diff options
| author | Clay Murphy <claym@google.com> | 2017-07-11 21:17:20 +0000 |
|---|---|---|
| committer | Gerrit Code Review <noreply-gerritcodereview@google.com> | 2017-07-11 21:17:20 +0000 |
| commit | f7613b6660a3a8d2591704ea0a4574c633bf0f75 (patch) | |
| tree | b16206b32b153c3edb1744b655b1a3bfdeb7af91 /en/security/bulletin/2017-07-01.html | |
| parent | 4a5bcd6fa800faafbe7272d39266e21dc26edf39 (diff) | |
| parent | 7b7ac1c38b6987cc7a1f9f307bc6d099a470e76f (diff) | |
| download | source.android.com-f7613b6660a3a8d2591704ea0a4574c633bf0f75.tar.gz | |
Merge "Docs: Changes to source.android.com"
Diffstat (limited to 'en/security/bulletin/2017-07-01.html')
| -rw-r--r-- | en/security/bulletin/2017-07-01.html | 1779 |
1 files changed, 1779 insertions, 0 deletions
diff --git a/en/security/bulletin/2017-07-01.html b/en/security/bulletin/2017-07-01.html new file mode 100644 index 00000000..3660f247 --- /dev/null +++ b/en/security/bulletin/2017-07-01.html @@ -0,0 +1,1779 @@ +<html devsite> + <head> + <title>Android Security Bulletin—July 2017</title> + <meta name="project_path" value="/_project.yaml" /> + <meta name="book_path" value="/_book.yaml" /> + </head> + <body> + <!-- + Copyright 2017 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + //www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + --> +<p><em>Published July 5, 2017 | Updated July 6, 2017</em></p> + +<p>The Android Security Bulletin contains details of security vulnerabilities +affecting Android devices. Security patch levels of July 05, 2017 or later +address all of these issues. Refer to the <a +href="//support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">Pixel +and Nexus update schedule</a> to learn how to check a device's security patch +level.</p> + +<p>Partners were notified of the issues described in the bulletin at least a month +ago. Source code patches for these issues have been released to the Android Open +Source Project (AOSP) repository and linked from this bulletin. This bulletin also +includes links to patches outside of AOSP.</p> + +<p>The most severe of these issues is a critical security vulnerability in media +framework that could enable a remote attacker using a specially crafted file to +execute arbitrary code within the context of a privileged process. The <a +href="/security/overview/updates-resources.html#severity">severity +assessment</a> is based on the effect that exploiting the vulnerability would +possibly have on an affected device, assuming the platform and service +mitigations are turned off for development purposes or if successfully bypassed.</p> + +<p>We have had no reports of active customer exploitation or abuse of these newly +reported issues. Refer to the <a +href="#mitigations">Android and Google Play +Protect mitigations</a> section for details on the <a +href="/security/enhancements/index.html">Android +security platform protections</a> and Google Play Protect, which improve the +security of the Android platform.</p> + +<p>We encourage all customers to accept these updates to their devices.</p> + +<p class="note"><strong>Note:</strong> Information on the latest over-the-air +update (OTA) and firmware images for Google devices is available in the +<a href="#google-device-updates">Google device updates</a> section.</p> + +<h2 id="announcements">Announcements</h2> +<ul> + <li>This bulletin has two security patch level strings to provide Android + partners with the flexibility to more quickly fix a subset of vulnerabilities + that are similar across all Android devices. See <a + href="#common-questions-and-answers">Common questions and answers</a> for + additional information: + <ul> + <li><strong>2017-07-01</strong>: Partial security patch level string. This + security patch level string indicates that all issues associated with 2017-07-01 + (and all previous security patch level strings) are addressed.</li> + <li><strong>2017-07-05</strong>: Complete security patch level string. This + security patch level string indicates that all issues associated with 2017-07-01 + and 2017-07-05 (and all previous security patch level strings) are + addressed.</li> + </ul> + </li> +</ul> + +<h2 id="mitigations">Android and Google Play Protect mitigations</h2> +<p>This is a summary of the mitigations provided by the <a +href="/security/enhancements/index.html">Android +security platform</a> and service protections such as <a +href="//www.android.com/play-protect">Google Play Protect</a>. These +capabilities reduce the likelihood that security vulnerabilities could be +successfully exploited on Android.</p> +<ul> + <li>Exploitation for many issues on Android is made more difficult by + enhancements in newer versions of the Android platform. We encourage all users + to update to the latest version of Android where possible.</li> + <li>The Android security team actively monitors for abuse through <a + href="//www.android.com/play-protect">Google Play Protect</a> and warns + users about <a + href="/security/reports/Google_Android_Security_PHA_classifications.pdf">Potentially + Harmful Applications</a>. Google Play Protect is enabled by default on devices + with <a href="//www.android.com/gms">Google Mobile Services</a>, and is + especially important for users who install apps from outside of Google Play. + </li> +</ul> + +<h2 id="2017-07-01-details">2017-07-01 security patch level—Vulnerability details</h2> +<p>In the sections below, we provide details for each of the security +vulnerabilities that apply to the 2017-07-01 patch level. Vulnerabilities are +grouped under the component that they affect. There is a description of the +issue and a table with the CVE, associated references, <a +href="#common-questions-and-answers">type of vulnerability</a>, <a +href="/security/overview/updates-resources.html#severity">severity</a>, +and updated AOSP versions (where applicable). When available, we link the public +change that addressed the issue to the bug ID, like the AOSP change list. When +multiple changes relate to a single bug, additional references are linked to +numbers following the bug ID.</p> + +<h3 id="runtime">Runtime</h3> +<p>The most severe vulnerability in this section could enable a remote attacker +using a specially crafted file to execute arbitrary code within the context of +an unprivileged process.</p> + +<table> + <col width="17%"> + <col width="19%"> + <col width="9%"> + <col width="14%"> + <col width="39%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Type</th> + <th>Severity</th> + <th>Updated AOSP versions</th> + </tr> + <tr> + <td>CVE-2017-3544</td> + <td><a href="https://android.googlesource.com/platform/libcore/+/c5dd90d62590425f04a261e0f6c927acca147f88"> + A-35784677</a></td> + <td>RCE</td> + <td>Moderate</td> + <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> + </tr> +</table> +<h3 id="framework">Framework</h3> +<p>The most severe vulnerability in this section could enable a local malicious +application using a specially crafted file to execute arbitrary code within the +context of an application that uses the library.</p> + +<table> + <col width="17%"> + <col width="19%"> + <col width="9%"> + <col width="14%"> + <col width="39%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Type</th> + <th>Severity</th> + <th>Updated AOSP versions</th> + </tr> + <tr> + <td>CVE-2017-0664</td> + <td><a href="https://android.googlesource.com/platform/frameworks/base/+/59773dc2f213c3e645c7e04881afa0a8e6ffccca"> + A-36491278</a></td> + <td>EoP</td> + <td>High</td> + <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> + </tr> + <tr> + <td>CVE-2017-0665</td> + <td><a href="https://android.googlesource.com/platform/frameworks/native/+/75edf04bf18d37df28fb58e1d75331ed4bcae230"> + A-36991414</a></td> + <td>EoP</td> + <td>High</td> + <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> + </tr> + <tr> + <td>CVE-2017-0666</td> + <td><a href="https://android.googlesource.com/platform/frameworks/native/+/5fc2df253c089b53b3e235a3f237f96a98b53977"> + A-37285689</a></td> + <td>EoP</td> + <td>High</td> + <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> + </tr> + <tr> + <td>CVE-2017-0667</td> + <td><a href="https://android.googlesource.com/platform/frameworks/native/+/5ac63e4547feaa7cb51ac81896250f47f367ffba"> + A-37478824</a></td> + <td>EoP</td> + <td>High</td> + <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> + </tr> + <tr> + <td>CVE-2017-0668</td> + <td><a href="https://android.googlesource.com/platform/packages/providers/DownloadProvider/+/b3e3325d23289a94e66d8ce36a53a7ccf7b52c6d"> + A-22011579</a></td> + <td>ID</td> + <td>Moderate</td> + <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> + </tr> + <tr> + <td>CVE-2017-0669</td> + <td><a href="https://android.googlesource.com/platform/packages/providers/MediaProvider/+/7b7ef84234cd3daea0e22025b908b0041885736c"> + A-34114752</a></td> + <td>ID</td> + <td>High</td> + <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> + </tr> + <tr> + <td>CVE-2017-0670</td> + <td><a href="https://android.googlesource.com/platform/bionic/+/e102faee8b2f87c28616e7f5453f9a11eea9b122"> + A-36104177</a></td> + <td>DoS</td> + <td>High</td> + <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> + </tr> +</table> +<h3 id="libraries">Libraries</h3> +<p>The most severe vulnerability in this section could enable a remote attacker +using a specially crafted file to execute arbitrary code within the context of +an application that uses the library.</p> + +<table> + <col width="17%"> + <col width="19%"> + <col width="9%"> + <col width="14%"> + <col width="39%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Type</th> + <th>Severity</th> + <th>Updated AOSP versions</th> + </tr> + <tr> + <td>CVE-2017-0671</td> + <td>A-34514762<a href="#asterisk">*</a></td> + <td>RCE</td> + <td>High</td> + <td>4.4.4</td> + </tr> + <tr> + <td>CVE-2016-2109</td> + <td><a href="https://android.googlesource.com/platform/external/boringssl/+/ccb2efe8d3fccb4321e85048d67c8528e03d4652"> + A-35443725</a></td> + <td>DoS</td> + <td>High</td> + <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> + </tr> + <tr> + <td>CVE-2017-0672</td> + <td><a href="https://android.googlesource.com/platform/external/skia/+/c4087ff5486d36a690c681affb668164ec0dd697"> + A-34778578</a></td> + <td>DoS</td> + <td>High</td> + <td>7.0, 7.1.1, 7.1.2</td> + </tr> +</table> +<h3 id="media-framework">Media framework</h3> +<p>The most severe vulnerability in this section could enable a remote attacker +using a specially crafted file to execute arbitrary code within the context of +a privileged process.</p> + +<table> + <col width="17%"> + <col width="19%"> + <col width="9%"> + <col width="14%"> + <col width="39%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Type</th> + <th>Severity</th> + <th>Updated AOSP versions</th> + </tr> + <tr> + <td>CVE-2017-0540</td> + <td><a href="https://android.googlesource.com/platform/external/libhevc/+/a92b39ff0c47d488b81fecd62ba85e48d386aa68"> + A-33966031</a></td> + <td>RCE</td> + <td>Critical</td> + <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> + </tr> + <tr> + <td>CVE-2017-0673</td> + <td><a href="https://android.googlesource.com/platform/external/libavc/+/381ccb2b7f2ba42490bafab6aa7a63a8212b396f"> + A-33974623</a></td> + <td>RCE</td> + <td>Critical</td> + <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> + </tr> + <tr> + <td>CVE-2017-0674</td> + <td><a href="https://android.googlesource.com/platform/external/libmpeg2/+/1603112cccbab3dff66a7eb1b82e858c1749f34b"> + A-34231163</a></td> + <td>RCE</td> + <td>Critical</td> + <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> + </tr> + <tr> + <td>CVE-2017-0675</td> + <td><a href="https://android.googlesource.com/platform/external/libhevc/+/726108468dcfdabb833b8d55333de53cf6350aaa"> + A-34779227</a> + [<a href="https://android.googlesource.com/platform/external/libhevc/+/4395fc2288e3f692765c73fce416e831fdaa5463">2</a>]</td> + <td>RCE</td> + <td>Critical</td> + <td>6.0.1, 7.0, 7.1.1, 7.1.2</td> + </tr> + <tr> + <td>CVE-2017-0676</td> + <td><a href="https://android.googlesource.com/platform/external/libhevc/+/8e415eabb5d2abd2f2bd40a675339d967f81521b"> + A-34896431</a></td> + <td>RCE</td> + <td>Critical</td> + <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> + </tr> + <tr> + <td>CVE-2017-0677</td> + <td><a href="https://android.googlesource.com/platform/external/libavc/+/b8fee6a6d0a91fb5ddca8f54b0c891e25c1b65ae"> + A-36035074</a></td> + <td>RCE</td> + <td>Critical</td> + <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> + </tr> + <tr> + <td>CVE-2017-0678</td> + <td><a href="https://android.googlesource.com/platform/frameworks/av/+/64bc0b8c0c495c487604d483aa57978db7f634be"> + A-36576151</a></td> + <td>RCE</td> + <td>Critical</td> + <td>7.0, 7.1.1, 7.1.2</td> + </tr> + <tr> + <td>CVE-2017-0679</td> + <td><a href="https://android.googlesource.com/platform/external/libavc/+/91cb6b1745f3e9d341cf6decc2b916cb1e4eea77"> + A-36996978</a></td> + <td>RCE</td> + <td>Critical</td> + <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> + </tr> + <tr> + <td>CVE-2017-0680</td> + <td><a href="https://android.googlesource.com/platform/external/libavc/+/989df73b34a7a698731cab3ee1e4a831a862fbe1"> + A-37008096</a></td> + <td>RCE</td> + <td>Critical</td> + <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> + </tr> + <tr> + <td>CVE-2017-0681</td> + <td><a href="https://android.googlesource.com/platform/external/tremolo/+/822af05a1364d8dc6189dce5380a2703214dd799"> + A-37208566</a></td> + <td>RCE</td> + <td>Critical</td> + <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> + </tr> + <tr> + <td>CVE-2017-0682</td> + <td>A-36588422<a href="#asterisk">*</a></td> + <td>RCE</td> + <td>High</td> + <td>7.0, 7.1.1, 7.1.2</td> + </tr> + <tr> + <td>CVE-2017-0683</td> + <td>A-36591008<a href="#asterisk">*</a></td> + <td>RCE</td> + <td>High</td> + <td>7.0, 7.1.1, 7.1.2</td> + </tr> + <tr> + <td>CVE-2017-0684</td> + <td><a href="https://android.googlesource.com/platform/frameworks/av/+/c7c9271740c29c02e7926265ed53a44b8113dbfb"> + A-35421151</a></td> + <td>EoP</td> + <td>High</td> + <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> + </tr> + <tr> + <td>CVE-2017-0685</td> + <td><a href="https://android.googlesource.com/platform/external/libmpeg2/+/680b75dabb90c8c2e22886826554ad1bc99b36f1"> + A-34203195</a></td> + <td>DoS</td> + <td>High</td> + <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> + </tr> + <tr> + <td>CVE-2017-0686</td> + <td><a href="https://android.googlesource.com/platform/external/libmpeg2/+/b8d7e85c10cc22e1a5d81ec3d8a2e5bdd6102852"> + A-34231231</a></td> + <td>DoS</td> + <td>High</td> + <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> + </tr> + <tr> + <td>CVE-2017-0688</td> + <td><a href="https://android.googlesource.com/platform/external/libavc/+/62c07468bc26d1f9487c5298bb2a2f3740db13b1"> + A-35584425</a></td> + <td>DoS</td> + <td>High</td> + <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> + </tr> + <tr> + <td>CVE-2017-0689</td> + <td><a href="https://android.googlesource.com/platform/external/libhevc/+/2210ff5600d3f965352a3074adff8fedddcf347e"> + A-36215950</a></td> + <td>DoS</td> + <td>High</td> + <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> + </tr> + <tr> + <td>CVE-2017-0690</td> + <td><a href="https://android.googlesource.com/platform/frameworks/av/+/1f418f10f4319fc829360b7efee7fca4b3880867"> + A-36592202</a></td> + <td>DoS</td> + <td>High</td> + <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> + </tr> + <tr> + <td>CVE-2017-0691</td> + <td><a href="https://android.googlesource.com/platform/external/dng_sdk/+/c70264282305351abbec9b967333db4d896583b9"> + A-36724453</a></td> + <td>DoS</td> + <td>High</td> + <td>7.0, 7.1.1, 7.1.2</td> + </tr> + <tr> + <td>CVE-2017-0692</td> + <td><a href="https://android.googlesource.com/platform/external/sonivox/+/6db482687caf12ea7d2d07d655b17413bc937c73"> + A-36725407</a></td> + <td>DoS</td> + <td>High</td> + <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> + </tr> + <tr> + <td>CVE-2017-0693</td> + <td><a href="https://android.googlesource.com/platform/external/libavc/+/632ff754836d22415136cb3f97fe4622c862ce81"> + A-36993291</a></td> + <td>DoS</td> + <td>High</td> + <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> + </tr> + <tr> + <td>CVE-2017-0694</td> + <td><a href="https://android.googlesource.com/platform/external/sonivox/+/47750a5f1b19695ac64d6f7aa6e7e0918d3c8977"> + A-37093318</a></td> + <td>DoS</td> + <td>High</td> + <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> + </tr> + <tr> + <td>CVE-2017-0695</td> + <td><a href="https://android.googlesource.com/platform/external/libhevc/+/cc5683451dd9be1491b54f215e9934d49f11cf70"> + A-37094889</a></td> + <td>DoS</td> + <td>High</td> + <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> + </tr> + <tr> + <td>CVE-2017-0696</td> + <td><a href="https://android.googlesource.com/platform/external/libavc/+/0d0ddb7cd7618ede5301803c526f066b95ce5089"> + A-37207120</a></td> + <td>DoS</td> + <td>High</td> + <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> + </tr> + <tr> + <td>CVE-2017-0697</td> + <td><a href="https://android.googlesource.com/platform/frameworks/av/+/c5eaf3ae70d5ea3a7d390294002e4cf9859b3578"> + A-37239013</a></td> + <td>DoS</td> + <td>High</td> + <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> + </tr> + <tr> + <td>CVE-2017-0698</td> + <td><a href="https://android.googlesource.com/platform/frameworks/av/+/1618337cac09284fddb5bb14b5e0cfe2946d3431"> + A-35467458</a></td> + <td>ID</td> + <td>Moderate</td> + <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> + </tr> + <tr> + <td>CVE-2017-0699</td> + <td><a href="https://android.googlesource.com/platform/external/libavc/+/989b2afc3ebb1bbb4c962e2aff1fd9b3149f83f1"> + A-36490809</a></td> + <td>ID</td> + <td>Moderate</td> + <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> + </tr> +</table> +<h3 id="system-ui">System UI</h3> +<p>The most severe vulnerability in this section could enable a remote attacker +using a specially crafted file to execute arbitrary code within the context of a +privileged process.</p> + +<table> + <col width="17%"> + <col width="19%"> + <col width="9%"> + <col width="14%"> + <col width="39%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Type</th> + <th>Severity</th> + <th>Updated AOSP versions</th> + </tr> + <tr> + <td>CVE-2017-0700</td> + <td><a href="https://android.googlesource.com/platform/external/libgdx/+/38889ebd9b9c682bd1b64fd251ecd69b504a6155"> + A-35639138</a></td> + <td>RCE</td> + <td>High</td> + <td>7.1.1, 7.1.2</td> + </tr> + <tr> + <td>CVE-2017-0701</td> + <td><a href="https://android.googlesource.com/platform/external/libgdx/+/85e94f5b67c1beb9402c4de82bd481a5202470de"> + A-36385715</a> + [<a href="https://android.googlesource.com/platform/external/libgdx/+/bd4c825d8fc5dd48f5c602e673ae210909b31fd0">2</a>]</td> + <td>RCE</td> + <td>High</td> + <td>7.1.1, 7.1.2</td> + </tr> + <tr> + <td>CVE-2017-0702</td> + <td><a href="https://android.googlesource.com/platform/external/libgdx/+/5d46e9a1784c02f347af107a978fe9fbd7af7fb2"> + A-36621442</a></td> + <td>RCE</td> + <td>High</td> + <td>7.1.1, 7.1.2</td> + </tr> + <tr> + <td>CVE-2017-0703</td> + <td><a href="https://android.googlesource.com/platform/packages/apps/Settings/+/4af8f912aa1ee714638d0f9694d6f856bc8166f3"> + A-33123882</a></td> + <td>EoP</td> + <td>High</td> + <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> + </tr> + <tr> + <td>CVE-2017-0704</td> + <td><a href="https://android.googlesource.com/platform/packages/apps/Settings/+/179f0e9512100b0a403aab8b2b4cf5510bb20bee"> + A-33059280</a></td> + <td>EoP</td> + <td>Moderate</td> + <td>7.1.1, 7.1.2</td> + </tr> +</table> + +<h2 id="2017-07-05-details">2017-07-05 security patch level—Vulnerability details</h2> +<p>In the sections below, we provide details for each of the security +vulnerabilities that apply to the 2017-07-05 patch level. Vulnerabilities are +grouped under the component that they affect and include details such as the +CVE, associated references, <a href="#common-questions-and-answers">type of +vulnerability</a>, <a +href="/security/overview/updates-resources.html#severity">severity</a>, +component (where applicable), and updated AOSP versions (where applicable). When +available, we link the public change that addressed the issue to the bug ID, +like the AOSP change list. When multiple changes relate to a single bug, +additional references are linked to numbers following the bug ID.</p> + +<h3 id="broadcom-components">Broadcom components</h3> +<p>The most severe vulnerability in this section could enable a proximate attacker +to execute arbitrary code within the context of the kernel.</p> + +<table> + <col width="17%"> + <col width="19%"> + <col width="9%"> + <col width="14%"> + <col width="39%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Type</th> + <th>Severity</th> + <th>Component</th> + </tr> + <tr> + <td>CVE-2017-9417</td> + <td>A-38041027<a href="#asterisk">*</a><br> + B-RB#123023</td> + <td>RCE</td> + <td>Critical</td> + <td>Wi-Fi driver</td> + </tr> + <tr> + <td>CVE-2017-0705</td> + <td>A-34973477<a href="#asterisk">*</a><br> + B-RB#119898</td> + <td>EoP</td> + <td>Moderate</td> + <td>Wi-Fi driver</td> + </tr> + <tr> + <td>CVE-2017-0706</td> + <td>A-35195787<a href="#asterisk">*</a><br> + B-RB#120532</td> + <td>EoP</td> + <td>Moderate</td> + <td>Wi-Fi driver</td> + </tr> +</table> +<h3 id="htc-components">HTC components</h3> +<p>The most severe vulnerability in this section could enable a local malicious +application to execute arbitrary code within the context of a privileged +process.</p> + +<table> + <col width="17%"> + <col width="19%"> + <col width="9%"> + <col width="14%"> + <col width="39%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Type</th> + <th>Severity</th> + <th>Component</th> + </tr> + <tr> + <td>CVE-2017-0707</td> + <td>A-36088467<a href="#asterisk">*</a></td> + <td>EoP</td> + <td>Moderate</td> + <td>LED driver</td> + </tr> + <tr> + <td>CVE-2017-0708</td> + <td>A-35384879<a href="#asterisk">*</a></td> + <td>ID</td> + <td>Moderate</td> + <td>Sound driver</td> + </tr> + <tr> + <td>CVE-2017-0709</td> + <td>A-35468048<a href="#asterisk">*</a></td> + <td>ID</td> + <td>Low</td> + <td>Sensor hub driver</td> + </tr> +</table> +<h3 id="kernel-components">Kernel components</h3> +<p>The most severe vulnerability in this section could enable a local malicious +application to execute arbitrary code within the context of a privileged +process.</p> + +<table> + <col width="17%"> + <col width="19%"> + <col width="9%"> + <col width="14%"> + <col width="39%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Type</th> + <th>Severity</th> + <th>Component</th> + </tr> + <tr> + <td>CVE-2017-6074</td> + <td>A-35784697<br> +<a href="//git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=5edabca9d4cff7f1f2b68f0bac55ef99d9798ba4">Upstream +kernel</a></td> + <td>EoP</td> + <td>High</td> + <td>Networking subsystem</td> + </tr> + <tr> + <td>CVE-2017-5970</td> + <td>A-35805460<br> +<a href="//git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=34b2cef20f19c87999fff3da4071e66937db9644">Upstream +kernel</a></td> + <td>DoS</td> + <td>High</td> + <td>Networking subsystem</td> + </tr> + <tr> + <td>CVE-2015-5707</td> + <td>A-35841297<br> +<a href="//git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=451a2886b6bf90e2fb378f7c46c655450fb96e81">Upstream kernel</a> +[<a href="//git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fdc81f45e9f57858da6351836507fbcf1b7583ee">2</a>]</td> + <td>EoP</td> + <td>Moderate</td> + <td>SCSI driver</td> + </tr> + <tr> + <td>CVE-2017-0710</td> + <td>A-34951864<a href="#asterisk">*</a></td> + <td>EoP</td> + <td>Moderate</td> + <td>TCB</td> + </tr> + <tr> + <td>CVE-2017-7308</td> + <td>A-36725304<br> +<a href="//git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=2b6867c2ce76c596676bec7d2d525af525fdc6e2">Upstream kernel</a> +[<a href="//git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=8f8d28e4d6d815a391285e121c3a53a0b6cb9e7b">2</a>] +[<a href="//git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=bcc5364bdcfe131e6379363f089e7b4108d35b70">3</a>]</td> + <td>EoP</td> + <td>Moderate</td> + <td>Networking driver</td> + </tr> + <tr> + <td>CVE-2014-9731</td> + <td>A-35841292<br> +<a href="//git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0e5cc9a40ada6046e6bc3bdfcd0c0d7e4b706b14">Upstream +kernel</a></td> + <td>ID</td> + <td>Moderate</td> + <td>File system</td> + </tr> +</table> +<h3 id="mediatek-components">MediaTek components</h3> +<p>The most severe vulnerability in this section could enable a local malicious +application to execute arbitrary code within the context of a privileged +process.</p> + +<table> + <col width="17%"> + <col width="19%"> + <col width="9%"> + <col width="14%"> + <col width="39%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Type</th> + <th>Severity</th> + <th>Component</th> + </tr> + <tr> + <td> CVE-2017-0711</td> + <td>A-36099953<a href="#asterisk">*</a><br> + M-ALPS03206781</td> + <td>EoP</td> + <td>High</td> + <td>Networking driver</td> + </tr> +</table> +<h3 id="nvidia-components">NVIDIA components</h3> +<p>The most severe vulnerability in this section could enable a local malicious +application to execute arbitrary code within the context of a privileged +process.</p> + +<table> + <col width="17%"> + <col width="19%"> + <col width="9%"> + <col width="14%"> + <col width="39%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Type</th> + <th>Severity</th> + <th>Component</th> + </tr> + <tr> + <td>CVE-2017-0340</td> + <td>A-33968204<a href="#asterisk">*</a><br> + N-CVE-2017-0340</td> + <td>EoP</td> + <td>High</td> + <td>Libnvparser</td> + </tr> + <tr> + <td>CVE-2017-0326</td> + <td>A-33718700<a href="#asterisk">*</a><br> + N-CVE-2017-0326</td> + <td>ID</td> + <td>Moderate</td> + <td>Video driver</td> + </tr> +</table> +<h3 id="qualcomm-components">Qualcomm components</h3> +<p>The most severe vulnerability in this section could enable a local malicious +application to execute arbitrary code within the context of the kernel.</p> + +<table> + <col width="17%"> + <col width="19%"> + <col width="9%"> + <col width="14%"> + <col width="39%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Type</th> + <th>Severity</th> + <th>Component</th> + </tr> + <tr> + <td>CVE-2017-8255</td> + <td>A-36251983<br> +<a href="//source.codeaurora.org/quic/la/abl/tianocore/edk2/commit/?id=cd42366a73b38c8867b66472f07d67a6eccde599">QC-CR#985205</a></td> + <td>EoP</td> + <td>High</td> + <td>Bootloader</td> + </tr> + <tr> + <td>CVE-2016-10389</td> + <td>A-34500449<br> +<a href="//source.codeaurora.org/quic/la//kernel/lk/commit/?id=031c27b4b8414bc93a14e773503d9bfc0fc890d2">QC-CR#1009145</a></td> + <td>EoP</td> + <td>High</td> + <td>Bootloader</td> + </tr> + <tr> + <td>CVE-2017-8253</td> + <td>A-35400552<br> +<a href="//www.codeaurora.org/gitweb/quic/la/?p=kernel/msm-4.4.git;a=commit;h=a5f07894058c4198f61e533d727b343c5be879b0">QC-CR#1086764</a></td> + <td>EoP</td> + <td>High</td> + <td>Camera driver</td> + </tr> + <tr> + <td>CVE-2017-8262</td> + <td>A-32938443<br> +<a href="//source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=9ef4ee8e3dfaf4e796bda781826851deebbd89bd">QC-CR#2029113</a></td> + <td>EoP</td> + <td>High</td> + <td>GPU driver</td> + </tr> + <tr> + <td>CVE-2017-8263</td> + <td>A-34126808<a href="#asterisk">*</a><br> + QC-CR#1107034</td> + <td>EoP</td> + <td>High</td> + <td>Anonymous shared memory subsystem</td> + </tr> + <tr> + <td>CVE-2017-8267</td> + <td>A-34173755<a href="#asterisk">*</a><br> + QC-CR#2001129</td> + <td>EoP</td> + <td>High</td> + <td>Anonymous shared memory subsystem</td> + </tr> + <tr> + <td>CVE-2017-8273</td> + <td>A-35400056<br> +<a href="//source.codeaurora.org/quic/la//kernel/lk/commit/?id=dfe6691ba301c769179cabab12d74d4e952462b9">QC-CR#1094372</a> +[<a +href="//source.codeaurora.org/quic/la//kernel/lk/commit/?id=30d94c33dec0ffedc875d7853635a9773921320a">2</a>]</td> + <td>EoP</td> + <td>High</td> + <td>Bootloader</td> + </tr> + <tr> + <td>CVE-2016-5863</td> + <td>A-36251182<br> +<a href="//source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=daf0acd54a6a80de227baef9a06285e4aa5f8c93">QC-CR#1102936</a></td> + <td>EoP</td> + <td>Moderate</td> + <td>USB HID driver</td> + </tr> + <tr> + <td>CVE-2017-8243</td> + <td>A-34112490<a href="#asterisk">*</a><br> + QC-CR#2001803</td> + <td>EoP</td> + <td>Moderate</td> + <td>SoC driver</td> + </tr> + <tr> + <td>CVE-2017-8246</td> + <td>A-37275839<br> +<a href="//source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=30baaec8afb05abf9f794c631ad944838d498ab8">QC-CR#2008031</a></td> + <td>EoP</td> + <td>Moderate</td> + <td>Sound driver</td> + </tr> + <tr> + <td>CVE-2017-8256</td> + <td>A-37286701<br> +<a href="//source.codeaurora.org/quic/la//platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=75e1e00d6b3cd4cb89fd5314a60c333aa0b03230">QC-CR#1104565</a></td> + <td>EoP</td> + <td>Moderate</td> + <td>Wi-Fi driver</td> + </tr> + <tr> + <td>CVE-2017-8257</td> + <td>A-37282763<br> +<a href="//source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=0f19fbd00c6679bbc524f7a6d0fc3d54cfd1c9ae">QC-CR#2003129</a></td> + <td>EoP</td> + <td>Moderate</td> + <td>Video driver</td> + </tr> + <tr> + <td>CVE-2017-8259</td> + <td>A-34359487<br> +<a href="//source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=68020103af00280393da10039b968c95d68e526c">QC-CR#2009016</a></td> + <td>EoP</td> + <td>Moderate</td> + <td>SoC driver</td> + </tr> + <tr> + <td>CVE-2017-8260</td> + <td>A-34624155<br> +<a href="//source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=8f236391e5187c05f7f4b937856944be0af7aaa5">QC-CR#2008469</a></td> + <td>EoP</td> + <td>Moderate</td> + <td>Camera driver</td> + </tr> + <tr> + <td>CVE-2017-8261</td> + <td>A-35139833<a href="#asterisk">*</a><br> + QC-CR#2013631</td> + <td>EoP</td> + <td>Moderate</td> + <td>Camera driver</td> + </tr> + <tr> + <td>CVE-2017-8264</td> + <td>A-33299365<a href="#asterisk">*</a><br> + QC-CR#1107702</td> + <td>EoP</td> + <td>Moderate</td> + <td>Camera driver</td> + </tr> + <tr> + <td>CVE-2017-8265</td> + <td>A-32341313<br> +<a href="//source.codeaurora.org/quic/la//kernel/msm-3.10/commit/?id=193813a21453ccc7fb6b04bedf881a6feaaa015f">QC-CR#1109755</a></td> + <td>EoP</td> + <td>Moderate</td> + <td>Video driver</td> + </tr> + <tr> + <td>CVE-2017-8266</td> + <td>A-33863407<br> +<a href="//source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=42627c94cf8c189332a6f5bfdd465ea662777911">QC-CR#1110924</a></td> + <td>EoP</td> + <td>Moderate</td> + <td>Video driver</td> + </tr> + <tr> + <td>CVE-2017-8268</td> + <td>A-34620535<a href="#asterisk">*</a><br> + QC-CR#2002207</td> + <td>EoP</td> + <td>Moderate</td> + <td>Camera driver</td> + </tr> + <tr> + <td>CVE-2017-8270</td> + <td>A-35468665<a href="#asterisk">*</a><br> + QC-CR#2021363</td> + <td>EoP</td> + <td>Moderate</td> + <td>Wi-Fi driver</td> + </tr> + <tr> + <td>CVE-2017-8271</td> + <td>A-35950388<a href="#asterisk">*</a><br> + QC-CR#2028681</td> + <td>EoP</td> + <td>Moderate</td> + <td>Video driver</td> + </tr> + <tr> + <td>CVE-2017-8272</td> + <td>A-35950805<a href="#asterisk">*</a><br> + QC-CR#2028702</td> + <td>EoP</td> + <td>Moderate</td> + <td>Video driver</td> + </tr> + <tr> + <td>CVE-2017-8254</td> + <td>A-36252027<br> +<a href="//source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=70afce1d9be745005c48fd565c01ce452a565e7e">QC-CR#832914</a></td> + <td>ID</td> + <td>Moderate</td> + <td>Sound driver</td> + </tr> + <tr> + <td>CVE-2017-8258</td> + <td>A-37279737<br> +<a href="//source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=31e2a2f0f2f3615cefd4400c707709bbc3e26170">QC-CR#2005647</a></td> + <td>ID</td> + <td>Moderate</td> + <td>Camera driver</td> + </tr> + <tr> + <td>CVE-2017-8269</td> + <td>A-33967002<a href="#asterisk">*</a><br> + QC-CR#2013145</td> + <td>ID</td> + <td>Moderate</td> + <td>IPA Driver</td> + </tr> +</table> +<h3 id="qualcomm-closed-source-components">Qualcomm closed-source +components</h3> +<p>These vulnerabilities affect Qualcomm components and are described in further +detail in Qualcomm AMSS security bulletins in 2014-2016. They are included in +this Android security bulletin in order to associate their fixes with an Android +security patch level. Fixes for these vulnerabilities are available directly +from Qualcomm.</p> + +<table> + <col width="17%"> + <col width="19%"> + <col width="9%"> + <col width="14%"> + <col width="39%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Type</th> + <th>Severity</th> + <th>Component</th> + </tr> + <tr> + <td>CVE-2014-9411</td> + <td>A-37473054<a href="#asterisk">*</a><br> + QC-CR#532956</td> + <td>N/A</td> + <td>High</td> + <td>Secure systems group</td> + </tr> + <tr> + <td>CVE-2014-9968</td> + <td>A-37304413<a href="#asterisk">*</a><br> + QC-CR#642084</td> + <td>N/A</td> + <td>High</td> + <td>Modem</td> + </tr> + <tr> + <td>CVE-2014-9973</td> + <td>A-37470982<a href="#asterisk">*</a><br> + QC-CR#646919</td> + <td>N/A</td> + <td>High</td> + <td>Secure systems group</td> + </tr> + <tr> + <td>CVE-2014-9974</td> + <td>A-37471979<a href="#asterisk">*</a><br> + QC-CR#654072</td> + <td>N/A</td> + <td>High</td> + <td>Secure systems group</td> + </tr> + <tr> + <td>CVE-2014-9975</td> + <td>A-37471230<a href="#asterisk">*</a><br> + QC-CR#700125</td> + <td>N/A</td> + <td>High</td> + <td>Secure systems group</td> + </tr> + <tr> + <td>CVE-2014-9977</td> + <td>A-37471087<a href="#asterisk">*</a><br> + QC-CR#703002</td> + <td>N/A</td> + <td>High</td> + <td>Secure systems group</td> + </tr> + <tr> + <td>CVE-2014-9978</td> + <td>A-37468982<a href="#asterisk">*</a><br> + QC-CR#709939</td> + <td>N/A</td> + <td>High</td> + <td>Secure systems group</td> + </tr> + <tr> + <td>CVE-2014-9979</td> + <td>A-37471088<a href="#asterisk">*</a><br> + QC-CR#717304</td> + <td>N/A</td> + <td>High</td> + <td>Secure systems group</td> + </tr> + <tr> + <td>CVE-2014-9980</td> + <td>A-37471029<a href="#asterisk">*</a><br> + QC-CR#709766</td> + <td>N/A</td> + <td>High</td> + <td>Secure systems group</td> + </tr> + <tr> + <td>CVE-2015-0575</td> + <td>A-37296999<a href="#asterisk">*</a><br> + QC-CR#715815</td> + <td>N/A</td> + <td>High</td> + <td>Modem</td> + </tr> + <tr> + <td>CVE-2015-8592</td> + <td>A-37470090<a href="#asterisk">*</a><br> + QC-CR#775396</td> + <td>N/A</td> + <td>High</td> + <td>Core</td> + </tr> + <tr> + <td>CVE-2015-8595</td> + <td>A-37472411<a href="#asterisk">*</a><br> + QC-CR#790151</td> + <td>N/A</td> + <td>High</td> + <td>Secure systems group</td> + </tr> + <tr> + <td>CVE-2015-8596</td> + <td>A-37472806<a href="#asterisk">*</a><br> + QC-CR#802005</td> + <td>N/A</td> + <td>High</td> + <td>Secure systems group</td> + </tr> + <tr> + <td>CVE-2015-9034</td> + <td>A-37305706<a href="#asterisk">*</a><br> + QC-CR#614512</td> + <td>N/A</td> + <td>High</td> + <td>Modem</td> + </tr> + <tr> + <td>CVE-2015-9035</td> + <td>A-37303626<a href="#asterisk">*</a><br> + QC-CR#750231</td> + <td>N/A</td> + <td>High</td> + <td>Modem</td> + </tr> + <tr> + <td>CVE-2015-9036</td> + <td>A-37303519<a href="#asterisk">*</a><br> + QC-CR#751831</td> + <td>N/A</td> + <td>High</td> + <td>Modem</td> + </tr> + <tr> + <td>CVE-2015-9037</td> + <td>A-37304366<a href="#asterisk">*</a><br> + QC-CR#753315</td> + <td>N/A</td> + <td>High</td> + <td>Modem</td> + </tr> + <tr> + <td>CVE-2015-9038</td> + <td>A-37303027<a href="#asterisk">*</a><br> + QC-CR#758328</td> + <td>N/A</td> + <td>High</td> + <td>Modem</td> + </tr> + <tr> + <td>CVE-2015-9039</td> + <td>A-37302628<a href="#asterisk">*</a><br> + QC-CR#760282</td> + <td>N/A</td> + <td>High</td> + <td>Modem</td> + </tr> + <tr> + <td>CVE-2015-9040</td> + <td>A-37303625<a href="#asterisk">*</a><br> + QC-CR#761216</td> + <td>N/A</td> + <td>High</td> + <td>Modem</td> + </tr> + <tr> + <td>CVE-2015-9041</td> + <td>A-37303518<a href="#asterisk">*</a><br> + QC-CR#762126</td> + <td>N/A</td> + <td>High</td> + <td>Modem</td> + </tr> + <tr> + <td>CVE-2015-9042</td> + <td>A-37301248<a href="#asterisk">*</a><br> + QC-CR#762214</td> + <td>N/A</td> + <td>High</td> + <td>Modem</td> + </tr> + <tr> + <td>CVE-2015-9043</td> + <td>A-37305954<a href="#asterisk">*</a><br> + QC-CR#762954</td> + <td>N/A</td> + <td>High</td> + <td>Modem</td> + </tr> + <tr> + <td>CVE-2015-9044</td> + <td>A-37303520<a href="#asterisk">*</a><br> + QC-CR#764858</td> + <td>N/A</td> + <td>High</td> + <td>Modem</td> + </tr> + <tr> + <td>CVE-2015-9045</td> + <td>A-37302136<a href="#asterisk">*</a><br> + QC-CR#766189</td> + <td>N/A</td> + <td>High</td> + <td>Modem</td> + </tr> + <tr> + <td>CVE-2015-9046</td> + <td>A-37301486<a href="#asterisk">*</a><br> + QC-CR#767335</td> + <td>N/A</td> + <td>High</td> + <td>Modem</td> + </tr> + <tr> + <td>CVE-2015-9047</td> + <td>A-37304367<a href="#asterisk">*</a><br> + QC-CR#779285</td> + <td>N/A</td> + <td>High</td> + <td>Modem</td> + </tr> + <tr> + <td>CVE-2015-9048</td> + <td>A-37305707<a href="#asterisk">*</a><br> + QC-CR#795960</td> + <td>N/A</td> + <td>High</td> + <td>Modem</td> + </tr> + <tr> + <td>CVE-2015-9049</td> + <td>A-37301488<a href="#asterisk">*</a><br> + QC-CR#421589, QC-CR#817165</td> + <td>N/A</td> + <td>High</td> + <td>Modem</td> + </tr> + <tr> + <td>CVE-2015-9050</td> + <td>A-37302137<a href="#asterisk">*</a><br> + QC-CR#830102</td> + <td>N/A</td> + <td>High</td> + <td>Modem</td> + </tr> + <tr> + <td>CVE-2015-9051</td> + <td>A-37300737<a href="#asterisk">*</a><br> + QC-CR#837317</td> + <td>N/A</td> + <td>High</td> + <td>Modem</td> + </tr> + <tr> + <td>CVE-2015-9052</td> + <td>A-37304217<a href="#asterisk">*</a><br> + QC-CR#840483</td> + <td>N/A</td> + <td>High</td> + <td>Modem</td> + </tr> + <tr> + <td>CVE-2015-9053</td> + <td>A-37301249<a href="#asterisk">*</a><br> + QC-CR#843808</td> + <td>N/A</td> + <td>High</td> + <td>Modem</td> + </tr> + <tr> + <td>CVE-2015-9054</td> + <td>A-37303177<a href="#asterisk">*</a><br> + QC-CR#856077</td> + <td>N/A</td> + <td>High</td> + <td>Modem</td> + </tr> + <tr> + <td>CVE-2015-9055</td> + <td>A-37472412<a href="#asterisk">*</a><br> + QC-CR#806464</td> + <td>N/A</td> + <td>High</td> + <td>Core</td> + </tr> + <tr> + <td>CVE-2015-9060</td> + <td>A-37472807<a href="#asterisk">*</a><br> + QC-CR#817343</td> + <td>N/A</td> + <td>High</td> + <td>Secure systems group</td> + </tr> + <tr> + <td>CVE-2015-9061</td> + <td>A-37470436<a href="#asterisk">*</a><br> + QC-CR#824195</td> + <td>N/A</td> + <td>High</td> + <td>Secure systems group</td> + </tr> + <tr> + <td>CVE-2015-9062</td> + <td>A-37472808<a href="#asterisk">*</a><br> + QC-CR#802039</td> + <td>N/A</td> + <td>High</td> + <td>Secure systems group</td> + </tr> + <tr> + <td>CVE-2015-9067</td> + <td>A-37474000<a href="#asterisk">*</a><br> + QC-CR#848926</td> + <td>N/A</td> + <td>High</td> + <td>Secure systems group</td> + </tr> + <tr> + <td>CVE-2015-9068</td> + <td>A-37470144<a href="#asterisk">*</a><br> + QC-CR#851114</td> + <td>N/A</td> + <td>High</td> + <td>Secure systems group</td> + </tr> + <tr> + <td>CVE-2015-9069</td> + <td>A-37470777<a href="#asterisk">*</a><br> + QC-CR#854496</td> + <td>N/A</td> + <td>High</td> + <td>Secure systems group</td> + </tr> + <tr> + <td>CVE-2015-9070</td> + <td>A-37474001<a href="#asterisk">*</a><br> + QC-CR#877102</td> + <td>N/A</td> + <td>High</td> + <td>Secure systems group</td> + </tr> + <tr> + <td>CVE-2015-9071</td> + <td>A-37471819<a href="#asterisk">*</a><br> + QC-CR#877276</td> + <td>N/A</td> + <td>High</td> + <td>Secure systems group</td> + </tr> + <tr> + <td>CVE-2015-9072</td> + <td>A-37474002<a href="#asterisk">*</a><br> + QC-CR#877361</td> + <td>N/A</td> + <td>High</td> + <td>Secure systems group</td> + </tr> + <tr> + <td>CVE-2015-9073</td> + <td>A-37473407<a href="#asterisk">*</a><br> + QC-CR#878073</td> + <td>N/A</td> + <td>High</td> + <td>Secure systems group</td> + </tr> + <tr> + <td>CVE-2016-10343</td> + <td>A-32580186<a href="#asterisk">*</a><br> + QC-CR#972213</td> + <td>N/A</td> + <td>High</td> + <td>Modem</td> + </tr> + <tr> + <td>CVE-2016-10344</td> + <td>A-32583954<a href="#asterisk">*</a><br> + QC-CR#1022360</td> + <td>N/A</td> + <td>High</td> + <td>Modem</td> + </tr> + <tr> + <td>CVE-2016-10346</td> + <td>A-37473408<a href="#asterisk">*</a><br> + QC-CR#896584</td> + <td>N/A</td> + <td>High</td> + <td>Core</td> + </tr> + <tr> + <td>CVE-2016-10347</td> + <td>A-37471089<a href="#asterisk">*</a><br> + QC-CR#899671</td> + <td>N/A</td> + <td>High</td> + <td>Core</td> + </tr> + <tr> + <td>CVE-2016-10382</td> + <td>A-28823584<a href="#asterisk">*</a><br> + QC-CR#944014</td> + <td>N/A</td> + <td>High</td> + <td>Secure systems group</td> + </tr> + <tr> + <td>CVE-2016-10383</td> + <td>A-28822389<a href="#asterisk">*</a><br> + QC-CR#960624</td> + <td>N/A</td> + <td>High</td> + <td>Secure systems group</td> + </tr> + <tr> + <td>CVE-2016-10388</td> + <td>A-32580294<a href="#asterisk">*</a><br> + QC-CR#992749</td> + <td>N/A</td> + <td>High</td> + <td>Secure systems group</td> + </tr> + <tr> + <td>CVE-2016-10391</td> + <td>A-32583804<a href="#asterisk">*</a><br> + QC-CR#970283</td> + <td>N/A</td> + <td>High</td> + <td>WConnect</td> + </tr> + <tr> + <td>CVE-2016-5871</td> + <td>A-37473055<a href="#asterisk">*</a><br> + QC-CR#883013</td> + <td>N/A</td> + <td>High</td> + <td>Secure systems group</td> + </tr> + <tr> + <td>CVE-2016-5872</td> + <td>A-37472809<a href="#asterisk">*</a><br> + QC-CR#886220</td> + <td>N/A</td> + <td>High</td> + <td>Secure systems group</td> + </tr> +</table> +<h2 id="google-device-updates">Google device updates</h2> +<p>This table contains the security patch level in the latest over-the-air update +(OTA) and firmware images for Google devices. The Google device firmware images +are available on the <a +href="//developers.google.com/android/nexus/images">Google Developer +site</a>.</p> + +<table> + <col width="25%"> + <col width="75%"> + <tr> + <th>Google device</th> + <th>Security patch level</th> + </tr> + <tr> + <td>Pixel / Pixel XL</td> + <td>July 05, 2017</td> + </tr> + <tr> + <td>Nexus 5X</td> + <td>July 05, 2017</td> + </tr> + <tr> + <td>Nexus 6</td> + <td>July 05, 2017</td> + </tr> + <tr> + <td>Nexus 6P</td> + <td>July 05, 2017</td> + </tr> + <tr> + <td>Nexus 9</td> + <td>July 05, 2017</td> + </tr> + <tr> + <td>Nexus Player</td> + <td>July 05, 2017</td> + </tr> + <tr> + <td>Pixel C</td> + <td>July 05, 2017</td> + </tr> +</table> +<h2 id="acknowledgements">Acknowledgements</h2> +<p>We would like to thank these researchers for their contributions:</p> + +<table> + <col width="17%"> + <col width="83%"> + <tr> + <th>CVEs</th> + <th>Researchers</th> + </tr> + <tr> + <td>CVE-2017-0711</td> + <td>Chengming Yang, Baozeng Ding, and Yang Song of Alibaba Mobile Security +Group</td> + </tr> + <tr> + <td>CVE-2017-0706</td> + <td>Daxing Guo (<a href="//twitter.com/freener0">@freener0</a>) of +Xuanwu Lab, Tencent</td> + </tr> + <tr> + <td>CVE-2017-8260</td> + <td>Derrek (<a href="//twitter.com/derrekr6">@derrekr6</a>) and Scott +Bauer</td> + </tr> + <tr> + <td>CVE-2017-8265</td> + <td>Di Shen (<a href="//twitter.com/returnsme?lang=en">@returnsme</a>) +of KeenLab (<a href="//twitter.com/keen_lab?lang=en">@keen_lab</a>), +Tencent</td> + </tr> + <tr> + <td>CVE-2017-0703</td> + <td><a href="//fb.me/dzimka">Dzmitry Lukyanenka</a></td> + </tr> + <tr> + <td>CVE-2017-0692, CVE-2017-0694</td> + <td>Elphet and Gong Guang of Alpha Team, Qihoo 360 Technology Co. Ltd.</td> + </tr> + <tr> + <td>CVE-2017-8266, CVE-2017-8243, CVE-2017-8270</td> + <td>Gengjia Chen (<a +href="//twitter.com/chengjia4574">@chengjia4574</a>) and <a +href="//weibo.com/jfpan">pjf</a> of IceSword Lab, Qihoo 360 Technology Co. +Ltd.</td> + </tr> + <tr> + <td>CVE-2017-0665, CVE-2017-0681</td> + <td><a href="mailto:arnow117@gmail.com">Hanxiang Wen</a>, Mingjian Zhou (<a +href="//twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>), and Xuxian Jiang +of <a href="//c0reteam.org">C0RE Team</a></td> + </tr> + <tr> + <td>CVE-2017-8268, CVE-2017-8261</td> + <td>Jianqiang Zhao (<a +href="//twitter.com/jianqiangzhao">@jianqiangzhao</a>) and <a +href="//weibo.com/jfpan">pjf</a> of IceSword Lab, Qihoo 360</td> + </tr> + <tr> + <td>CVE-2017-0698</td> + <td>Joey Brand of Census Consulting Inc.</td> + </tr> + <tr> + <td>CVE-2017-0666, CVE-2017-0684</td> + <td>Mingjian Zhou (<a +href="//twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>), <a +href="mailto:zc1991@mail.ustc.edu.cn">Chi Zhang</a>, and Xuxian Jiang of <a +href="//c0reteam.org">C0RE Team</a></td> + </tr> + <tr> + <td>CVE-2017-0697, CVE-2017-0670</td> + <td><a href="mailto:jiych.guru@gmail.com">Niky1235</a> (<a +href="//twitter.com/jiych_guru">@jiych_guru</a>)</td> + </tr> + <tr> + <td>CVE-2017-9417</td> + <td>Nitay Artenstein of Exodus Intelligence</td> + </tr> + <tr> + <td>CVE-2017-0705, CVE-2017-8259</td> + <td><a href="//twitter.com/ScottyBauer1">Scott Bauer</a></td> + </tr> + <tr> + <td>CVE-2017-0667</td> + <td>Timothy Becker of CSS Inc.</td> + </tr> + <tr> + <td>CVE-2017-0642, CVE-2017-0682, CVE-2017-0683, CVE-2017-0676, +CVE-2017-0696,CVE-2017-0675, CVE-2017-0701, CVE-2017-0702, CVE-2017-0699</td> + <td>Vasily Vasiliev</td> + </tr> + <tr> + <td>CVE-2017-0695, CVE-2017-0689, CVE-2017-0540, CVE-2017-0680, +CVE-2017-0679, CVE-2017-0685, CVE-2017-0686, CVE-2017-0693,CVE-2017-0674, +CVE-2017-0677</td> + <td>V.E.O (<a href="//twitter.com/vysea">@VYSEa</a>) of <a +href="//blog.trendmicro.com/trendlabs-security-intelligence/category/mobile/">Mobile +Threat Response Team</a>, <a href="//www.trendmicro.com">Trend Micro</a></td> + </tr> + <tr> + <td>CVE-2017-0708</td> + <td>Xiling Gong of Tencent Security Platform Department</td> + </tr> + <tr> + <td>CVE-2017-0690</td> + <td>Yangkang (<a href="//twitter.com/dnpushme">@dnpushme</a>) and +Liyadong of Qihoo 360 Qex Team</td> + </tr> + <tr> + <td>CVE-2017-8269, CVE-2017-8271, CVE-2017-8272, CVE-2017-8267</td> + <td>Yonggang Guo (<a href="//twitter.com/guoygang">@guoygang</a>) of +IceSword Lab, Qihoo 360 Technology Co. Ltd.</td> + </tr> + <tr> + <td>CVE-2017-8264, CVE-2017-0326, CVE-2017-0709</td> + <td>Yuan-Tsung Lo (<a +href="mailto:computernik@gmail.com">computernik@gmail.com</a>) and Xuxian Jiang +of <a href="//c0reteam.org">C0RE Team</a></td> + </tr> + <tr> + <td>CVE-2017-0704, CVE-2017-0669</td> + <td>Yuxiang Li (<a href="//twitter.com/xbalien29">@Xbalien29</a>) of +Tencent Security Platform Department</td> + </tr> + <tr> + <td>CVE-2017-0678</td> + <td><a href="//weibo.com/ele7enxxh">Zinuo Han</a> of Chengdu Security +Response Center, Qihoo 360 Technology Co. Ltd.</td> + </tr> + <tr> + <td>CVE-2017-0691, CVE-2017-0700</td> + <td><a href="//weibo.com/ele7enxxh">Zinuo Han</a> of Chengdu Security +Response Center, Qihoo 360 Technology Co. Ltd. and Ao Wang (<a +href="//twitter.com/ArayzSegment">@ArayzSegment</a>) of <a +href="//www.pwnzen.com/">Pangu Team</a></td> + </tr> +</table> +<h2 id="common-questions-and-answers">Common questions and answers</h2> +<p>This section answers common questions that may occur after reading this +bulletin.</p> + +<p><strong>1. How do I determine if my device is updated to address these issues? +</strong></p> + +<p>To learn how to check a device's security patch level, read the instructions on +the <a href="//support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">Pixel +and Nexus update schedule</a>.</p> +<ul> + <li>Security patch levels of 2017-07-01 or later address all issues associated + with the 2017-07-01 security patch level.</li> + <li>Security patch levels of 2017-07-05 or later address all issues associated + with the 2017-07-05 security patch level and all previous patch levels.</li> +</ul> +<p>Device manufacturers that include these updates should set the patch string +level to:</p> +<ul> + <li>[ro.build.version.security_patch]:[2017-07-01]</li> + <li>[ro.build.version.security_patch]:[2017-07-05]</li> +</ul> +<p><strong>2. Why does this bulletin have two security patch levels?</strong></p> + +<p>This bulletin has two security patch levels so that Android partners have the +flexibility to fix a subset of vulnerabilities that are similar across all +Android devices more quickly. Android partners are encouraged to fix all issues +in this bulletin and use the latest security patch level.</p> +<ul> + <li>Devices that use the July 01, 2017 security patch level must include all + issues associated with that security patch level, as well as fixes for all + issues reported in previous security bulletins.</li> + <li>Devices that use the security patch level of July 05, 2017 or newer must + include all applicable patches in this (and previous) security + bulletins.</li> +</ul> +<p>Partners are encouraged to bundle the fixes for all issues they are addressing +in a single update.</p> + +<p><strong>3. What do the entries in the <em>Type</em> column mean?</strong></p> + +<p>Entries in the <em>Type</em> column of the vulnerability details table reference +the classification of the security vulnerability.</p> + +<table> + <col width="25%"> + <col width="75%"> + <tr> + <th>Abbreviation</th> + <th>Definition</th> + </tr> + <tr> + <td>RCE</td> + <td>Remote code execution</td> + </tr> + <tr> + <td>EoP</td> + <td>Elevation of privilege</td> + </tr> + <tr> + <td>ID</td> + <td>Information disclosure</td> + </tr> + <tr> + <td>DoS</td> + <td>Denial of service</td> + </tr> + <tr> + <td>N/A</td> + <td>Classification not available</td> + </tr> +</table> + +<p><strong>4. What do the entries in the <em>References</em> column mean?</strong></p> + +<p>Entries under the <em>References</em> column of the vulnerability details table +may contain a prefix identifying the organization to which the reference value +belongs.</p> + +<table> + <col width="25%"> + <col width="75%"> + <tr> + <th>Prefix</th> + <th>Reference</th> + </tr> + <tr> + <td>A-</td> + <td>Android bug ID</td> + </tr> + <tr> + <td>QC-</td> + <td>Qualcomm reference number</td> + </tr> + <tr> + <td>M-</td> + <td>MediaTek reference number</td> + </tr> + <tr> + <td>N-</td> + <td>NVIDIA reference number</td> + </tr> + <tr> + <td>B-</td> + <td>Broadcom reference number</td> + </tr> +</table> + +<p id="asterisk"><strong>5. What does a * next to the Android bug ID in the <em>References</em> +column mean?</strong></p> + +<p>Issues that are not publicly available have a * next to the Android bug ID in +the <em>References</em> column. The update for that issue is generally contained +in the latest binary drivers for Nexus devices available from the <a +href="//developers.google.com/android/nexus/drivers">Google Developer +site</a>.</p> + +<h2 id="versions">Versions</h2> +<table> + <col width="25%"> + <col width="25%"> + <col width="50%"> + <tr> + <th>Version</th> + <th>Date</th> + <th>Notes</th> + </tr> + <tr> + <td>1.0</td> + <td>July 5, 2017</td> + <td>Bulletin published.</td> + </tr> + <tr> + <td>1.1</td> + <td>July 6, 2017</td> + <td>Bulletin revised to include AOSP links.</td> + </tr> +</table> +</body> +</html> |