diff options
Diffstat (limited to 'en/security/bulletin/2017-06-01.html')
| -rw-r--r-- | en/security/bulletin/2017-06-01.html | 1400 |
1 files changed, 1400 insertions, 0 deletions
diff --git a/en/security/bulletin/2017-06-01.html b/en/security/bulletin/2017-06-01.html new file mode 100644 index 00000000..8c3f8faf --- /dev/null +++ b/en/security/bulletin/2017-06-01.html @@ -0,0 +1,1400 @@ +<html devsite> + <head> + <title>Android Security Bulletin—June 2017</title> + <meta name="project_path" value="/_project.yaml" /> + <meta name="book_path" value="/_book.yaml" /> + </head> + <body> + <!-- + Copyright 2017 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. + --> +<p><em>Published June 5, 2017</em></p> + +<p>The Android Security Bulletin contains details of security vulnerabilities +affecting Android devices. Security patch levels of June 05, 2017 or later +address all of these issues. Refer to the <a +href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">Pixel +and Nexus update schedule</a> to learn how to check a device's security patch +level.</p> + +<p>Partners were notified of the issues described in the bulletin at least a +month ago. Source code patches for these issues will be released to the Android +Open Source Project (AOSP) repository in the next 48 hours. We will revise this +bulletin with the AOSP links when they are available.</p> + +<p>The most severe of these issues is a critical security vulnerability in Media +Framework that could enable a remote attacker using a specially crafted file to +cause memory corruption during media file and data processing. The <a +href="/security/overview/updates-resources.html#severity">severity +assessment</a> is based on the effect that exploiting the vulnerability would +possibly have on an affected device, assuming the platform and service +mitigations are turned off for development purposes or if successfully bypassed.</p> + +<p>We have had no reports of active customer exploitation or abuse of these newly +reported issues. Refer to the +<a href="#mitigations">Android and Google Play Protect mitigations</a> +section for details on the <a +href="/security/enhancements/index.html">Android +security platform protections</a> and <a +href="https://www.android.com/play-protect">Google Play Protect</a>, +which improve the security of the Android platform.</p> + +<p>We encourage all customers to accept these updates to their devices.</p> + +<p class="note"><strong>Note:</strong> Information on the latest over-the-air update (OTA) and +firmware images for Google devices is available in the <a +href="#google-device-updates">Google device updates</a> section.</p> + +<h2 id="announcements">Announcements</h2> +<ul> + <li>We've streamlined the monthly security bulletin to make + it easier to read. As part of this update, vulnerability information is + categorized by affected component, sorted by component name within a + security patch level, and Google device-specific information + is hosted in a <a href="#google-device-updates">dedicated section</a>.</li> + <li>This bulletin has two security patch level strings to provide Android + partners with the flexibility to more quickly fix a subset of vulnerabilities + that are similar across all Android devices. See <a + href="#common-questions-and-answers">Common questions and answers</a> for + additional information: + <ul> + <li><strong>2017-06-01</strong>: Partial security patch level string. This + security patch level string indicates that all issues associated with 2017-06-01 + (and all previous security patch level strings) are addressed.</li> + <li><strong>2017-06-05</strong>: Complete security patch level string. This + security patch level string indicates that all issues associated with 2017-06-01 + and 2017-06-05 (and all previous security patch level strings) are + addressed.</li> + </ul> + </li> +</ul> + +<h2 id="mitigations">Android and Google Play Protect mitigations</h2> +<p>This is a summary of the mitigations provided by the <a +href="/security/enhancements/index.html">Android +security platform</a> and service protections such as +<a href="https://www.android.com/play-protect">Google Play Protect</a>. +These capabilities reduce the likelihood that security +vulnerabilities could be successfully exploited on Android.</p> +<ul> + <li>Exploitation for many issues on Android is made more difficult by + enhancements in newer versions of the Android platform. We encourage all users + to update to the latest version of Android where possible.</li> + <li>The Android security team actively monitors for abuse through + <a href="https://www.android.com/play-protect">Google Play Protect</a> + and warns users about <a + href="/security/reports/Google_Android_Security_PHA_classifications.pdf">Potentially + Harmful Applications</a>. Google Play Protect is enabled by default on devices + with <a href="http://www.android.com/gms">Google Mobile Services</a>, and is + especially important for users who install apps from outside of Google Play.</li> +</ul> + +<h2 id="2017-06-01-details">2017-06-01 security patch level—Vulnerability details</h2> +<p>In the sections below, we provide details for each of the security +vulnerabilities that apply to the 2017-06-01 patch level. Vulnerabilities are +grouped under the component that they affect. There is a description of the +issue and a table with the CVE, associated references, <a +href="#vulnerability-type">type of vulnerability</a>, <a +href="/security/overview/updates-resources.html#severity">severity</a>, +and updated AOSP versions (where applicable). When available, we link the public +change that addressed the issue to the bug ID, like the AOSP change list. When +multiple changes relate to a single bug, additional references are linked to +numbers following the bug ID.</p> + +<h3 id="bluetooth">Bluetooth</h3> +<p>The most severe vulnerability in this section could enable a local malicious app +to access data outside of its permission levels.</p> + +<table> + <col width="17%"> + <col width="19%"> + <col width="9%"> + <col width="14%"> + <col width="39%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Type</th> + <th>Severity</th> + <th>Updated AOSP versions</th> + </tr> + <tr> + <td>CVE-2017-0639</td> + <td>A-35310991</td> + <td>ID</td> + <td>High</td> + <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> + </tr> + <tr> + <td>CVE-2017-0645</td> + <td>A-35385327</td> + <td>EoP</td> + <td>Moderate</td> + <td>6.0.1, 7.0, 7.1.1, 7.1.2</td> + </tr> + <tr> + <td>CVE-2017-0646</td> + <td>A-33899337</td> + <td>ID</td> + <td>Moderate</td> + <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> + </tr> +</table> +<h3 id="libraries">Libraries</h3> +<p>The most severe vulnerability in this section could enable a remote attacker +using a specially crafted file execute arbitrary code within the context of an +unprivileged process.</p> + +<table> + <col width="17%"> + <col width="19%"> + <col width="9%"> + <col width="14%"> + <col width="39%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Type</th> + <th>Severity</th> + <th>Updated AOSP versions</th> + </tr> + <tr> + <td>CVE-2015-8871</td> + <td>A-35443562</td> + <td>RCE</td> + <td>High</td> + <td>5.0.2, 5.1.1, 6.0, 6.0.1</td> + </tr> + <tr> + <td>CVE-2016-8332</td> + <td>A-37761553</td> + <td>RCE</td> + <td>High</td> + <td>5.0.2, 5.1.1, 6.0, 6.0.1</td> + </tr> + <tr> + <td>CVE-2016-5131</td> + <td>A-36554209</td> + <td>RCE</td> + <td>High</td> + <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> + </tr> + <tr> + <td>CVE-2016-4658</td> + <td>A-36554207</td> + <td>RCE</td> + <td>High</td> + <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> + </tr> + <tr> + <td>CVE-2017-0663</td> + <td>A-37104170</td> + <td>RCE</td> + <td>High</td> + <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> + </tr> + <tr> + <td>CVE-2017-7376</td> + <td>A-36555370</td> + <td>RCE</td> + <td>High</td> + <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> + </tr> + <tr> + <td>CVE-2017-5056</td> + <td>A-36809819</td> + <td>RCE</td> + <td>Moderate</td> + <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> + </tr> + <tr> + <td>CVE-2017-7375</td> + <td>A-36556310</td> + <td>RCE</td> + <td>Moderate</td> + <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> + </tr> + <tr> + <td>CVE-2017-0647</td> + <td>A-36392138</td> + <td>ID</td> + <td>Moderate</td> + <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> + </tr> + <tr> + <td>CVE-2016-1839</td> + <td>A-36553781</td> + <td>DoS</td> + <td>Moderate</td> + <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> + </tr> +</table> +<h3 id="media-framework">Media framework</h3> +<p>The most severe vulnerability in this section could enable a remote attacker +using a specially crafted file to cause memory corruption during media file and +data processing.</p> + +<table> + <col width="17%"> + <col width="19%"> + <col width="9%"> + <col width="14%"> + <col width="39%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Type</th> + <th>Severity</th> + <th>Updated AOSP versions</th> + </tr> + <tr> + <td>CVE-2017-0637</td> + <td>A-34064500</td> + <td>RCE</td> + <td>Critical</td> + <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> + </tr> + <tr> + <td>CVE-2017-0391</td> + <td>A-32322258</td> + <td>DoS</td> + <td>High</td> + <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> + </tr> + <tr> + <td>CVE-2017-0640</td> + <td>A-33129467</td> + <td>DoS</td> + <td>High</td> + <td>6.0, 6.0.1, 7.0, 7.1.1</td> + </tr> + <tr> + <td>CVE-2017-0641</td> + <td>A-34360591</td> + <td>DoS</td> + <td>High</td> + <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> + </tr> + <tr> + <td>CVE-2017-0642</td> + <td>A-34819017</td> + <td>DoS</td> + <td>High</td> + <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> + </tr> + <tr> + <td>CVE-2017-0643</td> + <td>A-35645051</td> + <td>DoS</td> + <td>High</td> + <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> + </tr> + <tr> + <td>CVE-2017-0644</td> + <td>A-35472997</td> + <td>DoS</td> + <td>High</td> + <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> + </tr> +</table> +<h3 id="system-ui">System UI</h3> +<p>The most severe vulnerability in this section could enable an attacker using a +specially crafted file to execute arbitrary code within the context of an +unprivileged process.</p> + +<table> + <col width="17%"> + <col width="19%"> + <col width="9%"> + <col width="14%"> + <col width="39%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Type</th> + <th>Severity</th> + <th>Updated AOSP versions</th> + </tr> + <tr> + <td>CVE-2017-0638</td> + <td>A-36368305</td> + <td>RCE</td> + <td>High</td> + <td>7.1.1, 7.1.2</td> + </tr> +</table> +<h2 id="2017-06-05-details">2017-06-05 +security patch level—Vulnerability details</h2> +<p>In the sections below, we provide details for each of the security +vulnerabilities that apply to the 2017-06-05 patch level. Vulnerabilities are +grouped under the component that they affect and include details such as the +CVE, associated references, <a +href="#vulnerability-type">type of vulnerability</a>, <a +href="/security/overview/updates-resources.html#severity">severity</a>, +component (where +applicable), and updated AOSP versions (where applicable). When available, we +link the public change that addressed the issue to the bug ID, like the AOSP +change list. When multiple changes relate to a single bug, additional references +are linked to numbers following the bug ID.</p> + +<h3 id="kernel-components">Kernel components</h3> +<p>The most severe vulnerability in this section could enable a local malicious app +to execute arbitrary code within the context of the kernel.</p> + +<table> + <col width="17%"> + <col width="19%"> + <col width="9%"> + <col width="14%"> + <col width="39%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Type</th> + <th>Severity</th> + <th>Component</th> + </tr> + <tr> + <td>CVE-2017-0648</td> + <td>A-36101220<a href="#asterisk">*</a></td> + <td>EoP</td> + <td>High</td> + <td>FIQ debugger</td> + </tr> + <tr> + <td>CVE-2017-0651</td> + <td>A-35644815<a href="#asterisk">*</a></td> + <td>ID</td> + <td>Low</td> + <td>ION subsystem</td> + </tr> +</table> +<h3 id="libraries-05">Libraries</h3> +<p>The most severe vulnerability in this section could enable a remote attacker +using a specially crafted file to gain access to sensitive information.</p> + +<table> + <col width="17%"> + <col width="19%"> + <col width="9%"> + <col width="14%"> + <col width="39%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Type</th> + <th>Severity</th> + <th>Updated AOSP versions</th> + </tr> + <tr> + <td>CVE-2015-7995</td> + <td>A-36810065</td> + <td>ID</td> + <td>Moderate</td> + <td>4.4.4</td> + </tr> +</table> +<h3 id="mediatek-components">MediaTek components</h3> +<p>The most severe vulnerability in this section could enable a local malicious app +to execute arbitrary code within the context of the kernel.</p> + +<table> + <col width="17%"> + <col width="19%"> + <col width="9%"> + <col width="14%"> + <col width="39%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Type</th> + <th>Severity</th> + <th>Component</th> + </tr> + <tr> + <td>CVE-2017-0636</td> + <td>A-35310230<a href="#asterisk">*</a><br> + M-ALPS03162263</td> + <td>EoP</td> + <td>High</td> + <td>Command queue driver</td> + </tr> + <tr> + <td>CVE-2017-0649</td> + <td>A-34468195<a href="#asterisk">*</a><br> + M-ALPS03162283</td> + <td>EoP</td> + <td>Moderate</td> + <td>Sound driver</td> + </tr> +</table> +<h3 id="nvidia-components">NVIDIA components</h3> +<p>The most severe vulnerability in this section could enable a local malicious app +to execute arbitrary code within the context of the kernel.</p> + +<table> + <col width="17%"> + <col width="19%"> + <col width="9%"> + <col width="14%"> + <col width="39%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Type</th> + <th>Severity</th> + <th>Component</th> + </tr> + <tr> + <td>CVE-2017-6247</td> + <td>A-34386301<a href="#asterisk">*</a><br> + N-CVE-2017-6247</td> + <td>EoP</td> + <td>High</td> + <td>Sound driver</td> + </tr> + <tr> + <td>CVE-2017-6248</td> + <td>A-34372667<a href="#asterisk">*</a><br> + N-CVE-2017-6248</td> + <td>EoP</td> + <td>Moderate</td> + <td>Sound driver</td> + </tr> +</table> +<h3 id="qualcomm-components">Qualcomm components</h3> +<p>The most severe vulnerability in this section could enable a proximate attacker +to execute arbitrary code within the context of the kernel.</p> + +<table> + <col width="17%"> + <col width="19%"> + <col width="9%"> + <col width="14%"> + <col width="39%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Type</th> + <th>Severity</th> + <th>Component</th> + </tr> + <tr> + <td>CVE-2017-7371</td> + <td>A-36250786<br> + <a href="https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=e02e63b8014f7a0a5ea17a5196fb4ef1283fd1fd">QC-CR#1101054</a></td> + <td>RCE</td> + <td>Critical</td> + <td>Bluetooth driver</td> + </tr> + <tr> + <td>CVE-2017-7365</td> + <td>A-32449913<br> + <a href="https://source.codeaurora.org/quic/la//kernel/lk/commit/?id=da49bf21d1c19a6293d33c985066dc0273c476db">QC-CR#1017009</a></td> + <td>EoP</td> + <td>High</td> + <td>Bootloader</td> + </tr> + <tr> + <td>CVE-2017-7366</td> + <td>A-36252171<br> + <a +href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=f4c9ffd6cd7960265f38e285ac43cbecf2459e45">QC-CR#1036161</a> +[<a +href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=7c4d5736d32f91f0cafe6cd86d00e26389970b00">2</a>]</td> + <td>EoP</td> + <td>High</td> + <td>GPU driver</td> + </tr> + <tr> + <td>CVE-2017-7367</td> + <td>A-34514708<br> + <a href="https://source.codeaurora.org/quic/la//kernel/lk/commit/?id=07174af1af48c60a41c7136f0c80ffdf4ccc0b57">QC-CR#1008421</a></td> + <td>DoS</td> + <td>High</td> + <td>Bootloader</td> + </tr> + <tr> + <td>CVE-2016-5861</td> + <td>A-36251375<br> + <a href="https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=cf3c97b8b6165f13810e530068fbf94b07f1f77d">QC-CR#1103510</a></td> + <td>EoP</td> + <td>Moderate</td> + <td>Video driver</td> + </tr> + <tr> + <td>CVE-2016-5864</td> + <td>A-36251231<br> + <a href="https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=cbc21ceb69cb7bca0643423a7ca982abce3ce50a">QC-CR#1105441</a></td> + <td>EoP</td> + <td>Moderate</td> + <td>Sound driver</td> + </tr> + <tr> + <td>CVE-2017-6421</td> + <td>A-36251986<br> + <a href="https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=be42c7ff1f0396484882451fd18f47144c8f1b6b">QC-CR#1110563</a></td> + <td>EoP</td> + <td>Moderate</td> + <td>MStar touchscreen driver</td> + </tr> + <tr> + <td>CVE-2017-7364</td> + <td>A-36252179<br> + <a href="https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=3ce6c47d2142fcd2c4c1181afe08630aaae5a267">QC-CR#1113926</a></td> + <td>EoP</td> + <td>Moderate</td> + <td>Video driver</td> + </tr> + <tr> + <td>CVE-2017-7368</td> + <td>A-33452365<br> + <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=143ef972be1621458930ea3fc1def5ebce7b0c5d">QC-CR#1103085</a></td> + <td>EoP</td> + <td>Moderate</td> + <td>Sound driver</td> + </tr> + <tr> + <td>CVE-2017-7369</td> + <td>A-33751424<br> + <a href="https://source.codeaurora.org/quic/la//kernel/msm-3.10/commit/?id=75ed08a822cf378ffed0d2f177d06555bd77a006">QC-CR#2009216</a> +[<a href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=ae8f1d5f60644983aba7fbab469d0e542a187c6e">2</a>]</td> + <td>EoP</td> + <td>Moderate</td> + <td>Sound driver</td> + </tr> + <tr> + <td>CVE-2017-7370</td> + <td>A-34328139<br> + <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=970edf007fbe64b094437541a42477d653802d85">QC-CR#2006159</a></td> + <td>EoP</td> + <td>Moderate</td> + <td>Video driver</td> + </tr> + <tr> + <td>CVE-2017-7372</td> + <td>A-36251497<br> + <a href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=1806be003731d6d4be55e5b940d14ab772839e13">QC-CR#1110068</a></td> + <td>EoP</td> + <td>Moderate</td> + <td>Video driver</td> + </tr> + <tr> + <td>CVE-2017-7373</td> + <td>A-36251984<br> + <a href="https://source.codeaurora.org/quic/la//kernel/msm-4.4/commit/?id=e5eb0d3aa6fe62ee437a2269a1802b1a72f61b75">QC-CR#1090244</a></td> + <td>EoP</td> + <td>Moderate</td> + <td>Video driver</td> + </tr> + <tr> + <td>CVE-2017-8233</td> + <td>A-34621613<br> + <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=64b7bc25e019dd07e8042e0a6ec6dc6a1dd0c385">QC-CR#2004036</a></td> + <td>EoP</td> + <td>Moderate</td> + <td>Camera driver</td> + </tr> + <tr> + <td>CVE-2017-8234</td> + <td>A-36252121<br> + <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=6266f954a52641f550ef71653ea83c80bdd083be">QC-CR#832920</a></td> + <td>EoP</td> + <td>Moderate</td> + <td>Camera driver</td> + </tr> + <tr> + <td>CVE-2017-8235</td> + <td>A-36252376<br> + <a href="https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=7e4424a1b5f6a6536066cca7aac2c3a23fd39f6f">QC-CR#1083323</a></td> + <td>EoP</td> + <td>Moderate</td> + <td>Camera driver</td> + </tr> + <tr> + <td>CVE-2017-8236</td> + <td>A-35047217<br> + <a href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=cf0d31bc3b04cf2db7737d36b11a5bf50af0c1db">QC-CR#2009606</a></td> + <td>EoP</td> + <td>Moderate</td> + <td>IPA driver</td> + </tr> + <tr> + <td>CVE-2017-8237</td> + <td>A-36252377<br> + <a href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=342d16ac6fb01e304ec75344c693257e00628ecf">QC-CR#1110522</a></td> + <td>EoP</td> + <td>Moderate</td> + <td>Networking driver</td> + </tr> + <tr> + <td>CVE-2017-8242</td> + <td>A-34327981<br> + <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=6a3b8afdf97e77c0b64005b23fa6d32025d922e5">QC-CR#2009231</a></td> + <td>EoP</td> + <td>Moderate</td> + <td>Secure execution environment communication driver</td> + </tr> + <tr> + <td>CVE-2017-8239</td> + <td>A-36251230<br> + <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=01db0e012f86b8ba6974e5cb9905261a552a0610">QC-CR#1091603</a></td> + <td>ID</td> + <td>Moderate</td> + <td>Camera driver</td> + </tr> + <tr> + <td>CVE-2017-8240</td> + <td>A-36251985<br> + <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=22b8b6608174c1308208d5bc6c143f4998744547">QC-CR#856379</a></td> + <td>ID</td> + <td>Moderate</td> + <td>Pin controller driver</td> + </tr> + <tr> + <td>CVE-2017-8241</td> + <td>A-34203184<br> + <a href="https://source.codeaurora.org/quic/la//platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=90213394b7efb28fa511b2eaebc1343ae3b54724">QC-CR#1069175</a></td> + <td>ID</td> + <td>Low</td> + <td>Wi-Fi driver</td> + </tr> +</table> +<h3 id="synaptics-components">Synaptics components</h3> +<p>The most severe vulnerability in this section could enable a local malicious app +to access data outside of its permission levels.</p> + +<table> + <col width="17%"> + <col width="19%"> + <col width="9%"> + <col width="14%"> + <col width="39%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Type</th> + <th>Severity</th> + <th>Component</th> + </tr> + <tr> + <td>CVE-2017-0650</td> + <td>A-35472278<a href="#asterisk">*</a></td> + <td>EoP</td> + <td>Low</td> + <td>Touchscreen driver</td> + </tr> +</table> +<h3 id="qualcomm-closed-source-components">Qualcomm closed-source +components</h3> +<p>These vulnerabilities affect Qualcomm components and are described in further +detail in Qualcomm AMSS security bulletins from 2014–2016. They are included in +this Android security bulletin to associate their fixes with an Android security +patch level. Fixes for these vulnerabilities are available directly from Qualcomm.</p> + +<table> + <col width="17%"> + <col width="19%"> + <col width="9%"> + <col width="14%"> + <col width="39%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Type</th> + <th>Severity</th> + <th>Component</th> + </tr> + <tr> + <td>CVE-2014-9960</td> + <td>A-37280308<a href="#asterisk">*</a><br> + QC-CR#381837</td> + <td>N/A</td> + <td>Critical</td> + <td>Closed-source component</td> + </tr> + <tr> + <td>CVE-2014-9961</td> + <td>A-37279724<a href="#asterisk">*</a><br> + QC-CR#581093</td> + <td>N/A</td> + <td>Critical</td> + <td>Closed-source component</td> + </tr> + <tr> + <td>CVE-2014-9953</td> + <td>A-36714770<a href="#asterisk">*</a><br> + QC-CR#642173</td> + <td>N/A</td> + <td>Critical</td> + <td>Closed-source component</td> + </tr> + <tr> + <td>CVE-2014-9967</td> + <td>A-37281466<a href="#asterisk">*</a><br> + QC-CR#739110</td> + <td>N/A</td> + <td>Critical</td> + <td>Closed-source component</td> + </tr> + <tr> + <td>CVE-2015-9026</td> + <td>A-37277231<a href="#asterisk">*</a><br> + QC-CR#748397</td> + <td>N/A</td> + <td>Critical</td> + <td>Closed-source component</td> + </tr> + <tr> + <td>CVE-2015-9027</td> + <td>A-37279124<a href="#asterisk">*</a><br> + QC-CR#748407</td> + <td>N/A</td> + <td>Critical</td> + <td>Closed-source component</td> + </tr> + <tr> + <td>CVE-2015-9008</td> + <td>A-36384689<a href="#asterisk">*</a><br> + QC-CR#762111</td> + <td>N/A</td> + <td>Critical</td> + <td>Closed-source component</td> + </tr> + <tr> + <td>CVE-2015-9009</td> + <td>A-36393600<a href="#asterisk">*</a><br> + QC-CR#762182</td> + <td>N/A</td> + <td>Critical</td> + <td>Closed-source component</td> + </tr> + <tr> + <td>CVE-2015-9010</td> + <td>A-36393101<a href="#asterisk">*</a><br> + QC-CR#758752</td> + <td>N/A</td> + <td>Critical</td> + <td>Closed-source component</td> + </tr> + <tr> + <td>CVE-2015-9011</td> + <td>A-36714882<a href="#asterisk">*</a><br> + QC-CR#762167</td> + <td>N/A</td> + <td>Critical</td> + <td>Closed-source component</td> + </tr> + <tr> + <td>CVE-2015-9024</td> + <td>A-37265657<a href="#asterisk">*</a><br> + QC-CR#740680</td> + <td>N/A</td> + <td>Critical</td> + <td>Closed-source component</td> + </tr> + <tr> + <td>CVE-2015-9012</td> + <td>A-36384691<a href="#asterisk">*</a><br> + QC-CR#746617</td> + <td>N/A</td> + <td>Critical</td> + <td>Closed-source component</td> + </tr> + <tr> + <td>CVE-2015-9013</td> + <td>A-36393251<a href="#asterisk">*</a><br> + QC-CR#814373</td> + <td>N/A</td> + <td>Critical</td> + <td>Closed-source component</td> + </tr> + <tr> + <td>CVE-2015-9014</td> + <td>A-36393750<a href="#asterisk">*</a><br> + QC-CR#855220</td> + <td>N/A</td> + <td>Critical</td> + <td>Closed-source component</td> + </tr> + <tr> + <td>CVE-2015-9015</td> + <td>A-36714120<a href="#asterisk">*</a><br> + QC-CR#701858</td> + <td>N/A</td> + <td>Critical</td> + <td>Closed-source component</td> + </tr> + <tr> + <td>CVE-2015-9029</td> + <td>A-37276981<a href="#asterisk">*</a><br> + QC-CR#827837</td> + <td>N/A</td> + <td>Critical</td> + <td>Closed-source component</td> + </tr> + <tr> + <td>CVE-2016-10338</td> + <td>A-37277738<a href="#asterisk">*</a><br> + QC-CR#987699</td> + <td>N/A</td> + <td>Critical</td> + <td>Closed-source component</td> + </tr> + <tr> + <td>CVE-2016-10336</td> + <td>A-37278436<a href="#asterisk">*</a><br> + QC-CR#973605</td> + <td>N/A</td> + <td>Critical</td> + <td>Closed-source component</td> + </tr> + <tr> + <td>CVE-2016-10333</td> + <td>A-37280574<a href="#asterisk">*</a><br> + QC-CR#947438</td> + <td>N/A</td> + <td>Critical</td> + <td>Closed-source component</td> + </tr> + <tr> + <td>CVE-2016-10341</td> + <td>A-37281667<a href="#asterisk">*</a><br> + QC-CR#991476</td> + <td>N/A</td> + <td>Critical</td> + <td>Closed-source component</td> + </tr> + <tr> + <td>CVE-2016-10335</td> + <td>A-37282802<a href="#asterisk">*</a><br> + QC-CR#961142</td> + <td>N/A</td> + <td>Critical</td> + <td>Closed-source component</td> + </tr> + <tr> + <td>CVE-2016-10340</td> + <td>A-37280614<a href="#asterisk">*</a><br> + QC-CR#989028</td> + <td>N/A</td> + <td>Critical</td> + <td>Closed-source component</td> + </tr> + <tr> + <td>CVE-2016-10334</td> + <td>A-37280664<a href="#asterisk">*</a><br> + QC-CR#949933</td> + <td>N/A</td> + <td>Critical</td> + <td>Closed-source component</td> + </tr> + <tr> + <td>CVE-2016-10339</td> + <td>A-37280575<a href="#asterisk">*</a><br> + QC-CR#988502</td> + <td>N/A</td> + <td>Critical</td> + <td>Closed-source component</td> + </tr> + <tr> + <td>CVE-2016-10298</td> + <td>A-36393252<a href="#asterisk">*</a><br> + QC-CR#1020465</td> + <td>N/A</td> + <td>Critical</td> + <td>Closed-source component</td> + </tr> + <tr> + <td>CVE-2016-10299</td> + <td>A-32577244<a href="#asterisk">*</a><br> + QC-CR#1058511</td> + <td>N/A</td> + <td>Critical</td> + <td>Closed-source component</td> + </tr> + <tr> + <td>CVE-2014-9954</td> + <td>A-36388559<a href="#asterisk">*</a><br> + QC-CR#552880</td> + <td>N/A</td> + <td>High</td> + <td>Closed-source component</td> + </tr> + <tr> + <td>CVE-2014-9955</td> + <td>A-36384686<a href="#asterisk">*</a><br> + QC-CR#622701</td> + <td>N/A</td> + <td>High</td> + <td>Closed-source component</td> + </tr> + <tr> + <td>CVE-2014-9956</td> + <td>A-36389611<a href="#asterisk">*</a><br> + QC-CR#638127</td> + <td>N/A</td> + <td>High</td> + <td>Closed-source component</td> + </tr> + <tr> + <td>CVE-2014-9957</td> + <td>A-36387564<a href="#asterisk">*</a><br> + QC-CR#638984</td> + <td>N/A</td> + <td>High</td> + <td>Closed-source component</td> + </tr> + <tr> + <td>CVE-2014-9958</td> + <td>A-36384774<a href="#asterisk">*</a><br> + QC-CR#638135</td> + <td>N/A</td> + <td>High</td> + <td>Closed-source component</td> + </tr> + <tr> + <td>CVE-2014-9962</td> + <td>A-37275888<a href="#asterisk">*</a><br> + QC-CR#656267</td> + <td>N/A</td> + <td>High</td> + <td>Closed-source component</td> + </tr> + <tr> + <td>CVE-2014-9963</td> + <td>A-37276741<a href="#asterisk">*</a><br> + QC-CR#657771</td> + <td>N/A</td> + <td>High</td> + <td>Closed-source component</td> + </tr> + <tr> + <td>CVE-2014-9959</td> + <td>A-36383694<a href="#asterisk">*</a><br> + QC-CR#651900</td> + <td>N/A</td> + <td>High</td> + <td>Closed-source component</td> + </tr> + <tr> + <td>CVE-2014-9964</td> + <td>A-37280321<a href="#asterisk">*</a><br> + QC-CR#680778</td> + <td>N/A</td> + <td>High</td> + <td>Closed-source component</td> + </tr> + <tr> + <td>CVE-2014-9965</td> + <td>A-37278233<a href="#asterisk">*</a><br> + QC-CR#711585</td> + <td>N/A</td> + <td>High</td> + <td>Closed-source component</td> + </tr> + <tr> + <td>CVE-2014-9966</td> + <td>A-37282854<a href="#asterisk">*</a><br> + QC-CR#727398</td> + <td>N/A</td> + <td>High</td> + <td>Closed-source component</td> + </tr> + <tr> + <td>CVE-2015-9023</td> + <td>A-37276138<a href="#asterisk">*</a><br> + QC-CR#739802</td> + <td>N/A</td> + <td>High</td> + <td>Closed-source component</td> + </tr> + <tr> + <td>CVE-2015-9020</td> + <td>A-37276742<a href="#asterisk">*</a><br> + QC-CR#733455</td> + <td>N/A</td> + <td>High</td> + <td>Closed-source component</td> + </tr> + <tr> + <td>CVE-2015-9021</td> + <td>A-37276743<a href="#asterisk">*</a><br> + QC-CR#735148</td> + <td>N/A</td> + <td>High</td> + <td>Closed-source component</td> + </tr> + <tr> + <td>CVE-2015-9025</td> + <td>A-37276744<a href="#asterisk">*</a><br> + QC-CR#743985</td> + <td>N/A</td> + <td>High</td> + <td>Closed-source component</td> + </tr> + <tr> + <td>CVE-2015-9022</td> + <td>A-37280226<a href="#asterisk">*</a><br> + QC-CR#736146</td> + <td>N/A</td> + <td>High</td> + <td>Closed-source component</td> + </tr> + <tr> + <td>CVE-2015-9028</td> + <td>A-37277982<a href="#asterisk">*</a><br> + QC-CR#762764</td> + <td>N/A</td> + <td>High</td> + <td>Closed-source component</td> + </tr> + <tr> + <td>CVE-2015-9031</td> + <td>A-37275889<a href="#asterisk">*</a><br> + QC-CR#866015</td> + <td>N/A</td> + <td>High</td> + <td>Closed-source component</td> + </tr> + <tr> + <td>CVE-2015-9032</td> + <td>A-37279125<a href="#asterisk">*</a><br> + QC-CR#873202</td> + <td>N/A</td> + <td>High</td> + <td>Closed-source component</td> + </tr> + <tr> + <td>CVE-2015-9033</td> + <td>A-37276139<a href="#asterisk">*</a><br> + QC-CR#892541</td> + <td>N/A</td> + <td>High</td> + <td>Closed-source component</td> + </tr> + <tr> + <td>CVE-2015-9030</td> + <td>A-37282907<a href="#asterisk">*</a><br> + QC-CR#854667</td> + <td>N/A</td> + <td>High</td> + <td>Closed-source component</td> + </tr> + <tr> + <td>CVE-2016-10332</td> + <td>A-37282801<a href="#asterisk">*</a><br> + QC-CR#906713<br> + QC-CR#917701<br> + QC-CR#917702</td> + <td>N/A</td> + <td>High</td> + <td>Closed-source component</td> + </tr> + <tr> + <td>CVE-2016-10337</td> + <td>A-37280665<a href="#asterisk">*</a><br> + QC-CR#977632</td> + <td>N/A</td> + <td>High</td> + <td>Closed-source component</td> + </tr> + <tr> + <td>CVE-2016-10342</td> + <td>A-37281763<a href="#asterisk">*</a><br> + QC-CR#988941</td> + <td>N/A</td> + <td>High</td> + <td>Closed-source component</td> + </tr> +</table> +<h2 id="google-device-updates">Google device updates</h2> +<p>This table contains the security patch level in the latest over-the-air update +(OTA) and firmware images for Google devices. The Google device firmware images +are available on the <a +href="https://developers.google.com/android/nexus/images">Google Developer +site</a>.</p> + +<table> + <col width="25%"> + <col width="75%"> + <tr> + <th>Google device</th> + <th>Security patch level</th> + </tr> + <tr> + <td>Pixel / Pixel XL</td> + <td>June 05, 2017</td> + </tr> + <tr> + <td>Nexus 5X</td> + <td>June 05, 2017</td> + </tr> + <tr> + <td>Nexus 6</td> + <td>June 05, 2017</td> + </tr> + <tr> + <td>Nexus 6P</td> + <td>June 05, 2017</td> + </tr> + <tr> + <td>Nexus 9</td> + <td>June 05, 2017</td> + </tr> + <tr> + <td>Nexus Player</td> + <td>June 05, 2017</td> + </tr> + <tr> + <td>Pixel C</td> + <td>June 05, 2017</td> + </tr> +</table> +<h2 id="acknowledgements">Acknowledgements</h2> +<p>We would like to thank these researchers for their contributions:</p> + +<table> + <col width="17%"> + <col width="83%"> + <tr> + <th>CVEs</th> + <th>Researchers</th> + </tr> + <tr> + <td>CVE-2017-0643, CVE-2017-0641</td> + <td>Ecular Xu(徐健) of Trend Micro</td> + </tr> + <tr> + <td>CVE-2017-0645, CVE-2017-0639</td> + <td>En He (<a href="https://twitter.com/heeeeen4x">@heeeeen4x</a>) and Bo Liu +of <a href="http://www.ms509.com">MS509Team</a></td> + </tr> + <tr> + <td>CVE-2017-0649</td> + <td>Gengjia Chen (<a +href="https://twitter.com/chengjia4574">@chengjia4574</a>) and <a +href="http://weibo.com/jfpan">pjf</a> of IceSword Lab, Qihoo 360 Technology Co. +Ltd.</td> + </tr> + <tr> + <td>CVE-2017-0646</td> + <td>Godzheng (郑文选 -<a +href="https://twitter.com/VirtualSeekers">@VirtualSeekers</a>) of Tencent PC +Manager</td> + </tr> + <tr> + <td>CVE-2017-0636</td> + <td>Jake Corina and Nick Stephens of Shellphish Grill Team</td> + </tr> + <tr> + <td>CVE-2017-8233</td> + <td>Jianqiang Zhao (<a +href="https://twitter.com/jianqiangzhao">@jianqiangzhao</a>) and <a +href="http://weibo.com/jfpan">pjf </a>of IceSword Lab, Qihoo 360</td> + </tr> + <tr> + <td>CVE-2017-7368</td> + <td>Lubo Zhang (<a +href="mailto:zlbzlb815@163.com">zlbzlb815@163.com</a>),Yuan-Tsung Lo (<a +href="mailto:computernik@gmail.com">computernik@gmail.com</a>), and Xuxian Jiang +of <a href="http://c0reteam.org">C0RE Team</a></td> + </tr> + <tr> + <td>CVE-2017-8242</td> + <td>Nathan Crandall (<a href="https://twitter.com/natecray">@natecray</a>) of +Tesla's Product Security Team</td> + </tr> + <tr> + <td>CVE-2017-0650</td> + <td>Omer Shwartz, Amir Cohen, Dr. Asaf Shabtai, and Dr. Yossi Oren of Ben +Gurion University Cyber Lab</td> + </tr> + <tr> + <td>CVE-2017-0648</td> + <td>Roee Hay (<a href="https://twitter.com/roeehay">@roeehay</a>) of <a +href="https://alephsecurity.com/">Aleph Research</a>, HCL Technologies</td> + </tr> + <tr> + <td>CVE-2017-7369, CVE-2017-6249, CVE-2017-6247, CVE-2017-6248</td> + <td>sevenshen (<a href="https://twitter.com/lingtongshen">@lingtongshen</a>) +of TrendMicro</td> + </tr> + <tr> + <td>CVE-2017-0642, CVE-2017-0637, CVE-2017-0638</td> + <td>Vasily Vasiliev</td> + </tr> + <tr> + <td>CVE-2017-0640</td> + <td>V.E.O (<a href="https://twitter.com/vysea">@VYSEa</a>) of <a +href="http://blog.trendmicro.com/trendlabs-security-intelligence/category/mobile/">Mobile +Threat Response Team</a>, <a href="http://www.trendmicro.com">Trend Micro</a></td> + </tr> + <tr> + <td>CVE-2017-8236</td> + <td>Xiling Gong of Tencent Security Platform Department</td> + </tr> + <tr> + <td>CVE-2017-0647</td> + <td>Yangkang (<a href="https://twitter.com/dnpushme">@dnpushme</a>) and +Liyadong of Qex Team, Qihoo 360</td> + </tr> + <tr> + <td>CVE-2017-7370</td> + <td>Yonggang Guo (<a href="https://twitter.com/guoygang">@guoygang</a>) of +IceSword Lab, Qihoo 360 Technology Co. Ltd</td> + </tr> + <tr> + <td>CVE-2017-0651</td> + <td>Yuan-Tsung Lo (<a +href="mailto:computernik@gmail.com">computernik@gmail.com</a>) and Xuxian Jiang +of <a href="http://c0reteam.org">C0RE Team</a></td> + </tr> + <tr> + <td>CVE-2017-8241</td> + <td>Zubin Mithra of Google</td> + </tr> +</table> +<h2 id="common-questions-and-answers">Common questions and answers</h2> +<p>This section answers common questions that may occur after reading this +bulletin.</p> + +<p><strong>1. How do I determine if my device is updated to address these issues? +</strong></p> + +<p>To learn how to check a device's security patch level, read the instructions on +the <a +href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">Pixel +and Nexus update schedule</a>.</p> +<ul> +<li>Security patch levels of 2017-06-01 or later address all issues associated +with the 2017-06-01 security patch level.</li> +<li>Security patch levels of 2017-06-05 or later address all issues associated +with the 2017-06-05 security patch level and all previous patch levels.</li></ul> +<p>Device manufacturers that include these updates should set the patch string +level to:</p> +<ul> +<li>[ro.build.version.security_patch]:[2017-06-01]</li> +<li>[ro.build.version.security_patch]:[2017-06-05]</li></ul> +<p><strong>2. Why does this bulletin have two security patch levels?</strong></p> + +<p>This bulletin has two security patch levels so that Android partners have the +flexibility to fix a subset of vulnerabilities that are similar across all +Android devices more quickly. Android partners are encouraged to fix all issues +in this bulletin and use the latest security patch level.</p> +<ul> +<li>Devices that use the June 01, 2017 security patch level must include all +issues associated with that security patch level, as well as fixes for all +issues reported in previous security bulletins.</li> +<li>Devices that use the security patch level of June 05, 2017 or newer must +include all applicable patches in this (and previous) security +bulletins.</li></ul> +<p>Partners are encouraged to bundle the fixes for all issues they are addressing +in a single update.</p> + +<p id="vulnerability-type"><strong>3. What do the entries in the <em>Type</em> column mean?</strong></p> + +<p>Entries in the <em>Type</em> column of the vulnerability details table reference +the classification of the security vulnerability.</p> + +<table> + <col width="25%"> + <col width="75%"> + <tr> + <th>Abbreviation</th> + <th>Definition</th> + </tr> + <tr> + <td>RCE</td> + <td>Remote code execution</td> + </tr> + <tr> + <td>EoP</td> + <td>Elevation of privilege</td> + </tr> + <tr> + <td>ID</td> + <td>Information disclosure</td> + </tr> + <tr> + <td>DoS</td> + <td>Denial of service</td> + </tr> + <tr> + <td>N/A</td> + <td>Classification not available</td> + </tr> +</table> +<p><strong>4. What do the entries in the <em>References</em> column mean?</strong></p> + +<p>Entries under the <em>References</em> column of the vulnerability details table +may contain a prefix identifying the organization to which the reference value +belongs.</p> + +<table> + <col width="25%"> + <col width="75%"> + <tr> + <th>Prefix</th> + <th>Reference</th> + </tr> + <tr> + <td>A-</td> + <td>Android bug ID</td> + </tr> + <tr> + <td>QC-</td> + <td>Qualcomm reference number</td> + </tr> + <tr> + <td>M-</td> + <td>MediaTek reference number</td> + </tr> + <tr> + <td>N-</td> + <td>NVIDIA reference number</td> + </tr> + <tr> + <td>B-</td> + <td>Broadcom reference number</td> + </tr> +</table> +<p id="asterisk"><strong>5. What does a <a href="#asterisk">*</a> next to the Android bug ID in the <em>References</em> +column mean?</strong></p> + +<p>Issues that are not publicly available have a <a href="#asterisk">*</a> next to the Android bug ID in +the <em>References</em> column. The update for that issue is generally contained +in the latest binary drivers for Nexus devices available from the <a +href="https://developers.google.com/android/nexus/drivers">Google Developer +site</a>.</p> + +<h2 id="versions">Versions</h2> +<table> + <col width="25%"> + <col width="25%"> + <col width="50%"> + <tr> + <th>Version</th> + <th>Date</th> + <th>Notes</th> + </tr> + <tr> + <td>1.0</td> + <td>June 5, 2017</td> + <td>Bulletin published.</td> + </tr> +</table> +</body> +</html> |