1 <html devsite><head> 2 <title>Android - 2017 6 </title> 3 <meta name="project_path" value="/_project.yaml"/> 4 <meta name="book_path" value="/_book.yaml"/> 5 </head> 6 <body> 7 <!-- 8 Copyright 2017 The Android Open Source Project 9 10 Licensed under the Apache License, Version 2.0 (the "License"); 11 you may not use this file except in compliance with the License. 12 You may obtain a copy of the License at 13 14 http://www.apache.org/licenses/LICENSE-2.0 15 16 Unless required by applicable law or agreed to in writing, software 17 distributed under the License is distributed on an "AS IS" BASIS, 18 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 19 See the License for the specific language governing permissions and 20 limitations under the License. 21 --> 22 <p><em>2017 6 5 | 2017 6 7 </em></p> 23 24 <p>Android Android 2017 6 5 <a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">Pixel Nexus </a></p> 25 26 <p> Android (AOSP) AOSP </p> 27 28 <p><a href="/security/overview/updates-resources.html#severity"></a></p> 29 30 <p> <a href="/security/enhancements/index.html">Android 31 </a> <a href="https://www.android.com/play-protect">Google Play </a> Android <a href="#mitigations">Android Google Play </a></p> 32 33 <p></p> 34 35 <p class="note"><strong></strong><a href="#google-device-updates">Google </a> Google (OTA) </p> 36 37 <h2 id="announcements"></h2> 38 <ul> 39 <li> Google <a href="#google-device-updates"></a></li> 40 <li> Android Android <a href="#common-questions-and-answers"></a><ul> 41 <li><strong>2017-06-01</strong> 2017-06-01 () </li> 42 <li><strong>2017-06-05</strong> 2017-06-01 2017-06-05 () </li> 43 </ul> 44 </li> 45 </ul> 46 47 <h2 id="mitigations">Android Google Play </h2> 48 <p> <a href="/security/enhancements/index.html">Android </a> <a href="https://www.android.com/play-protect">Google Play </a> Android </p> 49 <ul> 50 <li>Android Android Android</li> 51 <li>Android <a href="https://www.android.com/play-protect">Google Play </a><a href="/security/reports/Google_Android_Security_PHA_classifications.pdf"></a>Google Play <a href="http://www.android.com/gms">Google </a> Google Play </li> 52 </ul> 53 54 <h2 id="2017-06-01-details">2017-06-01 - </h2> 55 <p> 2017-06-01 <a href="#vulnerability-type"></a><a href="/security/overview/updates-resources.html#severity"></a> AOSP () ID ( AOSP ) ID </p> 56 57 <h3 id="bluetooth"></h3> 58 <p></p> 59 60 <table> 61 <colgroup><col width="17%" /> 62 <col width="19%" /> 63 <col width="9%" /> 64 <col width="14%" /> 65 <col width="39%" /> 66 </colgroup><tbody><tr> 67 <th>CVE</th> 68 <th></th> 69 <th></th> 70 <th></th> 71 <th> AOSP </th> 72 </tr> 73 <tr> 74 <td>CVE-2017-0639</td> 75 <td><a href="https://android.googlesource.com/platform/packages/apps/Bluetooth/+/f196061addcc56878078e5684f2029ddbf7055ff">A-35310991</a></td> 76 <td>ID</td> 77 <td></td> 78 <td>4.4.45.0.25.1.16.06.0.17.07.1.17.1.2</td> 79 </tr> 80 <tr> 81 <td>CVE-2017-0645</td> 82 <td><a href="https://android.googlesource.com/platform/packages/apps/Bluetooth/+/14b7d7e1537af60b7bca6c7b9e55df0dc7c6bf41">A-35385327</a></td> 83 <td>EoP</td> 84 <td></td> 85 <td>6.0.17.07.1.17.1.2</td> 86 </tr> 87 <tr> 88 <td>CVE-2017-0646</td> 89 <td><a href="https://android.googlesource.com/platform/system/bt/+/2bcdf8ec7db12c5651c004601901f1fc25153f2c">A-33899337</a></td> 90 <td>ID</td> 91 <td></td> 92 <td>4.4.45.0.25.1.16.06.0.17.07.1.17.1.2</td> 93 </tr> 94 </tbody></table> 95 <h3 id="libraries"></h3> 96 <p></p> 97 98 <table> 99 <colgroup><col width="17%" /> 100 <col width="19%" /> 101 <col width="9%" /> 102 <col width="14%" /> 103 <col width="39%" /> 104 </colgroup><tbody><tr> 105 <th>CVE</th> 106 <th></th> 107 <th></th> 108 <th></th> 109 <th> AOSP </th> 110 </tr> 111 <tr> 112 <td>CVE-2015-8871</td> 113 <td>A-35443562<a href="#asterisk">*</a></td> 114 <td>RCE</td> 115 <td></td> 116 <td>5.0.25.1.16.06.0.1</td> 117 </tr> 118 <tr> 119 <td>CVE-2016-8332</td> 120 <td>A-37761553<a href="#asterisk">*</a></td> 121 <td>RCE</td> 122 <td></td> 123 <td>5.0.25.1.16.06.0.1</td> 124 </tr> 125 <tr> 126 <td>CVE-2016-5131</td> 127 <td><a href="https://android.googlesource.com/platform/external/libxml2/+/0eff71008becb7f2c2b4509708da4b79985948bb">A-36554209</a></td> 128 <td>RCE</td> 129 <td></td> 130 <td>4.4.45.0.25.1.16.06.0.17.07.1.17.1.2</td> 131 </tr> 132 <tr> 133 <td>CVE-2016-4658</td> 134 <td><a href="https://android.googlesource.com/platform/external/libxml2/+/8ea80f29ea5fdf383ee3ae59ce35e55421a339f8">A-36554207</a></td> 135 <td>RCE</td> 136 <td></td> 137 <td>4.4.45.0.25.1.16.06.0.17.07.1.17.1.2</td> 138 </tr> 139 <tr> 140 <td>CVE-2017-0663</td> 141 <td><a href="https://android.googlesource.com/platform/external/libxml2/+/521b88fbb6d18312923f0df653d045384b500ffc">A-37104170</a></td> 142 <td>RCE</td> 143 <td></td> 144 <td>4.4.45.0.25.1.16.06.0.17.07.1.17.1.2</td> 145 </tr> 146 <tr> 147 <td>CVE-2017-7376</td> 148 <td><a href="https://android.googlesource.com/platform/external/libxml2/+/51e0cb2e5ec18eaf6fb331bc573ff27b743898f4">A-36555370</a></td> 149 <td>RCE</td> 150 <td></td> 151 <td>4.4.45.0.25.1.16.06.0.17.07.1.17.1.2</td> 152 </tr> 153 <tr> 154 <td>CVE-2017-5056</td> 155 <td><a href="https://android.googlesource.com/platform/external/libxml2/+/3f571b1bb85cf56903f06bab3a820182115c5541">A-36809819</a></td> 156 <td>RCE</td> 157 <td></td> 158 <td>4.4.45.0.25.1.16.06.0.17.07.1.17.1.2</td> 159 </tr> 160 <tr> 161 <td>CVE-2017-7375</td> 162 <td><a href="https://android.googlesource.com/platform/external/libxml2/+/308396a55280f69ad4112d4f9892f4cbeff042aa">A-36556310</a></td> 163 <td>RCE</td> 164 <td></td> 165 <td>4.4.45.0.25.1.16.06.0.17.07.1.17.1.2</td> 166 </tr> 167 <tr> 168 <td>CVE-2017-0647</td> 169 <td><a href="https://android.googlesource.com/platform/system/core/+/3d6a43155c702bce0e7e2a93a67247b5ce3946a5">A-36392138</a></td> 170 <td>ID</td> 171 <td></td> 172 <td>5.0.25.1.16.06.0.17.07.1.17.1.2</td> 173 </tr> 174 <tr> 175 <td>CVE-2016-1839</td> 176 <td><a href="https://android.googlesource.com/platform/external/libxml2/+/ff20cd797822dba8569ee518c44e6864d6b4ebfa">A-36553781</a></td> 177 <td>DoS</td> 178 <td></td> 179 <td>4.4.45.0.25.1.16.06.0.17.07.1.17.1.2</td> 180 </tr> 181 </tbody></table> 182 <h3 id="media-framework"></h3> 183 <p></p> 184 185 <table> 186 <colgroup><col width="17%" /> 187 <col width="19%" /> 188 <col width="9%" /> 189 <col width="14%" /> 190 <col width="39%" /> 191 </colgroup><tbody><tr> 192 <th>CVE</th> 193 <th></th> 194 <th></th> 195 <th></th> 196 <th> AOSP </th> 197 </tr> 198 <tr> 199 <td>CVE-2017-0637</td> 200 <td><a href="https://android.googlesource.com/platform/external/libhevc/+/ebaa71da6362c497310377df509651974401d258">A-34064500</a></td> 201 <td>RCE</td> 202 <td></td> 203 <td>5.0.25.1.16.06.0.17.07.1.17.1.2</td> 204 </tr> 205 <tr> 206 <td>CVE-2017-0391</td> 207 <td><a href="https://android.googlesource.com/platform/external/libhevc/+/14bc1678a80af5be7401cf750ab762ae8c75cc5a">A-32322258</a></td> 208 <td>DoS</td> 209 <td></td> 210 <td>5.0.25.1.16.06.0.17.07.1.17.1.2</td> 211 </tr> 212 <tr> 213 <td>CVE-2017-0640</td> 214 <td>A-33129467<a href="#asterisk">*</a></td> 215 <td>DoS</td> 216 <td></td> 217 <td>6.06.0.17.07.1.1</td> 218 </tr> 219 <tr> 220 <td>CVE-2017-0641</td> 221 <td><a href="https://android.googlesource.com/platform/external/libvpx/+/698796fc930baecf5c3fdebef17e73d5d9a58bcb">A-34360591</a></td> 222 <td>DoS</td> 223 <td></td> 224 <td>4.4.45.0.25.1.16.06.0.17.07.1.17.1.2</td> 225 </tr> 226 <tr> 227 <td>CVE-2017-0642</td> 228 <td><a href="https://android.googlesource.com/platform/external/libhevc/+/913d9e8d93d6b81bb8eac3fc2c1426651f5b259d">A-34819017</a></td> 229 <td>DoS</td> 230 <td></td> 231 <td>5.0.25.1.16.06.0.17.07.1.17.1.2</td> 232 </tr> 233 <tr> 234 <td>CVE-2017-0643</td> 235 <td>A-35645051<a href="#asterisk">*</a></td> 236 <td>DoS</td> 237 <td></td> 238 <td>5.0.25.1.16.06.0.17.07.1.1</td> 239 </tr> 240 <tr> 241 <td>CVE-2017-0644</td> 242 <td>A-35472997<a href="#asterisk">*</a></td> 243 <td>DoS</td> 244 <td></td> 245 <td>4.4.45.0.25.1.16.06.0.1</td> 246 </tr> 247 </tbody></table> 248 <h3 id="system-ui"></h3> 249 <p></p> 250 251 <table> 252 <colgroup><col width="17%" /> 253 <col width="19%" /> 254 <col width="9%" /> 255 <col width="14%" /> 256 <col width="39%" /> 257 </colgroup><tbody><tr> 258 <th>CVE</th> 259 <th></th> 260 <th></th> 261 <th></th> 262 <th> AOSP </th> 263 </tr> 264 <tr> 265 <td>CVE-2017-0638</td> 266 <td><a href="https://android.googlesource.com/platform/external/libgdx/+/a98943dd4aece3024f023f00256607d50dcbcd1e">A-36368305</a></td> 267 <td>RCE</td> 268 <td></td> 269 <td>7.1.17.1.2</td> 270 </tr> 271 </tbody></table> 272 <h2 id="2017-06-05-details">2017-06-05 - </h2> 273 <p> 2017-06-05 CVE<a href="#vulnerability-type"></a><a href="/security/overview/updates-resources.html#severity"></a> () AOSP () ID ( AOSP ) ID </p> 274 275 <h3 id="kernel-components"></h3> 276 <p></p> 277 278 <table> 279 <colgroup><col width="17%" /> 280 <col width="19%" /> 281 <col width="9%" /> 282 <col width="14%" /> 283 <col width="39%" /> 284 </colgroup><tbody><tr> 285 <th>CVE</th> 286 <th></th> 287 <th></th> 288 <th></th> 289 <th></th> 290 </tr> 291 <tr> 292 <td>CVE-2017-0648</td> 293 <td>A-36101220<a href="#asterisk">*</a></td> 294 <td>EoP</td> 295 <td></td> 296 <td>FIQ </td> 297 </tr> 298 <tr> 299 <td>CVE-2017-0651</td> 300 <td>A-35644815<a href="#asterisk">*</a></td> 301 <td>ID</td> 302 <td></td> 303 <td>ION </td> 304 </tr> 305 </tbody></table> 306 <h3 id="libraries-05"></h3> 307 <p></p> 308 309 <table> 310 <colgroup><col width="17%" /> 311 <col width="19%" /> 312 <col width="9%" /> 313 <col width="14%" /> 314 <col width="39%" /> 315 </colgroup><tbody><tr> 316 <th>CVE</th> 317 <th></th> 318 <th></th> 319 <th></th> 320 <th> AOSP </th> 321 </tr> 322 <tr> 323 <td>CVE-2015-7995</td> 324 <td>A-36810065<a href="#asterisk">*</a></td> 325 <td>ID</td> 326 <td></td> 327 <td>4.4.4</td> 328 </tr> 329 </tbody></table> 330 <h3 id="mediatek-components">MediaTek </h3> 331 <p></p> 332 333 <table> 334 <colgroup><col width="17%" /> 335 <col width="19%" /> 336 <col width="9%" /> 337 <col width="14%" /> 338 <col width="39%" /> 339 </colgroup><tbody><tr> 340 <th>CVE</th> 341 <th></th> 342 <th></th> 343 <th></th> 344 <th></th> 345 </tr> 346 <tr> 347 <td>CVE-2017-0636</td> 348 <td>A-35310230<a href="#asterisk">*</a><br /> 349 M-ALPS03162263</td> 350 <td>EoP</td> 351 <td></td> 352 <td></td> 353 </tr> 354 <tr> 355 <td>CVE-2017-0649</td> 356 <td>A-34468195<a href="#asterisk">*</a><br /> 357 M-ALPS03162283</td> 358 <td>EoP</td> 359 <td></td> 360 <td></td> 361 </tr> 362 </tbody></table> 363 <h3 id="nvidia-components">NVIDIA </h3> 364 <p></p> 365 366 <table> 367 <colgroup><col width="17%" /> 368 <col width="19%" /> 369 <col width="9%" /> 370 <col width="14%" /> 371 <col width="39%" /> 372 </colgroup><tbody><tr> 373 <th>CVE</th> 374 <th></th> 375 <th></th> 376 <th></th> 377 <th></th> 378 </tr> 379 <tr> 380 <td>CVE-2017-6247</td> 381 <td>A-34386301<a href="#asterisk">*</a><br /> 382 N-CVE-2017-6247</td> 383 <td>EoP</td> 384 <td></td> 385 <td></td> 386 </tr> 387 <tr> 388 <td>CVE-2017-6248</td> 389 <td>A-34372667<a href="#asterisk">*</a><br /> 390 N-CVE-2017-6248</td> 391 <td>EoP</td> 392 <td></td> 393 <td></td> 394 </tr> 395 </tbody></table> 396 <h3 id="qualcomm-components">Qualcomm </h3> 397 <p></p> 398 399 <table> 400 <colgroup><col width="17%" /> 401 <col width="19%" /> 402 <col width="9%" /> 403 <col width="14%" /> 404 <col width="39%" /> 405 </colgroup><tbody><tr> 406 <th>CVE</th> 407 <th></th> 408 <th></th> 409 <th></th> 410 <th></th> 411 </tr> 412 <tr> 413 <td>CVE-2017-7371</td> 414 <td>A-36250786<br /> 415 <a href="https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=e02e63b8014f7a0a5ea17a5196fb4ef1283fd1fd">QC-CR#1101054</a></td> 416 <td>RCE</td> 417 <td></td> 418 <td></td> 419 </tr> 420 <tr> 421 <td>CVE-2017-7365</td> 422 <td>A-32449913<br /> 423 <a href="https://source.codeaurora.org/quic/la//kernel/lk/commit/?id=da49bf21d1c19a6293d33c985066dc0273c476db">QC-CR#1017009</a></td> 424 <td>EoP</td> 425 <td></td> 426 <td></td> 427 </tr> 428 <tr> 429 <td>CVE-2017-7366</td> 430 <td>A-36252171<br /> 431 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=f4c9ffd6cd7960265f38e285ac43cbecf2459e45">QC-CR#1036161</a> 432 [<a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=7c4d5736d32f91f0cafe6cd86d00e26389970b00">2</a>]</td> 433 <td>EoP</td> 434 <td></td> 435 <td>GPU </td> 436 </tr> 437 <tr> 438 <td>CVE-2017-7367</td> 439 <td>A-34514708<br /> 440 <a href="https://source.codeaurora.org/quic/la//kernel/lk/commit/?id=07174af1af48c60a41c7136f0c80ffdf4ccc0b57">QC-CR#1008421</a></td> 441 <td>DoS</td> 442 <td></td> 443 <td></td> 444 </tr> 445 <tr> 446 <td>CVE-2016-5861</td> 447 <td>A-36251375<br /> 448 <a href="https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=cf3c97b8b6165f13810e530068fbf94b07f1f77d">QC-CR#1103510</a></td> 449 <td>EoP</td> 450 <td></td> 451 <td></td> 452 </tr> 453 <tr> 454 <td>CVE-2016-5864</td> 455 <td>A-36251231<br /> 456 <a href="https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=cbc21ceb69cb7bca0643423a7ca982abce3ce50a">QC-CR#1105441</a></td> 457 <td>EoP</td> 458 <td></td> 459 <td></td> 460 </tr> 461 <tr> 462 <td>CVE-2017-6421</td> 463 <td>A-36251986<br /> 464 <a href="https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=be42c7ff1f0396484882451fd18f47144c8f1b6b">QC-CR#1110563</a></td> 465 <td>EoP</td> 466 <td></td> 467 <td>MStar </td> 468 </tr> 469 <tr> 470 <td>CVE-2017-7364</td> 471 <td>A-36252179<br /> 472 <a href="https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=3ce6c47d2142fcd2c4c1181afe08630aaae5a267">QC-CR#1113926</a></td> 473 <td>EoP</td> 474 <td></td> 475 <td></td> 476 </tr> 477 <tr> 478 <td>CVE-2017-7368</td> 479 <td>A-33452365<br /> 480 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=143ef972be1621458930ea3fc1def5ebce7b0c5d">QC-CR#1103085</a></td> 481 <td>EoP</td> 482 <td></td> 483 <td></td> 484 </tr> 485 <tr> 486 <td>CVE-2017-7369</td> 487 <td>A-33751424<br /> 488 <a href="https://source.codeaurora.org/quic/la//kernel/msm-3.10/commit/?id=75ed08a822cf378ffed0d2f177d06555bd77a006">QC-CR#2009216</a> 489 [<a href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=ae8f1d5f60644983aba7fbab469d0e542a187c6e">2</a>]</td> 490 <td>EoP</td> 491 <td></td> 492 <td></td> 493 </tr> 494 <tr> 495 <td>CVE-2017-7370</td> 496 <td>A-34328139<br /> 497 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=970edf007fbe64b094437541a42477d653802d85">QC-CR#2006159</a></td> 498 <td>EoP</td> 499 <td></td> 500 <td></td> 501 </tr> 502 <tr> 503 <td>CVE-2017-7372</td> 504 <td>A-36251497<br /> 505 <a href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=1806be003731d6d4be55e5b940d14ab772839e13">QC-CR#1110068</a></td> 506 <td>EoP</td> 507 <td></td> 508 <td></td> 509 </tr> 510 <tr> 511 <td>CVE-2017-7373</td> 512 <td>A-36251984<br /> 513 <a href="https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=e5eb0d3aa6fe62ee437a2269a1802b1a72f61b75">QC-CR#1090244</a></td> 514 <td>EoP</td> 515 <td></td> 516 <td></td> 517 </tr> 518 <tr> 519 <td>CVE-2017-8233</td> 520 <td>A-34621613<br /> 521 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=64b7bc25e019dd07e8042e0a6ec6dc6a1dd0c385">QC-CR#2004036</a></td> 522 <td>EoP</td> 523 <td></td> 524 <td></td> 525 </tr> 526 <tr> 527 <td>CVE-2017-8234</td> 528 <td>A-36252121<br /> 529 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=6266f954a52641f550ef71653ea83c80bdd083be">QC-CR#832920</a></td> 530 <td>EoP</td> 531 <td></td> 532 <td></td> 533 </tr> 534 <tr> 535 <td>CVE-2017-8235</td> 536 <td>A-36252376<br /> 537 <a href="https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=7e4424a1b5f6a6536066cca7aac2c3a23fd39f6f">QC-CR#1083323</a></td> 538 <td>EoP</td> 539 <td></td> 540 <td></td> 541 </tr> 542 <tr> 543 <td>CVE-2017-8236</td> 544 <td>A-35047217<br /> 545 <a href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=cf0d31bc3b04cf2db7737d36b11a5bf50af0c1db">QC-CR#2009606</a></td> 546 <td>EoP</td> 547 <td></td> 548 <td>IPA </td> 549 </tr> 550 <tr> 551 <td>CVE-2017-8237</td> 552 <td>A-36252377<br /> 553 <a href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=342d16ac6fb01e304ec75344c693257e00628ecf">QC-CR#1110522</a></td> 554 <td>EoP</td> 555 <td></td> 556 <td></td> 557 </tr> 558 <tr> 559 <td>CVE-2017-8242</td> 560 <td>A-34327981<br /> 561 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=6a3b8afdf97e77c0b64005b23fa6d32025d922e5">QC-CR#2009231</a></td> 562 <td>EoP</td> 563 <td></td> 564 <td>Secure Execution Environment Communicator </td> 565 </tr> 566 <tr> 567 <td>CVE-2017-8239</td> 568 <td>A-36251230<br /> 569 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=01db0e012f86b8ba6974e5cb9905261a552a0610">QC-CR#1091603</a></td> 570 <td>ID</td> 571 <td></td> 572 <td></td> 573 </tr> 574 <tr> 575 <td>CVE-2017-8240</td> 576 <td>A-36251985<br /> 577 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=22b8b6608174c1308208d5bc6c143f4998744547">QC-CR#856379</a></td> 578 <td>ID</td> 579 <td></td> 580 <td></td> 581 </tr> 582 <tr> 583 <td>CVE-2017-8241</td> 584 <td>A-34203184<br /> 585 <a href="https://source.codeaurora.org/quic/la//platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=90213394b7efb28fa511b2eaebc1343ae3b54724">QC-CR#1069175</a></td> 586 <td>ID</td> 587 <td></td> 588 <td>Wi-Fi </td> 589 </tr> 590 </tbody></table> 591 <h3 id="synaptics-components">Synaptics </h3> 592 <p></p> 593 594 <table> 595 <colgroup><col width="17%" /> 596 <col width="19%" /> 597 <col width="9%" /> 598 <col width="14%" /> 599 <col width="39%" /> 600 </colgroup><tbody><tr> 601 <th>CVE</th> 602 <th></th> 603 <th></th> 604 <th></th> 605 <th></th> 606 </tr> 607 <tr> 608 <td>CVE-2017-0650</td> 609 <td>A-35472278<a href="#asterisk">*</a></td> 610 <td>EoP</td> 611 <td></td> 612 <td></td> 613 </tr> 614 </tbody></table> 615 <h3 id="qualcomm-closed-source-components">Qualcomm </h3> 616 <p> Qualcomm 2014 2016 Qualcomm AMSS Android Android Qualcomm </p> 617 618 <table> 619 <colgroup><col width="17%" /> 620 <col width="19%" /> 621 <col width="9%" /> 622 <col width="14%" /> 623 <col width="39%" /> 624 </colgroup><tbody><tr> 625 <th>CVE</th> 626 <th></th> 627 <th></th> 628 <th></th> 629 <th></th> 630 </tr> 631 <tr> 632 <td>CVE-2014-9960</td> 633 <td>A-37280308<a href="#asterisk">*</a><br /> 634 QC-CR#381837</td> 635 <td></td> 636 <td></td> 637 <td></td> 638 </tr> 639 <tr> 640 <td>CVE-2014-9961</td> 641 <td>A-37279724<a href="#asterisk">*</a><br /> 642 QC-CR#581093</td> 643 <td></td> 644 <td></td> 645 <td></td> 646 </tr> 647 <tr> 648 <td>CVE-2014-9953</td> 649 <td>A-36714770<a href="#asterisk">*</a><br /> 650 QC-CR#642173</td> 651 <td></td> 652 <td></td> 653 <td></td> 654 </tr> 655 <tr> 656 <td>CVE-2014-9967</td> 657 <td>A-37281466<a href="#asterisk">*</a><br /> 658 QC-CR#739110</td> 659 <td></td> 660 <td></td> 661 <td></td> 662 </tr> 663 <tr> 664 <td>CVE-2015-9026</td> 665 <td>A-37277231<a href="#asterisk">*</a><br /> 666 QC-CR#748397</td> 667 <td></td> 668 <td></td> 669 <td></td> 670 </tr> 671 <tr> 672 <td>CVE-2015-9027</td> 673 <td>A-37279124<a href="#asterisk">*</a><br /> 674 QC-CR#748407</td> 675 <td></td> 676 <td></td> 677 <td></td> 678 </tr> 679 <tr> 680 <td>CVE-2015-9008</td> 681 <td>A-36384689<a href="#asterisk">*</a><br /> 682 QC-CR#762111</td> 683 <td></td> 684 <td></td> 685 <td></td> 686 </tr> 687 <tr> 688 <td>CVE-2015-9009</td> 689 <td>A-36393600<a href="#asterisk">*</a><br /> 690 QC-CR#762182</td> 691 <td></td> 692 <td></td> 693 <td></td> 694 </tr> 695 <tr> 696 <td>CVE-2015-9010</td> 697 <td>A-36393101<a href="#asterisk">*</a><br /> 698 QC-CR#758752</td> 699 <td></td> 700 <td></td> 701 <td></td> 702 </tr> 703 <tr> 704 <td>CVE-2015-9011</td> 705 <td>A-36714882<a href="#asterisk">*</a><br /> 706 QC-CR#762167</td> 707 <td></td> 708 <td></td> 709 <td></td> 710 </tr> 711 <tr> 712 <td>CVE-2015-9024</td> 713 <td>A-37265657<a href="#asterisk">*</a><br /> 714 QC-CR#740680</td> 715 <td></td> 716 <td></td> 717 <td></td> 718 </tr> 719 <tr> 720 <td>CVE-2015-9012</td> 721 <td>A-36384691<a href="#asterisk">*</a><br /> 722 QC-CR#746617</td> 723 <td></td> 724 <td></td> 725 <td></td> 726 </tr> 727 <tr> 728 <td>CVE-2015-9013</td> 729 <td>A-36393251<a href="#asterisk">*</a><br /> 730 QC-CR#814373</td> 731 <td></td> 732 <td></td> 733 <td></td> 734 </tr> 735 <tr> 736 <td>CVE-2015-9014</td> 737 <td>A-36393750<a href="#asterisk">*</a><br /> 738 QC-CR#855220</td> 739 <td></td> 740 <td></td> 741 <td></td> 742 </tr> 743 <tr> 744 <td>CVE-2015-9015</td> 745 <td>A-36714120<a href="#asterisk">*</a><br /> 746 QC-CR#701858</td> 747 <td></td> 748 <td></td> 749 <td></td> 750 </tr> 751 <tr> 752 <td>CVE-2015-9029</td> 753 <td>A-37276981<a href="#asterisk">*</a><br /> 754 QC-CR#827837</td> 755 <td></td> 756 <td></td> 757 <td></td> 758 </tr> 759 <tr> 760 <td>CVE-2016-10338</td> 761 <td>A-37277738<a href="#asterisk">*</a><br /> 762 QC-CR#987699</td> 763 <td></td> 764 <td></td> 765 <td></td> 766 </tr> 767 <tr> 768 <td>CVE-2016-10336</td> 769 <td>A-37278436<a href="#asterisk">*</a><br /> 770 QC-CR#973605</td> 771 <td></td> 772 <td></td> 773 <td></td> 774 </tr> 775 <tr> 776 <td>CVE-2016-10333</td> 777 <td>A-37280574<a href="#asterisk">*</a><br /> 778 QC-CR#947438</td> 779 <td></td> 780 <td></td> 781 <td></td> 782 </tr> 783 <tr> 784 <td>CVE-2016-10341</td> 785 <td>A-37281667<a href="#asterisk">*</a><br /> 786 QC-CR#991476</td> 787 <td></td> 788 <td></td> 789 <td></td> 790 </tr> 791 <tr> 792 <td>CVE-2016-10335</td> 793 <td>A-37282802<a href="#asterisk">*</a><br /> 794 QC-CR#961142</td> 795 <td></td> 796 <td></td> 797 <td></td> 798 </tr> 799 <tr> 800 <td>CVE-2016-10340</td> 801 <td>A-37280614<a href="#asterisk">*</a><br /> 802 QC-CR#989028</td> 803 <td></td> 804 <td></td> 805 <td></td> 806 </tr> 807 <tr> 808 <td>CVE-2016-10334</td> 809 <td>A-37280664<a href="#asterisk">*</a><br /> 810 QC-CR#949933</td> 811 <td></td> 812 <td></td> 813 <td></td> 814 </tr> 815 <tr> 816 <td>CVE-2016-10339</td> 817 <td>A-37280575<a href="#asterisk">*</a><br /> 818 QC-CR#988502</td> 819 <td></td> 820 <td></td> 821 <td></td> 822 </tr> 823 <tr> 824 <td>CVE-2016-10298</td> 825 <td>A-36393252<a href="#asterisk">*</a><br /> 826 QC-CR#1020465</td> 827 <td></td> 828 <td></td> 829 <td></td> 830 </tr> 831 <tr> 832 <td>CVE-2016-10299</td> 833 <td>A-32577244<a href="#asterisk">*</a><br /> 834 QC-CR#1058511</td> 835 <td></td> 836 <td></td> 837 <td></td> 838 </tr> 839 <tr> 840 <td>CVE-2014-9954</td> 841 <td>A-36388559<a href="#asterisk">*</a><br /> 842 QC-CR#552880</td> 843 <td></td> 844 <td></td> 845 <td></td> 846 </tr> 847 <tr> 848 <td>CVE-2014-9955</td> 849 <td>A-36384686<a href="#asterisk">*</a><br /> 850 QC-CR#622701</td> 851 <td></td> 852 <td></td> 853 <td></td> 854 </tr> 855 <tr> 856 <td>CVE-2014-9956</td> 857 <td>A-36389611<a href="#asterisk">*</a><br /> 858 QC-CR#638127</td> 859 <td></td> 860 <td></td> 861 <td></td> 862 </tr> 863 <tr> 864 <td>CVE-2014-9957</td> 865 <td>A-36387564<a href="#asterisk">*</a><br /> 866 QC-CR#638984</td> 867 <td></td> 868 <td></td> 869 <td></td> 870 </tr> 871 <tr> 872 <td>CVE-2014-9958</td> 873 <td>A-36384774<a href="#asterisk">*</a><br /> 874 QC-CR#638135</td> 875 <td></td> 876 <td></td> 877 <td></td> 878 </tr> 879 <tr> 880 <td>CVE-2014-9962</td> 881 <td>A-37275888<a href="#asterisk">*</a><br /> 882 QC-CR#656267</td> 883 <td></td> 884 <td></td> 885 <td></td> 886 </tr> 887 <tr> 888 <td>CVE-2014-9963</td> 889 <td>A-37276741<a href="#asterisk">*</a><br /> 890 QC-CR#657771</td> 891 <td></td> 892 <td></td> 893 <td></td> 894 </tr> 895 <tr> 896 <td>CVE-2014-9959</td> 897 <td>A-36383694<a href="#asterisk">*</a><br /> 898 QC-CR#651900</td> 899 <td></td> 900 <td></td> 901 <td></td> 902 </tr> 903 <tr> 904 <td>CVE-2014-9964</td> 905 <td>A-37280321<a href="#asterisk">*</a><br /> 906 QC-CR#680778</td> 907 <td></td> 908 <td></td> 909 <td></td> 910 </tr> 911 <tr> 912 <td>CVE-2014-9965</td> 913 <td>A-37278233<a href="#asterisk">*</a><br /> 914 QC-CR#711585</td> 915 <td></td> 916 <td></td> 917 <td></td> 918 </tr> 919 <tr> 920 <td>CVE-2014-9966</td> 921 <td>A-37282854<a href="#asterisk">*</a><br /> 922 QC-CR#727398</td> 923 <td></td> 924 <td></td> 925 <td></td> 926 </tr> 927 <tr> 928 <td>CVE-2015-9023</td> 929 <td>A-37276138<a href="#asterisk">*</a><br /> 930 QC-CR#739802</td> 931 <td></td> 932 <td></td> 933 <td></td> 934 </tr> 935 <tr> 936 <td>CVE-2015-9020</td> 937 <td>A-37276742<a href="#asterisk">*</a><br /> 938 QC-CR#733455</td> 939 <td></td> 940 <td></td> 941 <td></td> 942 </tr> 943 <tr> 944 <td>CVE-2015-9021</td> 945 <td>A-37276743<a href="#asterisk">*</a><br /> 946 QC-CR#735148</td> 947 <td></td> 948 <td></td> 949 <td></td> 950 </tr> 951 <tr> 952 <td>CVE-2015-9025</td> 953 <td>A-37276744<a href="#asterisk">*</a><br /> 954 QC-CR#743985</td> 955 <td></td> 956 <td></td> 957 <td></td> 958 </tr> 959 <tr> 960 <td>CVE-2015-9022</td> 961 <td>A-37280226<a href="#asterisk">*</a><br /> 962 QC-CR#736146</td> 963 <td></td> 964 <td></td> 965 <td></td> 966 </tr> 967 <tr> 968 <td>CVE-2015-9028</td> 969 <td>A-37277982<a href="#asterisk">*</a><br /> 970 QC-CR#762764</td> 971 <td></td> 972 <td></td> 973 <td></td> 974 </tr> 975 <tr> 976 <td>CVE-2015-9031</td> 977 <td>A-37275889<a href="#asterisk">*</a><br /> 978 QC-CR#866015</td> 979 <td></td> 980 <td></td> 981 <td></td> 982 </tr> 983 <tr> 984 <td>CVE-2015-9032</td> 985 <td>A-37279125<a href="#asterisk">*</a><br /> 986 QC-CR#873202</td> 987 <td></td> 988 <td></td> 989 <td></td> 990 </tr> 991 <tr> 992 <td>CVE-2015-9033</td> 993 <td>A-37276139<a href="#asterisk">*</a><br /> 994 QC-CR#892541</td> 995 <td></td> 996 <td></td> 997 <td></td> 998 </tr> 999 <tr> 1000 <td>CVE-2015-9030</td> 1001 <td>A-37282907<a href="#asterisk">*</a><br /> 1002 QC-CR#854667</td> 1003 <td></td> 1004 <td></td> 1005 <td></td> 1006 </tr> 1007 <tr> 1008 <td>CVE-2016-10332</td> 1009 <td>A-37282801<a href="#asterisk">*</a><br /> 1010 QC-CR#906713<br /> 1011 QC-CR#917701<br /> 1012 QC-CR#917702</td> 1013 <td></td> 1014 <td></td> 1015 <td></td> 1016 </tr> 1017 <tr> 1018 <td>CVE-2016-10337</td> 1019 <td>A-37280665<a href="#asterisk">*</a><br /> 1020 QC-CR#977632</td> 1021 <td></td> 1022 <td></td> 1023 <td></td> 1024 </tr> 1025 <tr> 1026 <td>CVE-2016-10342</td> 1027 <td>A-37281763<a href="#asterisk">*</a><br /> 1028 QC-CR#988941</td> 1029 <td></td> 1030 <td></td> 1031 <td></td> 1032 </tr> 1033 </tbody></table> 1034 <h2 id="google-device-updates">Google </h2> 1035 <p> (OTA) Google <a href="https://developers.google.com/android/nexus/images">Google Developer </a> Google </p> 1036 1037 <table> 1038 <colgroup><col width="25%" /> 1039 <col width="75%" /> 1040 </colgroup><tbody><tr> 1041 <th>Google </th> 1042 <th></th> 1043 </tr> 1044 <tr> 1045 <td>Pixel/Pixel XL</td> 1046 <td>2017 6 5 </td> 1047 </tr> 1048 <tr> 1049 <td>Nexus 5X</td> 1050 <td>2017 6 5 </td> 1051 </tr> 1052 <tr> 1053 <td>Nexus 6</td> 1054 <td>2017 6 5 </td> 1055 </tr> 1056 <tr> 1057 <td>Nexus 6P</td> 1058 <td>2017 6 5 </td> 1059 </tr> 1060 <tr> 1061 <td>Nexus 9</td> 1062 <td>2017 6 5 </td> 1063 </tr> 1064 <tr> 1065 <td>Nexus Player</td> 1066 <td>2017 6 5 </td> 1067 </tr> 1068 <tr> 1069 <td>Pixel C</td> 1070 <td>2017 6 5 </td> 1071 </tr> 1072 </tbody></table> 1073 <h2 id="acknowledgements"></h2> 1074 <p></p> 1075 1076 <table> 1077 <colgroup><col width="17%" /> 1078 <col width="83%" /> 1079 </colgroup><tbody><tr> 1080 <th>CVE</th> 1081 <th></th> 1082 </tr> 1083 <tr> 1084 <td>CVE-2017-0643CVE-2017-0641</td> 1085 <td> Ecular Xu ()</td> 1086 </tr> 1087 <tr> 1088 <td>CVE-2017-0645CVE-2017-0639</td> 1089 <td><a href="http://www.ms509.com">MS509Team</a> En He (<a href="https://twitter.com/heeeeen4x">@heeeeen4x</a>) Bo Liu</td> 1090 </tr> 1091 <tr> 1092 <td>CVE-2017-0649</td> 1093 <td> 360 IceSword Gengjia Chen (<a href="https://twitter.com/chengjia4574">@chengjia4574</a>) <a href="http://weibo.com/jfpan">pjf</a></td> 1094 </tr> 1095 <tr> 1096 <td>CVE-2017-0646</td> 1097 <td>Tencent Godzheng ( -<a href="https://twitter.com/VirtualSeekers">@VirtualSeekers</a>)</td> 1098 </tr> 1099 <tr> 1100 <td>CVE-2017-0636</td> 1101 <td>Shellphish Grill Team Jake Corina Nick Stephens</td> 1102 </tr> 1103 <tr> 1104 <td>CVE-2017-8233</td> 1105 <td> 360 IceSword Jianqiang Zhao (<a href="https://twitter.com/jianqiangzhao">@jianqiangzhao</a>) <a href="http://weibo.com/jfpan">pjf</a></td> 1106 </tr> 1107 <tr> 1108 <td>CVE-2017-7368</td> 1109 <td><a href="http://c0reteam.org">C0RE </a> Lubo Zhang (<a href="mailto:zlbzlb815 (a] 163.com">zlbzlb815 (a] 163.com</a>)Yuan-Tsung Lo (<a href="mailto:computernik (a] gmail.com">computernik (a] gmail.com</a>) Xuxian Jiang</td> 1110 </tr> 1111 <tr> 1112 <td>CVE-2017-8242</td> 1113 <td> Nathan Crandall (<a href="https://twitter.com/natecray">@natecray</a>)</td> 1114 </tr> 1115 <tr> 1116 <td>CVE-2017-0650</td> 1117 <td> (Ben Gurion University Cyber Labs) Omer ShwartzAmir CohenDr. Asaf Shabtai Dr. Yossi Oren</td> 1118 </tr> 1119 <tr> 1120 <td>CVE-2017-0648</td> 1121 <td>HCL <a href="https://alephsecurity.com/">Aleph </a> Roee Hay (<a href="https://twitter.com/roeehay">@roeehay</a>)</td> 1122 </tr> 1123 <tr> 1124 <td>CVE-2017-7369CVE-2017-6249CVE-2017-6247CVE-2017-6248</td> 1125 <td> sevenshen (<a href="https://twitter.com/lingtongshen">@lingtongshen</a>)</td> 1126 </tr> 1127 <tr> 1128 <td>CVE-2017-0642CVE-2017-0637CVE-2017-0638</td> 1129 <td>Vasily Vasiliev</td> 1130 </tr> 1131 <tr> 1132 <td>CVE-2017-0640</td> 1133 <td><a href="http://www.trendmicro.com"></a><a href="http://blog.trendmicro.com/trendlabs-security-intelligence/category/mobile/"></a> V.E.O (<a href="https://twitter.com/vysea">@VYSEa</a>)</td> 1134 </tr> 1135 <tr> 1136 <td>CVE-2017-8236</td> 1137 <td> Xiling Gong</td> 1138 </tr> 1139 <tr> 1140 <td>CVE-2017-0647</td> 1141 <td> 360 Qex Yangkang (<a href="https://twitter.com/dnpushme">@dnpushme</a>) Liyadong</td> 1142 </tr> 1143 <tr> 1144 <td>CVE-2017-7370</td> 1145 <td> 360 IceSword Yonggang Guo (<a href="https://twitter.com/guoygang">@guoygang</a>)</td> 1146 </tr> 1147 <tr> 1148 <td>CVE-2017-0651</td> 1149 <td><a href="http://c0reteam.org">C0RE </a> Yuan-Tsung Lo (<a href="mailto:computernik (a] gmail.com">computernik (a] gmail.com</a>) Xuxian Jiang</td> 1150 </tr> 1151 <tr> 1152 <td>CVE-2017-8241</td> 1153 <td>Google Zubin Mithra</td> 1154 </tr> 1155 </tbody></table> 1156 <h2 id="common-questions-and-answers"></h2> 1157 <p></p> 1158 1159 <p><strong>1. 1160 </strong></p> 1161 1162 <p> <a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">Pixel Nexus </a></p> 1163 <ul> 1164 <li>2017 6 1 2017-06-01 </li> 1165 <li>2017 6 5 2017-06-05 </li></ul> 1166 <p></p> 1167 <ul> 1168 <li>[ro.build.version.security_patch]:[2017-06-01]</li> 1169 <li>[ro.build.version.security_patch]:[2017-06-05]</li></ul> 1170 <p><strong>2. </strong></p> 1171 1172 <p> Android Android Android </p> 1173 <ul> 1174 <li> 2017 6 1 </li> 1175 <li> 2017 6 5 () </li></ul> 1176 <p></p> 1177 1178 <p id="vulnerability-type"><strong>3. <em></em></strong></p> 1179 1180 <p><em></em></p> 1181 1182 <table> 1183 <colgroup><col width="25%" /> 1184 <col width="75%" /> 1185 </colgroup><tbody><tr> 1186 <th></th> 1187 <th></th> 1188 </tr> 1189 <tr> 1190 <td>RCE</td> 1191 <td></td> 1192 </tr> 1193 <tr> 1194 <td>EoP</td> 1195 <td></td> 1196 </tr> 1197 <tr> 1198 <td>ID</td> 1199 <td></td> 1200 </tr> 1201 <tr> 1202 <td>DoS</td> 1203 <td></td> 1204 </tr> 1205 <tr> 1206 <td></td> 1207 <td></td> 1208 </tr> 1209 </tbody></table> 1210 <p><strong>4. <em></em></strong></p> 1211 1212 <p><em></em></p> 1213 1214 <table> 1215 <colgroup><col width="25%" /> 1216 <col width="75%" /> 1217 </colgroup><tbody><tr> 1218 <th></th> 1219 <th></th> 1220 </tr> 1221 <tr> 1222 <td>A-</td> 1223 <td>Android ID</td> 1224 </tr> 1225 <tr> 1226 <td>QC-</td> 1227 <td>Qualcomm </td> 1228 </tr> 1229 <tr> 1230 <td>M-</td> 1231 <td>MediaTek </td> 1232 </tr> 1233 <tr> 1234 <td>N-</td> 1235 <td>NVIDIA </td> 1236 </tr> 1237 <tr> 1238 <td>B-</td> 1239 <td>Broadcom </td> 1240 </tr> 1241 </tbody></table> 1242 <p id="asterisk"><strong>5. <em></em> Android ID (<a href="#asterisk">*</a>) </strong></p> 1243 1244 <p><em></em> Android ID (<a href="#asterisk">*</a>) Nexus <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a></p> 1245 1246 <h2 id="versions"></h2> 1247 <table> 1248 <colgroup><col width="25%" /> 1249 <col width="25%" /> 1250 <col width="50%" /> 1251 </colgroup><tbody><tr> 1252 <th></th> 1253 <th></th> 1254 <th></th> 1255 </tr> 1256 <tr> 1257 <td>1.0</td> 1258 <td>2017 6 5 </td> 1259 <td></td> 1260 </tr> 1261 <tr> 1262 <td>1.1</td> 1263 <td>2017 6 7 </td> 1264 <td> AOSP </td> 1265 </tr> 1266 </tbody></table> 1267 1268 </body></html>
