1 <html devsite><head> 2 <title>Android 2017 4</title> 3 <meta name="project_path" value="/_project.yaml"/> 4 <meta name="book_path" value="/_book.yaml"/> 5 </head> 6 <body> 7 <!-- 8 Copyright 2017 The Android Open Source Project 9 10 Licensed under the Apache License, Version 2.0 (the "License"); 11 you may not use this file except in compliance with the License. 12 You may obtain a copy of the License at 13 14 http://www.apache.org/licenses/LICENSE-2.0 15 16 Unless required by applicable law or agreed to in writing, software 17 distributed under the License is distributed on an "AS IS" BASIS, 18 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 19 See the License for the specific language governing permissions and 20 limitations under the License. 21 --> 22 <p><em>2017 4 3 | 2017 4 5 </em></p> 23 <p>Android Android 24 . (OTA) 25 Nexus . Google 26 <a href="https://developers.google.com/android/nexus/images">Google </a> . 2017 4 5 27 . <a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">Pixel Nexus </a> 28 .</p> 29 <p> 2017 3 6 . Android (AOSP) 30 , . AOSP 31 .</p> 32 <p> 33 , MMS 34 . <a href="/security/overview/updates-resources.html#severity"> 35 </a> 36 37 .</p> 38 <p> 39 . <a href="https://developer.android.com/training/safetynet/index.html">SafetyNet</a> Android 40 <a href="/security/enhancements/index.html">Android </a> 41 <a href="#mitigations">Android Google </a> 42 .</p> 43 <p> .</p> 44 45 <h2 id="announcements"></h2> 46 <ul> 47 <li> Android Android 48 49 . <a href="#common-questions-and-answers"> 50 </a> . 51 <ul> 52 <li><strong>2017-04-01</strong>: . 53 2017-04-01 54 .</li> 55 <li><strong>2017-04-05</strong>: . 56 2017-04-01 2017-04-05 57 .</li> 58 </ul> 59 </li> 60 <li> Google 2017 4 5 OTA 61 .</li> 62 </ul> 63 64 <h2 id="mitigations">Android Google </h2> 65 <p> SafetyNet <a href="/security/enhancements/index.html">Android </a> 66 . 67 Android 68 .</p> 69 <ul> 70 <li>Android Android 71 . Android 72 .</li> 73 <li>Android <a href="http://static.googleusercontent.com/media/source.android.com/en//security/reports/Google_Android_Security_PHA_classifications.pdf"> </a> 74 <a href="http://static.googleusercontent.com/media/source.android.com/en//security/reports/Google_Android_Security_2016_Report_Final.pdf"> SafetyNet</a> 75 . <a href="http://www.android.com/gms">Google </a> 76 , Google Play 77 . Google 78 Play 79 80 . 81 82 . 83 .</li> 84 <li> Google 85 .</li> 86 </ul> 87 88 <h2 id="acknowledgements"> </h2> 89 <p> .</p> 90 <ul> 91 <li>Shellphish Grill Team Aravind Machiry(donfos): CVE-2016-5349</li> 92 <li>Tencent Xuanwu Lab 93 Daxing Guo(<a href="https://twitter.com/freener0">@freener0</a>): CVE-2017-0585, CVE-2017-0553</li> 94 <li><a href="mailto:derrek.haxx (a] gmail.com">Derrek</a>(<a href="https://twitter.com/derrekr6">@derrekr6</a>), Scott Bauer: 95 CVE-2017-0576</li> 96 <li>Project Zero Gal Beniamini: CVE-2017-0571, CVE-2017-0570, CVE-2017-0572, 97 CVE-2017-0569, CVE-2017-0561</li> 98 <li>Qihoo 360 Technology Co. Ltd. IceSword Lab 99 Gengjia Chen(<a href="https://twitter.com/chengjia4574">@chengjia4574</a>), <a href="http://weibo.com/jfpan">pjf</a>: 100 CVE-2017-6426, CVE-2017-0581, CVE-2017-0329, CVE-2017-0332, 101 CVE-2017-0566</li> 102 <li>Qihoo 360 Technology Co. Ltd. Alpha Team 103 Guang Gong()(<a href="https://twitter.com/oldfresher">@oldfresher</a>): CVE-2017-0547</li> 104 <li>Qihoo 360 Technology Co. Ltd Alpha Team Hao Chen, Guang Gong: 105 CVE-2017-6424, CVE-2017-0584, CVE-2017-0454, CVE-2017-0575, CVE-2017-0567</li> 106 <li>Ian Foster(<a href="https://twitter.com/lanrat">@lanrat</a>): CVE-2017-0554</li> 107 <li>Trend Micro Inc. Jack Tang: CVE-2017-0579</li> 108 <li><a href="https://skyeye.360safe.com">Qihoo 360 Skyeye Labs</a> Jianjun Dai(<a href="https://twitter.com/Jioun_dai">@Jioun_dai</a>): CVE-2017-0559, 109 CVE-2017-0541</li> 110 <li>Qihoo 360 IceSword Lab Jianqiang Zhao(<a href="https://twitter.com/jianqiangzhao">@jianqiangzhao</a>), <a href="http://weibo.com/jfpan">pjf</a>: CVE-2017-6425, 111 CVE-2016-5346</li> 112 <li><a href="http://c0reteam.org">C0RE Team</a> Lubo Zhang (<a href="mailto:zlbzlb815 (a] 163.com">zlbzlb815 (a] 163.com</a>), 113 Qihoo 360 Technology Co. Ltd. 114 IceSword Lab Yonggang Guo 115 (<a href="https://twitter.com/guoygang">@guoygang</a>): CVE-2017-0564</li> 116 <li>Google <a href="mailto:salyzyn (a] android.com">Mark Salyzyn</a>: 117 CVE-2017-0558</li> 118 <li>Tesla Product Security Team 119 Mike Anderson(<a href="https://twitter.com/manderbot">@manderbot</a>), Nathan Crandall(<a href="https://twitter.com/natecray">@natecray</a>) 120 :CVE-2017-0327, CVE-2017-0328</li> 121 <li>Alibaba Mobile Security Group Peng Xiao, Chengming Yang, 122 Ning You, Chao Yang, Yang song: CVE-2017-0565</li> 123 <li>Baidu X-Lab() Pengfei Ding(), Chenfu Bao(), 124 Lenx Wei(): CVE-2016-10236</li> 125 <li>Tencent KeenLab Qidan He( - <a href="https://twitter.com/flanker_hqd">@flanker_hqd</a>) 126 :CVE-2017-0544, CVE-2016-10231, CVE-2017-0325</li> 127 <li>HCL Technologies Aleph Research 128 Roee Hay(<a href="https://twitter.com/roeehay">@roeehay</a>): CVE-2017-0582, CVE-2017-0563</li> 129 <li><a href="mailto:sbauer (a] plzdonthack.me">Scott Bauer</a>(<a href="https://twitter.com/ScottyBauer1">@ScottyBauer1</a>): CVE-2017-0562, 130 CVE-2017-0339</li> 131 <li>TrendMicro Mobile Threat Research Team 132 Seven Shen(<a href="https://twitter.com/lingtongshen">@lingtongshen</a>): CVE-2017-0578</li> 133 <li>Tim Becker: CVE-2017-0546</li> 134 <li>Uma Sankar Pradhan(<a href="https://twitter.com/umasankar_iitd">@umasankar_iitd</a>): CVE-2017-0560</li> 135 <li><a href="http://www.trendmicro.com">Trend Micro</a> <a href="http://blog.trendmicro.com/trendlabs-security-intelligence/category/mobile">Mobile Threat Response Team</a> 136 V.E.O (<a href="https://twitter.com/vysea">@VYSEa</a>): 137 CVE-2017-0555, CVE-2017-0538, CVE-2017-0539, CVE-2017-0540, CVE-2017-0557, 138 CVE-2017-0556</li> 139 <li>Alibaba Inc. 140 Weichao Sun(<a href="https://twitter.com/sunblate">@sunblate</a>): CVE-2017-0549</li> 141 <li>Qihoo 360 Technology Co. Ltd. Alpha Team 142 Wenlin Yang(<a href="https://twitter.com/wenlin_yang">@wenlin_yang</a>), 143 Guang Gong(<a href="https://twitter.com/oldfresher">@oldfresher</a>), Hao 144 Chen: CVE-2017-0580, CVE-2017-0577</li> 145 <li>Qihoo 360 Technology Co. Ltd. IceSword Lab 146 Yonggang Guo(<a href="https://twitter.com/guoygang">@guoygang</a>): CVE-2017-0586</li> 147 <li>Qihoo 360 Technology Co. Ltd., Chengdu Security Response Center 148 <a href="http://weibo.com/ele7enxxh">Zinuo Han</a>: CVE-2017-0548</li> 149 <li>Google Zubin Mithra: CVE-2017-0462</li> 150 </ul> 151 152 <h2 id="2017-04-01-details">2017-04-01 153 </h2> 154 <p> 2017-04-01 155 . 156 , CVE, , , Google , 157 AOSP ( ), . 158 AOSP ID 159 . 160 ID .</p> 161 162 <h3 id="rce-in-mediaserver"> 163 </h3> 164 <p> 165 166 . 167 .</p> 168 169 <table> 170 <colgroup><col width="18%" /> 171 <col width="17%" /> 172 <col width="10%" /> 173 <col width="19%" /> 174 <col width="18%" /> 175 <col width="17%" /> 176 </colgroup><tbody><tr> 177 <th>CVE</th> 178 <th></th> 179 <th></th> 180 <th> Google </th> 181 <th> AOSP </th> 182 <th> </th> 183 </tr> 184 <tr> 185 <td>CVE-2017-0538</td> 186 <td><a href="https://android.googlesource.com/platform/external/libavc/+/494561291a503840f385fbcd11d9bc5f4dc502b8">A-33641588</a></td> 187 <td></td> 188 <td></td> 189 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 190 <td>2016 12 13</td> 191 </tr> 192 <tr> 193 <td>CVE-2017-0539</td> 194 <td><a href="https://android.googlesource.com/platform/external/libhevc/+/1ab5ce7e42feccd49e49752e6f58f9097ac5d254">A-33864300</a></td> 195 <td></td> 196 <td></td> 197 <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 198 <td>2016 12 23</td> 199 </tr> 200 <tr> 201 <td>CVE-2017-0540</td> 202 <td><a href="https://android.googlesource.com/platform/external/libhevc/+/01ca88bb6c5bdd44e071f8effebe12f1d7da9853">A-33966031</a></td> 203 <td></td> 204 <td></td> 205 <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 206 <td>2016 12 29</td> 207 </tr> 208 <tr> 209 <td>CVE-2017-0541</td> 210 <td><a href="https://android.googlesource.com/platform/external/sonivox/+/56d153259cc3e16a6a0014199a2317dde333c978">A-34031018</a></td> 211 <td></td> 212 <td></td> 213 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 214 <td>2017 1 1</td> 215 </tr> 216 <tr> 217 <td>CVE-2017-0542</td> 218 <td><a href="https://android.googlesource.com/platform/external/libavc/+/33ef7de9ddc8ea7eb9cbc440d1cf89957a0c267b">A-33934721</a></td> 219 <td></td> 220 <td></td> 221 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 222 <td>Google </td> 223 </tr> 224 <tr> 225 <td>CVE-2017-0543</td> 226 <td><a href="https://android.googlesource.com/platform/external/libavc/+/f634481e940421020e52f511c1fb34aac1db4b2f">A-34097866</a></td> 227 <td></td> 228 <td></td> 229 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 230 <td>Google </td> 231 </tr> 232 </tbody></table> 233 234 <h3 id="eop-in-camerabase">CameraBase 235 </h3> 236 <p>CameraBase 237 . 238 .</p> 239 240 <table> 241 <colgroup><col width="18%" /> 242 <col width="17%" /> 243 <col width="10%" /> 244 <col width="19%" /> 245 <col width="18%" /> 246 <col width="17%" /> 247 </colgroup><tbody><tr> 248 <th>CVE</th> 249 <th></th> 250 <th></th> 251 <th> Google </th> 252 <th> AOSP </th> 253 <th> </th> 254 </tr> 255 <tr> 256 <td>CVE-2017-0544</td> 257 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/4b49489c12e6862e9a320ebcb53872e809ed20ec">A-31992879</a></td> 258 <td></td> 259 <td></td> 260 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 261 <td>2016 10 6</td> 262 </tr> 263 </tbody></table> 264 265 <h3 id="eop-in-audioserver"> 266 </h3> 267 <p> 268 269 . 270 271 .</p> 272 273 <table> 274 <colgroup><col width="18%" /> 275 <col width="17%" /> 276 <col width="10%" /> 277 <col width="19%" /> 278 <col width="18%" /> 279 <col width="17%" /> 280 </colgroup><tbody><tr> 281 <th>CVE</th> 282 <th></th> 283 <th></th> 284 <th> Google </th> 285 <th> AOSP </th> 286 <th> </th> 287 </tr> 288 <tr> 289 <td>CVE-2017-0545</td> 290 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/e5a54485e08400a976092cd5b1c6d909d0e1a4ab">A-32591350</a></td> 291 <td></td> 292 <td></td> 293 <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 294 <td>2016 10 31</td> 295 </tr> 296 </tbody></table> 297 298 <h3 id="eop-in-surfaceflinger">SurfaceFlinger 299 </h3> 300 <p>SurfaceFlinger 301 302 . 303 304 .</p> 305 306 <table> 307 <colgroup><col width="18%" /> 308 <col width="17%" /> 309 <col width="10%" /> 310 <col width="19%" /> 311 <col width="18%" /> 312 <col width="17%" /> 313 </colgroup><tbody><tr> 314 <th>CVE</th> 315 <th></th> 316 <th></th> 317 <th> Google </th> 318 <th> AOSP </th> 319 <th> </th> 320 </tr> 321 <tr> 322 <td>CVE-2017-0546</td> 323 <td><a href="https://android.googlesource.com/platform/frameworks/native/+/45b202513ba7440beaefbf9928f73fb6683dcfbd">A-32628763</a></td> 324 <td></td> 325 <td></td> 326 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 327 <td>2016 11 2</td> 328 </tr> 329 </tbody></table> 330 331 <h3 id="id-in-mediaserver"> 332 </h3> 333 <p> 334 . 335 336 .</p> 337 338 <table> 339 <colgroup><col width="18%" /> 340 <col width="17%" /> 341 <col width="10%" /> 342 <col width="19%" /> 343 <col width="18%" /> 344 <col width="17%" /> 345 </colgroup><tbody><tr> 346 <th>CVE</th> 347 <th></th> 348 <th></th> 349 <th> Google </th> 350 <th> AOSP </th> 351 <th> </th> 352 </tr> 353 <tr> 354 <td>CVE-2017-0547</td> 355 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/9667e3eff2d34c3797c3b529370de47b2c1f1bf6">A-33861560</a></td> 356 <td></td> 357 <td></td> 358 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 359 <td>2016 12 22</td> 360 </tr> 361 </tbody></table> 362 363 <h3 id="dos-in-libskia">libskia (DoS) </h3> 364 <p>libskia 365 . 366 .</p> 367 368 <table> 369 <colgroup><col width="18%" /> 370 <col width="17%" /> 371 <col width="10%" /> 372 <col width="19%" /> 373 <col width="18%" /> 374 <col width="17%" /> 375 </colgroup><tbody><tr> 376 <th>CVE</th> 377 <th></th> 378 <th></th> 379 <th> Google </th> 380 <th> AOSP </th> 381 <th> </th> 382 </tr> 383 <tr> 384 <td>CVE-2017-0548</td> 385 <td><a href="https://android.googlesource.com/platform/external/skia/+/318e3505ac2436c62ec19fd27ebe9f8e7d174544">A-33251605</a></td> 386 <td></td> 387 <td></td> 388 <td>7.0, 7.1.1</td> 389 <td>2016 11 29</td> 390 </tr> 391 </tbody></table> 392 393 <h3 id="dos-in-mediaserver"> (DoS) </h3> 394 <p> 395 . 396 .</p> 397 398 <table> 399 <colgroup><col width="18%" /> 400 <col width="17%" /> 401 <col width="10%" /> 402 <col width="19%" /> 403 <col width="18%" /> 404 <col width="17%" /> 405 </colgroup><tbody><tr> 406 <th>CVE</th> 407 <th></th> 408 <th></th> 409 <th> Google </th> 410 <th> AOSP </th> 411 <th> </th> 412 </tr> 413 <tr> 414 <td>CVE-2017-0549</td> 415 <td><a href="https://android.googlesource.com/platform/external/libavc/+/37345554fea84afd446d6d8fbb87feea5a0dde3f">A-33818508</a></td> 416 <td></td> 417 <td></td> 418 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 419 <td>2016 12 20</td> 420 </tr> 421 <tr> 422 <td>CVE-2017-0550</td> 423 <td><a href="https://android.googlesource.com/platform/external/libavc/+/7950bf47b6944546a0aff11a7184947de9591b51">A-33933140</a></td> 424 <td></td> 425 <td></td> 426 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 427 <td>Google </td> 428 </tr> 429 <tr> 430 <td>CVE-2017-0551</td> 431 <td><a href="https://android.googlesource.com/platform/external/libavc/+/8b5fd8f24eba5dd19ab2f80ea11a9125aa882ae2">A-34097231</a> 432 [<a href="https://android.googlesource.com/platform/external/libavc/+/494561291a503840f385fbcd11d9bc5f4dc502b8">2</a>]</td> 433 <td></td> 434 <td></td> 435 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 436 <td>Google </td> 437 </tr> 438 <tr> 439 <td>CVE-2017-0552</td> 440 <td><a href="https://android.googlesource.com/platform/external/libavc/+/9a00f562a612d56e7b2b989d168647db900ba6cf">A-34097915</a></td> 441 <td></td> 442 <td></td> 443 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 444 <td>Google </td> 445 </tr> 446 </tbody></table> 447 448 <h3 id="eop-in-libnl">libnl </h3> 449 <p>libnl Wi-Fi 450 . 451 452 453 .</p> 454 455 <table> 456 <colgroup><col width="18%" /> 457 <col width="17%" /> 458 <col width="10%" /> 459 <col width="19%" /> 460 <col width="18%" /> 461 <col width="17%" /> 462 </colgroup><tbody><tr> 463 <th>CVE</th> 464 <th></th> 465 <th></th> 466 <th> Google </th> 467 <th> AOSP </th> 468 <th> </th> 469 </tr> 470 <tr> 471 <td>CVE-2017-0553</td> 472 <td><a href="https://android.googlesource.com/platform/external/libnl/+/f83d9c1c67b6be69a96995e384f50b572b667df0">A-32342065</a></td> 473 <td></td> 474 <td></td> 475 <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 476 <td>2016 10 21</td> 477 </tr> 478 </tbody></table> 479 480 <h3 id="eop-in-telephony"> 481 </h3> 482 <p> 483 . 484 485 .</p> 486 487 <table> 488 <colgroup><col width="18%" /> 489 <col width="17%" /> 490 <col width="10%" /> 491 <col width="19%" /> 492 <col width="18%" /> 493 <col width="17%" /> 494 </colgroup><tbody><tr> 495 <th>CVE</th> 496 <th></th> 497 <th></th> 498 <th> Google </th> 499 <th> AOSP </th> 500 <th> </th> 501 </tr> 502 <tr> 503 <td>CVE-2017-0554</td> 504 <td><a href="https://android.googlesource.com/platform/packages/services/Telephony/+/aeb795ef2290af1a0e4b14909363bc574e6b3ee7">A-33815946</a> 505 [<a href="https://android.googlesource.com/platform/frameworks/base/+/3294256ba5b9e2ba2d8619d617e3d900e5386564">2</a>]</td> 506 <td></td> 507 <td></td> 508 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 509 <td>2016 12 20</td> 510 </tr> 511 </tbody></table> 512 513 <h3 id="id-in-mediaserver-2"> 514 </h3> 515 <p> 516 . 517 518 .</p> 519 520 <table> 521 <colgroup><col width="18%" /> 522 <col width="17%" /> 523 <col width="10%" /> 524 <col width="19%" /> 525 <col width="18%" /> 526 <col width="17%" /> 527 </colgroup><tbody><tr> 528 <th>CVE</th> 529 <th></th> 530 <th></th> 531 <th> Google </th> 532 <th> AOSP </th> 533 <th> </th> 534 </tr> 535 <tr> 536 <td>CVE-2017-0555</td> 537 <td><a href="https://android.googlesource.com/platform/external/libavc/+/0b23c81c3dd9ec38f7e6806a3955fed1925541a0">A-33551775</a></td> 538 <td></td> 539 <td></td> 540 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 541 <td>2016 12 12</td> 542 </tr> 543 <tr> 544 <td>CVE-2017-0556</td> 545 <td><a href="https://android.googlesource.com/platform/external/libmpeg2/+/f301cff2c1ddd880d9a2c77b22602a137519867b">A-34093952</a></td> 546 <td></td> 547 <td></td> 548 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 549 <td>2017 1 4</td> 550 </tr> 551 <tr> 552 <td>CVE-2017-0557</td> 553 <td><a href="https://android.googlesource.com/platform/external/libmpeg2/+/227c1f829127405e21dab1664393050c652ef71e">A-34093073</a></td> 554 <td></td> 555 <td></td> 556 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 557 <td>2017 1 4</td> 558 </tr> 559 <tr> 560 <td>CVE-2017-0558</td> 561 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/50358a80b1724f6cf1bcdf003e1abf9cc141b122">A-34056274</a></td> 562 <td></td> 563 <td></td> 564 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 565 <td>Google </td> 566 </tr> 567 </tbody></table> 568 569 <h3 id="id-in-libskia">libskia </h3> 570 <p>libskia 571 . 572 .</p> 573 574 <table> 575 <colgroup><col width="18%" /> 576 <col width="17%" /> 577 <col width="10%" /> 578 <col width="19%" /> 579 <col width="18%" /> 580 <col width="17%" /> 581 </colgroup><tbody><tr> 582 <th>CVE</th> 583 <th></th> 584 <th></th> 585 <th> Google </th> 586 <th> AOSP </th> 587 <th> </th> 588 </tr> 589 <tr> 590 <td>CVE-2017-0559</td> 591 <td><a href="https://android.googlesource.com/platform/external/skia/+/16882f721279a82a1c860ac689ce570b16fe26a0">A-33897722</a></td> 592 <td></td> 593 <td></td> 594 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 595 <td>2016 12 25</td> 596 </tr> 597 </tbody></table> 598 599 <h3 id="id-in-factory-reset"> </h3> 600 <p> 601 . 602 .</p> 603 604 <table> 605 <colgroup><col width="18%" /> 606 <col width="17%" /> 607 <col width="10%" /> 608 <col width="19%" /> 609 <col width="18%" /> 610 <col width="17%" /> 611 </colgroup><tbody><tr> 612 <th>CVE</th> 613 <th></th> 614 <th></th> 615 <th> Google </th> 616 <th> AOSP </th> 617 <th> </th> 618 </tr> 619 <tr> 620 <td>CVE-2017-0560</td> 621 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/efdec8f5688ce6b0a287eddb6d5dad93ffa0e1ee">A-30681079</a></td> 622 <td></td> 623 <td></td> 624 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 625 <td>Google </td> 626 </tr> 627 </tbody></table> 628 629 <h2 id="2017-04-05-details">2017-04-05 630 </h2> 631 <p> 2017-04-05 632 . , 633 CVE, , , Google , 634 AOSP ( ), . 635 AOSP ID 636 . 637 ID .</p> 638 639 <h3 id="rce-in-broadcom-wi-fi-firmware">Broadcom Wi-Fi </h3> 640 <p>Broadcom Wi-Fi 641 Wi-Fi SoC . Wi-Fi 642 SoC 643 .</p> 644 645 <table> 646 <colgroup><col width="19%" /> 647 <col width="20%" /> 648 <col width="10%" /> 649 <col width="23%" /> 650 <col width="17%" /> 651 </colgroup><tbody><tr> 652 <th>CVE</th> 653 <th></th> 654 <th></th> 655 <th> Google </th> 656 <th> </th> 657 </tr> 658 <tr> 659 <td>CVE-2017-0561</td> 660 <td>A-34199105*<br /> 661 B-RB#110814</td> 662 <td></td> 663 <td>Nexus 6, Nexus 6P, Nexus 9, Pixel C, Nexus Player</td> 664 <td>2017 1 9</td> 665 </tr> 666 </tbody></table> 667 <p>* . 668 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 669 670 671 .</p> 672 673 <h3 id="rce-in-qualcomm-crypto-engine-driver">Qualcomm 674 </h3> 675 <p>Qualcomm 676 . 677 .</p> 678 679 <table> 680 <colgroup><col width="19%" /> 681 <col width="20%" /> 682 <col width="10%" /> 683 <col width="23%" /> 684 <col width="17%" /> 685 </colgroup><tbody><tr> 686 <th>CVE</th> 687 <th></th> 688 <th></th> 689 <th> Google </th> 690 <th> </th> 691 </tr> 692 <tr> 693 <td>CVE-2016-10230</td> 694 <td>A-34389927<br /> 695 <a href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=bd9a8fc6d7f6bd1a0b936994630006de450df657"> 696 QC-CR#1091408</a></td> 697 <td></td> 698 <td>Nexus 5X, Nexus 6, Nexus 6P, Pixel, Pixel XL, Android One</td> 699 <td>2017 1 10</td> 700 </tr> 701 </tbody></table> 702 703 <h3 id="rce-in-kernel-networking-subsystem"> </h3> 704 <p> 705 . 706 .</p> 707 708 <table> 709 <colgroup><col width="19%" /> 710 <col width="20%" /> 711 <col width="10%" /> 712 <col width="23%" /> 713 <col width="17%" /> 714 </colgroup><tbody><tr> 715 <th>CVE</th> 716 <th></th> 717 <th></th> 718 <th> Google </th> 719 <th> </th> 720 </tr> 721 <tr> 722 <td>CVE-2016-10229</td> 723 <td>A-32813456<br /> 724 <a href="http://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=197c949e7798fbf28cfadc69d9ca0c2abbf93191"> 725 </a></td> 726 <td></td> 727 <td>Nexus 5X, Nexus 6, Nexus 6P, Pixel, Pixel XL, Pixel C, Android One, 728 Nexus Player</td> 729 <td>Google </td> 730 </tr> 731 </tbody></table> 732 733 <h3 id="eop-in-mediatek-touchscreen-driver">MediaTek 734 </h3> 735 <p>MediaTek 736 737 . 738 , 739 .</p> 740 741 <table> 742 <colgroup><col width="19%" /> 743 <col width="20%" /> 744 <col width="10%" /> 745 <col width="23%" /> 746 <col width="17%" /> 747 </colgroup><tbody><tr> 748 <th>CVE</th> 749 <th></th> 750 <th></th> 751 <th> Google </th> 752 <th> </th> 753 </tr> 754 <tr> 755 <td>CVE-2017-0562</td> 756 <td>A-30202425*<br /> 757 M-ALPS02898189</td> 758 <td>*</td> 759 <td>**</td> 760 <td>2016 7 16</td> 761 </tr> 762 </tbody></table> 763 <p>* . 764 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 765 766 767 .</p> 768 <p>** Android 7.0 Google 769 .</p> 770 771 <h3 id="eop-in-htc-touchscreen-driver">HTC 772 </h3> 773 <p>HTC 774 775 . 776 , 777 .</p> 778 779 <table> 780 <colgroup><col width="19%" /> 781 <col width="20%" /> 782 <col width="10%" /> 783 <col width="23%" /> 784 <col width="17%" /> 785 </colgroup><tbody><tr> 786 <th>CVE</th> 787 <th></th> 788 <th></th> 789 <th> Google </th> 790 <th> </th> 791 </tr> 792 <tr> 793 <td>CVE-2017-0563</td> 794 <td>A-32089409*<br /> 795 </td> 796 <td></td> 797 <td>Nexus 9</td> 798 <td>2016 10 9</td> 799 </tr> 800 </tbody></table> 801 <p>* . 802 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 803 804 805 .</p> 806 807 <h3 id="eop-in-kernel-ion-subsystem"> ION 808 </h3> 809 <p> ION 810 811 . 812 , 813 .</p> 814 815 <table> 816 <colgroup><col width="19%" /> 817 <col width="20%" /> 818 <col width="10%" /> 819 <col width="23%" /> 820 <col width="17%" /> 821 </colgroup><tbody><tr> 822 <th>CVE</th> 823 <th></th> 824 <th></th> 825 <th> Google </th> 826 <th> </th> 827 </tr> 828 <tr> 829 <td>CVE-2017-0564</td> 830 <td>A-34276203*<br /> 831 </td> 832 <td></td> 833 <td>Nexus 5X, Nexus 6, Nexus 6P, Pixel, Pixel XL, Pixel C, Android One, 834 Nexus Player</td> 835 <td>2017 1 12</td> 836 </tr> 837 </tbody></table> 838 <p>* . 839 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 840 841 842 .</p> 843 844 <h3 id="vulnerabilities-in-qualcomm-components">Qualcomm 845 </h3> 846 <p> Qualcomm Qualcomm AMSS 847 2016 10 .</p> 848 849 <table> 850 <colgroup><col width="19%" /> 851 <col width="20%" /> 852 <col width="10%" /> 853 <col width="23%" /> 854 <col width="17%" /> 855 </colgroup><tbody><tr> 856 <th>CVE</th> 857 <th></th> 858 <th></th> 859 <th> Google </th> 860 <th> </th> 861 </tr> 862 <tr> 863 <td>CVE-2016-10237</td> 864 <td>A-31628601**<br /> 865 QC-CR#1046751</td> 866 <td></td> 867 <td>**</td> 868 <td>Qualcomm </td> 869 </tr> 870 <tr> 871 <td>CVE-2016-10238</td> 872 <td>A-35358527**<br /> 873 QC-CR#1042558</td> 874 <td></td> 875 <td>***</td> 876 <td>Qualcomm </td> 877 </tr> 878 <tr> 879 <td>CVE-2016-10239</td> 880 <td>A-31624618**<br /> 881 QC-CR#1032929</td> 882 <td></td> 883 <td>Pixel, Pixel XL</td> 884 <td>Qualcomm </td> 885 </tr> 886 </tbody></table> 887 <p>* .</p> 888 <p>* . 889 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 890 891 892 .</p> 893 <p>*** Android 7.0 Google 894 .</p> 895 896 <h3 id="rce-in-v8">v8 </h3> 897 <p>v8 898 . 899 . </p> 900 901 <table> 902 <colgroup><col width="18%" /> 903 <col width="17%" /> 904 <col width="10%" /> 905 <col width="19%" /> 906 <col width="18%" /> 907 <col width="17%" /> 908 </colgroup><tbody><tr> 909 <th>CVE</th> 910 <th></th> 911 <th></th> 912 <th> Google </th> 913 <th> AOSP </th> 914 <th> </th> 915 </tr> 916 <tr> 917 <td>CVE-2016-5129</td> 918 <td>A-29178923</td> 919 <td></td> 920 <td>*</td> 921 <td>6.0, 6.0.1, 7.0</td> 922 <td>2016 7 20</td> 923 </tr> 924 </tbody></table> 925 <p>* Android 7.0 Google 926 .</p> 927 928 <h3 id="rce-in-freetype">Freetype </h3> 929 <p>Freetype 930 931 . 932 .</p> 933 934 <table> 935 <colgroup><col width="18%" /> 936 <col width="17%" /> 937 <col width="10%" /> 938 <col width="19%" /> 939 <col width="18%" /> 940 <col width="17%" /> 941 </colgroup><tbody><tr> 942 <th>CVE</th> 943 <th></th> 944 <th></th> 945 <th> Google </th> 946 <th> AOSP </th> 947 <th> </th> 948 </tr> 949 <tr> 950 <td>CVE-2016-10244</td> 951 <td>A-31470908</td> 952 <td></td> 953 <td>*</td> 954 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0</td> 955 <td>2016 9 13</td> 956 </tr> 957 </tbody></table> 958 <p>* Android 7.0 Google 959 .</p> 960 961 <h3 id="eop-in-kernel-sound-subsystem"> 962 </h3> 963 <p> 964 965 . 966 .</p> 967 968 <table> 969 <colgroup><col width="19%" /> 970 <col width="20%" /> 971 <col width="10%" /> 972 <col width="23%" /> 973 <col width="17%" /> 974 </colgroup><tbody><tr> 975 <th>CVE</th> 976 <th></th> 977 <th></th> 978 <th> Google </th> 979 <th> </th> 980 </tr> 981 <tr> 982 <td>CVE-2014-4656</td> 983 <td>A-34464977<br /> 984 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=883a1d49f0d77d30012f114b2e19fc141beb3e8e"> 985 </a></td> 986 <td></td> 987 <td>Nexus 6, Nexus Player</td> 988 <td>2014 6 26</td> 989 </tr> 990 </tbody></table> 991 992 <h3 id="eop-in-nvidia-crypto-driver">NVIDIA 993 </h3> 994 <p>NVIDIA 995 996 . 997 .</p> 998 999 <table> 1000 <colgroup><col width="19%" /> 1001 <col width="20%" /> 1002 <col width="10%" /> 1003 <col width="23%" /> 1004 <col width="17%" /> 1005 </colgroup><tbody><tr> 1006 <th>CVE</th> 1007 <th></th> 1008 <th></th> 1009 <th> Google </th> 1010 <th> </th> 1011 </tr> 1012 <tr> 1013 <td>CVE-2017-0339</td> 1014 <td>A-27930566*<br /> 1015 N-CVE-2017-0339</td> 1016 <td></td> 1017 <td>Nexus 9</td> 1018 <td>2016 3 29</td> 1019 </tr> 1020 <tr> 1021 <td>CVE-2017-0332</td> 1022 <td>A-33812508*<br /> 1023 N-CVE-2017-0332</td> 1024 <td></td> 1025 <td>Nexus 9</td> 1026 <td>2016 12 21</td> 1027 </tr> 1028 <tr> 1029 <td>CVE-2017-0327</td> 1030 <td>A-33893669*<br /> 1031 N-CVE-2017-0327</td> 1032 <td></td> 1033 <td>Nexus 9</td> 1034 <td>2016 12 24</td> 1035 </tr> 1036 </tbody></table> 1037 <p>* . 1038 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1039 1040 1041 .</p> 1042 1043 <h3 id="eop-in-mediatek-thermal-driver">MediaTek 1044 </h3> 1045 <p>MediaTek 1046 1047 . 1048 .</p> 1049 1050 <table> 1051 <colgroup><col width="19%" /> 1052 <col width="20%" /> 1053 <col width="10%" /> 1054 <col width="23%" /> 1055 <col width="17%" /> 1056 </colgroup><tbody><tr> 1057 <th>CVE</th> 1058 <th></th> 1059 <th></th> 1060 <th> Google </th> 1061 <th> </th> 1062 </tr> 1063 <tr> 1064 <td>CVE-2017-0565</td> 1065 <td>A-28175904*<br /> 1066 M-ALPS02696516</td> 1067 <td></td> 1068 <td>**</td> 1069 <td>2016 4 11</td> 1070 </tr> 1071 </tbody></table> 1072 <p>* . 1073 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1074 1075 1076 .</p> 1077 <p>** Android 7.0 Google 1078 .</p> 1079 1080 <h3 id="eop-in-mediatek-camera-driver">MediaTek 1081 </h3> 1082 <p>MediaTek 1083 1084 . 1085 .</p> 1086 1087 <table> 1088 <colgroup><col width="19%" /> 1089 <col width="20%" /> 1090 <col width="10%" /> 1091 <col width="23%" /> 1092 <col width="17%" /> 1093 </colgroup><tbody><tr> 1094 <th>CVE</th> 1095 <th></th> 1096 <th></th> 1097 <th> Google </th> 1098 <th> </th> 1099 </tr> 1100 <tr> 1101 <td>CVE-2017-0566</td> 1102 <td>A-28470975*<br /> 1103 M-ALPS02696367</td> 1104 <td></td> 1105 <td>**</td> 1106 <td>2016 4 29</td> 1107 </tr> 1108 </tbody></table> 1109 <p>* . 1110 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1111 1112 1113 .</p> 1114 <p>** Android 7.0 Google 1115 .</p> 1116 1117 <h3 id="eop-in-broadcom-wi-fi-driver">Broadcom Wi-Fi 1118 </h3> 1119 <p>Broadcom Wi-Fi 1120 1121 . 1122 .</p> 1123 1124 <table> 1125 <colgroup><col width="19%" /> 1126 <col width="20%" /> 1127 <col width="10%" /> 1128 <col width="23%" /> 1129 <col width="17%" /> 1130 </colgroup><tbody><tr> 1131 <th>CVE</th> 1132 <th></th> 1133 <th></th> 1134 <th> Google </th> 1135 <th> </th> 1136 </tr> 1137 <tr> 1138 <td>CVE-2017-0567</td> 1139 <td>A-32125310*<br /> 1140 B-RB#112575</td> 1141 <td></td> 1142 <td>Nexus 6, Nexus 6P, Nexus 9, Pixel C, Nexus Player</td> 1143 <td>2016 10 12</td> 1144 </tr> 1145 <tr> 1146 <td>CVE-2017-0568</td> 1147 <td>A-34197514*<br /> 1148 B-RB#112600</td> 1149 <td></td> 1150 <td>Nexus 6, Nexus 6P, Nexus 9, Pixel C, Nexus Player</td> 1151 <td>2017 1 9</td> 1152 </tr> 1153 <tr> 1154 <td>CVE-2017-0569</td> 1155 <td>A-34198729*<br /> 1156 B-RB#110666</td> 1157 <td></td> 1158 <td>Nexus 6, Nexus 6P, Nexus 9, Pixel C, Nexus Player</td> 1159 <td>2017 1 9</td> 1160 </tr> 1161 <tr> 1162 <td>CVE-2017-0570</td> 1163 <td>A-34199963*<br /> 1164 B-RB#110688</td> 1165 <td></td> 1166 <td>Nexus 6, Nexus 6P, Nexus 9, Pixel C, Nexus Player</td> 1167 <td>2017 1 9</td> 1168 </tr> 1169 <tr> 1170 <td>CVE-2017-0571</td> 1171 <td>A-34203305*<br /> 1172 B-RB#111541</td> 1173 <td></td> 1174 <td>Nexus 6, Nexus 6P, Pixel C, Nexus Player</td> 1175 <td>2017 1 9</td> 1176 </tr> 1177 <tr> 1178 <td>CVE-2017-0572</td> 1179 <td>A-34198931*<br /> 1180 B-RB#112597</td> 1181 <td></td> 1182 <td>**</td> 1183 <td>2017 1 9</td> 1184 </tr> 1185 <tr> 1186 <td>CVE-2017-0573</td> 1187 <td>A-34469904*<br /> 1188 B-RB#91539</td> 1189 <td></td> 1190 <td>Nexus 6, Nexus 6P, Nexus 9, Pixel C, Nexus Player</td> 1191 <td>2017 1 18</td> 1192 </tr> 1193 <tr> 1194 <td>CVE-2017-0574</td> 1195 <td>A-34624457*<br /> 1196 B-RB#113189</td> 1197 <td></td> 1198 <td>Nexus 6, Nexus 6P, Nexus 9, Pixel C</td> 1199 <td>2017 1 22</td> 1200 </tr> 1201 </tbody></table> 1202 <p>* . 1203 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1204 1205 1206 .</p> 1207 <p>** Android 7.0 Google 1208 .</p> 1209 1210 <h3 id="eop-in-qualcomm-wi-fi-driver">Qualcomm Wi-Fi 1211 </h3> 1212 <p>Qualcomm Wi-Fi 1213 1214 . 1215 .</p> 1216 1217 <table> 1218 <colgroup><col width="19%" /> 1219 <col width="20%" /> 1220 <col width="10%" /> 1221 <col width="23%" /> 1222 <col width="17%" /> 1223 </colgroup><tbody><tr> 1224 <th>CVE</th> 1225 <th></th> 1226 <th></th> 1227 <th> Google </th> 1228 <th> </th> 1229 </tr> 1230 <tr> 1231 <td>CVE-2017-0575</td> 1232 <td>A-32658595*<br /> 1233 QC-CR#1103099</td> 1234 <td></td> 1235 <td>Nexus 5X, Pixel, Pixel XL</td> 1236 <td>2016 11 3</td> 1237 </tr> 1238 </tbody></table> 1239 <p>* . 1240 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1241 1242 1243 .</p> 1244 1245 <h3 id="eop-in-nvidia-i2c-hid-driver">NVIDIA I2C HID 1246 </h3> 1247 <p>NVIDIA I2C HID 1248 1249 . 1250 .</p> 1251 1252 <table> 1253 <colgroup><col width="19%" /> 1254 <col width="20%" /> 1255 <col width="10%" /> 1256 <col width="23%" /> 1257 <col width="17%" /> 1258 </colgroup><tbody><tr> 1259 <th>CVE</th> 1260 <th></th> 1261 <th></th> 1262 <th> Google </th> 1263 <th> </th> 1264 </tr> 1265 <tr> 1266 <td>CVE-2017-0325</td> 1267 <td>A-33040280*<br /> 1268 N-CVE-2017-0325</td> 1269 <td></td> 1270 <td>Nexus 9, Pixel C</td> 1271 <td>2016 11 20</td> 1272 </tr> 1273 </tbody></table> 1274 <p>* . 1275 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1276 1277 1278 .</p> 1279 1280 <h3 id="eop-in-qualcomm-audio-driver">Qualcomm 1281 </h3> 1282 <p>Qualcomm 1283 1284 . 1285 .</p> 1286 1287 <table> 1288 <colgroup><col width="19%" /> 1289 <col width="20%" /> 1290 <col width="10%" /> 1291 <col width="23%" /> 1292 <col width="17%" /> 1293 </colgroup><tbody><tr> 1294 <th>CVE</th> 1295 <th></th> 1296 <th></th> 1297 <th> Google </th> 1298 <th> </th> 1299 </tr> 1300 <tr> 1301 <td>CVE-2017-0454</td> 1302 <td>A-33353700<br /> 1303 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=cb0701a2f99fa19f01fbd4249bda9a8eadb0241f"> 1304 QC-CR#1104067</a></td> 1305 <td></td> 1306 <td>Nexus 5X, Nexus 6P, Pixel, Pixel XL</td> 1307 <td>2016 12 5</td> 1308 </tr> 1309 </tbody></table> 1310 1311 <h3 id="eop-in-qualcomm-crypto-engine-driver">Qualcomm 1312 </h3> 1313 <p>Qualcomm 1314 1315 . 1316 .</p> 1317 1318 <table> 1319 <colgroup><col width="19%" /> 1320 <col width="20%" /> 1321 <col width="10%" /> 1322 <col width="23%" /> 1323 <col width="17%" /> 1324 </colgroup><tbody><tr> 1325 <th>CVE</th> 1326 <th></th> 1327 <th></th> 1328 <th> Google </th> 1329 <th> </th> 1330 </tr> 1331 <tr> 1332 <td>CVE-2017-0576</td> 1333 <td>A-33544431<br /> 1334 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=2b09507d78b25637df6879cd2ee2031b208b3532"> 1335 QC-CR#1103089</a></td> 1336 <td></td> 1337 <td>Nexus 5X, Nexus 6, Nexus 6P, Pixel, Pixel XL, Android One</td> 1338 <td>2016 12 9</td> 1339 </tr> 1340 </tbody></table> 1341 1342 <h3 id="eop-in-htc-touchscreen-driver-2">HTC 1343 </h3> 1344 <p>HTC 1345 1346 . 1347 .</p> 1348 1349 <table> 1350 <colgroup><col width="19%" /> 1351 <col width="20%" /> 1352 <col width="10%" /> 1353 <col width="23%" /> 1354 <col width="17%" /> 1355 </colgroup><tbody><tr> 1356 <th>CVE</th> 1357 <th></th> 1358 <th></th> 1359 <th> Google </th> 1360 <th> </th> 1361 </tr> 1362 <tr> 1363 <td>CVE-2017-0577</td> 1364 <td>A-33842951*<br /> 1365 </td> 1366 <td></td> 1367 <td>**</td> 1368 <td>2016 12 21</td> 1369 </tr> 1370 </tbody></table> 1371 <p>* . 1372 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1373 1374 1375 .</p> 1376 <p>** Android 7.0 Google 1377 .</p> 1378 1379 <h3 id="eop-in-dts-sound-driver">DTS 1380 </h3> 1381 <p>DTS 1382 1383 . 1384 .</p> 1385 1386 <table> 1387 <colgroup><col width="19%" /> 1388 <col width="20%" /> 1389 <col width="10%" /> 1390 <col width="23%" /> 1391 <col width="17%" /> 1392 </colgroup><tbody><tr> 1393 <th>CVE</th> 1394 <th></th> 1395 <th></th> 1396 <th> Google </th> 1397 <th> </th> 1398 </tr> 1399 <tr> 1400 <td>CVE-2017-0578</td> 1401 <td>A-33964406*<br /> 1402 </td> 1403 <td></td> 1404 <td>**</td> 1405 <td>2016 12 28</td> 1406 </tr> 1407 </tbody></table> 1408 <p>* . 1409 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1410 1411 1412 .</p> 1413 <p>** Android 7.0 Google 1414 .</p> 1415 1416 <h3 id="eop-in-qualcomm-sound-codec-driver">Qualcomm 1417 </h3> 1418 <p>Qualcomm 1419 1420 . 1421 .</p> 1422 1423 <table> 1424 <colgroup><col width="19%" /> 1425 <col width="20%" /> 1426 <col width="10%" /> 1427 <col width="23%" /> 1428 <col width="17%" /> 1429 </colgroup><tbody><tr> 1430 <th>CVE</th> 1431 <th></th> 1432 <th></th> 1433 <th> Google </th> 1434 <th> </th> 1435 </tr> 1436 <tr> 1437 <td>CVE-2016-10231</td> 1438 <td>A-33966912<br /> 1439 <a href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=3bfe5a89916f7d29492e9f6d941d108b688cb804"> 1440 QC-CR#1096799</a></td> 1441 <td></td> 1442 <td>Pixel, Pixel XL</td> 1443 <td>2016 12 29</td> 1444 </tr> 1445 </tbody></table> 1446 1447 <h3 id="eop-in-qualcomm-video-driver">Qualcomm 1448 </h3> 1449 <p>Qualcomm 1450 1451 . 1452 .</p> 1453 1454 <table> 1455 <colgroup><col width="19%" /> 1456 <col width="20%" /> 1457 <col width="10%" /> 1458 <col width="23%" /> 1459 <col width="17%" /> 1460 </colgroup><tbody><tr> 1461 <th>CVE</th> 1462 <th></th> 1463 <th></th> 1464 <th> Google </th> 1465 <th> </th> 1466 </tr> 1467 <tr> 1468 <td>CVE-2017-0579</td> 1469 <td>A-34125463*<br /> 1470 QC-CR#1115406</td> 1471 <td></td> 1472 <td>Nexus 5X, Nexus 6P, Pixel, Pixel XL</td> 1473 <td>2017 1 5</td> 1474 </tr> 1475 <tr> 1476 <td>CVE-2016-10232</td> 1477 <td>A-34386696<br /> 1478 <a href="https://source.codeaurora.org/quic/la//kernel/msm-3.10/commit/?id=21e0ead58e47798567d846b84f16f89cf69a57ae"> 1479 QC-CR#1024872</a> <a href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=27f7b3b3059f6181e2786f886f4cd92f413bc30c"> 1480 [2]</a></td> 1481 <td></td> 1482 <td>Nexus 5X, Nexus 6P, Pixel, Pixel XL, Android One</td> 1483 <td>2017 1 10</td> 1484 </tr> 1485 <tr> 1486 <td>CVE-2016-10233</td> 1487 <td>A-34389926<br /> 1488 <a href="https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=d793c6d91ecba2a1fd206ad47a4fd408d290addf"> 1489 QC-CR#897452</a></td> 1490 <td></td> 1491 <td>**</td> 1492 <td>2017 1 10</td> 1493 </tr> 1494 </tbody></table> 1495 <p>* . 1496 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1497 1498 1499 .</p> 1500 <p>** Android 7.0 Google 1501 .</p> 1502 1503 <h3 id="eop-in-nvidia-boot-and-power-management-processor-driver">NVIDIA 1504 1505 </h3> 1506 <p>NVIDIA 1507 1508 . 1509 1510 .</p> 1511 1512 <table> 1513 <colgroup><col width="19%" /> 1514 <col width="20%" /> 1515 <col width="10%" /> 1516 <col width="23%" /> 1517 <col width="17%" /> 1518 </colgroup><tbody><tr> 1519 <th>CVE</th> 1520 <th></th> 1521 <th></th> 1522 <th> Google </th> 1523 <th> </th> 1524 </tr> 1525 <tr> 1526 <td>CVE-2017-0329</td> 1527 <td>A-34115304*<br /> 1528 N-CVE-2017-0329</td> 1529 <td></td> 1530 <td>Pixel C</td> 1531 <td>2017 1 5</td> 1532 </tr> 1533 </tbody></table> 1534 <p>* . 1535 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1536 1537 1538 .</p> 1539 1540 <h3 id="eop-in-synaptics-touchscreen-driver">Synaptics 1541 </h3> 1542 <p>Synaptics 1543 1544 . 1545 .</p> 1546 1547 <table> 1548 <colgroup><col width="19%" /> 1549 <col width="20%" /> 1550 <col width="10%" /> 1551 <col width="23%" /> 1552 <col width="17%" /> 1553 </colgroup><tbody><tr> 1554 <th>CVE</th> 1555 <th></th> 1556 <th></th> 1557 <th> Google </th> 1558 <th> </th> 1559 </tr> 1560 <tr> 1561 <td>CVE-2017-0580</td> 1562 <td>A-34325986*<br /> 1563 </td> 1564 <td></td> 1565 <td>**</td> 1566 <td>2017 1 16</td> 1567 </tr> 1568 <tr> 1569 <td>CVE-2017-0581</td> 1570 <td>A-34614485*<br /> 1571 </td> 1572 <td></td> 1573 <td>**</td> 1574 <td>2017 1 22</td> 1575 </tr> 1576 </tbody></table> 1577 <p>* . 1578 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1579 1580 1581 .</p> 1582 <p>** Android 7.0 Google 1583 .</p> 1584 1585 <h3 id="eop-in-qualcomm-seemp-driver">Qualcomm Seemp 1586 </h3> 1587 <p>Qualcomm Seemp 1588 1589 . 1590 .</p> 1591 1592 <table> 1593 <colgroup><col width="19%" /> 1594 <col width="20%" /> 1595 <col width="10%" /> 1596 <col width="23%" /> 1597 <col width="17%" /> 1598 </colgroup><tbody><tr> 1599 <th>CVE</th> 1600 <th></th> 1601 <th></th> 1602 <th> Google </th> 1603 <th> </th> 1604 </tr> 1605 <tr> 1606 <td>CVE-2017-0462</td> 1607 <td>A-33353601<br /> 1608 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=eb7b1426279e751b1fc3e86f434dc349945c1ae7"> 1609 QC-CR#1102288</a></td> 1610 <td></td> 1611 <td>Pixel, Pixel XL</td> 1612 <td>Google </td> 1613 </tr> 1614 </tbody></table> 1615 1616 <h3 id="eop-in-qualcomm-kyro-l2-driver">Qualcomm Kyro L2 1617 </h3> 1618 <p>Qualcomm Kyro L2 1619 1620 . 1621 .</p> 1622 1623 <table> 1624 <colgroup><col width="19%" /> 1625 <col width="20%" /> 1626 <col width="10%" /> 1627 <col width="23%" /> 1628 <col width="17%" /> 1629 </colgroup><tbody><tr> 1630 <th>CVE</th> 1631 <th></th> 1632 <th></th> 1633 <th> Google </th> 1634 <th> </th> 1635 </tr> 1636 <tr> 1637 <td>CVE-2017-6423</td> 1638 <td>A-32831370<br /> 1639 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=0f264f812b61884390b432fdad081a3e995ba768"> 1640 QC-CR#1103158</a></td> 1641 <td></td> 1642 <td>Pixel, Pixel XL</td> 1643 <td>Google </td> 1644 </tr> 1645 </tbody></table> 1646 1647 <h3 id="eop-in-kernel-file-system"> 1648 </h3> 1649 <p> 1650 1651 . 1652 .</p> 1653 1654 <table> 1655 <colgroup><col width="19%" /> 1656 <col width="20%" /> 1657 <col width="10%" /> 1658 <col width="23%" /> 1659 <col width="17%" /> 1660 </colgroup><tbody><tr> 1661 <th>CVE</th> 1662 <th></th> 1663 <th></th> 1664 <th> Google </th> 1665 <th> </th> 1666 </tr> 1667 <tr> 1668 <td>CVE-2014-9922</td> 1669 <td>A-32761463<br /> 1670 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=69c433ed2ecd2d3264efd7afec4439524b319121"> 1671 </a></td> 1672 <td></td> 1673 <td>Nexus 5X, Nexus 6, Nexus 6P, Nexus 9, Pixel, Pixel XL, Pixel C, Android 1674 One, Nexus Player</td> 1675 <td>Google </td> 1676 </tr> 1677 </tbody></table> 1678 1679 <h3 id="id-in-kernel-memory-subsystem"> 1680 </h3> 1681 <p> 1682 . 1683 .</p> 1684 1685 <table> 1686 <colgroup><col width="19%" /> 1687 <col width="20%" /> 1688 <col width="10%" /> 1689 <col width="23%" /> 1690 <col width="17%" /> 1691 </colgroup><tbody><tr> 1692 <th>CVE</th> 1693 <th></th> 1694 <th></th> 1695 <th> Google </th> 1696 <th> </th> 1697 </tr> 1698 <tr> 1699 <td>CVE-2014-0206</td> 1700 <td>A-34465735<br /> 1701 <a href="https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=d36db46c2cba973557eb6138d22210c4e0cf17d6"> 1702 </a></td> 1703 <td></td> 1704 <td>Nexus 6, Nexus Player</td> 1705 <td>2014 5 6</td> 1706 </tr> 1707 </tbody></table> 1708 1709 <h3 id="id-in-kernel-networking-subsystem"> 1710 </h3> 1711 <p> 1712 . 1713 1714 .</p> 1715 1716 <table> 1717 <colgroup><col width="19%" /> 1718 <col width="20%" /> 1719 <col width="10%" /> 1720 <col width="23%" /> 1721 <col width="17%" /> 1722 </colgroup><tbody><tr> 1723 <th>CVE</th> 1724 <th></th> 1725 <th></th> 1726 <th> Google </th> 1727 <th> </th> 1728 </tr> 1729 <tr> 1730 <td>CVE-2014-3145</td> 1731 <td>A-34469585<br /> 1732 <a href="https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=314760e66c35c8ffa51b4c4ca6948d207e783079"> 1733 </a> <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=05ab8f2647e4221cbdb3856dd7d32bd5407316b3"> 1734 [2]</a></td> 1735 <td></td> 1736 <td>Nexus 6, Nexus Player</td> 1737 <td>2014 5 9</td> 1738 </tr> 1739 </tbody></table> 1740 1741 <h3 id="id-in-qualcomm-trustzone">Qualcomm TrustZone 1742 </h3> 1743 <p>Qualcomm TrustZone 1744 1745 . 1746 1747 .</p> 1748 1749 <table> 1750 <colgroup><col width="19%" /> 1751 <col width="20%" /> 1752 <col width="10%" /> 1753 <col width="23%" /> 1754 <col width="17%" /> 1755 </colgroup><tbody><tr> 1756 <th>CVE</th> 1757 <th></th> 1758 <th></th> 1759 <th> Google </th> 1760 <th> </th> 1761 </tr> 1762 <tr> 1763 <td>CVE-2016-5349</td> 1764 <td>A-29083830<br /> 1765 <a href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=7c3bf6557c62d904b15507eb451fda8fd7ef750c"> 1766 QC-CR#1021945</a> <a href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=03853a58952834ac3e1e3007c9c680dd4c001a2f"> 1767 [2]</a> <a href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=e3d969000fb60ecb9bc01667fa89957f67763514"> 1768 [3]</a> <a href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=9bd398661cae758ffc557adc7de74ba32654e1f9"> 1769 [4]</a></td> 1770 <td></td> 1771 <td>Nexus 5X, Nexus 6, Nexus 6P, Pixel, Pixel XL, Android One</td> 1772 <td>2016 6 1</td> 1773 </tr> 1774 </tbody></table> 1775 1776 <h3 id="id-in-qualcomm-ipa-driver">Qualcomm IPA 1777 </h3> 1778 <p>Qualcomm IPA 1779 1780 . 1781 1782 .</p> 1783 1784 <table> 1785 <colgroup><col width="19%" /> 1786 <col width="20%" /> 1787 <col width="10%" /> 1788 <col width="23%" /> 1789 <col width="17%" /> 1790 </colgroup><tbody><tr> 1791 <th>CVE</th> 1792 <th></th> 1793 <th></th> 1794 <th> Google </th> 1795 <th> </th> 1796 </tr> 1797 <tr> 1798 <td>CVE-2016-10234</td> 1799 <td>A-34390017<br /> 1800 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=c7d7492c1e329fdeb28a7901c4cd634d41a996b1"> 1801 QC-CR#1069060</a> <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=d12370c7f3ecded1867fbd6b70ded35db55cab1d"> 1802 [2]</a></td> 1803 <td></td> 1804 <td>Nexus 5X, Nexus 6P, Pixel, Pixel XL</td> 1805 <td>2017 1 10</td> 1806 </tr> 1807 </tbody></table> 1808 1809 <h3 id="dos-in-kernel-networking-subsystem"> (DoS) </h3> 1810 <p> 1811 1812 . 1813 .</p> 1814 1815 <table> 1816 <colgroup><col width="19%" /> 1817 <col width="20%" /> 1818 <col width="10%" /> 1819 <col width="23%" /> 1820 <col width="17%" /> 1821 </colgroup><tbody><tr> 1822 <th>CVE</th> 1823 <th></th> 1824 <th></th> 1825 <th> Google </th> 1826 <th> </th> 1827 </tr> 1828 <tr> 1829 <td>CVE-2014-2706</td> 1830 <td>A-34160553<br /> 1831 <a href="https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=1d147bfa64293b2723c4fec50922168658e613ba"> 1832 </a></td> 1833 <td></td> 1834 <td>Nexus Player</td> 1835 <td>2014 4 1</td> 1836 </tr> 1837 </tbody></table> 1838 1839 <h3 id="dos-in-qualcomm-wi-fi-driver">Qualcomm Wi-Fi 1840 (Dos) </h3> 1841 <p>Qualcomm Wi-Fi 1842 Wi-Fi . 1843 .</p> 1844 1845 <table> 1846 <colgroup><col width="19%" /> 1847 <col width="20%" /> 1848 <col width="10%" /> 1849 <col width="23%" /> 1850 <col width="17%" /> 1851 </colgroup><tbody><tr> 1852 <th>CVE</th> 1853 <th></th> 1854 <th></th> 1855 <th> Google </th> 1856 <th> </th> 1857 </tr> 1858 <tr> 1859 <td>CVE-2016-10235</td> 1860 <td>A-34390620<br /> 1861 <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=5bb0059243515ecdac138cfdb4cee7259bbd0bbc"> 1862 QC-CR#1046409</a></td> 1863 <td></td> 1864 <td>**</td> 1865 <td>2017 1 10</td> 1866 </tr> 1867 </tbody></table> 1868 <p>** Android 7.0 Google 1869 .</p> 1870 1871 <h3 id="eop-in-kernel-file-system-2"> 1872 </h3> 1873 <p> 1874 1875 . 1876 1877 .</p> 1878 1879 <table> 1880 <colgroup><col width="19%" /> 1881 <col width="20%" /> 1882 <col width="10%" /> 1883 <col width="23%" /> 1884 <col width="17%" /> 1885 </colgroup><tbody><tr> 1886 <th>CVE</th> 1887 <th></th> 1888 <th></th> 1889 <th> Google </th> 1890 <th> </th> 1891 </tr> 1892 <tr> 1893 <td>CVE-2016-7097</td> 1894 <td>A-32458736<br /> 1895 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=073931017b49d9458aa351605b43a7e34598caef"> 1896 </a></td> 1897 <td></td> 1898 <td>Nexus 5X, Nexus 6, Nexus 6P, Nexus 9, Pixel, Pixel XL, Pixel C, Nexus 1899 Player</td> 1900 <td>2016 8 28</td> 1901 </tr> 1902 </tbody></table> 1903 1904 <h3 id="eop-in-qualcomm-wi-fi-driver-2">Qualcomm Wi-Fi 1905 </h3> 1906 <p>Qualcomm Wi-Fi 1907 1908 . 1909 1910 .</p> 1911 1912 <table> 1913 <colgroup><col width="19%" /> 1914 <col width="20%" /> 1915 <col width="10%" /> 1916 <col width="23%" /> 1917 <col width="17%" /> 1918 </colgroup><tbody><tr> 1919 <th>CVE</th> 1920 <th></th> 1921 <th></th> 1922 <th> Google </th> 1923 <th> </th> 1924 </tr> 1925 <tr> 1926 <td>CVE-2017-6424</td> 1927 <td>A-32086742<br /> 1928 <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=5cc2ac840e36a3342c5194c20b314f0bb95ef7e1"> 1929 QC-CR#1102648</a></td> 1930 <td></td> 1931 <td>Nexus 5X, Pixel, Pixel XL, Android One</td> 1932 <td>2016 10 9</td> 1933 </tr> 1934 </tbody></table> 1935 1936 <h3 id="eop-in-broadcom-wi-fi-driver-2">Broadcom Wi-Fi 1937 </h3> 1938 <p>Broadcom Wi-Fi 1939 1940 . 1941 1942 .</p> 1943 1944 <table> 1945 <colgroup><col width="19%" /> 1946 <col width="20%" /> 1947 <col width="10%" /> 1948 <col width="23%" /> 1949 <col width="17%" /> 1950 </colgroup><tbody><tr> 1951 <th>CVE</th> 1952 <th></th> 1953 <th></th> 1954 <th> Google </th> 1955 <th> </th> 1956 </tr> 1957 <tr> 1958 <td>CVE-2016-8465</td> 1959 <td>A-32474971*<br /> 1960 B-RB#106053</td> 1961 <td></td> 1962 <td>Nexus 6, Nexus 6P, Nexus 9, Pixel C, Nexus Player</td> 1963 <td>2016 10 27</td> 1964 </tr> 1965 </tbody></table> 1966 <p>* . 1967 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1968 1969 1970 .</p> 1971 1972 <h3 id="eop-in-htc-oem-fastboot-command">HTC OEM 1973 </h3> 1974 <p>HTC OEM 1975 1976 . 1977 .</p> 1978 1979 <table> 1980 <colgroup><col width="19%" /> 1981 <col width="20%" /> 1982 <col width="10%" /> 1983 <col width="23%" /> 1984 <col width="17%" /> 1985 </colgroup><tbody><tr> 1986 <th>CVE</th> 1987 <th></th> 1988 <th></th> 1989 <th> Google </th> 1990 <th> </th> 1991 </tr> 1992 <tr> 1993 <td>CVE-2017-0582</td> 1994 <td>A-33178836*<br /> 1995 </td> 1996 <td></td> 1997 <td>Nexus 9</td> 1998 <td>2016 11 28</td> 1999 </tr> 2000 </tbody></table> 2001 <p>* . 2002 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 2003 2004 2005 .</p> 2006 2007 <h3 id="eop-in-qualcomm-cp-access-driver">Qualcomm CP 2008 </h3> 2009 <p>Qualcomm CP 2010 2011 . 2012 2013 .</p> 2014 2015 <table> 2016 <colgroup><col width="19%" /> 2017 <col width="20%" /> 2018 <col width="10%" /> 2019 <col width="23%" /> 2020 <col width="17%" /> 2021 </colgroup><tbody><tr> 2022 <th>CVE</th> 2023 <th></th> 2024 <th></th> 2025 <th> Google </th> 2026 <th> </th> 2027 </tr> 2028 <tr> 2029 <td>CVE-2017-0583</td> 2030 <td>A-32068683<br /> 2031 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=452d2ad331d20b19e8a0768c4b6e7fe1b65abe8f"> 2032 QC-CR#1103788</a></td> 2033 <td></td> 2034 <td>Nexus 5X, Nexus 6P, Pixel, Pixel XL, Android One</td> 2035 <td>Google </td> 2036 </tr> 2037 </tbody></table> 2038 2039 <h3 id="id-in-kernel-media-driver"> </h3> 2040 <p> 2041 2042 . 2043 2044 .</p> 2045 2046 <table> 2047 <colgroup><col width="19%" /> 2048 <col width="20%" /> 2049 <col width="10%" /> 2050 <col width="23%" /> 2051 <col width="17%" /> 2052 </colgroup><tbody><tr> 2053 <th>CVE</th> 2054 <th></th> 2055 <th></th> 2056 <th> Google </th> 2057 <th> </th> 2058 </tr> 2059 <tr> 2060 <td>CVE-2014-1739</td> 2061 <td>A-34460642<br /> 2062 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e6a623460e5fc960ac3ee9f946d3106233fd28d8"> 2063 </a></td> 2064 <td></td> 2065 <td>Nexus 6, Nexus 9, Nexus Player</td> 2066 <td>2014 6 15</td> 2067 </tr> 2068 </tbody></table> 2069 2070 <h3 id="id-in-qualcomm-wi-fi-driver">Qualcomm Wi-Fi 2071 </h3> 2072 <p>Qualcomm Wi-Fi 2073 2074 . 2075 .</p> 2076 2077 <table> 2078 <colgroup><col width="19%" /> 2079 <col width="20%" /> 2080 <col width="10%" /> 2081 <col width="23%" /> 2082 <col width="17%" /> 2083 </colgroup><tbody><tr> 2084 <th>CVE</th> 2085 <th></th> 2086 <th></th> 2087 <th> Google </th> 2088 <th> </th> 2089 </tr> 2090 <tr> 2091 <td>CVE-2017-0584</td> 2092 <td>A-32074353*<br /> 2093 QC-CR#1104731</td> 2094 <td></td> 2095 <td>Nexus 5X, Pixel, Pixel XL</td> 2096 <td>2016 10 9</td> 2097 </tr> 2098 </tbody></table> 2099 <p>* . 2100 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 2101 2102 2103 .</p> 2104 2105 <h3 id="id-in-broadcom-wi-fi-driver">Broadcom Wi-Fi 2106 </h3> 2107 <p>Broadcom Wi-Fi 2108 2109 . 2110 .</p> 2111 2112 <table> 2113 <colgroup><col width="19%" /> 2114 <col width="20%" /> 2115 <col width="10%" /> 2116 <col width="23%" /> 2117 <col width="17%" /> 2118 </colgroup><tbody><tr> 2119 <th>CVE</th> 2120 <th></th> 2121 <th></th> 2122 <th> Google </th> 2123 <th> </th> 2124 </tr> 2125 <tr> 2126 <td>CVE-2017-0585</td> 2127 <td>A-32475556*<br /> 2128 B-RB#112953</td> 2129 <td></td> 2130 <td>Nexus 6, Nexus 6P, Nexus 9, Pixel C, Nexus Player</td> 2131 <td>2016 10 27</td> 2132 </tr> 2133 </tbody></table> 2134 <p>* . 2135 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 2136 2137 2138 .</p> 2139 2140 <h3 id="id-in-qualcomm-avtimer-driver">Qualcomm Avtimer 2141 </h3> 2142 <p>Qualcomm Avtimer 2143 2144 . 2145 .</p> 2146 2147 <table> 2148 <colgroup><col width="19%" /> 2149 <col width="20%" /> 2150 <col width="10%" /> 2151 <col width="23%" /> 2152 <col width="17%" /> 2153 </colgroup><tbody><tr> 2154 <th>CVE</th> 2155 <th></th> 2156 <th></th> 2157 <th> Google </th> 2158 <th> </th> 2159 </tr> 2160 <tr> 2161 <td>CVE-2016-5346</td> 2162 <td>A-32551280<br /> 2163 <a href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=6298a474322fb2182f795a622b2faa64abfd8474"> 2164 QC-CR#1097878</a></td> 2165 <td></td> 2166 <td>Pixel, Pixel XL</td> 2167 <td>2016 10 29</td> 2168 </tr> 2169 </tbody></table> 2170 2171 <h3 id="id-in-qualcomm-video-driver">Qualcomm 2172 </h3> 2173 <p>Qualcomm 2174 2175 . 2176 .</p> 2177 2178 <table> 2179 <colgroup><col width="19%" /> 2180 <col width="20%" /> 2181 <col width="10%" /> 2182 <col width="23%" /> 2183 <col width="17%" /> 2184 </colgroup><tbody><tr> 2185 <th>CVE</th> 2186 <th></th> 2187 <th></th> 2188 <th> Google </th> 2189 <th> </th> 2190 </tr> 2191 <tr> 2192 <td>CVE-2017-6425</td> 2193 <td>A-32577085<br /> 2194 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=ef86560a21fe1f256f6ba772a195201ff202c657"> 2195 QC-CR#1103689</a></td> 2196 <td></td> 2197 <td>Pixel, Pixel XL</td> 2198 <td>2016 10 29</td> 2199 </tr> 2200 </tbody></table> 2201 2202 <h3 id="id-in-qualcomm-usb-driver">Qualcomm USB 2203 </h3> 2204 <p>Qualcomm USB 2205 . 2206 2207 .</p> 2208 2209 <table> 2210 <colgroup><col width="19%" /> 2211 <col width="20%" /> 2212 <col width="10%" /> 2213 <col width="23%" /> 2214 <col width="17%" /> 2215 </colgroup><tbody><tr> 2216 <th>CVE</th> 2217 <th></th> 2218 <th></th> 2219 <th> Google </th> 2220 <th> </th> 2221 </tr> 2222 <tr> 2223 <td>CVE-2016-10236</td> 2224 <td>A-33280689<br /> 2225 <a href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=b8199c2b852f1e23c988e10b8fbb8d34c98b4a1c"> 2226 QC-CR#1102418</a></td> 2227 <td></td> 2228 <td>Pixel, Pixel XL</td> 2229 <td>2016 11 30</td> 2230 </tr> 2231 </tbody></table> 2232 2233 <h3 id="id-in-qualcomm-sound-driver">Qualcomm 2234 </h3> 2235 <p>Qualcomm 2236 . 2237 .</p> 2238 2239 <table> 2240 <colgroup><col width="19%" /> 2241 <col width="20%" /> 2242 <col width="10%" /> 2243 <col width="23%" /> 2244 <col width="17%" /> 2245 </colgroup><tbody><tr> 2246 <th>CVE</th> 2247 <th></th> 2248 <th></th> 2249 <th> Google </th> 2250 <th> </th> 2251 </tr> 2252 <tr> 2253 <td>CVE-2017-0586</td> 2254 <td>A-33649808<br /> 2255 QC-CR#1097569</td> 2256 <td></td> 2257 <td>Nexus 5X, Nexus 6, Nexus 6P, Pixel, Pixel XL, Android One</td> 2258 <td>2016 12 13</td> 2259 </tr> 2260 </tbody></table> 2261 2262 <h3 id="id-in-qualcomm-spmi-driver">Qualcomm SPMI </h3> 2263 <p>Qualcomm SPMI 2264 2265 . 2266 .</p> 2267 2268 <table> 2269 <colgroup><col width="19%" /> 2270 <col width="20%" /> 2271 <col width="10%" /> 2272 <col width="23%" /> 2273 <col width="17%" /> 2274 </colgroup><tbody><tr> 2275 <th>CVE</th> 2276 <th></th> 2277 <th></th> 2278 <th> Google </th> 2279 <th> </th> 2280 </tr> 2281 <tr> 2282 <td>CVE-2017-6426</td> 2283 <td>A-33644474<br /> 2284 <a href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=80decd6365deec08c35ecb902a58f9210599b39a"> 2285 QC-CR#1106842</a></td> 2286 <td></td> 2287 <td>Pixel, Pixel XL</td> 2288 <td>2016 12 14</td> 2289 </tr> 2290 </tbody></table> 2291 2292 <h3 id="id-in-nvidia-crypto-driver">NVIDIA 2293 </h3> 2294 <p>NVIDIA 2295 . 2296 .</p> 2297 2298 <table> 2299 <colgroup><col width="19%" /> 2300 <col width="20%" /> 2301 <col width="10%" /> 2302 <col width="23%" /> 2303 <col width="17%" /> 2304 </colgroup><tbody><tr> 2305 <th>CVE</th> 2306 <th></th> 2307 <th></th> 2308 <th> Google </th> 2309 <th> </th> 2310 </tr> 2311 <tr> 2312 <td>CVE-2017-0328</td> 2313 <td>A-33898322*<br /> 2314 N-CVE-2017-0328</td> 2315 <td></td> 2316 <td>**</td> 2317 <td>2016 12 24</td> 2318 </tr> 2319 <tr> 2320 <td>CVE-2017-0330</td> 2321 <td>A-33899858*<br /> 2322 N-CVE-2017-0330</td> 2323 <td></td> 2324 <td>**</td> 2325 <td>2016 12 24</td> 2326 </tr> 2327 </tbody></table> 2328 <p>* . 2329 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 2330 2331 2332 .</p> 2333 <p>** Android 7.0 Google 2334 .</p> 2335 2336 <h3 id="vulnerabilities-in-qualcomm-components-2">Qualcomm 2337 </h3> 2338 <p>Qualcomm 2014~2016 2339 Qualcomm AMSS . 2340 Android 2341 Android . </p> 2342 2343 <table> 2344 <colgroup><col width="19%" /> 2345 <col width="20%" /> 2346 <col width="10%" /> 2347 <col width="23%" /> 2348 <col width="17%" /> 2349 </colgroup><tbody><tr> 2350 <th>CVE</th> 2351 <th></th> 2352 <th></th> 2353 <th> Google </th> 2354 <th> </th> 2355 </tr> 2356 <tr> 2357 <td>CVE-2014-9931</td> 2358 <td>A-35445101**<br /> 2359 QC-CR#612410</td> 2360 <td></td> 2361 <td>**</td> 2362 <td>Qualcomm </td> 2363 </tr> 2364 <tr> 2365 <td>CVE-2014-9932</td> 2366 <td>A-35434683**<br /> 2367 QC-CR#626734</td> 2368 <td></td> 2369 <td>Pixel, Pixel XL</td> 2370 <td>Qualcomm </td> 2371 </tr> 2372 <tr> 2373 <td>CVE-2014-9933</td> 2374 <td>A-35442512<br /> 2375 QC-CR#675463</td> 2376 <td></td> 2377 <td>**</td> 2378 <td>Qualcomm </td> 2379 </tr> 2380 <tr> 2381 <td>CVE-2014-9934</td> 2382 <td>A-35439275**<br /> 2383 QC-CR#658249</td> 2384 <td></td> 2385 <td>**</td> 2386 <td>Qualcomm </td> 2387 </tr> 2388 <tr> 2389 <td>CVE-2014-9935</td> 2390 <td>A-35444951**<br /> 2391 QC-CR#717626</td> 2392 <td></td> 2393 <td>**</td> 2394 <td>Qualcomm </td> 2395 </tr> 2396 <tr> 2397 <td>CVE-2014-9936</td> 2398 <td>A-35442420**<br /> 2399 QC-CR#727389</td> 2400 <td></td> 2401 <td>**</td> 2402 <td>Qualcomm </td> 2403 </tr> 2404 <tr> 2405 <td>CVE-2014-9937</td> 2406 <td>A-35445102**<br /> 2407 QC-CR#734095</td> 2408 <td></td> 2409 <td>**</td> 2410 <td>Qualcomm </td> 2411 </tr> 2412 <tr> 2413 <td>CVE-2015-8995</td> 2414 <td>A-35445002**<br /> 2415 QC-CR#733690</td> 2416 <td></td> 2417 <td>**</td> 2418 <td>Qualcomm </td> 2419 </tr> 2420 <tr> 2421 <td>CVE-2015-8996</td> 2422 <td>A-35444658**<br /> 2423 QC-CR#734698</td> 2424 <td></td> 2425 <td>**</td> 2426 <td>Qualcomm </td> 2427 </tr> 2428 <tr> 2429 <td>CVE-2015-8997</td> 2430 <td>A-35432947**<br /> 2431 QC-CR#734707</td> 2432 <td></td> 2433 <td>**</td> 2434 <td>Qualcomm </td> 2435 </tr> 2436 <tr> 2437 <td>CVE-2015-8998</td> 2438 <td>A-35441175**<br /> 2439 QC-CR#735337</td> 2440 <td></td> 2441 <td>**</td> 2442 <td>Qualcomm </td> 2443 </tr> 2444 <tr> 2445 <td>CVE-2015-8999</td> 2446 <td>A-35445401**<br /> 2447 QC-CR#736119</td> 2448 <td></td> 2449 <td>**</td> 2450 <td>Qualcomm </td> 2451 </tr> 2452 <tr> 2453 <td>CVE-2015-9000</td> 2454 <td>A-35441076**<br /> 2455 QC-CR#740632</td> 2456 <td></td> 2457 <td>**</td> 2458 <td>Qualcomm </td> 2459 </tr> 2460 <tr> 2461 <td>CVE-2015-9001</td> 2462 <td>A-35445400**<br /> 2463 QC-CR#736083</td> 2464 <td></td> 2465 <td>**</td> 2466 <td>Qualcomm </td> 2467 </tr> 2468 <tr> 2469 <td>CVE-2015-9002</td> 2470 <td>A-35442421**<br /> 2471 QC-CR#748428</td> 2472 <td></td> 2473 <td>**</td> 2474 <td>Qualcomm </td> 2475 </tr> 2476 <tr> 2477 <td>CVE-2015-9003</td> 2478 <td>A-35440626**<br /> 2479 QC-CR#749215</td> 2480 <td></td> 2481 <td>**</td> 2482 <td>Qualcomm </td> 2483 </tr> 2484 <tr> 2485 <td>CVE-2016-10242</td> 2486 <td>A-35434643**<br /> 2487 QC-CR#985139</td> 2488 <td></td> 2489 <td>**</td> 2490 <td>Qualcomm </td> 2491 </tr> 2492 </tbody></table> 2493 <p>* .</p> 2494 <p>* . 2495 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 2496 2497 2498 .</p> 2499 <p>*** Android 7.0 Google 2500 .</p> 2501 2502 <h2 id="common-questions-and-answers"> </h2> 2503 <p> .</p> 2504 <p><strong>1. ?</strong></p> 2505 <p> 2506 <a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">Pixel Nexus </a> 2507 .</p> 2508 <ul> 2509 <li>2017-04-01 2017-04-01 2510 .</li> 2511 <li>2017-04-05 2512 2017-04-05 .</li> 2513 </ul> 2514 <p> 2515 .</p> 2516 <ul> 2517 <li>[ro.build.version.security_patch]:[2017-04-01]</li> 2518 <li>[ro.build.version.security_patch]:[2017-04-05]</li> 2519 </ul> 2520 2521 <p><strong>2. ?</strong></p> 2522 <p> Android Android 2523 2524 . Android 2525 .</p> 2526 <ul> 2527 <li>2017 4 1 2528 2529 .</li> 2530 <li>2017 4 5 2531 2532 .</li> 2533 </ul> 2534 <p> .</p> 2535 <p><strong>3. Google ?</strong></p> 2536 <p><a href="#2017-04-01-details">2017-04-01</a> 2537 <a href="#2017-04-05-details">2017-04-05</a> 2538 <em> Google 2539 </em> . Google 2540 . .</p> 2541 <ul> 2542 <li><strong> Google </strong>: Google Pixel 2543 , <em> Google </em> 2544 '' . '' <a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices"> </a> 2545 . Nexus 5X, Nexus 6, Nexus 6P, Nexus 7(2013), Nexus 9, 2546 Android One, Nexus Player, Pixel C, Pixel, Pixel XL.</li> 2547 <li><strong> Google </strong>: Google 2548 , Google <em> Google </em> 2549 .</li> 2550 <li><strong>Google </strong>: Android 7.0 Google 2551 , <em> Google </em> '' 2552 . </li> 2553 </ul> 2554 <p><strong>4. ?</strong></p> 2555 <p> <em></em> 2556 . 2557 .</p> 2558 <table> 2559 <tbody><tr> 2560 <th></th> 2561 <th> </th> 2562 </tr> 2563 <tr> 2564 <td>A-</td> 2565 <td>Android ID</td> 2566 </tr> 2567 <tr> 2568 <td>QC-</td> 2569 <td>Qualcomm </td> 2570 </tr> 2571 <tr> 2572 <td>M-</td> 2573 <td>MediaTek </td> 2574 </tr> 2575 <tr> 2576 <td>N-</td> 2577 <td>NVIDIA </td> 2578 </tr> 2579 <tr> 2580 <td>B-</td> 2581 <td>Broadcom </td> 2582 </tr> 2583 </tbody></table> 2584 2585 <h2 id="revisions"> </h2> 2586 <ul> 2587 <li>2017 4 3: </li> 2588 <li>2017 4 5: AOSP </li> 2589 </ul> 2590 2591 </body></html>
