1 <html devsite> 2 <head> 3 <title>Android - 2017 2</title> 4 <meta name="project_path" value="/_project.yaml" /> 5 <meta name="book_path" value="/_book.yaml" /> 6 </head> 7 <body> 8 <!-- 9 Copyright 2017 The Android Open Source Project 10 11 Licensed under the Apache License, Version 2.0 (the "License"); 12 you may not use this file except in compliance with the License. 13 You may obtain a copy of the License at 14 15 http://www.apache.org/licenses/LICENSE-2.0 16 17 Unless required by applicable law or agreed to in writing, software 18 distributed under the License is distributed on an "AS IS" BASIS, 19 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 20 See the License for the specific language governing permissions and 21 limitations under the License. 22 --> 23 24 25 <p><em>2017 2 6 | 2017 2 8 </em></p> 26 <p> 27 Android Android 28 . (OTA) 29 Google . Google 30 <a href="https://developers.google.com/android/nexus/images">Google </a> . 2017 2 5 31 . <a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">Pixel Nexus </a> 32 . 33 </p> 34 <p> 35 36 2017 1 3 . 37 Android (AOSP) . 38 AOSP . 39 </p> 40 <p> 41 42 , MMS 43 . 44 </p> 45 <p> 46 47 . <a href="https://developer.android.com/training/safetynet/index.html">SafetyNet</a> Android 48 <a href="/security/enhancements/index.html">Android </a> 49 <a href="#mitigations">Android Google </a> 50 . 51 </p> 52 <p> 53 . 54 </p> 55 <h2 id="announcements"></h2> 56 <ul> 57 <li> Android Android 58 59 . <a href="#common-questions-and-answers"> 60 </a> . 61 <ul> 62 <li><strong>2017-02-01</strong>: . 63 2017-02-01 64 .</li> 65 <li><strong>2017-02-05</strong>: . 66 2017-02-01 2017-02-05 67 .</li> 68 </ul> 69 </li> 70 <li> Google 2017 2 5 OTA 71 .</li> 72 </ul> 73 <h2 id="security-vulnerability-summary"> </h2> 74 <p> 75 , ID(CVE), 76 Google 77 . <a href="/security/overview/updates-resources.html#severity"> </a> 78 79 80 . 81 </p> 82 <h3 id="2017-02-01-summary">2017-02-01 </h3> 83 <p> 84 2017-02-01 . 85 </p> 86 <table> 87 <col width="55%"> 88 <col width="20%"> 89 <col width="13%"> 90 <col width="12%"> 91 <tr> 92 <th></th> 93 <th>CVE</th> 94 <th></th> 95 <th>Google </th> 96 </tr> 97 <tr> 98 <td>Surfaceflinger </td> 99 <td>CVE-2017-0405</td> 100 <td></td> 101 <td></td> 102 </tr> 103 <tr> 104 <td> </td> 105 <td>CVE-2017-0406, CVE-2017-0407</td> 106 <td></td> 107 <td></td> 108 </tr> 109 <tr> 110 <td>libgdx </td> 111 <td>CVE-2017-0408</td> 112 <td></td> 113 <td></td> 114 </tr> 115 <tr> 116 <td>libstagefright </td> 117 <td>CVE-2017-0409</td> 118 <td></td> 119 <td></td> 120 </tr> 121 <tr> 122 <td>Java.Net </td> 123 <td>CVE-2016-5552</td> 124 <td></td> 125 <td></td> 126 </tr> 127 <tr> 128 <td> API </td> 129 <td>CVE-2017-0410, CVE-2017-0411, CVE-2017-0412</td> 130 <td></td> 131 <td></td> 132 </tr> 133 <tr> 134 <td> </td> 135 <td>CVE-2017-0415</td> 136 <td></td> 137 <td></td> 138 </tr> 139 <tr> 140 <td> </td> 141 <td>CVE-2017-0416, CVE-2017-0417, CVE-2017-0418, CVE-2017-0419</td> 142 <td></td> 143 <td></td> 144 </tr> 145 <tr> 146 <td>AOSP </td> 147 <td>CVE-2017-0420</td> 148 <td></td> 149 <td></td> 150 </tr> 151 <tr> 152 <td>AOSP </td> 153 <td>CVE-2017-0413, CVE-2017-0414</td> 154 <td></td> 155 <td></td> 156 </tr> 157 <tr> 158 <td> API </td> 159 <td>CVE-2017-0421</td> 160 <td></td> 161 <td></td> 162 </tr> 163 <tr> 164 <td>Bionic DNS (DoS) </td> 165 <td>CVE-2017-0422</td> 166 <td></td> 167 <td></td> 168 </tr> 169 <tr> 170 <td> </td> 171 <td>CVE-2017-0423</td> 172 <td></td> 173 <td></td> 174 </tr> 175 <tr> 176 <td>AOSP </td> 177 <td>CVE-2017-0424</td> 178 <td></td> 179 <td></td> 180 </tr> 181 <tr> 182 <td> </td> 183 <td>CVE-2017-0425</td> 184 <td></td> 185 <td></td> 186 </tr> 187 <tr> 188 <td> </td> 189 <td>CVE-2017-0426</td> 190 <td></td> 191 <td></td> 192 </tr> 193 </table> 194 <h3 id="2017-02-05-summary">2017-02-05 195 </h3> 196 <p>2017-02-01 2017-02-05 197 .</p> 198 <table> 199 <col width="55%"> 200 <col width="20%"> 201 <col width="13%"> 202 <col width="12%"> 203 <tr> 204 <th></th> 205 <th>CVE</th> 206 <th></th> 207 <th>Google </th> 208 </tr> 209 <tr> 210 <td>Qualcomm </td> 211 <td>CVE-2016-8418</td> 212 <td></td> 213 <td>*</td> 214 </tr> 215 <tr> 216 <td> </td> 217 <td>CVE-2017-0427</td> 218 <td></td> 219 <td></td> 220 </tr> 221 <tr> 222 <td>NVIDIA GPU </td> 223 <td>CVE-2017-0428, CVE-2017-0429</td> 224 <td></td> 225 <td></td> 226 </tr> 227 <tr> 228 <td> </td> 229 <td>CVE-2014-9914</td> 230 <td></td> 231 <td></td> 232 </tr> 233 <tr> 234 <td>Broadcom Wi-Fi </td> 235 <td>CVE-2017-0430</td> 236 <td></td> 237 <td></td> 238 </tr> 239 <tr> 240 <td>Qualcomm </td> 241 <td>CVE-2017-0431</td> 242 <td></td> 243 <td>*</td> 244 </tr> 245 <tr> 246 <td>MediaTek </td> 247 <td>CVE-2017-0432</td> 248 <td></td> 249 <td>*</td> 250 </tr> 251 <tr> 252 <td>Synaptics </td> 253 <td>CVE-2017-0433, CVE-2017-0434</td> 254 <td></td> 255 <td></td> 256 </tr> 257 <tr> 258 <td>Qualcomm Secure Execution Environment 259 Communicator </td> 260 <td>CVE-2016-8480</td> 261 <td></td> 262 <td></td> 263 </tr> 264 <tr> 265 <td>Qualcomm </td> 266 <td>CVE-2016-8481, CVE-2017-0435, CVE-2017-0436</td> 267 <td></td> 268 <td></td> 269 </tr> 270 <tr> 271 <td>Qualcomm Wi-Fi </td> 272 <td>CVE-2017-0437, CVE-2017-0438, CVE-2017-0439, CVE-2016-8419, 273 CVE-2016-8420, CVE-2016-8421, CVE-2017-0440, CVE-2017-0441, CVE-2017-0442, 274 CVE-2017-0443, CVE-2016-8476</td> 275 <td></td> 276 <td></td> 277 </tr> 278 <tr> 279 <td>Realtek </td> 280 <td>CVE-2017-0444</td> 281 <td></td> 282 <td></td> 283 </tr> 284 <tr> 285 <td>HTC </td> 286 <td>CVE-2017-0445, CVE-2017-0446, CVE-2017-0447</td> 287 <td></td> 288 <td></td> 289 </tr> 290 <tr> 291 <td>NVIDIA </td> 292 <td>CVE-2017-0448</td> 293 <td></td> 294 <td></td> 295 </tr> 296 <tr> 297 <td>Broadcom Wi-Fi </td> 298 <td>CVE-2017-0449</td> 299 <td></td> 300 <td></td> 301 </tr> 302 <tr> 303 <td> </td> 304 <td>CVE-2017-0450</td> 305 <td></td> 306 <td></td> 307 </tr> 308 <tr> 309 <td> </td> 310 <td>CVE-2016-10044</td> 311 <td></td> 312 <td></td> 313 </tr> 314 <tr> 315 <td>Qualcomm Secure Execution 316 Environment Communicator </td> 317 <td>CVE-2016-8414</td> 318 <td></td> 319 <td></td> 320 </tr> 321 <tr> 322 <td>Qualcomm </td> 323 <td>CVE-2017-0451</td> 324 <td></td> 325 <td></td> 326 </tr> 327 </table> 328 329 <p>* Android 7.0 Google 330 .</p> 331 332 <h2 id="mitigations">Android Google </h2> 333 <p> SafetyNet <a href="/security/enhancements/index.html">Android </a> 334 . 335 Android 336 .</p> 337 <ul> 338 <li>Android Android 339 . Android 340 .</li> 341 <li>Android <a href="http://static.googleusercontent.com/media/source.android.com/en//security/reports/Google_Android_Security_PHA_classifications.pdf"> </a> 342 343 <a href="http://static.googleusercontent.com/media/source.android.com/en//security/reports/Google_Android_Security_2015_Report_Final.pdf"> SafetyNet</a> 344 345 . <a href="http://www.android.com/gms">Google </a> 346 347 Google Play . Google 348 Play 349 350 . 351 352 . 353 .</li> 354 <li> Google 355 .</li> 356 </ul> 357 <h2 id="acknowledgements"> </h2> 358 <p> 359 . 360 </p> 361 <ul> 362 <li>Daniel Dakhno: CVE-2017-0420</li> 363 <li>Copperhead Security Daniel Micay: CVE-2017-0410</li> 364 <li><a href="http://www.linkedin.com/in/dzima">Dzmitry Lukyanenka</a>: 365 CVE-2017-0414</li> 366 <li>Chrome Frank Liberato: CVE-2017-0409</li> 367 <li>Project Zero Gal Beniamini: CVE-2017-0411, CVE-2017-0412</li> 368 <li>Qihoo 360 Technology Co. Ltd. 369 IceSword Lab Gengjia Chen(<a href="https://twitter.com/chengjia4574">@chengjia4574</a>), 370 <a href="http://weibo.com/jfpan">pjf</a>: CVE-2017-0434, CVE-2017-0446, CVE-2017-0447, CVE-2017-0432</li> 371 <li><a href="http://www.360.com">Qihoo 360 Technology Co. Ltd</a>. Alpha Team 372 Guang Gong()(<a href="https://twitter.com/oldfresher">@oldfresher</a>): 373 CVE-2017-0415</li> 374 <li><a href="http://c0reteam.org">C0RE Team</a> 375 <a href="mailto:arnow117 (a] gmail.com">Hanxiang Wen</a>, <a href="mailto:vancouverdou (a] gmail.com">Wenke Dou</a>, 376 Mingjian Zhou(<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>), Xuxian Jiang: 377 CVE-2017-0418</li> 378 <li>Qihoo 360 Technology Co. Ltd. Alpha Team Hao Chen, Guang Gong: 379 CVE-2017-0437, CVE-2017-0438, CVE-2017-0439, CVE-2016-8419, CVE-2016-8420, 380 CVE-2016-8421, CVE-2017-0441, CVE-2017-0442, CVE-2016-8476, CVE-2017-0443</li> 381 <li>Google Jeff Sharkey: CVE-2017-0421, CVE-2017-0423</li> 382 <li>Jeff Trim: CVE-2017-0422</li> 383 <li>Qihoo 360 384 IceSword Lab 385 Jianqiang Zhao(<a href="https://twitter.com/jianqiangzhao">@jianqiangzhao</a>), <a href="http://weibo.com/jfpan">pjf</a>: CVE-2017-0445</li> 386 <li>LINE Corporation ma.la, Nikolay Elenkov: CVE-2016-5552</li> 387 <li>Google Max Spector: CVE-2017-0416</li> 388 <li><a href="http://c0reteam.org">C0RE Team</a> 389 Mingjian Zhou(<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>), 390 Yuqi Lu(<a href="https://twitter.com/nikos233__">@nikos233</a>), 391 Xuxian Jiang: CVE-2017-0425</li> 392 <li>Tencent KeenLab() 393 Qidan He()(<a href="https://twitter.com/flanker_hqd">@flanker_hqd</a>), 394 Di Shen()(<a href="https://twitter.com/returnsme">@returnsme</a>): CVE-2017-0427</li> 395 <li>IBM X-Force Research Sagi Kedmi: CVE-2017-0433</li> 396 <li>Copperhead Security 397 Scott Bauer(<a href="http://twitter.com/ScottyBauer1">@ScottyBauer1</a>), Daniel Micay: CVE-2017-0405</li> 398 <li>Trend Micro Mobile Threat Research Team 399 Seven Shen(<a href="https://twitter.com/lingtongshen">@lingtongshen</a>): CVE-2017-0449, CVE-2016-8418</li> 400 <li><a href="http://c0reteam.org">C0RE Team</a> 401 <a href="mailto:segfault5514 (a] gmail.com">Tong Lin</a>, <a href="mailto:computernik (a] gmail.com">Yuan-Tsung Lo</a>, 402 Chiachih Wu(<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>), 403 Xuxian Jiang: CVE-2017-0436, CVE-2016-8481, CVE-2017-0435</li> 404 <li><a href="http://www.trendmicro.com">Trend Micro</a> <a href="http://blog.trendmicro.com/trendlabs-security-intelligence/category/mobile">Mobile Threat 405 Response Team</a> 406 V.E.O(<a href="https://twitter.com/vysea">@VYSEa</a>): 407 CVE-2017-0424</li> 408 <li>Alibaba Inc. Weichao Sun(<a href="https://twitter.com/sunblate">@sunblate</a>): 409 CVE-2017-0407</li> 410 <li><a href="http://c0reteam.org">C0RE Team</a> 411 <a href="mailto:vancouverdou (a] gmail.com">Wenke Dou</a>, <a href="mailto:hlhan (a] bupt.edu.cn">Hongli Han</a>, 412 Mingjian Zhou(<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>), 413 Xuxian Jiang: CVE-2017-0450</li> 414 <li><a href="http://c0reteam.org">C0RE Team</a> 415 <a href="mailto:vancouverdou (a] gmail.com">Wenke Dou</a>, Yuqi Lu(<a href="https://twitter.com/nikos233__">@nikos233</a>), 416 Mingjian Zhou(<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>), 417 Xuxian Jiang: CVE-2017-0417</li> 418 <li>Ant-financial Light-Year 419 Security Lab Wish Wu(<a href="https://twitter.com/wish_wu">@wish_wu</a>) 420 (<a href="http://www.weibo.com/wishlinux"></a> ): CVE-2017-0408</li> 421 <li><a href="http://c0reteam.org">C0RE Team</a> 422 <a href="mailto:yaojun8558363 (a] gmail.com">Yao Jun</a>, <a href="mailto:computernik (a] gmail.com">Yuan-Tsung Lo</a>, 423 Chiachih Wu(<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>), 424 Xuxian Jiang: CVE-2016-8480</li> 425 <li><a href="http://c0reteam.org">C0RE Team</a> 426 <a href="mailto:computernik (a] gmail.com">Yuan-Tsung Lo</a>, Chiachih Wu(<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>), 427 Xuxian Jiang: CVE-2017-0444</li> 428 <li><a href="http://c0reteam.org">C0RE Team</a> 429 <a href="mailto:computernik (a] gmail.com">Yuan-Tsung Lo</a>, <a href="mailto:segfault5514 (a] gmail.com">Tong Lin</a>, 430 Chiachih Wu(<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>), 431 Xuxian Jiang: CVE-2017-0428</li> 432 <li><a href="http://c0reteam.org">C0RE Team</a> 433 <a href="mailto:computernik (a] gmail.com">Yuan-Tsung Lo</a>, <a href="mailto:wisedd (a] gmail.com">Xiaodong Wang</a>, 434 Chiachih Wu(<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>), 435 Xuxian Jiang: CVE-2017-0448, CVE-2017-0429</li> 436 <li><a href="http://www.nsfocus.com">NSFocus</a> 437 <a href="mailto:zhouzhenster (a] gmail.com">Zhen Zhou</a>( 438 <a href="https://twitter.com/henices">@henices</a>), 439 <a href="mailto:sundaywind2004 (a] gmail.com">Zhixin Li</a>: CVE-2017-0406</li> 440 </ul> 441 <p> 442 443 . 444 </p><ul> 445 <li>Baidu X-Lab() Pengfei Ding(), Chenfu Bao(), 446 Lenx Wei()</li> 447 </ul> 448 449 <h2 id="2017-02-01-details">2017-02-01 450 </h2> 451 <p> 452 <a href="#2017-02-01-summary">2017-02-01 453 </a> 454 . 455 , 456 CVE, , , Google , 457 AOSP ( ), . 458 AOSP ID 459 . 460 ID .</p> 461 462 463 <h3 id="rce-in-surfaceflinger">Surfaceflinger 464 </h3> 465 <p> 466 Surfaceflinger 467 468 . Surfaceflinger 469 . 470 </p> 471 472 <table> 473 <col width="18%"> 474 <col width="17%"> 475 <col width="10%"> 476 <col width="19%"> 477 <col width="18%"> 478 <col width="17%"> 479 <tr> 480 <th>CVE</th> 481 <th></th> 482 <th></th> 483 <th> Google </th> 484 <th> AOSP </th> 485 <th> </th> 486 </tr> 487 <tr> 488 <td>CVE-2017-0405</td> 489 <td><a href="https://android.googlesource.com/platform/frameworks/native/+/16110b86db164e8d2b6864fed58f0385fe7d0979"> 490 A-31960359</a></td> 491 <td></td> 492 <td></td> 493 <td>7.0, 7.1.1</td> 494 <td>2016 10 4</td> 495 </tr> 496 </table> 497 498 499 <h3 id="rce-in-mediaserver"> 500 </h3> 501 <p> 502 503 504 . 505 . 506 </p> 507 508 <table> 509 <col width="18%"> 510 <col width="17%"> 511 <col width="10%"> 512 <col width="19%"> 513 <col width="18%"> 514 <col width="17%"> 515 <tr> 516 <th>CVE</th> 517 <th></th> 518 <th></th> 519 <th> Google </th> 520 <th> AOSP </th> 521 <th> </th> 522 </tr> 523 <tr> 524 <td>CVE-2017-0406</td> 525 <td><a href="https://android.googlesource.com/platform/external/libhevc/+/fed702734d86801cc86b4865a57e2f2028c4b575"> 526 A-32915871</a> 527 [<a href="https://android.googlesource.com/platform/external/libhevc/+/df7b56457184600e3d2b7cbac87ebe7001f7cb48">2</a>]</td> 528 <td></td> 529 <td></td> 530 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 531 <td>2016 11 14</td> 532 </tr> 533 <tr> 534 <td>CVE-2017-0407</td> 535 <td><a href="https://android.googlesource.com/platform/external/libhevc/+/7546c106004910a4583b2d7d03c6498ecf383da7"> 536 A-32873375</a></td> 537 <td></td> 538 <td></td> 539 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 540 <td>2016 11 12</td> 541 </tr> 542 </table> 543 544 545 <h3 id="rce-in-libgdx">libgdx </h3> 546 <p> 547 libgdx 548 549 . 550 . 551 </p> 552 553 <table> 554 <col width="18%"> 555 <col width="17%"> 556 <col width="10%"> 557 <col width="19%"> 558 <col width="18%"> 559 <col width="17%"> 560 <tr> 561 <th>CVE</th> 562 <th></th> 563 <th></th> 564 <th> Google </th> 565 <th> AOSP </th> 566 <th> </th> 567 </tr> 568 <tr> 569 <td>CVE-2017-0408</td> 570 <td><a href="https://android.googlesource.com/platform/external/libgdx/+/e6da772e70c9754966aabf4ddac73bb99eb1742b"> 571 A-32769670</a></td> 572 <td></td> 573 <td></td> 574 <td>7.1.1</td> 575 <td>2016 11 9</td> 576 </tr> 577 </table> 578 579 580 <h3 id="rce-in-libstagefright">libstagefright 581 </h3> 582 <p> 583 libstagefright 584 . 585 . 586 </p> 587 588 <table> 589 <col width="18%"> 590 <col width="17%"> 591 <col width="10%"> 592 <col width="19%"> 593 <col width="18%"> 594 <col width="17%"> 595 <tr> 596 <th>CVE</th> 597 <th></th> 598 <th></th> 599 <th> Google </th> 600 <th> AOSP </th> 601 <th> </th> 602 </tr> 603 <tr> 604 <td>CVE-2017-0409</td> 605 <td><a href="https://android.googlesource.com/platform/external/libavc/+/72886b6964f6539908c8e127cd13c3091d2e5a8b"> 606 A-31999646</a></td> 607 <td></td> 608 <td></td> 609 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 610 <td>Google </td> 611 </tr> 612 </table> 613 614 615 <h3 id="eop-in-java.net">Java.Net </h3> 616 <p> 617 Java.Net 618 . 619 620 . 621 </p> 622 623 <table> 624 <col width="18%"> 625 <col width="17%"> 626 <col width="10%"> 627 <col width="19%"> 628 <col width="18%"> 629 <col width="17%"> 630 <tr> 631 <th>CVE</th> 632 <th></th> 633 <th></th> 634 <th> Google </th> 635 <th> AOSP </th> 636 <th> </th> 637 </tr> 638 <tr> 639 <td>CVE-2016-5552</td> 640 <td><a href="https://android.googlesource.com/platform/libcore/+/4b3f2c6c5b84f80fae8eeeb46727811e055715ea"> 641 A-31858037</a></td> 642 <td></td> 643 <td></td> 644 <td>7.0, 7.1.1</td> 645 <td>2016 9 30</td> 646 </tr> 647 </table> 648 649 650 <h3 id="eop-in-framework-apis"> API 651 </h3> 652 <p> 653 API 654 655 . 656 657 . 658 </p> 659 660 <table> 661 <col width="18%"> 662 <col width="17%"> 663 <col width="10%"> 664 <col width="19%"> 665 <col width="18%"> 666 <col width="17%"> 667 <tr> 668 <th>CVE</th> 669 <th></th> 670 <th></th> 671 <th> Google </th> 672 <th> AOSP </th> 673 <th> </th> 674 </tr> 675 <tr> 676 <td>CVE-2017-0410</td> 677 <td><a href="https://android.googlesource.com/platform/frameworks/native/+/b4d6b292bce7d82c93fd454078dedf5a1302b9fa"> 678 A-31929765</a></td> 679 <td></td> 680 <td></td> 681 <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 682 <td>2016 10 2</td> 683 </tr> 684 <tr> 685 <td>CVE-2017-0411</td> 686 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/203725e4d58e16334d84998c1483c374f541ed9f"> 687 A-33042690</a> 688 [<a href="https://android.googlesource.com/platform/frameworks/base/+/31a06019d13d7b00ca35fc8512191c643acb8e84">2</a>]</td> 689 <td></td> 690 <td></td> 691 <td>7.0, 7.1.1</td> 692 <td>2016 11 21</td> 693 </tr> 694 <tr> 695 <td>CVE-2017-0412</td> 696 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/203725e4d58e16334d84998c1483c374f541ed9f"> 697 A-33039926</a> 698 [<a href="https://android.googlesource.com/platform/frameworks/base/+/31a06019d13d7b00ca35fc8512191c643acb8e84">2</a>]</td> 699 <td></td> 700 <td></td> 701 <td>7.0, 7.1.1</td> 702 <td>2016 11 21</td> 703 </tr> 704 </table> 705 706 <h3 id="eop-in-mediaserver"> 707 </h3> 708 <p> 709 710 711 . 712 713 . 714 </p> 715 716 <table> 717 <col width="18%"> 718 <col width="17%"> 719 <col width="10%"> 720 <col width="19%"> 721 <col width="18%"> 722 <col width="17%"> 723 <tr> 724 <th>CVE</th> 725 <th></th> 726 <th></th> 727 <th> Google </th> 728 <th> AOSP </th> 729 <th> </th> 730 </tr> 731 <tr> 732 <td>CVE-2017-0415</td> 733 <td><a href="https://android.googlesource.com/platform/frameworks/native/+/2e16d5fac149dab3c3e8f1b2ca89f45cf55a7b34"> 734 A-32706020</a></td> 735 <td></td> 736 <td></td> 737 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 738 <td>2016 11 4</td> 739 </tr> 740 </table> 741 742 743 <h3 id="eop-in-audioserver"> 744 </h3> 745 <p> 746 747 748 . 749 750 . 751 </p> 752 753 <table> 754 <col width="18%"> 755 <col width="17%"> 756 <col width="10%"> 757 <col width="19%"> 758 <col width="18%"> 759 <col width="17%"> 760 <tr> 761 <th>CVE</th> 762 <th></th> 763 <th></th> 764 <th> Google </th> 765 <th> AOSP </th> 766 <th> </th> 767 </tr> 768 <tr> 769 <td>CVE-2017-0416</td> 770 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/b0bcddb44d992e74140a3f5eedc7177977ea8e34"> 771 A-32886609</a> 772 [<a href="https://android.googlesource.com/platform/frameworks/av/+/321ea5257e37c8edb26e66fe4ee78cca4cd915fe">2</a>]</td> 773 <td></td> 774 <td></td> 775 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 776 <td>Google </td> 777 </tr> 778 <tr> 779 <td>CVE-2017-0417</td> 780 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/b0bcddb44d992e74140a3f5eedc7177977ea8e34"> 781 A-32705438</a></td> 782 <td></td> 783 <td></td> 784 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 785 <td>2016 11 7</td> 786 </tr> 787 <tr> 788 <td>CVE-2017-0418</td> 789 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/b0bcddb44d992e74140a3f5eedc7177977ea8e34"> 790 A-32703959</a> 791 [<a href="https://android.googlesource.com/platform/hardware/libhardware/+/534098cb29e1e4151ba2ed83d6a911d0b6f48522">2</a>]</td> 792 <td></td> 793 <td></td> 794 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 795 <td>2016 11 7</td> 796 </tr> 797 <tr> 798 <td>CVE-2017-0419</td> 799 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/a155de4d70e0b9ac8fc02b2bdcbb2e8e6cca46ff"> 800 A-32220769</a></td> 801 <td></td> 802 <td></td> 803 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 804 <td>2016 10 15</td> 805 </tr> 806 </table> 807 808 <h3 id="id-in-aosp-mail">AOSP </h3> 809 <p> 810 AOSP 811 812 . 813 814 . 815 </p> 816 817 <table> 818 <col width="18%"> 819 <col width="17%"> 820 <col width="10%"> 821 <col width="19%"> 822 <col width="18%"> 823 <col width="17%"> 824 <tr> 825 <th>CVE</th> 826 <th></th> 827 <th></th> 828 <th> Google </th> 829 <th> AOSP </th> 830 <th> </th> 831 </tr> 832 <tr> 833 <td>CVE-2017-0420</td> 834 <td><a href="https://android.googlesource.com/platform/packages/apps/UnifiedEmail/+/2073799a165e6aa15117f8ad76bb0c7618b13909"> 835 A-32615212</a></td> 836 <td></td> 837 <td></td> 838 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 839 <td>2016 9 12</td> 840 </tr> 841 </table> 842 843 844 <h3 id="id-in-aosp-messaging">AOSP 845 </h3> 846 <p> 847 AOSP 848 849 . 850 851 . 852 </p> 853 854 <table> 855 <col width="18%"> 856 <col width="17%"> 857 <col width="10%"> 858 <col width="19%"> 859 <col width="18%"> 860 <col width="17%"> 861 <tr> 862 <th>CVE</th> 863 <th></th> 864 <th></th> 865 <th> Google </th> 866 <th> AOSP </th> 867 <th> </th> 868 </tr> 869 <tr> 870 <td>CVE-2017-0413</td> 871 <td><a href="https://android.googlesource.com/platform/packages/apps/Messaging/+/74059eb379ea07b9c7f46bf2112a60de8e4cfc8e"> 872 A-32161610</a></td> 873 <td></td> 874 <td></td> 875 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 876 <td>2016 10 13</td> 877 </tr> 878 <tr> 879 <td>CVE-2017-0414</td> 880 <td><a href="https://android.googlesource.com/platform/packages/apps/Messaging/+/30ab77f42d20c33c0aa9e6ffd2b164d096db32dd"> 881 A-32807795</a></td> 882 <td></td> 883 <td></td> 884 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 885 <td>2016 11 10</td> 886 </tr> 887 </table> 888 889 890 <h3 id="id-in-framework-apis"> API 891 </h3> 892 <p> 893 API 894 895 . 896 897 . 898 </p> 899 900 <table> 901 <col width="18%"> 902 <col width="17%"> 903 <col width="10%"> 904 <col width="19%"> 905 <col width="18%"> 906 <col width="17%"> 907 <tr> 908 <th>CVE</th> 909 <th></th> 910 <th></th> 911 <th> Google </th> 912 <th> AOSP </th> 913 <th> </th> 914 </tr> 915 <tr> 916 <td>CVE-2017-0421</td> 917 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/858064e946dc8dbf76bff9387e847e211703e336"> 918 A-32555637</a></td> 919 <td></td> 920 <td></td> 921 <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 922 <td>Google </td> 923 </tr> 924 </table> 925 926 927 <h3 id="dos-in-bionic-dns">Bionic DNS (DoS) </h3> 928 <p> 929 Bionic DNS 930 . 931 . 932 933 </p> 934 935 <table> 936 <col width="18%"> 937 <col width="17%"> 938 <col width="10%"> 939 <col width="19%"> 940 <col width="18%"> 941 <col width="17%"> 942 <tr> 943 <th>CVE</th> 944 <th></th> 945 <th></th> 946 <th> Google </th> 947 <th> AOSP </th> 948 <th> </th> 949 </tr> 950 <tr> 951 <td>CVE-2017-0422</td> 952 <td><a href="https://android.googlesource.com/platform/bionic/+/dba3df609436d7697305735818f0a840a49f1a0d"> 953 A-32322088</a></td> 954 <td></td> 955 <td></td> 956 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 957 <td>2016 10 20</td> 958 </tr> 959 </table> 960 961 962 <h3 id="eop-in-bluetooth"> 963 </h3> 964 <p> 965 966 . 967 968 . 969 </p> 970 971 <table> 972 <col width="18%"> 973 <col width="17%"> 974 <col width="10%"> 975 <col width="19%"> 976 <col width="18%"> 977 <col width="17%"> 978 <tr> 979 <th>CVE</th> 980 <th></th> 981 <th></th> 982 <th> Google </th> 983 <th> AOSP </th> 984 <th> </th> 985 </tr> 986 <tr> 987 <td>CVE-2017-0423</td> 988 <td><a href="https://android.googlesource.com/platform/packages/apps/Bluetooth/+/4c1f39e1cf203cb9db7b85e75b5fc32ec7132083"> 989 A-32612586</a></td> 990 <td></td> 991 <td></td> 992 <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 993 <td>2016 11 2</td> 994 </tr> 995 </table> 996 997 998 <h3 id="id-in-aosp-messaging-2">AOSP 999 </h3> 1000 <p> 1001 AOSP 1002 1003 . 1004 1005 . 1006 </p> 1007 1008 <table> 1009 <col width="18%"> 1010 <col width="17%"> 1011 <col width="10%"> 1012 <col width="19%"> 1013 <col width="18%"> 1014 <col width="17%"> 1015 <tr> 1016 <th>CVE</th> 1017 <th></th> 1018 <th></th> 1019 <th> Google </th> 1020 <th> AOSP </th> 1021 <th> </th> 1022 </tr> 1023 <tr> 1024 <td>CVE-2017-0424</td> 1025 <td><a href="https://android.googlesource.com/platform/packages/apps/Messaging/+/e9b7e3a6b7a8886693d298401a20788816a5afdc"> 1026 A-32322450</a></td> 1027 <td></td> 1028 <td></td> 1029 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 1030 <td>2016 10 20</td> 1031 </tr> 1032 </table> 1033 1034 1035 <h3 id="id-in-audioserver"> 1036 </h3> 1037 <p> 1038 1039 . 1040 1041 . 1042 </p> 1043 1044 <table> 1045 <col width="18%"> 1046 <col width="17%"> 1047 <col width="10%"> 1048 <col width="19%"> 1049 <col width="18%"> 1050 <col width="17%"> 1051 <tr> 1052 <th>CVE</th> 1053 <th></th> 1054 <th></th> 1055 <th> Google </th> 1056 <th> AOSP </th> 1057 <th> </th> 1058 </tr> 1059 <tr> 1060 <td>CVE-2017-0425</td> 1061 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/a155de4d70e0b9ac8fc02b2bdcbb2e8e6cca46ff"> 1062 A-32720785</a></td> 1063 <td></td> 1064 <td></td> 1065 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 1066 <td>2016 11 7</td> 1067 </tr> 1068 </table> 1069 1070 1071 <h3 id="id-in-filesystem"> 1072 </h3> 1073 <p> 1074 1075 . 1076 1077 . 1078 </p> 1079 1080 <table> 1081 <col width="18%"> 1082 <col width="17%"> 1083 <col width="10%"> 1084 <col width="19%"> 1085 <col width="18%"> 1086 <col width="17%"> 1087 <tr> 1088 <th>CVE</th> 1089 <th></th> 1090 <th></th> 1091 <th> Google </th> 1092 <th> AOSP </th> 1093 <th> </th> 1094 </tr> 1095 <tr> 1096 <td>CVE-2017-0426</td> 1097 <td><a href="https://android.googlesource.com/platform/system/sepolicy/+/ae46511bfa62b56938b3df824bb2ee737dceaa7a"> 1098 A-32799236</a> 1099 [<a href="https://android.googlesource.com/platform/system/core/+/0e7324e9095a209d4f06ba00812b2b2976fe2846">2</a>]</td> 1100 <td></td> 1101 <td></td> 1102 <td>7.0, 7.1.1</td> 1103 <td>Google </td> 1104 </tr> 1105 </table> 1106 1107 1108 <h2 id="2017-02-05-details">2017-02-05 1109 </h2> 1110 <p> 1111 1112 <a href="#2017-02-05-summary">2017-02-05 1113 </a> 1114 . , 1115 CVE, , , Google , 1116 AOSP ( ), . 1117 1118 AOSP ID 1119 . 1120 ID .</p> 1121 1122 1123 <h3 id="rce-in-qualcomm-crypto-driver">Qualcomm 1124 </h3> 1125 <p> 1126 Qualcomm 1127 . 1128 1129 . 1130 </p> 1131 1132 <table> 1133 <col width="19%"> 1134 <col width="20%"> 1135 <col width="10%"> 1136 <col width="23%"> 1137 <col width="17%"> 1138 <tr> 1139 <th>CVE</th> 1140 <th></th> 1141 <th></th> 1142 <th> Google </th> 1143 <th> </th> 1144 </tr> 1145 <tr> 1146 <td>CVE-2016-8418</td> 1147 <td>A-32652894<br> 1148 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=8f8066581a8e575a7d57d27f36c4db63f91ca48f"> 1149 QC-CR#1077457</a></td> 1150 <td></td> 1151 <td>*</td> 1152 <td>2016 10 10</td> 1153 </tr> 1154 </table> 1155 <p> 1156 * Android 7.0 Google 1157 . 1158 </p> 1159 1160 1161 <h3 id="eop-in-kernel-file-system"> 1162 </h3> 1163 <p> 1164 1165 1166 . 1167 , 1168 . 1169 </p> 1170 1171 <table> 1172 <col width="19%"> 1173 <col width="20%"> 1174 <col width="10%"> 1175 <col width="23%"> 1176 <col width="17%"> 1177 <tr> 1178 <th>CVE</th> 1179 <th></th> 1180 <th></th> 1181 <th> Google </th> 1182 <th> </th> 1183 </tr> 1184 <tr> 1185 <td>CVE-2017-0427</td> 1186 <td>A-31495866*</td> 1187 <td></td> 1188 <td>Nexus 5X, Nexus 6, Nexus 6P, Nexus 9, Android One, Pixel C, Nexus 1189 Player, Pixel, Pixel XL</td> 1190 <td>2016 9 13</td> 1191 </tr> 1192 </table> 1193 <p> 1194 * . 1195 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1196 1197 1198 . 1199 </p> 1200 1201 1202 <h3 id="eop-in-nvidia-gpu-driver">NVIDIA GPU 1203 </h3> 1204 <p> 1205 NVIDIA GPU 1206 1207 . 1208 , 1209 . 1210 </p> 1211 1212 <table> 1213 <col width="19%"> 1214 <col width="20%"> 1215 <col width="10%"> 1216 <col width="23%"> 1217 <col width="17%"> 1218 <tr> 1219 <th>CVE</th> 1220 <th></th> 1221 <th></th> 1222 <th> Google </th> 1223 <th> </th> 1224 </tr> 1225 <tr> 1226 <td>CVE-2017-0428</td> 1227 <td>A-32401526*<br> 1228 N-CVE-2017-0428</td> 1229 <td></td> 1230 <td>Nexus 9</td> 1231 <td>2016 10 25</td> 1232 </tr> 1233 <tr> 1234 <td>CVE-2017-0429</td> 1235 <td>A-32636619*<br> 1236 N-CVE-2017-0429</td> 1237 <td></td> 1238 <td>Nexus 9</td> 1239 <td>2016 11 3</td> 1240 </tr> 1241 </table> 1242 <p> 1243 * . 1244 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1245 1246 1247 . 1248 </p> 1249 1250 1251 <h3 id="eop-in-kernel-networking-subsystem"> 1252 </h3> 1253 <p> 1254 1255 1256 . 1257 , 1258 . 1259 </p> 1260 1261 <table> 1262 <col width="19%"> 1263 <col width="20%"> 1264 <col width="10%"> 1265 <col width="23%"> 1266 <col width="17%"> 1267 <tr> 1268 <th>CVE</th> 1269 <th></th> 1270 <th></th> 1271 <th> Google </th> 1272 <th> </th> 1273 </tr> 1274 <tr> 1275 <td>CVE-2014-9914</td> 1276 <td>A-32882659<br> 1277 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9709674e68646cee5a24e3000b3558d25412203a"> 1278 </a></td> 1279 <td></td> 1280 <td>Nexus 6, Nexus Player</td> 1281 <td>2016 11 9</td> 1282 </tr> 1283 </table> 1284 1285 1286 <h3 id="eop-in-broadcom-wi-fi-driver">Broadcom Wi-Fi 1287 </h3> 1288 <p> 1289 Broadcom Wi-Fi 1290 1291 . 1292 , 1293 . 1294 </p> 1295 1296 <table> 1297 <col width="19%"> 1298 <col width="20%"> 1299 <col width="10%"> 1300 <col width="23%"> 1301 <col width="17%"> 1302 <tr> 1303 <th>CVE</th> 1304 <th></th> 1305 <th></th> 1306 <th> Google </th> 1307 <th> </th> 1308 </tr> 1309 <tr> 1310 <td>CVE-2017-0430</td> 1311 <td>A-32838767*<br> 1312 B-RB#107459</td> 1313 <td></td> 1314 <td>Nexus 6, Nexus 6P, Nexus 9, Pixel C, Nexus Player</td> 1315 <td>Google </td> 1316 </tr> 1317 </table> 1318 <p> 1319 * . 1320 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1321 1322 1323 . 1324 </p> 1325 1326 1327 <h3 id="vulnerabilities-in-qualcomm-components">Qualcomm 1328 </h3> 1329 <p> 1330 Qualcomm Qualcomm AMSS 1331 2016 9 . 1332 </p> 1333 1334 <table> 1335 <col width="19%"> 1336 <col width="20%"> 1337 <col width="10%"> 1338 <col width="23%"> 1339 <col width="17%"> 1340 <tr> 1341 <th>CVE</th> 1342 <th></th> 1343 <th>*</th> 1344 <th> Google </th> 1345 <th> </th> 1346 </tr> 1347 <tr> 1348 <td>CVE-2017-0431</td> 1349 <td>A-32573899**</td> 1350 <td></td> 1351 <td>***</td> 1352 <td>Qualcomm </td> 1353 </tr> 1354 </table> 1355 <p> 1356 * . 1357 </p> 1358 <p> 1359 ** . 1360 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1361 1362 1363 . 1364 </p> 1365 <p> 1366 *** Android 7.0 Google 1367 . 1368 </p> 1369 1370 1371 <h3 id="eop-in-mediatek-driver">MediaTek 1372 </h3> 1373 <p> 1374 MediaTek 1375 1376 . 1377 . 1378 </p> 1379 1380 <table> 1381 <col width="19%"> 1382 <col width="20%"> 1383 <col width="10%"> 1384 <col width="23%"> 1385 <col width="17%"> 1386 <tr> 1387 <th>CVE</th> 1388 <th></th> 1389 <th></th> 1390 <th> Google </th> 1391 <th> </th> 1392 </tr> 1393 <tr> 1394 <td>CVE-2017-0432</td> 1395 <td>A-28332719*<br> 1396 M-ALPS02708925</td> 1397 <td></td> 1398 <td>**</td> 1399 <td>2016 4 21</td> 1400 </tr> 1401 </table> 1402 <p> 1403 * . 1404 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1405 1406 1407 . 1408 </p> 1409 <p> 1410 ** Android 7.0 Google 1411 . 1412 </p> 1413 1414 1415 <h3 id="eop-in-synaptics-touchscreen-driver">Synaptics 1416 </h3> 1417 <p> 1418 Synaptics 1419 1420 . 1421 . 1422 </p> 1423 1424 <table> 1425 <col width="19%"> 1426 <col width="20%"> 1427 <col width="10%"> 1428 <col width="23%"> 1429 <col width="17%"> 1430 <tr> 1431 <th>CVE</th> 1432 <th></th> 1433 <th></th> 1434 <th> Google </th> 1435 <th> </th> 1436 </tr> 1437 <tr> 1438 <td>CVE-2017-0433</td> 1439 <td>A-31913571*</td> 1440 <td></td> 1441 <td>Nexus 6P, Nexus 9, Android One, Pixel, Pixel XL</td> 1442 <td>2016 9 8</td> 1443 </tr> 1444 <tr> 1445 <td>CVE-2017-0434</td> 1446 <td>A-33001936*</td> 1447 <td></td> 1448 <td>Pixel, Pixel XL</td> 1449 <td>2016 11 18</td> 1450 </tr> 1451 </table> 1452 <p> 1453 * . 1454 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1455 1456 1457 . 1458 </p> 1459 1460 1461 <h3 id="eop-in-qualcomm-secure-execution-environment-communicator-driver">Qualcomm Secure Execution Environment 1462 Communicator </h3> 1463 <p> 1464 Qualcomm Secure Execution Environment Communicator 1465 1466 . 1467 . 1468 </p> 1469 1470 <table> 1471 <col width="19%"> 1472 <col width="20%"> 1473 <col width="10%"> 1474 <col width="23%"> 1475 <col width="17%"> 1476 <tr> 1477 <th>CVE</th> 1478 <th></th> 1479 <th></th> 1480 <th> Google </th> 1481 <th> </th> 1482 </tr> 1483 <tr> 1484 <td>CVE-2016-8480</td> 1485 <td>A-31804432<br> 1486 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=0ed0f061bcd71940ed65de2ba46e37e709e31471"> 1487 QC-CR#1086186</a> 1488 [<a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=cd70f6025a7bbce89af7a7abf4c40a219fdea406">2</a>]</td> 1489 <td></td> 1490 <td>Nexus 5X, Nexus 6, Nexus 6P, Android One, Pixel, Pixel XL</td> 1491 <td>2016 9 28</td> 1492 </tr> 1493 </table> 1494 1495 1496 <h3 id="eop-in-qualcomm-sound-driver">Qualcomm 1497 </h3> 1498 <p> 1499 Qualcomm 1500 1501 . 1502 . 1503 </p> 1504 1505 <table> 1506 <col width="19%"> 1507 <col width="20%"> 1508 <col width="10%"> 1509 <col width="23%"> 1510 <col width="17%"> 1511 <tr> 1512 <th>CVE</th> 1513 <th></th> 1514 <th></th> 1515 <th> Google </th> 1516 <th> </th> 1517 </tr> 1518 <tr> 1519 <td>CVE-2016-8481</td> 1520 <td>A-31906415*<br> 1521 QC-CR#1078000</td> 1522 <td></td> 1523 <td>Nexus 5X, Nexus 6P, Pixel, Pixel XL</td> 1524 <td>2016 10 1</td> 1525 </tr> 1526 <tr> 1527 <td>CVE-2017-0435</td> 1528 <td>A-31906657*<br> 1529 QC-CR#1078000</td> 1530 <td></td> 1531 <td>Nexus 5X, Nexus 6P, Pixel, Pixel XL</td> 1532 <td>2016 10 1</td> 1533 </tr> 1534 <tr> 1535 <td>CVE-2017-0436</td> 1536 <td>A-32624661*<br> 1537 QC-CR#1078000</td> 1538 <td></td> 1539 <td>Nexus 5X, Nexus 6P, Pixel, Pixel XL</td> 1540 <td>2016 11 2</td> 1541 </tr> 1542 </table> 1543 <p> 1544 * . 1545 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1546 1547 1548 . 1549 </p> 1550 1551 1552 <h3 id="eop-in-qualcomm-wi-fi-driver">Qualcomm Wi-Fi 1553 </h3> 1554 <p> 1555 Qualcomm Wi-Fi 1556 1557 . 1558 . 1559 </p> 1560 1561 <table> 1562 <col width="19%"> 1563 <col width="20%"> 1564 <col width="10%"> 1565 <col width="23%"> 1566 <col width="17%"> 1567 <tr> 1568 <th>CVE</th> 1569 <th></th> 1570 <th></th> 1571 <th> Google </th> 1572 <th> </th> 1573 </tr> 1574 <tr> 1575 <td>CVE-2017-0437</td> 1576 <td>A-32402310<br> 1577 <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=1f0b036dc74ccb6e9f0a03a540efdb0876f5ca77"> 1578 QC-CR#1092497</a></td> 1579 <td></td> 1580 <td>Nexus 5X, Pixel, Pixel XL</td> 1581 <td>2016 10 25</td> 1582 </tr> 1583 <tr> 1584 <td>CVE-2017-0438</td> 1585 <td>A-32402604<br> 1586 <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=1f0b036dc74ccb6e9f0a03a540efdb0876f5ca77"> 1587 QC-CR#1092497</a></td> 1588 <td></td> 1589 <td>Nexus 5X, Pixel, Pixel XL</td> 1590 <td>2016 10 25</td> 1591 </tr> 1592 <tr> 1593 <td>CVE-2017-0439</td> 1594 <td>A-32450647<br> 1595 <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=81b6b5538d3227ed4b925fcceedb109abb2a4c61"> 1596 QC-CR#1092059</a></td> 1597 <td></td> 1598 <td>Nexus 5X, Pixel, Pixel XL</td> 1599 <td>2016 10 25</td> 1600 </tr> 1601 <tr> 1602 <td>CVE-2016-8419</td> 1603 <td>A-32454494<br> 1604 <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=9ba50d536227666a5b6abd51f2b122675d950488"> 1605 QC-CR#1087209</a></td> 1606 <td></td> 1607 <td>Nexus 5X, Pixel, Pixel XL</td> 1608 <td>2016 10 26</td> 1609 </tr> 1610 <tr> 1611 <td>CVE-2016-8420</td> 1612 <td>A-32451171<br> 1613 <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=c6597e015a7ce5ee71d3725fc55e64fc50923f4e"> 1614 QC-CR#1087807</a></td> 1615 <td></td> 1616 <td>Nexus 5X, Pixel, Pixel XL</td> 1617 <td>2016 10 26</td> 1618 </tr> 1619 <tr> 1620 <td>CVE-2016-8421</td> 1621 <td>A-32451104<br> 1622 <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=61a5cdb9adc96645583f528ac923e6e59f3abbcb"> 1623 QC-CR#1087797</a></td> 1624 <td></td> 1625 <td>Nexus 5X, Pixel, Pixel XL</td> 1626 <td>2016 10 26</td> 1627 </tr> 1628 <tr> 1629 <td>CVE-2017-0440</td> 1630 <td>A-33252788<br> 1631 <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=10f0051f7b3b9a7635b0762a8cf102f595f7a268"> 1632 QC-CR#1095770</a></td> 1633 <td></td> 1634 <td>Nexus 5X, Pixel, Pixel XL</td> 1635 <td>2016 11 11</td> 1636 </tr> 1637 <tr> 1638 <td>CVE-2017-0441</td> 1639 <td>A-32872662<br> 1640 <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=da87131740351b833f17f05dfa859977bc1e7684"> 1641 QC-CR#1095009</a></td> 1642 <td></td> 1643 <td>Nexus 5X, Pixel, Pixel XL</td> 1644 <td>2016 11 11</td> 1645 </tr> 1646 <tr> 1647 <td>CVE-2017-0442</td> 1648 <td>A-32871330<br> 1649 <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=1f0b036dc74ccb6e9f0a03a540efdb0876f5ca77"> 1650 QC-CR#1092497</a></td> 1651 <td></td> 1652 <td>Nexus 5X, Pixel, Pixel XL</td> 1653 <td>2016 11 13</td> 1654 </tr> 1655 <tr> 1656 <td>CVE-2017-0443</td> 1657 <td>A-32877494<br> 1658 <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=1f0b036dc74ccb6e9f0a03a540efdb0876f5ca77"> 1659 QC-CR#1092497</a></td> 1660 <td></td> 1661 <td>Nexus 5X, Pixel, Pixel XL</td> 1662 <td>2016 11 13</td> 1663 </tr> 1664 <tr> 1665 <td>CVE-2016-8476</td> 1666 <td>A-32879283<br> 1667 <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=bfe8035bce6fec72ed1d064b94529fce8fb09799"> 1668 QC-CR#1091940</a></td> 1669 <td></td> 1670 <td>Nexus 5X, Pixel, Pixel XL</td> 1671 <td>2016 11 14</td> 1672 </tr> 1673 </table> 1674 1675 1676 <h3 id="eop-in-realtek-sound-driver">Realtek 1677 </h3> 1678 <p> 1679 Realtek 1680 1681 . 1682 . 1683 </p> 1684 1685 <table> 1686 <col width="19%"> 1687 <col width="20%"> 1688 <col width="10%"> 1689 <col width="23%"> 1690 <col width="17%"> 1691 <tr> 1692 <th>CVE</th> 1693 <th></th> 1694 <th></th> 1695 <th> Google </th> 1696 <th> </th> 1697 </tr> 1698 <tr> 1699 <td>CVE-2017-0444</td> 1700 <td>A-32705232*</td> 1701 <td></td> 1702 <td>Nexus 9</td> 1703 <td>2016 11 7</td> 1704 </tr> 1705 </table> 1706 <p> 1707 * . 1708 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1709 1710 1711 . 1712 </p> 1713 1714 1715 <h3 id="eop-in-htc-touchscreen-driver">HTC 1716 </h3> 1717 <p> 1718 HTC 1719 1720 . 1721 . 1722 </p> 1723 1724 <table> 1725 <col width="19%"> 1726 <col width="20%"> 1727 <col width="10%"> 1728 <col width="23%"> 1729 <col width="17%"> 1730 <tr> 1731 <th>CVE</th> 1732 <th></th> 1733 <th></th> 1734 <th> Google </th> 1735 <th> </th> 1736 </tr> 1737 <tr> 1738 <td>CVE-2017-0445</td> 1739 <td>A-32769717*</td> 1740 <td></td> 1741 <td>Pixel, Pixel XL</td> 1742 <td>2016 11 9</td> 1743 </tr> 1744 <tr> 1745 <td>CVE-2017-0446</td> 1746 <td>A-32917445*</td> 1747 <td></td> 1748 <td>Pixel, Pixel XL</td> 1749 <td>2016 11 15</td> 1750 </tr> 1751 <tr> 1752 <td>CVE-2017-0447</td> 1753 <td>A-32919560*</td> 1754 <td></td> 1755 <td>Pixel, Pixel XL</td> 1756 <td>2016 11 15</td> 1757 </tr> 1758 </table> 1759 <p> 1760 * . 1761 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1762 1763 1764 . 1765 </p> 1766 1767 1768 <h3 id="id-in-nvidia-video-driver">NVIDIA 1769 </h3> 1770 <p> 1771 NVIDIA 1772 . 1773 1774 . 1775 </p> 1776 1777 <table> 1778 <col width="19%"> 1779 <col width="20%"> 1780 <col width="10%"> 1781 <col width="23%"> 1782 <col width="17%"> 1783 <tr> 1784 <th>CVE</th> 1785 <th></th> 1786 <th></th> 1787 <th> Google </th> 1788 <th> </th> 1789 </tr> 1790 <tr> 1791 <td>CVE-2017-0448</td> 1792 <td>A-32721029*<br> 1793 N-CVE-2017-0448</td> 1794 <td></td> 1795 <td>Nexus 9</td> 1796 <td>2016 11 7</td> 1797 </tr> 1798 </table> 1799 <p> 1800 * . 1801 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1802 1803 1804 . 1805 </p> 1806 1807 1808 <h3 id="eop-in-broadcom-wi-fi-driver-2">Broadcom Wi-Fi 1809 </h3> 1810 <p> 1811 Broadcom Wi-Fi 1812 1813 . 1814 1815 . 1816 </p> 1817 1818 <table> 1819 <col width="19%"> 1820 <col width="20%"> 1821 <col width="10%"> 1822 <col width="23%"> 1823 <col width="17%"> 1824 <tr> 1825 <th>CVE</th> 1826 <th></th> 1827 <th></th> 1828 <th> Google </th> 1829 <th> </th> 1830 </tr> 1831 <tr> 1832 <td>CVE-2017-0449</td> 1833 <td>A-31707909*<br> 1834 B-RB#32094</td> 1835 <td></td> 1836 <td>Nexus 6, Nexus 6P</td> 1837 <td>2016 9 23</td> 1838 </tr> 1839 </table> 1840 <p> 1841 * . 1842 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1843 1844 1845 . 1846 </p> 1847 1848 1849 <h3 id="eop-in-audioserver-2"> 1850 </h3> 1851 <p> 1852 1853 1854 . 1855 . 1856 </p> 1857 1858 <table> 1859 <col width="19%"> 1860 <col width="20%"> 1861 <col width="10%"> 1862 <col width="23%"> 1863 <col width="17%"> 1864 <tr> 1865 <th>CVE</th> 1866 <th></th> 1867 <th></th> 1868 <th> Google </th> 1869 <th> </th> 1870 </tr> 1871 <tr> 1872 <td>CVE-2017-0450</td> 1873 <td>A-32917432*</td> 1874 <td></td> 1875 <td>Nexus 9</td> 1876 <td>2016 11 15</td> 1877 </tr> 1878 </table> 1879 <p> 1880 * . 1881 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1882 1883 1884 . 1885 </p> 1886 1887 1888 <h3 id="eop-in-kernel-file-system-2"> 1889 </h3> 1890 <p> 1891 1892 . 1893 1894 . 1895 </p> 1896 1897 <table> 1898 <col width="19%"> 1899 <col width="20%"> 1900 <col width="10%"> 1901 <col width="23%"> 1902 <col width="17%"> 1903 <tr> 1904 <th>CVE</th> 1905 <th></th> 1906 <th></th> 1907 <th> Google </th> 1908 <th> </th> 1909 </tr> 1910 <tr> 1911 <td>CVE-2016-10044</td> 1912 <td>A-31711619*</td> 1913 <td></td> 1914 <td>Nexus 5X, Nexus 6, Nexus 6P, Nexus 9, Android One, Pixel C, Nexus 1915 Player, Pixel, Pixel XL</td> 1916 <td>Google </td> 1917 </tr> 1918 </table> 1919 <p> 1920 * . 1921 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1922 1923 1924 . 1925 </p> 1926 1927 1928 <h3 id="id-in-qualcomm-secure-execution-environment-communicator">Qualcomm Secure Execution 1929 Environment Communicator </h3> 1930 <p> 1931 Qualcomm Secure Execution Environment Communicator 1932 1933 . 1934 . 1935 </p> 1936 1937 <table> 1938 <col width="19%"> 1939 <col width="20%"> 1940 <col width="10%"> 1941 <col width="23%"> 1942 <col width="17%"> 1943 <tr> 1944 <th>CVE</th> 1945 <th></th> 1946 <th></th> 1947 <th> Google </th> 1948 <th> </th> 1949 </tr> 1950 <tr> 1951 <td>CVE-2016-8414</td> 1952 <td>A-31704078<br> 1953 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=320970d3da9b091e96746424c44649a91852a846"> 1954 QC-CR#1076407</a></td> 1955 <td></td> 1956 <td>Nexus 5X, Nexus 6P, Android One, Pixel, Pixel XL</td> 1957 <td>2016 9 23</td> 1958 </tr> 1959 </table> 1960 1961 1962 <h3 id="id-in-qualcomm-sound-driver">Qualcomm 1963 </h3> 1964 <p> 1965 Qualcomm 1966 . 1967 . 1968 </p> 1969 1970 <table> 1971 <col width="19%"> 1972 <col width="20%"> 1973 <col width="10%"> 1974 <col width="23%"> 1975 <col width="17%"> 1976 <tr> 1977 <th>CVE</th> 1978 <th></th> 1979 <th></th> 1980 <th> Google </th> 1981 <th> </th> 1982 </tr> 1983 <tr> 1984 <td>CVE-2017-0451</td> 1985 <td>A-31796345<br> 1986 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=59f55cd40b5f44941afc78b78e5bf81ad3dd723e"> 1987 QC-CR#1073129</a> 1988 [<a href="https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=35346beb2d8882115f698ab22a96803552b5c57e">2</a>]</td> 1989 <td></td> 1990 <td>Nexus 5X, Nexus 6P, Android One, Pixel, Pixel XL</td> 1991 <td>2016 9 27</td> 1992 </tr> 1993 </table> 1994 1995 <h2 id="common-questions-and-answers"> </h2> 1996 <p> .</p> 1997 <p><strong>1. 1998 ?</strong></p> 1999 <p> 2000 <a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">Pixel Nexus </a> 2001 .</p> 2002 <ul> 2003 <li>2017-02-01 2017-02-01 2004 .</li> 2005 <li>2017-02-05 2006 2017-02-05 . 2007 </li> 2008 </ul> 2009 <p> 2010 .</p> 2011 <ul> 2012 <li><code>[ro.build.version.security_patch]:[2017-02-01]</code></li> 2013 <li><code>[ro.build.version.security_patch]:[2017-02-05]</code></li> 2014 </ul> 2015 2016 <p><strong>2 ?</strong></p> 2017 2018 <p> Android Android 2019 2020 . Android 2021 .</p> 2022 <ul> 2023 <li>2017 1 1 2024 2025 .</li> 2026 <li>2017 1 5 2027 2028 .</li> 2029 </ul> 2030 <p> .</p> 2031 <p><strong>3. Google ?</strong></p> 2032 <p><a href="#2017-02-01-details">2017-02-01</a> 2033 <a href="#2017-02-05-details">2017-02-05</a> 2034 <em> Google 2035 </em> . 2036 Google . . 2037 </p> 2038 <ul> 2039 <li><strong> Google </strong>: Google Pixel 2040 , <em> Google </em> 2041 '' . '' <a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices"> </a> 2042 . Nexus 5X, Nexus 6, Nexus 6P, Nexus 7(2013), Nexus 9, 2043 Android One, Nexus Player, Pixel C, Pixel, Pixel XL.</li> 2044 <li><strong> Google </strong>: Google 2045 , Google <em> Google </em> 2046 .</li> 2047 <li><strong>Google </strong>: Android 7.0 Google 2048 , <em> Google </em> '' 2049 .</li> 2050 </ul> 2051 <p><strong>4. ?</strong></p> 2052 <p> <em></em> 2053 . 2054 .</p> 2055 <table> 2056 <tr> 2057 <th></th> 2058 <th> </th> 2059 </tr> 2060 <tr> 2061 <td>A-</td> 2062 <td>Android ID</td> 2063 </tr> 2064 <tr> 2065 <td>QC-</td> 2066 <td>Qualcomm </td> 2067 </tr> 2068 <tr> 2069 <td>M-</td> 2070 <td>MediaTek </td> 2071 </tr> 2072 <tr> 2073 <td>N-</td> 2074 <td>NVIDIA </td> 2075 </tr> 2076 <tr> 2077 <td>B-</td> 2078 <td>Broadcom </td> 2079 </tr> 2080 </table> 2081 2082 <h2 id="revisions"> </h2> 2083 <ul> 2084 <li>2017 2 6 </li> 2085 <li>2017 2 8: AOSP </li> 2086 </ul> 2087 2088 </body> 2089 </html> 2090
