1 <html devsite> 2 <head> 3 <title> Android 2017.</title> 4 <meta name="project_path" value="/_project.yaml" /> 5 <meta name="book_path" value="/_book.yaml" /> 6 </head> 7 <body> 8 <!-- 9 Copyright 2017 The Android Open Source Project 10 11 Licensed under the Apache License, Version 2.0 (the "License"); 12 you may not use this file except in compliance with the License. 13 You may obtain a copy of the License at 14 15 http://www.apache.org/licenses/LICENSE-2.0 16 17 Unless required by applicable law or agreed to in writing, software 18 distributed under the License is distributed on an "AS IS" BASIS, 19 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 20 See the License for the specific language governing permissions and 21 limitations under the License. 22 --> 23 24 <p><em> 6 2017. | 7 2017.</em></p> 25 <p> Android. Google <a href="https://developers.google.com/android/nexus/images"> </a>. , , 5 2017 . , , <a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices"> </a>.</p> 26 <p> 6 2017 . Android Open Source Project (AOSP). 27 AOSP.</p> 28 <p> (, , MMS).</p> 29 <p> . <a href="#mitigations"> </a> , <a href="{@docRoot}security/enhancements/index.html"> </a> , <a href="https://developer.android.com/training/safetynet/index.html">SafetyNet</a>, Android.</p> 30 <p> .</p> 31 <h2 id="announcements"></h2> 32 <ul> 33 <li> , , Android. <a href="#common-questions-and-answers"> </a>. 34 <ul> 35 <li><strong>2017-03-01</strong>: , 2017-03-01 .</li> 36 <li><strong>2017-03-05</strong>: , 2017-03-01 2017-03-05, .</li> 37 </ul> 38 </li> 39 <li> Google 5 2017.</li> 40 </ul> 41 <h2 id="security-vulnerability-summary"> </h2> 42 <p> , (CVE) , , Google. <a href="{@docRoot}security/overview/updates-resources.html#severity"> </a> , , .</p> 43 <h3 id="2017-03-01-summary"> ( 2017-03-01)</h3> 44 <p> 1 2017 .</p> 45 <table> 46 <col width="55%"> 47 <col width="20%"> 48 <col width="13%"> 49 <col width="12%"> 50 <tr> 51 <th></th> 52 <th>CVE</th> 53 <th> </th> 54 <th> Google?</th> 55 </tr> 56 <tr> 57 <td> OpenSSL BoringSSL</td> 58 <td>CVE-2016-2182</td> 59 <td></td> 60 <td></td> 61 </tr> 62 <tr> 63 <td> mediaserver</td> 64 <td>CVE-2017-0466, CVE-2017-0467, CVE-2017-0468, CVE-2017-0469, CVE-2017-0470, CVE-2017-0471, CVE-2017-0472, CVE-2017-0473, CVE-2017-0474</td> 65 <td></td> 66 <td></td> 67 </tr> 68 <tr> 69 <td> </td> 70 <td>CVE-2017-0475</td> 71 <td></td> 72 <td></td> 73 </tr> 74 <tr> 75 <td> AOSP</td> 76 <td>CVE-2017-0476</td> 77 <td></td> 78 <td></td> 79 </tr> 80 <tr> 81 <td> libgdx</td> 82 <td>CVE-2017-0477</td> 83 <td></td> 84 <td></td> 85 </tr> 86 <tr> 87 <td> Framesequence</td> 88 <td>CVE-2017-0478</td> 89 <td></td> 90 <td></td> 91 </tr> 92 <tr> 93 <td> NFC</td> 94 <td>CVE-2017-0481</td> 95 <td></td> 96 <td></td> 97 </tr> 98 <tr> 99 <td> audioserver</td> 100 <td>CVE-2017-0479, CVE-2017-0480</td> 101 <td></td> 102 <td></td> 103 </tr> 104 <tr> 105 <td> mediaserver</td> 106 <td>CVE-2017-0482, CVE-2017-0483, CVE-2017-0484, CVE-2017-0485, CVE-2017-0486, CVE-2017-0487, CVE-2017-0488</td> 107 <td></td> 108 <td></td> 109 </tr> 110 <tr> 111 <td> </td> 112 <td>CVE-2017-0489</td> 113 <td></td> 114 <td></td> 115 </tr> 116 <tr> 117 <td> Wi-Fi</td> 118 <td>CVE-2017-0490</td> 119 <td></td> 120 <td></td> 121 </tr> 122 <tr> 123 <td> </td> 124 <td>CVE-2017-0491</td> 125 <td></td> 126 <td></td> 127 </tr> 128 <tr> 129 <td> System UI</td> 130 <td>CVE-2017-0492</td> 131 <td></td> 132 <td></td> 133 </tr> 134 <tr> 135 <td> AOSP</td> 136 <td>CVE-2017-0494</td> 137 <td></td> 138 <td></td> 139 </tr> 140 <tr> 141 <td> mediaserver</td> 142 <td>CVE-2017-0495</td> 143 <td></td> 144 <td></td> 145 </tr> 146 <tr> 147 <td> </td> 148 <td>CVE-2017-0496</td> 149 <td></td> 150 <td></td> 151 </tr> 152 <tr> 153 <td> mediaserver</td> 154 <td>CVE-2017-0497</td> 155 <td></td> 156 <td></td> 157 </tr> 158 <tr> 159 <td> </td> 160 <td>CVE-2017-0498</td> 161 <td></td> 162 <td>*</td> 163 </tr> 164 <tr> 165 <td> audioserver</td> 166 <td>CVE-2017-0499</td> 167 <td></td> 168 <td></td> 169 </tr> 170 </table> 171 <p>* Google Android7.0, .</p> 172 <h3 id="2017-03-05-summary"> ( 2017-03-05)</h3> 173 <p> 5 2017 , 2017-03-01, , .</p> 174 <table> 175 <col width="55%"> 176 <col width="20%"> 177 <col width="13%"> 178 <col width="12%"> 179 <tr> 180 <th></th> 181 <th>CVE</th> 182 <th> </th> 183 <th> Google?</th> 184 </tr> 185 <tr> 186 <td> MediaTek</td> 187 <td>CVE-2017-0500, CVE-2017-0501, CVE-2017-0502, CVE-2017-0503, CVE-2017-0504, CVE-2017-0505, CVE-2017-0506</td> 188 <td></td> 189 <td>*</td> 190 </tr> 191 <tr> 192 <td> NVIDIA </td> 193 <td>CVE-2017-0337, CVE-2017-0338, CVE-2017-0333, CVE-2017-0306, CVE-2017-0335</td> 194 <td></td> 195 <td></td> 196 </tr> 197 <tr> 198 <td> ION </td> 199 <td>CVE-2017-0507, CVE-2017-0508</td> 200 <td></td> 201 <td></td> 202 </tr> 203 <tr> 204 <td> Wi-Fi- Broadcom</td> 205 <td>CVE-2017-0509</td> 206 <td></td> 207 <td>*</td> 208 </tr> 209 <tr> 210 <td> FIQ- </td> 211 <td>CVE-2017-0510</td> 212 <td></td> 213 <td></td> 214 </tr> 215 <tr> 216 <td> Qualcomm </td> 217 <td>CVE-2016-8479</td> 218 <td></td> 219 <td></td> 220 </tr> 221 <tr> 222 <td> </td> 223 <td>CVE-2016-9806, CVE-2016-10200</td> 224 <td></td> 225 <td></td> 226 </tr> 227 <tr> 228 <td> Qualcomm</td> 229 <td>CVE-2016-8484, CVE-2016-8485, CVE-2016-8486, CVE-2016-8487, CVE-2016-8488</td> 230 <td></td> 231 <td>*</td> 232 </tr> 233 <tr> 234 <td> </td> 235 <td>CVE-2016-8655, CVE-2016-9793</td> 236 <td></td> 237 <td></td> 238 </tr> 239 <tr> 240 <td> Qualcomm</td> 241 <td>CVE-2017-0516</td> 242 <td></td> 243 <td></td> 244 </tr> 245 <tr> 246 <td> MediaTek </td> 247 <td>CVE-2017-0517</td> 248 <td></td> 249 <td>*</td> 250 </tr> 251 <tr> 252 <td> ADSPRPC- Qualcomm</td> 253 <td>CVE-2017-0457</td> 254 <td></td> 255 <td></td> 256 </tr> 257 <tr> 258 <td> Qualcomm</td> 259 <td>CVE-2017-0518, CVE-2017-0519</td> 260 <td></td> 261 <td></td> 262 </tr> 263 <tr> 264 <td> Qualcomm </td> 265 <td>CVE-2017-0520</td> 266 <td></td> 267 <td></td> 268 </tr> 269 <tr> 270 <td> Qualcomm </td> 271 <td>CVE-2017-0458, CVE-2017-0521</td> 272 <td></td> 273 <td></td> 274 </tr> 275 <tr> 276 <td> APK MediaTek</td> 277 <td>CVE-2017-0522</td> 278 <td></td> 279 <td>*</td> 280 </tr> 281 <tr> 282 <td> Wi-Fi- Qualcomm</td> 283 <td>CVE-2017-0464, CVE-2017-0453, CVE-2017-0523</td> 284 <td></td> 285 <td></td> 286 </tr> 287 <tr> 288 <td> Synaptics</td> 289 <td>CVE-2017-0524</td> 290 <td></td> 291 <td></td> 292 </tr> 293 <tr> 294 <td> Qualcomm</td> 295 <td>CVE-2017-0456, CVE-2017-0525</td> 296 <td></td> 297 <td></td> 298 </tr> 299 <tr> 300 <td> HTC</td> 301 <td>CVE-2017-0526, CVE-2017-0527</td> 302 <td></td> 303 <td></td> 304 </tr> 305 <tr> 306 <td> NVIDIA </td> 307 <td>CVE-2017-0307</td> 308 <td></td> 309 <td>*</td> 310 </tr> 311 <tr> 312 <td> Qualcomm</td> 313 <td>CVE-2017-0463, CVE-2017-0460</td> 314 <td></td> 315 <td></td> 316 </tr> 317 <tr> 318 <td> </td> 319 <td>CVE-2017-0528</td> 320 <td></td> 321 <td></td> 322 </tr> 323 <tr> 324 <td> SPCom- Qualcomm</td> 325 <td>CVE-2016-5856, CVE-2016-5857</td> 326 <td></td> 327 <td>*</td> 328 </tr> 329 <tr> 330 <td> </td> 331 <td>CVE-2014-8709</td> 332 <td></td> 333 <td></td> 334 </tr> 335 <tr> 336 <td> MediaTek</td> 337 <td>CVE-2017-0529</td> 338 <td></td> 339 <td>*</td> 340 </tr> 341 <tr> 342 <td> Qualcomm</td> 343 <td>CVE-2017-0455</td> 344 <td></td> 345 <td></td> 346 </tr> 347 <tr> 348 <td> Qualcomm</td> 349 <td>CVE-2016-8483</td> 350 <td></td> 351 <td></td> 352 </tr> 353 <tr> 354 <td> NVIDIA </td> 355 <td>CVE-2017-0334, CVE-2017-0336</td> 356 <td></td> 357 <td></td> 358 </tr> 359 <tr> 360 <td> </td> 361 <td>CVE-2016-8650</td> 362 <td></td> 363 <td></td> 364 </tr> 365 <tr> 366 <td> Qualcomm ( )</td> 367 <td>CVE-2016-8417</td> 368 <td></td> 369 <td></td> 370 </tr> 371 <tr> 372 <td> Wi-Fi- Qualcomm</td> 373 <td>CVE-2017-0461, CVE-2017-0459, CVE-2017-0531</td> 374 <td></td> 375 <td></td> 376 </tr> 377 <tr> 378 <td> MediaTek</td> 379 <td>CVE-2017-0532</td> 380 <td></td> 381 <td>*</td> 382 </tr> 383 <tr> 384 <td> Qualcomm</td> 385 <td>CVE-2017-0533, CVE-2017-0534, CVE-2016-8416, CVE-2016-8478</td> 386 <td></td> 387 <td></td> 388 </tr> 389 <tr> 390 <td> Qualcomm </td> 391 <td>CVE-2016-8413, CVE-2016-8477</td> 392 <td></td> 393 <td></td> 394 </tr> 395 <tr> 396 <td> HTC</td> 397 <td>CVE-2017-0535</td> 398 <td></td> 399 <td></td> 400 </tr> 401 <tr> 402 <td> Synaptics</td> 403 <td>CVE-2017-0536</td> 404 <td></td> 405 <td></td> 406 </tr> 407 <tr> 408 <td> USB- </td> 409 <td>CVE-2017-0537</td> 410 <td></td> 411 <td></td> 412 </tr> 413 <tr> 414 <td> Qualcomm </td> 415 <td>CVE-2017-0452</td> 416 <td></td> 417 <td></td> 418 </tr> 419 </table> 420 <p>* Google Android7.0, .</p> 421 <h2 id="mitigations"> </h2> 422 <p> , <a href="{@docRoot}security/enhancements/index.html"> </a> , SafetyNet, Android.</p> 423 <ul> 424 <li> 425 Android, 426 .</li> 427 <li>, Android, <a href="http://static.googleusercontent.com/media/source.android.com/ru//security/reports/Google_Android_Security_2015_Report_Final.pdf"> SafetyNet</a>. <a href="http://static.googleusercontent.com/media/source.android.com/ru//security/reports/Google_Android_Security_PHA_classifications.pdf"> </a>. <a href="http://www.android.com/gms"> Google</a>. , . Google Play , 428 . , . , , 429 , 430 . , 431 .</li> 432 <li> Google Hangouts Messenger 433 , mediaserver, .</li> 434 </ul> 435 <h2 id="acknowledgements"></h2> 436 <p> , :</p> 437 <ul> 438 <li> Google Dynamic Tools: CVE-2017-0537 439 <li> , , Alibaba Mobile Security Group: CVE-2017-0506 440 <li> , , , Alibaba Mobile Security Group: CVE-2017-0463 441 <li> Android: CVE-2017-0335, CVE-2017-0336, CVE-2017-0338, CVE-2017-0460 442 <li><a href="mailto:derrek.haxx (a] gmail.com">derrek</a> (<a href="https://twitter.com/derrekr6">@derrekr6</a>): CVE-2016-8413, CVE-2016-8477, CVE-2017-0531 443 <li><a href="mailto:derrek.haxx (a] gmail.com">derrek</a> (<a href="https://twitter.com/derrekr6">@derrekr6</a>) <a href="mailto:sbauer (a] plzdonthack.me"> </a> (<a href="https://twitter.com/ScottyBauer1">@ScottyBauer1</a>): CVE-2017-0521 444 <li> (<a href="https://twitter.com/returnsme">@returnsme</a>) KeenLab (<a href="https://twitter.com/keen_lab">@keen_lab</a>), Tencent: CVE-2016-8412, CVE-2016-8444, CVE-2016-8427, CVE-2017-0403 445 <li> (<a href="https://twitter.com/heeeeen4x">@heeeeen4x</a>) <a href="http://www.ms509.com">MS509Team</a>: CVE-2017-0490 446 <li> (<a href="https://twitter.com/chengjia4574">@chengjia4574</a>) <a href="http://weibo.com/jfpan">pjf</a> IceSword Lab, Qihoo 360 Technology Co. Ltd.: CVE-2016-6725, CVE-2016-6738, CVE-2016-6740, CVE-2016-6741, CVE-2016-6742, CVE-2016-6744, CVE-2016-6745, CVE-2016-3906 447 <li> Alpha Team, Qihoo 360 Technology Co. Ltd.: CVE-2017-0453, CVE-2017-0461, CVE-2017-0464 448 <li> Sony Mobile Communications Inc.: CVE-2017-0481 449 <li> IBM Security X-Force: CVE-2017-0510 450 <li> (<a href="https://twitter.com/Jioun_dai">@Jioun_dai</a>) <a href="https://skyeye.360safe.com">Qihoo 360 Skyeye Labs</a>: CVE-2017-0478 451 <li> (<a href="https://twitter.com/jianqiangzhao">@jianqiangzhao</a>) <a href="http://weibo.com/jfpan">pjf</a> IceSword Lab, Qihoo 360: CVE-2016-6688, CVE-2016-6677, CVE-2016-6673, CVE-2016-6687, CVE-2016-6686, CVE-2016-6681, CVE-2016-6682, CVE-2016-3930 452 <li><a href="mailto:zlbzlb815 (a] 163.com"> </a>, <a href="mailto:segfault5514 (a] gmail.com"> </a>, <a href="mailto:computernik (a] gmail.com">- </a> <a href="http://c0reteam.org">C0RE Team</a>: CVE-2016-8479 453 <li> Google: CVE-2017-0491 454 <li> (<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>), <a href="mailto:arnow117 (a] gmail.com"> </a> <a href="http://c0reteam.org">C0RE Team</a>: CVE-2017-0479, CVE-2017-0480 455 <li> (<a href="https://twitter.com/natecray">@natecray</a>): CVE-2017-0535 456 <li> (<a href="https://twitter.com/natecray">@natecray</a>) Tesla Motors Product Security Team: CVE-2017-0306 457 <li> (), () () Baidu X-Lab (): CVE-2016-8417 458 <li> () (<a href="https://twitter.com/flanker_hqd">@flanker_hqd</a>) KeenLab, Tencent: CVE-2017-0337, CVE-2017-0476 459 <li> Qihoo 360 (SIT): CVE-2017-0496 460 <li> Ant-financial Light-Year Security Lab (): CVE-2017-0522 461 <li><a href="mailto:keun-o.park (a] darkmatter.ae">Sahara</a> Secure Communications DarkMatter: CVE-2017-0528 462 <li>salls (<a href="https://twitter.com/chris_salls">@chris_salls</a>) Shellphish Grill, -: CVE-2017-0505 463 <li><a href="mailto:sbauer (a] plzdonthack.me"> </a> (<a href="https://twitter.com/ScottyBauer1">@ScottyBauer1</a>): CVE-2017-0504, CVE-2017-0516 464 <li> (beaups): CVE-2017-0455 465 <li> (<a href="https://twitter.com/lingtongshen">@lingtongshen</a>) TrendMicro: CVE-2017-0452 466 <li> Fujitsu: CVE-2017-0498 467 <li><a href="mailto:smarques84 (a] gmail.com"> </a> <a href="http://www.byterev.com">ByteRev</a>: CVE-2017-0489 468 <li> Google: CVE-2017-0492 469 <li><a href="mailto:segfault5514 (a] gmail.com"> </a>, <a href="mailto:computernik (a] gmail.com">- </a> <a href="http://c0reteam.org">C0RE Team</a>: CVE-2017-0333 470 <li>V.E.O (<a href="https://twitter.com/vysea">@VYSEa</a>) <a href="http://blog.trendmicro.com/trendlabs-security-intelligence/category/mobile"> </a>, <a href="http://www.trendmicro.com">Trend Micro</a>: CVE-2017-0466, CVE-2017-0467, CVE-2017-0468, CVE-2017-0469, CVE-2017-0470, CVE-2017-0471, CVE-2017-0472, CVE-2017-0473, CVE-2017-0482, CVE-2017-0485, CVE-2017-0486, CVE-2017-0487, CVE-2017-0494, CVE-2017-0495 471 <li> ( ) (<a href="https://twitter.com/wish_wu">@wish_wu</a>) Ant-financial Light-Year Security Lab (): CVE-2017-0477 472 <li> Vulpecker Team, Qihoo 360 Technology Co. Ltd: CVE-2017-0517, CVE-2017-0532 473 <li><a href="mailto:computernik (a] gmail.com">- </a> <a href="http://c0reteam.org">C0RE Team</a>: CVE-2017-0526, CVE-2017-0527 474 <li> (<a href="https://twitter.com/nikos233__">@nikos233</a>), <a href="mailto:vancouverdou (a] gmail.com"> </a>, <a href="mailto:shaodacheng2016 (a] gmail.com"> </a>, (<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>) <a href="http://c0reteam.org">C0RE Team</a>: CVE-2017-0483</li></li></li></li></li></li></li></li></li></li></li></li></li></li></li></li></li></li></li></li></li></li></li></li></li></li></li></li></li></li></li></li></li></li></li></li></li></ul> 475 476 <h2 id="2017-03-01-details"> ( 2017-03-01)</h2> 477 <p> , <a href="#2017-03-01-summary"> ( 2017-03-01)</a>: , CVE, , , Google AOSP ( ), . , , (, AOSP), .</p> 478 479 480 <h3 id="rce-in-openssl-&-boringssl"> OpenSSL BoringSSL</h3> 481 <p> . - .</p> 482 483 <table> 484 <col width="18%"> 485 <col width="17%"> 486 <col width="10%"> 487 <col width="19%"> 488 <col width="18%"> 489 <col width="17%"> 490 <tr> 491 <th>CVE</th> 492 <th></th> 493 <th> </th> 494 <th> Google</th> 495 <th> AOSP</th> 496 <th> </th> 497 </tr> 498 <tr> 499 <td>CVE-2016-2182</td> 500 <td><a href="https://android.googlesource.com/platform/external/boringssl/+/54bf62a81586d99d0a951ca3342d569b59e69b80"> 501 A-32096880</a></td> 502 <td></td> 503 <td></td> 504 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 505 <td>5 2016.</td> 506 </tr> 507 </table> 508 509 510 <h3 id="rce-in-mediaserver-"> mediaserver 511 </h3> 512 <p> 513 . - mediaserver.</p> 514 515 <table> 516 <col width="18%"> 517 <col width="17%"> 518 <col width="10%"> 519 <col width="19%"> 520 <col width="18%"> 521 <col width="17%"> 522 <tr> 523 <th>CVE</th> 524 <th></th> 525 <th> </th> 526 <th> Google</th> 527 <th> AOSP</th> 528 <th> </th> 529 </tr> 530 <tr> 531 <td>CVE-2017-0466</td> 532 <td><a href="https://android.googlesource.com/platform/external/libavc/+/c4f152575bd6d8cc6db1f89806e2ba1fd1bb314f">A-33139050</a> 533 [<a href="https://android.googlesource.com/platform/external/libavc/+/ec9ab83ac437d31f484a86643e2cc66db8efae4c">2</a>] 534 </td> 535 <td></td> 536 <td></td> 537 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 538 <td>25 2016.</td> 539 </tr> 540 <tr> 541 <td>CVE-2017-0467</td> 542 <td><a href="https://android.googlesource.com/platform/external/libavc/+/c4f152575bd6d8cc6db1f89806e2ba1fd1bb314f">A-33250932</a> 543 [<a href="https://android.googlesource.com/platform/external/libavc/+/fd9a12f9fdd9dd3e66c59dd7037e864b948085f7">2</a>] 544 </td> 545 <td></td> 546 <td></td> 547 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 548 <td>30 2016.</td> 549 </tr> 550 <tr> 551 <td>CVE-2017-0468</td> 552 <td><a href="https://android.googlesource.com/platform/external/libavc/+/0e8b1dff88e08b9d738d2360f05b96108e190995">A-33351708</a> 553 [<a href="https://android.googlesource.com/platform/external/libavc/+/fd9a12f9fdd9dd3e66c59dd7037e864b948085f7">2</a>] 554 </td> 555 <td></td> 556 <td></td> 557 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 558 <td>5 2016.</td> 559 </tr> 560 <tr> 561 <td>CVE-2017-0469</td> 562 <td><a href="https://android.googlesource.com/platform/external/libavc/+/21851eaecc814be709cb0c20f732cb858cfe1440"> 563 A-33450635</a></td> 564 <td></td> 565 <td></td> 566 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 567 <td>8 2016.</td> 568 </tr> 569 <tr> 570 <td>CVE-2017-0470</td> 571 <td><a href="https://android.googlesource.com/platform/external/libavc/+/6aac82003d665708b4e21e9b91693b642e2fa64f"> 572 A-33818500</a></td> 573 <td></td> 574 <td></td> 575 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 576 <td>21 2016.</td> 577 </tr> 578 <tr> 579 <td>CVE-2017-0471</td> 580 <td><a href="https://android.googlesource.com/platform/external/libavc/+/4a61d15e7b0ab979ba7e80db8ddbde025c1ce6cc"> 581 A-33816782</a></td> 582 <td></td> 583 <td></td> 584 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 585 <td>21 2016.</td> 586 </tr> 587 <tr> 588 <td>CVE-2017-0472</td> 589 <td><a href="https://android.googlesource.com/platform/external/libhevc/+/dfa7251ff270ae7e12a019e6735542e36b2a47e0"> 590 A-33862021</a></td> 591 <td></td> 592 <td></td> 593 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 594 <td>23 2016.</td> 595 </tr> 596 <tr> 597 <td>CVE-2017-0473</td> 598 <td><a href="https://android.googlesource.com/platform/external/libavc/+/0a4463e2beddb8290e05ad552e48b17686f854ce"> 599 A-33982658</a></td> 600 <td></td> 601 <td></td> 602 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 603 <td>30 2016.</td> 604 </tr> 605 <tr> 606 <td>CVE-2017-0474</td> 607 <td><a href="https://android.googlesource.com/platform/external/libvpx/+/6f5927de29337fa532c64d0ef8c7cb68f7c89889"> 608 A-32589224</a></td> 609 <td></td> 610 <td></td> 611 <td>7.0, 7.1.1</td> 612 <td> Google</td> 613 </tr> 614 </table> 615 616 <h3 id="eop-in-recovery-verifier"> </h3> 617 <p> . , - . , .</p> 618 619 <table> 620 <col width="18%"> 621 <col width="17%"> 622 <col width="10%"> 623 <col width="19%"> 624 <col width="18%"> 625 <col width="17%"> 626 <tr> 627 <th>CVE</th> 628 <th></th> 629 <th> </th> 630 <th> Google</th> 631 <th> AOSP</th> 632 <th> </th> 633 </tr> 634 <tr> 635 <td>CVE-2017-0475</td> 636 <td><a href="https://android.googlesource.com/platform/bootable/recovery/+/2c6c23f651abb3d215134dfba463eb72a5e9f8eb"> 637 A-31914369</a></td> 638 <td></td> 639 <td></td> 640 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 641 <td>2 2016.</td> 642 </tr> 643 </table> 644 645 646 <h3 id="rce-in-aosp-messaging"> AOSP</h3> 647 <p> . - .</p> 648 649 <table> 650 <col width="18%"> 651 <col width="17%"> 652 <col width="10%"> 653 <col width="19%"> 654 <col width="18%"> 655 <col width="17%"> 656 <tr> 657 <th>CVE</th> 658 <th></th> 659 <th> </th> 660 <th> Google</th> 661 <th> AOSP</th> 662 <th> </th> 663 </tr> 664 <tr> 665 <td>CVE-2017-0476</td> 666 <td><a href="https://android.googlesource.com/platform/packages/apps/Messaging/+/8ba22b48ebff50311d7eaa8d512f9d507f0bdd0d"> 667 A-33388925</a></td> 668 <td></td> 669 <td></td> 670 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 671 <td>6 2016.</td> 672 </tr> 673 </table> 674 675 676 <h3 id="rce-in-libgdx"> libgdx</h3> 677 <p> . - , .</p> 678 679 <table> 680 <col width="18%"> 681 <col width="17%"> 682 <col width="10%"> 683 <col width="19%"> 684 <col width="18%"> 685 <col width="17%"> 686 <tr> 687 <th>CVE</th> 688 <th></th> 689 <th> </th> 690 <th> Google</th> 691 <th> AOSP</th> 692 <th> </th> 693 </tr> 694 <tr> 695 <td>CVE-2017-0477</td> 696 <td><a href="https://android.googlesource.com/platform/external/libgdx/+/fba04a52f43315cdb7dd38766822af0324eab7c5"> 697 A-33621647</a></td> 698 <td></td> 699 <td></td> 700 <td>7.1.1</td> 701 <td>14 2016.</td> 702 </tr> 703 </table> 704 705 706 <h3 id="rce-in-framesequence-library"> Framesequence</h3> 707 <p> . - , .</p> 708 709 <table> 710 <col width="18%"> 711 <col width="17%"> 712 <col width="10%"> 713 <col width="19%"> 714 <col width="18%"> 715 <col width="17%"> 716 <tr> 717 <th>CVE</th> 718 <th></th> 719 <th> </th> 720 <th> Google</th> 721 <th> AOSP</th> 722 <th> </th> 723 </tr> 724 <tr> 725 <td>CVE-2017-0478</td> 726 <td><a href="https://android.googlesource.com/platform/frameworks/ex/+/7c824f17b3eea976ca58be7ea097cb807126f73b"> 727 A-33718716</a></td> 728 <td></td> 729 <td></td> 730 <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 731 <td>16 2016.</td> 732 </tr> 733 </table> 734 735 <h3 id="eop-in-nfc"> NFC</h3> 736 <p> . 737 , , .</p> 738 739 <table> 740 <col width="18%"> 741 <col width="17%"> 742 <col width="10%"> 743 <col width="19%"> 744 <col width="18%"> 745 <col width="17%"> 746 <tr> 747 <th>CVE</th> 748 <th></th> 749 <th> </th> 750 <th> Google</th> 751 <th> AOSP</th> 752 <th> </th> 753 </tr> 754 <tr> 755 <td>CVE-2017-0481</td> 756 <td><a href="https://android.googlesource.com/platform/external/libnfc-nci/+/c67cc6ad2addddcb7185a33b08d27290ce54e350"> 757 A-33434992</a></td> 758 <td></td> 759 <td></td> 760 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 761 <td>6 2016.</td> 762 </tr> 763 </table> 764 765 <h3 id="eop-in-audioserver"> audioserver</h3> 766 <p> . , , .</p> 767 768 <table> 769 <col width="18%"> 770 <col width="17%"> 771 <col width="10%"> 772 <col width="19%"> 773 <col width="18%"> 774 <col width="17%"> 775 <tr> 776 <th>CVE</th> 777 <th></th> 778 <th> </th> 779 <th> Google</th> 780 <th> AOSP</th> 781 <th> </th> 782 </tr> 783 <tr> 784 <td>CVE-2017-0479</td> 785 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/22e26d8ee73488c58ba3e7928e5da155151abfd0"> 786 A-32707507</a> 787 [<a href="https://android.googlesource.com/platform/frameworks/av/+/8415635765380be496da9b4578d8f134a527d86b">2</a>] 788 </td> 789 <td></td> 790 <td></td> 791 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 792 <td>7 2016.</td> 793 </tr> 794 <tr> 795 <td>CVE-2017-0480</td> 796 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/22e26d8ee73488c58ba3e7928e5da155151abfd0"> 797 A-32705429</a> 798 [<a href="https://android.googlesource.com/platform/frameworks/av/+/8415635765380be496da9b4578d8f134a527d86b">2</a>] 799 </td> 800 <td></td> 801 <td></td> 802 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 803 <td>7 2016.</td> 804 </tr> 805 </table> 806 807 808 <h3 id="dos-in-mediaserver"> mediaserver</h3> 809 <p> . , .</p> 810 811 <table> 812 <col width="18%"> 813 <col width="17%"> 814 <col width="10%"> 815 <col width="19%"> 816 <col width="18%"> 817 <col width="17%"> 818 <tr> 819 <th>CVE</th> 820 <th></th> 821 <th> </th> 822 <th> Google</th> 823 <th> AOSP</th> 824 <th> </th> 825 </tr> 826 <tr> 827 <td>CVE-2017-0482</td> 828 <td><a href="https://android.googlesource.com/platform/external/libavc/+/ec9ab83ac437d31f484a86643e2cc66db8efae4c"> 829 A-33090864</a> 830 [<a href="https://android.googlesource.com/platform/external/libavc/+/0e8b1dff88e08b9d738d2360f05b96108e190995">2</a>] 831 [<a href="https://android.googlesource.com/platform/external/libavc/+/a467b1fb2956fdcee5636ab63573a4bca8150dbe">3</a>] 832 [<a href="https://android.googlesource.com/platform/external/libavc/+/3695b6bdaa183bb2852da06b63ebd5b9c2cace36">4</a>] 833 [<a href="https://android.googlesource.com/platform/external/libavc/+/c4f152575bd6d8cc6db1f89806e2ba1fd1bb314f">5</a>] 834 [<a href="https://android.googlesource.com/platform/external/libavc/+/fd9a12f9fdd9dd3e66c59dd7037e864b948085f7">6</a>]</td> 835 <td></td> 836 <td></td> 837 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 838 <td>22 2016.</td> 839 </tr> 840 <tr> 841 <td>CVE-2017-0483</td> 842 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/bc62c086e9ba7530723dc8874b83159f4d77d976"> 843 A-33137046</a> 844 [<a href="https://android.googlesource.com/platform/frameworks/av/+/5cabe32a59f9be1e913b6a07a23d4cfa55e3fb2f">2</a>]</td> 845 <td></td> 846 <td></td> 847 <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 848 <td>24 2016.</td> 849 </tr> 850 <tr> 851 <td>CVE-2017-0484</td> 852 <td><a href="https://android.googlesource.com/platform/external/libavc/+/fd9a12f9fdd9dd3e66c59dd7037e864b948085f7"> 853 A-33298089</a> 854 [<a href="https://android.googlesource.com/platform/external/libavc/+/a467b1fb2956fdcee5636ab63573a4bca8150dbe">2</a>]</td> 855 <td></td> 856 <td></td> 857 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 858 <td>1 2016.</td> 859 </tr> 860 <tr> 861 <td>CVE-2017-0485</td> 862 <td><a href="https://android.googlesource.com/platform/external/libavc/+/3695b6bdaa183bb2852da06b63ebd5b9c2cace36"> 863 A-33387820</a></td> 864 <td></td> 865 <td></td> 866 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 867 <td>6 2016.</td> 868 </tr> 869 <tr> 870 <td>CVE-2017-0486</td> 871 <td><a href="https://android.googlesource.com/platform/external/libavc/+/19814b7ad4ea6f0cc4cab34e50ebab2e180fc269"> 872 A-33621215</a></td> 873 <td></td> 874 <td></td> 875 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 876 <td>14 2016.</td> 877 </tr> 878 <tr> 879 <td>CVE-2017-0487</td> 880 <td><a href="https://android.googlesource.com/platform/external/libavc/+/aa78b96e842fc1fb70a18acff22be35c7a715b23"> 881 A-33751193</a></td> 882 <td></td> 883 <td></td> 884 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 885 <td>19 2016.</td> 886 </tr> 887 <tr> 888 <td>CVE-2017-0488</td> 889 <td><a href="https://android.googlesource.com/platform/external/libavc/+/0340381cd8c220311fd4fe2e8b23e1534657e399"> 890 A-34097213</a></td> 891 <td></td> 892 <td></td> 893 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 894 <td> Google</td> 895 </tr> 896 </table> 897 898 <h3 id="eop-in-location-manager"> </h3> 899 <p> . , .</p> 900 901 <table> 902 <col width="18%"> 903 <col width="17%"> 904 <col width="10%"> 905 <col width="19%"> 906 <col width="18%"> 907 <col width="17%"> 908 <tr> 909 <th>CVE</th> 910 <th></th> 911 <th> </th> 912 <th> Google</th> 913 <th> AOSP</th> 914 <th> </th> 915 </tr> 916 <tr> 917 <td>CVE-2017-0489</td> 918 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/d22261fef84481651e12995062105239d551cbc6"> 919 A-33091107</a></td> 920 <td></td> 921 <td></td> 922 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 923 <td>20 2016.</td> 924 </tr> 925 </table> 926 927 928 <h3 id="eop-in-wi-fi"> Wi-Fi</h3> 929 <p> . , (, , ). </p> 930 931 <table> 932 <col width="18%"> 933 <col width="17%"> 934 <col width="10%"> 935 <col width="19%"> 936 <col width="18%"> 937 <col width="17%"> 938 <tr> 939 <th>CVE</th> 940 <th></th> 941 <th> </th> 942 <th> Google</th> 943 <th> AOSP</th> 944 <th> </th> 945 </tr> 946 <tr> 947 <td>CVE-2017-0490</td> 948 <td><a href="https://android.googlesource.com/platform/packages/apps/CertInstaller/+/1166ca8adba9b49c9185dad11b28b02e72124d95"> 949 A-33178389</a> 950 [<a href="https://android.googlesource.com/platform/packages/apps/CertInstaller/+/1ad3b1e3256a226be362de1a4959f2a642d349b7">2</a>] 951 [<a href="https://android.googlesource.com/platform/frameworks/opt/net/wifi/+/41c42f5bb544acf8bede2d05c6325657d92bd83c">3</a>] 952 </td> 953 <td></td> 954 <td></td> 955 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 956 <td>25 2016.</td> 957 </tr> 958 </table> 959 960 961 <h3 id="eop-in-package-manager"> </h3> 962 <p> . , .</p> 963 964 <table> 965 <col width="18%"> 966 <col width="17%"> 967 <col width="10%"> 968 <col width="19%"> 969 <col width="18%"> 970 <col width="17%"> 971 <tr> 972 <th>CVE</th> 973 <th></th> 974 <th> </th> 975 <th> Google</th> 976 <th> AOSP</th> 977 <th> </th> 978 </tr> 979 <tr> 980 <td>CVE-2017-0491</td> 981 <td><a href="https://android.googlesource.com/platform/packages/apps/PackageInstaller/+/5c49b6bf732c88481466dea341917b8604ce53fa"> 982 A-32553261</a> 983 </td> 984 <td></td> 985 <td></td> 986 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 987 <td> Google</td> 988 </tr> 989 </table> 990 991 992 <h3 id="eop-in-system-ui"> System UI</h3> 993 <p> . , (, , ).</p> 994 995 <table> 996 <col width="18%"> 997 <col width="17%"> 998 <col width="10%"> 999 <col width="19%"> 1000 <col width="18%"> 1001 <col width="17%"> 1002 <tr> 1003 <th>CVE</th> 1004 <th></th> 1005 <th> </th> 1006 <th> Google</th> 1007 <th> AOSP</th> 1008 <th> </th> 1009 </tr> 1010 <tr> 1011 <td>CVE-2017-0492</td> 1012 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/f4bed684c939b0f8809ef404b8609fe4ef849263"> 1013 A-30150688</a> 1014 </td> 1015 <td></td> 1016 <td></td> 1017 <td>7.1.1</td> 1018 <td> Google</td> 1019 </tr> 1020 </table> 1021 1022 1023 <h3 id="id-in-aosp-messaging"> AOSP</h3> 1024 <p> . - .</p> 1025 1026 <table> 1027 <col width="18%"> 1028 <col width="17%"> 1029 <col width="10%"> 1030 <col width="19%"> 1031 <col width="18%"> 1032 <col width="17%"> 1033 <tr> 1034 <th>CVE</th> 1035 <th></th> 1036 <th> </th> 1037 <th> Google</th> 1038 <th> AOSP</th> 1039 <th> </th> 1040 </tr> 1041 <tr> 1042 <td>CVE-2017-0494</td> 1043 <td><a href="https://android.googlesource.com/platform/packages/apps/Messaging/+/3f9821128abd66c4cd2f040d8243efb334bfad2d"> 1044 A-32764144</a></td> 1045 <td></td> 1046 <td></td> 1047 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 1048 <td>9 2016.</td> 1049 </tr> 1050 </table> 1051 1052 1053 <h3 id="id-in-mediaserver"> mediaserver</h3> 1054 <p> . - .</p> 1055 1056 <table> 1057 <col width="18%"> 1058 <col width="17%"> 1059 <col width="10%"> 1060 <col width="19%"> 1061 <col width="18%"> 1062 <col width="17%"> 1063 <tr> 1064 <th>CVE</th> 1065 <th></th> 1066 <th> </th> 1067 <th> Google</th> 1068 <th> AOSP</th> 1069 <th> </th> 1070 </tr> 1071 <tr> 1072 <td>CVE-2017-0495</td> 1073 <td><a href="https://android.googlesource.com/platform/external/libavc/+/85c0ec4106659a11c220cd1210f8d76c33d9e2ae"> 1074 A-33552073</a></td> 1075 <td></td> 1076 <td></td> 1077 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 1078 <td>11 2016.</td> 1079 </tr> 1080 </table> 1081 1082 1083 <h3 id="dos-in-setup-wizard"> </h3> 1084 <p> . , .</p> 1085 1086 <table> 1087 <col width="18%"> 1088 <col width="17%"> 1089 <col width="10%"> 1090 <col width="19%"> 1091 <col width="18%"> 1092 <col width="17%"> 1093 <tr> 1094 <th>CVE</th> 1095 <th></th> 1096 <th> </th> 1097 <th> Google</th> 1098 <th> AOSP</th> 1099 <th> </th> 1100 </tr> 1101 <tr> 1102 <td>CVE-2017-0496</td> 1103 <td>A-31554152*</td> 1104 <td></td> 1105 <td>**</td> 1106 <td>5.0.2, 5.1.1, 6.0, 6.0.1</td> 1107 <td>14 2016.</td> 1108 </tr> 1109 </table> 1110 <p>* . Google, <a href="https://developers.google.com/android/nexus/drivers"> </a>.</p> 1111 <p>** Google Android7.0, .</p> 1112 1113 <h3 id="dos-in-mediaserver-2"> mediaserver</h3> 1114 <p> . , .</p> 1115 1116 <table> 1117 <col width="18%"> 1118 <col width="17%"> 1119 <col width="10%"> 1120 <col width="19%"> 1121 <col width="18%"> 1122 <col width="17%"> 1123 <tr> 1124 <th>CVE</th> 1125 <th></th> 1126 <th> </th> 1127 <th> Google</th> 1128 <th> AOSP</th> 1129 <th> </th> 1130 </tr> 1131 <tr> 1132 <td>CVE-2017-0497</td> 1133 <td><a href="https://android.googlesource.com/platform/external/skia/+/8888cbf8e74671d44e9ff92ec3847cd647b8cdfb"> 1134 A-33300701</a></td> 1135 <td></td> 1136 <td></td> 1137 <td>7.0, 7.1.1</td> 1138 <td>2 2016.</td> 1139 </tr> 1140 </table> 1141 1142 1143 <h3 id="dos-in-setup-wizard-2"> </h3> 1144 <p> , , Google . , . </p> 1145 1146 <table> 1147 <col width="18%"> 1148 <col width="17%"> 1149 <col width="10%"> 1150 <col width="19%"> 1151 <col width="18%"> 1152 <col width="17%"> 1153 <tr> 1154 <th>CVE</th> 1155 <th></th> 1156 <th> </th> 1157 <th> Google</th> 1158 <th> AOSP</th> 1159 <th> </th> 1160 </tr> 1161 <tr> 1162 <td>CVE-2017-0498</td> 1163 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/1c4d535d0806dbeb6d2fa5cea0373cbd9ab6d33b"> 1164 A-30352311</a> 1165 [<a href="https://android.googlesource.com/platform/frameworks/base/+/5f621b5b1549e8379aee05807652d5111382ccc6">2</a>] 1166 </td> 1167 <td></td> 1168 <td></td> 1169 <td>5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 1170 <td> Google</td> 1171 </tr> 1172 </table> 1173 1174 1175 <h3 id="dos-in-audioserver"> audioserver</h3> 1176 <p> . , .</p> 1177 1178 <table> 1179 <col width="18%"> 1180 <col width="17%"> 1181 <col width="10%"> 1182 <col width="19%"> 1183 <col width="18%"> 1184 <col width="17%"> 1185 <tr> 1186 <th>CVE</th> 1187 <th></th> 1188 <th> </th> 1189 <th> Google</th> 1190 <th> AOSP</th> 1191 <th> </th> 1192 </tr> 1193 <tr> 1194 <td>CVE-2017-0499</td> 1195 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/22e26d8ee73488c58ba3e7928e5da155151abfd0"> 1196 A-32095713</a></td> 1197 <td> </td> 1198 <td></td> 1199 <td>5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 1200 <td>11 2016.</td> 1201 </tr> 1202 </table> 1203 1204 1205 <h2 id="2017-03-05-details"> ( 2017-03-05)</h2> 1206 <p> , <a href="#2017-03-05-summary"> ( 2017-03-05)</a>: , CVE, , , Google AOSP ( ), . , , (, AOSP), .</p> 1207 1208 1209 <h3 id="eop-in-mediatek-components"> MediaTek</h3> 1210 <p> . , - . , .</p> 1211 1212 <table> 1213 <col width="19%"> 1214 <col width="20%"> 1215 <col width="10%"> 1216 <col width="23%"> 1217 <col width="17%"> 1218 <tr> 1219 <th>CVE</th> 1220 <th></th> 1221 <th> </th> 1222 <th> Google</th> 1223 <th> </th> 1224 </tr> 1225 <tr> 1226 <td>CVE-2017-0500</td> 1227 <td>A-28429685*<br> 1228 M-ALPS02710006</td> 1229 <td></td> 1230 <td>**</td> 1231 <td>27 2016.</td> 1232 </tr> 1233 <tr> 1234 <td>CVE-2017-0501</td> 1235 <td>A-28430015*<br> 1236 M-ALPS02708983</td> 1237 <td></td> 1238 <td>**</td> 1239 <td>27 2016.</td> 1240 </tr> 1241 <tr> 1242 <td>CVE-2017-0502</td> 1243 <td>A-28430164*<br> 1244 M-ALPS02710027</td> 1245 <td></td> 1246 <td>**</td> 1247 <td>27 2016.</td> 1248 </tr> 1249 <tr> 1250 <td>CVE-2017-0503</td> 1251 <td>A-28449045*<br> 1252 M-ALPS02710075</td> 1253 <td></td> 1254 <td>**</td> 1255 <td>28 2016.</td> 1256 </tr> 1257 <tr> 1258 <td>CVE-2017-0504</td> 1259 <td>A-30074628*<br> 1260 M-ALPS02829371</td> 1261 <td></td> 1262 <td>**</td> 1263 <td>9 2016.</td> 1264 </tr> 1265 <tr> 1266 <td>CVE-2017-0505</td> 1267 <td>A-31822282*<br> 1268 M-ALPS02992041</td> 1269 <td></td> 1270 <td>**</td> 1271 <td>28 2016.</td> 1272 </tr> 1273 <tr> 1274 <td>CVE-2017-0506</td> 1275 <td>A-32276718*<br> 1276 M-ALPS03006904</td> 1277 <td></td> 1278 <td>**</td> 1279 <td>18 2016.</td> 1280 </tr> 1281 </table> 1282 <p>* . Nexus, <a href="https://developers.google.com/android/nexus/drivers"> </a>.</p> 1283 <p>** Google Android7.0, .</p> 1284 1285 1286 <h3 id="eop-in-nvidia-gpu-driver"> NVIDIA </h3> 1287 <p> . , - . , .</p> 1288 1289 <table> 1290 <col width="19%"> 1291 <col width="20%"> 1292 <col width="10%"> 1293 <col width="23%"> 1294 <col width="17%"> 1295 <tr> 1296 <th>CVE</th> 1297 <th></th> 1298 <th> </th> 1299 <th> Google</th> 1300 <th> </th> 1301 </tr> 1302 <tr> 1303 <td>CVE-2017-0337</td> 1304 <td>A-31992762*<br> 1305 N-CVE-2017-0337</td> 1306 <td></td> 1307 <td>Pixel</td> 1308 <td>6 2016.</td> 1309 </tr> 1310 <tr> 1311 <td>CVE-2017-0338</td> 1312 <td>A-33057977*<br> 1313 N-CVE-2017-0338</td> 1314 <td></td> 1315 <td>Pixel</td> 1316 <td>21 2016.</td> 1317 </tr> 1318 <tr> 1319 <td>CVE-2017-0333</td> 1320 <td>A-33899363*<br> 1321 N-CVE-2017-0333</td> 1322 <td></td> 1323 <td>Pixel</td> 1324 <td>25 2016.</td> 1325 </tr> 1326 <tr> 1327 <td>CVE-2017-0306</td> 1328 <td>A-34132950*<br> 1329 N-CVE-2017-0306</td> 1330 <td></td> 1331 <td>Nexus9</td> 1332 <td>6 2017.</td> 1333 </tr> 1334 <tr> 1335 <td>CVE-2017-0335</td> 1336 <td>A-33043375*<br> 1337 N-CVE-2017-0335</td> 1338 <td></td> 1339 <td>Pixel</td> 1340 <td> Google</td> 1341 </tr> 1342 </table> 1343 <p>* . Nexus, <a href="https://developers.google.com/android/nexus/drivers"> </a>.</p> 1344 1345 1346 <h3 id="eop-in-kernel-ion-subsystem"> ION </h3> 1347 <p> . , - . , .</p> 1348 1349 <table> 1350 <col width="19%"> 1351 <col width="20%"> 1352 <col width="10%"> 1353 <col width="23%"> 1354 <col width="17%"> 1355 <tr> 1356 <th>CVE</th> 1357 <th></th> 1358 <th> </th> 1359 <th> Google</th> 1360 <th> </th> 1361 </tr> 1362 <tr> 1363 <td>CVE-2017-0507</td> 1364 <td>A-31992382*</td> 1365 <td></td> 1366 <td>Android One, Nexus5X, Nexus6, Nexus6P, Nexus9, Nexus Player, PixelC, Pixel, PixelXL</td> 1367 <td>6 2016.</td> 1368 </tr> 1369 <tr> 1370 <td>CVE-2017-0508</td> 1371 <td>A-33940449*</td> 1372 <td></td> 1373 <td>Pixel</td> 1374 <td>28 2016.</td> 1375 </tr> 1376 </table> 1377 <p>* . Nexus, <a href="https://developers.google.com/android/nexus/drivers"> </a>.</p> 1378 1379 1380 <h3 id="eop-in-broadcom-wi-fi-driver"> Wi-Fi- Broadcom</h3> 1381 <p> . , - . , .</p> 1382 1383 <table> 1384 <col width="19%"> 1385 <col width="20%"> 1386 <col width="10%"> 1387 <col width="23%"> 1388 <col width="17%"> 1389 <tr> 1390 <th>CVE</th> 1391 <th></th> 1392 <th> </th> 1393 <th> Google</th> 1394 <th> </th> 1395 </tr> 1396 <tr> 1397 <td>CVE-2017-0509</td> 1398 <td>A-32124445*<br> 1399 B-RB#110688</td> 1400 <td></td> 1401 <td>**</td> 1402 <td>12 2016.</td> 1403 </tr> 1404 </table> 1405 <p>* . Nexus, <a href="https://developers.google.com/android/nexus/drivers"> </a>.</p> 1406 <p>** Google Android7.0, .</p> 1407 1408 1409 <h3 id="eop-in-kernel-fiq-debugger"> FIQ- </h3> 1410 <p> . , - . , .</p> 1411 1412 <table> 1413 <col width="19%"> 1414 <col width="20%"> 1415 <col width="10%"> 1416 <col width="23%"> 1417 <col width="17%"> 1418 <tr> 1419 <th>CVE</th> 1420 <th></th> 1421 <th> </th> 1422 <th> Google</th> 1423 <th> </th> 1424 </tr> 1425 <tr> 1426 <td>CVE-2017-0510</td> 1427 <td>A-32402555*</td> 1428 <td></td> 1429 <td>Nexus9</td> 1430 <td>25 2016.</td> 1431 </tr> 1432 </table> 1433 <p>* . Nexus, <a href="https://developers.google.com/android/nexus/drivers"> </a>.</p> 1434 1435 1436 <h3 id="eop-in-qualcomm-gpu-driver"> Qualcomm </h3> 1437 <p> . , - . , .</p> 1438 1439 <table> 1440 <col width="19%"> 1441 <col width="20%"> 1442 <col width="10%"> 1443 <col width="23%"> 1444 <col width="17%"> 1445 <tr> 1446 <th>CVE</th> 1447 <th></th> 1448 <th> </th> 1449 <th> Google</th> 1450 <th> </th> 1451 </tr> 1452 <tr> 1453 <td>CVE-2016-8479</td> 1454 <td>A-31824853*<br> 1455 QC-CR#1093687</td> 1456 <td></td> 1457 <td>Android One, Nexus5X, Nexus6, Nexus6P, Pixel, PixelXL</td> 1458 <td>29 2016.</td> 1459 </tr> 1460 </table> 1461 <p>* . Nexus, <a href="https://developers.google.com/android/nexus/drivers"> </a>.</p> 1462 1463 1464 <h3 id="eop-in-kernel-networking-subsystem"> </h3> 1465 <p> . , - . , .</p> 1466 1467 <table> 1468 <col width="19%"> 1469 <col width="20%"> 1470 <col width="10%"> 1471 <col width="23%"> 1472 <col width="17%"> 1473 <tr> 1474 <th>CVE</th> 1475 <th></th> 1476 <th> </th> 1477 <th> Google</th> 1478 <th> </th> 1479 </tr> 1480 <tr> 1481 <td>CVE-2016-9806</td> 1482 <td>A-33393474<br> 1483 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=92964c79b357efd980812c4de5c1fd2ec8bb5520"> 1484 Upstream kernel</a></td> 1485 <td></td> 1486 <td>PixelC, Pixel, PixelXL</td> 1487 <td>4 2016.</td> 1488 </tr> 1489 <tr> 1490 <td>CVE-2016-10200</td> 1491 <td>A-33753815<br> 1492 <a href="https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=32c231164b762dddefa13af5a0101032c70b50ef"> 1493 Upstream kernel</a></td> 1494 <td></td> 1495 <td>Nexus5X, Nexus6P, Pixel, PixelXL</td> 1496 <td>19 2016.</td> 1497 </tr> 1498 </table> 1499 1500 1501 <h3 id="vulnerabilities-in-qualcomm-components"> Qualcomm</h3> 1502 <p> Qualcomm Qualcomm AMSS 2016.</p> 1503 1504 <table> 1505 <col width="19%"> 1506 <col width="20%"> 1507 <col width="10%"> 1508 <col width="23%"> 1509 <col width="17%"> 1510 <tr> 1511 <th>CVE</th> 1512 <th></th> 1513 <th> </th> 1514 <th> Google</th> 1515 <th> </th> 1516 </tr> 1517 <tr> 1518 <td>CVE-2016-8484</td> 1519 <td>A-28823575**</td> 1520 <td></td> 1521 <td>***</td> 1522 <td> Qualcomm</td> 1523 </tr> 1524 <tr> 1525 <td>CVE-2016-8485</td> 1526 <td>A-28823681**</td> 1527 <td></td> 1528 <td>***</td> 1529 <td> Qualcomm</td> 1530 </tr> 1531 <tr> 1532 <td>CVE-2016-8486</td> 1533 <td>A-28823691**</td> 1534 <td></td> 1535 <td>***</td> 1536 <td> Qualcomm</td> 1537 </tr> 1538 <tr> 1539 <td>CVE-2016-8487</td> 1540 <td>A-28823724**</td> 1541 <td></td> 1542 <td>***</td> 1543 <td> Qualcomm</td> 1544 </tr> 1545 <tr> 1546 <td>CVE-2016-8488</td> 1547 <td>A-31625756**</td> 1548 <td></td> 1549 <td>***</td> 1550 <td> Qualcomm</td> 1551 </tr> 1552 </table> 1553 <p>* Qualcomm.</p> 1554 <p>* . Nexus, <a href="https://developers.google.com/android/nexus/drivers"> </a>.</p> 1555 <p>*** Google Android7.0, .</p> 1556 1557 1558 <h3 id="eop-in-kernel-networking-subsystem-2"> </h3> 1559 <p> . , .</p> 1560 1561 <table> 1562 <col width="19%"> 1563 <col width="20%"> 1564 <col width="10%"> 1565 <col width="23%"> 1566 <col width="17%"> 1567 <tr> 1568 <th>CVE</th> 1569 <th></th> 1570 <th> </th> 1571 <th> Google</th> 1572 <th> </th> 1573 </tr> 1574 <tr> 1575 <td>CVE-2016-8655</td> 1576 <td>A-33358926<br> 1577 <a href="https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=84ac7260236a49c79eede91617700174c2c19b0c"> 1578 Upstream kernel</a></td> 1579 <td></td> 1580 <td>Android One, Nexus5X, Nexus6, Nexus6P, Nexus9, Nexus Player, PixelC, Pixel, PixelXL</td> 1581 <td>12 2016.</td> 1582 </tr> 1583 <tr> 1584 <td>CVE-2016-9793</td> 1585 <td>A-33363517<br> 1586 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b98b0bc8c431e3ceb4b26b0dfc8db509518fb290"> 1587 Upstream kernel</a></td> 1588 <td></td> 1589 <td>Android One, Nexus5X, Nexus6, Nexus6P, Nexus9, Nexus Player, PixelC, Pixel, PixelXL</td> 1590 <td>2 2016.</td> 1591 </tr> 1592 </table> 1593 1594 1595 <h3 id="eop-in-qualcomm-input-hardware-driver"> Qualcomm</h3> 1596 <p> . , .</p> 1597 1598 <table> 1599 <col width="19%"> 1600 <col width="20%"> 1601 <col width="10%"> 1602 <col width="23%"> 1603 <col width="17%"> 1604 <tr> 1605 <th>CVE</th> 1606 <th></th> 1607 <th> </th> 1608 <th> Google</th> 1609 <th> </th> 1610 </tr> 1611 <tr> 1612 <td>CVE-2017-0516</td> 1613 <td>A-32341680*<br> 1614 QC-CR#1096301</td> 1615 <td></td> 1616 <td>Android One, Pixel, PixelXL</td> 1617 <td>21 2016.</td> 1618 </tr> 1619 </table> 1620 <p>* . Nexus, <a href="https://developers.google.com/android/nexus/drivers"> </a>.</p> 1621 1622 1623 <h3 id="eop-in-mediatek-hardware-sensor-driver"> MediaTek </h3> 1624 <p> . , 1625 .</p> 1626 1627 <table> 1628 <col width="19%"> 1629 <col width="20%"> 1630 <col width="10%"> 1631 <col width="23%"> 1632 <col width="17%"> 1633 <tr> 1634 <th>CVE</th> 1635 <th></th> 1636 <th> </th> 1637 <th> Google</th> 1638 <th> </th> 1639 </tr> 1640 <tr> 1641 <td>CVE-2017-0517</td> 1642 <td>A-32372051*<br> 1643 M-ALPS02973195</td> 1644 <td></td> 1645 <td>**</td> 1646 <td>22 2016.</td> 1647 </tr> 1648 </table> 1649 <p>* . Nexus, <a href="https://developers.google.com/android/nexus/drivers"> </a>.</p> 1650 <p>** Google Android7.0, .</p> 1651 1652 1653 <h3 id="eop-in-qualcomm-adsprpc-driver"> ADSPRPC- Qualcomm</h3> 1654 <p> . , .</p> 1655 1656 <table> 1657 <col width="19%"> 1658 <col width="20%"> 1659 <col width="10%"> 1660 <col width="23%"> 1661 <col width="17%"> 1662 <tr> 1663 <th>CVE</th> 1664 <th></th> 1665 <th> </th> 1666 <th> Google</th> 1667 <th> </th> 1668 </tr> 1669 <tr> 1670 <td>CVE-2017-0457</td> 1671 <td>A-31695439*<br> 1672 QC-CR#1086123<br> 1673 QC-CR#1100695</td> 1674 <td></td> 1675 <td>Nexus5X, Nexus6P, Pixel, PixelXL</td> 1676 <td>22 2016.</td> 1677 </tr> 1678 </table> 1679 <p>* . Nexus, <a href="https://developers.google.com/android/nexus/drivers"> </a>.</p> 1680 1681 1682 <h3 id="eop-in-qualcomm-fingerprint-sensor-driver"> Qualcomm</h3> 1683 <p> . , .</p> 1684 1685 <table> 1686 <col width="19%"> 1687 <col width="20%"> 1688 <col width="10%"> 1689 <col width="23%"> 1690 <col width="17%"> 1691 <tr> 1692 <th>CVE</th> 1693 <th></th> 1694 <th> </th> 1695 <th> Google</th> 1696 <th> </th> 1697 </tr> 1698 <tr> 1699 <td>CVE-2017-0518</td> 1700 <td>A-32370896*<br> 1701 QC-CR#1086530</td> 1702 <td></td> 1703 <td>Pixel, PixelXL</td> 1704 <td>24 2016.</td> 1705 </tr> 1706 <tr> 1707 <td>CVE-2017-0519</td> 1708 <td>A-32372915*<br> 1709 QC-CR#1086530</td> 1710 <td></td> 1711 <td>Pixel, PixelXL</td> 1712 <td>24 2016.</td> 1713 </tr> 1714 </table> 1715 <p>* . Nexus, <a href="https://developers.google.com/android/nexus/drivers"> </a>.</p> 1716 1717 1718 <h3 id="eop-in-qualcomm-crypto-engine-driver"> Qualcomm </h3> 1719 <p> . , .</p> 1720 1721 <table> 1722 <col width="19%"> 1723 <col width="20%"> 1724 <col width="10%"> 1725 <col width="23%"> 1726 <col width="17%"> 1727 <tr> 1728 <th>CVE</th> 1729 <th></th> 1730 <th> </th> 1731 <th> Google</th> 1732 <th> </th> 1733 </tr> 1734 <tr> 1735 <td>CVE-2017-0520</td> 1736 <td>A-31750232<br> 1737 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=eb2aad752c43f57e88ab9b0c3c5ee7b976ee31dd"> 1738 QC-CR#1082636</a></td> 1739 <td></td> 1740 <td>Nexus5X, Nexus6, Nexus6P, AndroidOne, Pixel, PixelXL</td> 1741 <td>24 2016.</td> 1742 </tr> 1743 </table> 1744 1745 1746 <h3 id="eop-in-qualcomm-camera-driver"> Qualcomm </h3> 1747 <p> . , .</p> 1748 1749 <table> 1750 <col width="19%"> 1751 <col width="20%"> 1752 <col width="10%"> 1753 <col width="23%"> 1754 <col width="17%"> 1755 <tr> 1756 <th>CVE</th> 1757 <th></th> 1758 <th> </th> 1759 <th> Google</th> 1760 <th> </th> 1761 </tr> 1762 <tr> 1763 <td>CVE-2017-0458</td> 1764 <td>A-32588962<br> 1765 <a href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=eba46cb98431ba1d7a6bd859f26f6ad03f1bf4d4"> 1766 QC-CR#1089433</a></td> 1767 <td></td> 1768 <td>Pixel, PixelXL</td> 1769 <td>31 2016.</td> 1770 </tr> 1771 <tr> 1772 <td>CVE-2017-0521</td> 1773 <td>A-32919951<br> 1774 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=dbe4f26f200db10deaf38676b96d8738afcc10c8"> 1775 QC-CR#1097709</a></td> 1776 <td></td> 1777 <td>Nexus5X, Nexus6P, AndroidOne, Pixel, PixelXL</td> 1778 <td>15 2016.</td> 1779 </tr> 1780 </table> 1781 1782 1783 <h3 id="eop-in-mediatek-apk"> APK MediaTek</h3> 1784 <p> . - .</p> 1785 1786 <table> 1787 <col width="19%"> 1788 <col width="20%"> 1789 <col width="10%"> 1790 <col width="23%"> 1791 <col width="17%"> 1792 <tr> 1793 <th>CVE</th> 1794 <th></th> 1795 <th> </th> 1796 <th> Google</th> 1797 <th> </th> 1798 </tr> 1799 <tr> 1800 <td>CVE-2017-0522</td> 1801 <td>A-32916158*<br> 1802 M-ALPS02708925</td> 1803 <td></td> 1804 <td>**</td> 1805 <td>15 2016.</td> 1806 </tr> 1807 </table> 1808 <p>* . Nexus, <a href="https://developers.google.com/android/nexus/drivers"> </a>.</p> 1809 <p>** Google Android7.0, .</p> 1810 1811 1812 <h3 id="eop-in-qualcomm-wi-fi-driver"> Wi-Fi- Qualcomm</h3> 1813 <p> . , .</p> 1814 1815 <table> 1816 <col width="19%"> 1817 <col width="20%"> 1818 <col width="10%"> 1819 <col width="23%"> 1820 <col width="17%"> 1821 <tr> 1822 <th>CVE</th> 1823 <th></th> 1824 <th> </th> 1825 <th> Google</th> 1826 <th> </th> 1827 </tr> 1828 <tr> 1829 <td>CVE-2017-0449S</td> 1830 <td>A-32940193<br> 1831 <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=051597a4fe19fd1292fb7ea2e627d12d1fd2934f"> 1832 QC-CR#1102593</a></td> 1833 <td></td> 1834 <td>Nexus5X, Pixel, PixelXL</td> 1835 <td>15 2016.</td> 1836 </tr> 1837 <tr> 1838 <td>CVE-2017-0453</td> 1839 <td>A-33979145<br> 1840 <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=05af1f34723939f477cb7d25adb320d016d68513"> 1841 QC-CR#1105085</a></td> 1842 <td></td> 1843 <td>Nexus5X, AndroidOne</td> 1844 <td>30 2016.</td> 1845 </tr> 1846 <tr> 1847 <td>CVE-2017-0523</td> 1848 <td>A-32835279<br> 1849 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=5bb646471da76d3d5cd02cf3da7a03ce6e3cb582"> 1850 QC-CR#1096945</a></td> 1851 <td></td> 1852 <td>*</td> 1853 <td> Google</td> 1854 </tr> 1855 </table> 1856 <p>* Google Android7.0, .</p> 1857 1858 1859 <h3 id="eop-in-synaptics-touchscreen-driver"> Synaptics</h3> 1860 <p> . , .</p> 1861 1862 <table> 1863 <col width="19%"> 1864 <col width="20%"> 1865 <col width="10%"> 1866 <col width="23%"> 1867 <col width="17%"> 1868 <tr> 1869 <th>CVE</th> 1870 <th></th> 1871 <th> </th> 1872 <th> Google</th> 1873 <th> </th> 1874 </tr> 1875 <tr> 1876 <td>CVE-2017-0524</td> 1877 <td>A-33002026</td> 1878 <td></td> 1879 <td>Android One, Nexus5X, Nexus6P, Nexus9, Pixel, PixelXL</td> 1880 <td>18 2016.</td> 1881 </tr> 1882 </table> 1883 <p>* . Nexus, <a href="https://developers.google.com/android/nexus/drivers"> </a>.</p> 1884 1885 1886 <h3 id="eop-in-qualcomm-ipa-driver"> Qualcomm</h3> 1887 <p> 1888 . , .</p> 1889 1890 <table> 1891 <col width="19%"> 1892 <col width="20%"> 1893 <col width="10%"> 1894 <col width="23%"> 1895 <col width="17%"> 1896 <tr> 1897 <th>CVE</th> 1898 <th></th> 1899 <th> </th> 1900 <th> Google</th> 1901 <th> </th> 1902 </tr> 1903 <tr> 1904 <td>CVE-2017-0456</td> 1905 <td>A-33106520*<br> 1906 QC-CR#1099598</td> 1907 <td></td> 1908 <td>Nexus5X, Nexus6P, AndroidOne, Pixel, PixelXL</td> 1909 <td>23 2016.</td> 1910 </tr> 1911 <tr> 1912 <td>CVE-2017-0525</td> 1913 <td>A-33139056*<br> 1914 QC-CR#1097714</td> 1915 <td></td> 1916 <td>Nexus5X, Nexus6P, AndroidOne, Pixel, PixelXL</td> 1917 <td>25 2016.</td> 1918 </tr> 1919 </table> 1920 <p>* . Nexus, <a href="https://developers.google.com/android/nexus/drivers"> </a>.</p> 1921 1922 1923 <h3 id="eop-in-htc-sensor-hub-driver"> HTC</h3> 1924 <p> . , .</p> 1925 1926 <table> 1927 <col width="19%"> 1928 <col width="20%"> 1929 <col width="10%"> 1930 <col width="23%"> 1931 <col width="17%"> 1932 <tr> 1933 <th>CVE</th> 1934 <th></th> 1935 <th> </th> 1936 <th> Google</th> 1937 <th> </th> 1938 </tr> 1939 <tr> 1940 <td>CVE-2017-0526</td> 1941 <td>A-33897738*</td> 1942 <td></td> 1943 <td>Nexus9</td> 1944 <td>25 2016.</td> 1945 </tr> 1946 <tr> 1947 <td>CVE-2017-0527</td> 1948 <td>A-33899318*</td> 1949 <td></td> 1950 <td>Nexus9, Pixel, PixelXL</td> 1951 <td>25 2016.</td> 1952 </tr> 1953 </table> 1954 <p>* . Nexus, <a href="https://developers.google.com/android/nexus/drivers"> </a>.</p> 1955 1956 1957 <h3 id="eop-in-nvidia-gpu-driver-2"> NVIDIA </h3> 1958 <p> . , - . , .</p> 1959 1960 <table> 1961 <col width="19%"> 1962 <col width="20%"> 1963 <col width="10%"> 1964 <col width="23%"> 1965 <col width="17%"> 1966 <tr> 1967 <th>CVE</th> 1968 <th></th> 1969 <th> </th> 1970 <th> Google</th> 1971 <th> </th> 1972 </tr> 1973 <tr> 1974 <td>CVE-2017-0307</td> 1975 <td>A-33177895*<br> 1976 N-CVE-2017-0307</td> 1977 <td></td> 1978 <td>**</td> 1979 <td>28 2016.</td> 1980 </tr> 1981 </table> 1982 <p>* . Nexus, <a href="https://developers.google.com/android/nexus/drivers"> </a>.</p> 1983 <p>** Google Android7.0, .</p> 1984 1985 1986 <h3 id="eop-in-qualcomm-networking-driver"> Qualcomm</h3> 1987 <p> . , .</p> 1988 1989 <table> 1990 <col width="19%"> 1991 <col width="20%"> 1992 <col width="10%"> 1993 <col width="23%"> 1994 <col width="17%"> 1995 <tr> 1996 <th>CVE</th> 1997 <th></th> 1998 <th> </th> 1999 <th> Google</th> 2000 <th> </th> 2001 </tr> 2002 <tr> 2003 <td>CVE-2017-0463</td> 2004 <td>A-33277611<br> 2005 <a href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=955bd7e7ac097bdffbadafab90e5378038fefeb2"> 2006 QC-CR#1101792</a></td> 2007 <td></td> 2008 <td>Nexus5X, Nexus6, Nexus6P, AndroidOne, Pixel, PixelXL</td> 2009 <td>30 2016.</td> 2010 </tr> 2011 <tr> 2012 <td>CVE-2017-0460 </td> 2013 <td>A-31252965*<br> 2014 QC-CR#1098801</td> 2015 <td></td> 2016 <td>Nexus5X, Nexus6, Nexus6P, Nexus9, Android One, Pixel, PixelXL</td> 2017 <td> Google</td> 2018 </tr> 2019 </table> 2020 <p>* . Nexus, <a href="https://developers.google.com/android/nexus/drivers"> </a>.</p> 2021 2022 2023 <h3 id="eop-in-kernel-security-subsystem"> </h3> 2024 <p> . , .</p> 2025 2026 <table> 2027 <col width="19%"> 2028 <col width="20%"> 2029 <col width="10%"> 2030 <col width="23%"> 2031 <col width="17%"> 2032 <tr> 2033 <th>CVE</th> 2034 <th></th> 2035 <th> </th> 2036 <th> Google</th> 2037 <th> </th> 2038 </tr> 2039 <tr> 2040 <td>CVE-2017-0528</td> 2041 <td>A-33351919*</td> 2042 <td></td> 2043 <td>Pixel, PixelXL</td> 2044 <td>4 2016.</td> 2045 </tr> 2046 </table> 2047 <p>* . Nexus, <a href="https://developers.google.com/android/nexus/drivers"> </a>.</p> 2048 2049 2050 <h3 id="eop-in-qualcomm-spcom-driver"> SPCom- Qualcomm</h3> 2051 <p> . , .</p> 2052 2053 <table> 2054 <col width="19%"> 2055 <col width="20%"> 2056 <col width="10%"> 2057 <col width="23%"> 2058 <col width="17%"> 2059 <tr> 2060 <th>CVE</th> 2061 <th></th> 2062 <th> </th> 2063 <th> Google</th> 2064 <th> </th> 2065 </tr> 2066 <tr> 2067 <td>CVE-2016-5856</td> 2068 <td>A-32610665<br> 2069 <a href="https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=0c0622914ba53cdcb6e79e85f64bfdf7762c0368"> 2070 QC-CR#1094078</a></td> 2071 <td></td> 2072 <td>*</td> 2073 <td> Google</td> 2074 </tr> 2075 <tr> 2076 <td>CVE-2016-5857</td> 2077 <td>A-34386529<br> 2078 <a href="https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=d9d2c405d46ca27b25ed55a8dbd02bd1e633e2d5"> 2079 QC-CR#1094140</a></td> 2080 <td></td> 2081 <td>*</td> 2082 <td> Google</td> 2083 </tr> 2084 </table> 2085 <p>* Google Android7.0, .</p> 2086 2087 2088 <h3 id="id-in-kernel-networking-subsystem"> </h3> 2089 <p> , , . - .</p> 2090 2091 <table> 2092 <col width="19%"> 2093 <col width="20%"> 2094 <col width="10%"> 2095 <col width="23%"> 2096 <col width="17%"> 2097 <tr> 2098 <th>CVE</th> 2099 <th></th> 2100 <th> </th> 2101 <th> Google</th> 2102 <th> </th> 2103 </tr> 2104 <tr> 2105 <td>CVE-2014-8709</td> 2106 <td>A-34077221<br> 2107 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=338f977f4eb441e69bb9a46eaa0ac715c931a67f"> 2108 Upstream kernel</a></td> 2109 <td></td> 2110 <td>NexusPlayer</td> 2111 <td>9 2014.</td> 2112 </tr> 2113 </table> 2114 2115 2116 <h3 id="id-in-mediatek-driver"> MediaTek</h3> 2117 <p> . 2118 - .</p> 2119 2120 <table> 2121 <col width="19%"> 2122 <col width="20%"> 2123 <col width="10%"> 2124 <col width="23%"> 2125 <col width="17%"> 2126 <tr> 2127 <th>CVE</th> 2128 <th></th> 2129 <th> </th> 2130 <th> Google</th> 2131 <th> </th> 2132 </tr> 2133 <tr> 2134 <td>CVE-2017-0529</td> 2135 <td>A-28449427*<br> 2136 M-ALPS02710042</td> 2137 <td></td> 2138 <td>**</td> 2139 <td>27 2016.</td> 2140 </tr> 2141 </table> 2142 <p>* . Nexus, <a href="https://developers.google.com/android/nexus/drivers"> </a>.</p> 2143 <p>** Google Android7.0, .</p> 2144 2145 2146 <h3 id="id-in-qualcomm-bootloader"> Qualcomm</h3> 2147 <p> . , .</p> 2148 2149 <table> 2150 <col width="19%"> 2151 <col width="20%"> 2152 <col width="10%"> 2153 <col width="23%"> 2154 <col width="17%"> 2155 <tr> 2156 <th>CVE</th> 2157 <th></th> 2158 <th> </th> 2159 <th> Google</th> 2160 <th> </th> 2161 </tr> 2162 <tr> 2163 <td>CVE-2017-0455</td> 2164 <td>A-32370952<br> 2165 <a href="https://source.codeaurora.org/quic/la/kernel/lk/commit/?id=2c00928b4884fdb0b1661bcc530d7e68c9561a2f"> 2166 QC-CR#1082755</a></td> 2167 <td></td> 2168 <td>Pixel, PixelXL</td> 2169 <td>21 2016.</td> 2170 </tr> 2171 </table> 2172 2173 2174 <h3 id="id-in-qualcomm-power-driver"> Qualcomm</h3> 2175 <p> . - .</p> 2176 2177 <table> 2178 <col width="19%"> 2179 <col width="20%"> 2180 <col width="10%"> 2181 <col width="23%"> 2182 <col width="17%"> 2183 <tr> 2184 <th>CVE</th> 2185 <th></th> 2186 <th> </th> 2187 <th> Google</th> 2188 <th> </th> 2189 </tr> 2190 <tr> 2191 <td>CVE-2016-8483</td> 2192 <td>A-33745862<br> 2193 <a href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=6997dcb7ade1315474855821e64782205cb0b53a"> 2194 QC-CR#1035099</a></td> 2195 <td></td> 2196 <td>Nexus5X, Nexus6P</td> 2197 <td>19 2016.</td> 2198 </tr> 2199 </table> 2200 2201 2202 <h3 id="id-in-nvidia-gpu-driver"> NVIDIA </h3> 2203 <p> . 2204 - .</p> 2205 2206 <table> 2207 <col width="19%"> 2208 <col width="20%"> 2209 <col width="10%"> 2210 <col width="23%"> 2211 <col width="17%"> 2212 <tr> 2213 <th>CVE</th> 2214 <th></th> 2215 <th> </th> 2216 <th> Google</th> 2217 <th> </th> 2218 </tr> 2219 <tr> 2220 <td>CVE-2017-0334</td> 2221 <td>A-33245849*<br> 2222 N-CVE-2017-0334</td> 2223 <td></td> 2224 <td>Pixel</td> 2225 <td>30 2016.</td> 2226 </tr> 2227 <tr> 2228 <td>CVE-2017-0336</td> 2229 <td>A-33042679*<br> 2230 N-CVE-2017-0336</td> 2231 <td></td> 2232 <td>Pixel</td> 2233 <td> Google</td> 2234 </tr> 2235 </table> 2236 <p>* . Nexus, <a href="https://developers.google.com/android/nexus/drivers"> </a>.</p> 2237 2238 2239 <h3 id="dos-in-kernel-cryptographic-subsystem"> </h3> 2240 <p> . , .</p> 2241 2242 <table> 2243 <col width="19%"> 2244 <col width="20%"> 2245 <col width="10%"> 2246 <col width="23%"> 2247 <col width="17%"> 2248 <tr> 2249 <th>CVE</th> 2250 <th></th> 2251 <th> </th> 2252 <th> Google</th> 2253 <th> </th> 2254 </tr> 2255 <tr> 2256 <td>CVE-2016-8650</td> 2257 <td>A-33401771<br> 2258 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f5527fffff3f002b0a6b376163613b82f69de073"> 2259 Upstream kernel</a></td> 2260 <td></td> 2261 <td>Nexus5X, Nexus6P, Pixel, PixelXL</td> 2262 <td>12 2016.</td> 2263 </tr> 2264 </table> 2265 2266 2267 <h3 id="eop-in-qualcomm-camera-driver-(device-specific)"> Qualcomm ( )</h3> 2268 <p> . , , .</p> 2269 2270 <table> 2271 <col width="19%"> 2272 <col width="20%"> 2273 <col width="10%"> 2274 <col width="23%"> 2275 <col width="17%"> 2276 <tr> 2277 <th>CVE</th> 2278 <th></th> 2279 <th> </th> 2280 <th> Google</th> 2281 <th> </th> 2282 </tr> 2283 <tr> 2284 <td>CVE-2016-8417</td> 2285 <td>A-32342399<br> 2286 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=01dcc0a7cc23f23a89adf72393d5a27c6d576cd0"> 2287 QC-CR#1088824</a></td> 2288 <td></td> 2289 <td>Nexus5X, Nexus6, Nexus6P, AndroidOne, Pixel, PixelXL</td> 2290 <td>21 2016.</td> 2291 </tr> 2292 </table> 2293 2294 2295 <h3 id="id-in-qualcomm-wi-fi-driver"> Wi-Fi- Qualcomm</h3> 2296 <p> . , .</p> 2297 2298 <table> 2299 <col width="19%"> 2300 <col width="20%"> 2301 <col width="10%"> 2302 <col width="23%"> 2303 <col width="17%"> 2304 <tr> 2305 <th>CVE</th> 2306 <th></th> 2307 <th> </th> 2308 <th> Google</th> 2309 <th> </th> 2310 </tr> 2311 <tr> 2312 <td>CVE-2017-0461</td> 2313 <td>A-32073794<br> 2314 <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=ce5d6f84420a2e6ca6aad6b866992970dd313a65"> 2315 QC-CR#1100132</a></td> 2316 <td></td> 2317 <td>Android One, Nexus5X, Pixel, PixelXL</td> 2318 <td>9 2016.</td> 2319 </tr> 2320 <tr> 2321 <td>CVE-2017-0459</td> 2322 <td>A-32644895<br> 2323 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?h=rel/msm-3.18&id=ffacf6e2dc41b6063c3564791ed7a2f903e7e3b7"> 2324 QC-CR#1091939</a></td> 2325 <td></td> 2326 <td>Pixel, PixelXL</td> 2327 <td>3 2016.</td> 2328 </tr> 2329 <tr> 2330 <td>CVE-2017-0531</td> 2331 <td>A-32877245<br> 2332 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=530f3a0fd837ed105eddaf99810bc13d97dc4302"> 2333 QC-CR#1087469</a></td> 2334 <td></td> 2335 <td>Android One, Nexus5X, Nexus6P, Pixel, PixelXL</td> 2336 <td>13 2016.</td> 2337 </tr> 2338 </table> 2339 2340 2341 <h3 id="id-in-mediatek-video-codec-driver"> MediaTek</h3> 2342 <p> . , .</p> 2343 2344 <table> 2345 <col width="19%"> 2346 <col width="20%"> 2347 <col width="10%"> 2348 <col width="23%"> 2349 <col width="17%"> 2350 <tr> 2351 <th>CVE</th> 2352 <th></th> 2353 <th> </th> 2354 <th> Google</th> 2355 <th> </th> 2356 </tr> 2357 <tr> 2358 <td>CVE-2017-0532</td> 2359 <td>A-32370398*<br> 2360 M-ALPS03069985</td> 2361 <td></td> 2362 <td>**</td> 2363 <td>22 2016.</td> 2364 </tr> 2365 </table> 2366 <p>* . Nexus, <a href="https://developers.google.com/android/nexus/drivers"> </a>.</p> 2367 <p>** Google Android7.0, .</p> 2368 2369 2370 <h3 id="id-in-qualcomm-video-driver"> Qualcomm</h3> 2371 <p> . , .</p> 2372 2373 <table> 2374 <col width="19%"> 2375 <col width="20%"> 2376 <col width="10%"> 2377 <col width="23%"> 2378 <col width="17%"> 2379 <tr> 2380 <th>CVE</th> 2381 <th></th> 2382 <th> </th> 2383 <th> Google</th> 2384 <th> </th> 2385 </tr> 2386 <tr> 2387 <td>CVE-2017-0533</td> 2388 <td>A-32509422<br> 2389 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=e3af5e89426f1c8d4e703d415eff5435b925649f"> 2390 QC-CR#1088206</a></td> 2391 <td></td> 2392 <td>Pixel, PixelXL</td> 2393 <td>27 2016.</td> 2394 </tr> 2395 <tr> 2396 <td>CVE-2017-0534</td> 2397 <td>A-32508732<br> 2398 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=e3af5e89426f1c8d4e703d415eff5435b925649f"> 2399 QC-CR#1088206</a></td> 2400 <td></td> 2401 <td>Pixel, PixelXL</td> 2402 <td>28 2016.</td> 2403 </tr> 2404 <tr> 2405 <td>CVE-2016-8416</td> 2406 <td>A-32510746<br> 2407 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=e3af5e89426f1c8d4e703d415eff5435b925649f"> 2408 QC-CR#1088206</a></td> 2409 <td></td> 2410 <td>Pixel, PixelXL</td> 2411 <td>28 2016.</td> 2412 </tr> 2413 <tr> 2414 <td>CVE-2016-8478</td> 2415 <td>A-32511270<br> 2416 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=e3af5e89426f1c8d4e703d415eff5435b925649f"> 2417 QC-CR#1088206</a></td> 2418 <td></td> 2419 <td>Pixel, PixelXL</td> 2420 <td>28 2016.</td> 2421 </tr> 2422 </table> 2423 2424 2425 <h3 id="id-in-qualcomm-camera-driver"> Qualcomm </h3> 2426 <p> . , .</p> 2427 2428 <table> 2429 <col width="19%"> 2430 <col width="20%"> 2431 <col width="10%"> 2432 <col width="23%"> 2433 <col width="17%"> 2434 <tr> 2435 <th>CVE</th> 2436 <th></th> 2437 <th> </th> 2438 <th> Google</th> 2439 <th> </th> 2440 </tr> 2441 <tr> 2442 <td>CVE-2016-8413</td> 2443 <td>A-32709702<br> 2444 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=bc77232707df371ff6bab9350ae39676535c0e9d"> 2445 QC-CR#518731</a></td> 2446 <td></td> 2447 <td>Nexus5X, Nexus6, Nexus6P, AndroidOne, Pixel, PixelXL</td> 2448 <td>4 2016.</td> 2449 </tr> 2450 <tr> 2451 <td>CVE-2016-8477</td> 2452 <td>A-32720522<br> 2453 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=33c9042e38506b04461fa99e304482bc20923508"> 2454 QC-CR#1090007</a> 2455 [<a href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=96145eb5f0631f0e105d47abebc8f940f7621eeb">2</a>]</td> 2456 <td></td> 2457 <td>Nexus5X, Nexus6, Nexus6P, AndroidOne, Pixel, PixelXL</td> 2458 <td>7 2016.</td> 2459 </tr> 2460 </table> 2461 2462 2463 <h3 id="id-in-htc-sound-codec-driver"> HTC</h3> 2464 <p> . , .</p> 2465 2466 <table> 2467 <col width="19%"> 2468 <col width="20%"> 2469 <col width="10%"> 2470 <col width="23%"> 2471 <col width="17%"> 2472 <tr> 2473 <th>CVE</th> 2474 <th></th> 2475 <th> </th> 2476 <th> Google</th> 2477 <th> </th> 2478 </tr> 2479 <tr> 2480 <td>CVE-2017-0535</td> 2481 <td>A-33547247*</td> 2482 <td></td> 2483 <td>Nexus9</td> 2484 <td>11 2016.</td> 2485 </tr> 2486 </table> 2487 <p>* . Nexus, <a href="https://developers.google.com/android/nexus/drivers"> </a>.</p> 2488 2489 2490 <h3 id="id-in-synaptics-touchscreen-driver"> Synaptics</h3> 2491 <p> . , .</p> 2492 2493 <table> 2494 <col width="19%"> 2495 <col width="20%"> 2496 <col width="10%"> 2497 <col width="23%"> 2498 <col width="17%"> 2499 <tr> 2500 <th>CVE</th> 2501 <th></th> 2502 <th> </th> 2503 <th> Google</th> 2504 <th> </th> 2505 </tr> 2506 <tr> 2507 <td>CVE-2017-0536</td> 2508 <td>A-33555878*</td> 2509 <td></td> 2510 <td>Android One, Nexus5X, Nexus6P, Nexus9, Pixel, PixelXL</td> 2511 <td>12 2016.</td> 2512 </tr> 2513 </table> 2514 <p>* . Nexus, <a href="https://developers.google.com/android/nexus/drivers"> </a>.</p> 2515 2516 2517 <h3 id="id-in-kernel-usb-gadget-driver"> USB- </h3> 2518 <p> . , .</p> 2519 2520 <table> 2521 <col width="19%"> 2522 <col width="20%"> 2523 <col width="10%"> 2524 <col width="23%"> 2525 <col width="17%"> 2526 <tr> 2527 <th>CVE</th> 2528 <th></th> 2529 <th> </th> 2530 <th> Google</th> 2531 <th> </th> 2532 </tr> 2533 <tr> 2534 <td>CVE-2017-0537</td> 2535 <td>A-31614969*</td> 2536 <td></td> 2537 <td>Pixel</td> 2538 <td> Google</td> 2539 </tr> 2540 </table> 2541 <p>* . Nexus, <a href="https://developers.google.com/android/nexus/drivers"> </a>.</p> 2542 2543 2544 <h3 id="id-in-qualcomm-camera-driver-2"> Qualcomm </h3> 2545 <p> . , .</p> 2546 2547 <table> 2548 <col width="19%"> 2549 <col width="20%"> 2550 <col width="10%"> 2551 <col width="23%"> 2552 <col width="17%"> 2553 <tr> 2554 <th>CVE</th> 2555 <th></th> 2556 <th> </th> 2557 <th> Google</th> 2558 <th> </th> 2559 </tr> 2560 <tr> 2561 <td>CVE-2017-0452</td> 2562 <td>A-32873615*<br> 2563 QC-CR#1093693</td> 2564 <td> </td> 2565 <td>Nexus5X, Nexus6P, Android One</td> 2566 <td>10 2016.</td> 2567 </tr> 2568 </table> 2569 <p>* . Nexus, <a href="https://developers.google.com/android/nexus/drivers"> </a>.</p> 2570 <h2 id="common-questions-and-answers"> </h2> 2571 <p> , 2572 .</p> 2573 <p><strong>1. , , ? 2574 </strong></p> 2575 <p> , , <a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices"> </a>.</p> 2576 <ul> 2577 <li> 1 2017 , 2017-03-01.</li> 2578 <li> 5 2017 , 2017-03-05. 2579 </li> 2580 </ul> 2581 <p> , , :</p> 2582 <ul> 2583 <li>[ro.build.version.security_patch]:[2017-03-01]</li> 2584 <li>[ro.build.version.security_patch]:[2017-03-05]</li> 2585 </ul> 2586 <p><strong>2. ?</strong></p> 2587 <p> , , Android. Android .</p> 2588 <ul> 2589 <li> 1 2017 , , .</li> 2590 <li> 5 2017 , .</li> 2591 </ul> 2592 <p> .</p> 2593 <p><strong>3. , Google ?</strong></p> 2594 <p> <a href="#2017-03-01-details">2017-03-01</a> <a href="#2017-03-05-details">2017-03-05</a> <em> Google</em>. , .</p> 2595 <ul> 2596 <li><strong> .</strong> <em></em> <a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices"> Google</a>: Nexus5X, Nexus6, Nexus6P, Nexus7 (2013), Nexus9, Android One, Nexus Player, PixelC, Pixel PixelXL.</li> 2597 <li><strong> .</strong> <em></em> , .</li> 2598 <li><strong>.</strong> Google.<em></em> </li> 2599 </ul> 2600 <p><strong>4. ""?</strong></p> 2601 <p> <em></em>. 2602 , 2603 , :</p> 2604 <table> 2605 <tr> 2606 <th></th> 2607 <th></th> 2608 </tr> 2609 <tr> 2610 <td>A-</td> 2611 <td> Android</td> 2612 </tr> 2613 <tr> 2614 <td>QC-</td> 2615 <td> Qualcomm</td> 2616 </tr> 2617 <tr> 2618 <td>M-</td> 2619 <td> MediaTek</td> 2620 </tr> 2621 <tr> 2622 <td>N-</td> 2623 <td> NVIDIA</td> 2624 </tr> 2625 <tr> 2626 <td>B-</td> 2627 <td> Broadcom</td> 2628 </tr> 2629 </table> 2630 <h2 id="revisions"></h2> 2631 <ul> 2632 <li>6 2017. .</li> 2633 <li>7 2017. AOSP.</li> 2634 </ul> 2635 </body> 2636 </html> 2637
