1 <html devsite><head> 2 <title>Android - 2017 5 </title> 3 <meta name="project_path" value="/_project.yaml"/> 4 <meta name="book_path" value="/_book.yaml"/> 5 </head> 6 <body> 7 <!-- 8 Copyright 2017 The Android Open Source Project 9 10 Licensed under the Apache License, Version 2.0 (the "License"); 11 you may not use this file except in compliance with the License. 12 You may obtain a copy of the License at 13 14 http://www.apache.org/licenses/LICENSE-2.0 15 16 Unless required by applicable law or agreed to in writing, software 17 distributed under the License is distributed on an "AS IS" BASIS, 18 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 19 See the License for the specific language governing permissions and 20 limitations under the License. 21 --> 22 23 <p><em>2017 5 1 | 2017 5 2 </em></p> 24 25 <p>Android Android (OTA) Nexus <a href="https://developers.google.com/android/nexus/images">Google Developers </a> Google 2017 5 5 <a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">Pixel Nexus </a></p> 26 27 <p> 2017 4 3 Android (AOSP) AOSP </p> 28 29 <p><a href="/security/overview/updates-resources.html#severity"></a></p> 30 31 <p> <a href="#mitigations">Android Google </a> <a href="/security/enhancements/index.html">Android </a> <a href="https://developer.android.com/training/safetynet/index.html">SafetyNet</a> Android </p> 32 33 <p></p> 34 <h2 id="announcements"></h2> 35 <ul> 36 <li> Android Android <a href="#common-questions-and-answers"></a> 37 <ul> 38 <li><strong>2017-05-01</strong> 2017-05-01</li> 39 <li><strong>2017-05-05</strong> 2017-05-01 2017-05-05</li> 40 </ul> 41 </li> 42 <li> Google 2017 5 5 OTA </li> 43 </ul> 44 45 <h2 id="mitigations">Android Google </h2> 46 47 <p> <a href="/security/enhancements/index.html">Android </a> SafetyNet Android </p> 48 49 <ul> 50 <li> Android Android Android</li> 51 <li>Android <a href="/security/reports/Google_Android_Security_2016_Report_Final.pdf"> SafetyNet</a> <a href="/security/reports/Google_Android_Security_PHA_classifications.pdf"></a> <a href="http://www.android.com/gms">Google </a> Google Play Google Play Root Root </li> 52 <li> Google Messenger Mediaserver </li> 53 </ul> 54 55 <h2 id="acknowledgements"></h2> 56 57 <p></p> 58 <ul> 59 <li>Venustech ADlabCVE-2017-0630</li> 60 <li> (<a href="https://twitter.com/keen_lab">@keen_lab</a>) Di Shen (<a href="https://twitter.com/returnsme">@returnsme</a>)CVE-2016-10287</li> 61 <li>CVE-2017-0599CVE-2017-0635</li> 62 <li><a href="http://www.ms509.com">MS509Team</a> En He (<a href="https://twitter.com/heeeeen4x">@heeeeen4x</a>) Bo LiuCVE-2017-0601</li> 63 <li><a href="https://twrp.me/">Team Win Recovery Project</a> Ethan YonkerCVE-2017-0493</li> 64 <li> 360 IceSword Gengjia Chen (<a href="https://twitter.com/chengjia4574">@chengjia4574</a>) <a href="http://weibo.com/jfpan">pjf</a>CVE-2016-10285CVE-2016-10288CVE-2016-10290CVE-2017-0624CVE-2017-0616CVE-2017-0617CVE-2016-10294CVE-2016-10295CVE-2016-10296</li> 65 <li> (<a href="https://twitter.com/virtualseekers">@VirtualSeekers</a>)CVE-2017-0602</li> 66 <li><a href="http://tuncay2.web.engr.illinois.edu">-</a> <a href="https://www.linkedin.com/in/g%C3%BCliz-seray-tuncay-952a1b9/">Gliz Seray Tuncay</a>CVE-2017-0593</li> 67 <li> 360 Alpha Hao Chen Guang GongCVE-2016-10283</li> 68 <li> Juhu NieYang ChengNan Li Qiwu HuangCVE-2016-10276</li> 69 <li><a href="https://github.com/michalbednarski">Micha Bednarski</a>CVE-2017-0598</li> 70 <li> Nathan Crandall (<a href="https://twitter.com/natecray">@natecray</a>)CVE-2017-0331CVE-2017-0606</li> 71 <li><a href="mailto:jiych.guru (a] gmail.com">Niky1235</a> (<a href="https://twitter.com/jiych_guru">@jiych_guru</a>)CVE-2017-0603</li> 72 <li> Peng XiaoChengming YangNing YouChao Yang Yang SongCVE-2016-10281CVE-2016-10280</li> 73 <li><a href="https://alephsecurity.com/">Aleph </a> Roee Hay (<a href="https://twitter.com/roeehay">@roeehay</a>)CVE-2016-10277</li> 74 <li><a href="mailto:sbauer (a] plzdonthack.me">Scott Bauer</a> (<a href="https://twitter.com/ScottyBauer1">@ScottyBauer1</a>)CVE-2016-10274</li> 75 <li><a href="http://c0reteam.org">C0RE </a> <a href="mailto:segfault5514 (a] gmail.com">Tong Lin</a><a href="mailto:computernik (a] gmail.com">Yuan-Tsung Lo</a> Xuxian JiangCVE-2016-10291</li> 76 <li>Vasily VasilievCVE-2017-0589</li> 77 <li><a href="http://www.trendmicro.com"></a><a href="http://blog.trendmicro.com/trendlabs-security-intelligence/category/mobile"></a> V.E.O (<a href="https://twitter.com/vysea">@VYSEa</a>)CVE-2017-0590CVE-2017-0587CVE-2017-0600</li> 78 <li> Xiling GongCVE-2017-0597</li> 79 <li>360 Marvel Xingyuan LinCVE-2017-0627</li> 80 <li> (<a href="https://twitter.com/ThomasKing2014">@ThomasKing2014</a>)CVE-2017-0588</li> 81 <li> 360 IceSword Yonggang Guo (<a href="https://twitter.com/guoygang">@guoygang</a>)CVE-2016-10289CVE-2017-0465</li> 82 <li> 360 Vulpecker Yu PanCVE-2016-10282CVE-2017-0615</li> 83 <li> 360 Vulpecker Yu Pan Peide ZhangCVE-2017-0618CVE-2017-0625</li> 84 </ul> 85 86 <h2 id="2017-05-01-details">2017-05-01 - </h2> 87 88 <p> 2017-05-01 CVE Google AOSP Bug ID AOSP Bug Bug ID </p> 89 90 <h3 id="rce-in-mediaserver">Mediaserver </h3> 91 92 <p>Mediaserver Mediaserver </p> 93 94 <table> 95 <colgroup><col width="18%" /> 96 <col width="17%" /> 97 <col width="10%" /> 98 <col width="19%" /> 99 <col width="18%" /> 100 <col width="17%" /> 101 </colgroup><tbody><tr> 102 <th>CVE</th> 103 <th></th> 104 <th></th> 105 <th> Google </th> 106 <th> AOSP </th> 107 <th></th> 108 </tr> 109 <tr> 110 <td>CVE-2017-0587</td> 111 <td><a href="https://android.googlesource.com/platform/external/libmpeg2/+/a86eb798d077b9b25c8f8c77e3c02c2f287c1ce7">A-35219737</a></td> 112 <td></td> 113 <td></td> 114 <td>6.06.0.17.07.1.17.1.2</td> 115 <td>2017 1 4 </td> 116 </tr> 117 <tr> 118 <td>CVE-2017-0588</td> 119 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/6f1d990ce0f116a205f467d9eb2082795e33872b">A-34618607</a></td> 120 <td></td> 121 <td></td> 122 <td>4.4.45.0.25.1.16.06.0.17.07.1.17.1.2</td> 123 <td>2017 1 21 </td> 124 </tr> 125 <tr> 126 <td>CVE-2017-0589</td> 127 <td><a href="https://android.googlesource.com/platform/external/libhevc/+/bcfc7124f6ef9f1ec128fb2e90de774a5b33d199">A-34897036</a></td> 128 <td></td> 129 <td></td> 130 <td>5.0.25.1.16.06.0.17.07.1.17.1.2</td> 131 <td>2017 2 1 </td> 132 </tr> 133 <tr> 134 <td>CVE-2017-0590</td> 135 <td><a href="https://android.googlesource.com/platform/external/libhevc/+/45c97f878bee15cd97262fe7f57ecea71990fed7">A-35039946</a></td> 136 <td></td> 137 <td></td> 138 <td>5.0.25.1.16.06.0.17.07.1.17.1.2</td> 139 <td>2017 2 6 </td> 140 </tr> 141 <tr> 142 <td>CVE-2017-0591</td> 143 <td><a href="https://android.googlesource.com/platform/external/libavc/+/5c3fd5d93a268abb20ff22f26009535b40db3c7d">A-34097672</a></td> 144 <td></td> 145 <td></td> 146 <td>6.06.0.17.07.1.17.1.2</td> 147 <td>Google </td> 148 </tr> 149 <tr> 150 <td>CVE-2017-0592</td> 151 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/acc192347665943ca674acf117e4f74a88436922">A-34970788</a></td> 152 <td></td> 153 <td></td> 154 <td>4.4.45.0.25.1.16.06.0.17.07.1.17.1.2</td> 155 <td>Google </td> 156 </tr> 157 </tbody></table> 158 159 <h3 id="eop-in-framework-apis">Framework API </h3> 160 161 <p>Framework API </p> 162 163 <table> 164 <colgroup><col width="18%" /> 165 <col width="17%" /> 166 <col width="10%" /> 167 <col width="19%" /> 168 <col width="18%" /> 169 <col width="17%" /> 170 </colgroup><tbody><tr> 171 <th>CVE</th> 172 <th></th> 173 <th></th> 174 <th> Google </th> 175 <th> AOSP </th> 176 <th></th> 177 </tr> 178 <tr> 179 <td>CVE-2017-0593</td> 180 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/78efbc95412b8efa9a44d573f5767ae927927d48">A-34114230</a></td> 181 <td></td> 182 <td></td> 183 <td>6.06.0.17.07.1.17.1.2</td> 184 <td>2017 1 5 </td> 185 </tr> 186 </tbody></table> 187 188 <h3 id="eop-in-mediaserver">Mediaserver </h3> 189 190 <p>Mediaserver </p> 191 192 <table> 193 <colgroup><col width="18%" /> 194 <col width="17%" /> 195 <col width="10%" /> 196 <col width="19%" /> 197 <col width="18%" /> 198 <col width="17%" /> 199 </colgroup><tbody><tr> 200 <th>CVE</th> 201 <th></th> 202 <th></th> 203 <th> Google </th> 204 <th> AOSP </th> 205 <th></th> 206 </tr> 207 <tr> 208 <td>CVE-2017-0594</td> 209 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/594bf934384920618d2b6ce0bcda1f60144cb3eb">A-34617444</a></td> 210 <td></td> 211 <td></td> 212 <td>4.4.45.0.25.1.16.06.0.17.07.1.17.1.2</td> 213 <td>2017 1 22 </td> 214 </tr> 215 <tr> 216 <td>CVE-2017-0595</td> 217 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/5443b57cc54f2e46b35246637be26a69e9f493e1">A-34705519</a></td> 218 <td></td> 219 <td></td> 220 <td>4.4.45.0.25.1.16.06.0.17.07.1.1</td> 221 <td>2017 1 24 </td> 222 </tr> 223 <tr> 224 <td>CVE-2017-0596</td> 225 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/5443b57cc54f2e46b35246637be26a69e9f493e1">A-34749392</a></td> 226 <td></td> 227 <td></td> 228 <td>4.4.45.0.25.1.16.06.0.17.07.1.1</td> 229 <td>2017 1 24 </td> 230 </tr> 231 </tbody></table> 232 233 <h3 id="eop-in-audioserver">Audioserver </h3> 234 235 <p>Audioserver </p> 236 237 <table> 238 <colgroup><col width="18%" /> 239 <col width="17%" /> 240 <col width="10%" /> 241 <col width="19%" /> 242 <col width="18%" /> 243 <col width="17%" /> 244 </colgroup><tbody><tr> 245 <th>CVE</th> 246 <th></th> 247 <th></th> 248 <th> Google </th> 249 <th> AOSP </th> 250 <th></th> 251 </tr> 252 <tr> 253 <td>CVE-2017-0597</td> 254 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/a9188f89179a7edd301abaf37d644adf5d647a04">A-34749571</a></td> 255 <td></td> 256 <td></td> 257 <td>4.4.45.0.25.1.16.06.0.17.07.1.17.1.2</td> 258 <td>2017 1 25 </td> 259 </tr> 260 </tbody></table> 261 262 <h3 id="id-in-framework-apis">Framework API </h3> 263 264 <p>Framework API </p> 265 266 <table> 267 <colgroup><col width="18%" /> 268 <col width="17%" /> 269 <col width="10%" /> 270 <col width="19%" /> 271 <col width="18%" /> 272 <col width="17%" /> 273 </colgroup><tbody><tr> 274 <th>CVE</th> 275 <th></th> 276 <th></th> 277 <th> Google </th> 278 <th> AOSP </th> 279 <th></th> 280 </tr> 281 <tr> 282 <td>CVE-2017-0598</td> 283 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/4e110ab20bb91e945a17c6e166e14e2da9608f08">A-34128677</a> [<a href="https://android.googlesource.com/platform/frameworks/base/+/d42e1204d5dddb78ec9d20d125951b59a8344f40">2</a>]</td> 284 <td></td> 285 <td></td> 286 <td>4.4.45.0.25.1.16.06.0.17.07.1.17.1.2</td> 287 <td>2017 1 6 </td> 288 </tr> 289 </tbody></table> 290 291 <h3 id="dos-in-mediaserver">Mediaserver </h3> 292 293 <p>Mediaserver </p> 294 295 <table> 296 <colgroup><col width="18%" /> 297 <col width="17%" /> 298 <col width="10%" /> 299 <col width="19%" /> 300 <col width="18%" /> 301 <col width="17%" /> 302 </colgroup><tbody><tr> 303 <th>CVE</th> 304 <th></th> 305 <th></th> 306 <th> Google </th> 307 <th> AOSP </th> 308 <th></th> 309 </tr> 310 <tr> 311 <td>CVE-2017-0599</td> 312 <td><a href="https://android.googlesource.com/platform/external/libhevc/+/a1424724a00d62ac5efa0e27953eed66850d662f">A-34672748</a></td> 313 <td></td> 314 <td></td> 315 <td>6.06.0.17.07.1.17.1.2</td> 316 <td>2017 1 23 </td> 317 </tr> 318 <tr> 319 <td>CVE-2017-0600</td> 320 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/961e5ac5788b52304e64b9a509781beaf5201fb0">A-35269635</a></td> 321 <td></td> 322 <td></td> 323 <td>4.4.45.0.25.1.16.06.0.17.07.1.17.1.2</td> 324 <td>2017 2 10 </td> 325 </tr> 326 </tbody></table> 327 328 <h3 id="eop-in-bluetooth"></h3> 329 330 <p></p> 331 332 <table> 333 <colgroup><col width="18%" /> 334 <col width="17%" /> 335 <col width="10%" /> 336 <col width="19%" /> 337 <col width="18%" /> 338 <col width="17%" /> 339 </colgroup><tbody><tr> 340 <th>CVE</th> 341 <th></th> 342 <th></th> 343 <th> Google </th> 344 <th> AOSP </th> 345 <th></th> 346 </tr> 347 <tr> 348 <td>CVE-2017-0601</td> 349 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/667d2cbe3eb1450f273a4f6595ccef35e1f0fe4b">A-35258579</a></td> 350 <td></td> 351 <td></td> 352 <td>7.07.1.17.1.2</td> 353 <td>2017 2 9 </td> 354 </tr> 355 </tbody></table> 356 357 <h3 id="id-in-file-based-encryption"></h3> 358 359 <p></p> 360 361 <table> 362 <colgroup><col width="18%" /> 363 <col width="17%" /> 364 <col width="10%" /> 365 <col width="19%" /> 366 <col width="18%" /> 367 <col width="17%" /> 368 </colgroup><tbody><tr> 369 <th>CVE</th> 370 <th></th> 371 <th></th> 372 <th> Google </th> 373 <th> AOSP </th> 374 <th></th> 375 </tr> 376 <tr> 377 <td>CVE-2017-0493</td> 378 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/e4cefbf4fce458489b5f1bebc79dfaf566bcc5d5">A-32793550</a> [<a href="https://android.googlesource.com/platform/frameworks/base/+/f806d65e615b942c268a5f68d44bde9d55634972">2</a>]</td> 379 <td></td> 380 <td></td> 381 <td>7.07.1.1</td> 382 <td>2016 11 9 </td> 383 </tr> 384 </tbody></table> 385 386 <h3 id="id-in-bluetooth"></h3> 387 388 <p></p> 389 390 <table> 391 <colgroup><col width="18%" /> 392 <col width="17%" /> 393 <col width="10%" /> 394 <col width="19%" /> 395 <col width="18%" /> 396 <col width="17%" /> 397 </colgroup><tbody><tr> 398 <th>CVE</th> 399 <th></th> 400 <th></th> 401 <th> Google </th> 402 <th> AOSP </th> 403 <th></th> 404 </tr> 405 <tr> 406 <td>CVE-2017-0602</td> 407 <td><a href="https://android.googlesource.com/platform/system/bt/+/a4875a49404c544134df37022ae587a4a3321647">A-34946955</a></td> 408 <td></td> 409 <td></td> 410 <td>4.4.45.0.25.1.16.06.0.17.07.1.17.1.2</td> 411 <td>2016 12 5 </td> 412 </tr> 413 </tbody></table> 414 415 <h3 id="id-in-openssl-&-boringssl">OpenSSL BoringSSL </h3> 416 417 <p>OpenSSL BoringSSL </p> 418 419 <table> 420 <colgroup><col width="18%" /> 421 <col width="17%" /> 422 <col width="10%" /> 423 <col width="19%" /> 424 <col width="18%" /> 425 <col width="17%" /> 426 </colgroup><tbody><tr> 427 <th>CVE</th> 428 <th></th> 429 <th></th> 430 <th> Google </th> 431 <th> AOSP </th> 432 <th></th> 433 </tr> 434 <tr> 435 <td>CVE-2016-7056</td> 436 <td><a href="https://android.googlesource.com/platform/external/boringssl/+/13179a8e75fee98740b5ce728752aa7294b3e32d">A-33752052</a></td> 437 <td></td> 438 <td></td> 439 <td>4.4.45.0.25.1.16.06.0.17.07.1.17.1.2</td> 440 <td>2016 12 19 </td> 441 </tr> 442 </tbody></table> 443 444 <h3 id="dos-in-mediaserver-2">Mediaserver </h3> 445 446 <p>Mediaserver </p> 447 448 <table> 449 <colgroup><col width="18%" /> 450 <col width="17%" /> 451 <col width="10%" /> 452 <col width="19%" /> 453 <col width="18%" /> 454 <col width="17%" /> 455 </colgroup><tbody><tr> 456 <th>CVE</th> 457 <th></th> 458 <th></th> 459 <th> Google </th> 460 <th> AOSP </th> 461 <th></th> 462 </tr> 463 <tr> 464 <td>CVE-2017-0603</td> 465 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/36b04932bb93cc3269279282686b439a17a89920">A-35763994</a></td> 466 <td></td> 467 <td></td> 468 <td>4.4.45.0.25.1.16.06.0.17.07.1.17.1.2</td> 469 <td>2017 2 23 </td> 470 </tr> 471 </tbody></table> 472 473 <h3 id="dos-in-mediaserver-3">Mediaserver </h3> 474 475 <p>Mediaserver </p> 476 477 <table> 478 <colgroup><col width="18%" /> 479 <col width="17%" /> 480 <col width="10%" /> 481 <col width="19%" /> 482 <col width="18%" /> 483 <col width="17%" /> 484 </colgroup><tbody><tr> 485 <th>CVE</th> 486 <th></th> 487 <th></th> 488 <th> Google </th> 489 <th> AOSP </th> 490 <th></th> 491 </tr> 492 <tr> 493 <td>CVE-2017-0635</td> 494 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/523f6b49c1a2289161f40cf9fe80b92e592e9441">A-35467107</a></td> 495 <td></td> 496 <td></td> 497 <td>7.07.1.17.1.2</td> 498 <td>2017 2 16 </td> 499 </tr> 500 </tbody></table> 501 502 <h2 id="2017-05-05-details">2017-05-05 - </h2> 503 504 <p> 2017-05-05 CVE Google AOSP Bug ID AOSP Bug Bug ID </p> 505 506 <h3 id="rce-in-giflib">GIFLIB </h3> 507 508 <p>GIFLIB Mediaserver </p> 509 510 <table> 511 <colgroup><col width="18%" /> 512 <col width="17%" /> 513 <col width="10%" /> 514 <col width="19%" /> 515 <col width="18%" /> 516 <col width="17%" /> 517 </colgroup><tbody><tr> 518 <th>CVE</th> 519 <th></th> 520 <th></th> 521 <th> Google </th> 522 <th> AOSP </th> 523 <th></th> 524 </tr> 525 <tr> 526 <td>CVE-2015-7555</td> 527 <td><a href="https://android.googlesource.com/platform/external/giflib/+/dc07290edccc2c3fc4062da835306f809cea1fdc">A-34697653</a></td> 528 <td></td> 529 <td></td> 530 <td>4.4.45.0.25.1.16.06.0.17.07.1.17.1.2</td> 531 <td>2016 4 13 </td> 532 </tr> 533 </tbody></table> 534 535 <h3 id="eop-in-mediatek-touchscreen-driver">MediaTek </h3> 536 537 <p>MediaTek </p> 538 539 <table> 540 <colgroup><col width="19%" /> 541 <col width="20%" /> 542 <col width="10%" /> 543 <col width="23%" /> 544 <col width="17%" /> 545 </colgroup><tbody><tr> 546 <th>CVE</th> 547 <th></th> 548 <th></th> 549 <th> Google </th> 550 <th></th> 551 </tr> 552 <tr> 553 <td>CVE-2016-10274</td> 554 <td>A-30202412*<br />M-ALPS02897901</td> 555 <td></td> 556 <td>**</td> 557 <td>2016 7 16 </td> 558 </tr> 559 </tbody></table> 560 561 <p>* <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> Nexus </p> 562 563 <p>** Android 7.1.1 Google </p> 564 565 <h3 id="eop-in-qualcomm-bootloader">Qualcomm </h3> 566 567 <p>Qualcomm </p> 568 569 <table> 570 <colgroup><col width="19%" /> 571 <col width="20%" /> 572 <col width="10%" /> 573 <col width="23%" /> 574 <col width="17%" /> 575 </colgroup><tbody><tr> 576 <th>CVE</th> 577 <th></th> 578 <th></th> 579 <th> Google </th> 580 <th></th> 581 </tr> 582 <tr> 583 <td>CVE-2016-10275</td> 584 <td>A-34514954<br /> 585 <a href="https://source.codeaurora.org/quic/la//kernel/lk/commit/?id=1a0a15c380e11fc46f8d8706ea5ae22b752bdd0b">QC-CR#1009111</a></td> 586 <td></td> 587 <td>Nexus 5XNexus 6PixelPixel XLAndroid One</td> 588 <td>2016 9 13 </td> 589 </tr> 590 <tr> 591 <td>CVE-2016-10276</td> 592 <td>A-32952839<br /> 593 <a href="https://source.codeaurora.org/quic/la//kernel/lk/commit/?id=5dac431748027e8b50a5c4079967def4ea53ad64">QC-CR#1094105</a></td> 594 <td></td> 595 <td>Nexus 5XNexus 6PPixelPixel XL</td> 596 <td>2016 11 16 </td> 597 </tr> 598 </tbody></table> 599 600 <h3 id="eop-in-kernel-sound-subsystem"></h3> 601 602 <p></p> 603 604 <table> 605 <colgroup><col width="19%" /> 606 <col width="20%" /> 607 <col width="10%" /> 608 <col width="23%" /> 609 <col width="17%" /> 610 </colgroup><tbody><tr> 611 <th>CVE</th> 612 <th></th> 613 <th></th> 614 <th> Google </th> 615 <th></th> 616 </tr> 617 <tr> 618 <td>CVE-2016-9794</td> 619 <td>A-34068036<br /> 620 <a href="https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?id=a27178e05b7c332522df40904f27674e36ee3757"></a></td> 621 <td></td> 622 <td>Nexus 5XNexus 6Nexus 6PNexus 9PixelPixel XLPixel CAndroid OneNexus Player</td> 623 <td>2016 12 3 </td> 624 </tr> 625 </tbody></table> 626 627 <h3 id="eop-in-motorola-bootloader">Motorola </h3> 628 629 <p>Motorola </p> 630 631 <table> 632 <colgroup><col width="19%" /> 633 <col width="20%" /> 634 <col width="10%" /> 635 <col width="23%" /> 636 <col width="17%" /> 637 </colgroup><tbody><tr> 638 <th>CVE</th> 639 <th></th> 640 <th></th> 641 <th> Google </th> 642 <th></th> 643 </tr> 644 <tr> 645 <td>CVE-2016-10277</td> 646 <td>A-33840490*<br /> 647 </td> 648 <td></td> 649 <td>Nexus 6</td> 650 <td>2016 12 21 </td> 651 </tr> 652 </tbody></table> 653 654 <p>* <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> Nexus </p> 655 656 <h3 id="eop-in-nvidia-video-driver">NVIDIA </h3> 657 658 <p>NVIDIA </p> 659 660 <table> 661 <colgroup><col width="19%" /> 662 <col width="20%" /> 663 <col width="10%" /> 664 <col width="23%" /> 665 <col width="17%" /> 666 </colgroup><tbody><tr> 667 <th>CVE</th> 668 <th></th> 669 <th></th> 670 <th> Google </th> 671 <th></th> 672 </tr> 673 <tr> 674 <td>CVE-2017-0331</td> 675 <td>A-34113000*<br />N-CVE-2017-0331</td> 676 <td></td> 677 <td>Nexus 9</td> 678 <td>2017 1 4 </td> 679 </tr> 680 </tbody></table> 681 682 <p>* <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> Nexus </p> 683 684 <h3 id="eop-in-qualcomm-power-driver">Qualcomm </h3> 685 686 <p> Qualcomm </p> 687 688 <table> 689 <colgroup><col width="19%" /> 690 <col width="20%" /> 691 <col width="10%" /> 692 <col width="23%" /> 693 <col width="17%" /> 694 </colgroup><tbody><tr> 695 <th>CVE</th> 696 <th></th> 697 <th></th> 698 <th> Google </th> 699 <th></th> 700 </tr> 701 <tr> 702 <td>CVE-2017-0604</td> 703 <td>A-35392981<br /> 704 <a href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=6975e2dd5f37de965093ba3a8a08635a77a960f7">QC-CR#826589</a></td> 705 <td></td> 706 <td>*</td> 707 <td>2017 2 15 </td> 708 </tr> 709 </tbody></table> 710 711 <p>* Android 7.1.1 Google </p> 712 713 <h3 id="eop-in-kernel-trace-subsystem"></h3> 714 715 <p></p> 716 717 <table> 718 <colgroup><col width="19%" /> 719 <col width="20%" /> 720 <col width="10%" /> 721 <col width="23%" /> 722 <col width="17%" /> 723 </colgroup><tbody><tr> 724 <th>CVE</th> 725 <th></th> 726 <th></th> 727 <th> Google </th> 728 <th></th> 729 </tr> 730 <tr> 731 <td>CVE-2017-0605</td> 732 <td>A-35399704<br /> 733 <a href="https://source.codeaurora.org/quic/la//kernel/msm-3.10/commit/?id=2161ae9a70b12cf18ac8e5952a20161ffbccb477">QC-CR#1048480</a></td> 734 <td></td> 735 <td>Nexus 5XNexus 6Nexus 6PNexus 9PixelPixel XLPixel CAndroid OneNexus Player</td> 736 <td>2017 2 15 </td> 737 </tr> 738 </tbody></table> 739 740 <h3 id="vulnerabilities-in-qualcomm-components">Qualcomm </h3> 741 742 <p> Qualcomm 2016 8 9 10 12 Qualcomm AMSS </p> 743 744 <table> 745 <colgroup><col width="19%" /> 746 <col width="20%" /> 747 <col width="10%" /> 748 <col width="23%" /> 749 <col width="17%" /> 750 </colgroup><tbody><tr> 751 <th>CVE</th> 752 <th></th> 753 <th></th> 754 <th> Google </th> 755 <th></th> 756 </tr> 757 <tr> 758 <td>CVE-2016-10240</td> 759 <td>A-32578446**<br />QC-CR#955710</td> 760 <td></td> 761 <td>Nexus 6P</td> 762 <td>Qualcomm </td> 763 </tr> 764 <tr> 765 <td>CVE-2016-10241</td> 766 <td>A-35436149**<br />QC-CR#1068577</td> 767 <td></td> 768 <td>Nexus 5XNexus 6Nexus 6PPixelPixel XL</td> 769 <td>Qualcomm </td> 770 </tr> 771 <tr> 772 <td>CVE-2016-10278</td> 773 <td>A-31624008**<br />QC-CR#1043004</td> 774 <td></td> 775 <td>PixelPixel XL</td> 776 <td>Qualcomm </td> 777 </tr> 778 <tr> 779 <td>CVE-2016-10279</td> 780 <td>A-31624421**<br />QC-CR#1031821</td> 781 <td></td> 782 <td>PixelPixel XL</td> 783 <td>Qualcomm </td> 784 </tr> 785 </tbody></table> 786 787 <p>* </p> 788 789 <p>* <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> Nexus </p> 790 791 <p>*** Android 7.1.1 Google </p> 792 793 <h3 id="rce-in-libxml2">libxml2 </h3> 794 795 <p>libxml2 </p> 796 797 <table> 798 <colgroup><col width="18%" /> 799 <col width="17%" /> 800 <col width="10%" /> 801 <col width="19%" /> 802 <col width="18%" /> 803 <col width="17%" /> 804 </colgroup><tbody><tr> 805 <th>CVE</th> 806 <th></th> 807 <th></th> 808 <th> Google </th> 809 <th> AOSP </th> 810 <th></th> 811 </tr> 812 <tr> 813 <td>CVE-2016-5131</td> 814 <td>A-32956747*</td> 815 <td></td> 816 <td>**</td> 817 <td>4.4.45.0.25.1.16.06.0.17.0</td> 818 <td>2016 7 23 </td> 819 </tr> 820 </tbody></table> 821 822 <p>* <a href="https://developers.google.com/android/drivers">Google Developers </a> Nexus </p> 823 824 <p>** Android 7.1.1 Google </p> 825 826 <h3 id="eop-in-mediatek-thermal-driver">MediaTek </h3> 827 828 <p>MediaTek </p> 829 830 <table> 831 <colgroup><col width="19%" /> 832 <col width="20%" /> 833 <col width="10%" /> 834 <col width="23%" /> 835 <col width="17%" /> 836 </colgroup><tbody><tr> 837 <th>CVE</th> 838 <th></th> 839 <th></th> 840 <th> Google </th> 841 <th></th> 842 </tr> 843 <tr> 844 <td>CVE-2016-10280</td> 845 <td>A-28175767*<br />M-ALPS02696445</td> 846 <td></td> 847 <td>**</td> 848 <td>2016 4 11 </td> 849 </tr> 850 <tr> 851 <td>CVE-2016-10281</td> 852 <td>A-28175647*<br />M-ALPS02696475</td> 853 <td></td> 854 <td>**</td> 855 <td>2016 4 11 </td> 856 </tr> 857 <tr> 858 <td>CVE-2016-10282</td> 859 <td>A-33939045*<br />M-ALPS03149189</td> 860 <td></td> 861 <td>**</td> 862 <td>2016 12 27 </td> 863 </tr> 864 </tbody></table> 865 866 <p>* <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> Nexus </p> 867 868 <p>** Android 7.1.1 Google </p> 869 870 <h3 id="eop-in-qualcomm-wi-fi-driver">Qualcomm WLAN </h3> 871 872 <p>Qualcomm WLAN </p> 873 874 <table> 875 <colgroup><col width="19%" /> 876 <col width="20%" /> 877 <col width="10%" /> 878 <col width="23%" /> 879 <col width="17%" /> 880 </colgroup><tbody><tr> 881 <th>CVE</th> 882 <th></th> 883 <th></th> 884 <th> Google </th> 885 <th></th> 886 </tr> 887 <tr> 888 <td>CVE-2016-10283</td> 889 <td>A-32094986<br /> 890 <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=93863644b4547324309613361d70ad9dc91f8dfd">QC-CR#2002052</a></td> 891 <td></td> 892 <td>Nexus 5XPixelPixel XLAndroid One</td> 893 <td>2016 10 11 </td> 894 </tr> 895 </tbody></table> 896 897 <h3 id="eop-in-qualcomm-video-driver">Qualcomm </h3> 898 899 <p>Qualcomm </p> 900 901 <table> 902 <colgroup><col width="19%" /> 903 <col width="20%" /> 904 <col width="10%" /> 905 <col width="23%" /> 906 <col width="17%" /> 907 </colgroup><tbody><tr> 908 <th>CVE</th> 909 <th></th> 910 <th></th> 911 <th> Google </th> 912 <th></th> 913 </tr> 914 <tr> 915 <td>CVE-2016-10284</td> 916 <td>A-32402303*<br />QC-CR#2000664</td> 917 <td></td> 918 <td>Nexus 5XNexus 6Nexus 6PPixelPixel XLAndroid One</td> 919 <td>2016 10 24 </td> 920 </tr> 921 <tr> 922 <td>CVE-2016-10285</td> 923 <td>A-33752702<br /> 924 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=67dfd3a65336e0b3f55ee83d6312321dc5f2a6f9">QC-CR#1104899</a></td> 925 <td></td> 926 <td>PixelPixel XL</td> 927 <td>2016 12 19 </td> 928 </tr> 929 <tr> 930 <td>CVE-2016-10286</td> 931 <td>A-35400904<br /> 932 <a href="https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=5d30a3d0dc04916ddfb972bfc52f8e636642f999">QC-CR#1090237</a></td> 933 <td></td> 934 <td>PixelPixel XL</td> 935 <td>2017 2 15 </td> 936 </tr> 937 </tbody></table> 938 939 <p>* <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> Nexus </p> 940 941 <h3 id="eop-in-kernel-performance-subsystem"></h3> 942 943 <p></p> 944 945 <table> 946 <colgroup><col width="19%" /> 947 <col width="20%" /> 948 <col width="10%" /> 949 <col width="23%" /> 950 <col width="17%" /> 951 </colgroup><tbody><tr> 952 <th>CVE</th> 953 <th></th> 954 <th></th> 955 <th> Google </th> 956 <th></th> 957 </tr> 958 <tr> 959 <td>CVE-2015-9004</td> 960 <td>A-34515362<br /> 961 <a href="https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?id=c3c87e770458aa004bd7ed3f29945ff436fd6511"></a></td> 962 <td></td> 963 <td>Nexus 5XNexus 6Nexus 6PNexus 9PixelPixel XLPixel CAndroid OneNexus Player</td> 964 <td>2016 11 23 </td> 965 </tr> 966 </tbody></table> 967 968 <h3 id="eop-in-qualcomm-sound-driver">Qualcomm </h3> 969 970 <p>Qualcomm </p> 971 972 <table> 973 <colgroup><col width="19%" /> 974 <col width="20%" /> 975 <col width="10%" /> 976 <col width="23%" /> 977 <col width="17%" /> 978 </colgroup><tbody><tr> 979 <th>CVE</th> 980 <th></th> 981 <th></th> 982 <th> Google </th> 983 <th></th> 984 </tr> 985 <tr> 986 <td>CVE-2016-10287</td> 987 <td>A-33784446<br /> 988 <a href="https://www.codeaurora.org/gitweb/quic/la/?p=kernel/msm-4.4.git;a=commit;h=937bc9e644180e258c68662095861803f7ba4ded">QC-CR#1112751</a></td> 989 <td></td> 990 <td>Nexus 5XNexus 6PPixelPixel XLAndroid One</td> 991 <td>2016 12 20 </td> 992 </tr> 993 <tr> 994 <td>CVE-2017-0606</td> 995 <td>A-34088848<br /> 996 <a href="https://www.codeaurora.org/gitweb/quic/la/?p=kernel/msm-4.4.git;a=commit;h=d3237316314c3d6f75a58192971f66e3822cd250">QC-CR#1116015</a></td> 997 <td></td> 998 <td>Nexus 5XNexus 6PPixelPixel XLAndroid One</td> 999 <td>2017 1 3 </td> 1000 </tr> 1001 <tr> 1002 <td>CVE-2016-5860</td> 1003 <td>A-34623424<br /> 1004 <a href="https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=9f91ae0d7203714fc39ae78e1f1c4fd71ed40498">QC-CR#1100682</a></td> 1005 <td></td> 1006 <td>PixelPixel XL</td> 1007 <td>2017 1 22 </td> 1008 </tr> 1009 <tr> 1010 <td>CVE-2016-5867</td> 1011 <td>A-35400602<br /> 1012 <a href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=065360da7147003aed8f59782b7652d565f56be5">QC-CR#1095947</a></td> 1013 <td></td> 1014 <td>*</td> 1015 <td>2017 2 15 </td> 1016 </tr> 1017 <tr> 1018 <td>CVE-2017-0607</td> 1019 <td>A-35400551<br /> 1020 <a href="https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=b003c8d5407773d3aa28a48c9841e4c124da453d">QC-CR#1085928</a></td> 1021 <td></td> 1022 <td>PixelPixel XL</td> 1023 <td>2017 2 15 </td> 1024 </tr> 1025 <tr> 1026 <td>CVE-2017-0608</td> 1027 <td>A-35400458<br /> 1028 <a href="https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=b66f442dd97c781e873e8f7b248e197f86fd2980">QC-CR#1098363</a></td> 1029 <td></td> 1030 <td>Nexus 5XNexus 6Nexus 6PPixelPixel XLAndroid One</td> 1031 <td>2017 2 15 </td> 1032 </tr> 1033 <tr> 1034 <td>CVE-2017-0609</td> 1035 <td>A-35399801<br /> 1036 <a href="https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=38a83df036084c00e8c5a4599c8ee7880b4ee567">QC-CR#1090482</a></td> 1037 <td></td> 1038 <td>Nexus 5XNexus 6PPixelPixel XLAndroid One</td> 1039 <td>2017 2 15 </td> 1040 </tr> 1041 <tr> 1042 <td>CVE-2016-5859</td> 1043 <td>A-35399758<br /> 1044 <a href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=97fdb441a9fb330a76245e473bc1a2155c809ebe">QC-CR#1096672</a></td> 1045 <td></td> 1046 <td>*</td> 1047 <td>2017 2 15 </td> 1048 </tr> 1049 <tr> 1050 <td>CVE-2017-0610</td> 1051 <td>A-35399404<br /> 1052 <a href="https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=65009746a6e649779f73d665934561ea983892fe">QC-CR#1094852</a></td> 1053 <td></td> 1054 <td>Nexus 5XNexus 6Nexus 6PPixelPixel XLAndroid One</td> 1055 <td>2017 2 15 </td> 1056 </tr> 1057 <tr> 1058 <td>CVE-2017-0611</td> 1059 <td>A-35393841<br /> 1060 <a href="https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=1aa5df9246557a98181f03e98530ffd509b954c8">QC-CR#1084210</a></td> 1061 <td></td> 1062 <td>Nexus 5XNexus 6Nexus 6PPixelPixel XLAndroid One</td> 1063 <td>2017 2 15 </td> 1064 </tr> 1065 <tr> 1066 <td>CVE-2016-5853</td> 1067 <td>A-35392629<br /> 1068 <a href="https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=a8f3b894de319718aecfc2ce9c691514696805be">QC-CR#1102987</a></td> 1069 <td></td> 1070 <td>*</td> 1071 <td>2017 2 15 </td> 1072 </tr> 1073 </tbody></table> 1074 1075 <p>* Android 7.1.1 Google </p> 1076 1077 <h3 id="eop-in-qualcomm-led-driver">Qualcomm LED </h3> 1078 1079 <p>Qualcomm LED </p> 1080 1081 <table> 1082 <colgroup><col width="19%" /> 1083 <col width="20%" /> 1084 <col width="10%" /> 1085 <col width="23%" /> 1086 <col width="17%" /> 1087 </colgroup><tbody><tr> 1088 <th>CVE</th> 1089 <th></th> 1090 <th></th> 1091 <th> Google </th> 1092 <th></th> 1093 </tr> 1094 <tr> 1095 <td>CVE-2016-10288</td> 1096 <td>A-33863909<br /> 1097 <a href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=db2cdc95204bc404f03613d5dd7002251fb33660">QC-CR#1109763</a></td> 1098 <td></td> 1099 <td>PixelPixel XL</td> 1100 <td>2016 12 23 </td> 1101 </tr> 1102 </tbody></table> 1103 1104 <h3 id="eop-in-qualcomm-crypto-driver">Qualcomm </h3> 1105 1106 <p>Qualcomm </p> 1107 1108 <table> 1109 <colgroup><col width="19%" /> 1110 <col width="20%" /> 1111 <col width="10%" /> 1112 <col width="23%" /> 1113 <col width="17%" /> 1114 </colgroup><tbody><tr> 1115 <th>CVE</th> 1116 <th></th> 1117 <th></th> 1118 <th> Google </th> 1119 <th></th> 1120 </tr> 1121 <tr> 1122 <td>CVE-2016-10289</td> 1123 <td>A-33899710<br /> 1124 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=a604e6f3889ccc343857532b63dea27603381816">QC-CR#1116295</a></td> 1125 <td></td> 1126 <td>Nexus 5XNexus 6Nexus 6PPixelPixel XLAndroid One</td> 1127 <td>2016 12 24 </td> 1128 </tr> 1129 </tbody></table> 1130 1131 <h3 id="eop-in-qualcomm-shared-memory-driver">Qualcomm </h3> 1132 1133 <p>Qualcomm </p> 1134 1135 <table> 1136 <colgroup><col width="19%" /> 1137 <col width="20%" /> 1138 <col width="10%" /> 1139 <col width="23%" /> 1140 <col width="17%" /> 1141 </colgroup><tbody><tr> 1142 <th>CVE</th> 1143 <th></th> 1144 <th></th> 1145 <th> Google </th> 1146 <th></th> 1147 </tr> 1148 <tr> 1149 <td>CVE-2016-10290</td> 1150 <td>A-33898330<br /> 1151 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=a5e46d8635a2e28463b365aacdeab6750abd0d49">QC-CR#1109782</a></td> 1152 <td></td> 1153 <td>Nexus 5XNexus 6PPixelPixel XL</td> 1154 <td>2016 12 24 </td> 1155 </tr> 1156 </tbody></table> 1157 1158 <h3 id="eop-in-qualcomm-slimbus-driver">Qualcomm Slimbus </h3> 1159 1160 <p>Qualcomm Slimbus </p> 1161 1162 <table> 1163 <colgroup><col width="19%" /> 1164 <col width="20%" /> 1165 <col width="10%" /> 1166 <col width="23%" /> 1167 <col width="17%" /> 1168 </colgroup><tbody><tr> 1169 <th>CVE</th> 1170 <th></th> 1171 <th></th> 1172 <th> Google </th> 1173 <th></th> 1174 </tr> 1175 <tr> 1176 <td>CVE-2016-10291</td> 1177 <td>A-34030871<br /> 1178 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=a225074c0494ca8125ca0ac2f9ebc8a2bd3612de">QC-CR#986837</a></td> 1179 <td></td> 1180 <td>Nexus 5XNexus 6Nexus 6PAndroid One</td> 1181 <td>2016 12 31 </td> 1182 </tr> 1183 </tbody></table> 1184 1185 <h3 id="eop-in-qualcomm-adsprpc-driver">Qualcomm ADSPRPC </h3> 1186 1187 <p>Qualcomm ADSPRPC </p> 1188 1189 <table> 1190 <colgroup><col width="19%" /> 1191 <col width="20%" /> 1192 <col width="10%" /> 1193 <col width="23%" /> 1194 <col width="17%" /> 1195 </colgroup><tbody><tr> 1196 <th>CVE</th> 1197 <th></th> 1198 <th></th> 1199 <th> Google </th> 1200 <th></th> 1201 </tr> 1202 <tr> 1203 <td>CVE-2017-0465</td> 1204 <td>A-34112914<br /> 1205 <a href="https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=3823f0f8d0bbbbd675a42a54691f4051b3c7e544">QC-CR#1110747</a></td> 1206 <td></td> 1207 <td>Nexus 5XNexus 6PPixelPixel XLAndroid One</td> 1208 <td>2017 1 5 </td> 1209 </tr> 1210 </tbody></table> 1211 1212 <h3 id="eop-in-qualcomm-secure-execution-environment-communicator-driver">Qualcomm </h3> 1213 1214 <p>Qualcomm </p> 1215 1216 <table> 1217 <colgroup><col width="19%" /> 1218 <col width="20%" /> 1219 <col width="10%" /> 1220 <col width="23%" /> 1221 <col width="17%" /> 1222 </colgroup><tbody><tr> 1223 <th>CVE</th> 1224 <th></th> 1225 <th></th> 1226 <th> Google </th> 1227 <th></th> 1228 </tr> 1229 <tr> 1230 <td>CVE-2017-0612</td> 1231 <td>A-34389303<br /> 1232 <a href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=05efafc998dc86c3b75af9803ca71255ddd7a8eb">QC-CR#1061845</a></td> 1233 <td></td> 1234 <td>PixelPixel XL</td> 1235 <td>2017 1 10 </td> 1236 </tr> 1237 <tr> 1238 <td>CVE-2017-0613</td> 1239 <td>A-35400457<br /> 1240 <a href="https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=b108c651cae9913da1ab163cb4e5f7f2db87b747">QC-CR#1086140</a></td> 1241 <td></td> 1242 <td>Nexus 5XNexus 6Nexus 6PPixelPixel XLAndroid One</td> 1243 <td>2017 2 15 </td> 1244 </tr> 1245 <tr> 1246 <td>CVE-2017-0614</td> 1247 <td>A-35399405<br /> 1248 <a href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=fc2ae27eb9721a0ce050c2062734fec545cda604">QC-CR#1080290</a></td> 1249 <td></td> 1250 <td>Nexus 5XNexus 6Nexus 6PPixelPixel XLAndroid One</td> 1251 <td>2017 2 15 </td> 1252 </tr> 1253 </tbody></table> 1254 1255 <h3 id="eop-in-mediatek-power-driver">MediaTek </h3> 1256 1257 <p>MediaTek </p> 1258 1259 <table> 1260 <colgroup><col width="19%" /> 1261 <col width="20%" /> 1262 <col width="10%" /> 1263 <col width="23%" /> 1264 <col width="17%" /> 1265 </colgroup><tbody><tr> 1266 <th>CVE</th> 1267 <th></th> 1268 <th></th> 1269 <th> Google </th> 1270 <th></th> 1271 </tr> 1272 <tr> 1273 <td>CVE-2017-0615</td> 1274 <td>A-34259126*<br />M-ALPS03150278</td> 1275 <td></td> 1276 <td>**</td> 1277 <td>2017 1 12 </td> 1278 </tr> 1279 </tbody></table> 1280 1281 <p>* <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> Nexus </p> 1282 1283 <p>** Android 7.1.1 Google </p> 1284 1285 <h3 id="eop-in-mediatek-system-management-interrupt-driver">MediaTek </h3> 1286 1287 <p>MediaTek </p> 1288 1289 <table> 1290 <colgroup><col width="19%" /> 1291 <col width="20%" /> 1292 <col width="10%" /> 1293 <col width="23%" /> 1294 <col width="17%" /> 1295 </colgroup><tbody><tr> 1296 <th>CVE</th> 1297 <th></th> 1298 <th></th> 1299 <th> Google </th> 1300 <th></th> 1301 </tr> 1302 <tr> 1303 <td>CVE-2017-0616</td> 1304 <td>A-34470286*<br />M-ALPS03149160</td> 1305 <td></td> 1306 <td>**</td> 1307 <td>2017 1 19 </td> 1308 </tr> 1309 </tbody></table> 1310 1311 <p>* <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> Nexus </p> 1312 1313 <p>** Android 7.1.1 Google </p> 1314 1315 <h3 id="eop-in-mediatek-video-driver">MediaTek </h3> 1316 1317 <p>MediaTek </p> 1318 1319 <table> 1320 <colgroup><col width="19%" /> 1321 <col width="20%" /> 1322 <col width="10%" /> 1323 <col width="23%" /> 1324 <col width="17%" /> 1325 </colgroup><tbody><tr> 1326 <th>CVE</th> 1327 <th></th> 1328 <th></th> 1329 <th> Google </th> 1330 <th></th> 1331 </tr> 1332 <tr> 1333 <td>CVE-2017-0617</td> 1334 <td>A-34471002*<br />M-ALPS03149173</td> 1335 <td></td> 1336 <td>**</td> 1337 <td>2017 1 19 </td> 1338 </tr> 1339 </tbody></table> 1340 1341 <p>* <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> Nexus </p> 1342 1343 <p>** Android 7.1.1 Google </p> 1344 1345 <h3 id="eop-in-mediatek-command-queue-driver">MediaTek </h3> 1346 1347 <p>MediaTek </p> 1348 1349 <table> 1350 <colgroup><col width="19%" /> 1351 <col width="20%" /> 1352 <col width="10%" /> 1353 <col width="23%" /> 1354 <col width="17%" /> 1355 </colgroup><tbody><tr> 1356 <th>CVE</th> 1357 <th></th> 1358 <th></th> 1359 <th> Google </th> 1360 <th></th> 1361 </tr> 1362 <tr> 1363 <td>CVE-2017-0618</td> 1364 <td>A-35100728*<br />M-ALPS03161536</td> 1365 <td></td> 1366 <td>**</td> 1367 <td>2017 2 7 </td> 1368 </tr> 1369 </tbody></table> 1370 1371 <p>* <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> Nexus </p> 1372 1373 <p>** Android 7.1.1 Google </p> 1374 1375 <h3 id="eop-in-qualcomm-pin-controller-driver">Qualcomm PIN </h3> 1376 1377 <p>Qualcomm PIN </p> 1378 1379 <table> 1380 <colgroup><col width="19%" /> 1381 <col width="20%" /> 1382 <col width="10%" /> 1383 <col width="23%" /> 1384 <col width="17%" /> 1385 </colgroup><tbody><tr> 1386 <th>CVE</th> 1387 <th></th> 1388 <th></th> 1389 <th> Google </th> 1390 <th></th> 1391 </tr> 1392 <tr> 1393 <td>CVE-2017-0619</td> 1394 <td>A-35401152<br /> 1395 <a href="https://source.codeaurora.org/quic/la//kernel/msm-3.14/commit/?id=72f67b29a9c5e6e8d3c34751600c749c5f5e13e1">QC-CR#826566</a></td> 1396 <td></td> 1397 <td>Nexus 6Android One</td> 1398 <td>2017 2 15 </td> 1399 </tr> 1400 </tbody></table> 1401 1402 <h3 id="eop-in-qualcomm-secure-channel-manager-driver">Qualcomm </h3> 1403 1404 <p>Qualcomm </p> 1405 1406 <table> 1407 <colgroup><col width="19%" /> 1408 <col width="20%" /> 1409 <col width="10%" /> 1410 <col width="23%" /> 1411 <col width="17%" /> 1412 </colgroup><tbody><tr> 1413 <th>CVE</th> 1414 <th></th> 1415 <th></th> 1416 <th> Google </th> 1417 <th></th> 1418 </tr> 1419 <tr> 1420 <td>CVE-2017-0620</td> 1421 <td>A-35401052<br /> 1422 <a href="https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=01b2c9a5d728ff6f2f1f28a5d4e927aaeabf56ed">QC-CR#1081711</a></td> 1423 <td></td> 1424 <td>Nexus 5XNexus 6Nexus 6PPixelPixel XLAndroid One</td> 1425 <td>2017 2 15 </td> 1426 </tr> 1427 </tbody></table> 1428 1429 <h3 id="eop-in-qualcomm-sound-codec-driver">Qualcomm </h3> 1430 1431 <p>Qualcomm </p> 1432 1433 <table> 1434 <colgroup><col width="19%" /> 1435 <col width="20%" /> 1436 <col width="10%" /> 1437 <col width="23%" /> 1438 <col width="17%" /> 1439 </colgroup><tbody><tr> 1440 <th>CVE</th> 1441 <th></th> 1442 <th></th> 1443 <th> Google </th> 1444 <th></th> 1445 </tr> 1446 <tr> 1447 <td>CVE-2016-5862</td> 1448 <td>A-35399803<br /> 1449 <a href="https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=4199451e83729a3add781eeafaee32994ff65b04">QC-CR#1099607</a></td> 1450 <td></td> 1451 <td>PixelPixel XL</td> 1452 <td>2017 2 15 </td> 1453 </tr> 1454 </tbody></table> 1455 1456 <h3 id="eop-in-kernel-voltage-regulator-driver"></h3> 1457 1458 <p></p> 1459 1460 <table> 1461 <colgroup><col width="19%" /> 1462 <col width="20%" /> 1463 <col width="10%" /> 1464 <col width="23%" /> 1465 <col width="17%" /> 1466 </colgroup><tbody><tr> 1467 <th>CVE</th> 1468 <th></th> 1469 <th></th> 1470 <th> Google </th> 1471 <th></th> 1472 </tr> 1473 <tr> 1474 <td>CVE-2014-9940</td> 1475 <td>A-35399757<br /> 1476 <a href="https://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable.git/commit/?id=60a2362f769cf549dc466134efe71c8bf9fbaaba"></a></td> 1477 <td></td> 1478 <td>Nexus 6Nexus 9Pixel CAndroid OneNexus Player</td> 1479 <td>2017 2 15 </td> 1480 </tr> 1481 </tbody></table> 1482 1483 <h3 id="eop-in-qualcomm-camera-driver">Qualcomm </h3> 1484 1485 <p>Qualcomm </p> 1486 1487 <table> 1488 <colgroup><col width="19%" /> 1489 <col width="20%" /> 1490 <col width="10%" /> 1491 <col width="23%" /> 1492 <col width="17%" /> 1493 </colgroup><tbody><tr> 1494 <th>CVE</th> 1495 <th></th> 1496 <th></th> 1497 <th> Google </th> 1498 <th></th> 1499 </tr> 1500 <tr> 1501 <td>CVE-2017-0621</td> 1502 <td>A-35399703<br /> 1503 <a href="https://source.codeaurora.org/quic/la//kernel/msm-3.10/commit/?id=9656e2c2b3523af20502bf1e933e35a397f5e82f">QC-CR#831322</a></td> 1504 <td></td> 1505 <td>Android One</td> 1506 <td>2017 2 15 </td> 1507 </tr> 1508 </tbody></table> 1509 1510 <h3 id="eop-in-qualcomm-networking-driver">Qualcomm </h3> 1511 1512 <p>Qualcomm </p> 1513 1514 <table> 1515 <colgroup><col width="19%" /> 1516 <col width="20%" /> 1517 <col width="10%" /> 1518 <col width="23%" /> 1519 <col width="17%" /> 1520 </colgroup><tbody><tr> 1521 <th>CVE</th> 1522 <th></th> 1523 <th></th> 1524 <th> Google </th> 1525 <th></th> 1526 </tr> 1527 <tr> 1528 <td>CVE-2016-5868</td> 1529 <td>A-35392791<br /> 1530 <a href="https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=fbb765a3f813f5cc85ddab21487fd65f24bf6a8c">QC-CR#1104431</a></td> 1531 <td></td> 1532 <td>Nexus 5XPixelPixel XL</td> 1533 <td>2017 2 15 </td> 1534 </tr> 1535 </tbody></table> 1536 1537 <h3 id="eop-in-kernel-networking-subsystem"></h3> 1538 1539 <p></p> 1540 1541 <table> 1542 <colgroup><col width="19%" /> 1543 <col width="20%" /> 1544 <col width="10%" /> 1545 <col width="23%" /> 1546 <col width="17%" /> 1547 </colgroup><tbody><tr> 1548 <th>CVE</th> 1549 <th></th> 1550 <th></th> 1551 <th> Google </th> 1552 <th></th> 1553 </tr> 1554 <tr> 1555 <td>CVE-2017-7184</td> 1556 <td>A-36565222<br /> 1557 <a href="https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=677e806da4d916052585301785d847c3b3e6186a"></a> <a href="https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f843ee6dd019bcece3e74e76ad9df0155655d0df">[2]</a></td> 1558 <td></td> 1559 <td>Nexus 5XNexus 6Nexus 6PNexus 9PixelPixel XLAndroid One</td> 1560 <td>2017 3 23 </td> 1561 </tr> 1562 </tbody></table> 1563 1564 <h3 id="eop-in-goodix-touchscreen-driver">Goodix </h3> 1565 1566 <p>Goodix </p> 1567 1568 <table> 1569 <colgroup><col width="19%" /> 1570 <col width="20%" /> 1571 <col width="10%" /> 1572 <col width="23%" /> 1573 <col width="17%" /> 1574 </colgroup><tbody><tr> 1575 <th>CVE</th> 1576 <th></th> 1577 <th></th> 1578 <th> Google </th> 1579 <th></th> 1580 </tr> 1581 <tr> 1582 <td>CVE-2017-0622</td> 1583 <td>A-32749036<br /> 1584 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=40efa25345003a96db34effbd23ed39530b3ac10">QC-CR#1098602</a></td> 1585 <td></td> 1586 <td>Android One</td> 1587 <td>Google </td> 1588 </tr> 1589 </tbody></table> 1590 1591 <h3 id="eop-in-htc-bootloader">HTC </h3> 1592 1593 <p>HTC </p> 1594 1595 <table> 1596 <colgroup><col width="19%" /> 1597 <col width="20%" /> 1598 <col width="10%" /> 1599 <col width="23%" /> 1600 <col width="17%" /> 1601 </colgroup><tbody><tr> 1602 <th>CVE</th> 1603 <th></th> 1604 <th></th> 1605 <th> Google </th> 1606 <th></th> 1607 </tr> 1608 <tr> 1609 <td>CVE-2017-0623</td> 1610 <td>A-32512358*<br /> 1611 </td> 1612 <td></td> 1613 <td>PixelPixel XL</td> 1614 <td>Google </td> 1615 </tr> 1616 </tbody></table> 1617 1618 <p>* <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> Nexus </p> 1619 1620 <h3 id="id-in-qualcomm-wi-fi-driver">Qualcomm WLAN </h3> 1621 1622 <p>Qualcomm WLAN </p> 1623 1624 <table> 1625 <colgroup><col width="19%" /> 1626 <col width="20%" /> 1627 <col width="10%" /> 1628 <col width="23%" /> 1629 <col width="17%" /> 1630 </colgroup><tbody><tr> 1631 <th>CVE</th> 1632 <th></th> 1633 <th></th> 1634 <th> Google </th> 1635 <th></th> 1636 </tr> 1637 <tr> 1638 <td>CVE-2017-0624</td> 1639 <td>A-34327795*<br />QC-CR#2005832</td> 1640 <td></td> 1641 <td>Nexus 5XPixelPixel XL</td> 1642 <td>2017 1 16 </td> 1643 </tr> 1644 </tbody></table> 1645 1646 <p>* <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> Nexus </p> 1647 1648 <h3 id="id-in-mediatek-command-queue-driver">MediaTek </h3> 1649 1650 <p>MediaTek </p> 1651 1652 <table> 1653 <colgroup><col width="19%" /> 1654 <col width="20%" /> 1655 <col width="10%" /> 1656 <col width="23%" /> 1657 <col width="17%" /> 1658 </colgroup><tbody><tr> 1659 <th>CVE</th> 1660 <th></th> 1661 <th></th> 1662 <th> Google </th> 1663 <th></th> 1664 </tr> 1665 <tr> 1666 <td>CVE-2017-0625</td> 1667 <td>A-35142799*<br />M-ALPS03161531</td> 1668 <td></td> 1669 <td>**</td> 1670 <td>2017 2 8 </td> 1671 </tr> 1672 </tbody></table> 1673 1674 <p>* <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> Nexus </p> 1675 1676 <p>** Android 7.1.1 Google </p> 1677 1678 <h3 id="id-in-qualcomm-crypto-engine-driver">Qualcomm </h3> 1679 1680 <p>Qualcomm </p> 1681 1682 <table> 1683 <colgroup><col width="19%" /> 1684 <col width="20%" /> 1685 <col width="10%" /> 1686 <col width="23%" /> 1687 <col width="17%" /> 1688 </colgroup><tbody><tr> 1689 <th>CVE</th> 1690 <th></th> 1691 <th></th> 1692 <th> Google </th> 1693 <th></th> 1694 </tr> 1695 <tr> 1696 <td>CVE-2017-0626</td> 1697 <td>A-35393124<br /> 1698 <a href="https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=64551bccab9b5b933757f6256b58f9ca0544f004">QC-CR#1088050</a></td> 1699 <td></td> 1700 <td>Nexus 5XNexus 6Nexus 6PPixelPixel XLAndroid One</td> 1701 <td>2017 2 15 </td> 1702 </tr> 1703 </tbody></table> 1704 1705 <h3 id="dos-in-qualcomm-wi-fi-driver">Qualcomm WLAN </h3> 1706 1707 <p>Qualcomm WLAN WLAN </p> 1708 1709 <table> 1710 <colgroup><col width="19%" /> 1711 <col width="20%" /> 1712 <col width="10%" /> 1713 <col width="23%" /> 1714 <col width="17%" /> 1715 </colgroup><tbody><tr> 1716 <th>CVE</th> 1717 <th></th> 1718 <th></th> 1719 <th> Google </th> 1720 <th></th> 1721 </tr> 1722 <tr> 1723 <td>CVE-2016-10292</td> 1724 <td>A-34514463*<br />QC-CR#1065466</td> 1725 <td></td> 1726 <td>Nexus 5XPixelPixel XL</td> 1727 <td>2016 12 16 </td> 1728 </tr> 1729 </tbody></table> 1730 1731 <p>* <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> Nexus </p> 1732 1733 <h3 id="id-in-kernel-uvc-driver"> UVC </h3> 1734 1735 <p> UVC </p> 1736 1737 <table> 1738 <colgroup><col width="19%" /> 1739 <col width="20%" /> 1740 <col width="10%" /> 1741 <col width="23%" /> 1742 <col width="17%" /> 1743 </colgroup><tbody><tr> 1744 <th>CVE</th> 1745 <th></th> 1746 <th></th> 1747 <th> Google </th> 1748 <th></th> 1749 </tr> 1750 <tr> 1751 <td>CVE-2017-0627</td> 1752 <td>A-33300353*<br /> 1753 </td> 1754 <td></td> 1755 <td>Nexus 5XNexus 6PNexus 9Pixel CNexus Player</td> 1756 <td>2016 12 2 </td> 1757 </tr> 1758 </tbody></table> 1759 1760 <p>* <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> Nexus </p> 1761 1762 <h3 id="id-in-qualcomm-video-driver">Qualcomm </h3> 1763 1764 <p>Qualcomm </p> 1765 1766 <table> 1767 <colgroup><col width="19%" /> 1768 <col width="20%" /> 1769 <col width="10%" /> 1770 <col width="23%" /> 1771 <col width="17%" /> 1772 </colgroup><tbody><tr> 1773 <th>CVE</th> 1774 <th></th> 1775 <th></th> 1776 <th> Google </th> 1777 <th></th> 1778 </tr> 1779 <tr> 1780 <td>CVE-2016-10293</td> 1781 <td>A-33352393<br /> 1782 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=2469d5374745a2228f774adbca6fb95a79b9047f">QC-CR#1101943</a></td> 1783 <td></td> 1784 <td>Nexus 5XNexus 6PAndroid One</td> 1785 <td>2016 12 4 </td> 1786 </tr> 1787 </tbody></table> 1788 1789 <h3 id="id-in-qualcomm-power-driver-(device-specific)">Qualcomm </h3> 1790 1791 <p>Qualcomm </p> 1792 1793 <table> 1794 <colgroup><col width="19%" /> 1795 <col width="20%" /> 1796 <col width="10%" /> 1797 <col width="23%" /> 1798 <col width="17%" /> 1799 </colgroup><tbody><tr> 1800 <th>CVE</th> 1801 <th></th> 1802 <th></th> 1803 <th> Google </th> 1804 <th></th> 1805 </tr> 1806 <tr> 1807 <td>CVE-2016-10294</td> 1808 <td>A-33621829<br /> 1809 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=9e9bc51ffb8a298f0be5befe346762cdb6e1d49c">QC-CR#1105481</a></td> 1810 <td></td> 1811 <td>Nexus 5XNexus 6PPixelPixel XL</td> 1812 <td>2016 12 14 </td> 1813 </tr> 1814 </tbody></table> 1815 1816 <h3 id="id-in-qualcomm-led-driver">Qualcomm LED </h3> 1817 1818 <p>Qualcomm LED </p> 1819 1820 <table> 1821 <colgroup><col width="19%" /> 1822 <col width="20%" /> 1823 <col width="10%" /> 1824 <col width="23%" /> 1825 <col width="17%" /> 1826 </colgroup><tbody><tr> 1827 <th>CVE</th> 1828 <th></th> 1829 <th></th> 1830 <th> Google </th> 1831 <th></th> 1832 </tr> 1833 <tr> 1834 <td>CVE-2016-10295</td> 1835 <td>A-33781694<br /> 1836 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=f11ae3df500bc2a093ddffee6ea40da859de0fa9">QC-CR#1109326</a></td> 1837 <td></td> 1838 <td>PixelPixel XL</td> 1839 <td>2016 12 20 </td> 1840 </tr> 1841 </tbody></table> 1842 1843 <h3 id="id-in-qualcomm-shared-memory-driver">Qualcomm </h3> 1844 1845 <p>Qualcomm </p> 1846 1847 <table> 1848 <colgroup><col width="19%" /> 1849 <col width="20%" /> 1850 <col width="10%" /> 1851 <col width="23%" /> 1852 <col width="17%" /> 1853 </colgroup><tbody><tr> 1854 <th>CVE</th> 1855 <th></th> 1856 <th></th> 1857 <th> Google </th> 1858 <th></th> 1859 </tr> 1860 <tr> 1861 <td>CVE-2016-10296</td> 1862 <td>A-33845464<br /> 1863 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=a5e46d8635a2e28463b365aacdeab6750abd0d49">QC-CR#1109782</a></td> 1864 <td></td> 1865 <td>Nexus 5XNexus 6PPixelPixel XLAndroid One</td> 1866 <td>2016 12 22 </td> 1867 </tr> 1868 </tbody></table> 1869 1870 <h3 id="id-in-qualcomm-camera-driver">Qualcomm </h3> 1871 1872 <p>Qualcomm </p> 1873 1874 <table> 1875 <colgroup><col width="19%" /> 1876 <col width="20%" /> 1877 <col width="10%" /> 1878 <col width="23%" /> 1879 <col width="17%" /> 1880 </colgroup><tbody><tr> 1881 <th>CVE</th> 1882 <th></th> 1883 <th></th> 1884 <th> Google </th> 1885 <th></th> 1886 </tr> 1887 <tr> 1888 <td>CVE-2017-0628</td> 1889 <td>A-34230377<br /> 1890 <a href="https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=012e37bf91490c5b59ba2ab68a4d214b632b613f">QC-CR#1086833</a></td> 1891 <td></td> 1892 <td>Nexus 5XNexus 6PixelPixel XL</td> 1893 <td>2017 1 10 </td> 1894 </tr> 1895 <tr> 1896 <td>CVE-2017-0629</td> 1897 <td>A-35214296<br /> 1898 <a href="https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=012e37bf91490c5b59ba2ab68a4d214b632b613f">QC-CR#1086833</a></td> 1899 <td></td> 1900 <td>Nexus 5XNexus 6PixelPixel XL</td> 1901 <td>2017 2 8 </td> 1902 </tr> 1903 </tbody></table> 1904 1905 <h3 id="id-in-kernel-trace-subsystem"></h3> 1906 1907 <p></p> 1908 1909 <table> 1910 <colgroup><col width="19%" /> 1911 <col width="20%" /> 1912 <col width="10%" /> 1913 <col width="23%" /> 1914 <col width="17%" /> 1915 </colgroup><tbody><tr> 1916 <th>CVE</th> 1917 <th></th> 1918 <th></th> 1919 <th> Google </th> 1920 <th></th> 1921 </tr> 1922 <tr> 1923 <td>CVE-2017-0630</td> 1924 <td>A-34277115*<br /> 1925 </td> 1926 <td></td> 1927 <td>Nexus 5XNexus 6Nexus 6PNexus 9PixelPixel XLPixel CAndroid OneNexus Player</td> 1928 <td>2017 1 11 </td> 1929 </tr> 1930 </tbody></table> 1931 1932 <p>* <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> Nexus </p> 1933 1934 <h3 id="id-in-qualcomm-sound-codec-driver">Qualcomm </h3> 1935 1936 <p>Qualcomm </p> 1937 1938 <table> 1939 <colgroup><col width="19%" /> 1940 <col width="20%" /> 1941 <col width="10%" /> 1942 <col width="23%" /> 1943 <col width="17%" /> 1944 </colgroup><tbody><tr> 1945 <th>CVE</th> 1946 <th></th> 1947 <th></th> 1948 <th> Google </th> 1949 <th></th> 1950 </tr> 1951 <tr> 1952 <td>CVE-2016-5858</td> 1953 <td>A-35400153<br /> 1954 <a href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=3154eb1d263b9c3eab2c9fa8ebe498390bf5d711">QC-CR#1096799</a> <a href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=afc5bea71bc8f251dad1104568383019f4923af6">[2]</a></td> 1955 <td></td> 1956 <td>Nexus 5XNexus 6Nexus 6PPixelPixel XLAndroid One</td> 1957 <td>2017 2 15 </td> 1958 </tr> 1959 </tbody></table> 1960 1961 <h3 id="id-in-qualcomm-camera-driver-2">Qualcomm </h3> 1962 1963 <p>Qualcomm </p> 1964 1965 <table> 1966 <colgroup><col width="19%" /> 1967 <col width="20%" /> 1968 <col width="10%" /> 1969 <col width="23%" /> 1970 <col width="17%" /> 1971 </colgroup><tbody><tr> 1972 <th>CVE</th> 1973 <th></th> 1974 <th></th> 1975 <th> Google </th> 1976 <th></th> 1977 </tr> 1978 <tr> 1979 <td>CVE-2017-0631</td> 1980 <td>A-35399756<br /> 1981 <a href="https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=8236d6ebc7e26361ca7078cbeba01509f10941d8">QC-CR#1093232</a></td> 1982 <td></td> 1983 <td>Nexus 5XNexus 6PPixelPixel XLAndroid One</td> 1984 <td>2017 2 15 </td> 1985 </tr> 1986 </tbody></table> 1987 1988 <h3 id="id-in-qualcomm-sound-driver">Qualcomm </h3> 1989 1990 <p>Qualcomm </p> 1991 1992 <table> 1993 <colgroup><col width="19%" /> 1994 <col width="20%" /> 1995 <col width="10%" /> 1996 <col width="23%" /> 1997 <col width="17%" /> 1998 </colgroup><tbody><tr> 1999 <th>CVE</th> 2000 <th></th> 2001 <th></th> 2002 <th> Google </th> 2003 <th></th> 2004 </tr> 2005 <tr> 2006 <td>CVE-2016-5347</td> 2007 <td>A-35394329<br /> 2008 <a href="https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=f14390f13e62460fc6b05fc0acde0e825374fdb6">QC-CR#1100878</a></td> 2009 <td></td> 2010 <td>Nexus 5XNexus 6Nexus 6PPixelPixel XLAndroid One</td> 2011 <td>2017 2 15 </td> 2012 </tr> 2013 </tbody></table> 2014 2015 <h3 id="id-in-qualcomm-spcom-driver">Qualcomm SPCom </h3> 2016 2017 <p>Qualcomm SPCom </p> 2018 2019 <table> 2020 <colgroup><col width="19%" /> 2021 <col width="20%" /> 2022 <col width="10%" /> 2023 <col width="23%" /> 2024 <col width="17%" /> 2025 </colgroup><tbody><tr> 2026 <th>CVE</th> 2027 <th></th> 2028 <th></th> 2029 <th> Google </th> 2030 <th></th> 2031 </tr> 2032 <tr> 2033 <td>CVE-2016-5854</td> 2034 <td>A-35392792<br /> 2035 <a href="https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=28d23d4d7999f683b27b6e0c489635265b67a4c9">QC-CR#1092683</a></td> 2036 <td></td> 2037 <td>*</td> 2038 <td>2017 2 15 </td> 2039 </tr> 2040 <tr> 2041 <td>CVE-2016-5855</td> 2042 <td>A-35393081<br /> 2043 <a href="https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=a5edb54e93ba85719091fe2bc426d75fa7059834">QC-CR#1094143</a></td> 2044 <td></td> 2045 <td>*</td> 2046 <td>2017 2 15 </td> 2047 </tr> 2048 </tbody></table> 2049 2050 <p>* Android 7.1.1 Google </p> 2051 2052 <h3 id="id-in-qualcomm-sound-codec-driver-2">Qualcomm </h3> 2053 2054 <p>Qualcomm </p> 2055 2056 <table> 2057 <colgroup><col width="19%" /> 2058 <col width="20%" /> 2059 <col width="10%" /> 2060 <col width="23%" /> 2061 <col width="17%" /> 2062 </colgroup><tbody><tr> 2063 <th>CVE</th> 2064 <th></th> 2065 <th></th> 2066 <th> Google </th> 2067 <th></th> 2068 </tr> 2069 <tr> 2070 <td>CVE-2017-0632</td> 2071 <td>A-35392586<br /> 2072 <a href="https://source.codeaurora.org/quic/la//kernel/msm-3.10/commit/?id=970d6933e53c1f7ca8c8b67f49147b18505c3b8f">QC-CR#832915</a></td> 2073 <td></td> 2074 <td>Android One</td> 2075 <td>2017 2 15 </td> 2076 </tr> 2077 </tbody></table> 2078 2079 <h3 id="id-in-broadcom-wi-fi-driver">Broadcom WLAN </h3> 2080 2081 <p>Broadcom WLAN </p> 2082 2083 <table> 2084 <colgroup><col width="19%" /> 2085 <col width="20%" /> 2086 <col width="10%" /> 2087 <col width="23%" /> 2088 <col width="17%" /> 2089 </colgroup><tbody><tr> 2090 <th>CVE</th> 2091 <th></th> 2092 <th></th> 2093 <th> Google </th> 2094 <th></th> 2095 </tr> 2096 <tr> 2097 <td>CVE-2017-0633</td> 2098 <td>A-36000515*<br />B-RB#117131</td> 2099 <td></td> 2100 <td>Nexus 6Nexus 6PNexus 9Pixel CNexus Player</td> 2101 <td>2017 2 23 </td> 2102 </tr> 2103 </tbody></table> 2104 2105 <p>* <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> Nexus </p> 2106 2107 <h3 id="id-in-synaptics-touchscreen-driver">Synaptics </h3> 2108 2109 <p>Synaptics </p> 2110 2111 <table> 2112 <colgroup><col width="19%" /> 2113 <col width="20%" /> 2114 <col width="10%" /> 2115 <col width="23%" /> 2116 <col width="17%" /> 2117 </colgroup><tbody><tr> 2118 <th>CVE</th> 2119 <th></th> 2120 <th></th> 2121 <th> Google </th> 2122 <th></th> 2123 </tr> 2124 <tr> 2125 <td>CVE-2017-0634</td> 2126 <td>A-32511682*<br /> 2127 </td> 2128 <td></td> 2129 <td>PixelPixel XL</td> 2130 <td>Google </td> 2131 </tr> 2132 </tbody></table> 2133 2134 <p>* <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> Nexus </p> 2135 2136 <h3 id="vulnerabilities-in-qualcomm-components-2">Qualcomm </h3> 2137 2138 <p> Qualcomm 2014-2016 Qualcomm AMSS Android Android </p> 2139 2140 <table> 2141 <colgroup><col width="19%" /> 2142 <col width="20%" /> 2143 <col width="10%" /> 2144 <col width="23%" /> 2145 <col width="17%" /> 2146 </colgroup><tbody><tr> 2147 <th>CVE</th> 2148 <th></th> 2149 <th></th> 2150 <th> Google </th> 2151 <th></th> 2152 </tr> 2153 <tr> 2154 <td>CVE-2014-9923</td> 2155 <td>A-35434045**<br />QC-CR#403910</td> 2156 <td></td> 2157 <td>***</td> 2158 <td>Qualcomm </td> 2159 </tr> 2160 <tr> 2161 <td>CVE-2014-9924</td> 2162 <td>A-35434631**<br />QC-CR#596102</td> 2163 <td></td> 2164 <td>***</td> 2165 <td>Qualcomm </td> 2166 </tr> 2167 <tr> 2168 <td>CVE-2014-9925</td> 2169 <td>A-35444657**<br />QC-CR#638130</td> 2170 <td></td> 2171 <td>***</td> 2172 <td>Qualcomm </td> 2173 </tr> 2174 <tr> 2175 <td>CVE-2014-9926</td> 2176 <td>A-35433784**<br />QC-CR#631527</td> 2177 <td></td> 2178 <td>***</td> 2179 <td>Qualcomm </td> 2180 </tr> 2181 <tr> 2182 <td>CVE-2014-9927</td> 2183 <td>A-35433785**<br />QC-CR#661111</td> 2184 <td></td> 2185 <td>***</td> 2186 <td>Qualcomm </td> 2187 </tr> 2188 <tr> 2189 <td>CVE-2014-9928</td> 2190 <td>A-35438623**<br />QC-CR#696972</td> 2191 <td></td> 2192 <td>***</td> 2193 <td>Qualcomm </td> 2194 </tr> 2195 <tr> 2196 <td>CVE-2014-9929</td> 2197 <td>A-35443954**<br />QC-CR#644783</td> 2198 <td></td> 2199 <td>***</td> 2200 <td>Qualcomm </td> 2201 </tr> 2202 <tr> 2203 <td>CVE-2014-9930</td> 2204 <td>A-35432946**<br />QC-CR#634637</td> 2205 <td></td> 2206 <td>***</td> 2207 <td>Qualcomm </td> 2208 </tr> 2209 <tr> 2210 <td>CVE-2015-9005</td> 2211 <td>A-36393500**<br />QC-CR#741548</td> 2212 <td></td> 2213 <td>***</td> 2214 <td>Qualcomm </td> 2215 </tr> 2216 <tr> 2217 <td>CVE-2015-9006</td> 2218 <td>A-36393450**<br />QC-CR#750559</td> 2219 <td></td> 2220 <td>***</td> 2221 <td>Qualcomm </td> 2222 </tr> 2223 <tr> 2224 <td>CVE-2015-9007</td> 2225 <td>A-36393700**<br />QC-CR#807173</td> 2226 <td></td> 2227 <td>***</td> 2228 <td>Qualcomm </td> 2229 </tr> 2230 <tr> 2231 <td>CVE-2016-10297</td> 2232 <td>A-36393451**<br />QC-CR#1061123</td> 2233 <td></td> 2234 <td>***</td> 2235 <td>Qualcomm </td> 2236 </tr> 2237 <tr> 2238 <td>CVE-2014-9941</td> 2239 <td>A-36385125**<br />QC-CR#509915</td> 2240 <td></td> 2241 <td>***</td> 2242 <td>Qualcomm </td> 2243 </tr> 2244 <tr> 2245 <td>CVE-2014-9942</td> 2246 <td>A-36385319**<br />QC-CR#533283</td> 2247 <td></td> 2248 <td>***</td> 2249 <td>Qualcomm </td> 2250 </tr> 2251 <tr> 2252 <td>CVE-2014-9943</td> 2253 <td>A-36385219**<br />QC-CR#546527</td> 2254 <td></td> 2255 <td>***</td> 2256 <td>Qualcomm </td> 2257 </tr> 2258 <tr> 2259 <td>CVE-2014-9944</td> 2260 <td>A-36384534**<br />QC-CR#613175</td> 2261 <td></td> 2262 <td>***</td> 2263 <td>Qualcomm </td> 2264 </tr> 2265 <tr> 2266 <td>CVE-2014-9945</td> 2267 <td>A-36386912**<br />QC-CR#623452</td> 2268 <td></td> 2269 <td>***</td> 2270 <td>Qualcomm </td> 2271 </tr> 2272 <tr> 2273 <td>CVE-2014-9946</td> 2274 <td>A-36385281**<br />QC-CR#520149</td> 2275 <td></td> 2276 <td>***</td> 2277 <td>Qualcomm </td> 2278 </tr> 2279 <tr> 2280 <td>CVE-2014-9947</td> 2281 <td>A-36392400**<br />QC-CR#650540</td> 2282 <td></td> 2283 <td>***</td> 2284 <td>Qualcomm </td> 2285 </tr> 2286 <tr> 2287 <td>CVE-2014-9948</td> 2288 <td>A-36385126**<br />QC-CR#650500</td> 2289 <td></td> 2290 <td>***</td> 2291 <td>Qualcomm </td> 2292 </tr> 2293 <tr> 2294 <td>CVE-2014-9949</td> 2295 <td>A-36390608**<br />QC-CR#652426</td> 2296 <td></td> 2297 <td>***</td> 2298 <td>Qualcomm </td> 2299 </tr> 2300 <tr> 2301 <td>CVE-2014-9950</td> 2302 <td>A-36385321**<br />QC-CR#655530</td> 2303 <td></td> 2304 <td>***</td> 2305 <td>Qualcomm </td> 2306 </tr> 2307 <tr> 2308 <td>CVE-2014-9951</td> 2309 <td>A-36389161**<br />QC-CR#525043</td> 2310 <td></td> 2311 <td>***</td> 2312 <td>Qualcomm </td> 2313 </tr> 2314 <tr> 2315 <td>CVE-2014-9952</td> 2316 <td>A-36387019**<br />QC-CR#674836</td> 2317 <td></td> 2318 <td>***</td> 2319 <td>Qualcomm </td> 2320 </tr> 2321 </tbody></table> 2322 2323 <p>* </p> 2324 2325 <p>* <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> Nexus </p> 2326 2327 <p>*** Android 7.1.1 Google </p> 2328 2329 <h2 id="common-questions-and-answers"></h2> 2330 <p></p> 2331 2332 <p><strong>1. 2333 </strong></p> 2334 2335 <p> <a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">Pixel Nexus </a></p> 2336 2337 <ul> 2338 <li>2017-05-01 2017-05-01 </li> 2339 <li>2017-05-05 2017-05-05 2340 </li> 2341 </ul> 2342 2343 <p></p> 2344 <ul> 2345 <li>[ro.build.version.security_patch]:[2017-05-01]</li> 2346 <li>[ro.build.version.security_patch]:[2017-05-05]</li> 2347 </ul> 2348 2349 <p><strong>2. 2 </strong></p> 2350 2351 <p> 2 Android Android Android </p> 2352 <ul> 2353 <li> 2017 5 1 </li> 2354 <li> 2017 5 5 </li> 2355 </ul> 2356 2357 <p></p> 2358 2359 <p><strong>3. Google </strong></p> 2360 2361 <p> <a href="#2017-05-01-details">2017-05-01</a> <a href="#2017-05-05-details">2017-05-05</a> Google Google <em></em></p> 2362 <ul> 2363 <li><strong> Google </strong> Nexus Pixel Google <em></em><a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices"></a>Nexus 5XNexus 6Nexus 6PNexus 9Android OneNexus PlayerPixel CPixel Pixel XL</li> 2364 <li><strong> Google </strong> Google Google Google <em></em></li> 2365 <li><strong> Google </strong> Android 7.0 Google Google <em></em></li> 2366 </ul> 2367 <p><strong>4.</strong></p> 2368 2369 <p><em></em></p> 2370 2371 <table> 2372 <tbody><tr> 2373 <th></th> 2374 <th></th> 2375 </tr> 2376 <tr> 2377 <td>A-</td> 2378 <td>Android Bug ID</td> 2379 </tr> 2380 <tr> 2381 <td>QC-</td> 2382 <td>Qualcomm </td> 2383 </tr> 2384 <tr> 2385 <td>M-</td> 2386 <td>MediaTek </td> 2387 </tr> 2388 <tr> 2389 <td>N-</td> 2390 <td>NVIDIA </td> 2391 </tr> 2392 <tr> 2393 <td>B-</td> 2394 <td>Broadcom </td> 2395 </tr> 2396 </tbody></table> 2397 <h2 id="revisions"></h2> 2398 <ul> 2399 <li>2017 5 1 </li> 2400 <li>2017 5 2 AOSP </li> 2401 </ul> 2402 2403 </body></html>