diff options
author | Danielle Roberts <daroberts@google.com> | 2017-03-30 15:44:59 -0700 |
---|---|---|
committer | Danielle Roberts <daroberts@google.com> | 2017-04-03 11:54:48 -0700 |
commit | 261982cafe73d23eb2f158b35b061b21c1eb79d3 (patch) | |
tree | d2f478c8ce4aa0e828fe8eff607c0dc3e06044e5 | |
parent | b97751544f224464715ae4d147e66f7991ef6533 (diff) | |
download | source.android.com-261982cafe73d23eb2f158b35b061b21c1eb79d3.tar.gz |
Docs: Publish April 2017 security bulletin
Test: make online-sac-docs on 13
Bug: 36510021
Change-Id: I5975a653becad5e882e082ad62b97af43aebf178
-rw-r--r-- | src/security/bulletin/2017-04-01.jd | 3090 | ||||
-rw-r--r-- | src/security/bulletin/index.jd | 8 | ||||
-rw-r--r-- | src/security/overview/acknowledgements.jd | 24 | ||||
-rw-r--r-- | src/security/security_toc.cs | 1 |
4 files changed, 3123 insertions, 0 deletions
diff --git a/src/security/bulletin/2017-04-01.jd b/src/security/bulletin/2017-04-01.jd new file mode 100644 index 00000000..17f4593e --- /dev/null +++ b/src/security/bulletin/2017-04-01.jd @@ -0,0 +1,3090 @@ +page.title=Android Security Bulletin—April 2017 +@jd:body + + <!-- + Copyright 2017 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + --> +<p><em>Published April 03, 2017</em></p> +<p>The Android Security Bulletin contains details of security vulnerabilities +affecting Android devices. Alongside the bulletin, we have released a security +update to Nexus devices through an over-the-air (OTA) update. The Google device +firmware images have also been released to the <a +href="https://developers.google.com/android/nexus/images">Google Developer +site</a>. Security patch levels of April 05, 2017 or later address all of these +issues. Refer to the <a +href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">Pixel +and Nexus update schedule</a> to learn how to check a device's security patch +level.</p> +<p>Partners were notified of the issues described in the bulletin on March 06, 2017 +or earlier. Source code patches for these issues will be released to the Android +Open Source Project (AOSP) repository in the next 48 hours. We will revise this +bulletin with the AOSP links when they are available.</p> +<p>The most severe of these issues is a Critical security vulnerability that could +enable remote code execution on an affected device through multiple methods such +as email, web browsing, and MMS when processing media files.</p> +<p>We have had no reports of active customer exploitation or abuse of these newly +reported issues. Refer to the <a href="#mitigations">Android and Google service +mitigations</a> section for details on the <a +href="/security/enhancements/index.html">Android +security platform protections</a> and service protections such as <a +href="https://developer.android.com/training/safetynet/index.html">SafetyNet</a>, +which improve the security of the Android platform.</p> +<p>We encourage all customers to accept these updates to their devices.</p> + +<h2 id="announcements">Announcements</h2> +<ul> +<li>This bulletin has two security patch level strings to provide Android +partners with the flexibility to more quickly fix a subset of vulnerabilities +that are similar across all Android devices. See <a +href="#common-questions-and-answers">Common questions and answers</a> for +additional information: + <ul> + <li><strong>2017-04-01</strong>: Partial security patch level string. This + security patch level string indicates that all issues associated with 2017-04-01 + (and all previous security patch level strings) are addressed.</li> + <li><strong>2017-04-05</strong>: Complete security patch level string. This + security patch level string indicates that all issues associated with 2017-04-01 + and 2017-04-05 (and all previous security patch level strings) are addressed.</li> + </ul> +</li> +<li>Supported Google devices will receive a single OTA update with the April 05, +2017 security patch level.</li> +</ul> + +<h2 id="security-vulnerability-summary">Security Vulnerability Summary</h2> +<p>The tables below contains a list of security vulnerabilities, the Common +Vulnerability and Exposures ID (CVE), the assessed severity, and whether or not +Google devices are affected. The +<a href="/security/overview/updates-resources.html#severity">severity +assessment</a> is based on the effect that exploiting the vulnerability would +possibly have on an affected device, assuming the platform and service +mitigations are disabled for development purposes or if successfully bypassed.</p> + +<h3 id="2017-04-01-summary">2017-04-01 security patch level—Vulnerability summary</h3> +<p>Security patch levels of 2017-04-01 or later must address the following issues.</p> +<table> + <col width="55%"> + <col width="20%"> + <col width="13%"> + <col width="12%"> + <tr> + <th>Issue</th> + <th>CVE</th> + <th>Severity</th> + <th>Affects Google devices?</th> + </tr> + <tr> + <td>Remote code execution vulnerability in Mediaserver</td> + <td>CVE-2017-0538, CVE-2017-0539, CVE-2017-0540, CVE-2017-0541, +CVE-2017-0542, CVE-2017-0543</td> + <td>Critical</td> + <td>Yes</td> + </tr> + <tr> + <td>Elevation of privilege vulnerability in CameraBase</td> + <td>CVE-2017-0544</td> + <td>High</td> + <td>Yes</td> + </tr> + <tr> + <td>Elevation of privilege vulnerability in Audioserver</td> + <td>CVE-2017-0545</td> + <td>High</td> + <td>Yes</td> + </tr> + <tr> + <td>Elevation of privilege vulnerability in SurfaceFlinger</td> + <td>CVE-2017-0546</td> + <td>High</td> + <td>Yes</td> + </tr> + <tr> + <td>Information disclosure vulnerability in Mediaserver</td> + <td>CVE-2017-0547</td> + <td>High</td> + <td>Yes</td> + </tr> + <tr> + <td>Denial of service vulnerability in libskia</td> + <td>CVE-2017-0548</td> + <td>High</td> + <td>Yes</td> + </tr> + <tr> + <td>Denial of service vulnerability in Mediaserver</td> + <td>CVE-2017-0549, CVE-2017-0550, CVE-2017-0551, CVE-2017-0552</td> + <td>High</td> + <td>Yes</td> + </tr> + <tr> + <td>Elevation of privilege vulnerability in libnl</td> + <td>CVE-2017-0553</td> + <td>Moderate</td> + <td>Yes</td> + </tr> + <tr> + <td>Elevation of privilege vulnerability in Telephony</td> + <td>CVE-2017-0554</td> + <td>Moderate</td> + <td>Yes</td> + </tr> + <tr> + <td>Information disclosure vulnerability in Mediaserver</td> + <td>CVE-2017-0555, CVE-2017-0556, CVE-2017-0557, CVE-2017-0558</td> + <td>Moderate</td> + <td>Yes</td> + </tr> + <tr> + <td>Information disclosure vulnerability in libskia</td> + <td>CVE-2017-0559</td> + <td>Moderate</td> + <td>Yes</td> + </tr> + <tr> + <td>Information disclosure vulnerability in Factory Reset</td> + <td>CVE-2017-0560</td> + <td>Moderate</td> + <td>Yes</td> + </tr> +</table> + +<h3 id="2017-04-05-summary">2017-04-05 security patch level—Vulnerability summary</h3> +<p>Security patch levels of 2017-04-05 or later must address all of the 2017-04-01 +issues, as well as the following issues.</p> +<table> + <col width="55%"> + <col width="20%"> + <col width="13%"> + <col width="12%"> + <tr> + <th>Issue</th> + <th>CVE</th> + <th>Severity</th> + <th>Affects Google devices?</th> + </tr> + <tr> + <td>Remote code execution vulnerability in Broadcom Wi-Fi firmware</td> + <td>CVE-2017-0561</td> + <td>Critical</td> + <td>Yes</td> + </tr> + <tr> + <td>Remote code execution vulnerability in Qualcomm crypto engine driver</td> + <td>CVE-2016-10230</td> + <td>Critical</td> + <td>Yes</td> + </tr> + <tr> + <td>Remote code execution vulnerability in kernel networking subsystem</td> + <td>CVE-2016-10229</td> + <td>Critical</td> + <td>Yes</td> + </tr> + <tr> + <td>Elevation of privilege vulnerability in MediaTek touchscreen driver</td> + <td>CVE-2017-0562</td> + <td>Critical</td> + <td>No*</td> + </tr> + <tr> + <td>Elevation of privilege vulnerability in HTC touchscreen driver</td> + <td>CVE-2017-0563</td> + <td>Critical</td> + <td>Yes</td> + </tr> + <tr> + <td>Elevation of privilege vulnerability in kernel ION subsystem</td> + <td>CVE-2017-0564</td> + <td>Critical</td> + <td>Yes</td> + </tr> + <tr> + <td>Vulnerabilities in Qualcomm components</td> + <td>CVE-2016-10237, CVE-2016-10238, CVE-2016-10239</td> + <td>Critical</td> + <td>Yes</td> + </tr> + <tr> + <td>Remote code execution vulnerability in v8</td> + <td>CVE-2016-5129</td> + <td>High</td> + <td>Yes</td> + </tr> + <tr> + <td>Remote code execution vulnerability in Freetype</td> + <td>CVE-2016-10244</td> + <td>High</td> + <td>Yes</td> + </tr> + <tr> + <td>Elevation of privilege vulnerability in kernel sound subsystem</td> + <td>CVE-2014-4656</td> + <td>High</td> + <td>Yes</td> + </tr> + <tr> + <td>Elevation of privilege vulnerability in NVIDIA crypto driver</td> + <td>CVE-2017-0339, CVE-2017-0332, CVE-2017-0327</td> + <td>High</td> + <td>Yes</td> + </tr> + <tr> + <td>Elevation of privilege vulnerability in MediaTek thermal driver</td> + <td>CVE-2017-0565</td> + <td>High</td> + <td>No*</td> + </tr> + <tr> + <td>Elevation of privilege vulnerability in MediaTek camera driver</td> + <td>CVE-2017-0566</td> + <td>High</td> + <td>No*</td> + </tr> + <tr> + <td>Elevation of privilege vulnerability in Broadcom Wi-Fi driver</td> + <td>CVE-2017-0567, CVE-2017-0568, CVE-2017-0569, CVE-2017-0570, +CVE-2017-0571, CVE-2017-0572, CVE-2017-0573, CVE-2017-0574</td> + <td>High</td> + <td>Yes</td> + </tr> + <tr> + <td>Elevation of privilege vulnerability in Qualcomm Wi-Fi driver</td> + <td>CVE-2017-0575</td> + <td>High</td> + <td>Yes</td> + </tr> + <tr> + <td>Elevation of privilege vulnerability in NVIDIA I2C HID driver</td> + <td>CVE-2017-0325</td> + <td>High</td> + <td>Yes</td> + </tr> + <tr> + <td>Elevation of privilege vulnerability in Qualcomm audio driver</td> + <td>CVE-2017-0454</td> + <td>High</td> + <td>Yes</td> + </tr> + <tr> + <td>Elevation of privilege vulnerability in Qualcomm crypto engine driver</td> + <td>CVE-2017-0576</td> + <td>High</td> + <td>Yes</td> + </tr> + <tr> + <td>Elevation of privilege vulnerability in HTC touchscreen driver</td> + <td>CVE-2017-0577</td> + <td>High</td> + <td>No*</td> + </tr> + <tr> + <td>Elevation of privilege vulnerability in DTS sound driver</td> + <td>CVE-2017-0578</td> + <td>High</td> + <td>No*</td> + </tr> + <tr> + <td>Elevation of privilege vulnerability in Qualcomm sound codec driver</td> + <td>CVE-2016-10231</td> + <td>High</td> + <td>Yes</td> + </tr> + <tr> + <td>Elevation of privilege vulnerability in Qualcomm video driver</td> + <td>CVE-2017-0579, CVE-2016-10232, CVE-2016-10233</td> + <td>High</td> + <td>Yes</td> + </tr> + <tr> + <td>Elevation of privilege vulnerability in NVIDIA boot and power management +processor driver</td> + <td>CVE-2017-0329</td> + <td>High</td> + <td>Yes</td> + </tr> + <tr> + <td>Elevation of privilege vulnerability in Synaptics touchscreen driver</td> + <td>CVE-2017-0580, CVE-2017-0581</td> + <td>High</td> + <td>No*</td> + </tr> + <tr> + <td>Elevation of privilege vulnerability in Qualcomm Seemp driver</td> + <td>CVE-2017-0462</td> + <td>High</td> + <td>Yes</td> + </tr> + <tr> + <td>Elevation of privilege vulnerability in Qualcomm Kyro L2 driver</td> + <td>CVE-2017-6423</td> + <td>High</td> + <td>Yes</td> + </tr> + <tr> + <td>Elevation of privilege vulnerability in kernel file system</td> + <td>CVE-2014-9922</td> + <td>High</td> + <td>Yes</td> + </tr> + <tr> + <td>Information disclosure vulnerability in kernel memory subsystem</td> + <td>CVE-2014-0206</td> + <td>High</td> + <td>Yes</td> + </tr> + <tr> + <td>Information disclosure vulnerability in kernel networking subsystem</td> + <td>CVE-2014-3145</td> + <td>High</td> + <td>Yes</td> + </tr> + <tr> + <td>Information disclosure vulnerability in Qualcomm TrustZone</td> + <td>CVE-2016-5349</td> + <td>High</td> + <td>Yes</td> + </tr> + <tr> + <td>Information disclosure vulnerability in Qualcomm IPA driver</td> + <td>CVE-2016-10234</td> + <td>High</td> + <td>Yes</td> + </tr> + <tr> + <td>Denial of service vulnerability in kernel networking subsystem</td> + <td>CVE-2014-2706</td> + <td>High</td> + <td>Yes</td> + </tr> + <tr> + <td>Denial of service vulnerability in Qualcomm Wi-Fi driver</td> + <td>CVE-2016-10235</td> + <td>High</td> + <td>No*</td> + </tr> + <tr> + <td>Elevation of privilege vulnerability in kernel file system</td> + <td>CVE-2016-7097</td> + <td>Moderate</td> + <td>Yes</td> + </tr> + <tr> + <td>Elevation of privilege vulnerability in Qualcomm Wi-Fi driver</td> + <td>CVE-2017-6424</td> + <td>Moderate</td> + <td>Yes</td> + </tr> + <tr> + <td>Elevation of privilege vulnerability in Broadcom Wi-Fi driver</td> + <td>CVE-2016-8465</td> + <td>Moderate</td> + <td>Yes</td> + </tr> + <tr> + <td>Elevation of privilege vulnerability in HTC OEM fastboot command</td> + <td>CVE-2017-0582</td> + <td>Moderate</td> + <td>Yes</td> + </tr> + <tr> + <td>Elevation of privilege vulnerability in Qualcomm CP access driver</td> + <td>CVE-2017-0583</td> + <td>Moderate</td> + <td>Yes</td> + </tr> + <tr> + <td>Information disclosure vulnerability in kernel media driver</td> + <td>CVE-2014-1739</td> + <td>Moderate</td> + <td>Yes</td> + </tr> + <tr> + <td>Information disclosure vulnerability in Qualcomm Wi-Fi driver</td> + <td>CVE-2017-0584</td> + <td>Moderate</td> + <td>Yes</td> + </tr> + <tr> + <td>Information disclosure vulnerability in Broadcom Wi-Fi driver</td> + <td>CVE-2017-0585</td> + <td>Moderate</td> + <td>Yes</td> + </tr> + <tr> + <td>Information disclosure vulnerability in Qualcomm Avtimer driver</td> + <td>CVE-2016-5346</td> + <td>Moderate</td> + <td>Yes</td> + </tr> + <tr> + <td>Information disclosure vulnerability in Qualcomm video driver</td> + <td>CVE-2017-6425</td> + <td>Moderate</td> + <td>Yes</td> + </tr> + <tr> + <td>Information disclosure vulnerability in Qualcomm USB driver</td> + <td>CVE-2016-10236</td> + <td>Moderate</td> + <td>Yes</td> + </tr> + <tr> + <td>Information disclosure vulnerability in Qualcomm sound driver</td> + <td>CVE-2017-0586</td> + <td>Moderate</td> + <td>Yes</td> + </tr> + <tr> + <td>Information disclosure vulnerability in Qualcomm SPMI driver</td> + <td>CVE-2017-6426</td> + <td>Moderate</td> + <td>Yes</td> + </tr> + <tr> + <td>Information disclosure vulnerability in NVIDIA crypto driver</td> + <td>CVE-2017-0328, CVE-2017-0330</td> + <td>Moderate</td> + <td>No*</td> + </tr> + <tr> + <td>Vulnerabilities in Qualcomm components**</td> + <td>CVE-2014-9931, CVE-2014-9932, CVE-2014-9933, CVE-2014-9934, +CVE-2014-9935, CVE-2014-9936, CVE-2014-9937, CVE-2015-8995, CVE-2015-8996, +CVE-2015-8997, CVE-2015-8998, CVE-2015-8999, CVE-2015-9000, CVE-2015-9001, +CVE-2015-9002, CVE-2015-9003, CVE-2016-8489</td> + <td>Critical</td> + <td>No*</td> + </tr> +</table> +<p>* Supported Google devices on Android 7.0 or later that have installed all +available updates are not affected by this vulnerability.</p> +<p>** These vulnerabilities affecting Qualcomm components were released by +Qualcomm to their partners as part of Qualcomm AMSS security bulletins +between 2014–2016.</p> + +<h2 id="mitigations">Android and Google Service Mitigations</h2> +<p>This is a summary of the mitigations provided by the <a +href="/security/enhancements/index.html">Android +security platform</a> and service protections such as SafetyNet. These +capabilities reduce the likelihood that security vulnerabilities could be +successfully exploited on Android.</p> +<ul> + <li>Exploitation for many issues on Android is made more difficult by + enhancements in newer versions of the Android platform. We encourage all users + to update to the latest version of Android where possible.</li> + <li>The Android Security team actively monitors for abuse with <a + href="http://static.googleusercontent.com/media/source.android.com/en//security/reports/Google_Android_Security_2016_Report_Final.pdf">Verify + Apps and SafetyNet</a>, which are designed to warn users about <a + href="http://static.googleusercontent.com/media/source.android.com/en//security/reports/Google_Android_Security_PHA_classifications.pdf">Potentially + Harmful Applications</a>. Verify Apps is enabled by default on devices with <a + href="http://www.android.com/gms">Google Mobile Services</a> and is especially + important for users who install applications from outside of Google Play. Device + rooting tools are prohibited within Google Play, but Verify Apps warns users + when they attempt to install a detected rooting application—no matter where it + comes from. Additionally, Verify Apps attempts to identify and block + installation of known malicious applications that exploit a privilege escalation + vulnerability. If such an application has already been installed, Verify Apps + will notify the user and attempt to remove the detected application.</li> + <li>As appropriate, Google Hangouts and Messenger applications do not + automatically pass media to processes such as Mediaserver.</li> +</ul> + +<h2 id="acknowledgements">Acknowledgements</h2> +<p>We would like to thank these researchers for their contributions:</p> +<ul> + <li>Aravind Machiry (donfos) of Shellphish Grill Team: CVE-2016-5349</li> + <li>Daxing Guo (<a href="https://twitter.com/freener0">@freener0</a>) of Xuanwu + Lab, Tencent: CVE-2017-0585, CVE-2017-0553</li> + <li><a href="mailto:derrek.haxx@gmail.com">Derrek</a> (<a + href="https://twitter.com/derrekr6">@derrekr6</a>) and Scott Bauer: + CVE-2017-0576</li> + <li>Gal Beniamini of Project Zero: CVE-2017-0571, CVE-2017-0570, CVE-2017-0572, + CVE-2017-0569, CVE-2017-0561</li> + <li>Gengjia Chen (<a href="https://twitter.com/chengjia4574">@chengjia4574</a>) + and <a href="http://weibo.com/jfpan">pjf </a>of IceSword Lab, Qihoo 360 + Technology Co. Ltd.: CVE-2017-6426, CVE-2017-0581, CVE-2017-0329, CVE-2017-0332, + CVE-2017-0566</li> + <li>Guang Gong (龚广) (<a href="https://twitter.com/oldfresher">@oldfresher</a>) + of Alpha Team, Qihoo 360 Technology Co. Ltd.: CVE-2017-0547</li> + <li>Hao Chen and Guang Gong of Alpha Team, Qihoo 360 Technology Co. Ltd.: + CVE-2017-6424, CVE-2017-0584, CVE-2017-0454, CVE-2017-0575, CVE-2017-0567</li> + <li>Ian Foster (<a href="https://twitter.com/lanrat">@lanrat</a>): CVE-2017-0554</li> + <li>Jack Tang of Trend Micro Inc.: CVE-2017-0579</li> + <li>Jianjun Dai (<a href="https://twitter.com/Jioun_dai">@Jioun_dai</a>) of <a + href="https://skyeye.360safe.com">Qihoo 360 Skyeye Labs</a>: CVE-2017-0559, + CVE-2017-0541</li> + <li>Jianqiang Zhao (<a + href="https://twitter.com/jianqiangzhao">@jianqiangzhao</a>) and <a + href="http://weibo.com/jfpan">pjf</a> of IceSword Lab, Qihoo 360: CVE-2017-6425, + CVE-2016-5346</li> + <li><a href="mailto:salyzyn@android.com">Mark Salyzyn</a> of Google: + CVE-2017-0558</li> + <li>Mike Anderson (<a href="https://twitter.com/manderbot">@manderbot</a>) and + Nathan Crandall (<a href="https://twitter.com/natecray">@natecray</a>) of + Tesla's Product Security Team: CVE-2017-0327, CVE-2017-0328</li> + <li>Peng Xiao, Chengming Yang, Ning You, Chao Yang, and Yang song of Alibaba + Mobile Security Group: CVE-2017-0565</li> + <li>Pengfei Ding (丁鹏飞), Chenfu Bao (包沉浮), and Lenx Wei (韦韬) of Baidu X-Lab + (百度安全实验室): CVE-2016-10236</li> + <li>Qidan He (何淇丹 - <a href="https://twitter.com/flanker_hqd">@flanker_hqd</a>) + of KeenLab, Tencent: CVE-2017-0544, CVE-2016-10231, CVE-2017-0325</li> + <li><a href="mailto:sbauer@plzdonthack.me">Scott Bauer</a> (<a + href="https://twitter.com/ScottyBauer1">@ScottyBauer1</a>): CVE-2017-0562, + CVE-2017-0339</li> + <li>Seven Shen (<a href="https://twitter.com/lingtongshen">@lingtongshen</a>) of + TrendMicro Mobile Threat Research Team: CVE-2017-0578</li> + <li>Tim Becker: CVE-2017-0546</li> + <li>Uma Sankar Pradhan (<a + href="https://twitter.com/umasankar_iitd">@umasankar_iitd</a>): CVE-2017-0560</li> + <li>V.E.O (<a href="https://twitter.com/vysea">@VYSEa</a>) of <a + href="http://blog.trendmicro.com/trendlabs-security-intelligence/category/mobile">Mobile + Threat Response Team</a>, <a href="http://www.trendmicro.com">Trend Micro</a>: + CVE-2017-0555, CVE-2017-0538, CVE-2017-0539, CVE-2017-0540, CVE-2017-0557, + CVE-2017-0556</li> + <li>Weichao Sun (<a href="https://twitter.com/sunblate">@sunblate</a>) of + Alibaba Inc: CVE-2017-0549</li> + <li>Wenlin Yang (<a href="https://twitter.com/wenlin_yang">@wenlin_yang</a>), + Guang Gong (<a href="https://twitter.com/oldfresher">@oldfresher</a>), and Hao + Chen of Alpha Team, Qihoo 360 Technology Co. Ltd.: CVE-2017-0580, CVE-2017-0577</li> + <li>Yonggang Guo (<a href="https://twitter.com/guoygang">@guoygang</a>) of + IceSword Lab, Qihoo 360 Technology Co. Ltd.: CVE-2017-0586, CVE-2017-0564</li> + <li><a href="http://weibo.com/ele7enxxh">Zinuo Han</a> from Chengdu Security + Response Center of Qihoo 360 Technology Co. Ltd.: CVE-2017-0548</li> + <li>Zubin Mithra of Google: CVE-2017-0462</li> +</ul> + +<h2 id="2017-04-01-details">2017-04-01 security patch level—Vulnerability +details</h2> +<p>In the sections below, we provide details for each of the security +vulnerabilities listed in the +<a href="#2017-04-01-summary">2017-04-01 +security patch level—Vulnerability summary</a> above. There is a description of +the issue, a severity rationale, and a table with the CVE, associated +references, severity, updated Google devices, updated AOSP versions (where +applicable), and date reported. When available, we will link the public change +that addressed the issue to the bug ID, like the AOSP change list. When multiple +changes relate to a single bug, additional references are linked to numbers +following the bug ID.</p> + + +<h3 id="rce-in-mediaserver">Remote code execution vulnerability in +Mediaserver</h3> +<p>A remote code execution vulnerability in Mediaserver could enable an attacker +using a specially crafted file to cause memory corruption during media file and +data processing. This issue is rated as Critical due to the possibility of +remote code execution within the context of the Mediaserver process.</p> + +<table> + <col width="18%"> + <col width="17%"> + <col width="10%"> + <col width="19%"> + <col width="18%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Updated AOSP versions</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2017-0538</td> + <td>A-33641588</td> + <td>Critical</td> + <td>All</td> + <td>6.0, 6.0.1, 7.0, 7.1.1</td> + <td>Dec 13, 2016</td> + </tr> + <tr> + <td>CVE-2017-0539</td> + <td>A-33864300</td> + <td>Critical</td> + <td>All</td> + <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> + <td>Dec 23, 2016</td> + </tr> + <tr> + <td>CVE-2017-0540</td> + <td>A-33966031</td> + <td>Critical</td> + <td>All</td> + <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> + <td>Dec 29, 2016</td> + </tr> + <tr> + <td>CVE-2017-0541</td> + <td>A-34031018</td> + <td>Critical</td> + <td>All</td> + <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> + <td>Jan 1, 2017</td> + </tr> + <tr> + <td>CVE-2017-0542</td> + <td>A-33934721</td> + <td>Critical</td> + <td>All</td> + <td>6.0, 6.0.1, 7.0, 7.1.1</td> + <td>Google internal</td> + </tr> + <tr> + <td>CVE-2017-0543</td> + <td>A-34097866</td> + <td>Critical</td> + <td>All</td> + <td>6.0, 6.0.1, 7.0, 7.1.1</td> + <td>Google internal</td> + </tr> +</table> + + +<h3 id="eop-in-camerabase">Elevation of privilege vulnerability in +CameraBase</h3> +<p>An elevation of privilege vulnerability in CameraBase could enable a local +malicious application to execute arbitrary code. This issue is rated as High +because it is a local arbitrary code execution in a privileged process.</p> + +<table> + <col width="18%"> + <col width="17%"> + <col width="10%"> + <col width="19%"> + <col width="18%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Updated AOSP versions</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2017-0544</td> + <td>A-31992879</td> + <td>High</td> + <td>All</td> + <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> + <td>Oct 6, 2016</td> + </tr> +</table> + + +<h3 id="eop-in-audioserver">Elevation of privilege vulnerability in +Audioserver</h3> +<p>An elevation of privilege vulnerability in Audioserver could enable a local +malicious application to execute arbitrary code within the context of a +privileged process. This issue is rated as High because it could be used to +gain local access to elevated capabilities, which are not normally accessible +to a third-party application.</p> + +<table> + <col width="18%"> + <col width="17%"> + <col width="10%"> + <col width="19%"> + <col width="18%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Updated AOSP versions</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2017-0545</td> + <td>A-32591350</td> + <td>High</td> + <td>All</td> + <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> + <td>Oct 31, 2016</td> + </tr> +</table> + + +<h3 id="eop-in-surfaceflinger">Elevation of privilege vulnerability in +SurfaceFlinger</h3> +<p>An elevation of privilege vulnerability in SurfaceFlinger could enable a local +malicious application to execute arbitrary code within the context of a +privileged process. This issue is rated as High because it could be used to +gain local access to elevated capabilities, which are not normally accessible +to a third-party application.</p> + +<table> + <col width="18%"> + <col width="17%"> + <col width="10%"> + <col width="19%"> + <col width="18%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Updated AOSP versions</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2017-0546</td> + <td>A-32628763</td> + <td>High</td> + <td>All</td> + <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> + <td>Nov 2, 2016</td> + </tr> +</table> + + +<h3 id="id-in-mediaserver">Information disclosure vulnerability in +Mediaserver</h3> +<p>An information disclosure vulnerability in Mediaserver could enable a local +malicious application to access data outside of its permission levels. This +issue is rated as High because it is a general bypass for operating system +protections that isolate application data from other applications.</p> + +<table> + <col width="18%"> + <col width="17%"> + <col width="10%"> + <col width="19%"> + <col width="18%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Updated AOSP versions</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2017-0547</td> + <td>A-33861560</td> + <td>High</td> + <td>All</td> + <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> + <td>Dec 22, 2016</td> + </tr> +</table> + + +<h3 id="dos-in-libskia">Denial of service vulnerability in libskia</h3> +<p>A remote denial of service vulnerability in libskia could enable an attacker to +use a specially crafted file to cause a device hang or reboot. This issue is +rated as High severity due to the possibility of remote denial of service.</p> + +<table> + <col width="18%"> + <col width="17%"> + <col width="10%"> + <col width="19%"> + <col width="18%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Updated AOSP versions</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2017-0548</td> + <td>A-33251605</td> + <td>High</td> + <td>All</td> + <td>7.0, 7.1.1</td> + <td>Nov 29, 2016</td> + </tr> +</table> + + +<h3 id="dos-in-mediaserver">Denial of service vulnerability in Mediaserver</h3> +<p>A remote denial of service vulnerability in Mediaserver could enable an +attacker to use a specially crafted file to cause a device hang or reboot. This +issue is rated as High severity due to the possibility of remote denial of +service.</p> + +<table> + <col width="18%"> + <col width="17%"> + <col width="10%"> + <col width="19%"> + <col width="18%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Updated AOSP versions</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2017-0549</td> + <td>A-33818508</td> + <td>High</td> + <td>All</td> + <td>6.0, 6.0.1, 7.0, 7.1.1</td> + <td>Dec 20, 2016</td> + </tr> + <tr> + <td>CVE-2017-0550</td> + <td>A-33933140</td> + <td>High</td> + <td>All</td> + <td>6.0, 6.0.1, 7.0, 7.1.1</td> + <td>Google internal</td> + </tr> + <tr> + <td>CVE-2017-0551</td> + <td>A-34097231</td> + <td>High</td> + <td>All</td> + <td>6.0, 6.0.1, 7.0, 7.1.1</td> + <td>Google internal</td> + </tr> + <tr> + <td>CVE-2017-0552</td> + <td>A-34097915</td> + <td>High</td> + <td>All</td> + <td>6.0, 6.0.1, 7.0, 7.1.1</td> + <td>Google internal</td> + </tr> +</table> + + +<h3 id="eop-in-libnl">Elevation of privilege vulnerability in libnl</h3> +<p>An elevation of privilege vulnerability in libnl could enable a local malicious +application to execute arbitrary code within the context of the Wi-Fi service. +This issue is rated as Moderate because it first requires compromising a +privileged process and is mitigated by current platform configurations.</p> + +<table> + <col width="18%"> + <col width="17%"> + <col width="10%"> + <col width="19%"> + <col width="18%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Updated AOSP versions</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2017-0553</td> + <td>A-32342065</td> + <td>Moderate</td> + <td>All</td> + <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> + <td>Oct 21, 2016</td> + </tr> +</table> + + +<h3 id="eop-in-telephony">Elevation of privilege vulnerability in +Telephony</h3> +<p>An elevation of privilege vulnerability in the Telephony component could enable +a local malicious application to access capabilities outside of its permission +levels. This issue is rated as Moderate because it could be used to gain access +to elevated capabilities, which are not normally accessible to a third-party +application.</p> + +<table> + <col width="18%"> + <col width="17%"> + <col width="10%"> + <col width="19%"> + <col width="18%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Updated AOSP versions</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2017-0554</td> + <td>A-33815946</td> + <td>Moderate</td> + <td>All</td> + <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> + <td>Dec 20, 2016</td> + </tr> +</table> + + +<h3 id="id-in-mediaserver-2">Information disclosure vulnerability in +Mediaserver</h3> +<p>An information disclosure vulnerability in Mediaserver could enable a local +malicious application to access data outside of its permission levels. This +issue is rated as Moderate because it could be used to access data without +permission.</p> + +<table> + <col width="18%"> + <col width="17%"> + <col width="10%"> + <col width="19%"> + <col width="18%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Updated AOSP versions</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2017-0555</td> + <td>A-33551775</td> + <td>Moderate</td> + <td>All</td> + <td>6.0, 6.0.1, 7.0, 7.1.1</td> + <td>Dec 12, 2016</td> + </tr> + <tr> + <td>CVE-2017-0556</td> + <td>A-34093952</td> + <td>Moderate</td> + <td>All</td> + <td>6.0, 6.0.1, 7.0, 7.1.1</td> + <td>Jan 4, 2017</td> + </tr> + <tr> + <td>CVE-2017-0557</td> + <td>A-34093073</td> + <td>Moderate</td> + <td>All</td> + <td>6.0, 6.0.1, 7.0, 7.1.1</td> + <td>Jan 4, 2017</td> + </tr> + <tr> + <td>CVE-2017-0558</td> + <td>A-34056274</td> + <td>Moderate</td> + <td>All</td> + <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> + <td>Google internal</td> + </tr> +</table> + + +<h3 id="id-in-libskia">Information disclosure vulnerability in libskia</h3> +<p>An information disclosure vulnerability in libskia could enable a local +malicious application to access data outside of its permission levels. This +issue is rated as Moderate because it could be used to access data without +permission.</p> + +<table> + <col width="18%"> + <col width="17%"> + <col width="10%"> + <col width="19%"> + <col width="18%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Updated AOSP versions</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2017-0559</td> + <td>A-33897722</td> + <td>Moderate</td> + <td>All</td> + <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> + <td>Dec 25, 2016</td> + </tr> +</table> + + +<h3 id="id-in-factory-reset">Information disclosure vulnerability in Factory +Reset</h3> +<p>An information disclosure vulnerability in the factory reset process could +enable a local malicious attacker to access data from the previous owner. This +issue is rated as Moderate due to the possibility of bypassing device +protection.</p> + +<table> + <col width="18%"> + <col width="17%"> + <col width="10%"> + <col width="19%"> + <col width="18%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Updated AOSP versions</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2017-0560</td> + <td>A-30681079</td> + <td>Moderate</td> + <td>All</td> + <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> + <td>Google internal</td> + </tr> +</table> + +<h2 id="2017-04-05-details">2017-04-05 security patch level—Vulnerability +details</h2> +<p>In the sections below, we provide details for each of the security +vulnerabilities listed in the +<a href="#2017-04-05-summary">2017-04-05 +security patch level—Vulnerability summary</a> above. There is a description of +the issue, a severity rationale, and a table with the CVE, associated +references, severity, updated Google devices, updated AOSP versions (where +applicable), and date reported. When available, we will link the public change +that addressed the issue to the bug ID, like the AOSP change list. When multiple +changes relate to a single bug, additional references are linked to numbers +following the bug ID.</p> + + +<h3 id="rce-in-broadcom-wi-fi-firmware">Remote code execution vulnerability in +Broadcom Wi-Fi firmware</h3> +<p>A remote code execution vulnerability in the Broadcom Wi-Fi firmware could +enable a remote attacker to execute arbitrary code within the context of the +Wi-Fi SoC. This issue is rated as Critical due to the possibility of remote +code execution in the context of the Wi-Fi SoC.</p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2017-0561</td> + <td>A-34199105*<br> + B-RB#110814</td> + <td>Critical</td> + <td>Nexus 6, Nexus 6P, Nexus 9, Pixel C, Nexus Player</td> + <td>Jan 9, 2017</td> + </tr> +</table> +<p>* The patch for this issue is not publicly available. The update is contained +in the latest binary drivers for Nexus devices available from the +<a href="https://developers.google.com/android/nexus/drivers"> +Google Developer site</a>.</p> + + +<h3 id="rce-in-qualcomm-crypto-engine-driver">Remote code execution +vulnerability in Qualcomm crypto engine driver</h3> +<p>A remote code execution vulnerability in the Qualcomm crypto engine driver +could enable a remote attacker to execute arbitrary code within the context of +the kernel. This issue is rated as Critical due to the possibility of remote +code execution in the context of the kernel.</p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2016-10230</td> + <td>A-34389927<br> + <a +href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=bd9a8fc6d7f6bd1a0b936994630006de450df657"> +QC-CR#1091408</a></td> + <td>Critical</td> + <td>Nexus 5X, Nexus 6, Nexus 6P, Pixel, Pixel XL, Android One</td> + <td>Jan 10, 2017</td> + </tr> +</table> + + +<h3 id="rce-in-kernel-networking-subsystem">Remote code execution vulnerability +in kernel networking subsystem</h3> +<p>A remote code execution vulnerability in the kernel networking subsystem could +enable a remote attacker to execute arbitrary code within the context of the +kernel. This issue is rated as Critical due to the possibility of remote code +execution in the context of the kernel.</p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2016-10229</td> + <td>A-32813456<br> + <a +href="http://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=197c949e7798fbf28cfadc69d9ca0c2abbf93191"> +Upstream kernel</a></td> + <td>Critical</td> + <td>Nexus 5X, Nexus 6, Nexus 6P, Pixel, Pixel XL, Pixel C, Android One, +Nexus Player</td> + <td>Google internal</td> + </tr> +</table> + + +<h3 id="eop-in-mediatek-touchscreen-driver">Elevation of privilege +vulnerability in MediaTek touchscreen driver</h3> +<p>An elevation of privilege vulnerability in the MediaTek touchscreen driver +could enable a local malicious application to execute arbitrary code within the +context of the kernel. This issue is rated as Critical due to the possibility +of a local permanent device compromise, which may require reflashing the +operating system to repair the device.</p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2017-0562</td> + <td>A-30202425*<br> + M-ALPS02898189</td> + <td>Critical*</td> + <td>None**</td> + <td>Jul 16, 2016</td> + </tr> +</table> +<p>* The patch for this issue is not publicly available. The update is contained +in the latest binary drivers for Nexus devices available from the +<a href="https://developers.google.com/android/nexus/drivers"> +Google Developer site</a>.</p> +<p>** Supported Google devices on Android 7.0 or later that have installed all +available updates are not affected by this vulnerability.</p> + + +<h3 id="eop-in-htc-touchscreen-driver">Elevation of privilege vulnerability in +HTC touchscreen driver</h3> +<p>An elevation of privilege vulnerability in the HTC touchscreen driver could +enable a local malicious application to execute arbitrary code within the +context of the kernel. This issue is rated as Critical due to the possibility +of a local permanent device compromise, which may require reflashing the +operating system to repair the device.</p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2017-0563</td> + <td>A-32089409*<br> + </td> + <td>Critical</td> + <td>Nexus 9</td> + <td>Oct 9, 2016</td> + </tr> +</table> +<p>* The patch for this issue is not publicly available. The update is contained +in the latest binary drivers for Nexus devices available from the +<a href="https://developers.google.com/android/nexus/drivers"> +Google Developer site</a>.</p> + + +<h3 id="eop-in-kernel-ion-subsystem">Elevation of privilege vulnerability in +kernel ION subsystem</h3> +<p>An elevation of privilege vulnerability in the kernel ION subsystem could +enable a local malicious application to execute arbitrary code within the +context of the kernel. This issue is rated as Critical due to the possibility +of a local permanent device compromise, which may require reflashing the +operating system to repair the device.</p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2017-0564</td> + <td>A-34276203*<br> + </td> + <td>Critical</td> + <td>Nexus 5X, Nexus 6, Nexus 6P, Pixel, Pixel XL, Pixel C, Android One, +Nexus Player</td> + <td>Jan 12, 2017</td> + </tr> +</table> +<p>* The patch for this issue is not publicly available. The update is contained +in the latest binary drivers for Nexus devices available from the +<a href="https://developers.google.com/android/nexus/drivers"> +Google Developer site</a>.</p> + + +<h3 id="vulnerabilities-in-qualcomm-components">Vulnerabilities in Qualcomm +components</h3> +<p>These vulnerabilities affect Qualcomm components and are described in further +detail in the Qualcomm AMSS October 2016 security bulletin.</p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2016-10237</td> + <td>A-31628601**<br> + QC-CR#1046751</td> + <td>Critical</td> + <td>None**</td> + <td>Qualcomm internal</td> + </tr> + <tr> + <td>CVE-2016-10238</td> + <td>A-35358527**<br> + QC-CR#1042558</td> + <td>Critical</td> + <td>None***</td> + <td>Qualcomm internal</td> + </tr> + <tr> + <td>CVE-2016-10239</td> + <td>A-31624618**<br> + QC-CR#1032929</td> + <td>High</td> + <td>Pixel, Pixel XL</td> + <td>Qualcomm internal</td> + </tr> +</table> +<p>* The severity rating for these vulnerabilities was determined by the vendor.</p> +<p>* The patch for this issue is not publicly available. The update is contained +in the latest binary drivers for Nexus devices available from the +<a href="https://developers.google.com/android/nexus/drivers"> +Google Developer site</a>.</p> +<p>*** Supported Google devices on Android 7.0 or later that have installed all +available updates are not affected by this vulnerability.</p> + + +<h3 id="rce-in-v8">Remote code execution vulnerability in v8</h3> +<p>A remote code execution vulnerability in v8 could enable remote attackers to +execute arbitrary code within the context of a privileged process. This issue +is rated as High due to the possibility of remote code execution in websites. </p> + +<table> + <col width="18%"> + <col width="17%"> + <col width="10%"> + <col width="19%"> + <col width="18%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Updated AOSP versions</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2016-5129</td> + <td>A-29178923</td> + <td>High</td> + <td>All</td> + <td>6.0, 6.0.1, 7.0</td> + <td>Jul 20, 2016</td> + </tr> +</table> + + +<h3 id="rce-in-freetype">Remote code execution vulnerability in Freetype</h3> +<p>A remote code execution vulnerability in Freetype could enable a local +malicious application to load a specially crafted font to cause memory +corruption in an unprivileged process. This issue is rated as High due to the +possibility of remote code execution in an application that uses this library.</p> + +<table> + <col width="18%"> + <col width="17%"> + <col width="10%"> + <col width="19%"> + <col width="18%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Updated AOSP versions</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2016-10244</td> + <td>A-31470908</td> + <td>High</td> + <td>All</td> + <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0</td> + <td>Sep 13, 2016</td> + </tr> +</table> + + +<h3 id="eop-in-kernel-sound-subsystem">Elevation of privilege vulnerability in +kernel sound subsystem</h3> +<p>An elevation of privilege vulnerability in the kernel sound subsystem could +enable a local malicious application to execute arbitrary code within the +context of the kernel. This issue is rated as High because it first requires +compromising a privileged process.</p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2014-4656</td> + <td>A-34464977<br> + <a +href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=883a1d49f0d77d30012f114b2e19fc141beb3e8e"> +Upstream kernel</a></td> + <td>High</td> + <td>Nexus 6, Nexus Player</td> + <td>Jun 26, 2014</td> + </tr> +</table> + + +<h3 id="eop-in-nvidia-crypto-driver">Elevation of privilege vulnerability in +NVIDIA crypto driver</h3> +<p>An elevation of privilege vulnerability in the NVIDIA crypto driver could +enable a local malicious application to execute arbitrary code within the +context of the kernel. This issue is rated as High because it first requires +compromising a privileged process.</p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2017-0339</td> + <td>A-27930566*<br> + N-CVE-2017-0339</td> + <td>High</td> + <td>Nexus 9</td> + <td>Mar 29, 2016</td> + </tr> + <tr> + <td>CVE-2017-0332</td> + <td>A-33812508*<br> + N-CVE-2017-0332</td> + <td>High</td> + <td>Nexus 9</td> + <td>Dec 21, 2016</td> + </tr> + <tr> + <td>CVE-2017-0327</td> + <td>A-33893669*<br> + N-CVE-2017-0327</td> + <td>High</td> + <td>Nexus 9</td> + <td>Dec 24, 2016</td> + </tr> +</table> +<p>* The patch for this issue is not publicly available. The update is contained +in the latest binary drivers for Nexus devices available from the +<a href="https://developers.google.com/android/nexus/drivers"> +Google Developer site</a>.</p> + + +<h3 id="eop-in-mediatek-thermal-driver">Elevation of privilege vulnerability in +MediaTek thermal driver</h3> +<p>An elevation of privilege vulnerability in the MediaTek thermal driver could +enable a local malicious application to execute arbitrary code within the +context of the kernel. This issue is rated as High because it first requires +compromising a privileged process.</p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2017-0565</td> + <td>A-28175904*<br> + M-ALPS02696516</td> + <td>High</td> + <td>None**</td> + <td>Apr 11, 2016</td> + </tr> +</table> +<p>* The patch for this issue is not publicly available. The update is contained +in the latest binary drivers for Nexus devices available from the +<a href="https://developers.google.com/android/nexus/drivers"> +Google Developer site</a>.</p> +<p>** Supported Google devices on Android 7.0 or later that have installed all +available updates are not affected by this vulnerability.</p> + + +<h3 id="eop-in-mediatek-camera-driver">Elevation of privilege vulnerability in +MediaTek camera driver</h3> +<p>An elevation of privilege vulnerability in the MediaTek camera driver could +enable a local malicious application to execute arbitrary code within the +context of the kernel. This issue is rated as High because it first requires +compromising a privileged process.</p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2017-0566</td> + <td>A-28470975*<br> + M-ALPS02696367</td> + <td>High</td> + <td>None**</td> + <td>Apr 29, 2016</td> + </tr> +</table> +<p>* The patch for this issue is not publicly available. The update is contained +in the latest binary drivers for Nexus devices available from the +<a href="https://developers.google.com/android/nexus/drivers"> +Google Developer site</a>.</p> +<p>** Supported Google devices on Android 7.0 or later that have installed all +available updates are not affected by this vulnerability.</p> + + +<h3 id="eop-in-broadcom-wi-fi-driver">Elevation of privilege vulnerability in +Broadcom Wi-Fi driver</h3> +<p>An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could +enable a local malicious application to execute arbitrary code within the +context of the kernel. This issue is rated as High because it first requires +compromising a privileged process.</p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2017-0567</td> + <td>A-32125310*<br> + B-RB#112575</td> + <td>High</td> + <td>Nexus 6, Nexus 6P, Nexus 9, Pixel C, Nexus Player</td> + <td>Oct 12, 2016</td> + </tr> + <tr> + <td>CVE-2017-0568</td> + <td>A-34197514*<br> + B-RB#112600</td> + <td>High</td> + <td>Nexus 6, Nexus 6P, Nexus 9, Pixel C, Nexus Player</td> + <td>Jan 9, 2017</td> + </tr> + <tr> + <td>CVE-2017-0569</td> + <td>A-34198729*<br> + B-RB#110666</td> + <td>High</td> + <td>Nexus 6, Nexus 6P, Nexus 9, Pixel C, Nexus Player</td> + <td>Jan 9, 2017</td> + </tr> + <tr> + <td>CVE-2017-0570</td> + <td>A-34199963*<br> + B-RB#110688</td> + <td>High</td> + <td>Nexus 6, Nexus 6P, Nexus 9, Pixel C, Nexus Player</td> + <td>Jan 9, 2017</td> + </tr> + <tr> + <td>CVE-2017-0571</td> + <td>A-34203305*<br> + B-RB#111541</td> + <td>High</td> + <td>Nexus 6, Nexus 6P, Pixel C, Nexus Player</td> + <td>Jan 9, 2017</td> + </tr> + <tr> + <td>CVE-2017-0572</td> + <td>A-34198931*<br> + B-RB#112597</td> + <td>High</td> + <td>None**</td> + <td>Jan 9, 2017</td> + </tr> + <tr> + <td>CVE-2017-0573</td> + <td>A-34469904*<br> + B-RB#91539</td> + <td>High</td> + <td>Nexus 6, Nexus 6P, Nexus 9, Pixel C, Nexus Player</td> + <td>Jan 18, 2017</td> + </tr> + <tr> + <td>CVE-2017-0574</td> + <td>A-34624457*<br> + B-RB#113189</td> + <td>High</td> + <td>Nexus 6, Nexus 6P, Nexus 9, Pixel C</td> + <td>Jan 22, 2017</td> + </tr> +</table> +<p>* The patch for this issue is not publicly available. The update is contained +in the latest binary drivers for Nexus devices available from the +<a href="https://developers.google.com/android/nexus/drivers"> +Google Developer site</a>.</p> +<p>** Supported Google devices on Android 7.0 or later that have installed all +available updates are not affected by this vulnerability.</p> + + +<h3 id="eop-in-qualcomm-wi-fi-driver">Elevation of privilege vulnerability in +Qualcomm Wi-Fi driver</h3> +<p>An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could +enable a local malicious application to execute arbitrary code within the +context of the kernel. This issue is rated as High because it first requires +compromising a privileged process.</p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2017-0575</td> + <td>A-32658595*<br> + QC-CR#1103099</td> + <td>High</td> + <td>Nexus 5X, Pixel, Pixel XL</td> + <td>Nov 3, 2016</td> + </tr> +</table> +<p>* The patch for this issue is not publicly available. The update is contained +in the latest binary drivers for Nexus devices available from the +<a href="https://developers.google.com/android/nexus/drivers"> +Google Developer site</a>.</p> + + +<h3 id="eop-in-nvidia-i2c-hid-driver">Elevation of privilege vulnerability in +NVIDIA I2C HID driver</h3> +<p>An elevation of privilege vulnerability in the NVIDIA I2C HID driver could +enable a local malicious application to execute arbitrary code within the +context of the kernel. This issue is rated as High because it first requires +compromising a privileged process.</p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2017-0325</td> + <td>A-33040280*<br> + N-CVE-2017-0325</td> + <td>High</td> + <td>Nexus 9, Pixel C</td> + <td>Nov 20, 2016</td> + </tr> +</table> +<p>* The patch for this issue is not publicly available. The update is contained +in the latest binary drivers for Nexus devices available from the +<a href="https://developers.google.com/android/nexus/drivers"> +Google Developer site</a>.</p> + + +<h3 id="eop-in-qualcomm-audio-driver">Elevation of privilege vulnerability in +Qualcomm audio driver</h3> +<p>An elevation of privilege vulnerability in the Qualcomm audio driver could +enable a local malicious application to execute arbitrary code within the +context of the kernel. This issue is rated as High because it first requires +compromising a privileged process.</p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2017-0454</td> + <td>A-33353700<br> + <a +href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=cb0701a2f99fa19f01fbd4249bda9a8eadb0241f"> +QC-CR#1104067</a></td> + <td>High</td> + <td>Nexus 5X, Nexus 6P, Pixel, Pixel XL</td> + <td>Dec 5, 2016</td> + </tr> +</table> + + +<h3 id="eop-in-qualcomm-crypto-engine-driver">Elevation of privilege +vulnerability in Qualcomm crypto engine driver</h3> +<p>An elevation of privilege vulnerability in the Qualcomm crypto engine driver +could enable a local malicious application to execute arbitrary code within the +context of the kernel. This issue is rated as High because it first requires +compromising a privileged process.</p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2017-0576</td> + <td>A-33544431<br> + <a +href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=2b09507d78b25637df6879cd2ee2031b208b3532"> +QC-CR#1103089</a></td> + <td>High</td> + <td>Nexus 5X, Nexus 6, Nexus 6P, Pixel, Pixel XL, Android One</td> + <td>Dec 9, 2016</td> + </tr> +</table> + + +<h3 id="eop-in-htc-touchscreen-driver-2">Elevation of privilege vulnerability +in HTC touchscreen driver</h3> +<p>An elevation of privilege vulnerability in the HTC touchscreen driver could +enable a local malicious application to execute arbitrary code within the +context of the kernel. This issue is rated as High because it first requires +compromising a privileged process.</p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2017-0577</td> + <td>A-33842951*<br> + </td> + <td>High</td> + <td>None**</td> + <td>Dec 21, 2016</td> + </tr> +</table> +<p>* The patch for this issue is not publicly available. The update is contained +in the latest binary drivers for Nexus devices available from the +<a href="https://developers.google.com/android/nexus/drivers"> +Google Developer site</a>.</p> +<p>** Supported Google devices on Android 7.0 or later that have installed all +available updates are not affected by this vulnerability.</p> + + +<h3 id="eop-in-dts-sound-driver">Elevation of privilege vulnerability in DTS +sound driver</h3> +<p>An elevation of privilege vulnerability in the DTS sound driver could enable a +local malicious application to execute arbitrary code within the context of the +kernel. This issue is rated as High because it first requires compromising a +privileged process.</p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2017-0578</td> + <td>A-33964406*<br> + </td> + <td>High</td> + <td>None**</td> + <td>Dec 28, 2016</td> + </tr> +</table> +<p>* The patch for this issue is not publicly available. The update is contained +in the latest binary drivers for Nexus devices available from the +<a href="https://developers.google.com/android/nexus/drivers"> +Google Developer site</a>.</p> +<p>** Supported Google devices on Android 7.0 or later that have installed all +available updates are not affected by this vulnerability.</p> + + +<h3 id="eop-in-qualcomm-sound-codec-driver">Elevation of privilege +vulnerability in Qualcomm sound codec driver</h3> +<p>An elevation of privilege vulnerability in the Qualcomm sound codec driver +could enable a local malicious application to execute arbitrary code within the +context of the kernel. This issue is rated as High because it first requires +compromising a privileged process.</p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2016-10231</td> + <td>A-33966912<br> + <a +href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=3bfe5a89916f7d29492e9f6d941d108b688cb804"> +QC-CR#1096799</a></td> + <td>High</td> + <td>Pixel, Pixel XL</td> + <td>Dec 29, 2016</td> + </tr> +</table> + + +<h3 id="eop-in-qualcomm-video-driver">Elevation of privilege vulnerability in +Qualcomm video driver</h3> +<p>An elevation of privilege vulnerability in the Qualcomm video driver could +enable a local malicious application to execute arbitrary code within the +context of the kernel. This issue is rated as High because it first requires +compromising a privileged process.</p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2017-0579</td> + <td>A-34125463*<br> + QC-CR#1115406</td> + <td>High</td> + <td>Nexus 5X, Nexus 6P, Pixel, Pixel XL</td> + <td>Jan 5, 2017</td> + </tr> + <tr> + <td>CVE-2016-10232</td> + <td>A-34386696<br> + <a +href="https://source.codeaurora.org/quic/la//kernel/msm-3.10/commit/?id=21e0ead58e47798567d846b84f16f89cf69a57ae"> +QC-CR#1024872</a> <a +href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=27f7b3b3059f6181e2786f886f4cd92f413bc30c"> +[2]</a></td> + <td>High</td> + <td>Nexus 5X, Nexus 6P, Pixel, Pixel XL, Android One</td> + <td>Jan 10, 2017</td> + </tr> + <tr> + <td>CVE-2016-10233</td> + <td>A-34389926<br> + <a +href="https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=d793c6d91ecba2a1fd206ad47a4fd408d290addf"> +QC-CR#897452</a></td> + <td>High</td> + <td>None**</td> + <td>Jan 10, 2017</td> + </tr> +</table> +<p>* The patch for this issue is not publicly available. The update is contained +in the latest binary drivers for Nexus devices available from the +<a href="https://developers.google.com/android/nexus/drivers"> +Google Developer site</a>.</p> +<p>** Supported Google devices on Android 7.0 or later that have installed all +available updates are not affected by this vulnerability.</p> + + +<h3 id="eop-in-nvidia-boot-and-power-management-processor-driver">Elevation of +privilege vulnerability in NVIDIA boot and power management processor +driver</h3> +<p>An elevation of privilege vulnerability in the NVIDIA boot and power management +processor driver could enable a local malicious application to execute +arbitrary code within the context of the boot and power management processor. +This issue is rated as High because it first requires compromising a privileged +process.</p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2017-0329</td> + <td>A-34115304*<br> + N-CVE-2017-0329</td> + <td>High</td> + <td>Pixel C</td> + <td>Jan 5, 2017</td> + </tr> +</table> +<p>* The patch for this issue is not publicly available. The update is contained +in the latest binary drivers for Nexus devices available from the +<a href="https://developers.google.com/android/nexus/drivers"> +Google Developer site</a>.</p> + + +<h3 id="eop-in-synaptics-touchscreen-driver">Elevation of privilege +vulnerability in Synaptics touchscreen driver</h3> +<p>An elevation of privilege vulnerability in the Synaptics Touchscreen driver +could enable a local malicious application to execute arbitrary code within the +context of the kernel. This issue is rated as High because it first requires +compromising a privileged process.</p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2017-0580</td> + <td>A-34325986*<br> + </td> + <td>High</td> + <td>None**</td> + <td>Jan 16, 2017</td> + </tr> + <tr> + <td>CVE-2017-0581</td> + <td>A-34614485*<br> + </td> + <td>High</td> + <td>None**</td> + <td>Jan 22, 2017</td> + </tr> +</table> +<p>* The patch for this issue is not publicly available. The update is contained +in the latest binary drivers for Nexus devices available from the +<a href="https://developers.google.com/android/nexus/drivers"> +Google Developer site</a>.</p> +<p>** Supported Google devices on Android 7.0 or later that have installed all +available updates are not affected by this vulnerability.</p> + + +<h3 id="eop-in-qualcomm-seemp-driver">Elevation of privilege vulnerability in +Qualcomm Seemp driver</h3> +<p>An elevation of privilege vulnerability in the Qualcomm Seemp driver could +enable a local malicious application to execute arbitrary code within the +context of the kernel. This issue is rated as High because it first requires +compromising a privileged process.</p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2017-0462</td> + <td>A-33353601<br> + <a +href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=eb7b1426279e751b1fc3e86f434dc349945c1ae7"> +QC-CR#1102288</a></td> + <td>High</td> + <td>Pixel, Pixel XL</td> + <td>Google internal</td> + </tr> +</table> + + +<h3 id="eop-in-qualcomm-kyro-l2-driver">Elevation of privilege vulnerability in +Qualcomm Kyro L2 driver</h3> +<p>An elevation of privilege vulnerability in the Qualcomm Kyro L2 driver could +enable a local malicious application to execute arbitrary code within the +context of the kernel. This issue is rated as High because it first requires +compromising a privileged process.</p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2017-6423</td> + <td>A-32831370<br> + <a +href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=0f264f812b61884390b432fdad081a3e995ba768"> +QC-CR#1103158</a></td> + <td>High</td> + <td>Pixel, Pixel XL</td> + <td>Google internal</td> + </tr> +</table> + + +<h3 id="eop-in-kernel-file-system">Elevation of privilege vulnerability in +kernel file system</h3> +<p>An elevation of privilege vulnerability in the kernel file system could enable +a local malicious application to execute arbitrary code within the context of +the kernel. This issue is rated as High because it first requires compromising +a privileged process.</p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2014-9922</td> + <td>A-32761463<br> + <a +href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=69c433ed2ecd2d3264efd7afec4439524b319121"> +Upstream kernel</a></td> + <td>High</td> + <td>Nexus 5X, Nexus 6, Nexus 6P, Nexus 9, Pixel, Pixel XL, Pixel C, Android +One, Nexus Player</td> + <td>Google internal</td> + </tr> +</table> + + +<h3 id="id-in-kernel-memory-subsystem">Information disclosure vulnerability in +kernel memory subsystem</h3> +<p>An information disclosure vulnerability in the kernel memory subsystem could +enable a local malicious application to access data outside of its permission +levels. This issue is rated as High because it could be used to access +sensitive data without explicit user permission.</p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2014-0206</td> + <td>A-34465735<br> + <a +href="https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=d36db46c2cba973557eb6138d22210c4e0cf17d6"> +Upstream kernel</a></td> + <td>High</td> + <td>Nexus 6, Nexus Player</td> + <td>May 6, 2014</td> + </tr> +</table> + + +<h3 id="id-in-kernel-networking-subsystem">Information disclosure vulnerability +in kernel networking subsystem</h3> +<p>An information disclosure vulnerability in the kernel networking subsystem +could enable a local malicious application to access data outside of its +permission levels. This issue is rated as High because it could be used to +access sensitive data without explicit user permission.</p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2014-3145</td> + <td>A-34469585<br> + <a +href="https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=314760e66c35c8ffa51b4c4ca6948d207e783079"> +Upstream kernel</a> <a +href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=05ab8f2647e4221cbdb3856dd7d32bd5407316b3"> +[2]</a></td> + <td>High</td> + <td>Nexus 6, Nexus Player</td> + <td>May 9, 2014</td> + </tr> +</table> + + +<h3 id="id-in-qualcomm-trustzone">Information disclosure vulnerability in +Qualcomm TrustZone</h3> +<p>An information disclosure vulnerability in the Qualcomm TrustZone could enable +a local malicious application to access data outside of its permission levels. +This issue is rated as High because it could be used to access sensitive data +without explicit user permission.</p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2016-5349</td> + <td>A-29083830<br> + <a +href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=7c3bf6557c62d904b15507eb451fda8fd7ef750c"> +QC-CR#1021945</a> <a +href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=03853a58952834ac3e1e3007c9c680dd4c001a2f"> +[2]</a> <a +href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=e3d969000fb60ecb9bc01667fa89957f67763514"> +[3]</a> <a +href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=9bd398661cae758ffc557adc7de74ba32654e1f9"> +[4]</a></td> + <td>High</td> + <td>Nexus 5X, Nexus 6, Nexus 6P, Pixel, Pixel XL, Android One</td> + <td>Jun 1, 2016</td> + </tr> +</table> + + +<h3 id="id-in-qualcomm-ipa-driver">Information disclosure vulnerability in +Qualcomm IPA driver</h3> +<p>An information disclosure vulnerability in the Qualcomm IPA driver could enable +a local malicious application to access data outside of its permission levels. +This issue is rated as High because it could be used to access sensitive data +without explicit user permission.</p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2016-10234</td> + <td>A-34390017<br> + <a +href="https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=c7d7492c1e329fdeb28a7901c4cd634d41a996b1"> +QC-CR#1069060</a> <a +href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=d12370c7f3ecded1867fbd6b70ded35db55cab1d"> +[2]</a></td> + <td>High</td> + <td>Nexus 5X, Nexus 6P, Pixel, Pixel XL</td> + <td>Jan 10, 2017</td> + </tr> +</table> + + +<h3 id="dos-in-kernel-networking-subsystem">Denial of service vulnerability in +kernel networking subsystem</h3> +<p>A denial of service vulnerability in the kernel networking subsystem could +enable a remote attacker to use a specially crafted network packet to cause a +device hang or reboot. This issue is rated as High due to the possibility of +remote denial of service.</p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2014-2706</td> + <td>A-34160553<br> + <a +href="https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=1d147bfa64293b2723c4fec50922168658e613ba"> +Upstream kernel</a></td> + <td>High</td> + <td>Nexus Player</td> + <td>Apr 1, 2014</td> + </tr> +</table> + + +<h3 id="dos-in-qualcomm-wi-fi-driver">Denial of service vulnerability in +Qualcomm Wi-Fi driver</h3> +<p>A denial of service vulnerability in the Qualcomm Wi-Fi driver could enable a +proximate attacker to cause a denial of service in the Wi-Fi subsystem. This +issue is rated as High due to the possibility of remote denial of service.</p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2016-10235</td> + <td>A-34390620<br> + <a +href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=5bb0059243515ecdac138cfdb4cee7259bbd0bbc"> +QC-CR#1046409</a></td> + <td>High</td> + <td>None**</td> + <td>Jan 10, 2017</td> + </tr> +</table> +<p>** Supported Google devices on Android 7.0 or later that have installed all +available updates are not affected by this vulnerability.</p> + + +<h3 id="eop-in-kernel-file-system-2">Elevation of privilege vulnerability in +kernel file system</h3> +<p>An elevation of privilege vulnerability in the kernel file system could enable +a local malicious application to execute arbitrary code outside of its +permission levels. This issue is rated as Moderate because it first requires +compromising a privileged process and is mitigated by current platform +configurations.</p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2016-7097</td> + <td>A-32458736<br> + <a +href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=073931017b49d9458aa351605b43a7e34598caef"> +Upstream kernel</a></td> + <td>Moderate</td> + <td>Nexus 5X, Nexus 6, Nexus 6P, Nexus 9, Pixel, Pixel XL, Pixel C, Nexus +Player</td> + <td>Aug 28, 2016</td> + </tr> +</table> + + +<h3 id="eop-in-qualcomm-wi-fi-driver-2">Elevation of privilege vulnerability in +Qualcomm Wi-Fi driver</h3> +<p>An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could +enable a local malicious application to execute arbitrary code within the +context of the kernel. This issue is rated as Moderate because it first +requires compromising a privileged process and because of vulnerability +specific details which limit the impact of the issue.</p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2017-6424</td> + <td>A-32086742<br> + <a +href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=5cc2ac840e36a3342c5194c20b314f0bb95ef7e1"> +QC-CR#1102648</a></td> + <td>Moderate</td> + <td>Nexus 5X, Pixel, Pixel XL, Android One</td> + <td>Oct 9, 2016</td> + </tr> +</table> + + +<h3 id="eop-in-broadcom-wi-fi-driver-2">Elevation of privilege vulnerability in +Broadcom Wi-Fi driver</h3> +<p>An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could +enable a local malicious application to execute arbitrary code within the +context of the kernel. This issue is rated as Moderate because it first +requires compromising a privileged process and is mitigated by current platform +configurations.</p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2016-8465</td> + <td>A-32474971*<br> + B-RB#106053</td> + <td>Moderate</td> + <td>Nexus 6, Nexus 6P, Nexus 9, Pixel C, Nexus Player</td> + <td>Oct 27, 2016</td> + </tr> +</table> +<p>* The patch for this issue is not publicly available. The update is contained +in the latest binary drivers for Nexus devices available from the +<a href="https://developers.google.com/android/nexus/drivers"> +Google Developer site</a>.</p> + + +<h3 id="eop-in-htc-oem-fastboot-command">Elevation of privilege vulnerability +in HTC OEM fastboot command</h3> +<p>An elevation of privilege vulnerability in the HTC OEM fastboot command could +enable a local malicious application to execute arbitrary code within the +context of the sensor hub. This issue is rated as Moderate because it first +requires exploitation of separate vulnerabilities.</p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2017-0582</td> + <td>A-33178836*<br> + </td> + <td>Moderate</td> + <td>Nexus 9</td> + <td>Nov 28, 2016</td> + </tr> +</table> +<p>* The patch for this issue is not publicly available. The update is contained +in the latest binary drivers for Nexus devices available from the +<a href="https://developers.google.com/android/nexus/drivers"> +Google Developer site</a>.</p> + + +<h3 id="eop-in-qualcomm-cp-access-driver">Elevation of privilege vulnerability +in Qualcomm CP access driver</h3> +<p>An elevation of privilege vulnerability in the Qualcomm CP access driver could +enable a local malicious application to execute arbitrary code within the +context of the kernel. This issue is rated as Moderate because it first +requires compromising a privileged process and because of vulnerability +specific details which limit the impact of the issue.</p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2017-0583</td> + <td>A-32068683<br> + <a +href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=452d2ad331d20b19e8a0768c4b6e7fe1b65abe8f"> +QC-CR#1103788</a></td> + <td>Moderate</td> + <td>Nexus 5X, Nexus 6P, Pixel, Pixel XL, Android One</td> + <td>Google internal</td> + </tr> +</table> + + +<h3 id="id-in-kernel-media-driver">Information disclosure vulnerability in +kernel media driver</h3> +<p>An information disclosure vulnerability in the kernel media driver could enable +a local malicious application to access data outside of its permission levels. +This issue is rated as Moderate because it first requires compromising a +privileged process.</p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2014-1739</td> + <td>A-34460642<br> + <a +href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e6a623460e5fc960ac3ee9f946d3106233fd28d8"> +Upstream kernel</a></td> + <td>Moderate</td> + <td>Nexus 6, Nexus 9, Nexus Player</td> + <td>Jun 15, 2014</td> + </tr> +</table> + + +<h3 id="id-in-qualcomm-wi-fi-driver">Information disclosure vulnerability in +Qualcomm Wi-Fi driver</h3> +<p>An information disclosure vulnerability in the Qualcomm Wi-Fi driver could +enable a local malicious application to access data outside of its permission +levels. This issue is rated as Moderate because it first requires compromising +a privileged process.</p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2017-0584</td> + <td>A-32074353*<br> + QC-CR#1104731</td> + <td>Moderate</td> + <td>Nexus 5X, Pixel, Pixel XL</td> + <td>Oct 9, 2016</td> + </tr> +</table> +<p>* The patch for this issue is not publicly available. The update is contained +in the latest binary drivers for Nexus devices available from the +<a href="https://developers.google.com/android/nexus/drivers"> +Google Developer site</a>.</p> + + +<h3 id="id-in-broadcom-wi-fi-driver">Information disclosure vulnerability in +Broadcom Wi-Fi driver</h3> +<p>An information disclosure vulnerability in the Broadcom Wi-Fi driver could +enable a local malicious application to access data outside of its permission +levels. This issue is rated as Moderate because it first requires compromising +a privileged process.</p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2017-0585</td> + <td>A-32475556*<br> + B-RB#112953</td> + <td>Moderate</td> + <td>Nexus 6, Nexus 6P, Nexus 9, Pixel C, Nexus Player</td> + <td>Oct 27, 2016</td> + </tr> +</table> +<p>* The patch for this issue is not publicly available. The update is contained +in the latest binary drivers for Nexus devices available from the +<a href="https://developers.google.com/android/nexus/drivers"> +Google Developer site</a>.</p> + + +<h3 id="id-in-qualcomm-avtimer-driver">Information disclosure vulnerability in +Qualcomm Avtimer driver</h3> +<p>An information disclosure vulnerability in the Qualcomm Avtimer driver could +enable a local malicious application to access data outside of its permission +levels. This issue is rated as Moderate because it first requires compromising +a privileged process.</p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2016-5346</td> + <td>A-32551280<br> + <a +href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=6298a474322fb2182f795a622b2faa64abfd8474"> +QC-CR#1097878</a></td> + <td>Moderate</td> + <td>Pixel, Pixel XL</td> + <td>Oct 29, 2016</td> + </tr> +</table> + + +<h3 id="id-in-qualcomm-video-driver">Information disclosure vulnerability in +Qualcomm video driver</h3> +<p>An information disclosure vulnerability in the Qualcomm video driver could +enable a local malicious application to access data outside of its permission +levels. This issue is rated as Moderate because it first requires compromising +a privileged process.</p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2017-6425</td> + <td>A-32577085<br> + <a +href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=ef86560a21fe1f256f6ba772a195201ff202c657"> +QC-CR#1103689</a></td> + <td>Moderate</td> + <td>Pixel, Pixel XL</td> + <td>Oct 29, 2016</td> + </tr> +</table> + + +<h3 id="id-in-qualcomm-usb-driver">Information disclosure vulnerability in +Qualcomm USB driver</h3> +<p>An information disclosure vulnerability in the Qualcomm USB driver could enable +a local malicious application to access data outside of its permission levels. +This issue is rated as Moderate because it first requires compromising a +privileged process.</p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2016-10236</td> + <td>A-33280689<br> + <a +href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=b8199c2b852f1e23c988e10b8fbb8d34c98b4a1c"> +QC-CR#1102418</a></td> + <td>Moderate</td> + <td>Pixel, Pixel XL</td> + <td>Nov 30, 2016</td> + </tr> +</table> + + +<h3 id="id-in-qualcomm-sound-driver">Information disclosure vulnerability in +Qualcomm sound driver</h3> +<p>An information disclosure vulnerability in the Qualcomm sound driver could +enable a local malicious application to access data outside of its permission +levels. This issue is rated as Moderate because it first requires compromising +a privileged process.</p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2017-0586</td> + <td>A-33649808<br> + QC-CR#1097569</td> + <td>Moderate</td> + <td>Nexus 5X, Nexus 6, Nexus 6P, Pixel, Pixel XL, Android One</td> + <td>Dec 13, 2016</td> + </tr> +</table> + + +<h3 id="id-in-qualcomm-spmi-driver">Information disclosure vulnerability in +Qualcomm SPMI driver</h3> +<p>An information disclosure vulnerability in the Qualcomm SPMI driver could +enable a local malicious application to access data outside of its permission +levels. This issue is rated as Moderate because it first requires compromising +a privileged process.</p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2017-6426</td> + <td>A-33644474<br> + <a +href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=80decd6365deec08c35ecb902a58f9210599b39a"> +QC-CR#1106842</a></td> + <td>Moderate</td> + <td>Pixel, Pixel XL</td> + <td>Dec 14, 2016</td> + </tr> +</table> + + +<h3 id="id-in-nvidia-crypto-driver">Information disclosure vulnerability in +NVIDIA crypto driver</h3> +<p>An information disclosure vulnerability in the NVIDIA crypto driver could +enable a local malicious application to access data outside of its permission +levels. This issue is rated as Moderate because it first requires compromising +a privileged process.</p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2017-0328</td> + <td>A-33898322*<br> + N-CVE-2017-0328</td> + <td>Moderate</td> + <td>None**</td> + <td>Dec 24, 2016</td> + </tr> + <tr> + <td>CVE-2017-0330</td> + <td>A-33899858*<br> + N-CVE-2017-0330</td> + <td>Moderate</td> + <td>None**</td> + <td>Dec 24, 2016</td> + </tr> +</table> +<p>* The patch for this issue is not publicly available. The update is contained +in the latest binary drivers for Nexus devices available from the +<a href="https://developers.google.com/android/nexus/drivers"> +Google Developer site</a>.</p> +<p>** Supported Google devices on Android 7.0 or later that have installed all +available updates are not affected by this vulnerability.</p> + + +<h3 id="vulnerabilities-in-qualcomm-components-2">Vulnerabilities in Qualcomm +components</h3> +<p>These vulnerabilities affecting Qualcomm components were released as part of +Qualcomm AMSS security bulletins between 2014–2016. They are included in this +Android security bulletin to associate their fixes with an Android security +patch level. </p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Google devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2014-9931</td> + <td>A-35445101**<br> + QC-CR#612410</td> + <td>Critical</td> + <td>None**</td> + <td>Qualcomm internal</td> + </tr> + <tr> + <td>CVE-2014-9932</td> + <td>A-35434683**<br> + QC-CR#626734</td> + <td>Critical</td> + <td>Pixel, Pixel XL</td> + <td>Qualcomm internal</td> + </tr> + <tr> + <td>CVE-2014-9933</td> + <td>A-35442512<br> + QC-CR#675463</td> + <td>Critical</td> + <td>None**</td> + <td>Qualcomm internal</td> + </tr> + <tr> + <td>CVE-2014-9934</td> + <td>A-35439275**<br> + QC-CR#658249</td> + <td>Critical</td> + <td>None**</td> + <td>Qualcomm internal</td> + </tr> + <tr> + <td>CVE-2014-9935</td> + <td>A-35444951**<br> + QC-CR#717626</td> + <td>Critical</td> + <td>None**</td> + <td>Qualcomm internal</td> + </tr> + <tr> + <td>CVE-2014-9936</td> + <td>A-35442420**<br> + QC-CR#727389</td> + <td>Critical</td> + <td>None**</td> + <td>Qualcomm internal</td> + </tr> + <tr> + <td>CVE-2014-9937</td> + <td>A-35445102**<br> + QC-CR#734095</td> + <td>Critical</td> + <td>None**</td> + <td>Qualcomm internal</td> + </tr> + <tr> + <td>CVE-2015-8995</td> + <td>A-35445002**<br> + QC-CR#733690</td> + <td>Critical</td> + <td>None**</td> + <td>Qualcomm internal</td> + </tr> + <tr> + <td>CVE-2015-8996</td> + <td>A-35444658**<br> + QC-CR#734698</td> + <td>Critical</td> + <td>None**</td> + <td>Qualcomm internal</td> + </tr> + <tr> + <td>CVE-2015-8997</td> + <td>A-35432947**<br> + QC-CR#734707</td> + <td>Critical</td> + <td>None**</td> + <td>Qualcomm internal</td> + </tr> + <tr> + <td>CVE-2015-8998</td> + <td>A-35441175**<br> + QC-CR#735337</td> + <td>Critical</td> + <td>None**</td> + <td>Qualcomm internal</td> + </tr> + <tr> + <td>CVE-2015-8999</td> + <td>A-35445401**<br> + QC-CR#736119</td> + <td>Critical</td> + <td>None**</td> + <td>Qualcomm internal</td> + </tr> + <tr> + <td>CVE-2015-9000</td> + <td>A-35441076**<br> + QC-CR#740632</td> + <td>Critical</td> + <td>None**</td> + <td>Qualcomm internal</td> + </tr> + <tr> + <td>CVE-2015-9001</td> + <td>A-35445400**<br> + QC-CR#736083</td> + <td>Critical</td> + <td>None**</td> + <td>Qualcomm internal</td> + </tr> + <tr> + <td>CVE-2015-9002</td> + <td>A-35442421**<br> + QC-CR#748428</td> + <td>Critical</td> + <td>None**</td> + <td>Qualcomm internal</td> + </tr> + <tr> + <td>CVE-2015-9003</td> + <td>A-35440626**<br> + QC-CR#749215</td> + <td>Critical</td> + <td>None**</td> + <td>Qualcomm internal</td> + </tr> + <tr> + <td>CVE-2016-10242</td> + <td>A-35434643**<br> + QC-CR#985139</td> + <td>Critical</td> + <td>None**</td> + <td>Qualcomm internal</td> + </tr> +</table> +<p>* The severity rating for these vulnerabilities was determined by the vendor.</p> +<p>* The patch for this issue is not publicly available. The update is contained +in the latest binary drivers for Nexus devices available from the +<a href="https://developers.google.com/android/nexus/drivers"> +Google Developer site</a>.</p> +<p>*** Supported Google devices on Android 7.0 or later that have installed all +available updates are not affected by this vulnerability.</p> + +<h2 id="common-questions-and-answers">Common Questions and Answers</h2> +<p>This section answers common questions that may occur after reading this +bulletin.</p> +<p><strong>1. How do I determine if my device is updated to address these issues?</strong></p> +<p>To learn how to check a device's security patch level, read the instructions on +the <a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">Pixel +and Nexus update schedule</a>.</p> +<ul> + <li>Security patch levels of 2017-04-01 or later address all issues associated + with the 2017-04-01 security patch level.</li> + <li>Security patch levels of 2017-04-05 or later address all issues associated + with the 2017-04-05 security patch level and all previous patch levels.</li> +</ul> +<p>Device manufacturers that include these updates should set the patch string +level to:</p> +<ul> + <li>[ro.build.version.security_patch]:[2017-04-01]</li> + <li>[ro.build.version.security_patch]:[2017-04-05]</li> +</ul> + +<p><strong>2. Why does this bulletin have two security patch levels?</strong></p> +<p>This bulletin has two security patch levels so that Android partners have the +flexibility to fix a subset of vulnerabilities that are similar across all +Android devices more quickly. Android partners are encouraged to fix all issues +in this bulletin and use the latest security patch level.</p> +<ul> + <li>Devices that use the April 01, 2017 security patch level must include all + issues associated with that security patch level, as well as fixes for all + issues reported in previous security bulletins.</li> + <li>Devices that use the security patch level of April 05, 2017 or newer must + include all applicable patches in this (and previous) security + bulletins.</li> +</ul> +<p>Partners are encouraged to bundle the fixes for all issues they are addressing +in a single update.</p> +<p><strong>3. How do I determine which Google devices are affected by each +issue?</strong></p> +<p>In the <a +href="#2017-04-01-security-patch-level—vulnerability-details">2017-04-01</a> and +<a href="#2017-04-05-security-patch-level—vulnerability-details">2017-04-05</a> +security vulnerability details sections, each table has an <em>Updated Google +devices</em> column that covers the range of affected Google devices updated for +each issue. This column has a few options:</p> +<ul> + <li><strong>All Google devices</strong>: If an issue affects All and Pixel + devices, the table will have "All" in the <em>Updated Google devices</em> + column. "All" encapsulates the following <a + href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">supported + devices</a>: Nexus 5X, Nexus 6, Nexus 6P, Nexus 7 (2013), Nexus 9, Android One, + Nexus Player, Pixel C, Pixel, and Pixel XL.</li> + <li><strong>Some Google devices</strong>: If an issue doesn't affect all Google + devices, the affected Google devices are listed in the <em>Updated Google + devices</em> column.</li> + <li><strong>No Google devices</strong>: If no Google devices running Android 7.0 + are affected by the issue, the table will have "None" in the <em>Updated Google + devices</em> column. </li> +</ul> +<p><strong>4. What do the entries in the references column map to?</strong></p> +<p>Entries under the <em>References</em> column of the vulnerability details table +may contain a prefix identifying the organization to which the reference value +belongs. These prefixes map as follows:</p> +<table> + <tr> + <th>Prefix</th> + <th>Reference</th> + </tr> + <tr> + <td>A-</td> + <td>Android bug ID</td> + </tr> + <tr> + <td>QC-</td> + <td>Qualcomm reference number</td> + </tr> + <tr> + <td>M-</td> + <td>MediaTek reference number</td> + </tr> + <tr> + <td>N-</td> + <td>NVIDIA reference number</td> + </tr> + <tr> + <td>B-</td> + <td>Broadcom reference number</td> + </tr> +</table> + +<h2 id="revisions">Revisions</h2> +<ul> + <li>April 03, 2017: Bulletin published.</li> +</ul> + diff --git a/src/security/bulletin/index.jd b/src/security/bulletin/index.jd index 7f433e89..14733af0 100644 --- a/src/security/bulletin/index.jd +++ b/src/security/bulletin/index.jd @@ -76,6 +76,14 @@ Android Open Source Project (AOSP), the upstream Linux kernel, and system-on-chi <th>Security Patch Level</th> </tr> <tr> + <td><a href="2017-04-01.html">April 2017</a></td> + <td>Coming soon + </td> + <td>April 3, 2017</td> + <td>2017-04-01<br> + 2017-04-05</td> + </tr> + <tr> <td><a href="2017-03-01.html">March 2017</a></td> <td>Coming soon </td> diff --git a/src/security/overview/acknowledgements.jd b/src/security/overview/acknowledgements.jd index 00623b0f..06724bf9 100644 --- a/src/security/overview/acknowledgements.jd +++ b/src/security/overview/acknowledgements.jd @@ -104,6 +104,10 @@ of <a href="http://c0reteam.org">C0RE Team</a></p> <p><a href="mailto:hlhan@bupt.edu.cn">Hongli Han</a> of <a href="http://c0reteam.org">C0RE Team</a></p> +<p>Ian Foster (<a href="https://twitter.com/lanrat">@lanrat</a>)</p> + +<p>Jack Tang of Trend Micro Inc.</p> + <p>Jeff Sharkey of Google</p> <p>Jeff Trim</p> @@ -127,10 +131,15 @@ of <a href="http://c0reteam.org">C0RE Team</a></p> <p>Makoto Onuki of Google</p> +<p><a href="mailto:salyzyn@android.com">Mark Salyzyn</a> of Google</p> + <p>Max Spector of Google:</p> <p>Michael Goberman of IBM Security X-Force</p> +<p>Mike Anderson (<a href="https://twitter.com/manderbot">@manderbot</a>) + of Tesla Motors Product Security Team</p> + <p>Mingjian Zhou (<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>) of <a href="http://c0reteam.org">C0RE Team</a></p> @@ -186,9 +195,13 @@ href="http://www.byterev.com">ByteRev</a></p> <p>Svetoslav Ganov of Google</p> +<p>Tim Becker</p> + <p><a href="mailto:segfault5514@gmail.com">Tong Lin</a> of <a href="http://c0reteam.org">C0RE Team</a></p> +<p>Uma Sankar Pradhan (<a href="https://twitter.com/umasankar_iitd">@umasankar_iitd</a>)</p> + <p>V.E.O (<a href="https://twitter.com/vysea">@VYSEa</a>) of Mobile Threat Research Team, <a href="http://www.trendmicro.com">Trend Micro</a></p> @@ -199,6 +212,9 @@ of <a href="http://c0reteam.org">C0RE Team</a></p> <p><a href="mailto:vancouverdou@gmail.com">Wenke Dou</a> of <a href="http://c0reteam.org">C0RE Team</a></p> + +<p>Wenlin Yang (<a href="https://twitter.com/wenlin_yang">@wenlin_yang</a>) +of Alpha Team, Qihoo 360 Technology Co. Ltd.</p> <p>Wish Wu (<a href="https://twitter.com/wish_wu">@wish_wu</a>) (<a href="http://www.weibo.com/wishlinux">吴潍浠</a> 此彼) of Ant-financial Light-Year @@ -219,6 +235,9 @@ of <a href="http://c0reteam.org">C0RE Team</a></p> <p>Yong Wang (王勇) (<a href="https://twitter.com/ThomasKing2014">@ThomasKing2014</a>) of Alibaba Inc.</p> + +<p>Yonggang Guo (<a href="https://twitter.com/guoygang">@guoygang</a>) of + IceSword Lab, Qihoo 360 Technology Co. Ltd.</p> <p>Yu Pan of Vulpecker Team, Qihoo 360 Technology Co. Ltd</p> @@ -240,6 +259,11 @@ of <a href="http://c0reteam.org">C0RE Team</a></p> <p><a href="mailto:sundaywind2004@gmail.com">Zhixin Li</a> of <a href="http://www.nsfocus.com">NSFocus</a></p> + +<p><a href="http://weibo.com/ele7enxxh">Zinuo Han</a> from Chengdu Security + Response Center of Qihoo 360 Technology Co. Ltd.</p> + + <p>Zubin Mithra of Google</p> </div> diff --git a/src/security/security_toc.cs b/src/security/security_toc.cs index 53aa8d31..36ff2aa2 100644 --- a/src/security/security_toc.cs +++ b/src/security/security_toc.cs @@ -62,6 +62,7 @@ <li><a href="<?cs var:toroot ?>security/advisory/2016-03-18.html">2016-03-18</a></li> </ul> </li> + <li><a href="<?cs var:toroot ?>security/bulletin/2017-04-01.html">April 2017</a></li> <li><a href="<?cs var:toroot ?>security/bulletin/2017-03-01.html">March 2017</a></li> <li><a href="<?cs var:toroot ?>security/bulletin/2017-02-01.html">February 2017</a></li> <li><a href="<?cs var:toroot ?>security/bulletin/2017-01-01.html">January 2017</a></li> |