1 <html devsite><head> 2 <title>Android 2017 5</title> 3 <meta name="project_path" value="/_project.yaml"/> 4 <meta name="book_path" value="/_book.yaml"/> 5 </head> 6 <body> 7 <!-- 8 Copyright 2017 The Android Open Source Project 9 10 Licensed under the Apache License, Version 2.0 (the "License"); 11 you may not use this file except in compliance with the License. 12 You may obtain a copy of the License at 13 14 http://www.apache.org/licenses/LICENSE-2.0 15 16 Unless required by applicable law or agreed to in writing, software 17 distributed under the License is distributed on an "AS IS" BASIS, 18 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 19 See the License for the specific language governing permissions and 20 limitations under the License. 21 --> 22 23 <p><em>2017 5 1 | 2017 5 2 </em></p> 24 25 <p>Android Android 26 . (OTA) 27 Nexus . Google 28 <a href="https://developers.google.com/android/nexus/images">Google </a> . 2017 5 5 29 . <a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">Pixel Nexus </a> 30 .</p> 31 32 <p> 33 2017 4 3 . 34 Android (AOSP) . 35 AOSP .</p> 36 37 <p> 38 , MMS 39 . <a href="/security/overview/updates-resources.html#severity"> </a> 40 41 42 .</p> 43 44 <p> 45 . <a href="https://developer.android.com/training/safetynet/index.html">SafetyNet</a> Android 46 <a href="/security/enhancements/index.html">Android </a> 47 <a href="#mitigations">Android Google </a> 48 .</p> 49 50 <p> .</p> 51 <h2 id="announcements"></h2> 52 <ul> 53 <li> Android Android 54 55 . <a href="#common-questions-and-answers"> 56 </a> . 57 <ul> 58 <li><strong>2017-05-01</strong>: . 59 2017-05-01 60 .</li> 61 <li><strong>2017-05-05</strong>: . 62 2017-05-01 2017-05-05 63 .</li> 64 </ul> 65 </li> 66 <li> Google 2017 5 5 OTA 67 .</li> 68 </ul> 69 70 <h2 id="mitigations">Android Google </h2> 71 72 <p> SafetyNet <a href="/security/enhancements/index.html">Android </a> 73 . 74 Android 75 .</p> 76 77 <ul> 78 <li>Android Android 79 . Android 80 .</li> 81 <li>Android <a href="/security/reports/Google_Android_Security_PHA_classifications.pdf"> </a> 82 <a href="/security/reports/Google_Android_Security_2016_Report_Final.pdf"> SafetyNet</a> 83 . <a href="http://www.android.com/gms">Google </a> 84 Google Play 85 . Google 86 Play 87 88 . 89 90 . 91 .</li> 92 <li> Google 93 .</li> 94 </ul> 95 96 <h2 id="acknowledgements"> </h2> 97 98 <p> .</p> 99 <ul> 100 <li>Venustech ADlab: CVE-2017-0630</li> 101 <li>Tencent KeenLab(<a href="https://twitter.com/keen_lab">@keen_lab</a>) 102 Di Shen(<a href="https://twitter.com/returnsme">@returnsme</a>): 103 CVE-2016-10287</li> 104 <li>Trend Micro Ecular Xu(): CVE-2017-0599, CVE-2017-0635</li> 105 <li><a href="http://www.ms509.com">MS509Team</a> En He(<a href="https://twitter.com/heeeeen4x">@heeeeen4x</a>), 106 Bo Liu: CVE-2017-0601</li> 107 <li><a href="https://twrp.me/">Team Win Recovery Project</a> Ethan Yonker: 108 CVE-2017-0493</li> 109 <li>Qihoo 360 Technology Co. Ltd. 110 IceSword Lab Gengjia Chen(<a href="https://twitter.com/chengjia4574">@chengjia4574</a>), 111 <a href="http://weibo.com/jfpan">pjf</a>: CVE-2016-10285, CVE-2016-10288, CVE-2016-10290, 112 CVE-2017-0624, CVE-2017-0616, CVE-2017-0617, CVE-2016-10294, CVE-2016-10295, 113 CVE-2016-10296</li> 114 <li>Tencent PC Manager godzheng( <a href="https://twitter.com/virtualseekers">@VirtualSeekers</a>): 115 CVE-2017-0602</li> 116 <li><a href="http://tuncay2.web.engr.illinois.edu">University of Illinois at 117 Urbana-Champaign</a> <a href="https://www.linkedin.com/in/g%C3%BCliz-seray-tuncay-952a1b9/">Gliz 118 Seray Tuncay</a>: CVE-2017-0593</li> 119 <li>Qihoo 360 Technology Co. Ltd. Alpha Team Hao Chen, Guang Gong: 120 CVE-2016-10283</li> 121 <li>Xiaomi Inc Juhu Nie, Yang Cheng, Nan Li, Qiwu Huang: CVE-2016-10276</li> 122 <li><a href="https://github.com/michalbednarski">Micha Bednarski</a>: 123 CVE-2017-0598</li> 124 <li>Tesla's Product Security Team Nathan Crandall(<a href="https://twitter.com/natecray">@natecray</a>): 125 CVE-2017-0331, CVE-2017-0606</li> 126 <li><a href="mailto:jiych.guru (a] gmail.com">Niky1235</a>(<a href="https://twitter.com/jiych_guru">@jiych_guru</a>): CVE-2017-0603</li> 127 <li>Alibaba Mobile Security Group Peng Xiao, Chengming Yang, Ning You, 128 Chao Yang, Yang song: CVE-2016-10281, CVE-2016-10280</li> 129 <li><a href="https://alephsecurity.com/">Aleph Research</a> Roee Hay(<a href="https://twitter.com/roeehay">@roeehay</a>): CVE-2016-10277</li> 130 <li><a href="mailto:sbauer (a] plzdonthack.me">Scott Bauer</a>(<a href="https://twitter.com/ScottyBauer1">@ScottyBauer1</a>): CVE-2016-10274</li> 131 <li><a href="http://c0reteam.org">C0RE Team</a> <a href="mailto:segfault5514 (a] gmail.com">Tong Lin</a>, <a href="mailto:computernik (a] gmail.com">Yuan-Tsung Lo</a>, Xuxian Jiang: CVE-2016-10291</li> 132 <li>Vasily Vasiliev: CVE-2017-0589</li> 133 <li><a href="http://www.trendmicro.com">Trend Micro</a> <a href="http://blog.trendmicro.com/trendlabs-security-intelligence/category/mobile">Mobile Threat Response Team</a> 134 V.E.O(<a href="https://twitter.com/vysea">@VYSEa</a>): 135 CVE-2017-0590, CVE-2017-0587, CVE-2017-0600</li> 136 <li>Tencent Security Platform Department Xiling Gong: CVE-2017-0597</li> 137 <li>360 Marvel Team Xingyuan Lin: CVE-2017-0627</li> 138 <li>Alibaba Inc Yong Wang()(<a href="https://twitter.com/ThomasKing2014">@ThomasKing2014</a>): 139 CVE-2017-0588</li> 140 <li>Qihoo 360 Technology Co. Ltd. IceSword Lab 141 Yonggang Guo(<a href="https://twitter.com/guoygang">@guoygang</a>): CVE-2016-10289, CVE-2017-0465</li> 142 <li>Qihoo 360 Technology Co. Ltd. Vulpecker Team Yu Pan: CVE-2016-10282, 143 CVE-2017-0615</li> 144 <li>Qihoo 360 Technology Co. Ltd. Vulpecker Team Yu Pan, Peide Zhang: 145 CVE-2017-0618, CVE-2017-0625</li> 146 </ul> 147 148 <h2 id="2017-05-01-details">2017-05-01 149 </h2> 150 151 <p> 2017-05-01 152 . , 153 CVE, , , Google , 154 AOSP ( ), . 155 AOSP ID 156 . 157 ID .</p> 158 159 <h3 id="rce-in-mediaserver"> 160 </h3> 161 162 <p> 163 164 . 165 .</p> 166 167 <table> 168 <colgroup><col width="18%" /> 169 <col width="17%" /> 170 <col width="10%" /> 171 <col width="19%" /> 172 <col width="18%" /> 173 <col width="17%" /> 174 </colgroup><tbody><tr> 175 <th>CVE</th> 176 <th></th> 177 <th></th> 178 <th> Google </th> 179 <th> AOSP </th> 180 <th> </th> 181 </tr> 182 <tr> 183 <td>CVE-2017-0587</td> 184 <td><a href="https://android.googlesource.com/platform/external/libmpeg2/+/a86eb798d077b9b25c8f8c77e3c02c2f287c1ce7">A-35219737</a></td> 185 <td></td> 186 <td></td> 187 <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> 188 <td>2017 1 4</td> 189 </tr> 190 <tr> 191 <td>CVE-2017-0588</td> 192 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/6f1d990ce0f116a205f467d9eb2082795e33872b">A-34618607</a></td> 193 <td></td> 194 <td></td> 195 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> 196 <td>2017 1 21</td> 197 </tr> 198 <tr> 199 <td>CVE-2017-0589</td> 200 <td><a href="https://android.googlesource.com/platform/external/libhevc/+/bcfc7124f6ef9f1ec128fb2e90de774a5b33d199">A-34897036</a></td> 201 <td></td> 202 <td></td> 203 <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> 204 <td>2017 2 1</td> 205 </tr> 206 <tr> 207 <td>CVE-2017-0590</td> 208 <td><a href="https://android.googlesource.com/platform/external/libhevc/+/45c97f878bee15cd97262fe7f57ecea71990fed7">A-35039946</a></td> 209 <td></td> 210 <td></td> 211 <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> 212 <td>2017 2 6</td> 213 </tr> 214 <tr> 215 <td>CVE-2017-0591</td> 216 <td><a href="https://android.googlesource.com/platform/external/libavc/+/5c3fd5d93a268abb20ff22f26009535b40db3c7d">A-34097672</a></td> 217 <td></td> 218 <td></td> 219 <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> 220 <td>Google </td> 221 </tr> 222 <tr> 223 <td>CVE-2017-0592</td> 224 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/acc192347665943ca674acf117e4f74a88436922">A-34970788</a></td> 225 <td></td> 226 <td></td> 227 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> 228 <td>Google </td> 229 </tr> 230 </tbody></table> 231 232 <h3 id="eop-in-framework-apis"> API 233 </h3> 234 235 <p> API 236 . 237 238 .</p> 239 240 <table> 241 <colgroup><col width="18%" /> 242 <col width="17%" /> 243 <col width="10%" /> 244 <col width="19%" /> 245 <col width="18%" /> 246 <col width="17%" /> 247 </colgroup><tbody><tr> 248 <th>CVE</th> 249 <th></th> 250 <th></th> 251 <th> Google </th> 252 <th> AOSP </th> 253 <th> </th> 254 </tr> 255 <tr> 256 <td>CVE-2017-0593</td> 257 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/78efbc95412b8efa9a44d573f5767ae927927d48">A-34114230</a></td> 258 <td></td> 259 <td></td> 260 <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> 261 <td>2017 1 5</td> 262 </tr> 263 </tbody></table> 264 265 <h3 id="eop-in-mediaserver"> 266 </h3> 267 268 <p> 269 270 . 271 272 .</p> 273 274 <table> 275 <colgroup><col width="18%" /> 276 <col width="17%" /> 277 <col width="10%" /> 278 <col width="19%" /> 279 <col width="18%" /> 280 <col width="17%" /> 281 </colgroup><tbody><tr> 282 <th>CVE</th> 283 <th></th> 284 <th></th> 285 <th> Google </th> 286 <th> AOSP </th> 287 <th> </th> 288 </tr> 289 <tr> 290 <td>CVE-2017-0594</td> 291 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/594bf934384920618d2b6ce0bcda1f60144cb3eb">A-34617444</a></td> 292 <td></td> 293 <td></td> 294 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> 295 <td>2017 1 22</td> 296 </tr> 297 <tr> 298 <td>CVE-2017-0595</td> 299 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/5443b57cc54f2e46b35246637be26a69e9f493e1">A-34705519</a></td> 300 <td></td> 301 <td></td> 302 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 303 <td>2017 1 24</td> 304 </tr> 305 <tr> 306 <td>CVE-2017-0596</td> 307 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/5443b57cc54f2e46b35246637be26a69e9f493e1">A-34749392</a></td> 308 <td></td> 309 <td></td> 310 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 311 <td>2017 1 24</td> 312 </tr> 313 </tbody></table> 314 315 <h3 id="eop-in-audioserver"> 316 </h3> 317 318 <p> 319 320 . 321 322 .</p> 323 324 <table> 325 <colgroup><col width="18%" /> 326 <col width="17%" /> 327 <col width="10%" /> 328 <col width="19%" /> 329 <col width="18%" /> 330 <col width="17%" /> 331 </colgroup><tbody><tr> 332 <th>CVE</th> 333 <th></th> 334 <th></th> 335 <th> Google </th> 336 <th> AOSP </th> 337 <th> </th> 338 </tr> 339 <tr> 340 <td>CVE-2017-0597</td> 341 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/a9188f89179a7edd301abaf37d644adf5d647a04">A-34749571</a></td> 342 <td></td> 343 <td></td> 344 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> 345 <td>2017 1 25</td> 346 </tr> 347 </tbody></table> 348 349 <h3 id="id-in-framework-apis"> API 350 </h3> 351 352 <p> API 353 354 . 355 356 .</p> 357 358 <table> 359 <colgroup><col width="18%" /> 360 <col width="17%" /> 361 <col width="10%" /> 362 <col width="19%" /> 363 <col width="18%" /> 364 <col width="17%" /> 365 </colgroup><tbody><tr> 366 <th>CVE</th> 367 <th></th> 368 <th></th> 369 <th> Google </th> 370 <th> AOSP </th> 371 <th> </th> 372 </tr> 373 <tr> 374 <td>CVE-2017-0598</td> 375 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/4e110ab20bb91e945a17c6e166e14e2da9608f08">A-34128677</a> 376 [<a href="https://android.googlesource.com/platform/frameworks/base/+/d42e1204d5dddb78ec9d20d125951b59a8344f40">2</a>]</td> 377 <td></td> 378 <td></td> 379 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> 380 <td>2017 1 6</td> 381 </tr> 382 </tbody></table> 383 384 <h3 id="dos-in-mediaserver"> (DoS) </h3> 385 386 <p> 387 . 388 .</p> 389 390 <table> 391 <colgroup><col width="18%" /> 392 <col width="17%" /> 393 <col width="10%" /> 394 <col width="19%" /> 395 <col width="18%" /> 396 <col width="17%" /> 397 </colgroup><tbody><tr> 398 <th>CVE</th> 399 <th></th> 400 <th></th> 401 <th> Google </th> 402 <th> AOSP </th> 403 <th> </th> 404 </tr> 405 <tr> 406 <td>CVE-2017-0599</td> 407 <td><a href="https://android.googlesource.com/platform/external/libhevc/+/a1424724a00d62ac5efa0e27953eed66850d662f">A-34672748</a></td> 408 <td></td> 409 <td></td> 410 <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> 411 <td>2017 1 23</td> 412 </tr> 413 <tr> 414 <td>CVE-2017-0600</td> 415 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/961e5ac5788b52304e64b9a509781beaf5201fb0">A-35269635</a></td> 416 <td></td> 417 <td></td> 418 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> 419 <td>2017 2 10</td> 420 </tr> 421 </tbody></table> 422 423 <h3 id="eop-in-bluetooth"> 424 </h3> 425 426 <p> 427 . 428 429 . </p> 430 431 <table> 432 <colgroup><col width="18%" /> 433 <col width="17%" /> 434 <col width="10%" /> 435 <col width="19%" /> 436 <col width="18%" /> 437 <col width="17%" /> 438 </colgroup><tbody><tr> 439 <th>CVE</th> 440 <th></th> 441 <th></th> 442 <th> Google </th> 443 <th> AOSP </th> 444 <th> </th> 445 </tr> 446 <tr> 447 <td>CVE-2017-0601</td> 448 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/667d2cbe3eb1450f273a4f6595ccef35e1f0fe4b">A-35258579</a></td> 449 <td></td> 450 <td></td> 451 <td>7.0, 7.1.1, 7.1.2</td> 452 <td>2017 2 9</td> 453 </tr> 454 </tbody></table> 455 456 <h3 id="id-in-file-based-encryption"> 457 </h3> 458 459 <p> 460 461 . 462 .</p> 463 464 <table> 465 <colgroup><col width="18%" /> 466 <col width="17%" /> 467 <col width="10%" /> 468 <col width="19%" /> 469 <col width="18%" /> 470 <col width="17%" /> 471 </colgroup><tbody><tr> 472 <th>CVE</th> 473 <th></th> 474 <th></th> 475 <th> Google </th> 476 <th> AOSP </th> 477 <th> </th> 478 </tr> 479 <tr> 480 <td>CVE-2017-0493</td> 481 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/e4cefbf4fce458489b5f1bebc79dfaf566bcc5d5">A-32793550</a> 482 [<a href="https://android.googlesource.com/platform/frameworks/base/+/f806d65e615b942c268a5f68d44bde9d55634972">2</a>]</td> 483 <td></td> 484 <td></td> 485 <td>7.0, 7.1.1</td> 486 <td>2016 11 9</td> 487 </tr> 488 </tbody></table> 489 490 <h3 id="id-in-bluetooth"> </h3> 491 492 <p> 493 494 . 495 .</p> 496 497 <table> 498 <colgroup><col width="18%" /> 499 <col width="17%" /> 500 <col width="10%" /> 501 <col width="19%" /> 502 <col width="18%" /> 503 <col width="17%" /> 504 </colgroup><tbody><tr> 505 <th>CVE</th> 506 <th></th> 507 <th></th> 508 <th> Google </th> 509 <th> AOSP </th> 510 <th> </th> 511 </tr> 512 <tr> 513 <td>CVE-2017-0602</td> 514 <td><a href="https://android.googlesource.com/platform/system/bt/+/a4875a49404c544134df37022ae587a4a3321647">A-34946955</a></td> 515 <td></td> 516 <td></td> 517 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> 518 <td>2016 12 5</td> 519 </tr> 520 </tbody></table> 521 522 <h3 id="id-in-openssl-&-boringssl">OpenSSL BoringSSL </h3> 523 524 <p>OpenSSL BoringSSL 525 526 . 527 .</p> 528 529 <table> 530 <colgroup><col width="18%" /> 531 <col width="17%" /> 532 <col width="10%" /> 533 <col width="19%" /> 534 <col width="18%" /> 535 <col width="17%" /> 536 </colgroup><tbody><tr> 537 <th>CVE</th> 538 <th></th> 539 <th></th> 540 <th> Google </th> 541 <th> AOSP </th> 542 <th> </th> 543 </tr> 544 <tr> 545 <td>CVE-2016-7056</td> 546 <td><a href="https://android.googlesource.com/platform/external/boringssl/+/13179a8e75fee98740b5ce728752aa7294b3e32d">A-33752052</a></td> 547 <td></td> 548 <td></td> 549 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> 550 <td>2016 12 19</td> 551 </tr> 552 </tbody></table> 553 554 <h3 id="dos-in-mediaserver-2"> (DoS) 555 </h3> 556 557 <p> (DoS) 558 . 559 .</p> 560 561 <table> 562 <colgroup><col width="18%" /> 563 <col width="17%" /> 564 <col width="10%" /> 565 <col width="19%" /> 566 <col width="18%" /> 567 <col width="17%" /> 568 </colgroup><tbody><tr> 569 <th>CVE</th> 570 <th></th> 571 <th></th> 572 <th> Google </th> 573 <th> AOSP </th> 574 <th> </th> 575 </tr> 576 <tr> 577 <td>CVE-2017-0603</td> 578 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/36b04932bb93cc3269279282686b439a17a89920">A-35763994</a></td> 579 <td></td> 580 <td></td> 581 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> 582 <td>2017 2 23</td> 583 </tr> 584 </tbody></table> 585 586 <h3 id="dos-in-mediaserver-3"> (DoS) 587 </h3> 588 589 <p> 590 . 591 .</p> 592 593 <table> 594 <colgroup><col width="18%" /> 595 <col width="17%" /> 596 <col width="10%" /> 597 <col width="19%" /> 598 <col width="18%" /> 599 <col width="17%" /> 600 </colgroup><tbody><tr> 601 <th>CVE</th> 602 <th></th> 603 <th></th> 604 <th> Google </th> 605 <th> AOSP </th> 606 <th> </th> 607 </tr> 608 <tr> 609 <td>CVE-2017-0635</td> 610 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/523f6b49c1a2289161f40cf9fe80b92e592e9441">A-35467107</a></td> 611 <td></td> 612 <td></td> 613 <td>7.0, 7.1.1, 7.1.2</td> 614 <td>2017 2 16</td> 615 </tr> 616 </tbody></table> 617 618 <h2 id="2017-05-05-details">2017-05-05 619 </h2> 620 621 <p> 2017-05-05 622 . , 623 CVE, , , Google , 624 AOSP ( ), . 625 AOSP ID 626 . 627 ID .</p> 628 629 <h3 id="rce-in-giflib">GIFLIB </h3> 630 631 <p>GIFLIB 632 633 . 634 .</p> 635 636 <table> 637 <colgroup><col width="18%" /> 638 <col width="17%" /> 639 <col width="10%" /> 640 <col width="19%" /> 641 <col width="18%" /> 642 <col width="17%" /> 643 </colgroup><tbody><tr> 644 <th>CVE</th> 645 <th></th> 646 <th></th> 647 <th> Google </th> 648 <th> AOSP </th> 649 <th> </th> 650 </tr> 651 <tr> 652 <td>CVE-2015-7555</td> 653 <td><a href="https://android.googlesource.com/platform/external/giflib/+/dc07290edccc2c3fc4062da835306f809cea1fdc">A-34697653</a></td> 654 <td></td> 655 <td></td> 656 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> 657 <td>2016 4 13</td> 658 </tr> 659 </tbody></table> 660 661 <h3 id="eop-in-mediatek-touchscreen-driver">MediaTek 662 </h3> 663 664 <p>MediaTek 665 666 . 667 , 668 .</p> 669 670 <table> 671 <colgroup><col width="19%" /> 672 <col width="20%" /> 673 <col width="10%" /> 674 <col width="23%" /> 675 <col width="17%" /> 676 </colgroup><tbody><tr> 677 <th>CVE</th> 678 <th></th> 679 <th></th> 680 <th> Google </th> 681 <th> </th> 682 </tr> 683 <tr> 684 <td>CVE-2016-10274</td> 685 <td>A-30202412*<br /> 686 M-ALPS02897901</td> 687 <td></td> 688 <td>**</td> 689 <td>2016 7 16</td> 690 </tr> 691 </tbody></table> 692 693 <p>* . 694 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 695 696 697 .</p> 698 699 <p>*** Android 7.1.1 Google 700 .</p> 701 702 <h3 id="eop-in-qualcomm-bootloader">Qualcomm 703 </h3> 704 705 <p>Qualcomm 706 707 . 708 , 709 .</p> 710 711 <table> 712 <colgroup><col width="19%" /> 713 <col width="20%" /> 714 <col width="10%" /> 715 <col width="23%" /> 716 <col width="17%" /> 717 </colgroup><tbody><tr> 718 <th>CVE</th> 719 <th></th> 720 <th></th> 721 <th> Google </th> 722 <th> </th> 723 </tr> 724 <tr> 725 <td>CVE-2016-10275</td> 726 <td>A-34514954<br /> 727 <a href="https://source.codeaurora.org/quic/la//kernel/lk/commit/?id=1a0a15c380e11fc46f8d8706ea5ae22b752bdd0b"> 728 QC-CR#1009111</a></td> 729 <td></td> 730 <td>Nexus 5X, Nexus 6, Pixel, Pixel XL, Android One</td> 731 <td>2016 9 13</td> 732 </tr> 733 <tr> 734 <td>CVE-2016-10276</td> 735 <td>A-32952839<br /> 736 <a href="https://source.codeaurora.org/quic/la//kernel/lk/commit/?id=5dac431748027e8b50a5c4079967def4ea53ad64"> 737 QC-CR#1094105</a></td> 738 <td></td> 739 <td>Nexus 5X, Nexus 6P, Pixel, Pixel XL</td> 740 <td>2016 11 16</td> 741 </tr> 742 </tbody></table> 743 744 <h3 id="eop-in-kernel-sound-subsystem"> 745 </h3> 746 747 <p> 748 749 . 750 , 751 .</p> 752 753 <table> 754 <colgroup><col width="19%" /> 755 <col width="20%" /> 756 <col width="10%" /> 757 <col width="23%" /> 758 <col width="17%" /> 759 </colgroup><tbody><tr> 760 <th>CVE</th> 761 <th></th> 762 <th></th> 763 <th> Google </th> 764 <th> </th> 765 </tr> 766 <tr> 767 <td>CVE-2016-9794</td> 768 <td>A-34068036<br /> 769 <a href="https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?id=a27178e05b7c332522df40904f27674e36ee3757"> 770 </a></td> 771 <td></td> 772 <td>Nexus 5X, Nexus 6, Nexus 6P, Nexus 9, Pixel, Pixel XL, Pixel C, Android 773 One, Nexus Player</td> 774 <td>2016 12 3</td> 775 </tr> 776 </tbody></table> 777 778 <h3 id="eop-in-motorola-bootloader">Motorola 779 </h3> 780 781 <p>Motorola 782 783 . 784 , 785 .</p> 786 787 <table> 788 <colgroup><col width="19%" /> 789 <col width="20%" /> 790 <col width="10%" /> 791 <col width="23%" /> 792 <col width="17%" /> 793 </colgroup><tbody><tr> 794 <th>CVE</th> 795 <th></th> 796 <th></th> 797 <th> Google </th> 798 <th> </th> 799 </tr> 800 <tr> 801 <td>CVE-2016-10277</td> 802 <td>A-33840490*<br /> 803 </td> 804 <td></td> 805 <td>Nexus 6</td> 806 <td>2016 12 21</td> 807 </tr> 808 </tbody></table> 809 810 <p>* . 811 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 812 813 814 .</p> 815 816 <h3 id="eop-in-nvidia-video-driver">NVIDIA 817 </h3> 818 819 <p>NVIDIA 820 821 . 822 , 823 .</p> 824 825 <table> 826 <colgroup><col width="19%" /> 827 <col width="20%" /> 828 <col width="10%" /> 829 <col width="23%" /> 830 <col width="17%" /> 831 </colgroup><tbody><tr> 832 <th>CVE</th> 833 <th></th> 834 <th></th> 835 <th> Google </th> 836 <th> </th> 837 </tr> 838 <tr> 839 <td>CVE-2017-0331</td> 840 <td>A-34113000*<br /> 841 N-CVE-2017-0331</td> 842 <td></td> 843 <td>Nexus 9</td> 844 <td>2017 1 4</td> 845 </tr> 846 </tbody></table> 847 848 <p>* . 849 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 850 851 852 .</p> 853 854 <h3 id="eop-in-qualcomm-power-driver">Qualcomm </h3> 855 856 <p> Qualcomm 857 858 . 859 , 860 .</p> 861 862 <table> 863 <colgroup><col width="19%" /> 864 <col width="20%" /> 865 <col width="10%" /> 866 <col width="23%" /> 867 <col width="17%" /> 868 </colgroup><tbody><tr> 869 <th>CVE</th> 870 <th></th> 871 <th></th> 872 <th> Google </th> 873 <th> </th> 874 </tr> 875 <tr> 876 <td>CVE-2017-0604</td> 877 <td>A-35392981<br /> 878 <a href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=6975e2dd5f37de965093ba3a8a08635a77a960f7"> 879 QC-CR#826589</a></td> 880 <td></td> 881 <td>*</td> 882 <td>2017 2 15</td> 883 </tr> 884 </tbody></table> 885 886 <p>* Android 7.1.1 Google 887 .</p> 888 889 <h3 id="eop-in-kernel-trace-subsystem"> 890 </h3> 891 892 <p> 893 894 . 895 , 896 .</p> 897 898 <table> 899 <colgroup><col width="19%" /> 900 <col width="20%" /> 901 <col width="10%" /> 902 <col width="23%" /> 903 <col width="17%" /> 904 </colgroup><tbody><tr> 905 <th>CVE</th> 906 <th></th> 907 <th></th> 908 <th> Google </th> 909 <th> </th> 910 </tr> 911 <tr> 912 <td>CVE-2017-0605</td> 913 <td>A-35399704<br /> 914 <a href="https://source.codeaurora.org/quic/la//kernel/msm-3.10/commit/?id=2161ae9a70b12cf18ac8e5952a20161ffbccb477"> 915 QC-CR#1048480</a></td> 916 <td></td> 917 <td>Nexus 5X, Nexus 6, Nexus 6P, Nexus 9, Pixel, Pixel XL, Pixel C, Android 918 One, Nexus Player</td> 919 <td>2017 2 15</td> 920 </tr> 921 </tbody></table> 922 923 <h3 id="vulnerabilities-in-qualcomm-components">Qualcomm 924 </h3> 925 926 <p> Qualcomm Qualcomm AMSS 927 2016 8, 9, 10, 12 .</p> 928 929 <table> 930 <colgroup><col width="19%" /> 931 <col width="20%" /> 932 <col width="10%" /> 933 <col width="23%" /> 934 <col width="17%" /> 935 </colgroup><tbody><tr> 936 <th>CVE</th> 937 <th></th> 938 <th></th> 939 <th> Google </th> 940 <th> </th> 941 </tr> 942 <tr> 943 <td>CVE-2016-10240</td> 944 <td>A-32578446**<br /> 945 QC-CR#955710</td> 946 <td></td> 947 <td>Nexus 6P</td> 948 <td>Qualcomm </td> 949 </tr> 950 <tr> 951 <td>CVE-2016-10241</td> 952 <td>A-35436149**<br /> 953 QC-CR#1068577</td> 954 <td></td> 955 <td>Nexus 5X, Nexus 6, Nexus 6P, Pixel, Pixel XL</td> 956 <td>Qualcomm </td> 957 </tr> 958 <tr> 959 <td>CVE-2016-10278</td> 960 <td>A-31624008**<br /> 961 QC-CR#1043004</td> 962 <td></td> 963 <td>Pixel, Pixel XL</td> 964 <td>Qualcomm </td> 965 </tr> 966 <tr> 967 <td>CVE-2016-10279</td> 968 <td>A-31624421**<br /> 969 QC-CR#1031821</td> 970 <td></td> 971 <td>Pixel, Pixel XL</td> 972 <td>Qualcomm </td> 973 </tr> 974 </tbody></table> 975 976 <p>* .</p> 977 978 <p>* . 979 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 980 981 982 .</p> 983 984 <p>*** Android 7.1.1 Google 985 .</p> 986 987 <h3 id="rce-in-libxml2">libxml2 </h3> 988 989 <p>libxml2 990 991 . 992 .</p> 993 994 <table> 995 <colgroup><col width="18%" /> 996 <col width="17%" /> 997 <col width="10%" /> 998 <col width="19%" /> 999 <col width="18%" /> 1000 <col width="17%" /> 1001 </colgroup><tbody><tr> 1002 <th>CVE</th> 1003 <th></th> 1004 <th></th> 1005 <th> Google </th> 1006 <th> AOSP </th> 1007 <th> </th> 1008 </tr> 1009 <tr> 1010 <td>CVE-2016-5131</td> 1011 <td>A-32956747*</td> 1012 <td></td> 1013 <td>**</td> 1014 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0</td> 1015 <td>2016 7 23</td> 1016 </tr> 1017 </tbody></table> 1018 1019 <p>* . 1020 <a href="https://developers.google.com/android/drivers">Google </a> Nexus 1021 .</p> 1022 1023 <p>** Android 7.1.1 Google 1024 .</p> 1025 1026 <h3 id="eop-in-mediatek-thermal-driver">MediaTek 1027 </h3> 1028 1029 <p>MediaTek 1030 1031 . 1032 .</p> 1033 1034 <table> 1035 <colgroup><col width="19%" /> 1036 <col width="20%" /> 1037 <col width="10%" /> 1038 <col width="23%" /> 1039 <col width="17%" /> 1040 </colgroup><tbody><tr> 1041 <th>CVE</th> 1042 <th></th> 1043 <th></th> 1044 <th> Google </th> 1045 <th> </th> 1046 </tr> 1047 <tr> 1048 <td>CVE-2016-10280</td> 1049 <td>A-28175767*<br /> 1050 M-ALPS02696445</td> 1051 <td></td> 1052 <td>**</td> 1053 <td>2016 4 11</td> 1054 </tr> 1055 <tr> 1056 <td>CVE-2016-10281</td> 1057 <td>A-28175647*<br /> 1058 M-ALPS02696475</td> 1059 <td></td> 1060 <td>**</td> 1061 <td>2016 4 11</td> 1062 </tr> 1063 <tr> 1064 <td>CVE-2016-10282</td> 1065 <td>A-33939045*<br /> 1066 M-ALPS03149189</td> 1067 <td></td> 1068 <td>**</td> 1069 <td>2016 12 27</td> 1070 </tr> 1071 </tbody></table> 1072 1073 <p>* . 1074 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1075 1076 1077 .</p> 1078 1079 <p>** Android 7.1.1 Google 1080 .</p> 1081 1082 <h3 id="eop-in-qualcomm-wi-fi-driver">Qualcomm Wi-Fi 1083 </h3> 1084 1085 <p>Qualcomm Wi-Fi 1086 1087 . 1088 .</p> 1089 1090 <table> 1091 <colgroup><col width="19%" /> 1092 <col width="20%" /> 1093 <col width="10%" /> 1094 <col width="23%" /> 1095 <col width="17%" /> 1096 </colgroup><tbody><tr> 1097 <th>CVE</th> 1098 <th></th> 1099 <th></th> 1100 <th> Google </th> 1101 <th> </th> 1102 </tr> 1103 <tr> 1104 <td>CVE-2016-10283</td> 1105 <td>A-32094986<br /> 1106 <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=93863644b4547324309613361d70ad9dc91f8dfd"> 1107 QC-CR#2002052</a></td> 1108 <td></td> 1109 <td>Nexus 5X, Pixel, Pixel XL, Android One</td> 1110 <td>2016 10 11</td> 1111 </tr> 1112 </tbody></table> 1113 1114 <h3 id="eop-in-qualcomm-video-driver">Qualcomm 1115 </h3> 1116 1117 <p>Qualcomm 1118 1119 . 1120 .</p> 1121 1122 <table> 1123 <colgroup><col width="19%" /> 1124 <col width="20%" /> 1125 <col width="10%" /> 1126 <col width="23%" /> 1127 <col width="17%" /> 1128 </colgroup><tbody><tr> 1129 <th>CVE</th> 1130 <th></th> 1131 <th></th> 1132 <th> Google </th> 1133 <th> </th> 1134 </tr> 1135 <tr> 1136 <td>CVE-2016-10284</td> 1137 <td>A-32402303*<br /> 1138 QC-CR#2000664</td> 1139 <td></td> 1140 <td>Nexus 5X, Nexus 6, Nexus 6P, Pixel, Pixel XL, Android One</td> 1141 <td>2016 10 24</td> 1142 </tr> 1143 <tr> 1144 <td>CVE-2016-10285</td> 1145 <td>A-33752702<br /> 1146 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=67dfd3a65336e0b3f55ee83d6312321dc5f2a6f9"> 1147 QC-CR#1104899</a></td> 1148 <td></td> 1149 <td>Pixel, Pixel XL</td> 1150 <td>2016 12 19</td> 1151 </tr> 1152 <tr> 1153 <td>CVE-2016-10286</td> 1154 <td>A-35400904<br /> 1155 <a href="https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=5d30a3d0dc04916ddfb972bfc52f8e636642f999"> 1156 QC-CR#1090237</a></td> 1157 <td></td> 1158 <td>Pixel, Pixel XL</td> 1159 <td>2017 2 15</td> 1160 </tr> 1161 </tbody></table> 1162 1163 <p>* . 1164 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1165 1166 1167 .</p> 1168 1169 <h3 id="eop-in-kernel-performance-subsystem"> 1170 </h3> 1171 1172 <p> 1173 . 1174 .</p> 1175 1176 <table> 1177 <colgroup><col width="19%" /> 1178 <col width="20%" /> 1179 <col width="10%" /> 1180 <col width="23%" /> 1181 <col width="17%" /> 1182 </colgroup><tbody><tr> 1183 <th>CVE</th> 1184 <th></th> 1185 <th></th> 1186 <th> Google </th> 1187 <th> </th> 1188 </tr> 1189 <tr> 1190 <td>CVE-2015-9004</td> 1191 <td>A-34515362<br /> 1192 <a href="https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?id=c3c87e770458aa004bd7ed3f29945ff436fd6511"> 1193 </a></td> 1194 <td></td> 1195 <td>Nexus 5X, Nexus 6, Nexus 6P, Nexus 9, Pixel, Pixel XL, Pixel C, Android 1196 One, Nexus Player</td> 1197 <td>2016 11 23</td> 1198 </tr> 1199 </tbody></table> 1200 1201 <h3 id="eop-in-qualcomm-sound-driver">Qualcomm 1202 </h3> 1203 1204 <p>Qualcomm 1205 1206 . 1207 .</p> 1208 1209 <table> 1210 <colgroup><col width="19%" /> 1211 <col width="20%" /> 1212 <col width="10%" /> 1213 <col width="23%" /> 1214 <col width="17%" /> 1215 </colgroup><tbody><tr> 1216 <th>CVE</th> 1217 <th></th> 1218 <th></th> 1219 <th> Google </th> 1220 <th> </th> 1221 </tr> 1222 <tr> 1223 <td>CVE-2016-10287</td> 1224 <td>A-33784446<br /> 1225 <a href="https://www.codeaurora.org/gitweb/quic/la/?p=kernel/msm-4.4.git;a=commit;h=937bc9e644180e258c68662095861803f7ba4ded"> 1226 QC-CR#1112751</a></td> 1227 <td></td> 1228 <td>Nexus 5X, Nexus 6P, Pixel, Pixel XL, Android One</td> 1229 <td>2016 12 20</td> 1230 </tr> 1231 <tr> 1232 <td>CVE-2017-0606</td> 1233 <td>A-34088848<br /> 1234 <a href="https://www.codeaurora.org/gitweb/quic/la/?p=kernel/msm-4.4.git;a=commit;h=d3237316314c3d6f75a58192971f66e3822cd250"> 1235 QC-CR#1116015</a></td> 1236 <td></td> 1237 <td>Nexus 5X, Nexus 6P, Pixel, Pixel XL, Android One</td> 1238 <td>2017 1 3</td> 1239 </tr> 1240 <tr> 1241 <td>CVE-2016-5860</td> 1242 <td>A-34623424<br /> 1243 <a href="https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=9f91ae0d7203714fc39ae78e1f1c4fd71ed40498"> 1244 QC-CR#1100682</a></td> 1245 <td></td> 1246 <td>Pixel, Pixel XL</td> 1247 <td>2017 1 22</td> 1248 </tr> 1249 <tr> 1250 <td>CVE-2016-5867</td> 1251 <td>A-35400602<br /> 1252 <a href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=065360da7147003aed8f59782b7652d565f56be5"> 1253 QC-CR#1095947</a></td> 1254 <td></td> 1255 <td>*</td> 1256 <td>2017 2 15</td> 1257 </tr> 1258 <tr> 1259 <td>CVE-2017-0607</td> 1260 <td>A-35400551<br /> 1261 <a href="https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=b003c8d5407773d3aa28a48c9841e4c124da453d"> 1262 QC-CR#1085928</a></td> 1263 <td></td> 1264 <td>Pixel, Pixel XL</td> 1265 <td>2017 2 15</td> 1266 </tr> 1267 <tr> 1268 <td>CVE-2017-0608</td> 1269 <td>A-35400458<br /> 1270 <a href="https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=b66f442dd97c781e873e8f7b248e197f86fd2980"> 1271 QC-CR#1098363</a></td> 1272 <td></td> 1273 <td>Nexus 5X, Nexus 6, Nexus 6P, Pixel, Pixel XL, Android One</td> 1274 <td>2017 2 15</td> 1275 </tr> 1276 <tr> 1277 <td>CVE-2017-0609</td> 1278 <td>A-35399801<br /> 1279 <a href="https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=38a83df036084c00e8c5a4599c8ee7880b4ee567"> 1280 QC-CR#1090482</a></td> 1281 <td></td> 1282 <td>Nexus 5X, Nexus 6P, Pixel, Pixel XL, Android One</td> 1283 <td>2017 2 15</td> 1284 </tr> 1285 <tr> 1286 <td>CVE-2016-5859</td> 1287 <td>A-35399758<br /> 1288 <a href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=97fdb441a9fb330a76245e473bc1a2155c809ebe"> 1289 QC-CR#1096672</a></td> 1290 <td></td> 1291 <td>*</td> 1292 <td>2017 2 15</td> 1293 </tr> 1294 <tr> 1295 <td>CVE-2017-0610</td> 1296 <td>A-35399404<br /> 1297 <a href="https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=65009746a6e649779f73d665934561ea983892fe"> 1298 QC-CR#1094852</a></td> 1299 <td></td> 1300 <td>Nexus 5X, Nexus 6, Nexus 6P, Pixel, Pixel XL, Android One</td> 1301 <td>2017 2 15</td> 1302 </tr> 1303 <tr> 1304 <td>CVE-2017-0611</td> 1305 <td>A-35393841<br /> 1306 <a href="https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=1aa5df9246557a98181f03e98530ffd509b954c8"> 1307 QC-CR#1084210</a></td> 1308 <td></td> 1309 <td>Nexus 5X, Nexus 6, Nexus 6P, Pixel, Pixel XL, Android One</td> 1310 <td>2017 2 15</td> 1311 </tr> 1312 <tr> 1313 <td>CVE-2016-5853</td> 1314 <td>A-35392629<br /> 1315 <a href="https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=a8f3b894de319718aecfc2ce9c691514696805be"> 1316 QC-CR#1102987</a></td> 1317 <td></td> 1318 <td>*</td> 1319 <td>2017 2 15</td> 1320 </tr> 1321 </tbody></table> 1322 1323 <p>* Android 7.1.1 Google 1324 .</p> 1325 1326 <h3 id="eop-in-qualcomm-led-driver">Qualcomm LED 1327 </h3> 1328 1329 <p>Qualcomm LED 1330 1331 . 1332 .</p> 1333 1334 <table> 1335 <colgroup><col width="19%" /> 1336 <col width="20%" /> 1337 <col width="10%" /> 1338 <col width="23%" /> 1339 <col width="17%" /> 1340 </colgroup><tbody><tr> 1341 <th>CVE</th> 1342 <th></th> 1343 <th></th> 1344 <th> Google </th> 1345 <th> </th> 1346 </tr> 1347 <tr> 1348 <td>CVE-2016-10288</td> 1349 <td>A-33863909<br /> 1350 <a href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=db2cdc95204bc404f03613d5dd7002251fb33660"> 1351 QC-CR#1109763</a></td> 1352 <td></td> 1353 <td>Pixel, Pixel XL</td> 1354 <td>2016 12 23</td> 1355 </tr> 1356 </tbody></table> 1357 1358 <h3 id="eop-in-qualcomm-crypto-driver">Qualcomm 1359 </h3> 1360 1361 <p>Qualcomm 1362 1363 . 1364 .</p> 1365 1366 <table> 1367 <colgroup><col width="19%" /> 1368 <col width="20%" /> 1369 <col width="10%" /> 1370 <col width="23%" /> 1371 <col width="17%" /> 1372 </colgroup><tbody><tr> 1373 <th>CVE</th> 1374 <th></th> 1375 <th></th> 1376 <th> Google </th> 1377 <th> </th> 1378 </tr> 1379 <tr> 1380 <td>CVE-2016-10289</td> 1381 <td>A-33899710<br /> 1382 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=a604e6f3889ccc343857532b63dea27603381816"> 1383 QC-CR#1116295</a></td> 1384 <td></td> 1385 <td>Nexus 5X, Nexus 6, Nexus 6P, Pixel, Pixel XL, Android One</td> 1386 <td>2016 12 24</td> 1387 </tr> 1388 </tbody></table> 1389 1390 <h3 id="eop-in-qualcomm-shared-memory-driver">Qualcomm 1391 </h3> 1392 1393 <p>Qualcomm 1394 1395 . 1396 .</p> 1397 1398 <table> 1399 <colgroup><col width="19%" /> 1400 <col width="20%" /> 1401 <col width="10%" /> 1402 <col width="23%" /> 1403 <col width="17%" /> 1404 </colgroup><tbody><tr> 1405 <th>CVE</th> 1406 <th></th> 1407 <th></th> 1408 <th> Google </th> 1409 <th> </th> 1410 </tr> 1411 <tr> 1412 <td>CVE-2016-10290</td> 1413 <td>A-33898330<br /> 1414 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=a5e46d8635a2e28463b365aacdeab6750abd0d49"> 1415 QC-CR#1109782</a></td> 1416 <td></td> 1417 <td>Nexus 5X, Nexus 6P, Pixel, Pixel XL</td> 1418 <td>2016 12 24</td> 1419 </tr> 1420 </tbody></table> 1421 1422 <h3 id="eop-in-qualcomm-slimbus-driver">Qualcomm Slimbus 1423 </h3> 1424 1425 <p>Qualcomm Slimbus 1426 1427 . 1428 .</p> 1429 1430 <table> 1431 <colgroup><col width="19%" /> 1432 <col width="20%" /> 1433 <col width="10%" /> 1434 <col width="23%" /> 1435 <col width="17%" /> 1436 </colgroup><tbody><tr> 1437 <th>CVE</th> 1438 <th></th> 1439 <th></th> 1440 <th> Google </th> 1441 <th> </th> 1442 </tr> 1443 <tr> 1444 <td>CVE-2016-10291</td> 1445 <td>A-34030871<br /> 1446 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=a225074c0494ca8125ca0ac2f9ebc8a2bd3612de"> 1447 QC-CR#986837</a></td> 1448 <td></td> 1449 <td>Nexus 5X, Nexus 6, Nexus 6P, Android One</td> 1450 <td>2016 12 31</td> 1451 </tr> 1452 </tbody></table> 1453 1454 <h3 id="eop-in-qualcomm-adsprpc-driver">Qualcomm ADSPRPC 1455 </h3> 1456 1457 <p>Qualcomm ADSPRPC 1458 1459 . 1460 .</p> 1461 1462 <table> 1463 <colgroup><col width="19%" /> 1464 <col width="20%" /> 1465 <col width="10%" /> 1466 <col width="23%" /> 1467 <col width="17%" /> 1468 </colgroup><tbody><tr> 1469 <th>CVE</th> 1470 <th></th> 1471 <th></th> 1472 <th> Google </th> 1473 <th> </th> 1474 </tr> 1475 <tr> 1476 <td>CVE-2017-0465</td> 1477 <td>A-34112914<br /> 1478 <a href="https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=3823f0f8d0bbbbd675a42a54691f4051b3c7e544"> 1479 QC-CR#1110747</a></td> 1480 <td></td> 1481 <td>Nexus 5X, Nexus 6P, Pixel, Pixel XL, Android One</td> 1482 <td>2017 1 5</td> 1483 </tr> 1484 </tbody></table> 1485 1486 <h3 id="eop-in-qualcomm-secure-execution-environment-communicator-driver">Qualcomm Secure Execution Environment 1487 Communicator 1488 </h3> 1489 1490 <p>Qualcomm Secure Execution Environment Communicator 1491 1492 . 1493 .</p> 1494 1495 <table> 1496 <colgroup><col width="19%" /> 1497 <col width="20%" /> 1498 <col width="10%" /> 1499 <col width="23%" /> 1500 <col width="17%" /> 1501 </colgroup><tbody><tr> 1502 <th>CVE</th> 1503 <th></th> 1504 <th></th> 1505 <th> Google </th> 1506 <th> </th> 1507 </tr> 1508 <tr> 1509 <td>CVE-2017-0612</td> 1510 <td>A-34389303<br /> 1511 <a href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=05efafc998dc86c3b75af9803ca71255ddd7a8eb"> 1512 QC-CR#1061845</a></td> 1513 <td></td> 1514 <td>Pixel, Pixel XL</td> 1515 <td>2017 1 10</td> 1516 </tr> 1517 <tr> 1518 <td>CVE-2017-0613</td> 1519 <td>A-35400457<br /> 1520 <a href="https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=b108c651cae9913da1ab163cb4e5f7f2db87b747"> 1521 QC-CR#1086140</a></td> 1522 <td></td> 1523 <td>Nexus 5X, Nexus 6, Nexus 6P, Pixel, Pixel XL, Android One</td> 1524 <td>2017 2 15</td> 1525 </tr> 1526 <tr> 1527 <td>CVE-2017-0614</td> 1528 <td>A-35399405<br /> 1529 <a href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=fc2ae27eb9721a0ce050c2062734fec545cda604"> 1530 QC-CR#1080290</a></td> 1531 <td></td> 1532 <td>Nexus 5X, Nexus 6, Nexus 6P, Pixel, Pixel XL, Android One</td> 1533 <td>2017 2 15</td> 1534 </tr> 1535 </tbody></table> 1536 1537 <h3 id="eop-in-mediatek-power-driver">MediaTek 1538 </h3> 1539 1540 <p>MediaTek 1541 1542 . 1543 .</p> 1544 1545 <table> 1546 <colgroup><col width="19%" /> 1547 <col width="20%" /> 1548 <col width="10%" /> 1549 <col width="23%" /> 1550 <col width="17%" /> 1551 </colgroup><tbody><tr> 1552 <th>CVE</th> 1553 <th></th> 1554 <th></th> 1555 <th> Google </th> 1556 <th> </th> 1557 </tr> 1558 <tr> 1559 <td>CVE-2017-0615</td> 1560 <td>A-34259126*<br /> 1561 M-ALPS03150278</td> 1562 <td></td> 1563 <td>**</td> 1564 <td>2017 1 12</td> 1565 </tr> 1566 </tbody></table> 1567 1568 <p>* . 1569 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1570 1571 1572 .</p> 1573 1574 <p>** Android 7.1.1 Google 1575 .</p> 1576 1577 <h3 id="eop-in-mediatek-system-management-interrupt-driver">MediaTek 1578 </h3> 1579 1580 <p>MediaTek 1581 1582 . 1583 .</p> 1584 1585 <table> 1586 <colgroup><col width="19%" /> 1587 <col width="20%" /> 1588 <col width="10%" /> 1589 <col width="23%" /> 1590 <col width="17%" /> 1591 </colgroup><tbody><tr> 1592 <th>CVE</th> 1593 <th></th> 1594 <th></th> 1595 <th> Google </th> 1596 <th> </th> 1597 </tr> 1598 <tr> 1599 <td>CVE-2017-0616</td> 1600 <td>A-34470286*<br /> 1601 M-ALPS03149160</td> 1602 <td></td> 1603 <td>**</td> 1604 <td>2017 1 19</td> 1605 </tr> 1606 </tbody></table> 1607 1608 <p>* . 1609 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1610 1611 1612 .</p> 1613 1614 <p>** Android 7.1.1 Google 1615 .</p> 1616 1617 <h3 id="eop-in-mediatek-video-driver">MediaTek 1618 </h3> 1619 1620 <p>MediaTek 1621 1622 . 1623 .</p> 1624 1625 <table> 1626 <colgroup><col width="19%" /> 1627 <col width="20%" /> 1628 <col width="10%" /> 1629 <col width="23%" /> 1630 <col width="17%" /> 1631 </colgroup><tbody><tr> 1632 <th>CVE</th> 1633 <th></th> 1634 <th></th> 1635 <th> Google </th> 1636 <th> </th> 1637 </tr> 1638 <tr> 1639 <td>CVE-2017-0617</td> 1640 <td>A-34471002*<br /> 1641 M-ALPS03149173</td> 1642 <td></td> 1643 <td>**</td> 1644 <td>2017 1 19</td> 1645 </tr> 1646 </tbody></table> 1647 1648 <p>* . 1649 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1650 1651 1652 .</p> 1653 1654 <p>** Android 7.1.1 Google 1655 .</p> 1656 1657 <h3 id="eop-in-mediatek-command-queue-driver">MediaTek 1658 </h3> 1659 1660 <p>MediaTek 1661 1662 . 1663 .</p> 1664 1665 <table> 1666 <colgroup><col width="19%" /> 1667 <col width="20%" /> 1668 <col width="10%" /> 1669 <col width="23%" /> 1670 <col width="17%" /> 1671 </colgroup><tbody><tr> 1672 <th>CVE</th> 1673 <th></th> 1674 <th></th> 1675 <th> Google </th> 1676 <th> </th> 1677 </tr> 1678 <tr> 1679 <td>CVE-2017-0618</td> 1680 <td>A-35100728*<br /> 1681 M-ALPS03161536</td> 1682 <td></td> 1683 <td>**</td> 1684 <td>2017 2 7</td> 1685 </tr> 1686 </tbody></table> 1687 1688 <p>* . 1689 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1690 1691 1692 .</p> 1693 1694 <p>** Android 7.1.1 Google 1695 .</p> 1696 1697 <h3 id="eop-in-qualcomm-pin-controller-driver">Qualcomm 1698 </h3> 1699 1700 <p>Qualcomm 1701 1702 . 1703 .</p> 1704 1705 <table> 1706 <colgroup><col width="19%" /> 1707 <col width="20%" /> 1708 <col width="10%" /> 1709 <col width="23%" /> 1710 <col width="17%" /> 1711 </colgroup><tbody><tr> 1712 <th>CVE</th> 1713 <th></th> 1714 <th></th> 1715 <th> Google </th> 1716 <th> </th> 1717 </tr> 1718 <tr> 1719 <td>CVE-2017-0619</td> 1720 <td>A-35401152<br /> 1721 <a href="https://source.codeaurora.org/quic/la//kernel/msm-3.14/commit/?id=72f67b29a9c5e6e8d3c34751600c749c5f5e13e1"> 1722 QC-CR#826566</a></td> 1723 <td></td> 1724 <td>Nexus 6, Android One</td> 1725 <td>2017 2 15</td> 1726 </tr> 1727 </tbody></table> 1728 1729 <h3 id="eop-in-qualcomm-secure-channel-manager-driver">Qualcomm Secure Channel 1730 Manager </h3> 1731 1732 <p>Qualcomm Secure Channel Manager 1733 1734 . 1735 .</p> 1736 1737 <table> 1738 <colgroup><col width="19%" /> 1739 <col width="20%" /> 1740 <col width="10%" /> 1741 <col width="23%" /> 1742 <col width="17%" /> 1743 </colgroup><tbody><tr> 1744 <th>CVE</th> 1745 <th></th> 1746 <th></th> 1747 <th> Google </th> 1748 <th> </th> 1749 </tr> 1750 <tr> 1751 <td>CVE-2017-0620</td> 1752 <td>A-35401052<br /> 1753 <a href="https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=01b2c9a5d728ff6f2f1f28a5d4e927aaeabf56ed"> 1754 QC-CR#1081711</a></td> 1755 <td></td> 1756 <td>Nexus 5X, Nexus 6, Nexus 6P, Pixel, Pixel XL, Android One</td> 1757 <td>2017 2 15</td> 1758 </tr> 1759 </tbody></table> 1760 1761 <h3 id="eop-in-qualcomm-sound-codec-driver">Qualcomm 1762 </h3> 1763 1764 <p>Qualcomm 1765 1766 . 1767 .</p> 1768 1769 <table> 1770 <colgroup><col width="19%" /> 1771 <col width="20%" /> 1772 <col width="10%" /> 1773 <col width="23%" /> 1774 <col width="17%" /> 1775 </colgroup><tbody><tr> 1776 <th>CVE</th> 1777 <th></th> 1778 <th></th> 1779 <th> Google </th> 1780 <th> </th> 1781 </tr> 1782 <tr> 1783 <td>CVE-2016-5862</td> 1784 <td>A-35399803<br /> 1785 <a href="https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=4199451e83729a3add781eeafaee32994ff65b04"> 1786 QC-CR#1099607</a></td> 1787 <td></td> 1788 <td>Pixel, Pixel XL</td> 1789 <td>2017 2 15</td> 1790 </tr> 1791 </tbody></table> 1792 1793 <h3 id="eop-in-kernel-voltage-regulator-driver"> 1794 </h3> 1795 1796 <p> 1797 . 1798 1799 .</p> 1800 1801 <table> 1802 <colgroup><col width="19%" /> 1803 <col width="20%" /> 1804 <col width="10%" /> 1805 <col width="23%" /> 1806 <col width="17%" /> 1807 </colgroup><tbody><tr> 1808 <th>CVE</th> 1809 <th></th> 1810 <th></th> 1811 <th> Google </th> 1812 <th> </th> 1813 </tr> 1814 <tr> 1815 <td>CVE-2014-9940</td> 1816 <td>A-35399757<br /> 1817 <a href="https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?id=60a2362f769cf549dc466134efe71c8bf9fbaaba"> 1818 </a></td> 1819 <td></td> 1820 <td>Nexus 6, Nexus 9, Pixel C, Android One, Nexus Player</td> 1821 <td>2017 2 15</td> 1822 </tr> 1823 </tbody></table> 1824 1825 <h3 id="eop-in-qualcomm-camera-driver">Qualcomm 1826 </h3> 1827 1828 <p>Qualcomm 1829 1830 . 1831 .</p> 1832 1833 <table> 1834 <colgroup><col width="19%" /> 1835 <col width="20%" /> 1836 <col width="10%" /> 1837 <col width="23%" /> 1838 <col width="17%" /> 1839 </colgroup><tbody><tr> 1840 <th>CVE</th> 1841 <th></th> 1842 <th></th> 1843 <th> Google </th> 1844 <th> </th> 1845 </tr> 1846 <tr> 1847 <td>CVE-2017-0621</td> 1848 <td>A-35399703<br /> 1849 <a href="https://source.codeaurora.org/quic/la//kernel/msm-3.10/commit/?id=9656e2c2b3523af20502bf1e933e35a397f5e82f"> 1850 QC-CR#831322</a></td> 1851 <td></td> 1852 <td>Android One</td> 1853 <td>2017 2 15</td> 1854 </tr> 1855 </tbody></table> 1856 1857 <h3 id="eop-in-qualcomm-networking-driver">Qualcomm 1858 </h3> 1859 1860 <p>Qualcomm 1861 1862 . 1863 .</p> 1864 1865 <table> 1866 <colgroup><col width="19%" /> 1867 <col width="20%" /> 1868 <col width="10%" /> 1869 <col width="23%" /> 1870 <col width="17%" /> 1871 </colgroup><tbody><tr> 1872 <th>CVE</th> 1873 <th></th> 1874 <th></th> 1875 <th> Google </th> 1876 <th> </th> 1877 </tr> 1878 <tr> 1879 <td>CVE-2016-5868</td> 1880 <td>A-35392791<br /> 1881 <a href="https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=fbb765a3f813f5cc85ddab21487fd65f24bf6a8c"> 1882 QC-CR#1104431</a></td> 1883 <td></td> 1884 <td>Nexus 5X, Pixel, Pixel XL</td> 1885 <td>2017 2 15</td> 1886 </tr> 1887 </tbody></table> 1888 1889 <h3 id="eop-in-kernel-networking-subsystem"> 1890 </h3> 1891 1892 <p> 1893 1894 . 1895 .</p> 1896 1897 <table> 1898 <colgroup><col width="19%" /> 1899 <col width="20%" /> 1900 <col width="10%" /> 1901 <col width="23%" /> 1902 <col width="17%" /> 1903 </colgroup><tbody><tr> 1904 <th>CVE</th> 1905 <th></th> 1906 <th></th> 1907 <th> Google </th> 1908 <th> </th> 1909 </tr> 1910 <tr> 1911 <td>CVE-2017-7184</td> 1912 <td>A-36565222<br /> 1913 <a href="https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=677e806da4d916052585301785d847c3b3e6186a"> 1914 </a> <a href="https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f843ee6dd019bcece3e74e76ad9df0155655d0df"> 1915 [2]</a></td> 1916 <td></td> 1917 <td>Nexus 5X, Nexus 6, Nexus 6P, Nexus 9, Pixel, Pixel XL, Android One</td> 1918 <td>2017 3 23</td> 1919 </tr> 1920 </tbody></table> 1921 1922 <h3 id="eop-in-goodix-touchscreen-driver">Goodix 1923 </h3> 1924 1925 <p>Goodix 1926 1927 . 1928 .</p> 1929 1930 <table> 1931 <colgroup><col width="19%" /> 1932 <col width="20%" /> 1933 <col width="10%" /> 1934 <col width="23%" /> 1935 <col width="17%" /> 1936 </colgroup><tbody><tr> 1937 <th>CVE</th> 1938 <th></th> 1939 <th></th> 1940 <th> Google </th> 1941 <th> </th> 1942 </tr> 1943 <tr> 1944 <td>CVE-2017-0622</td> 1945 <td>A-32749036<br /> 1946 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=40efa25345003a96db34effbd23ed39530b3ac10"> 1947 QC-CR#1098602</a></td> 1948 <td></td> 1949 <td>Android One</td> 1950 <td>Google </td> 1951 </tr> 1952 </tbody></table> 1953 1954 <h3 id="eop-in-htc-bootloader">HTC 1955 </h3> 1956 1957 <p>HTC 1958 1959 . 1960 .</p> 1961 1962 <table> 1963 <colgroup><col width="19%" /> 1964 <col width="20%" /> 1965 <col width="10%" /> 1966 <col width="23%" /> 1967 <col width="17%" /> 1968 </colgroup><tbody><tr> 1969 <th>CVE</th> 1970 <th></th> 1971 <th></th> 1972 <th> Google </th> 1973 <th> </th> 1974 </tr> 1975 <tr> 1976 <td>CVE-2017-0623</td> 1977 <td>A-32512358*<br /> 1978 </td> 1979 <td></td> 1980 <td>Pixel, Pixel XL</td> 1981 <td>Google </td> 1982 </tr> 1983 </tbody></table> 1984 1985 <p>* . 1986 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1987 1988 1989 .</p> 1990 1991 <h3 id="id-in-qualcomm-wi-fi-driver">Qualcomm Wi-Fi 1992 </h3> 1993 1994 <p>Qualcomm Wi-Fi 1995 1996 . 1997 .</p> 1998 1999 <table> 2000 <colgroup><col width="19%" /> 2001 <col width="20%" /> 2002 <col width="10%" /> 2003 <col width="23%" /> 2004 <col width="17%" /> 2005 </colgroup><tbody><tr> 2006 <th>CVE</th> 2007 <th></th> 2008 <th></th> 2009 <th> Google </th> 2010 <th> </th> 2011 </tr> 2012 <tr> 2013 <td>CVE-2017-0624</td> 2014 <td>A-34327795*<br /> 2015 QC-CR#2005832</td> 2016 <td></td> 2017 <td>Nexus 5X, Pixel, Pixel XL</td> 2018 <td>2017 1 16</td> 2019 </tr> 2020 </tbody></table> 2021 2022 <p>* . 2023 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 2024 2025 2026 .</p> 2027 2028 <h3 id="id-in-mediatek-command-queue-driver">MediaTek 2029 </h3> 2030 2031 <p>MediaTek 2032 2033 . 2034 .</p> 2035 2036 <table> 2037 <colgroup><col width="19%" /> 2038 <col width="20%" /> 2039 <col width="10%" /> 2040 <col width="23%" /> 2041 <col width="17%" /> 2042 </colgroup><tbody><tr> 2043 <th>CVE</th> 2044 <th></th> 2045 <th></th> 2046 <th> Google </th> 2047 <th> </th> 2048 </tr> 2049 <tr> 2050 <td>CVE-2017-0625</td> 2051 <td>A-35142799*<br /> 2052 M-ALPS03161531</td> 2053 <td></td> 2054 <td>**</td> 2055 <td>2017 2 8</td> 2056 </tr> 2057 </tbody></table> 2058 2059 <p>* . 2060 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 2061 2062 2063 .</p> 2064 2065 <p>** Android 7.1.1 Google 2066 .</p> 2067 2068 <h3 id="id-in-qualcomm-crypto-engine-driver">Qualcomm 2069 </h3> 2070 2071 <p>Qualcomm 2072 . 2073 2074 .</p> 2075 2076 <table> 2077 <colgroup><col width="19%" /> 2078 <col width="20%" /> 2079 <col width="10%" /> 2080 <col width="23%" /> 2081 <col width="17%" /> 2082 </colgroup><tbody><tr> 2083 <th>CVE</th> 2084 <th></th> 2085 <th></th> 2086 <th> Google </th> 2087 <th> </th> 2088 </tr> 2089 <tr> 2090 <td>CVE-2017-0626</td> 2091 <td>A-35393124<br /> 2092 <a href="https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=64551bccab9b5b933757f6256b58f9ca0544f004"> 2093 QC-CR#1088050</a></td> 2094 <td></td> 2095 <td>Nexus 5X, Nexus 6, Nexus 6P, Pixel, Pixel XL, Android One</td> 2096 <td>2017 2 15</td> 2097 </tr> 2098 </tbody></table> 2099 2100 <h3 id="dos-in-qualcomm-wi-fi-driver">Qualcomm Wi-Fi 2101 (Dos) </h3> 2102 2103 <p>Qualcomm Wi-Fi 2104 Wi-Fi . 2105 .</p> 2106 2107 <table> 2108 <colgroup><col width="19%" /> 2109 <col width="20%" /> 2110 <col width="10%" /> 2111 <col width="23%" /> 2112 <col width="17%" /> 2113 </colgroup><tbody><tr> 2114 <th>CVE</th> 2115 <th></th> 2116 <th></th> 2117 <th> Google </th> 2118 <th> </th> 2119 </tr> 2120 <tr> 2121 <td>CVE-2016-10292</td> 2122 <td>A-34514463*<br /> 2123 QC-CR#1065466</td> 2124 <td></td> 2125 <td>Nexus 5X, Pixel, Pixel XL</td> 2126 <td>2016 12 16</td> 2127 </tr> 2128 </tbody></table> 2129 2130 <p>* . 2131 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 2132 2133 2134 .</p> 2135 2136 <h3 id="id-in-kernel-uvc-driver"> UVC 2137 </h3> 2138 2139 <p> UVC 2140 . 2141 2142 .</p> 2143 2144 <table> 2145 <colgroup><col width="19%" /> 2146 <col width="20%" /> 2147 <col width="10%" /> 2148 <col width="23%" /> 2149 <col width="17%" /> 2150 </colgroup><tbody><tr> 2151 <th>CVE</th> 2152 <th></th> 2153 <th></th> 2154 <th> Google </th> 2155 <th> </th> 2156 </tr> 2157 <tr> 2158 <td>CVE-2017-0627</td> 2159 <td>A-33300353*<br /> 2160 </td> 2161 <td></td> 2162 <td>Nexus 5X, Nexus 6P, Nexus 9, Pixel C, Nexus Player</td> 2163 <td>2016 12 2</td> 2164 </tr> 2165 </tbody></table> 2166 2167 <p>* . 2168 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 2169 2170 2171 .</p> 2172 2173 <h3 id="id-in-qualcomm-video-driver">Qualcomm 2174 </h3> 2175 2176 <p>Qualcomm 2177 2178 . 2179 .</p> 2180 2181 <table> 2182 <colgroup><col width="19%" /> 2183 <col width="20%" /> 2184 <col width="10%" /> 2185 <col width="23%" /> 2186 <col width="17%" /> 2187 </colgroup><tbody><tr> 2188 <th>CVE</th> 2189 <th></th> 2190 <th></th> 2191 <th> Google </th> 2192 <th> </th> 2193 </tr> 2194 <tr> 2195 <td>CVE-2016-10293</td> 2196 <td>A-33352393<br /> 2197 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=2469d5374745a2228f774adbca6fb95a79b9047f"> 2198 QC-CR#1101943</a></td> 2199 <td></td> 2200 <td>Nexus 5X, Nexus 6P, Android One</td> 2201 <td>2016 12 4</td> 2202 </tr> 2203 </tbody></table> 2204 2205 <h3 id="id-in-qualcomm-power-driver-(device-specific)">Qualcomm 2206 ( )</h3> 2207 2208 <p>Qualcomm 2209 2210 . 2211 .</p> 2212 2213 <table> 2214 <colgroup><col width="19%" /> 2215 <col width="20%" /> 2216 <col width="10%" /> 2217 <col width="23%" /> 2218 <col width="17%" /> 2219 </colgroup><tbody><tr> 2220 <th>CVE</th> 2221 <th></th> 2222 <th></th> 2223 <th> Google </th> 2224 <th> </th> 2225 </tr> 2226 <tr> 2227 <td>CVE-2016-10294</td> 2228 <td>A-33621829<br /> 2229 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=9e9bc51ffb8a298f0be5befe346762cdb6e1d49c"> 2230 QC-CR#1105481</a></td> 2231 <td></td> 2232 <td>Nexus 5X, Nexus 6P, Pixel, Pixel XL</td> 2233 <td>2016 12 14</td> 2234 </tr> 2235 </tbody></table> 2236 2237 <h3 id="id-in-qualcomm-led-driver">Qualcomm LED 2238 </h3> 2239 2240 <p>Qualcomm LED 2241 . 2242 2243 .</p> 2244 2245 <table> 2246 <colgroup><col width="19%" /> 2247 <col width="20%" /> 2248 <col width="10%" /> 2249 <col width="23%" /> 2250 <col width="17%" /> 2251 </colgroup><tbody><tr> 2252 <th>CVE</th> 2253 <th></th> 2254 <th></th> 2255 <th> Google </th> 2256 <th> </th> 2257 </tr> 2258 <tr> 2259 <td>CVE-2016-10295</td> 2260 <td>A-33781694<br /> 2261 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=f11ae3df500bc2a093ddffee6ea40da859de0fa9"> 2262 QC-CR#1109326</a></td> 2263 <td></td> 2264 <td>Pixel, Pixel XL</td> 2265 <td>2016 12 20</td> 2266 </tr> 2267 </tbody></table> 2268 2269 <h3 id="id-in-qualcomm-shared-memory-driver">Qualcomm 2270 </h3> 2271 2272 <p>Qualcomm 2273 2274 . 2275 .</p> 2276 2277 <table> 2278 <colgroup><col width="19%" /> 2279 <col width="20%" /> 2280 <col width="10%" /> 2281 <col width="23%" /> 2282 <col width="17%" /> 2283 </colgroup><tbody><tr> 2284 <th>CVE</th> 2285 <th></th> 2286 <th></th> 2287 <th> Google </th> 2288 <th> </th> 2289 </tr> 2290 <tr> 2291 <td>CVE-2016-10296</td> 2292 <td>A-33845464<br /> 2293 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=a5e46d8635a2e28463b365aacdeab6750abd0d49"> 2294 QC-CR#1109782</a></td> 2295 <td></td> 2296 <td>Nexus 5X, Nexus 6P, Pixel, Pixel XL, Android One</td> 2297 <td>2016 12 22</td> 2298 </tr> 2299 </tbody></table> 2300 2301 <h3 id="id-in-qualcomm-camera-driver">Qualcomm 2302 </h3> 2303 2304 <p>Qualcomm 2305 2306 . 2307 .</p> 2308 2309 <table> 2310 <colgroup><col width="19%" /> 2311 <col width="20%" /> 2312 <col width="10%" /> 2313 <col width="23%" /> 2314 <col width="17%" /> 2315 </colgroup><tbody><tr> 2316 <th>CVE</th> 2317 <th></th> 2318 <th></th> 2319 <th> Google </th> 2320 <th> </th> 2321 </tr> 2322 <tr> 2323 <td>CVE-2017-0628</td> 2324 <td>A-34230377<br /> 2325 <a href="https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=012e37bf91490c5b59ba2ab68a4d214b632b613f"> 2326 QC-CR#1086833</a></td> 2327 <td></td> 2328 <td>Nexus 5X, Nexus 6, Pixel, Pixel XL</td> 2329 <td>2017 1 10</td> 2330 </tr> 2331 <tr> 2332 <td>CVE-2017-0629</td> 2333 <td>A-35214296<br /> 2334 <a href="https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=012e37bf91490c5b59ba2ab68a4d214b632b613f"> 2335 QC-CR#1086833</a></td> 2336 <td></td> 2337 <td>Nexus 5X, Nexus 6, Pixel, Pixel XL</td> 2338 <td>2017 2 8</td> 2339 </tr> 2340 </tbody></table> 2341 2342 <h3 id="id-in-kernel-trace-subsystem"> 2343 </h3> 2344 2345 <p> 2346 . 2347 .</p> 2348 2349 <table> 2350 <colgroup><col width="19%" /> 2351 <col width="20%" /> 2352 <col width="10%" /> 2353 <col width="23%" /> 2354 <col width="17%" /> 2355 </colgroup><tbody><tr> 2356 <th>CVE</th> 2357 <th></th> 2358 <th></th> 2359 <th> Google </th> 2360 <th> </th> 2361 </tr> 2362 <tr> 2363 <td>CVE-2017-0630</td> 2364 <td>A-34277115*<br /> 2365 </td> 2366 <td></td> 2367 <td>Nexus 5X, Nexus 6, Nexus 6P, Nexus 9, Pixel, Pixel XL, Pixel C, Android 2368 One, Nexus Player</td> 2369 <td>2017 1 11</td> 2370 </tr> 2371 </tbody></table> 2372 2373 <p>* . 2374 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 2375 2376 2377 .</p> 2378 2379 <h3 id="id-in-qualcomm-sound-codec-driver">Qualcomm 2380 </h3> 2381 2382 <p>Qualcomm 2383 2384 . 2385 .</p> 2386 2387 <table> 2388 <colgroup><col width="19%" /> 2389 <col width="20%" /> 2390 <col width="10%" /> 2391 <col width="23%" /> 2392 <col width="17%" /> 2393 </colgroup><tbody><tr> 2394 <th>CVE</th> 2395 <th></th> 2396 <th></th> 2397 <th> Google </th> 2398 <th> </th> 2399 </tr> 2400 <tr> 2401 <td>CVE-2016-5858</td> 2402 <td>A-35400153<br /> 2403 <a href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=3154eb1d263b9c3eab2c9fa8ebe498390bf5d711"> 2404 QC-CR#1096799</a> <a href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=afc5bea71bc8f251dad1104568383019f4923af6"> 2405 [2]</a></td> 2406 <td></td> 2407 <td>Nexus 5X, Nexus 6, Nexus 6P, Pixel, Pixel XL, Android One</td> 2408 <td>2017 2 15</td> 2409 </tr> 2410 </tbody></table> 2411 2412 <h3 id="id-in-qualcomm-camera-driver-2">Qualcomm 2413 </h3> 2414 2415 <p>Qualcomm 2416 2417 . 2418 .</p> 2419 2420 <table> 2421 <colgroup><col width="19%" /> 2422 <col width="20%" /> 2423 <col width="10%" /> 2424 <col width="23%" /> 2425 <col width="17%" /> 2426 </colgroup><tbody><tr> 2427 <th>CVE</th> 2428 <th></th> 2429 <th></th> 2430 <th> Google </th> 2431 <th> </th> 2432 </tr> 2433 <tr> 2434 <td>CVE-2017-0631</td> 2435 <td>A-35399756<br /> 2436 <a href="https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=8236d6ebc7e26361ca7078cbeba01509f10941d8"> 2437 QC-CR#1093232</a></td> 2438 <td></td> 2439 <td>Nexus 5X, Nexus 6P, Pixel, Pixel XL, Android One</td> 2440 <td>2017 2 15</td> 2441 </tr> 2442 </tbody></table> 2443 2444 <h3 id="id-in-qualcomm-sound-driver">Qualcomm 2445 </h3> 2446 2447 <p>Qualcomm 2448 . 2449 .</p> 2450 2451 <table> 2452 <colgroup><col width="19%" /> 2453 <col width="20%" /> 2454 <col width="10%" /> 2455 <col width="23%" /> 2456 <col width="17%" /> 2457 </colgroup><tbody><tr> 2458 <th>CVE</th> 2459 <th></th> 2460 <th></th> 2461 <th> Google </th> 2462 <th> </th> 2463 </tr> 2464 <tr> 2465 <td>CVE-2016-5347</td> 2466 <td>A-35394329<br /> 2467 <a href="https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=f14390f13e62460fc6b05fc0acde0e825374fdb6"> 2468 QC-CR#1100878</a></td> 2469 <td></td> 2470 <td>Nexus 5X, Nexus 6, Nexus 6P, Pixel, Pixel XL, Android One</td> 2471 <td>2017 2 15</td> 2472 </tr> 2473 </tbody></table> 2474 2475 <h3 id="id-in-qualcomm-spcom-driver">Qualcomm SPCom 2476 </h3> 2477 2478 <p>Qualcomm SPCom 2479 2480 . 2481 .</p> 2482 2483 <table> 2484 <colgroup><col width="19%" /> 2485 <col width="20%" /> 2486 <col width="10%" /> 2487 <col width="23%" /> 2488 <col width="17%" /> 2489 </colgroup><tbody><tr> 2490 <th>CVE</th> 2491 <th></th> 2492 <th></th> 2493 <th> Google </th> 2494 <th> </th> 2495 </tr> 2496 <tr> 2497 <td>CVE-2016-5854</td> 2498 <td>A-35392792<br /> 2499 <a href="https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=28d23d4d7999f683b27b6e0c489635265b67a4c9"> 2500 QC-CR#1092683</a></td> 2501 <td></td> 2502 <td>*</td> 2503 <td>2017 2 15</td> 2504 </tr> 2505 <tr> 2506 <td>CVE-2016-5855</td> 2507 <td>A-35393081<br /> 2508 <a href="https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=a5edb54e93ba85719091fe2bc426d75fa7059834"> 2509 QC-CR#1094143</a></td> 2510 <td></td> 2511 <td>*</td> 2512 <td>2017 2 15</td> 2513 </tr> 2514 </tbody></table> 2515 2516 <p>*** Android 7.1.1 Google 2517 .</p> 2518 2519 <h3 id="id-in-qualcomm-sound-codec-driver-2">Qualcomm 2520 </h3> 2521 2522 <p>Qualcomm 2523 2524 . 2525 .</p> 2526 2527 <table> 2528 <colgroup><col width="19%" /> 2529 <col width="20%" /> 2530 <col width="10%" /> 2531 <col width="23%" /> 2532 <col width="17%" /> 2533 </colgroup><tbody><tr> 2534 <th>CVE</th> 2535 <th></th> 2536 <th></th> 2537 <th> Google </th> 2538 <th> </th> 2539 </tr> 2540 <tr> 2541 <td>CVE-2017-0632</td> 2542 <td>A-35392586<br /> 2543 <a href="https://source.codeaurora.org/quic/la//kernel/msm-3.10/commit/?id=970d6933e53c1f7ca8c8b67f49147b18505c3b8f"> 2544 QC-CR#832915</a></td> 2545 <td></td> 2546 <td>Android One</td> 2547 <td>2017 2 15</td> 2548 </tr> 2549 </tbody></table> 2550 2551 <h3 id="id-in-broadcom-wi-fi-driver">Broadcom Wi-Fi 2552 </h3> 2553 2554 <p>Broadcom Wi-Fi 2555 2556 . 2557 .</p> 2558 2559 <table> 2560 <colgroup><col width="19%" /> 2561 <col width="20%" /> 2562 <col width="10%" /> 2563 <col width="23%" /> 2564 <col width="17%" /> 2565 </colgroup><tbody><tr> 2566 <th>CVE</th> 2567 <th></th> 2568 <th></th> 2569 <th> Google </th> 2570 <th> </th> 2571 </tr> 2572 <tr> 2573 <td>CVE-2017-0633</td> 2574 <td>A-36000515*<br /> 2575 B-RB#117131</td> 2576 <td></td> 2577 <td>Nexus 6, Nexus 6P, Nexus 9, Pixel C, Nexus Player</td> 2578 <td>2017 2 23</td> 2579 </tr> 2580 </tbody></table> 2581 2582 <p>* . 2583 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 2584 2585 2586 .</p> 2587 2588 <h3 id="id-in-synaptics-touchscreen-driver">Synaptics 2589 </h3> 2590 2591 <p>Synaptics 2592 2593 . 2594 .</p> 2595 2596 <table> 2597 <colgroup><col width="19%" /> 2598 <col width="20%" /> 2599 <col width="10%" /> 2600 <col width="23%" /> 2601 <col width="17%" /> 2602 </colgroup><tbody><tr> 2603 <th>CVE</th> 2604 <th></th> 2605 <th></th> 2606 <th> Google </th> 2607 <th> </th> 2608 </tr> 2609 <tr> 2610 <td>CVE-2017-0634</td> 2611 <td>A-32511682*<br /> 2612 </td> 2613 <td></td> 2614 <td>Pixel, Pixel XL</td> 2615 <td>Google </td> 2616 </tr> 2617 </tbody></table> 2618 2619 <p>* . 2620 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 2621 2622 2623 .</p> 2624 2625 <h3 id="vulnerabilities-in-qualcomm-components-2">Qualcomm 2626 </h3> 2627 2628 <p>Qualcomm 2014~2016 2629 Qualcomm AMSS . 2630 Android 2631 Android .</p> 2632 2633 <table> 2634 <colgroup><col width="19%" /> 2635 <col width="20%" /> 2636 <col width="10%" /> 2637 <col width="23%" /> 2638 <col width="17%" /> 2639 </colgroup><tbody><tr> 2640 <th>CVE</th> 2641 <th></th> 2642 <th></th> 2643 <th> Google </th> 2644 <th> </th> 2645 </tr> 2646 <tr> 2647 <td>CVE-2014-9923</td> 2648 <td>A-35434045**<br /> 2649 QC-CR#403910</td> 2650 <td></td> 2651 <td>***</td> 2652 <td>Qualcomm </td> 2653 </tr> 2654 <tr> 2655 <td>CVE-2014-9924</td> 2656 <td>A-35434631**<br /> 2657 QC-CR#596102</td> 2658 <td></td> 2659 <td>***</td> 2660 <td>Qualcomm </td> 2661 </tr> 2662 <tr> 2663 <td>CVE-2014-9925</td> 2664 <td>A-35444657**<br /> 2665 QC-CR#638130</td> 2666 <td></td> 2667 <td>***</td> 2668 <td>Qualcomm </td> 2669 </tr> 2670 <tr> 2671 <td>CVE-2014-9926</td> 2672 <td>A-35433784**<br /> 2673 QC-CR#631527</td> 2674 <td></td> 2675 <td>***</td> 2676 <td>Qualcomm </td> 2677 </tr> 2678 <tr> 2679 <td>CVE-2014-9927</td> 2680 <td>A-35433785**<br /> 2681 QC-CR#661111</td> 2682 <td></td> 2683 <td>***</td> 2684 <td>Qualcomm </td> 2685 </tr> 2686 <tr> 2687 <td>CVE-2014-9928</td> 2688 <td>A-35438623**<br /> 2689 QC-CR#696972</td> 2690 <td></td> 2691 <td>***</td> 2692 <td>Qualcomm </td> 2693 </tr> 2694 <tr> 2695 <td>CVE-2014-9929</td> 2696 <td>A-35443954**<br /> 2697 QC-CR#644783</td> 2698 <td></td> 2699 <td>***</td> 2700 <td>Qualcomm </td> 2701 </tr> 2702 <tr> 2703 <td>CVE-2014-9930</td> 2704 <td>A-35432946**<br /> 2705 QC-CR#634637</td> 2706 <td></td> 2707 <td>***</td> 2708 <td>Qualcomm </td> 2709 </tr> 2710 <tr> 2711 <td>CVE-2015-9005</td> 2712 <td>A-36393500**<br /> 2713 QC-CR#741548</td> 2714 <td></td> 2715 <td>***</td> 2716 <td>Qualcomm </td> 2717 </tr> 2718 <tr> 2719 <td>CVE-2015-9006</td> 2720 <td>A-36393450**<br /> 2721 QC-CR#750559</td> 2722 <td></td> 2723 <td>***</td> 2724 <td>Qualcomm </td> 2725 </tr> 2726 <tr> 2727 <td>CVE-2015-9007</td> 2728 <td>A-36393700**<br /> 2729 QC-CR#807173</td> 2730 <td></td> 2731 <td>***</td> 2732 <td>Qualcomm </td> 2733 </tr> 2734 <tr> 2735 <td>CVE-2016-10297</td> 2736 <td>A-36393451**<br /> 2737 QC-CR#1061123</td> 2738 <td></td> 2739 <td>***</td> 2740 <td>Qualcomm </td> 2741 </tr> 2742 <tr> 2743 <td>CVE-2014-9941</td> 2744 <td>A-36385125**<br /> 2745 QC-CR#509915</td> 2746 <td></td> 2747 <td>***</td> 2748 <td>Qualcomm </td> 2749 </tr> 2750 <tr> 2751 <td>CVE-2014-9942</td> 2752 <td>A-36385319**<br /> 2753 QC-CR#533283</td> 2754 <td></td> 2755 <td>***</td> 2756 <td>Qualcomm </td> 2757 </tr> 2758 <tr> 2759 <td>CVE-2014-9943</td> 2760 <td>A-36385219**<br /> 2761 QC-CR#546527</td> 2762 <td></td> 2763 <td>***</td> 2764 <td>Qualcomm </td> 2765 </tr> 2766 <tr> 2767 <td>CVE-2014-9944</td> 2768 <td>A-36384534**<br /> 2769 QC-CR#613175</td> 2770 <td></td> 2771 <td>***</td> 2772 <td>Qualcomm </td> 2773 </tr> 2774 <tr> 2775 <td>CVE-2014-9945</td> 2776 <td>A-36386912**<br /> 2777 QC-CR#623452</td> 2778 <td></td> 2779 <td>***</td> 2780 <td>Qualcomm </td> 2781 </tr> 2782 <tr> 2783 <td>CVE-2014-9946</td> 2784 <td>A-36385281**<br /> 2785 QC-CR#520149</td> 2786 <td></td> 2787 <td>***</td> 2788 <td>Qualcomm </td> 2789 </tr> 2790 <tr> 2791 <td>CVE-2014-9947</td> 2792 <td>A-36392400**<br /> 2793 QC-CR#650540</td> 2794 <td></td> 2795 <td>***</td> 2796 <td>Qualcomm </td> 2797 </tr> 2798 <tr> 2799 <td>CVE-2014-9948</td> 2800 <td>A-36385126**<br /> 2801 QC-CR#650500</td> 2802 <td></td> 2803 <td>***</td> 2804 <td>Qualcomm </td> 2805 </tr> 2806 <tr> 2807 <td>CVE-2014-9949</td> 2808 <td>A-36390608**<br /> 2809 QC-CR#652426</td> 2810 <td></td> 2811 <td>***</td> 2812 <td>Qualcomm </td> 2813 </tr> 2814 <tr> 2815 <td>CVE-2014-9950</td> 2816 <td>A-36385321**<br /> 2817 QC-CR#655530</td> 2818 <td></td> 2819 <td>***</td> 2820 <td>Qualcomm </td> 2821 </tr> 2822 <tr> 2823 <td>CVE-2014-9951</td> 2824 <td>A-36389161**<br /> 2825 QC-CR#525043</td> 2826 <td></td> 2827 <td>***</td> 2828 <td>Qualcomm </td> 2829 </tr> 2830 <tr> 2831 <td>CVE-2014-9952</td> 2832 <td>A-36387019**<br /> 2833 QC-CR#674836</td> 2834 <td></td> 2835 <td>***</td> 2836 <td>Qualcomm </td> 2837 </tr> 2838 </tbody></table> 2839 2840 <p>* .</p> 2841 2842 <p>* . 2843 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 2844 2845 2846 .</p> 2847 2848 <p>*** Android 7.1.1 Google 2849 .</p> 2850 2851 <h2 id="common-questions-and-answers"> </h2> 2852 <p> .</p> 2853 2854 <p><strong>1. ? 2855 </strong></p> 2856 2857 <p> 2858 <a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">Pixel Nexus </a> 2859 2860 .</p> 2861 2862 <ul> 2863 <li>2017-05-01 2017-05-01 2864 .</li> 2865 <li>2017-05-05 2866 2017-05-05 . 2867 </li> 2868 </ul> 2869 2870 <p> 2871 .</p> 2872 <ul> 2873 <li>[ro.build.version.security_patch]:[2017-05-01]</li> 2874 <li>[ro.build.version.security_patch]:[2017-05-05]</li> 2875 </ul> 2876 2877 <p><strong>2. ?</strong></p> 2878 2879 <p> Android Android 2880 2881 . Android 2882 .</p> 2883 <ul> 2884 <li>2017 5 1 2885 2886 .</li> 2887 <li>2017 5 5 2888 2889 .</li> 2890 </ul> 2891 2892 <p> .</p> 2893 2894 <p><strong>3. Google ?</strong></p> 2895 2896 <p><a href="#2017-05-01-details">2017-05-01</a> 2897 <a href="#2017-05-05-details">2017-05-05</a> 2898 <em> Google 2899 </em> . Google 2900 . .</p> 2901 <ul> 2902 <li><strong> Google </strong>: Google Pixel 2903 , <em> Google </em> 2904 '' . '' <a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices"> </a> . Nexus 5X, 2905 Nexus 6, Nexus 6P, Nexus 9, Android One, Nexus Player, 2906 Pixel C, Pixel, Pixel XL.</li> 2907 <li><strong> Google </strong>: Google 2908 , Google <em> Google </em> 2909 .</li> 2910 <li><strong>Google </strong>: Android 7.0 Google 2911 , <em> Google </em> '' 2912 . </li> 2913 </ul> 2914 <p><strong>4. ?</strong></p> 2915 2916 <p> <em></em> 2917 . 2918 .</p> 2919 2920 <table> 2921 <tbody><tr> 2922 <th></th> 2923 <th> </th> 2924 </tr> 2925 <tr> 2926 <td>A-</td> 2927 <td>Android ID</td> 2928 </tr> 2929 <tr> 2930 <td>QC-</td> 2931 <td>Qualcomm </td> 2932 </tr> 2933 <tr> 2934 <td>M-</td> 2935 <td>MediaTek </td> 2936 </tr> 2937 <tr> 2938 <td>N-</td> 2939 <td>NVIDIA </td> 2940 </tr> 2941 <tr> 2942 <td>B-</td> 2943 <td>Broadcom </td> 2944 </tr> 2945 </tbody></table> 2946 <h2 id="revisions"> </h2> 2947 <ul> 2948 <li>2017 5 1: </li> 2949 <li>2017 5 2: AOSP </li> 2950 </ul> 2951 2952 </body></html>
