2079 <td>Google </td> 2080 </tr> 2081 <tr> 2082 <td>CVE-2016-8454</td> 2083 <td>A-32174590*<br> 2084 B-RB#107142</td> 2085 <td></td> 2086 <td>Nexus 6, Nexus 6P, Nexus 9, Pixel C, Nexus Player</td> 2087 <td>2016 10 14</td> 2088 </tr> 2089 <tr> 2090 <td>CVE-2016-8455</td> 2091 <td>A-32219121*<br> 2092 B-RB#106311</td> 2093 <td></td> 2094 <td>Nexus 6P</td> 2095 <td>2016 10 15</td> 2096 </tr> 2097 <tr> 2098 <td>CVE-2016-8456</td> 2099 <td>A-32219255*<br> 2100 B-RB#105580</td> 2101 <td></td> 2102 <td>Nexus 6, Nexus 6P, Nexus 9, Pixel C, Nexus Player</td> 2103 <td>2016 10 15</td> 2104 </tr> 2105 <tr> 2106 <td>CVE-2016-8457</td> 2107 <td>A-32219453*<br> 2108 B-RB#106116</td> 2109 <td></td> 2110 <td>Nexus 6, Nexus 6P, Nexus 9, Pixel C</td> 2111 <td>2016 10 15</td> 2112 </tr> 2113 </table> 2114 <p> 2115 * . 2116 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 2117 2118 . 2119 </p> 2120 2121 2122 <h3 id="eop-in-synaptics-touchscreen-driver-2">Synaptics 2123 </h3> 2124 <p> 2125 Synaptics 2126 2127 . 2128 . 2129 </p> 2130 2131 <table> 2132 <col width="19%"> 2133 <col width="20%"> 2134 <col width="10%"> 2135 <col width="23%"> 2136 <col width="17%"> 2137 <tr> 2138 <th>CVE</th> 2139 <th></th> 2140 <th></th> 2141 <th> Google </th> 2142 <th> </th> 2143 </tr> 2144 <tr> 2145 <td>CVE-2016-8458</td> 2146 <td>A-31968442*</td> 2147 <td></td> 2148 <td>Nexus 5X, Nexus 6P, Nexus 9, Android One, Pixel, Pixel XL</td> 2149 <td>Google </td> 2150 </tr> 2151 </table> 2152 <p> 2153 * . 2154 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 2155 2156 . 2157 </p> 2158 2159 2160 <h3 id="id-in-nvidia-video-driver">NVIDIA 2161 </h3> 2162 <p> 2163 NVIDIA 2164 . 2165 2166 . 2167 </p> 2168 2169 <table> 2170 <col width="19%"> 2171 <col width="20%"> 2172 <col width="10%"> 2173 <col width="23%"> 2174 <col width="17%"> 2175 <tr> 2176 <th>CVE</th> 2177 <th></th> 2178 <th></th> 2179 <th> Google </th> 2180 <th> </th> 2181 </tr> 2182 <tr> 2183 <td>CVE-2016-8460</td> 2184 <td>A-31668540*<br> 2185 N-CVE-2016-8460</td> 2186 <td></td> 2187 <td>Nexus 9</td> 2188 <td>2016 9 21</td> 2189 </tr> 2190 </table> 2191 <p> 2192 * . 2193 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 2194 2195 . 2196 </p> 2197 2198 2199 <h3 id="id-in-bootloader"> 2200 </h3> 2201 <p> 2202 2203 . 2204 . 2205 </p> 2206 2207 <table> 2208 <col width="19%"> 2209 <col width="20%"> 2210 <col width="10%"> 2211 <col width="23%"> 2212 <col width="17%"> 2213 <tr> 2214 <th>CVE</th> 2215 <th></th> 2216 <th></th> 2217 <th> Google </th> 2218 <th> </th> 2219 </tr> 2220 <tr> 2221 <td>CVE-2016-8461</td> 2222 <td>A-32369621*</td> 2223 <td></td> 2224 <td>Nexus 9, Pixel, Pixel XL</td> 2225 <td>2016 10 21</td> 2226 </tr> 2227 <tr> 2228 <td>CVE-2016-8462</td> 2229 <td>A-32510383*</td> 2230 <td></td> 2231 <td>Pixel, Pixel XL</td> 2232 <td>2016 10 27</td> 2233 </tr> 2234 </table> 2235 <p> 2236 * . 2237 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 2238 2239 . 2240 </p> 2241 2242 2243 <h3 id="dos-in-qualcomm-fuse-file-system">Qualcomm FUSE 2244 (DoS) </h3> 2245 <p> 2246 Qualcomm FUSE 2247 2248 . 2249 . 2250 </p> 2251 2252 <table> 2253 <col width="19%"> 2254 <col width="20%"> 2255 <col width="10%"> 2256 <col width="23%"> 2257 <col width="17%"> 2258 <tr> 2259 <th>CVE</th> 2260 <th></th> 2261 <th></th> 2262 <th> Google </th> 2263 <th> </th> 2264 </tr> 2265 <tr> 2266 <td>CVE-2016-8463</td> 2267 <td>A-30786860<br> 2268 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=cd0fa86de6ca1d40c0a93d86d1c0f7846e8a9a10"> 2269 QC-CR#586855</a></td> 2270 <td></td> 2271 <td>*</td> 2272 <td>2014 1 3</td> 2273 </tr> 2274 </table> 2275 <p> 2276 * Android 7.0 Google 2277 . 2278 </p> 2279 2280 2281 <h3 id="dos-in-bootloader"> 2282 (DoS) </h3> 2283 <p> 2284 (DoS) 2285 , 2286 . 2287 . 2288 </p> 2289 2290 <table> 2291 <col width="19%"> 2292 <col width="20%"> 2293 <col width="10%"> 2294 <col width="23%"> 2295 <col width="17%"> 2296 <tr> 2297 <th>CVE</th> 2298 <th></th> 2299 <th></th> 2300 <th> Google </th> 2301 <th> </th> 2302 </tr> 2303 <tr> 2304 <td>CVE-2016-8467</td> 2305 <td>A-30308784*</td> 2306 <td></td> 2307 <td>Nexus 6, Nexus 6P</td> 2308 <td>2016 6 29</td> 2309 </tr> 2310 </table> 2311 <p> 2312 * . 2313 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 2314 2315 . 2316 </p> 2317 2318 2319 <h3 id="eop-in-broadcom-wi-fi-driver-2">Broadcom Wi-Fi 2320 </h3> 2321 <p> 2322 Broadcom Wi-Fi 2323 2324 . 2325 2326 . 2327 </p> 2328 2329 <table> 2330 <col width="19%"> 2331 <col width="20%"> 2332 <col width="10%"> 2333 <col width="23%"> 2334 <col width="17%"> 2335 <tr> 2336 <th>CVE</th> 2337 <th></th> 2338 <th></th> 2339 <th> Google </th> 2340 <th> </th> 2341 </tr> 2342 <tr> 2343 <td>CVE-2016-8464</td> 2344 <td>A-29000183*<br> 2345 B-RB#106314</td> 2346 <td></td> 2347 <td>Nexus 6, Nexus 6P, Nexus 9, Pixel C, Nexus Player</td> 2348 <td>2016 5 26</td> 2349 </tr> 2350 <tr> 2351 <td>CVE-2016-8466</td> 2352 <td>A-31822524*<br> 2353 B-RB#105268</td> 2354 <td></td> 2355 <td>Nexus 6, Nexus 6P, Nexus 9, Pixel C, Nexus Player</td> 2356 <td>2016 9 28</td> 2357 </tr> 2358 <tr> 2359 <td>CVE-2016-8465</td> 2360 <td>A-32474971*<br> 2361 B-RB#106053</td> 2362 <td></td> 2363 <td>Nexus 6, Nexus 6P, Nexus 9, Pixel C, Nexus Player</td> 2364 <td>2016 10 27</td> 2365 </tr> 2366 </table> 2367 <p> 2368 * . 2369 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 2370 2371 . 2372 </p> 2373 2374 2375 <h3 id="eop-in-bootloader"> 2376 </h3> 2377 <p> 2378 2379 . 2380 ( 2381 ) . 2382 </p> 2383 2384 <table> 2385 <col width="19%"> 2386 <col width="20%"> 2387 <col width="10%"> 2388 <col width="23%"> 2389 <col width="17%"> 2390 <tr> 2391 <th>CVE</th> 2392 <th></th> 2393 <th></th> 2394 <th> Google </th> 2395 <th> </th> 2396 </tr> 2397 <tr> 2398 <td>CVE-2016-8467</td> 2399 <td>A-30308784*</td> 2400 <td></td> 2401 <td>Nexus 6, Nexus 6P</td> 2402 <td>2016 6 29</td> 2403 </tr> 2404 </table> 2405 <p> 2406 * . 2407 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 2408 2409 . 2410 </p> 2411 2412 2413 <h3 id="eop-in-binder">Binder 2414 </h3> 2415 <p> 2416 Binder 2417 2418 . 2419 2420 . 2421 </p> 2422 2423 <table> 2424 <col width="19%"> 2425 <col width="20%"> 2426 <col width="10%"> 2427 <col width="23%"> 2428 <col width="17%"> 2429 <tr> 2430 <th>CVE</th> 2431 <th></th> 2432 <th></th> 2433 <th> Google </th> 2434 <th> </th> 2435 </tr> 2436 <tr> 2437 <td>CVE-2016-8468</td> 2438 <td>A-32394425*</td> 2439 <td></td> 2440 <td>Pixel C, Pixel, Pixel XL</td> 2441 <td>Google </td> 2442 </tr> 2443 </table> 2444 <p> 2445 * . 2446 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 2447 2448 . 2449 </p> 2450 2451 2452 <h3 id="id-in-nvidia-camera-driver">NVIDIA 2453 </h3> 2454 <p> 2455 2456 . 2457 . 2458 </p> 2459 2460 <table> 2461 <col width="19%"> 2462 <col width="20%"> 2463 <col width="10%"> 2464 <col width="23%"> 2465 <col width="17%"> 2466 <tr> 2467 <th>CVE</th> 2468 <th></th> 2469 <th></th> 2470 <th> Google </th> 2471 <th> </th> 2472 </tr> 2473 <tr> 2474 <td>CVE-2016-8469</td> 2475 <td>A-31351206*<br> 2476 N-CVE-2016-8469</td> 2477 <td></td> 2478 <td>Nexus 9</td> 2479 <td>2016 9 7</td> 2480 </tr> 2481 </table> 2482 <p> 2483 * . 2484 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 2485 2486 . 2487 </p> 2488 2489 2490 <h3 id="id-in-mediatek-driver">MediaTek 2491 </h3> 2492 <p> 2493 MediaTek 2494 . 2495 2496 2497 . 2498 </p> 2499 2500 <table> 2501 <col width="19%"> 2502 <col width="20%"> 2503 <col width="10%"> 2504 <col width="23%"> 2505 <col width="17%"> 2506 <tr> 2507 <th>CVE</th> 2508 <th></th> 2509 <th></th> 2510 <th> Google </th> 2511 <th> </th> 2512 </tr> 2513 <tr> 2514 <td>CVE-2016-8470</td> 2515 <td>A-31528889*<br> 2516 MT-ALPS02961395</td> 2517 <td></td> 2518 <td>**</td> 2519 <td>2016 9 15</td> 2520 </tr> 2521 <tr> 2522 <td>CVE-2016-8471</td> 2523 <td>A-31528890*<br> 2524 MT-ALPS02961380</td> 2525 <td></td> 2526 <td>**</td> 2527 <td>2016 9 15</td> 2528 </tr> 2529 <tr> 2530 <td>CVE-2016-8472</td> 2531 <td>A-31531758*<br> 2532 MT-ALPS02961384</td> 2533 <td></td> 2534 <td>**</td> 2535 <td>2016 9 15</td> 2536 </tr> 2537 </table> 2538 <p> 2539 * . 2540 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 2541 2542 . 2543 </p> 2544 <p> 2545 ** Android 7.0 Google 2546 . 2547 </p> 2548 2549 2550 <h3 id="id-in-stmicroelectronics-driver">STMicroelectronics 2551 </h3> 2552 <p> 2553 STMicroelectronics 2554 . 2555 . 2556 </p> 2557 2558 <table> 2559 <col width="19%"> 2560 <col width="20%"> 2561 <col width="10%"> 2562 <col width="23%"> 2563 <col width="17%"> 2564 <tr> 2565 <th>CVE</th> 2566 <th></th> 2567 <th></th> 2568 <th> Google </th> 2569 <th> </th> 2570 </tr> 2571 <tr> 2572 <td>CVE-2016-8473</td> 2573 <td>A-31795790*</td> 2574 <td></td> 2575 <td>Nexus 5X, Nexus 6P</td> 2576 <td>2016 9 28</td> 2577 </tr> 2578 <tr> 2579 <td>CVE-2016-8474</td> 2580 <td>A-31799972*</td> 2581 <td></td> 2582 <td>Nexus 5X, Nexus 6P</td> 2583 <td>2016 9 28</td> 2584 </tr> 2585 </table> 2586 <p> 2587 * . 2588 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 2589 2590 . 2591 </p> 2592 2593 2594 <h3 id="id-in-qualcomm-audio-post-processor-">Qualcomm 2595 </h3> 2596 <p> 2597 Qualcomm 2598 . 2599 . 2600 </p> 2601 2602 <table> 2603 <col width="18%"> 2604 <col width="17%"> 2605 <col width="10%"> 2606 <col width="19%"> 2607 <col width="18%"> 2608 <col width="17%"> 2609 <tr> 2610 <th>CVE</th> 2611 <th></th> 2612 <th></th> 2613 <th> Google </th> 2614 <th> AOSP </th> 2615 <th> </th> 2616 </tr> 2617 <tr> 2618 <td>CVE-2017-0399 2619 </td> 2620 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/c66c43ad571ed2590dcd55a762c73c90d9744bac"> 2621 A-32588756</a> 2622 [<a href="https://android.googlesource.com/platform/hardware/qcom/audio/+/d72ea85c78a1a68bf99fd5804ad9784b4102fe57">2</a>]</td> 2623 <td></td> 2624 <td></td> 2625 <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 2626 <td>2016 10 18</td> 2627 </tr> 2628 <tr> 2629 <td>CVE-2017-0400</td> 2630 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/c66c43ad571ed2590dcd55a762c73c90d9744bac"> 2631 A-32438598</a> 2632 [<a href="https://android.googlesource.com/platform/hardware/qcom/audio/+/d72ea85c78a1a68bf99fd5804ad9784b4102fe57">2</a>] 2633 </td> 2634 <td></td> 2635 <td></td> 2636 <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 2637 <td>2016 10 25</td> 2638 </tr> 2639 <tr> 2640 <td>CVE-2017-0401</td> 2641 <td><a href="https://android.googlesource.com/platform/hardware/qcom/audio/+/ed79f2cc961d7d35fdbbafdd235c1436bcd74358"> 2642 A-32588016</a> 2643 </td> 2644 <td></td> 2645 <td></td> 2646 <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 2647 <td>2016 10 26</td> 2648 </tr> 2649 <tr> 2650 <td>CVE-2017-0402</td> 2651 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/c66c43ad571ed2590dcd55a762c73c90d9744bac"> 2652 A-32588352</a> 2653 [<a href="https://android.googlesource.com/platform/hardware/qcom/audio/+/d72ea85c78a1a68bf99fd5804ad9784b4102fe57">2</a>] 2654 </td> 2655 <td></td> 2656 <td></td> 2657 <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 2658 <td>2016 10 25</td> 2659 </tr> 2660 </table> 2661 2662 2663 <h3 id="id-in-htc-input-driver">HTC 2664 </h3> 2665 <p> 2666 HTC 2667 . 2668 . 2669 </p> 2670 2671 <table> 2672 <col width="19%"> 2673 <col width="20%"> 2674 <col width="10%"> 2675 <col width="23%"> 2676 <col width="17%"> 2677 <tr> 2678 <th>CVE</th> 2679 <th></th> 2680 <th></th> 2681 <th> Google </th> 2682 <th> </th> 2683 </tr> 2684 <tr> 2685 <td>CVE-2016-8475</td> 2686 <td>A-32591129*</td> 2687 <td></td> 2688 <td>Pixel, Pixel XL</td> 2689 <td>2016 10 30</td> 2690 </tr> 2691 </table> 2692 <p> 2693 * . 2694 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 2695 2696 . 2697 </p> 2698 2699 2700 <h3 id="dos-in-kernel-file-system"> 2701 (DoS) </h3> 2702 <p> 2703 2704 . 2705 2706 . 2707 </p> 2708 2709 <table> 2710 <col width="19%"> 2711 <col width="20%"> 2712 <col width="10%"> 2713 <col width="23%"> 2714 <col width="17%"> 2715 <tr> 2716 <th>CVE</th> 2717 <th></th> 2718 <th></th> 2719 <th> Google </th> 2720 <th> </th> 2721 </tr> 2722 <tr> 2723 <td>CVE-2014-9420</td> 2724 <td>A-32477499<br> 2725 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f54e18f1b831c92f6512d2eedb224cd63d607d3d"> 2726 </a></td> 2727 <td></td> 2728 <td>Pixel C</td> 2729 <td>2014 12 25</td> 2730 </tr> 2731 </table> 2732 2733 <h2 id="common-questions-and-answers"> </h2> 2734 <p> .</p> 2735 2736 <p><strong>1. ? 2737 </strong></p> 2738 2739 <p> 2740 <a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">Pixel Nexus </a> 2741 .</p> 2742 <ul> 2743 <li>2017-01-01 2017-01-01 2744 .</li> 2745 <li>2017-01-05 2746 2017-01-05 .</li> 2747 </ul> 2748 <p> 2749 .</p> 2750 <ul> 2751 <li>[ro.build.version.security_patch]:[2017-01-01]</li> 2752 <li>[ro.build.version.security_patch]:[2017-01-05]</li> 2753 </ul> 2754 <p><strong>2. ?</strong></p> 2755 2756 <p> Android Android 2757 2758 . Android 2759 .</p> 2760 <ul> 2761 <li>2017 1 1 2762 2763 .</li> 2764 <li>2017 1 5 2765 2766 .</li> 2767 </ul> 2768 <p> .</p> 2769 2770 <p><strong>3. Google ?</strong></p> 2771 2772 <p><a href="#2017-01-01-details">2017 1 1</a> <a href="#2017-01-05-details">2017 1 5</a> <em> Google </em> . Google . .</p> 2773 <ul> 2774 <li><strong> Google </strong>: Google Pixel 2775 <em> Google </em> 2776 '' . '' <a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices"> </a> 2777 . Nexus 5X, Nexus 6, Nexus 6P, Nexus 7(2013), Nexus 9, 2778 Android One, Nexus Player, Pixel C, Pixel, Pixel XL.</li> 2779 <li><strong> Google </strong>: Google 2780 , Google <em> Google </em> 2781 .</li> 2782 <li><strong>Google </strong>: Android 2783 Google 2784 <em> Google </em> '' .</li> 2785 </ul> 2786 <p><strong>4. ?</strong></p> 2787 2788 <p> <em></em> 2789 . 2790 .</p> 2791 2792 <table> 2793 <tr> 2794 <th></th> 2795 <th> </th> 2796 </tr> 2797 <tr> 2798 <td>A-</td> 2799 <td>Android ID</td> 2800 </tr> 2801 <tr> 2802 <td>QC-</td> 2803 <td>Qualcomm </td> 2804 </tr> 2805 <tr> 2806 <td>M-</td> 2807 <td>MediaTek </td> 2808 </tr> 2809 <tr> 2810 <td>N-</td> 2811 <td>NVIDIA </td> 2812 </tr> 2813 <tr> 2814 <td>B-</td> 2815 <td>Broadcom </td> 2816 </tr> 2817 </table> 2818 <h2 id="revisions"> </h2> 2819 <ul> 2820 <li>2017 1 3: </li> 2821 <li>2017 1 4: AOSP </li> 2822 <li>2017 1 5: AOSP 7.1 7.1.1 </li> 2823 </ul> 2824 2825 </body> 2826 </html> 2827