diff options
author | Danielle Roberts <daroberts@google.com> | 2017-03-06 22:43:57 +0000 |
---|---|---|
committer | android-build-merger <android-build-merger@google.com> | 2017-03-06 22:43:57 +0000 |
commit | cc72209b9874f624fb43fff3a8de68dc86f3786b (patch) | |
tree | 8c65bb050d99fbe152d52e1648d81b6346df3210 | |
parent | 7363edfcb2e37b47cfa731504a4cd4bcb268ed19 (diff) | |
parent | ebc8605eda6213b1dea722ed792323c3b7ff7fe6 (diff) | |
download | source.android.com-cc72209b9874f624fb43fff3a8de68dc86f3786b.tar.gz |
Merge "Docs: March 2017 Security bulletin"
am: ebc8605eda
Change-Id: I71f038b96c554cd6e373fe6835139f8f7f045d5b
-rw-r--r-- | src/security/bulletin/2017-03-01.jd | 3159 | ||||
-rw-r--r-- | src/security/bulletin/index.jd | 8 | ||||
-rw-r--r-- | src/security/overview/acknowledgements.jd | 69 | ||||
-rw-r--r-- | src/security/security_toc.cs | 1 |
4 files changed, 3233 insertions, 4 deletions
diff --git a/src/security/bulletin/2017-03-01.jd b/src/security/bulletin/2017-03-01.jd new file mode 100644 index 00000000..064eebd9 --- /dev/null +++ b/src/security/bulletin/2017-03-01.jd @@ -0,0 +1,3159 @@ +page.title=Android Security Bulletin—March 2017 +@jd:body + +<!-- + Copyright 2016 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> +<p><em>Published March 06, 2017</em></p> +<p>The Android Security Bulletin contains details of security vulnerabilities +affecting Android devices. Alongside the bulletin, we have released a security +update to Google devices through an over-the-air (OTA) update. The Google device +firmware images have also been released to the <a +href="https://developers.google.com/android/nexus/images">Google Developer +site</a>. Security patch levels of March 05, 2017 or later address all of these +issues. Refer to the <a +href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">Pixel +and Nexus update schedule</a> to learn how to check a device's security patch +level.</p> +<p>Partners were notified of the issues described in the bulletin on February 06, +2017 or earlier. Source code patches for these issues have been released to the +Android Open Source Project (AOSP) repository and linked from this bulletin. +This bulletin also includes links to patches outside of AOSP.</p> +<p>The most severe of these issues is a Critical security vulnerability that could +enable remote code execution on an affected device through multiple methods such +as email, web browsing, and MMS when processing media files.</p> +<p>We have had no reports of active customer exploitation or abuse of these newly +reported issues. Refer to the <a +href="#mitigations">Android and Google service +mitigations</a> section for details on the <a +href="{@docRoot}security/enhancements/index.html">Android +security platform protections</a> and service protections such as <a +href="https://developer.android.com/training/safetynet/index.html">SafetyNet</a>, +which improve the security of the Android platform.</p> +<p>We encourage all customers to accept these updates to their devices.</p> +<h2 id="announcements">Announcements</h2> +<ul> +<li>This bulletin has two security patch level strings to provide Android +partners with the flexibility to more quickly fix a subset of vulnerabilities +that are similar across all Android devices. See <a +href="#common-questions-and-answers">Common questions and answers</a> for +additional information: +<ul> + <li><strong>2017-03-01</strong>: Partial security patch level string. This +security patch level string indicates that all issues associated with 2017-03-01 +(and all previous security patch level strings) are addressed.</li> + <li><strong>2017-03-05</strong>: Complete security patch level string. This +security patch level string indicates that all issues associated with 2017-03-01 +and 2017-03-05 (and all previous security patch level strings) are addressed.</li> +</ul> +</li> +<li>Supported Google devices will receive a single OTA update with the March +05, 2017 security patch level.</li> +</ul> +<h2 id="security-vulnerability-summary">Security vulnerability summary</h2> +<p>The tables below contains a list of security vulnerabilities, the Common +Vulnerability and Exposures ID (CVE), the assessed severity, and whether or not +Google devices are affected. The <a +href="{@docRoot}security/overview/updates-resources.html#severity">severity +assessment</a> is based on the effect that exploiting the vulnerability would +possibly have on an affected device, assuming the platform and service +mitigations are disabled for development purposes or if successfully bypassed.</p> +<h3 id="2017-03-01-summary">2017-03-01 +security patch level—Vulnerability summary</h3> +<p>Security patch levels of 2017-03-01 or later must address the following issues.</p> +<table> + <col width="55%"> + <col width="20%"> + <col width="13%"> + <col width="12%"> + <tr> + <th>Issue</th> + <th>CVE</th> + <th>Severity</th> + <th>Affects Google devices?</th> + </tr> + <tr> + <td>Remote code execution vulnerability in OpenSSL & BoringSSL</td> + <td>CVE-2016-2182</td> + <td>Critical</td> + <td>Yes</td> + </tr> + <tr> + <td>Remote code execution vulnerability in Mediaserver</td> + <td>CVE-2017-0466, CVE-2017-0467, CVE-2017-0468, CVE-2017-0469, +CVE-2017-0470, CVE-2017-0471, CVE-2017-0472, CVE-2017-0473, CVE-2017-0474</td> + <td>Critical</td> + <td>Yes</td> + </tr> + <tr> + <td>Elevation of privilege vulnerability in recovery verifier</td> + <td>CVE-2017-0475</td> + <td>Critical</td> + <td>Yes</td> + </tr> + <tr> + <td>Remote code execution vulnerability in AOSP Messaging</td> + <td>CVE-2017-0476</td> + <td>High</td> + <td>Yes</td> + </tr> + <tr> + <td>Remote code execution vulnerability in libgdx</td> + <td>CVE-2017-0477</td> + <td>High</td> + <td>Yes</td> + </tr> + <tr> + <td>Remote code execution vulnerability in Framesequence library</td> + <td>CVE-2017-0478</td> + <td>High</td> + <td>Yes</td> + </tr> + <tr> + <td>Elevation of privilege vulnerability in Audioserver</td> + <td>CVE-2017-0479, CVE-2017-0480</td> + <td>High</td> + <td>Yes</td> + </tr> + <tr> + <td>Elevation of privilege vulnerability in NFC</td> + <td>CVE-2017-0481</td> + <td>High</td> + <td>Yes</td> + </tr> + <tr> + <td>Denial of service vulnerability in Mediaserver</td> + <td>CVE-2017-0482, CVE-2017-0483, CVE-2017-0484, CVE-2017-0485, +CVE-2017-0486, CVE-2017-0487, CVE-2017-0488</td> + <td>High</td> + <td>Yes</td> + </tr> + <tr> + <td>Update: Denial of service vulnerability in Mediaserver</td> + <td>CVE-2017-0390</td> + <td>High</td> + <td>Yes</td> + </tr> + <tr> + <td>Update: Denial of service vulnerability in Mediaserver</td> + <td>CVE-2017-0392</td> + <td>High</td> + <td>Yes</td> + </tr> + <tr> + <td>Elevation of privilege vulnerability in Location Manager</td> + <td>CVE-2017-0489</td> + <td>Moderate</td> + <td>Yes</td> + </tr> + <tr> + <td>Elevation of privilege vulnerability in Wi-Fi</td> + <td>CVE-2017-0490</td> + <td>Moderate</td> + <td>Yes</td> + </tr> + <tr> + <td>Elevation of privilege vulnerability in Package Manager</td> + <td>CVE-2017-0491</td> + <td>Moderate</td> + <td>Yes</td> + </tr> + <tr> + <td>Elevation of privilege vulnerability in System UI</td> + <td>CVE-2017-0492</td> + <td>Moderate</td> + <td>Yes</td> + </tr> + <tr> + <td>Information disclosure vulnerability in AOSP Messaging</td> + <td>CVE-2017-0494</td> + <td>Moderate</td> + <td>Yes</td> + </tr> + <tr> + <td>Information disclosure vulnerability in Mediaserver</td> + <td>CVE-2017-0495</td> + <td>Moderate</td> + <td>Yes</td> + </tr> + <tr> + <td>Denial of service vulnerability in Setup Wizard</td> + <td>CVE-2017-0496</td> + <td>Moderate</td> + <td>Yes</td> + </tr> + <tr> + <td>Denial of service vulnerability in Mediaserver</td> + <td>CVE-2017-0497</td> + <td>Moderate</td> + <td>Yes</td> + </tr> + <tr> + <td>Denial of service vulnerability in Setup Wizard</td> + <td>CVE-2017-0498</td> + <td>Moderate</td> + <td>No*</td> + </tr> + <tr> + <td>Denial of service vulnerability in Audioserver</td> + <td>CVE-2017-0499</td> + <td>Low</td> + <td>Yes</td> + </tr> +</table> +<p>* Supported Google devices on Android 7.0 or later that have installed all +available updates are not affected by this vulnerability.</p> +<h3 id="2017-03-05-summary">2017-03-05 +security patch level—Vulnerability summary</h3> +<p>Security patch levels of 2017-03-05 or later must address all of the 2017-03-01 +issues, as well as the following issues.</p> +<table> + <col width="55%"> + <col width="20%"> + <col width="13%"> + <col width="12%"> + <tr> + <th>Issue</th> + <th>CVE</th> + <th>Severity</th> + <th>Affects Google devices?</th> + </tr> + <tr> + <td>Elevation of privilege vulnerability in MediaTek components</td> + <td>CVE-2017-0500, CVE-2017-0501, CVE-2017-0502, CVE-2017-0503, +CVE-2017-0504, CVE-2017-0505, CVE-2017-0506</td> + <td>Critical</td> + <td>No*</td> + </tr> + <tr> + <td>Elevation of privilege vulnerability in NVIDIA GPU driver</td> + <td>CVE-2017-0337, CVE-2017-0338, CVE-2017-0333, CVE-2017-0306, CVE-2017-0335</td> + <td>Critical</td> + <td>Yes</td> + </tr> + <tr> + <td>Elevation of privilege vulnerability in kernel ION subsystem</td> + <td>CVE-2017-0507, CVE-2017-0508</td> + <td>Critical</td> + <td>Yes</td> + </tr> + <tr> + <td>Elevation of privilege vulnerability in Broadcom Wi-Fi driver</td> + <td>CVE-2017-0509</td> + <td>Critical</td> + <td>No*</td> + </tr> + <tr> + <td>Elevation of privilege vulnerability in kernel FIQ debugger</td> + <td>CVE-2017-0510</td> + <td>Critical</td> + <td>Yes</td> + </tr> + <tr> + <td>Elevation of privilege vulnerability in Qualcomm GPU driver</td> + <td>CVE-2016-8479</td> + <td>Critical</td> + <td>Yes</td> + </tr> + <tr> + <td>Elevation of privilege vulnerability in kernel networking subsystem</td> + <td>CVE-2016-9806, CVE-2016-10200</td> + <td>Critical</td> + <td>Yes</td> + </tr> + <tr> + <td>Vulnerabilities in Qualcomm components</td> + <td>CVE-2016-8484, CVE-2016-8485, CVE-2016-8486, CVE-2016-8487, CVE-2016-8488</td> + <td>Critical</td> + <td>No*</td> + </tr> + <tr> + <td>Elevation of privilege vulnerability in kernel networking subsystem</td> + <td>CVE-2016-8655, CVE-2016-9793</td> + <td>High</td> + <td>Yes</td> + </tr> + <tr> + <td>Elevation of privilege vulnerability in Qualcomm input hardware driver</td> + <td>CVE-2017-0516</td> + <td>High</td> + <td>Yes</td> + </tr> + <tr> + <td>Elevation of privilege vulnerability in MediaTek Hardware Sensor Driver</td> + <td>CVE-2017-0517</td> + <td>High</td> + <td>No*</td> + </tr> + <tr> + <td>Elevation of privilege vulnerability in Qualcomm ADSPRPC driver</td> + <td>CVE-2017-0457</td> + <td>High</td> + <td>Yes</td> + </tr> + <tr> + <td>Elevation of privilege vulnerability in Qualcomm fingerprint sensor +driver</td> + <td>CVE-2017-0518, CVE-2017-0519</td> + <td>High</td> + <td>Yes</td> + </tr> + <tr> + <td>Elevation of privilege vulnerability in Qualcomm crypto engine driver</td> + <td>CVE-2017-0520</td> + <td>High</td> + <td>Yes</td> + </tr> + <tr> + <td>Elevation of privilege vulnerability in Qualcomm camera driver</td> + <td>CVE-2017-0458, CVE-2017-0521</td> + <td>High</td> + <td>Yes</td> + </tr> + <tr> + <td>Elevation of privilege vulnerability in MediaTek APK</td> + <td>CVE-2017-0522</td> + <td>High</td> + <td>No*</td> + </tr> + <tr> + <td>Elevation of privilege vulnerability in Qualcomm Wi-Fi driver</td> + <td>CVE-2017-0464, CVE-2017-0453, CVE-2017-0523</td> + <td>High</td> + <td>Yes</td> + </tr> + <tr> + <td>Elevation of privilege vulnerability in Synaptics touchscreen driver</td> + <td>CVE-2017-0524</td> + <td>High</td> + <td>Yes</td> + </tr> + <tr> + <td>Elevation of privilege vulnerability in Qualcomm IPA driver</td> + <td>CVE-2017-0456, CVE-2017-0525</td> + <td>High</td> + <td>Yes</td> + </tr> + <tr> + <td>Elevation of privilege vulnerability in HTC Sensor Hub Driver</td> + <td>CVE-2017-0526, CVE-2017-0527</td> + <td>High</td> + <td>Yes</td> + </tr> + <tr> + <td>Elevation of privilege vulnerability in NVIDIA GPU driver</td> + <td>CVE-2017-0307</td> + <td>High</td> + <td>No*</td> + </tr> + <tr> + <td>Elevation of privilege vulnerability in Qualcomm networking driver</td> + <td>CVE-2017-0463, CVE-2017-0460</td> + <td>High</td> + <td>Yes</td> + </tr> + <tr> + <td>Elevation of privilege vulnerability in kernel security subsystem</td> + <td>CVE-2017-0528</td> + <td>High</td> + <td>Yes</td> + </tr> + <tr> + <td>Elevation of privilege vulnerability in Qualcomm SPCom driver</td> + <td>CVE-2016-5856, CVE-2016-5857</td> + <td>High</td> + <td>No*</td> + </tr> + <tr> + <td>Information disclosure vulnerability in kernel networking subsystem</td> + <td>CVE-2014-8709</td> + <td>High</td> + <td>Yes</td> + </tr> + <tr> + <td>Information disclosure vulnerability in MediaTek driver</td> + <td>CVE-2017-0529</td> + <td>High</td> + <td>No*</td> + </tr> + <tr> + <td>Information disclosure vulnerability in Qualcomm bootloader</td> + <td>CVE-2017-0455</td> + <td>High</td> + <td>Yes</td> + </tr> + <tr> + <td>Information disclosure vulnerability in Qualcomm power driver</td> + <td>CVE-2016-8483</td> + <td>High</td> + <td>Yes</td> + </tr> + <tr> + <td>Information disclosure vulnerability in NVIDIA GPU driver</td> + <td>CVE-2017-0334, CVE-2017-0336</td> + <td>High</td> + <td>Yes</td> + </tr> + <tr> + <td>Denial of service vulnerability in kernel cryptographic subsystem</td> + <td>CVE-2016-8650</td> + <td>High</td> + <td>Yes</td> + </tr> + <tr> + <td>Elevation of privilege vulnerability in Qualcomm camera driver (device +specific)</td> + <td>CVE-2016-8417</td> + <td>Moderate</td> + <td>Yes</td> + </tr> + <tr> + <td>Information disclosure vulnerability in Qualcomm Wi-Fi driver</td> + <td>CVE-2017-0461, CVE-2017-0459, CVE-2017-0531</td> + <td>Moderate</td> + <td>Yes</td> + </tr> + <tr> + <td>Information disclosure vulnerability in MediaTek video codec driver</td> + <td>CVE-2017-0532</td> + <td>Moderate</td> + <td>No*</td> + </tr> + <tr> + <td>Information disclosure vulnerability in Qualcomm video driver</td> + <td>CVE-2017-0533, CVE-2017-0534, CVE-2016-8416, CVE-2016-8478</td> + <td>Moderate</td> + <td>Yes</td> + </tr> + <tr> + <td>Information disclosure vulnerability in Qualcomm camera driver</td> + <td>CVE-2016-8413, CVE-2016-8477</td> + <td>Moderate</td> + <td>Yes</td> + </tr> + <tr> + <td>Information disclosure vulnerability in HTC sound codec driver</td> + <td>CVE-2017-0535</td> + <td>Moderate</td> + <td>Yes</td> + </tr> + <tr> + <td>Information disclosure vulnerability in Synaptics touchscreen driver</td> + <td>CVE-2017-0536</td> + <td>Moderate</td> + <td>Yes</td> + </tr> + <tr> + <td>Information disclosure vulnerability in kernel USB gadget driver</td> + <td>CVE-2017-0537</td> + <td>Moderate</td> + <td>Yes</td> + </tr> + <tr> + <td>Information disclosure vulnerability in Qualcomm camera driver</td> + <td>CVE-2017-0452</td> + <td>Low</td> + <td>Yes</td> + </tr> +</table> +<p>* Supported Google devices on Android 7.0 or later that have installed all +available updates are not affected by this vulnerability.</p> +<h2 id="mitigations">Android and Google service +mitigations</h2> +<p>This is a summary of the mitigations provided by the <a +href="{@docRoot}security/enhancements/index.html">Android +security platform</a> and service protections, such as SafetyNet. These +capabilities reduce the likelihood that security vulnerabilities could be +successfully exploited on Android.</p> +<ul> +<li>Exploitation for many issues on Android is made more difficult by +enhancements in newer versions of the Android platform. We encourage all users +to update to the latest version of Android where possible.</li> +<li>The Android Security team actively monitors for abuse with <a +href="http://static.googleusercontent.com/media/source.android.com/en//security/reports/Google_Android_Security_2015_Report_Final.pdf">Verify +Apps and SafetyNet</a>, which are designed to warn users about <a +href="http://static.googleusercontent.com/media/source.android.com/en//security/reports/Google_Android_Security_PHA_classifications.pdf">Potentially +Harmful Applications</a>. Verify Apps is enabled by default on devices with <a +href="http://www.android.com/gms">Google Mobile Services</a> and is especially +important for users who install applications from outside of Google Play. Device +rooting tools are prohibited within Google Play, but Verify Apps warns users +when they attempt to install a detected rooting application—no matter where it +comes from. Additionally, Verify Apps attempts to identify and block +installation of known malicious applications that exploit a privilege escalation +vulnerability. If such an application has already been installed, Verify Apps +will notify the user and attempt to remove the detected application.</li> +<li>As appropriate, Google Hangouts and Messenger applications do not +automatically pass media to processes such as Mediaserver.</li> +</ul> +<h2 id="acknowledgements">Acknowledgements</h2> +<p>We would like to thank these researchers for their contributions:</p> +<ul> +<li>Alexander Potapenko of Google Dynamic Tools team: CVE-2017-0537 +<li>Baozeng Ding, Chengming Yang, Peng Xiao, and Yang Song of Alibaba Mobile +Security Group: CVE-2017-0506 +<li>Baozeng Ding, Ning You, Chengming Yang, Peng Xiao, and Yang Song of Alibaba +Mobile Security Group: CVE-2017-0463 +<li>Billy Lau of Android Security: CVE-2017-0335, CVE-2017-0336, CVE-2017-0338, +CVE-2017-0460 +<li><a href="mailto:derrek.haxx@gmail.com">derrek</a> (<a +href="https://twitter.com/derrekr6">@derrekr6</a>): CVE-2016-8413, +CVE-2016-8477, CVE-2017-0531 +<li><a href="mailto:derrek.haxx@gmail.com">derrek</a> (<a +href="https://twitter.com/derrekr6">@derrekr6</a>) and <a +href="mailto:sbauer@plzdonthack.me">Scott Bauer</a> (<a +href="https://twitter.com/ScottyBauer1">@ScottyBauer1</a>): CVE-2017-0521 +<li>Di Shen (<a href="https://twitter.com/returnsme">@returnsme</a>) of KeenLab +(<a href="https://twitter.com/keen_lab">@keen_lab</a>), Tencent: CVE-2017-0334, +CVE-2017-0456, CVE-2017-0457, CVE-2017-0525 +<li>En He (<a href="https://twitter.com/heeeeen4x">@heeeeen4x</a>) and Bo Liu of +<a href="http://www.ms509.com">MS509Team</a>: CVE-2017-0490 +<li>Gengjia Chen (<a href="https://twitter.com/chengjia4574">@chengjia4574</a>) +and <a href="http://weibo.com/jfpan">pjf</a> of IceSword Lab, Qihoo 360 +Technology Co. Ltd.: CVE-2017-0500, CVE-2017-0501, CVE-2017-0502, CVE-2017-0503, +CVE-2017-0509, CVE-2017-0524, CVE-2017-0529, CVE-2017-0536 +<li>Hao Chen and Guang Gong of Alpha Team, Qihoo 360 Technology Co. Ltd.: +CVE-2017-0453, CVE-2017-0461, CVE-2017-0464 +<li>Hiroki Yamamoto and Fang Chen of Sony Mobile Communications Inc.: +CVE-2017-0481 +<li>IBM Security X-Force Researchers Sagi Kedmi and Roee Hay: CVE-2017-0510 +<li>Jianjun Dai (<a href="https://twitter.com/Jioun_dai">@Jioun_dai</a>) of <a +href="https://skyeye.360safe.com">Qihoo 360 Skyeye Labs</a>: CVE-2017-0478 +<li>Jianqiang Zhao (<a +href="https://twitter.com/jianqiangzhao">@jianqiangzhao</a>) and <a +href="http://weibo.com/jfpan">pjf</a> of IceSword Lab, Qihoo 360: CVE-2016-8416, +CVE-2016-8478, CVE-2017-0458, CVE-2017-0459, CVE-2017-0518, CVE-2017-0519, +CVE-2017-0533, CVE-2017-0534 +<li><a href="mailto:zlbzlb815@163.com">Lubo Zhang</a>, <a +href="mailto:segfault5514@gmail.com">Tong Lin</a>, <a +href="mailto:computernik@gmail.com">Yuan-Tsung Lo</a>, and Xuxian Jiang of <a +href="http://c0reteam.org">C0RE Team</a>: CVE-2016-8479 +<li>Makoto Onuki of Google: CVE-2017-0491 +<li>Mingjian Zhou (<a +href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>), <a +href="mailto:arnow117@gmail.com">Hanxiang Wen</a>, and Xuxian Jiang of <a +href="http://c0reteam.org">C0RE Team</a>: CVE-2017-0479, CVE-2017-0480 +<li>Nathan Crandall (<a href="https://twitter.com/natecray">@natecray</a>): +CVE-2017-0535 +<li>Nathan Crandall (<a href="https://twitter.com/natecray">@natecray</a>) of +Tesla Motors Product Security Team: CVE-2017-0306 +<li>Pengfei Ding (丁鹏飞), Chenfu Bao (包沉浮), Lenx Wei (韦韬) of Baidu X-Lab +(百度安全实验室): CVE-2016-8417 +<li>Qidan He (何淇丹) (<a href="https://twitter.com/flanker_hqd">@flanker_hqd</a>) +of KeenLab, Tencent: CVE-2017-0337, CVE-2017-0476 +<li>Qing Zhang of Qihoo 360 and Guangdong Bai of Singapore Institute of +Technology (SIT): CVE-2017-0496 +<li>Quhe and wanchouchou of Ant-financial Light-Year Security Lab +(蚂蚁金服巴斯光年安全实验室): CVE-2017-0522 +<li><a href="mailto:keun-o.park@darkmatter.ae">Sahara</a> of Secure +Communications in DarkMatter: CVE-2017-0528 +<li>salls (<a href="https://twitter.com/chris_salls">@chris_salls</a>) of +Shellphish Grill Team, UC Santa Barbara: CVE-2017-0505 +<li><a href="mailto:sbauer@plzdonthack.me">Scott Bauer</a> (<a +href="https://twitter.com/ScottyBauer1">@ScottyBauer1</a>): CVE-2017-0504, +CVE-2017-0516 +<li>Sean Beaupre (beaups): CVE-2017-0455 +<li>Seven Shen (<a href="https://twitter.com/lingtongshen">@lingtongshen</a>) of +Trend Micro: CVE-2017-0452 +<li>Shinichi Matsumoto of Fujitsu: CVE-2017-0498 +<li><a href="mailto:smarques84@gmail.com">Stéphane Marques</a> of <a +href="http://www.byterev.com">ByteRev</a>: CVE-2017-0489 +<li>Svetoslav Ganov of Google: CVE-2017-0492 +<li><a href="mailto:segfault5514@gmail.com">Tong Lin</a>, <a +href="mailto:computernik@gmail.com">Yuan-Tsung Lo</a>, and Xuxian Jiang of <a +href="http://c0reteam.org">C0RE Team</a>: CVE-2017-0333 +<li>V.E.O (<a href="https://twitter.com/vysea">@VYSEa</a>) of <a +href="http://blog.trendmicro.com/trendlabs-security-intelligence/category/mobile">Mobile +Threat Response Team</a>, <a href="http://www.trendmicro.com">Trend Micro</a>: +CVE-2017-0466, CVE-2017-0467, CVE-2017-0468, CVE-2017-0469, CVE-2017-0470, +CVE-2017-0471, CVE-2017-0472, CVE-2017-0473, CVE-2017-0482, CVE-2017-0485, +CVE-2017-0486, CVE-2017-0487, CVE-2017-0494, CVE-2017-0495 +<li>Wish Wu (吴潍浠 此彼) (<a href="https://twitter.com/wish_wu">@wish_wu</a>) of +Ant-financial Light-Year Security Lab (蚂蚁金服巴斯光年安全实验室): CVE-2017-0477 +<li>Yu Pan of Vulpecker Team, Qihoo 360 Technology Co. Ltd: CVE-2017-0517, +CVE-2017-0532 +<li><a href="mailto:computernik@gmail.com">Yuan-Tsung Lo</a>, and Xuxian Jiang +of <a href="http://c0reteam.org">C0RE Team</a>: CVE-2017-0526, CVE-2017-0527 +<li>Yuqi Lu (<a href="https://twitter.com/nikos233__">@nikos233</a>), <a +href="mailto:vancouverdou@gmail.com">Wenke Dou</a>, <a +href="mailto:shaodacheng2016@gmail.com">Dacheng Shao</a>, Mingjian Zhou (<a +href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>), and Xuxian Jiang +of <a href="http://c0reteam.org">C0RE Team</a>: CVE-2017-0483</li></ul> + +<h2 id="2017-03-01-details">2017-03-01 security patch level—Vulnerability +details</h2> +<p>In the sections below, we provide details for each of the security +vulnerabilities listed in the +<a href="#2017-03-01-summary">2017-03-01 +security patch level—Vulnerability summary</a> above. There is a description of +the issue, a severity rationale, and a table with the CVE, associated +references, severity, updated Google devices, updated AOSP versions (where +applicable), and date reported. When available, we will link the public change +that addressed the issue to the bug ID, like the AOSP change list. When multiple +changes relate to a single bug, additional references are linked to numbers +following the bug ID.</p> + + +<h3 id="rce-in-openssl-&-boringssl">Remote code execution vulnerability in +OpenSSL & BoringSSL</h3> +<p>A remote code execution vulnerability in OpenSSL and BoringSSL could enable an +attacker using a specially crafted file to cause memory corruption during file +and data processing. This issue is rated as Critical due to the possibility of +remote code execution within the context of a privileged process.</p> + +<table> + <col width="18%"> + <col width="17%"> + <col width="10%"> + <col width="19%"> + <col width="18%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Updated AOSP versions</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2016-2182</td> + <td>A-32096880</td> + <td>Critical</td> + <td>All</td> + <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> + <td>Aug 5, 2016</td> + </tr> +</table> + + +<h3 id="rce-in-mediaserver-">Remote code execution vulnerability in Mediaserver +</h3> +<p>A remote code execution vulnerability in Mediaserver could enable an attacker +using a specially crafted file to cause memory corruption during media file and +data processing. This issue is rated as Critical due to the possibility of +remote code execution within the context of the Mediaserver process.</p> + +<table> + <col width="18%"> + <col width="17%"> + <col width="10%"> + <col width="19%"> + <col width="18%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Updated AOSP versions</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2017-0466</td> + <td>A-33139050</td> + <td>Critical</td> + <td>All</td> + <td>6.0, 6.0.1, 7.0, 7.1.1</td> + <td>Nov 25, 2016</td> + </tr> + <tr> + <td>CVE-2017-0467</td> + <td>A-33250932</td> + <td>Critical</td> + <td>All</td> + <td>6.0, 6.0.1, 7.0, 7.1.1</td> + <td>Nov 30, 2016</td> + </tr> + <tr> + <td>CVE-2017-0468</td> + <td>A-33351708</td> + <td>Critical</td> + <td>All</td> + <td>6.0, 6.0.1, 7.0, 7.1.1</td> + <td>Dec 5, 2016</td> + </tr> + <tr> + <td>CVE-2017-0469</td> + <td>A-33450635</td> + <td>Critical</td> + <td>All</td> + <td>6.0, 6.0.1, 7.0, 7.1.1</td> + <td>Dec 8, 2016</td> + </tr> + <tr> + <td>CVE-2017-0470</td> + <td>A-33818500</td> + <td>Critical</td> + <td>All</td> + <td>6.0, 6.0.1, 7.0, 7.1.1</td> + <td>Dec 21, 2016</td> + </tr> + <tr> + <td>CVE-2017-0471</td> + <td>A-33816782</td> + <td>Critical</td> + <td>All</td> + <td>6.0, 6.0.1, 7.0, 7.1.1</td> + <td>Dec 21, 2016</td> + </tr> + <tr> + <td>CVE-2017-0472</td> + <td>A-33862021</td> + <td>Critical</td> + <td>All</td> + <td>6.0, 6.0.1, 7.0, 7.1.1</td> + <td>Dec 23, 2016</td> + </tr> + <tr> + <td>CVE-2017-0473</td> + <td>A-33982658</td> + <td>Critical</td> + <td>All</td> + <td>6.0, 6.0.1, 7.0, 7.1.1</td> + <td>Dec 30, 2016</td> + </tr> + <tr> + <td>CVE-2017-0474</td> + <td>A-32589224</td> + <td>Critical</td> + <td>All</td> + <td>7.0, 7.1.1</td> + <td>Google internal</td> + </tr> +</table> + + +<h3 id="eop-in-recovery-verifier">Elevation of privilege vulnerability in +recovery verifier</h3> +<p>An elevation of privilege vulnerability in the recovery verifier could enable a +local malicious application to execute arbitrary code within the context of the +kernel. This issue is rated as Critical due to the possibility of a local +permanent device compromise, which may require reflashing the operating system +to repair the device.</p> + +<table> + <col width="18%"> + <col width="17%"> + <col width="10%"> + <col width="19%"> + <col width="18%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Updated AOSP versions</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2017-0475</td> + <td>A-31914369</td> + <td>Critical</td> + <td>All</td> + <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> + <td>Oct 2, 2016</td> + </tr> +</table> + + +<h3 id="rce-in-aosp-messaging">Remote code execution vulnerability in AOSP +Messaging</h3> +<p>A remote code execution vulnerability in AOSP Messaging could enable an +attacker using a specially crafted file to cause memory corruption during media +file and data processing. This issue is rated as High due to the possibility of +remote code execution within the context of an unprivileged process.</p> + +<table> + <col width="18%"> + <col width="17%"> + <col width="10%"> + <col width="19%"> + <col width="18%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Updated AOSP versions</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2017-0476</td> + <td>A-33388925</td> + <td>High</td> + <td>All</td> + <td>6.0, 6.0.1, 7.0, 7.1.1</td> + <td>Dec 6, 2016</td> + </tr> +</table> + + +<h3 id="rce-in-libgdx">Remote code execution vulnerability in libgdx</h3> +<p>A remote code execution vulnerability in libgdx could enable an attacker using +a specially crafted file to execute arbitrary code within the context of an +unprivileged process. This issue is rated as High due to the possibility of +remote code execution in an application that uses this library.</p> + +<table> + <col width="18%"> + <col width="17%"> + <col width="10%"> + <col width="19%"> + <col width="18%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Updated AOSP versions</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2017-0477</td> + <td>A-33621647</td> + <td>High</td> + <td>All</td> + <td>7.1.1</td> + <td>Dec 14, 2016</td> + </tr> +</table> + + +<h3 id="rce-in-framesequence-library">Remote code execution vulnerability in +Framesequence library</h3> +<p>A remote code execution vulnerability in the Framesequence library could enable +an attacker using a specially crafted file to execute arbitrary code in the +context of an unprivileged process. This issue is rated as High due to the +possibility of remote code execution in an application that uses the +Framesequence library.</p> + +<table> + <col width="18%"> + <col width="17%"> + <col width="10%"> + <col width="19%"> + <col width="18%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Updated AOSP versions</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2017-0478</td> + <td>A-33718716</td> + <td>High</td> + <td>All</td> + <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> + <td>Dec 16, 2016</td> + </tr> +</table> + + +<h3 id="eop-in-audioserver">Elevation of privilege vulnerability in +Audioserver</h3> +<p>An elevation of privilege vulnerability in Audioserver could enable a local +malicious application to execute arbitrary code within the context of a +privileged process. This issue is rated as High because it could be used to +gain local access to elevated capabilities, which are not normally accessible +to a third-party application.</p> + +<table> + <col width="18%"> + <col width="17%"> + <col width="10%"> + <col width="19%"> + <col width="18%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Updated AOSP versions</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2017-0479</td> + <td>A-32707507</td> + <td>High</td> + <td>All</td> + <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> + <td>Nov 7, 2016</td> + </tr> + <tr> + <td>CVE-2017-0480</td> + <td>A-32705429</td> + <td>High</td> + <td>All</td> + <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> + <td>Nov 7, 2016</td> + </tr> +</table> + + +<h3 id="eop-in-nfc">Elevation of privilege vulnerability in NFC</h3> +<p>An elevation of privilege vulnerability in NFC could enable a proximate +attacker to execute arbitrary code within the context of a privileged process. +This issue is rated as High because it could be used to gain local access to +elevated capabilities, which are not normally accessible to a third-party +application.</p> + +<table> + <col width="18%"> + <col width="17%"> + <col width="10%"> + <col width="19%"> + <col width="18%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Updated AOSP versions</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2017-0481</td> + <td>A-33434992</td> + <td>High</td> + <td>All</td> + <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> + <td>Google internal</td> + </tr> +</table> + + +<h3 id="dos-in-mediaserver">Denial of service vulnerability in Mediaserver</h3> +<p>A denial of service vulnerability in Mediaserver could enable an attacker to +use a specially crafted file to cause a device hang or reboot. This issue is +rated as High severity due to the possibility of remote denial of service.</p> + +<table> + <col width="18%"> + <col width="17%"> + <col width="10%"> + <col width="19%"> + <col width="18%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Updated AOSP versions</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2017-0482</td> + <td>A-33090864</td> + <td>High</td> + <td>All</td> + <td>6.0, 6.0.1, 7.0, 7.1.1</td> + <td>Nov 22, 2016</td> + </tr> + <tr> + <td>CVE-2017-0483</td> + <td>A-33137046</td> + <td>High</td> + <td>All</td> + <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> + <td>Nov 24, 2016</td> + </tr> + <tr> + <td>CVE-2017-0484</td> + <td>A-33298089</td> + <td>High</td> + <td>All</td> + <td>6.0, 6.0.1, 7.0, 7.1.1</td> + <td>Dec 1, 2016</td> + </tr> + <tr> + <td>CVE-2017-0485</td> + <td>A-33387820</td> + <td>High</td> + <td>All</td> + <td>6.0, 6.0.1, 7.0, 7.1.1</td> + <td>Dec 6, 2016</td> + </tr> + <tr> + <td>CVE-2017-0486</td> + <td>A-33621215</td> + <td>High</td> + <td>All</td> + <td>6.0, 6.0.1, 7.0, 7.1.1</td> + <td>Dec 14, 2016</td> + </tr> + <tr> + <td>CVE-2017-0487</td> + <td>A-33751193</td> + <td>High</td> + <td>All</td> + <td>6.0, 6.0.1, 7.0, 7.1.1</td> + <td>Dec 19, 2016</td> + </tr> + <tr> + <td>CVE-2017-0488</td> + <td>A-34097213</td> + <td>High</td> + <td>All</td> + <td>6.0, 6.0.1, 7.0, 7.1.1</td> + <td>Google internal</td> + </tr> +</table> + + +<h3 id="update:-dos-in-mediaserver">Update: Denial of service vulnerability in +Mediaserver</h3> +<p>A denial of service vulnerability in Mediaserver could enable an attacker to +use a specially crafted file to cause a device hang or reboot. This issue is +rated as High due to the possibility of remote denial of service.</p> + +<table> + <col width="18%"> + <col width="17%"> + <col width="10%"> + <col width="19%"> + <col width="18%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Updated AOSP versions</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2017-0390</td> + <td>A-31647370</td> + <td>High</td> + <td>All</td> + <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> + <td>Sep 19, 2016</td> + </tr> +</table> + + +<h3 id="update:-dos-in-mediaserver-2">Update: Denial of service vulnerability +in Mediaserver</h3> +<p>A denial of service vulnerability in Mediaserver could enable an attacker to +use a specially crafted file to cause a device hang or reboot. This issue is +rated as High due to the possibility of remote denial of service.</p> + +<table> + <col width="18%"> + <col width="17%"> + <col width="10%"> + <col width="19%"> + <col width="18%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Updated AOSP versions</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2017-0392</td> + <td>A-32577290</td> + <td>High</td> + <td>All</td> + <td>7.0, 7.1.1</td> + <td>Oct 29, 2016</td> + </tr> +</table> + + +<h3 id="eop-in-location-manager">Elevation of privilege vulnerability in +Location Manager</h3> +<p>An elevation of privilege vulnerability in Location Manager could enable a +local malicious application to bypass operating system protections for location +data. This issue is rated as Moderate because it could be used to generate +inaccurate data.</p> + +<table> + <col width="18%"> + <col width="17%"> + <col width="10%"> + <col width="19%"> + <col width="18%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Updated AOSP versions</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2017-0489</td> + <td>A-33091107</td> + <td>Moderate</td> + <td>All</td> + <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> + <td>Nov 20, 2016</td> + </tr> +</table> + + +<h3 id="eop-in-wi-fi">Elevation of privilege vulnerability in Wi-Fi</h3> +<p>An elevation of privilege vulnerability in Wi-Fi could enable a local malicious +application to delete user data. This issue is rated as Moderate because it is +a local bypass of user interaction requirements that would normally require +either user initiation or user permission. </p> + +<table> + <col width="18%"> + <col width="17%"> + <col width="10%"> + <col width="19%"> + <col width="18%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Updated AOSP versions</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2017-0490</td> + <td>A-33178389</td> + <td>Moderate</td> + <td>All</td> + <td>6.0, 6.0.1, 7.0, 7.1.1</td> + <td>Nov 25, 2016</td> + </tr> +</table> + + +<h3 id="eop-in-package-manager">Elevation of privilege vulnerability in Package +Manager</h3> +<p>An elevation of privilege vulnerability in Package Manager could enable a local +malicious application to prevent users from uninstalling applications or +removing permissions from applications. This issue is rated as Moderate because +it is a local bypass of user interaction requirements.</p> + +<table> + <col width="18%"> + <col width="17%"> + <col width="10%"> + <col width="19%"> + <col width="18%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Updated AOSP versions</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2017-0491</td> + <td>A-32553261</td> + <td>Moderate</td> + <td>All</td> + <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> + <td>Google internal</td> + </tr> +</table> + + +<h3 id="eop-in-system-ui">Elevation of privilege vulnerability in System +UI</h3> +<p>An elevation of privilege vulnerability in the System UI could enable a local +malicious application to create a UI overlay covering the entire screen. This +issue is rated as Moderate because it is a local bypass of user interaction +requirements that would normally require either user initiation or user +permission.</p> + +<table> + <col width="18%"> + <col width="17%"> + <col width="10%"> + <col width="19%"> + <col width="18%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Updated AOSP versions</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2017-0492</td> + <td>A-30150688</td> + <td>Moderate</td> + <td>All</td> + <td>7.1.1</td> + <td>Google internal</td> + </tr> +</table> + + +<h3 id="id-in-aosp-messaging">Information disclosure vulnerability in AOSP +Messaging</h3> +<p>An information disclosure vulnerability in AOSP Messaging could enable a remote +attacker using a special crafted file to access data outside of its permission +levels. This issue is rated as Moderate because it could be used to access +sensitive data without permission.</p> + +<table> + <col width="18%"> + <col width="17%"> + <col width="10%"> + <col width="19%"> + <col width="18%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Updated AOSP versions</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2017-0494</td> + <td>A-32764144</td> + <td>Moderate</td> + <td>All</td> + <td>6.0, 6.0.1, 7.0, 7.1.1</td> + <td>Nov 9, 2016</td> + </tr> +</table> + + +<h3 id="id-in-mediaserver">Information disclosure vulnerability in +Mediaserver</h3> +<p>An information disclosure vulnerability in Mediaserver could enable a local +malicious application to access data outside of its permission levels. This +issue is rated as Moderate because it could be used to access sensitive data +without permission.</p> + +<table> + <col width="18%"> + <col width="17%"> + <col width="10%"> + <col width="19%"> + <col width="18%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Updated AOSP versions</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2017-0495</td> + <td>A-33552073</td> + <td>Moderate</td> + <td>All</td> + <td>6.0, 6.0.1, 7.0, 7.1.1</td> + <td>Dec 11, 2016</td> + </tr> +</table> + + +<h3 id="dos-in-setup-wizard">Denial of service vulnerability in Setup +Wizard</h3> +<p>A denial of service vulnerability in Setup Wizard could allow a local malicious +application to temporarily block access to an affected device. This issue is +rated as Moderate because it may require a factory reset to repair the device.</p> + +<table> + <col width="18%"> + <col width="17%"> + <col width="10%"> + <col width="19%"> + <col width="18%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Updated AOSP versions</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2017-0496</td> + <td>A-31554152*</td> + <td>Moderate</td> + <td>None*</td> + <td>5.0.2, 5.1.1, 6.0, 6.0.1</td> + <td>Sep 14, 2016</td> + </tr> +</table> +<p>* Supported Google devices on Android 7.0 or later that have installed all +available updates are not affected by this vulnerability.</p> + + +<h3 id="dos-in-mediaserver-2">Denial of service vulnerability in +Mediaserver</h3> +<p>A denial of service vulnerability in Mediaserver could enable an attacker to +use a specially crafted file to cause a device hang or reboot. This issue is +rated as Moderate because it requires an uncommon device configuration.</p> + +<table> + <col width="18%"> + <col width="17%"> + <col width="10%"> + <col width="19%"> + <col width="18%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Updated AOSP versions</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2017-0497</td> + <td>A-33300701</td> + <td>Moderate</td> + <td>All</td> + <td>7.0, 7.1.1</td> + <td>Dec 2, 2016</td> + </tr> +</table> + + +<h3 id="dos-in-setup-wizard-2">Denial of service vulnerability in Setup +Wizard</h3> +<p>A denial of service vulnerability in Setup Wizard could allow a local attacker +to require Google account sign-in after a factory reset. This issue is rated as +Moderate because it may require a factory reset to repair the device. </p> + +<table> + <col width="18%"> + <col width="17%"> + <col width="10%"> + <col width="19%"> + <col width="18%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Updated AOSP versions</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2017-0498</td> + <td>A-30352311</td> + <td>Moderate</td> + <td>All</td> + <td>5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> + <td>Google internal</td> + </tr> +</table> + + +<h3 id="dos-in-audioserver">Denial of service vulnerability in Audioserver</h3> +<p>A denial of service vulnerability in Audioserver could enable a local malicious +application to cause a device hang or reboot. This issue is rated as Low due to +the possibility of a temporary denial of service.</p> + +<table> + <col width="18%"> + <col width="17%"> + <col width="10%"> + <col width="19%"> + <col width="18%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Updated AOSP versions</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2017-0499</td> + <td>A-32095713</td> + <td>Low</td> + <td>All</td> + <td>5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> + <td>Oct 11, 2016</td> + </tr> +</table> + + +<h2 id="2017-03-05-details">2017-03-05 security patch level—Vulnerability +details</h2> +<p>In the sections below, we provide details for each of the security +vulnerabilities listed in the +<a href="#2017-03-05-summary">2017-03-05 +security patch level—Vulnerability summary</a> above. There is a description of +the issue, a severity rationale, and a table with the CVE, associated +references, severity, updated Google devices, updated AOSP versions (where +applicable), and date reported. When available, we will link the public change +that addressed the issue to the bug ID, like the AOSP change list. When multiple +changes relate to a single bug, additional references are linked to numbers +following the bug ID.</p> + + +<h3 id="eop-in-mediatek-components">Elevation of privilege vulnerability in +MediaTek components</h3> +<p>An elevation of privilege vulnerability in MediaTek components, including the +M4U driver, sound driver, touchscreen driver, GPU driver, and Command Queue +driver, could enable a local malicious application to execute arbitrary code +within the context of the kernel. This issue is rated as Critical due to the +possibility of a local permanent device compromise, which may require +reflashing the operating system to repair the device.</p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2017-0500</td> + <td>A-28429685*<br> + M-ALPS02710006</td> + <td>Critical</td> + <td>None**</td> + <td>Apr 27, 2016</td> + </tr> + <tr> + <td>CVE-2017-0501</td> + <td>A-28430015*<br> + M-ALPS02708983</td> + <td>Critical</td> + <td>None**</td> + <td>Apr 27, 2016</td> + </tr> + <tr> + <td>CVE-2017-0502</td> + <td>A-28430164*<br> + M-ALPS02710027</td> + <td>Critical</td> + <td>None**</td> + <td>Apr 27, 2016</td> + </tr> + <tr> + <td>CVE-2017-0503</td> + <td>A-28449045*<br> + M-ALPS02710075</td> + <td>Critical</td> + <td>None**</td> + <td>Apr 28, 2016</td> + </tr> + <tr> + <td>CVE-2017-0504</td> + <td>A-30074628*<br> + M-ALPS02829371</td> + <td>Critical</td> + <td>None**</td> + <td>Jul 9, 2016</td> + </tr> + <tr> + <td>CVE-2017-0505</td> + <td>A-31822282*<br> + M-ALPS02992041</td> + <td>Critical</td> + <td>None**</td> + <td>Sep 28, 2016</td> + </tr> + <tr> + <td>CVE-2017-0506</td> + <td>A-32276718*<br> + M-ALPS03006904</td> + <td>Critical</td> + <td>None**</td> + <td>Oct 18, 2016</td> + </tr> +</table> +<p>* The patch for this issue is not publicly available. The update is contained +in the latest binary drivers for Nexus devices available from the +<a href="https://developers.google.com/android/nexus/drivers"> +Google Developer site</a>.</p> +<p>** Supported Google devices on Android 7.0 or later that have installed all +available updates are not affected by this vulnerability.</p> + + +<h3 id="eop-in-nvidia-gpu-driver">Elevation of privilege vulnerability in +NVIDIA GPU driver</h3> +<p>An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a +local malicious application to execute arbitrary code within the context of the +kernel. This issue is rated as Critical due to the possibility of a local +permanent device compromise, which may require reflashing the operating system +to repair the device.</p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2017-0337</td> + <td>A-31992762*<br> + N-CVE-2017-0337</td> + <td>Critical</td> + <td>Pixel C</td> + <td>Oct 6, 2016</td> + </tr> + <tr> + <td>CVE-2017-0338</td> + <td>A-33057977*<br> + N-CVE-2017-0338</td> + <td>Critical</td> + <td>Pixel C</td> + <td>Nov 21, 2016</td> + </tr> + <tr> + <td>CVE-2017-0333</td> + <td>A-33899363*<br> + N-CVE-2017-0333</td> + <td>Critical</td> + <td>Pixel C</td> + <td>Dec 25, 2016</td> + </tr> + <tr> + <td>CVE-2017-0306</td> + <td>A-34132950*<br> + N-CVE-2017-0306</td> + <td>Critical</td> + <td>Nexus 9</td> + <td>Jan 6, 2017</td> + </tr> + <tr> + <td>CVE-2017-0335</td> + <td>A-33043375*<br> + N-CVE-2017-0335</td> + <td>Critical</td> + <td>Pixel C</td> + <td>Google internal</td> + </tr> +</table> +<p>* The patch for this issue is not publicly available. The update is contained +in the latest binary drivers for Nexus devices available from the +<a href="https://developers.google.com/android/nexus/drivers"> +Google Developer site</a>.</p> + + +<h3 id="eop-in-kernel-ion-subsystem">Elevation of privilege vulnerability in +kernel ION subsystem</h3> +<p>An elevation of privilege vulnerability in the kernel ION subsystem could +enable a local malicious application to execute arbitrary code within the +context of the kernel. This issue is rated as Critical due to the possibility +of a local permanent device compromise, which may require reflashing the +operating system to repair the device.</p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2017-0507</td> + <td>A-31992382*</td> + <td>Critical</td> + <td>Android One, Nexus 5X, Nexus 6, Nexus 6P, Nexus 9, Nexus Player, Pixel +C, Pixel, Pixel XL</td> + <td>Oct 6, 2016</td> + </tr> + <tr> + <td>CVE-2017-0508</td> + <td>A-33940449*</td> + <td>Critical</td> + <td>Pixel C</td> + <td>Dec 28, 2016</td> + </tr> +</table> +<p>* The patch for this issue is not publicly available. The update is contained +in the latest binary drivers for Nexus devices available from the +<a href="https://developers.google.com/android/nexus/drivers"> +Google Developer site</a>.</p> + + +<h3 id="eop-in-broadcom-wi-fi-driver">Elevation of privilege vulnerability in +Broadcom Wi-Fi driver</h3> +<p>An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could +enable a local malicious application to execute arbitrary code within the +context of the kernel. This issue is rated as Critical due to the possibility +of a local permanent device compromise, which may require reflashing the +operating system to repair the device.</p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2017-0509</td> + <td>A-32124445*<br> + B-RB#110688</td> + <td>Critical</td> + <td>None**</td> + <td>Oct 12, 2016</td> + </tr> +</table> +<p>* The patch for this issue is not publicly available. The update is contained +in the latest binary drivers for Nexus devices available from the +<a href="https://developers.google.com/android/nexus/drivers"> +Google Developer site</a>.</p> +<p>** Supported Google devices on Android 7.0 or later that have installed all +available updates are not affected by this vulnerability.</p> + + +<h3 id="eop-in-kernel-fiq-debugger">Elevation of privilege vulnerability in +kernel FIQ debugger</h3> +<p>An elevation of privilege vulnerability in the kernel FIQ debugger could enable +a local malicious application to execute arbitrary code within the context of +the kernel. This issue is rated as Critical due to the possibility of a local +permanent device compromise, which may require reflashing the operating system +to repair the device.</p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2017-0510</td> + <td>A-32402555*</td> + <td>Critical</td> + <td>Nexus 9</td> + <td>Oct 25, 2016</td> + </tr> +</table> +<p>* The patch for this issue is not publicly available. The update is contained +in the latest binary drivers for Nexus devices available from the +<a href="https://developers.google.com/android/nexus/drivers"> +Google Developer site</a>.</p> + + +<h3 id="eop-in-qualcomm-gpu-driver">Elevation of privilege vulnerability in +Qualcomm GPU driver</h3> +<p>An elevation of privilege vulnerability in the Qualcomm GPU driver could enable +a local malicious application to execute arbitrary code within the context of +the kernel. This issue is rated as Critical due to the possibility of a local +permanent device compromise, which may require reflashing the operating system +to repair the device.</p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2016-8479</td> + <td>A-31824853*<br> + QC-CR#1093687</td> + <td>Critical</td> + <td>Android One, Nexus 5X, Nexus 6, Nexus 6P, Pixel, Pixel XL</td> + <td>Sep 29, 2016</td> + </tr> +</table> +<p>* The patch for this issue is not publicly available. The update is contained +in the latest binary drivers for Nexus devices available from the +<a href="https://developers.google.com/android/nexus/drivers"> +Google Developer site</a>.</p> + + +<h3 id="eop-in-kernel-networking-subsystem">Elevation of privilege +vulnerability in kernel networking subsystem</h3> +<p>An elevation of privilege vulnerability in the kernel networking subsystem +could enable a local malicious application to execute arbitrary code within the +context of the kernel. This issue is rated as Critical due to the possibility +of a local permanent device compromise, which may require reflashing the +operating system to repair the device.</p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2016-9806</td> + <td>A-33393474<br> + <a +href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=92964c79b357efd980812c4de5c1fd2ec8bb5520"> +Upstream kernel</a></td> + <td>Critical</td> + <td>Pixel C, Pixel, Pixel XL</td> + <td>Dec 4, 2016</td> + </tr> + <tr> + <td>CVE-2016-10200</td> + <td>A-33753815<br> + <a +href="https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=32c231164b762dddefa13af5a0101032c70b50ef"> +Upstream kernel</a></td> + <td>Critical</td> + <td>Nexus 5X, Nexus 6P, Pixel, Pixel XL</td> + <td>Dec 19, 2016</td> + </tr> +</table> + + +<h3 id="vulnerabilities-in-qualcomm-components">Vulnerabilities in Qualcomm +components</h3> +<p>The following vulnerability affects Qualcomm components and is described in +further detail in Qualcomm AMSS September 2016 security bulletin.</p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2016-8484</td> + <td>A-28823575**</td> + <td>Critical</td> + <td>None***</td> + <td>Qualcomm internal</td> + </tr> + <tr> + <td>CVE-2016-8485</td> + <td>A-28823681**</td> + <td>Critical</td> + <td>None***</td> + <td>Qualcomm internal</td> + </tr> + <tr> + <td>CVE-2016-8486</td> + <td>A-28823691**</td> + <td>Critical</td> + <td>None***</td> + <td>Qualcomm internal</td> + </tr> + <tr> + <td>CVE-2016-8487</td> + <td>A-28823724**</td> + <td>Critical</td> + <td>None***</td> + <td>Qualcomm internal</td> + </tr> + <tr> + <td>CVE-2016-8488</td> + <td>A-31625756**</td> + <td>Critical</td> + <td>None***</td> + <td>Qualcomm internal</td> + </tr> +</table> +<p>* The severity rating for these vulnerabilities was determined by the vendor.</p> +<p>* The patch for this issue is not publicly available. The update is contained +in the latest binary drivers for Nexus devices available from the +<a href="https://developers.google.com/android/nexus/drivers"> +Google Developer site</a>.</p> +<p>*** Supported Google devices on Android 7.0 or later that have installed all +available updates are not affected by this vulnerability.</p> + + +<h3 id="eop-in-kernel-networking-subsystem-2">Elevation of privilege +vulnerability in kernel networking subsystem</h3> +<p>An elevation of privilege vulnerability in the kernel networking subsystem +could enable a local malicious application to execute arbitrary code within the +context of the kernel. This issue is rated as High because it first requires +compromising a privileged process.</p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2016-8655</td> + <td>A-33358926<br> + <a +href="https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=84ac7260236a49c79eede91617700174c2c19b0c"> +Upstream kernel</a></td> + <td>High</td> + <td>Android One, Nexus 5X, Nexus 6, Nexus 6P, Nexus 9, Nexus Player, Pixel +C, Pixel, Pixel XL</td> + <td>Oct 12, 2016</td> + </tr> + <tr> + <td>CVE-2016-9793</td> + <td>A-33363517<br> + <a +href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=b98b0bc8c431e3ceb4b26b0dfc8db509518fb290"> +Upstream kernel</a></td> + <td>High</td> + <td>Android One, Nexus 5X, Nexus 6, Nexus 6P, Nexus 9, Nexus Player, Pixel +C, Pixel, Pixel XL</td> + <td>Dec 2, 2016</td> + </tr> +</table> + + +<h3 id="eop-in-qualcomm-input-hardware-driver">Elevation of privilege +vulnerability in Qualcomm input hardware driver</h3> +<p>An elevation of privilege vulnerability in the Qualcomm input hardware driver +could enable a local malicious application to execute arbitrary code within the +context of the kernel. This issue is rated as High because it first requires +compromising a privileged process.</p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2017-0516</td> + <td>A-32341680*<br> + QC-CR#1096301</td> + <td>High</td> + <td>Android One, Pixel, Pixel XL</td> + <td>Oct 21, 2016</td> + </tr> +</table> +<p>* The patch for this issue is not publicly available. The update is contained +in the latest binary drivers for Nexus devices available from the +<a href="https://developers.google.com/android/nexus/drivers"> +Google Developer site</a>.</p> + + +<h3 id="eop-in-mediatek-hardware-sensor-driver">Elevation of privilege +vulnerability in MediaTek Hardware Sensor Driver</h3> +<p>An elevation of privilege vulnerability in the MediaTek hardware sensor driver +could enable a local malicious application to execute arbitrary code within the +context of the kernel. This issue is rated as High because it first requires +compromising a privileged process.</p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2017-0517</td> + <td>A-32372051*<br> + M-ALPS02973195</td> + <td>High</td> + <td>None**</td> + <td>Oct 22, 2016</td> + </tr> +</table> +<p>* The patch for this issue is not publicly available. The update is contained +in the latest binary drivers for Nexus devices available from the +<a href="https://developers.google.com/android/nexus/drivers"> +Google Developer site</a>.</p> +<p>** Supported Google devices on Android 7.0 or later that have installed all +available updates are not affected by this vulnerability.</p> + + +<h3 id="eop-in-qualcomm-adsprpc-driver">Elevation of privilege vulnerability in +Qualcomm ADSPRPC driver</h3> +<p>An elevation of privilege vulnerability in the Qualcomm ADSPRPC driver could +enable a local malicious application to execute arbitrary code within the +context of the kernel. This issue is rated as High because it first requires +compromising a privileged process.</p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2017-0457</td> + <td>A-31695439*<br> + QC-CR#1086123<br> + QC-CR#1100695</td> + <td>High</td> + <td>Nexus 5X, Nexus 6P, Pixel, Pixel XL</td> + <td>Sep 22, 2016</td> + </tr> +</table> +<p>* The patch for this issue is not publicly available. The update is contained +in the latest binary drivers for Nexus devices available from the +<a href="https://developers.google.com/android/nexus/drivers"> +Google Developer site</a>.</p> + + +<h3 id="eop-in-qualcomm-fingerprint-sensor-driver">Elevation of privilege +vulnerability in Qualcomm fingerprint sensor driver</h3> +<p>An elevation of privilege vulnerability in the Qualcomm fingerprint sensor +driver could enable a local malicious application to execute arbitrary code +within the context of the kernel. This issue is rated as High because it first +requires compromising a privileged process.</p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2017-0518</td> + <td>A-32370896*<br> + QC-CR#1086530</td> + <td>High</td> + <td>Pixel, Pixel XL</td> + <td>Oct 24, 2016</td> + </tr> + <tr> + <td>CVE-2017-0519</td> + <td>A-32372915*<br> + QC-CR#1086530</td> + <td>High</td> + <td>Pixel, Pixel XL</td> + <td>Oct 24, 2016</td> + </tr> +</table> +<p>* The patch for this issue is not publicly available. The update is contained +in the latest binary drivers for Nexus devices available from the +<a href="https://developers.google.com/android/nexus/drivers"> +Google Developer site</a>.</p> + + +<h3 id="eop-in-qualcomm-crypto-engine-driver">Elevation of privilege +vulnerability in Qualcomm crypto engine driver</h3> +<p>An elevation of privilege vulnerability in the Qualcomm crypto engine driver +could enable a local malicious application to execute arbitrary code within the +context of the kernel. This issue is rated as High because it first requires +compromising a privileged process.</p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2017-0520</td> + <td>A-31750232<br> + <a +href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=eb2aad752c43f57e88ab9b0c3c5ee7b976ee31dd"> +QC-CR#1082636</a></td> + <td>High</td> + <td>Nexus 5X, Nexus 6, Nexus 6P, Android One, Pixel, Pixel XL</td> + <td>Sep 24, 2016</td> + </tr> +</table> + + +<h3 id="eop-in-qualcomm-camera-driver">Elevation of privilege vulnerability in +Qualcomm camera driver</h3> +<p>An elevation of privilege vulnerability in the Qualcomm camera driver could +enable a local malicious application to execute arbitrary code within the +context of the kernel. This issue is rated as High because it first requires +compromising a privileged process.</p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2017-0458</td> + <td>A-32588962<br> + <a +href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=eba46cb98431ba1d7a6bd859f26f6ad03f1bf4d4"> +QC-CR#1089433</a></td> + <td>High</td> + <td>Pixel, Pixel XL</td> + <td>Oct 31, 2016</td> + </tr> + <tr> + <td>CVE-2017-0521</td> + <td>A-32919951<br> + <a +href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=dbe4f26f200db10deaf38676b96d8738afcc10c8"> +QC-CR#1097709</a></td> + <td>High</td> + <td>Nexus 5X, Nexus 6P, Android One, Pixel, Pixel XL</td> + <td>Nov 15, 2016</td> + </tr> +</table> + + +<h3 id="eop-in-mediatek-apk">Elevation of privilege vulnerability in MediaTek +APK</h3> +<p>An elevation of privilege vulnerability in a MediaTek APK could enable a local +malicious application to execute arbitrary code within the context of a +privileged process. This issue is rated as High due to the possibility of local +arbitrary code execution in a privileged process.</p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2017-0522</td> + <td>A-32916158*<br> + M-ALPS03032516</td> + <td>High</td> + <td>None**</td> + <td>Nov 15, 2016</td> + </tr> +</table> +<p>* The patch for this issue is not publicly available. The update is contained +in the latest binary drivers for Nexus devices available from the +<a href="https://developers.google.com/android/nexus/drivers"> +Google Developer site</a>.</p> +<p>** Supported Google devices on Android 7.0 or later that have installed all +available updates are not affected by this vulnerability.</p> + + +<h3 id="eop-in-qualcomm-wi-fi-driver">Elevation of privilege vulnerability in +Qualcomm Wi-Fi driver</h3> +<p>An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could +enable a local malicious application to execute arbitrary code within the +context of the kernel. This issue is rated as High because it first requires +compromising a privileged process.</p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2017-0464</td> + <td>A-32940193<br> + <a +href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=051597a4fe19fd1292fb7ea2e627d12d1fd2934f"> +QC-CR#1102593</a></td> + <td>High</td> + <td>Nexus 5X, Pixel, Pixel XL</td> + <td>Nov 15, 2016</td> + </tr> + <tr> + <td>CVE-2017-0453</td> + <td>A-33979145<br> + <a +href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=05af1f34723939f477cb7d25adb320d016d68513"> +QC-CR#1105085</a></td> + <td>High</td> + <td>Nexus 5X, Android One</td> + <td>Dec 30, 2016</td> + </tr> + <tr> + <td>CVE-2017-0523</td> + <td>A-32835279<br> + <a +href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=5bb646471da76d3d5cd02cf3da7a03ce6e3cb582"> +QC-CR#1096945</a></td> + <td>High</td> + <td>None*</td> + <td>Google internal</td> + </tr> +</table> +<p>* Supported Google devices on Android 7.0 or later that have installed all +available updates are not affected by this vulnerability.</p> + + +<h3 id="eop-in-synaptics-touchscreen-driver">Elevation of privilege +vulnerability in Synaptics touchscreen driver</h3> +<p>An elevation of privilege vulnerability in the Synaptics touchscreen driver +could enable a local malicious application to execute arbitrary code within the +context of the kernel. This issue is rated as High because it first requires +compromising a privileged process.</p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2017-0524</td> + <td>A-33002026</td> + <td>High</td> + <td>Android One, Nexus 5X, Nexus 6P, Nexus 9, Pixel, Pixel XL</td> + <td>Nov 18, 2016</td> + </tr> +</table> +<p>* The patch for this issue is not publicly available. The update is contained +in the latest binary drivers for Nexus devices available from the +<a href="https://developers.google.com/android/nexus/drivers"> +Google Developer site</a>.</p> + + +<h3 id="eop-in-qualcomm-ipa-driver">Elevation of privilege vulnerability in +Qualcomm IPA driver</h3> +<p>An elevation of privilege vulnerability in the Qualcomm IPA driver could enable +a local malicious application to execute arbitrary code within the context of +the kernel. This issue is rated as High because it first requires compromising +a privileged process.</p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2017-0456</td> + <td>A-33106520*<br> + QC-CR#1099598</td> + <td>High</td> + <td>Nexus 5X, Nexus 6P, Android One, Pixel, Pixel XL</td> + <td>Nov 23, 2016</td> + </tr> + <tr> + <td>CVE-2017-0525</td> + <td>A-33139056*<br> + QC-CR#1097714</td> + <td>High</td> + <td>Nexus 5X, Nexus 6P, Android One, Pixel, Pixel XL</td> + <td>Nov 25, 2016</td> + </tr> +</table> +<p>* The patch for this issue is not publicly available. The update is contained +in the latest binary drivers for Nexus devices available from the +<a href="https://developers.google.com/android/nexus/drivers"> +Google Developer site</a>.</p> + + +<h3 id="eop-in-htc-sensor-hub-driver">Elevation of privilege vulnerability in +HTC Sensor Hub Driver</h3> +<p>An elevation of privilege vulnerability in the HTC Sensor Hub Driver could +enable a local malicious application to execute arbitrary code within the +context of the kernel. This issue is rated as High because it first requires +compromising a privileged process.</p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2017-0526</td> + <td>A-33897738*</td> + <td>High</td> + <td>Nexus 9</td> + <td>Dec 25, 2016</td> + </tr> + <tr> + <td>CVE-2017-0527</td> + <td>A-33899318*</td> + <td>High</td> + <td>Nexus 9, Pixel, Pixel XL</td> + <td>Dec 25, 2016</td> + </tr> +</table> +<p>* The patch for this issue is not publicly available. The update is contained +in the latest binary drivers for Nexus devices available from the +<a href="https://developers.google.com/android/nexus/drivers"> +Google Developer site</a>.</p> + + +<h3 id="eop-in-nvidia-gpu-driver-2">Elevation of privilege vulnerability in +NVIDIA GPU driver</h3> +<p>An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a +local malicious application to execute arbitrary code within the context of the +kernel. This issue is rated as Critical due to the possibility of a local +permanent device compromise, which may require reflashing the operating system +to repair the device.</p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2017-0307</td> + <td>A-33177895*<br> + N-CVE-2017-0307</td> + <td>High</td> + <td>None**</td> + <td>Nov 28, 2016</td> + </tr> +</table> +<p>* The patch for this issue is not publicly available. The update is contained +in the latest binary drivers for Nexus devices available from the +<a href="https://developers.google.com/android/nexus/drivers"> +Google Developer site</a>.</p> +<p>** Supported Google devices on Android 7.0 or later that have installed all +available updates are not affected by this vulnerability.</p> + + +<h3 id="eop-in-qualcomm-networking-driver">Elevation of privilege vulnerability +in Qualcomm networking driver</h3> +<p>An elevation of privilege vulnerability in the Qualcomm networking driver could +enable a local malicious application to execute arbitrary code within the +context of the kernel. This issue is rated as High because it first requires +compromising a privileged process.</p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2017-0463</td> + <td>A-33277611<br> + <a +href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=955bd7e7ac097bdffbadafab90e5378038fefeb2"> +QC-CR#1101792</a></td> + <td>High</td> + <td>Nexus 5X, Nexus 6, Nexus 6P, Android One, Pixel, Pixel XL</td> + <td>Nov 30, 2016</td> + </tr> + <tr> + <td>CVE-2017-0460 </td> + <td>A-31252965*<br> + QC-CR#1098801</td> + <td>High</td> + <td>Nexus 5X, Nexus 6, Nexus 6P, Nexus 9, Android One, Pixel, Pixel XL</td> + <td>Google internal</td> + </tr> +</table> +<p>* The patch for this issue is not publicly available. The update is contained +in the latest binary drivers for Nexus devices available from the +<a href="https://developers.google.com/android/nexus/drivers"> +Google Developer site</a>.</p> + + +<h3 id="eop-in-kernel-security-subsystem">Elevation of privilege vulnerability +in kernel security subsystem</h3> +<p>An elevation of privilege vulnerability in the kernel security subsystem could +enable a local malicious application to to execute code in the context of a +privileged process. This issue is rated as High because it is a general bypass +for a kernel level defense in depth or exploit mitigation technology.</p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2017-0528</td> + <td>A-33351919*</td> + <td>High</td> + <td>Pixel, Pixel XL</td> + <td>Dec 4, 2016</td> + </tr> +</table> +<p>* The patch for this issue is not publicly available. The update is contained +in the latest binary drivers for Nexus devices available from the +<a href="https://developers.google.com/android/nexus/drivers"> +Google Developer site</a>.</p> + + +<h3 id="eop-in-qualcomm-spcom-driver">Elevation of privilege vulnerability in +Qualcomm SPCom driver</h3> +<p>An elevation of privilege vulnerability in the Qualcomm SPCom driver could +enable a local malicious application to execute arbitrary code within the +context of the kernel. This issue is rated as High because it first requires +compromising a privileged process.</p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2016-5856</td> + <td>A-32610665<br> + <a +href="https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=0c0622914ba53cdcb6e79e85f64bfdf7762c0368"> +QC-CR#1094078</a></td> + <td>High</td> + <td>None*</td> + <td>Google internal</td> + </tr> + <tr> + <td>CVE-2016-5857</td> + <td>A-34386529<br> + <a +href="https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=d9d2c405d46ca27b25ed55a8dbd02bd1e633e2d5"> +QC-CR#1094140</a></td> + <td>High</td> + <td>None*</td> + <td>Google internal</td> + </tr> +</table> +<p>* Supported Google devices on Android 7.0 or later that have installed all +available updates are not affected by this vulnerability.</p> + + +<h3 id="id-in-kernel-networking-subsystem">Information disclosure vulnerability +in kernel networking subsystem</h3> +<p>An information disclosure vulnerability in the kernel networking subsystem +could enable a local proximate attacker to gain access to sensitive +information. This issue is rated as High because it could be used to access +data without permission.</p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2014-8709</td> + <td>A-34077221<br> + <a +href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=338f977f4eb441e69bb9a46eaa0ac715c931a67f"> +Upstream kernel</a></td> + <td>High</td> + <td>Nexus Player</td> + <td>Nov 9, 2014</td> + </tr> +</table> + + +<h3 id="id-in-mediatek-driver">Information disclosure vulnerability in MediaTek +driver</h3> +<p>An information disclosure vulnerability in the MediaTek driver could enable a +local malicious application to access data outside of its permission levels. +This issue is rated as High because it could be used to access sensitive data +without explicit user permission.</p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2017-0529</td> + <td>A-28449427*<br> + M-ALPS02710042</td> + <td>High</td> + <td>None**</td> + <td>Apr 27, 2016</td> + </tr> +</table> +<p>* The patch for this issue is not publicly available. The update is contained +in the latest binary drivers for Nexus devices available from the +<a href="https://developers.google.com/android/nexus/drivers"> +Google Developer site</a>.</p> +<p>** Supported Google devices on Android 7.0 or later that have installed all +available updates are not affected by this vulnerability.</p> + + +<h3 id="id-in-qualcomm-bootloader">Information disclosure vulnerability in +Qualcomm bootloader</h3> +<p>An information disclosure vulnerability in the Qualcomm bootloader could help +to enable a local malicious application to to execute arbitrary code within the +context of the bootloader. This issue is rated as High because it is a general +bypass for a bootloader level defense in depth or exploit mitigation +technology.</p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2017-0455</td> + <td>A-32370952<br> + <a +href="https://source.codeaurora.org/quic/la/kernel/lk/commit/?id=2c00928b4884fdb0b1661bcc530d7e68c9561a2f"> +QC-CR#1082755</a></td> + <td>High</td> + <td>Pixel, Pixel XL</td> + <td>Oct 21, 2016</td> + </tr> +</table> + + +<h3 id="id-in-qualcomm-power-driver">Information disclosure vulnerability in +Qualcomm power driver</h3> +<p>An information disclosure vulnerability in the Qualcomm power driver could +enable a local malicious application to access data outside of its permission +levels. This issue is rated as High because it could be used to access +sensitive data without explicit user permission.</p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2016-8483</td> + <td>A-33745862<br> + <a +href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=6997dcb7ade1315474855821e64782205cb0b53a"> +QC-CR#1035099</a></td> + <td>High</td> + <td>Nexus 5X, Nexus 6P</td> + <td>Dec 19, 2016</td> + </tr> +</table> + + +<h3 id="id-in-nvidia-gpu-driver">Information disclosure vulnerability in NVIDIA +GPU driver</h3> +<p>An information disclosure vulnerability in the NVIDIA GPU driver could enable a +local malicious application to access data outside of its permission levels. +This issue is rated as High because it could be used to access sensitive data +without explicit user permission.</p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2017-0334</td> + <td>A-33245849*<br> + N-CVE-2017-0334</td> + <td>High</td> + <td>Pixel C</td> + <td>Nov 30, 2016</td> + </tr> + <tr> + <td>CVE-2017-0336</td> + <td>A-33042679*<br> + N-CVE-2017-0336</td> + <td>High</td> + <td>Pixel C</td> + <td>Google internal</td> + </tr> +</table> +<p>* The patch for this issue is not publicly available. The update is contained +in the latest binary drivers for Nexus devices available from the +<a href="https://developers.google.com/android/nexus/drivers"> +Google Developer site</a>.</p> + + +<h3 id="dos-in-kernel-cryptographic-subsystem">Denial of service vulnerability +in kernel cryptographic subsystem</h3> +<p>A denial of service vulnerability in the kernel cryptographic subsystem could +enable a remote attacker to use a specially crafted network packet to cause a +device hang or reboot. This issue is rated as High due to the possibility of +remote denial of service.</p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2016-8650</td> + <td>A-33401771<br> + <a +href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f5527fffff3f002b0a6b376163613b82f69de073"> +Upstream kernel</a></td> + <td>High</td> + <td>Nexus 5X, Nexus 6P, Pixel, Pixel XL</td> + <td>Oct 12, 2016</td> + </tr> +</table> + + +<h3 id="eop-in-qualcomm-camera-driver-(device-specific)">Elevation of privilege +vulnerability in Qualcomm camera driver (device specific)</h3> +<p>An elevation of privilege vulnerability in the Qualcomm camera driver could +enable a local malicious application to execute arbitrary code within the +context of the kernel. This issue is rated as Moderate because it first +requires compromising a privileged process and is mitigated by current platform +configurations.</p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2016-8417</td> + <td>A-32342399<br> + <a +href="https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=01dcc0a7cc23f23a89adf72393d5a27c6d576cd0"> +QC-CR#1088824</a></td> + <td>Moderate</td> + <td>Nexus 5X, Nexus 6, Nexus 6P, Android One, Pixel, Pixel XL</td> + <td>Oct 21, 2016</td> + </tr> +</table> + + +<h3 id="id-in-qualcomm-wi-fi-driver">Information disclosure vulnerability in +Qualcomm Wi-Fi driver</h3> +<p>An information disclosure vulnerability in the Qualcomm Wi-Fi driver could +enable a local malicious application to access data outside of its permission +levels. This issue is rated as Moderate because it first requires compromising +a privileged process.</p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2017-0461</td> + <td>A-32073794<br> + <a +href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=ce5d6f84420a2e6ca6aad6b866992970dd313a65"> +QC-CR#1100132</a></td> + <td>Moderate</td> + <td>Android One, Nexus 5X, Pixel, Pixel XL</td> + <td>Oct 9, 2016</td> + </tr> + <tr> + <td>CVE-2017-0459</td> + <td>A-32644895<br> + <a +href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?h=rel/msm-3.18&id=ffacf6e2dc41b6063c3564791ed7a2f903e7e3b7"> +QC-CR#1091939</a></td> + <td>Moderate</td> + <td>Pixel, Pixel XL</td> + <td>Nov 3, 2016</td> + </tr> + <tr> + <td>CVE-2017-0531</td> + <td>A-32877245<br> + <a +href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=530f3a0fd837ed105eddaf99810bc13d97dc4302"> +QC-CR#1087469</a></td> + <td>Moderate</td> + <td>Android One, Nexus 5X, Nexus 6P, Pixel, Pixel XL</td> + <td>Nov 13, 2016</td> + </tr> +</table> + + +<h3 id="id-in-mediatek-video-codec-driver">Information disclosure vulnerability +in MediaTek video codec driver</h3> +<p>An information disclosure vulnerability in the MediaTek video codec driver +could enable a local malicious application to access data outside of its +permission levels. This issue is rated as Moderate because it first requires +compromising a privileged process.</p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2017-0532</td> + <td>A-32370398*<br> + M-ALPS03069985</td> + <td>Moderate</td> + <td>None**</td> + <td>Oct 22, 2016</td> + </tr> +</table> +<p>* The patch for this issue is not publicly available. The update is contained +in the latest binary drivers for Nexus devices available from the +<a href="https://developers.google.com/android/nexus/drivers"> +Google Developer site</a>.</p> +<p>** Supported Google devices on Android 7.0 or later that have installed all +available updates are not affected by this vulnerability.</p> + + +<h3 id="id-in-qualcomm-video-driver">Information disclosure vulnerability in +Qualcomm video driver</h3> +<p>An information disclosure vulnerability in the Qualcomm video driver could +enable a local malicious application to access data outside of its permission +levels. This issue is rated as Moderate because it first requires compromising +a privileged process.</p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2017-0533</td> + <td>A-32509422<br> + <a +href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=e3af5e89426f1c8d4e703d415eff5435b925649f"> +QC-CR#1088206</a></td> + <td>Moderate</td> + <td>Pixel, Pixel XL</td> + <td>Oct 27, 2016</td> + </tr> + <tr> + <td>CVE-2017-0534</td> + <td>A-32508732<br> + <a +href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=e3af5e89426f1c8d4e703d415eff5435b925649f"> +QC-CR#1088206</a></td> + <td>Moderate</td> + <td>Pixel, Pixel XL</td> + <td>Oct 28, 2016</td> + </tr> + <tr> + <td>CVE-2016-8416</td> + <td>A-32510746<br> + <a +href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=e3af5e89426f1c8d4e703d415eff5435b925649f"> +QC-CR#1088206</a></td> + <td>Moderate</td> + <td>Pixel, Pixel XL</td> + <td>Oct 28, 2016</td> + </tr> + <tr> + <td>CVE-2016-8478</td> + <td>A-32511270<br> + <a +href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=e3af5e89426f1c8d4e703d415eff5435b925649f"> +QC-CR#1088206</a></td> + <td>Moderate</td> + <td>Pixel, Pixel XL</td> + <td>Oct 28, 2016</td> + </tr> +</table> + + +<h3 id="id-in-qualcomm-camera-driver">Information disclosure vulnerability in +Qualcomm camera driver</h3> +<p>An information disclosure vulnerability in the Qualcomm camera driver could +enable a local malicious application to access data outside of its permission +levels. This issue is rated as Moderate because it first requires compromising +a privileged process.</p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2016-8413</td> + <td>A-32709702<br> + <a +href="https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=bc77232707df371ff6bab9350ae39676535c0e9d"> +QC-CR#518731</a></td> + <td>Moderate</td> + <td>Nexus 5X, Nexus 6, Nexus 6P, Android One, Pixel, Pixel XL</td> + <td>Nov 4, 2016</td> + </tr> + <tr> + <td>CVE-2016-8477</td> + <td>A-32720522<br> + <a +href="https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=33c9042e38506b04461fa99e304482bc20923508"> +QC-CR#1090007</a> +[<a href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=96145eb5f0631f0e105d47abebc8f940f7621eeb">2</a>]</td> + <td>Moderate</td> + <td>Nexus 5X, Nexus 6, Nexus 6P, Android One, Pixel, Pixel XL</td> + <td>Nov 7, 2016</td> + </tr> +</table> + + +<h3 id="id-in-htc-sound-codec-driver">Information disclosure vulnerability in +HTC sound codec driver</h3> +<p>An information disclosure vulnerability in the HTC sound codec driver could +enable a local malicious application to access data outside of its permission +levels. This issue is rated as Moderate because it first requires compromising +a privileged process.</p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2017-0535</td> + <td>A-33547247*</td> + <td>Moderate</td> + <td>Nexus 9</td> + <td>Dec 11, 2016</td> + </tr> +</table> +<p>* The patch for this issue is not publicly available. The update is contained +in the latest binary drivers for Nexus devices available from the +<a href="https://developers.google.com/android/nexus/drivers"> +Google Developer site</a>.</p> + + +<h3 id="id-in-synaptics-touchscreen-driver">Information disclosure +vulnerability in Synaptics touchscreen driver</h3> +<p>An information disclosure vulnerability in the Synaptics touchscreen driver +could enable a local malicious application to access data outside of its +permission levels. This issue is rated as Moderate because it first requires +compromising a privileged process.</p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2017-0536</td> + <td>A-33555878*</td> + <td>Moderate</td> + <td>Android One, Nexus 5X, Nexus 6P, Nexus 9, Pixel, Pixel XL</td> + <td>Dec 12, 2016</td> + </tr> +</table> +<p>* The patch for this issue is not publicly available. The update is contained +in the latest binary drivers for Nexus devices available from the +<a href="https://developers.google.com/android/nexus/drivers"> +Google Developer site</a>.</p> + + +<h3 id="id-in-kernel-usb-gadget-driver">Information disclosure vulnerability in +kernel USB gadget driver</h3> +<p>An information disclosure vulnerability in the kernel USB gadget driver could +enable a local malicious application to access data outside of its permission +levels. This issue is rated as Moderate because it first requires compromising +a privileged process.</p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2017-0537</td> + <td>A-31614969*</td> + <td>Moderate</td> + <td>Pixel C</td> + <td>Google internal</td> + </tr> +</table> +<p>* The patch for this issue is not publicly available. The update is contained +in the latest binary drivers for Nexus devices available from the +<a href="https://developers.google.com/android/nexus/drivers"> +Google Developer site</a>.</p> + + +<h3 id="id-in-qualcomm-camera-driver-2">Information disclosure vulnerability in +Qualcomm camera driver</h3> +<p>An information disclosure vulnerability in the Qualcomm camera driver could +enable a local malicious application to access data outside of its permission +levels. This issue is rated as Low because it first requires compromising a +privileged process.</p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2017-0452</td> + <td>A-32873615*<br> + QC-CR#1093693</td> + <td>Low</td> + <td>Nexus 5X, Nexus 6P, Android One</td> + <td>Nov 10, 2016</td> + </tr> +</table> +<p>* The patch for this issue is not publicly available. The update is contained +in the latest binary drivers for Nexus devices available from the +<a href="https://developers.google.com/android/nexus/drivers"> +Google Developer site</a>.</p> +<h2 id="common-questions-and-answers">Common Questions and Answers</h2> +<p>This section answers common questions that may occur after reading this +bulletin.</p> +<p><strong>1. How do I determine if my device is updated to address these issues? +</strong></p> +<p>To learn how to check a device's security patch level, read the instructions on +the <a +href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">Pixel +and Nexus update schedule</a>.</p> +<ul> +<li>Security patch levels of 2017-03-01 or later address all issues associated +with the 2017-03-01 security patch level.</li> +<li>Security patch levels of 2017-03-05 or later address all issues associated +with the 2017-03-05 security patch level and all previous patch levels. +</li> +</ul> +<p>Device manufacturers that include these updates should set the patch string +level to:</p> +<ul> +<li>[ro.build.version.security_patch]:[2017-03-01]</li> +<li>[ro.build.version.security_patch]:[2017-03-05]</li> +</ul> +<p><strong>2. Why does this bulletin have two security patch levels?</strong></p> +<p>This bulletin has two security patch levels so that Android partners have the +flexibility to fix a subset of vulnerabilities that are similar across all +Android devices more quickly. Android partners are encouraged to fix all issues +in this bulletin and use the latest security patch level.</p> +<ul> +<li>Devices that use the March 1, 2017 security patch level must include all +issues associated with that security patch level, as well as fixes for all +issues reported in previous security bulletins.</li> +<li>Devices that use the security patch level of March 5, 2017 or newer must +include all applicable patches in this (and previous) security +bulletins.</li> +</ul> +<p>Partners are encouraged to bundle the fixes for all issues they are addressing +in a single update.</p> +<p><strong>3. How do I determine which Google devices are affected by each +issue?</strong></p> +<p>In the <a href="#2017-03-01-details">2017-03-01</a> and +<a href="#2017-03-05-details">2017-03-05</a> +security vulnerability details sections, each table has an <em>Updated Google +devices</em> column that covers the range of affected Google devices updated for +each issue. This column has a few options:</p> +<ul> +<li><strong>All Google devices</strong>: If an issue affects All and Pixel +devices, the table will have "All" in the <em>Updated Google devices</em> +column. "All" encapsulates the following <a +href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">supported +devices</a>: Nexus 5X, Nexus 6, Nexus 6P, Nexus 7 (2013), Nexus 9, Android One, +Nexus Player, Pixel C, Pixel, and Pixel XL.</li> +<li><strong>Some Google devices</strong>: If an issue doesn't affect all Google +devices, the affected Google devices are listed in the <em>Updated Google +devices</em> column.</li> +<li><strong>No Google devices</strong>: If no Google devices running Android 7.0 +are affected by the issue, the table will have "None" in the <em>Updated Google +devices</em> column. </li> +</ul> +<p><strong>4. What do the entries in the references column map to?</strong></p> +<p>Entries under the <em>References</em> column of the vulnerability details table +may contain a prefix identifying the organization to which the reference value +belongs. These prefixes map as follows:</p> +<table> + <tr> + <th>Prefix</th> + <th>Reference</th> + </tr> + <tr> + <td>A-</td> + <td>Android bug ID</td> + </tr> + <tr> + <td>QC-</td> + <td>Qualcomm reference number</td> + </tr> + <tr> + <td>M-</td> + <td>MediaTek reference number</td> + </tr> + <tr> + <td>N-</td> + <td>NVIDIA reference number</td> + </tr> + <tr> + <td>B-</td> + <td>Broadcom reference number</td> + </tr> +</table> +<h2 id="revisions">Revisions</h2> +<ul> +<li>March 06, 2017: Bulletin published.</li> +</ul> + diff --git a/src/security/bulletin/index.jd b/src/security/bulletin/index.jd index 93f4f903..7ec2603e 100644 --- a/src/security/bulletin/index.jd +++ b/src/security/bulletin/index.jd @@ -76,6 +76,14 @@ Android Open Source Project (AOSP), the upstream Linux kernel, and system-on-chi <th>Security Patch Level</th> </tr> <tr> + <td><a href="2017-03-01.html">March 2017</a></td> + <td>Coming soon + </td> + <td>March 6, 2017</td> + <td>2017-03-01<br> + 2017-03-05</td> + </tr> + <tr> <td><a href="2017-02-01.html">February 2017</a></td> <td>Coming soon </td> diff --git a/src/security/overview/acknowledgements.jd b/src/security/overview/acknowledgements.jd index 3ddbd62f..00623b0f 100644 --- a/src/security/overview/acknowledgements.jd +++ b/src/security/overview/acknowledgements.jd @@ -38,13 +38,26 @@ Rewards</a> program.</p> <h2 id="2017">2017</h2> <div style="LINE-HEIGHT:25px;"> +<p>Alexander Potapenko of Google Dynamic Tools team</p> + <p>Alexandru Blanda</p> +<p>Baozeng Ding of Alibaba Mobile Security Group</p> + <p>Ben Actis (<a href="https://twitter.com/ben_ra">@Ben_RA</a>)</p> +<p>Billy Lau of Android Security</p> + +<p>Chenfu Bao (包沉浮) of Baidu X-Lab (百度安全实验室)</p> + +<p>Chengming Yang of Alibaba Mobile Security Group</p> + <p>Chiachih Wu (<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>) of <a href="http://c0reteam.org">C0RE Team</a></p> +<p><a href="mailto:shaodacheng2016@gmail.com">Dacheng Shao</a> +of <a href="http://c0reteam.org">C0RE Team</a></p> + <p>Daniel Dakhno</p> <p>Daniel Micay of Copperhead Security</p> @@ -65,6 +78,8 @@ of <a href="http://c0reteam.org">C0RE Team</a></p> <p>En He (<a href="http://twitter.com/heeeeen4x">@heeeeen4x</a>) of <a href="http://www.ms509.com">MS509Team</a></p> +<p>Fang Chen of Sony Mobile Communications Inc.</p> + <p>Frank Liberato of Chrome</p> <p>Gal Beniamini of Project Zero</p> @@ -77,11 +92,15 @@ of <a href="http://c0reteam.org">C0RE Team</a></p> <p>Guang Gong (龚广) (<a href="http://twitter.com/oldfresher">@oldfresher</a>) of Alpha Team, <a href="http://www.360.com">Qihoo 360 Technology Co. Ltd.</a></p> +<p>Guangdong Bai of Singapore Institute of Technology (SIT)</p> + <p><a href="mailto:arnow117@gmail.com">Hanxiang Wen</a> of <a href="http://c0reteam.org">C0RE Team</a></p> <p>Hao Chen of Alpha Team, Qihoo 360 Technology Co. Ltd.</p> +<p>Hiroki Yamamoto of Sony Mobile Communications Inc.</p> + <p><a href="mailto:hlhan@bupt.edu.cn">Hongli Han</a> of <a href="http://c0reteam.org">C0RE Team</a></p> @@ -89,6 +108,9 @@ of <a href="http://c0reteam.org">C0RE Team</a></p> <p>Jeff Trim</p> +<p>Jianjun Dai (<a href="https://twitter.com/Jioun_dai">@Jioun_dai</a>) of <a +href="https://skyeye.360safe.com">Qihoo 360 Skyeye Labs</a></p> + <p>Jianqiang Zhao (<a href="https://twitter.com/jianqiangzhao">@jianqiangzhao</a>) of IceSword Lab, Qihoo 360</p> @@ -96,8 +118,15 @@ of <a href="http://c0reteam.org">C0RE Team</a></p> <p>Jun Cheng of Alibaba Inc.</p> +<p>Lenx Wei (韦韬) of Baidu X-Lab (百度安全实验室)</p> + +<p><a href="mailto:zlbzlb815@163.com">Lubo Zhang</a> +of <a href="http://c0reteam.org">C0RE Team</a></p> + <p>ma.la of LINE Corporation</p> +<p>Makoto Onuki of Google</p> + <p>Max Spector of Google:</p> <p>Michael Goberman of IBM Security X-Force</p> @@ -107,8 +136,17 @@ of <a href="http://c0reteam.org">C0RE Team</a></p> <p>Monk Avel</p> +<p>Nathan Crandall (<a href="https://twitter.com/natecray">@natecray</a>) +of Tesla Motors Product Security Team</p> + <p>Nikolay Elenkov of LINE Corporation</p> +<p>Ning You of Alibaba Mobile Security Group</p> + +<p>Peng Xiao of Alibaba Mobile Security Group</p> + +<p>Pengfei Ding (丁鹏飞) of Baidu X-Lab (百度安全实验室)</p> + <p>Peter Pi (<a href="https://twitter.com/heisecode">@heisecode</a>) of Trend Micro</p> @@ -117,26 +155,45 @@ of <a href="http://c0reteam.org">C0RE Team</a></p> <p>Qidan He (何淇丹) (<a href="https://twitter.com/flanker_hqd">@flanker_hqd</a>) of KeenLab, Tencent (腾讯科恩实验室)</p> - + +<p>Qing Zhang of Qihoo 360</p> + +<p>Quhe of Ant-financial Light-Year Security Lab (蚂蚁金服巴斯光年安全实验室)</p> + <p>Roee Hay of IBM Security X-Force</p> <p>Sagi Kedmi of IBM X-Force Research</p> +<p><a href="mailto:keun-o.park@darkmatter.ae">Sahara</a> of Secure +Communications in DarkMatter</p> + +<p>salls (<a href="https://twitter.com/chris_salls">@chris_salls</a>) of +Shellphish Grill Team, UC Santa Barbara</p> + <p>Scott Bauer (<a href="http://twitter.com/ScottyBauer1">@ScottyBauer1</a>)</p> <p>Sean Beaupre (<a href="https://twitter.com/firewaterdevs">@firewaterdevs</a>)</p> <p>Seven Shen (<a href="https://twitter.com/lingtongshen">@lingtongshen</a>) of Trend Micro Mobile Threat Research Team</p> - + +<p>Shinichi Matsumoto of Fujitsu</p> + +<p><a href="mailto:smarques84@gmail.com">Stéphane Marques</a> of <a +href="http://www.byterev.com">ByteRev</a></p> + <p>Stephen Morrow</p> +<p>Svetoslav Ganov of Google</p> + <p><a href="mailto:segfault5514@gmail.com">Tong Lin</a> of <a href="http://c0reteam.org">C0RE Team</a></p> <p>V.E.O (<a href="https://twitter.com/vysea">@VYSEa</a>) of Mobile Threat Research Team, <a href="http://www.trendmicro.com">Trend Micro</a></p> - + +<p>wanchouchou of Ant-financial Light-Year Security Lab (蚂蚁金服巴斯光年安全实验室)</p> + <p>Weichao Sun (<a href="https://twitter.com/sunblate">@sunblate</a>) of Alibaba Inc.</p> @@ -155,12 +212,16 @@ of <a href="http://c0reteam.org">C0RE Team</a></p> <p><a href="mailto:bigwyfone@gmail.com">Yanfeng Wang</a> of <a href="http://c0reteam.org">C0RE Team</a></p> +<p>Yang Song of Alibaba Mobile Security Group</p> + <p><a href="mailto:yaojun8558363@gmail.com">Yao Jun</a> of <a href="http://c0reteam.org">C0RE Team</a></p> <p>Yong Wang (王勇) (<a href="https://twitter.com/ThomasKing2014">@ThomasKing2014</a>) of Alibaba Inc.</p> - + +<p>Yu Pan of Vulpecker Team, Qihoo 360 Technology Co. Ltd</p> + <p><a href="mailto:computernik@gmail.com">Yuan-Tsung Lo</a> of <a href="http://c0reteam.org">C0RE Team</a></p> diff --git a/src/security/security_toc.cs b/src/security/security_toc.cs index 3b5993b6..53aa8d31 100644 --- a/src/security/security_toc.cs +++ b/src/security/security_toc.cs @@ -62,6 +62,7 @@ <li><a href="<?cs var:toroot ?>security/advisory/2016-03-18.html">2016-03-18</a></li> </ul> </li> + <li><a href="<?cs var:toroot ?>security/bulletin/2017-03-01.html">March 2017</a></li> <li><a href="<?cs var:toroot ?>security/bulletin/2017-02-01.html">February 2017</a></li> <li><a href="<?cs var:toroot ?>security/bulletin/2017-01-01.html">January 2017</a></li> <li class="nav-section"> |