1page.title=Android Security Bulletin—January 2017 2@jd:body 3 4<!-- 5 Copyright 2017 The Android Open Source Project 6 7 Licensed under the Apache License, Version 2.0 (the "License"); 8 you may not use this file except in compliance with the License. 9 You may obtain a copy of the License at 10 11 http://www.apache.org/licenses/LICENSE-2.0 12 13 Unless required by applicable law or agreed to in writing, software 14 distributed under the License is distributed on an "AS IS" BASIS, 15 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 See the License for the specific language governing permissions and 17 limitations under the License. 18--> 19<p><em>Published January 03, 2017 | Updated February 2, 2017</em></p> 20 21<p>The Android Security Bulletin contains details of security vulnerabilities 22affecting Android devices. Alongside the bulletin, we have released a security 23update to Google devices through an over-the-air (OTA) update. The Google device 24firmware images have also been released to the <a 25href="https://developers.google.com/android/nexus/images">Google Developer 26site</a>. Security patch levels of January 05, 2017 or later address all of 27these issues. Refer to the <a 28href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">Pixel 29and Nexus update schedule</a> to learn how to check a device's security patch 30level.</p> 31 32<p>Partners were notified of the issues described in the bulletin on December 05, 332016 or earlier. Source code patches for these issues have been released to the 34Android Open Source Project (AOSP) repository and linked from this bulletin. 35This bulletin also includes links to patches outside of AOSP.</p> 36 37<p>The most severe of these issues is a Critical security vulnerability that could 38enable remote code execution on an affected device through multiple methods such 39as email, web browsing, and MMS when processing media files.</p> 40 41<p>We have had no reports of active customer exploitation or abuse of these newly 42reported issues. Refer to the <a 43href="#mitigations">Android and Google service 44mitigations</a> section for details on the <a 45href="{@docRoot}security/enhancements/index.html">Android 46security platform protections</a> and service protections such as <a 47href="https://developer.android.com/training/safetynet/index.html">SafetyNet</a>, 48which improve the security of the Android platform.</p> 49 50<p>We encourage all customers to accept these updates to their devices.</p> 51 52<h2 id="announcements">Announcements</h2> 53<ul> 54 <li>This bulletin has two security patch level strings to provide Android 55 partners with the flexibility to more quickly fix a subset of vulnerabilities 56 that are similar across all Android devices. See <a 57 href="#common-questions-and-answers">Common questions and answers</a> for 58 additional information: 59 <ul> 60 <li><strong>2017-01-01</strong>: Partial security patch level string. This 61 security patch level string indicates that all issues associated with 2017-01-01 62 (and all previous security patch level strings) are addressed.</li> 63 <li><strong>2017-01-05</strong>: Complete security patch level string. This 64 security patch level string indicates that all issues associated with 2017-01-01 65 and 2017-01-05 (and all previous security patch level strings) are addressed.</li> 66 </ul> 67 </li> 68 <li>Supported Google devices will receive a single OTA update with the January 69 05, 2017 security patch level.</li> 70</ul> 71<h2 id="security-vulnerability-summary">Security vulnerability summary</h2> 72<p>The tables below contains a list of security vulnerabilities, the Common 73Vulnerability and Exposures ID (CVE), the assessed severity, and whether or not 74Google devices are affected. The <a 75href="{@docRoot}security/overview/updates-resources.html#severity">severity 76assessment</a> is based on the effect that exploiting the vulnerability would 77possibly have on an affected device, assuming the platform and service 78mitigations are disabled for development purposes or if successfully bypassed.</p> 79 80<h3 id="2017-01-01-summary">2017-01-01 81security patch level—Vulnerability summary</h3> 82<p>Security patch levels of 2017-01-01 or later must address the following issues.</p> 83 84<table> 85 <col width="55%"> 86 <col width="20%"> 87 <col width="13%"> 88 <col width="12%"> 89 <tr> 90 <th>Issue</th> 91 <th>CVE</th> 92 <th>Severity</th> 93 <th>Affects Google devices?</th> 94 </tr> 95 <tr> 96 <td>Remote code execution vulnerability in c-ares</td> 97 <td>CVE-2016-5180</td> 98 <td>High</td> 99 <td>Yes</td> 100 </tr> 101 <tr> 102 <td>Remote code execution vulnerability in Framesequence</td> 103 <td>CVE-2017-0382</td> 104 <td>High</td> 105 <td>Yes</td> 106 </tr> 107 <tr> 108 <td>Elevation of privilege vulnerability in Framework APIs</td> 109 <td>CVE-2017-0383</td> 110 <td>High</td> 111 <td>Yes</td> 112 </tr> 113 <tr> 114 <td>Elevation of privilege vulnerability in Audioserver</td> 115 <td>CVE-2017-0384, CVE-2017-0385</td> 116 <td>High</td> 117 <td>Yes</td> 118 </tr> 119 <tr> 120 <td>Elevation of privilege vulnerability in libnl</td> 121 <td>CVE-2017-0386</td> 122 <td>High</td> 123 <td>Yes</td> 124 </tr> 125 <tr> 126 <td>Elevation of privilege vulnerability in Mediaserver</td> 127 <td>CVE-2017-0387</td> 128 <td>High</td> 129 <td>Yes</td> 130 </tr> 131 <tr> 132 <td>Information disclosure vulnerability in External Storage Provider</td> 133 <td>CVE-2017-0388</td> 134 <td>High</td> 135 <td>Yes</td> 136 </tr> 137 <tr> 138 <td>Denial of service vulnerability in core networking</td> 139 <td>CVE-2017-0389</td> 140 <td>High</td> 141 <td>Yes</td> 142 </tr> 143 <tr> 144 <td>Denial of service vulnerability in Mediaserver</td> 145 <td>CVE-2017-0390, CVE-2017-0391, CVE-2017-0392, CVE-2017-0393</td> 146 <td>High</td> 147 <td>Yes</td> 148 </tr> 149 <tr> 150 <td>Denial of service vulnerability in Telephony</td> 151 <td>CVE-2017-0394</td> 152 <td>High</td> 153 <td>Yes</td> 154 </tr> 155 <tr> 156 <td>Elevation of privilege vulnerability in Contacts</td> 157 <td>CVE-2017-0395</td> 158 <td>Moderate</td> 159 <td>Yes</td> 160 </tr> 161 <tr> 162 <td>Information disclosure vulnerability in Mediaserver</td> 163 <td>CVE-2017-0381, CVE-2017-0396, CVE-2017-0397</td> 164 <td>Moderate</td> 165 <td>Yes</td> 166 </tr> 167 <tr> 168 <td>Information disclosure vulnerability in Audioserver</td> 169 <td>CVE-2017-0398, CVE-2017-0399, CVE-2017-0400, CVE-2017-0401, CVE-2017-0402</td> 170 <td>Moderate</td> 171 <td>Yes</td> 172 </tr> 173</table> 174 175<h3 id="2017-01-05-summary">2017-01-05 security patch level—Vulnerability summary</h3> 176<p>Security patch levels of 2017-01-05 or later must address all of the 2017-01-01 177issues, as well as the following issues.</p> 178 179<table> 180 <col width="55%"> 181 <col width="20%"> 182 <col width="13%"> 183 <col width="12%"> 184 <tr> 185 <th>Issue</th> 186 <th>CVE</th> 187 <th>Severity</th> 188 <th>Affects Google devices?</th> 189 </tr> 190 <tr> 191 <td>Elevation of privilege vulnerability in kernel memory subsystem</td> 192 <td>CVE-2015-3288</td> 193 <td>Critical</td> 194 <td>Yes</td> 195 </tr> 196 <tr> 197 <td>Elevation of privilege vulnerability in Qualcomm bootloader</td> 198 <td>CVE-2016-8422, CVE-2016-8423</td> 199 <td>Critical</td> 200 <td>Yes</td> 201 </tr> 202 <tr> 203 <td>Elevation of privilege vulnerability in kernel file system</td> 204 <td>CVE-2015-5706</td> 205 <td>Critical</td> 206 <td>No*</td> 207 </tr> 208 <tr> 209 <td>Elevation of privilege vulnerability in NVIDIA GPU driver</td> 210 <td>CVE-2016-8424, CVE-2016-8425, CVE-2016-8426, CVE-2016-8482, 211 CVE-2016-8427, CVE-2016-8428, CVE-2016-8429, CVE-2016-8430, 212 CVE-2016-8431, CVE-2016-8432</td> 213 <td>Critical</td> 214 <td>Yes</td> 215 </tr> 216 <tr> 217 <td>Elevation of privilege vulnerability in MediaTek driver</td> 218 <td>CVE-2016-8433</td> 219 <td>Critical</td> 220 <td>No*</td> 221 </tr> 222 <tr> 223 <td>Elevation of privilege vulnerability in Qualcomm GPU driver</td> 224 <td>CVE-2016-8434</td> 225 <td>Critical</td> 226 <td>Yes</td> 227 </tr> 228 <tr> 229 <td>Elevation of privilege vulnerability in NVIDIA GPU driver</td> 230 <td>CVE-2016-8435</td> 231 <td>Critical</td> 232 <td>Yes</td> 233 </tr> 234 <tr> 235 <td>Elevation of privilege vulnerability in Qualcomm video driver</td> 236 <td>CVE-2016-8436</td> 237 <td>Critical</td> 238 <td>No*</td> 239 </tr> 240 <tr> 241 <td>Vulnerabilities in Qualcomm components</td> 242 <td>CVE-2016-5080, CVE-2016-8398, CVE-2016-8437, CVE-2016-8438, 243 CVE-2016-8439, CVE-2016-8440, CVE-2016-8441, CVE-2016-8442, 244 CVE-2016-8443, CVE-2016-8459</td> 245 <td>Critical</td> 246 <td>No*</td> 247 </tr> 248 <tr> 249 <td>Elevation of privilege vulnerability in Qualcomm camera</td> 250 <td>CVE-2016-8412, CVE-2016-8444</td> 251 <td>High</td> 252 <td>Yes</td> 253 </tr> 254 <tr> 255 <td>Elevation of privilege vulnerability in MediaTek components</td> 256 <td>CVE-2016-8445, CVE-2016-8446, CVE-2016-8447, CVE-2016-8448</td> 257 <td>High</td> 258 <td>No*</td> 259 </tr> 260 <tr> 261 <td>Elevation of privilege vulnerability in Qualcomm Wi-Fi driver</td> 262 <td>CVE-2016-8415</td> 263 <td>High</td> 264 <td>Yes</td> 265 </tr> 266 <tr> 267 <td>Elevation of privilege vulnerability in NVIDIA GPU driver</td> 268 <td>CVE-2016-8449</td> 269 <td>High</td> 270 <td>Yes</td> 271 </tr> 272 <tr> 273 <td>Elevation of privilege vulnerability in Qualcomm sound driver</td> 274 <td>CVE-2016-8450</td> 275 <td>High</td> 276 <td>Yes</td> 277 </tr> 278 <tr> 279 <td>Elevation of privilege vulnerability in Synaptics touchscreen driver</td> 280 <td>CVE-2016-8451</td> 281 <td>High</td> 282 <td>No*</td> 283 </tr> 284 <tr> 285 <td>Elevation of privilege vulnerability in kernel security subsystem</td> 286 <td>CVE-2016-7042</td> 287 <td>High</td> 288 <td>Yes</td> 289 </tr> 290 <tr> 291 <td>Elevation of privilege vulnerability in kernel performance subsystem</td> 292 <td>CVE-2017-0403</td> 293 <td>High</td> 294 <td>Yes</td> 295 </tr> 296 <tr> 297 <td>Elevation of privilege vulnerability in kernel sound subsystem</td> 298 <td>CVE-2017-0404</td> 299 <td>High</td> 300 <td>Yes</td> 301 </tr> 302 <tr> 303 <td>Elevation of privilege vulnerability in Qualcomm Wi-Fi driver</td> 304 <td>CVE-2016-8452</td> 305 <td>High</td> 306 <td>Yes</td> 307 </tr> 308 <tr> 309 <td>Elevation of privilege vulnerability in Qualcomm radio driver</td> 310 <td>CVE-2016-5345</td> 311 <td>High</td> 312 <td>Yes</td> 313 </tr> 314 <tr> 315 <td>Elevation of privilege vulnerability in kernel profiling subsystem</td> 316 <td>CVE-2016-9754</td> 317 <td>High</td> 318 <td>Yes</td> 319 </tr> 320 <tr> 321 <td>Elevation of privilege vulnerability in Broadcom Wi-Fi driver</td> 322 <td>CVE-2016-8453, CVE-2016-8454, CVE-2016-8455, CVE-2016-8456, CVE-2016-8457</td> 323 <td>High</td> 324 <td>Yes</td> 325 </tr> 326 <tr> 327 <td>Elevation of privilege vulnerability in Synaptics touchscreen driver</td> 328 <td>CVE-2016-8458</td> 329 <td>High</td> 330 <td>Yes</td> 331 </tr> 332 <tr> 333 <td>Information disclosure vulnerability in NVIDIA video driver</td> 334 <td>CVE-2016-8460</td> 335 <td>High</td> 336 <td>Yes</td> 337 </tr> 338 <tr> 339 <td>Information disclosure vulnerability in bootloader</td> 340 <td>CVE-2016-8461, CVE-2016-8462</td> 341 <td>High</td> 342 <td>Yes</td> 343 </tr> 344 <tr> 345 <td>Denial of service vulnerability in Qualcomm FUSE file system</td> 346 <td>CVE-2016-8463</td> 347 <td>High</td> 348 <td>No*</td> 349 </tr> 350 <tr> 351 <td>Denial of service vulnerability in bootloader</td> 352 <td>CVE-2016-8467</td> 353 <td>High</td> 354 <td>Yes</td> 355 </tr> 356 <tr> 357 <td>Elevation of privilege vulnerability in Broadcom Wi-Fi driver</td> 358 <td>CVE-2016-8464, CVE-2016-8465, CVE-2016-8466</td> 359 <td>Moderate</td> 360 <td>Yes</td> 361 </tr> 362 <tr> 363 <td>Elevation of privilege vulnerability in Binder</td> 364 <td>CVE-2016-8468</td> 365 <td>Moderate</td> 366 <td>Yes</td> 367 </tr> 368 <tr> 369 <td>Information disclosure vulnerability in NVIDIA camera driver</td> 370 <td>CVE-2016-8469</td> 371 <td>Moderate</td> 372 <td>Yes</td> 373 </tr> 374 <tr> 375 <td>Information disclosure vulnerability in MediaTek driver</td> 376 <td>CVE-2016-8470, CVE-2016-8471, CVE-2016-8472</td> 377 <td>Moderate</td> 378 <td>No*</td> 379 </tr> 380 <tr> 381 <td>Information disclosure vulnerability in STMicroelectronics driver</td> 382 <td>CVE-2016-8473, CVE-2016-8474</td> 383 <td>Moderate</td> 384 <td>Yes</td> 385 </tr> 386 <tr> 387 <td>Information disclosure vulnerability in Qualcomm audio post processor</td> 388 <td>CVE-2017-0399, CVE-2017-0400, CVE-2017-0401, CVE-2017-0402</td> 389 <td>Moderate</td> 390 <td>Yes</td> 391 </tr> 392 <tr> 393 <td>Information disclosure vulnerability in HTC input driver</td> 394 <td>CVE-2016-8475</td> 395 <td>Moderate</td> 396 <td>Yes</td> 397 </tr> 398 <tr> 399 <td>Denial of service vulnerability in kernel file system</td> 400 <td>CVE-2014-9420</td> 401 <td>Moderate</td> 402 <td>Yes</td> 403 </tr> 404</table> 405<p>* Supported Google devices on Android 7.0 or later that have installed all 406available updates are not affected by this vulnerability.</p> 407 408<h2 id="mitigations">Android and Google service 409mitigations</h2> 410<p>This is a summary of the mitigations provided by the <a 411href="{@docRoot}security/enhancements/index.html">Android 412security platform</a> and service protections, such as SafetyNet. These 413capabilities reduce the likelihood that security vulnerabilities could be 414successfully exploited on Android.</p> 415<ul> 416 <li>Exploitation for many issues on Android is made more difficult by 417 enhancements in newer versions of the Android platform. We encourage all users 418 to update to the latest version of Android where possible.</li> 419 <li>The Android Security team actively monitors for abuse with 420 <a href="http://static.googleusercontent.com/media/source.android.com/en//security/reports/Google_Android_Security_2015_Report_Final.pdf">Verify 421 Apps and SafetyNet</a>, which are designed to warn users about 422 <a href="http://static.googleusercontent.com/media/source.android.com/en//security/reports/Google_Android_Security_PHA_classifications.pdf">Potentially 423 Harmful Applications</a>. Verify Apps is enabled by default on devices with <a 424 href="http://www.android.com/gms">Google Mobile Services</a> and is especially 425 important for users who install applications from outside of Google Play. Device 426 rooting tools are prohibited within Google Play, but Verify Apps warns users 427 when they attempt to install a detected rooting application—no matter where it 428 comes from. Additionally, Verify Apps attempts to identify and block 429 installation of known malicious applications that exploit a privilege escalation 430 vulnerability. If such an application has already been installed, Verify Apps 431 will notify the user and attempt to remove the detected application.</li> 432 <li>As appropriate, Google Hangouts and Messenger applications do not 433 automatically pass media to processes such as Mediaserver.</li> 434</ul> 435<h2 id="acknowledgements">Acknowledgements</h2> 436<p>We would like to thank these researchers for their contributions:</p> 437<ul> 438 <li>Alexandru Blanda: CVE-2017-0390</li> 439 <li>Daniel Micay of Copperhead Security: CVE-2017-0397</li> 440 <li>Daxing Guo (<a href="https://twitter.com/freener0">@freener0</a>) of Xuanwu 441 Lab, Tencent: CVE-2017-0386</li> 442 <li><a href="mailto:derrek.haxx@gmail.com">derrek</a> (<a 443 href="https://twitter.com/derrekr6">@derrekr6</a>): CVE-2017-0392</li> 444 <li>Di Shen (<a href="https://twitter.com/returnsme">@returnsme</a>) of KeenLab 445 (<a href="https://twitter.com/keen_lab">@keen_lab</a>), Tencent: CVE-2016-8412, 446 CVE-2016-8444, CVE-2016-8427, CVE-2017-0403</li> 447 <li>donfos (Aravind Machiry) of Shellphish Grill Team, UC Santa Barbara: 448 CVE-2016-8448, CVE-2016-8470, CVE-2016-8471, CVE-2016-8472</li> 449 <li>En He (<a href="http://twitter.com/heeeeen4x">@heeeeen4x</a>) of <a 450 href="http://www.ms509.com">MS509Team</a>: CVE-2017-0394</li> 451 <li>Gengjia Chen (<a href="https://twitter.com/chengjia4574">@chengjia4574</a>) 452 and <a href="http://weibo.com/jfpan">pjf</a> of IceSword Lab, Qihoo 360 453 Technology Co. Ltd.: CVE-2016-8464</li> 454 <li>Google WebM Team: CVE-2017-0393</li> 455 <li>Guang Gong (龚广) (<a href="http://twitter.com/oldfresher">@oldfresher</a>) of 456 Alpha Team, <a href="http://www.360.com">Qihoo 360 Technology Co. Ltd.</a>: 457 CVE-2017-0387</li> 458 <li>Hao Chen and Guang Gong of Alpha Team, Qihoo 360 Technology Co. Ltd.: 459 CVE-2016-8415, CVE-2016-8454, CVE-2016-8455, CVE-2016-8456, CVE-2016-8457, 460 CVE-2016-8465</li> 461 <li>Jianqiang Zhao (<a 462 href="https://twitter.com/jianqiangzhao">@jianqiangzhao</a>) and <a 463 href="http://weibo.com/jfpan">pjf</a> of IceSword Lab, Qihoo 360: CVE-2016-8475</li> 464 <li>Jon Sawyer (<a href="http://twitter.com/jcase">@jcase</a>) and Sean Beaupre 465 (<a href="https://twitter.com/firewaterdevs">@firewaterdevs</a>): CVE-2016-8462</li> 466 <li>Jon Sawyer (<a href="http://twitter.com/jcase">@jcase</a>), Sean Beaupre (<a 467 href="https://twitter.com/firewaterdevs">@firewaterdevs</a>), and Ben Actis (<a 468 href="https://twitter.com/ben_ra">@Ben_RA</a>): CVE-2016-8461</li> 469 <li>Mingjian Zhou (<a 470 href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>), Yuqi Lu (<a 471 href="https://twitter.com/nikos233__">@nikos233</a>), Chiachih Wu (<a 472 href="https://twitter.com/chiachih_wu">@chiachih_wu</a>), and Xuxian Jiang of <a 473 href="http://c0reteam.org">C0RE Team</a>: CVE-2017-0383</li> 474 <li>Monk Avel: CVE-2017-0396, CVE-2017-0399</li> 475 <li>Peter Pi (<a href="https://twitter.com/heisecode">@heisecode</a>) of Trend 476 Micro: CVE-2016-8469, CVE-2016-8424, CVE-2016-8428, CVE-2016-8429, 477 CVE-2016-8460, CVE-2016-8473, CVE-2016-8474</li> 478 <li>Qidan He (何淇丹) (<a href="https://twitter.com/flanker_hqd">@flanker_hqd</a>) 479 of KeenLab, Tencent (腾讯科恩实验室): CVE-2017-0382</li> 480 <li>Roee Hay and Michael Goberman of IBM Security X-Force: CVE-2016-8467</li> 481 <li>Seven Shen (<a href="https://twitter.com/lingtongshen">@lingtongshen</a>) of 482 Trend Micro Mobile Threat Research Team: CVE-2016-8466</li> 483 <li>Stephen Morrow: CVE-2017-0389</li> 484 <li>V.E.O (<a href="https://twitter.com/vysea">@VYSEa</a>) of Mobile Threat 485 Research Team, <a href="http://www.trendmicro.com">Trend Micro</a>: 486 CVE-2017-0381</li> 487 <li>Weichao Sun (<a href="https://twitter.com/sunblate">@sunblate</a>) of 488 Alibaba Inc.: CVE-2017-0391</li> 489 <li><a href="mailto:vancouverdou@gmail.com">Wenke Dou</a>, Chiachih Wu (<a 490 href="https://twitter.com/chiachih_wu">@chiachih_wu</a>), and Xuxian Jiang of <a 491 href="http://c0reteam.org">C0RE Team</a>: CVE-2017-0402, CVE-2017-0398</li> 492 <li><a href="mailto:vancouverdou@gmail.com">Wenke Dou</a>, <a 493 href="mailto:arnow117@gmail.com">Hanxiang Wen</a>, Chiachih Wu (<a 494 href="https://twitter.com/chiachih_wu">@chiachih_wu</a>), and Xuxian Jiang of <a 495 href="http://c0reteam.org">C0RE Team</a>: CVE-2017-0400</li> 496 <li><a href="mailto:vancouverdou@gmail.com">Wenke Dou</a>, <a 497 href="mailto:hlhan@bupt.edu.cn">Hongli Han</a>, Chiachih Wu (<a 498 href="https://twitter.com/chiachih_wu">@chiachih_wu</a>), and Xuxian Jiang of <a 499 href="http://c0reteam.org">C0RE Team</a>: CVE-2017-0384, CVE-2017-0385</li> 500 <li><a href="mailto:vancouverdou@gmail.com">Wenke Dou</a>, Yuqi Lu (<a 501 href="https://twitter.com/nikos233__">@nikos233</a>), Chiachih Wu (<a 502 href="https://twitter.com/chiachih_wu">@chiachih_wu</a>), and Xuxian Jiang of <a 503 href="http://c0reteam.org">C0RE Team</a>: CVE-2017-0401</li> 504 <li><a href="mailto:yaojun8558363@gmail.com">Yao Jun</a>, <a 505 href="mailto:computernik@gmail.com">Yuan-Tsung Lo</a>, Chiachih Wu (<a 506 href="https://twitter.com/chiachih_wu">@chiachih_wu</a>), and Xuxian Jiang of <a 507 href="http://c0reteam.org">C0RE Team</a>: CVE-2016-8431, CVE-2016-8432, 508 CVE-2016-8435</li> 509 <li>Yong Wang (王勇) (<a 510 href="https://twitter.com/ThomasKing2014">@ThomasKing2014</a>) and Jun Cheng of 511 Alibaba Inc.: CVE-2017-0404</li> 512 <li><a href="mailto:computernik@gmail.com">Yuan-Tsung Lo</a>, <a 513 href="mailto:segfault5514@gmail.com">Tong Lin</a>, Chiachih Wu (<a 514 href="https://twitter.com/chiachih_wu">@chiachih_wu</a>), and Xuxian Jiang of <a 515 href="http://c0reteam.org">C0RE Team</a>: CVE-2016-8425, CVE-2016-8426, 516 CVE-2016-8449</li> 517 <li><a href="mailto:computernik@gmail.com">Yuan-Tsung Lo</a>, <a 518 href="mailto:bigwyfone@gmail.com">Yanfeng Wang</a>, Chiachih Wu (<a 519 href="https://twitter.com/chiachih_wu">@chiachih_wu</a>), and Xuxian Jiang of <a 520 href="http://c0reteam.org">C0RE Team</a>: CVE-2016-8430, CVE-2016-8482</li> 521 <li>Yuxiang Li (<a href="https://twitter.com/xbalien29">@Xbalien29</a>) of 522 Tencent Security Platform Department: CVE-2017-0395</li> 523 <li>Zhanpeng Zhao (行之) (<a href="https://twitter.com/0xr0ot">@0xr0ot</a>) of 524 Security Research Lab, <a href="http://www.cmcm.com/">Cheetah Mobile</a>: 525 CVE-2016-8451</li> 526</ul> 527<p>We would also like to thank the following researchers for their contributions to 528this bulletin:</p> 529<ul> 530 <li>Baozeng Ding, Chengming Yang, Peng Xiao, Ning You, Yang Dong, Chao Yang, Yi 531 Zhang and Yang Song of Alibaba Mobile Security Group</li> 532 <li>Peter Pi (<a href="https://twitter.com/heisecode">@heisecode</a>) of Trend 533 Micro</li> 534 <li>Zubin Mithra of Google</li> 535</ul> 536 537<h2 id="2017-01-01-details">2017-01-01 security patch level—Vulnerability 538details</h2> 539<p> 540In the sections below, we provide details for each of the security 541vulnerabilities listed in the <a href="#2017-01-01-summary">2017-01-01 security 542patch level—Vulnerability summary</a> above. There is a description of 543the issue, a severity rationale, and a table with the CVE, associated 544references, severity, updated Google devices, updated AOSP versions (where 545applicable), and date reported. When available, we will link the public change 546that addressed the issue to the bug ID, like the AOSP change list. When multiple 547changes relate to a single bug, additional references are linked to numbers 548following the bug ID.</p> 549 550<h3 id="rce-in-c-ares">Remote code execution vulnerability in c-ares</h3> 551<p> 552A remote code execution vulnerability in c-ares could enable an attacker using 553a specially crafted request to execute arbitrary code in the context of an 554unprivileged process. This issue is rated as High due to the possibility of 555remote code execution in an application that uses this library. 556</p> 557 558<table> 559 <col width="18%"> 560 <col width="17%"> 561 <col width="10%"> 562 <col width="19%"> 563 <col width="18%"> 564 <col width="17%"> 565 <tr> 566 <th>CVE</th> 567 <th>References</th> 568 <th>Severity</th> 569 <th>Updated Google devices</th> 570 <th>Updated AOSP versions</th> 571 <th>Date reported</th> 572 </tr> 573 <tr> 574 <td>CVE-2016-5180</td> 575 <td><a href="https://android.googlesource.com/platform/external/c-ares/+/f4baf84f285bfbdebb89b2fef8a955720f00c677"> 576 A-32205736</a></td> 577 <td>High</td> 578 <td>All</td> 579 <td>7.0</td> 580 <td>Sept 29, 2016</td> 581 </tr> 582</table> 583 584 585<h3 id="rce-vulnerability-in-framesequence">Remote code 586execution vulnerability in Framesequence</h3> 587<p> 588A remote code execution vulnerability in the Framesequence library could enable 589an attacker using a specially crafted file to execute arbitrary code in the 590context of an unprivileged process. This issue is rated as High due to the 591possibility of remote code execution in an application that uses the 592Framesequence library. 593</p> 594<table> 595 <col width="18%"> 596 <col width="17%"> 597 <col width="10%"> 598 <col width="19%"> 599 <col width="18%"> 600 <col width="17%"> 601 <tr> 602 <th>CVE</th> 603 <th>References</th> 604 <th>Severity</th> 605 <th>Updated Google devices</th> 606 <th>Updated AOSP versions</th> 607 <th>Date reported</th> 608 </tr> 609 <tr> 610 <td>CVE-2017-0382</td> 611 <td><a href="https://android.googlesource.com/platform/frameworks/ex/+/7f0e3dab5a892228d8dead7f0221cc9ae82474f7"> 612 A-32338390</a></td> 613 <td>High</td> 614 <td>All</td> 615 <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 616 <td>Oct 21, 2016</td> 617 </tr> 618</table> 619<h3 id="eop-in-framework-apis">Elevation of 620privilege vulnerability in Framework APIs</h3> 621<p> 622An elevation of privilege vulnerability in the Framework APIs could enable a 623local malicious application to execute arbitrary code within the context of a 624privileged process. This issue is rated as High because it could be used to gain 625local access to elevated capabilities, which are not normally accessible to a 626third-party application. 627</p> 628<table> 629 <col width="18%"> 630 <col width="17%"> 631 <col width="10%"> 632 <col width="19%"> 633 <col width="18%"> 634 <col width="17%"> 635 <tr> 636 <th>CVE</th> 637 <th>References</th> 638 <th>Severity</th> 639 <th>Updated Google devices</th> 640 <th>Updated AOSP versions</th> 641 <th>Date reported</th> 642 </tr> 643 <tr> 644 <td>CVE-2017-0383</td> 645 <td><a href="https://android.googlesource.com/platform/frameworks/native/+/e5753ba087fa59ee02f6026cc13b1ceb42a1f266"> 646 A-31677614</a></td> 647 <td>High</td> 648 <td>All</td> 649 <td>7.0, 7.1.1</td> 650 <td>Sep 21, 2016</td> 651 </tr> 652</table> 653<h3 id="eop-in-audioserver">Elevation of 654privilege vulnerability in Audioserver</h3> 655<p> 656An elevation of privilege vulnerability in Audioserver could enable a local 657malicious application to execute arbitrary code within the context of a 658privileged process. This issue is rated as High because it could be used to gain 659local access to elevated capabilities, which are not normally accessible to a 660third-party application. 661</p> 662<table> 663 <col width="18%"> 664 <col width="17%"> 665 <col width="10%"> 666 <col width="19%"> 667 <col width="18%"> 668 <col width="17%"> 669 <tr> 670 <th>CVE</th> 671 <th>References</th> 672 <th>Severity</th> 673 <th>Updated Google devices</th> 674 <th>Updated AOSP versions</th> 675 <th>Date reported</th> 676 </tr> 677 <tr> 678 <td>CVE-2017-0384</td> 679 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/321ea5257e37c8edb26e66fe4ee78cca4cd915fe"> 680 A-32095626</a></td> 681 <td>High</td> 682 <td>All</td> 683 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 684 <td>Oct 11, 2016</td> 685 </tr> 686 <tr> 687 <td>CVE-2017-0385</td> 688 <td><a href="https://android.googlesource.com/platform/hardware/qcom/audio/+/ed79f2cc961d7d35fdbbafdd235c1436bcd74358"> 689 A-32585400</a></td> 690 <td>High</td> 691 <td>All</td> 692 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 693 <td>Oct 11, 2016</td> 694 </tr> 695</table> 696<h3 id="eop-in-libnl">Elevation of privilege 697vulnerability in libnl</h3> 698<p> 699An elevation of privilege vulnerability in the libnl library could enable a 700local malicious application to execute arbitrary code within the context of a 701privileged process. This issue is rated as High because it could be used to gain 702local access to elevated capabilities, which are not normally accessible to a 703third-party application. 704</p> 705<table> 706 <col width="18%"> 707 <col width="17%"> 708 <col width="10%"> 709 <col width="19%"> 710 <col width="18%"> 711 <col width="17%"> 712 <tr> 713 <th>CVE</th> 714 <th>References</th> 715 <th>Severity</th> 716 <th>Updated Google devices</th> 717 <th>Updated AOSP versions</th> 718 <th>Date reported</th> 719 </tr> 720 <tr> 721 <td>CVE-2017-0386</td> 722 <td><a href="https://android.googlesource.com/platform/external/libnl/+/f0b40192efd1af977564ed6335d42a8bbdaf650a"> 723 A-32255299</a></td> 724 <td>High</td> 725 <td>All</td> 726 <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 727 <td>Oct 18, 2016</td> 728 </tr> 729</table> 730<h3 id="eop-in-mediaserver">Elevation of 731privilege vulnerability in Mediaserver</h3> 732<p> 733An elevation of privilege vulnerability in Mediaserver could enable a local 734malicious application to execute arbitrary code within the context of a 735privileged process. This issue is rated as High because it could be used to gain 736local access to elevated capabilities, which are not normally accessible to a 737third-party application. 738</p> 739<table> 740 <col width="18%"> 741 <col width="17%"> 742 <col width="10%"> 743 <col width="19%"> 744 <col width="18%"> 745 <col width="17%"> 746 <tr> 747 <th>CVE</th> 748 <th>References</th> 749 <th>Severity</th> 750 <th>Updated Google devices</th> 751 <th>Updated AOSP versions</th> 752 <th>Date reported</th> 753 </tr> 754 <tr> 755 <td>CVE-2017-0387</td> 756 <td><a href="https://android.googlesource.com/platform/frameworks/native/+/675e212c8c6653825cc3352c603caf2e40b00f9f"> 757 A-32660278</a></td> 758 <td>High</td> 759 <td>All</td> 760 <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 761 <td>Nov 4, 2016</td> 762 </tr> 763</table> 764<h3 id="id-in-external-storage-provider">Information disclosure vulnerability 765in External Storage Provider</h3> 766<p> 767An information disclosure vulnerability in the External Storage Provider could 768enable a local secondary user to read data from an external storage SD card 769inserted by the primary user. This issue is rated as High because it could be 770used to access data without permission. 771</p> 772<table> 773 <col width="18%"> 774 <col width="17%"> 775 <col width="10%"> 776 <col width="19%"> 777 <col width="18%"> 778 <col width="17%"> 779 <tr> 780 <th>CVE</th> 781 <th>References</th> 782 <th>Severity</th> 783 <th>Updated Google devices</th> 784 <th>Updated AOSP versions</th> 785 <th>Date reported</th> 786 </tr> 787 <tr> 788 <td>CVE-2017-0388</td> 789 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/47e62b7fe6807a274ba760a8fecfd624fe792da9"> 790 A-32523490</a></td> 791 <td>High</td> 792 <td>All</td> 793 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 794 <td>Google internal</td> 795 </tr> 796</table> 797<h3 id="dos-in-core-networking">Denial of service 798vulnerability in core networking</h3> 799<p> 800A denial of service vulnerability in core networking could enable a remote 801attacker to use specially crafted network packet to cause a device hang or 802reboot. This issue is rated as High due to the possibility of remote denial of 803service. 804</p> 805<table> 806 <col width="18%"> 807 <col width="17%"> 808 <col width="10%"> 809 <col width="19%"> 810 <col width="18%"> 811 <col width="17%"> 812 <tr> 813 <th>CVE</th> 814 <th>References</th> 815 <th>Severity</th> 816 <th>Updated Google devices</th> 817 <th>Updated AOSP versions</th> 818 <th>Date reported</th> 819 </tr> 820 <tr> 821 <td>CVE-2017-0389</td> 822 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/a014b6be3c7c6fb5cf9352a05baf84fca7a133c7"> 823 A-31850211</a> 824[<a href="https://android.googlesource.com/platform/frameworks/base/+/47e81a2596b00ee7aaca58716ff164a1708b0b29">2</a>] 825[<a href="https://android.googlesource.com/platform/frameworks/base/+/006e0613016c1a0e0627f992f5a93a7b7198edba#">3</a>]</td> 826 <td>High</td> 827 <td>All</td> 828 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 829 <td>Jul 20, 2016</td> 830 </tr> 831</table> 832<h3 id="dos-in-mediaserver">Denial of service 833vulnerability in Mediaserver</h3> 834<p> 835A denial of service vulnerability in Mediaserver could enable a remote attacker 836to use a specially crafted file to cause a device hang or reboot. This issue is 837rated as High due to the possibility of remote denial of service. 838</p> 839<table> 840 <col width="18%"> 841 <col width="17%"> 842 <col width="10%"> 843 <col width="19%"> 844 <col width="18%"> 845 <col width="17%"> 846 <tr> 847 <th>CVE</th> 848 <th>References</th> 849 <th>Severity</th> 850 <th>Updated Google devices</th> 851 <th>Updated AOSP versions</th> 852 <th>Date reported</th> 853 </tr> 854 <tr> 855 <td>CVE-2017-0390</td> 856 <td><a href="https://android.googlesource.com/platform/external/tremolo/+/5dc99237d49e73c27d3eca54f6ccd97d13f94de0"> 857 A-31647370</a></td> 858 <td>High</td> 859 <td>All</td> 860 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 861 <td>Sep 19, 2016</td> 862 </tr> 863 <tr> 864 <td>CVE-2017-0391</td> 865 <td><a href="https://android.googlesource.com/platform/external/libhevc/+/a33f6725d7e9f92330f995ce2dcf4faa33f6433f"> 866 A-32322258</a></td> 867 <td>High</td> 868 <td>All</td> 869 <td>6.0, 6.0.1, 7.0, 7.1.1</td> 870 <td>Oct 20, 2016</td> 871 </tr> 872 <tr> 873 <td>CVE-2017-0392</td> 874 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/453b351ac5bd2b6619925dc966da60adf6b3126c"> 875 A-32577290</a></td> 876 <td>High</td> 877 <td>All</td> 878 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 879 <td>Oct 29, 2016</td> 880 </tr> 881 <tr> 882 <td>CVE-2017-0393</td> 883 <td><a href="https://android.googlesource.com/platform/external/libvpx/+/6886e8e0a9db2dbad723dc37a548233e004b33bc"> 884 A-30436808</a></td> 885 <td>High</td> 886 <td>All</td> 887 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 888 <td>Google internal</td> 889 </tr> 890</table> 891<h3 id="dos-in-telephony">Denial of service 892vulnerability in Telephony</h3> 893<p> 894A denial of service vulnerability in Telephony could enable a remote attacker to 895cause a device hang or reboot. This issue is rated as High due to the 896possibility of remote denial of service. 897</p> 898<table> 899 <col width="18%"> 900 <col width="17%"> 901 <col width="10%"> 902 <col width="19%"> 903 <col width="18%"> 904 <col width="17%"> 905 <tr> 906 <th>CVE</th> 907 <th>References</th> 908 <th>Severity</th> 909 <th>Updated Google devices</th> 910 <th>Updated AOSP versions</th> 911 <th>Date reported</th> 912 </tr> 913 <tr> 914 <td>CVE-2017-0394</td> 915 <td><a href="https://android.googlesource.com/platform/packages/services/Telephony/+/1cdced590675ce526c91c6f8983ceabb8038f58d"> 916 A-31752213</a></td> 917 <td>High</td> 918 <td>All</td> 919 <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 920 <td>Sep 23, 2016</td> 921 </tr> 922</table> 923<h3 id="eop-in-contacts">Elevation of privilege 924vulnerability in Contacts</h3> 925<p> 926An elevation of privilege vulnerability in Contacts could enable a local 927malicious application to silently create contact information. This issue is 928rated as Moderate because it is a local bypass of user interaction requirements 929(access to functionality that would normally require either user initiation or 930user permission). 931</p> 932<table> 933 <col width="18%"> 934 <col width="17%"> 935 <col width="10%"> 936 <col width="19%"> 937 <col width="18%"> 938 <col width="17%"> 939 <tr> 940 <th>CVE</th> 941 <th>References</th> 942 <th>Severity</th> 943 <th>Updated Google devices</th> 944 <th>Updated AOSP versions</th> 945 <th>Date reported</th> 946 </tr> 947 <tr> 948 <td>CVE-2017-0395</td> 949 <td><a href="https://android.googlesource.com/platform/packages/apps/ContactsCommon/+/d47661ad82d402c1e0c90eb83970687d784add1b"> 950 A-32219099</a></td> 951 <td>Moderate</td> 952 <td>All</td> 953 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 954 <td>Oct 15, 2016</td> 955 </tr> 956</table> 957<h3 id="id-in-mediaserver">Information 958disclosure vulnerability in Mediaserver</h3> 959<p> 960An information disclosure vulnerability in Mediaserver could enable a local 961malicious application to access data outside of its permission levels. This 962issue is rated as Moderate because it could be used to access sensitive data 963without permission. 964</p> 965<table> 966 <col width="18%"> 967 <col width="17%"> 968 <col width="10%"> 969 <col width="19%"> 970 <col width="18%"> 971 <col width="17%"> 972 <tr> 973 <th>CVE</th> 974 <th>References</th> 975 <th>Severity</th> 976 <th>Updated Google devices</th> 977 <th>Updated AOSP versions</th> 978 <th>Date reported</th> 979 </tr> 980 <tr> 981 <td>CVE-2017-0381</td> 982 <td><a href="https://android.googlesource.com/platform/external/libopus/+/0d052d64480a30e83fcdda80f4774624e044beb7"> 983 A-31607432</a></td> 984 <td>Moderate</td> 985 <td>All</td> 986 <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 987 <td>Sep 18, 2016</td> 988 </tr> 989 <tr> 990 <td>CVE-2017-0396</td> 991 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/557bd7bfe6c4895faee09e46fc9b5304a956c8b7"> 992 A-31781965</a></td> 993 <td>Moderate</td> 994 <td>All</td> 995 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 996 <td>Sep 27, 2016</td> 997 </tr> 998 <tr> 999 <td>CVE-2017-0397</td> 1000 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/7a3246b870ddd11861eda2ab458b11d723c7f62c"> 1001 A-32377688</a></td> 1002 <td>Moderate</td> 1003 <td>All</td> 1004 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 1005 <td>Oct 21, 2016</td> 1006 </tr> 1007</table> 1008<h3 id="id-in-audioserver">Information 1009disclosure vulnerability in Audioserver</h3> 1010<p> 1011An information disclosure vulnerability in Audioserver could enable a local 1012malicious application to access data outside of its permission levels. This 1013issue is rated as Moderate because it could be used to access sensitive data 1014without permission. 1015</p> 1016<table> 1017 <col width="18%"> 1018 <col width="17%"> 1019 <col width="10%"> 1020 <col width="19%"> 1021 <col width="18%"> 1022 <col width="17%"> 1023 <tr> 1024 <th>CVE</th> 1025 <th>References</th> 1026 <th>Severity</th> 1027 <th>Updated Google devices</th> 1028 <th>Updated AOSP versions</th> 1029 <th>Date reported</th> 1030 </tr> 1031 <tr> 1032 <td>CVE-2017-0398</td> 1033 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/26965db50a617f69bdefca0d7533796c80374f2c"> 1034 A-32438594</a></td> 1035 <td>Moderate</td> 1036 <td>All</td> 1037 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 1038 <td>Oct 25, 2016</td> 1039 </tr> 1040 <tr> 1041 <td>CVE-2017-0398</td> 1042 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/26965db50a617f69bdefca0d7533796c80374f2c"> 1043 A-32635664</a></td> 1044 <td>Moderate</td> 1045 <td>All</td> 1046 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 1047 <td>Oct 25, 2016</td> 1048 </tr> 1049 <tr> 1050 <td>CVE-2017-0398</td> 1051 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/26965db50a617f69bdefca0d7533796c80374f2c"> 1052 A-32624850</a></td> 1053 <td>Moderate</td> 1054 <td>All</td> 1055 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 1056 <td>Oct 25, 2016</td> 1057 </tr> 1058 <tr> 1059 <td>CVE-2017-0399</td> 1060 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/c66c43ad571ed2590dcd55a762c73c90d9744bac"> 1061 A-32247948</a> 1062[<a href="https://android.googlesource.com/platform/hardware/qcom/audio/+/d72ea85c78a1a68bf99fd5804ad9784b4102fe57">2</a>]</td> 1063 <td>Moderate</td> 1064 <td>All</td> 1065 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 1066 <td>Oct 18, 2016</td> 1067 </tr> 1068 <tr> 1069 <td>CVE-2017-0400</td> 1070 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/c66c43ad571ed2590dcd55a762c73c90d9744bac"> 1071 A-32584034</a> 1072[<a href="https://android.googlesource.com/platform/hardware/qcom/audio/+/d72ea85c78a1a68bf99fd5804ad9784b4102fe57">2</a>]</td> 1073 <td>Moderate</td> 1074 <td>All</td> 1075 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 1076 <td>Oct 25, 2016</td> 1077 </tr> 1078 <tr> 1079 <td>CVE-2017-0401</td> 1080 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/321ea5257e37c8edb26e66fe4ee78cca4cd915fe"> 1081 A-32448258</a></td> 1082 <td>Moderate</td> 1083 <td>All</td> 1084 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 1085 <td>Oct 26, 2016</td> 1086 </tr> 1087 <tr> 1088 <td>CVE-2017-0402</td> 1089 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/c66c43ad571ed2590dcd55a762c73c90d9744bac"> 1090 A-32436341</a> 1091[<a href="https://android.googlesource.com/platform/hardware/qcom/audio/+/d72ea85c78a1a68bf99fd5804ad9784b4102fe57">2</a>]</td> 1092 <td>Moderate</td> 1093 <td>All</td> 1094 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 1095 <td>Oct 25, 2016</td> 1096 </tr> 1097</table> 1098 1099<h2 id="2017-01-05-details">2017-01-05 security patch level—Vulnerability 1100details</h2> 1101<p> 1102In the sections below, we provide details for each of the security 1103vulnerabilities listed in the 1104<a href="#2017-01-05-summary">2017-01-05 1105security patch level—Vulnerability summary</a> above. There is a description of 1106the issue, a severity rationale, and a table with the CVE, associated 1107references, severity, updated Google devices, updated AOSP versions (where 1108applicable), and date reported. When available, we will link the public change 1109that addressed the issue to the bug ID, like the AOSP change list. When multiple 1110changes relate to a single bug, additional references are linked to numbers 1111following the bug ID.</p> 1112 1113 1114<h3 id="eop-in-kernel-memory-subsystem">Elevation of privilege vulnerability in 1115kernel memory subsystem</h3> 1116<p> 1117An elevation of privilege vulnerability in the kernel memory subsystem could 1118enable a local malicious application to execute arbitrary code within the 1119context of the kernel. This issue is rated as Critical due to the possibility 1120of a local permanent device compromise, which may require reflashing the 1121operating system to repair the device. 1122</p> 1123 1124<table> 1125 <col width="19%"> 1126 <col width="20%"> 1127 <col width="10%"> 1128 <col width="23%"> 1129 <col width="17%"> 1130 <tr> 1131 <th>CVE</th> 1132 <th>References</th> 1133 <th>Severity</th> 1134 <th>Updated Google devices</th> 1135 <th>Date reported</th> 1136 </tr> 1137 <tr> 1138 <td>CVE-2015-3288</td> 1139 <td>A-32460277<br> 1140 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6b7339f4c31ad69c8e9c0b2859276e22cf72176d"> 1141Upstream kernel</a></td> 1142 <td>Critical</td> 1143 <td>Nexus 5X, Nexus 6, Nexus 6P, Android One, Pixel C, Nexus Player, Pixel, 1144Pixel XL</td> 1145 <td>Jul 9, 2015</td> 1146 </tr> 1147</table> 1148 1149 1150<h3 id="eop-in-qualcomm-bootloader">Elevation of privilege vulnerability in 1151Qualcomm bootloader</h3> 1152<p> 1153An elevation of privilege vulnerability in the Qualcomm bootloader could enable 1154a local malicious application to execute arbitrary code within the context of 1155the kernel. This issue is rated as Critical due to the possibility of a local 1156permanent device compromise, which may require reflashing the operating system 1157to repair the device. 1158</p> 1159 1160<table> 1161 <col width="19%"> 1162 <col width="20%"> 1163 <col width="10%"> 1164 <col width="23%"> 1165 <col width="17%"> 1166 <tr> 1167 <th>CVE</th> 1168 <th>References</th> 1169 <th>Severity</th> 1170 <th>Updated Google devices</th> 1171 <th>Date reported</th> 1172 </tr> 1173 <tr> 1174 <td>CVE-2016-8422</td> 1175 <td>A-31471220<br> 1176 <a href="https://source.codeaurora.org/quic/la//kernel/lk/commit/?id=d6639f0a77f8ebfc1e05f3acdf12d5588e7e6213"> 1177QC-CR#979426</a></td> 1178 <td>Critical</td> 1179 <td>Nexus 6, Nexus 6P, Pixel, Pixel XL</td> 1180 <td>Jul 22, 2016</td> 1181 </tr> 1182 <tr> 1183 <td>CVE-2016-8423</td> 1184 <td>A-31399736<br> 1185 <a href="https://source.codeaurora.org/quic/la//kernel/lk/commit/?id=98db6cc526fa1677da05d54785937540cdc84867"> 1186QC-CR#1000546</a></td> 1187 <td>Critical</td> 1188 <td>Nexus 6P, Pixel, Pixel XL</td> 1189 <td>Aug 24, 2016</td> 1190 </tr> 1191</table> 1192 1193 1194<h3 id="eop-in-kernel-file-system">Elevation of privilege vulnerability in 1195kernel file system</h3> 1196<p> 1197An elevation of privilege vulnerability in the kernel file system could enable 1198a local malicious application to execute arbitrary code within the context of 1199the kernel. This issue is rated as Critical due to the possibility of a local 1200permanent device compromise, which may require reflashing the operating system 1201to repair the device. 1202</p> 1203 1204<table> 1205 <col width="19%"> 1206 <col width="20%"> 1207 <col width="10%"> 1208 <col width="23%"> 1209 <col width="17%"> 1210 <tr> 1211 <th>CVE</th> 1212 <th>References</th> 1213 <th>Severity</th> 1214 <th>Updated Google devices</th> 1215 <th>Date reported</th> 1216 </tr> 1217 <tr> 1218 <td>CVE-2015-5706</td> 1219 <td>A-32289301<br> 1220 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f15133df088ecadd141ea1907f2c96df67c729f0"> 1221Upstream kernel</a></td> 1222 <td>Critical</td> 1223 <td>None*</td> 1224 <td>Aug 1, 2016</td> 1225 </tr> 1226</table> 1227<p> 1228* Supported Google devices on Android 7.0 or later that have installed all 1229available updates are not affected by this vulnerability. 1230</p> 1231 1232 1233<h3 id="eop-in-nvidia-gpu-driver">Elevation of privilege vulnerability in 1234NVIDIA GPU driver</h3> 1235<p> 1236An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a 1237local malicious application to execute arbitrary code within the context of the 1238kernel. This issue is rated as Critical due to the possibility of a local 1239permanent device compromise, which may require reflashing the operating system 1240to repair the device. 1241</p> 1242 1243<table> 1244 <col width="19%"> 1245 <col width="20%"> 1246 <col width="10%"> 1247 <col width="23%"> 1248 <col width="17%"> 1249 <tr> 1250 <th>CVE</th> 1251 <th>References</th> 1252 <th>Severity</th> 1253 <th>Updated Google devices</th> 1254 <th>Date reported</th> 1255 </tr> 1256 <tr> 1257 <td>CVE-2016-8424</td> 1258 <td>A-31606947*<br> 1259 N-CVE-2016-8424</td> 1260 <td>Critical</td> 1261 <td>Nexus 9</td> 1262 <td>Sep 17, 2016</td> 1263 </tr> 1264 <tr> 1265 <td>CVE-2016-8425</td> 1266 <td>A-31797770*<br> 1267 N-CVE-2016-8425</td> 1268 <td>Critical</td> 1269 <td>Nexus 9</td> 1270 <td>Sep 28, 2016</td> 1271 </tr> 1272 <tr> 1273 <td>CVE-2016-8426</td> 1274 <td>A-31799206*<br> 1275 N-CVE-2016-8426</td> 1276 <td>Critical</td> 1277 <td>Nexus 9</td> 1278 <td>Sep 28, 2016</td> 1279 </tr> 1280 <tr> 1281 <td>CVE-2016-8482</td> 1282 <td>A-31799863*<br> 1283 N-CVE-2016-8482</td> 1284 <td>Critical</td> 1285 <td>Nexus 9</td> 1286 <td>Sep 28, 2016</td> 1287 </tr> 1288 <tr> 1289 <td>CVE-2016-8427</td> 1290 <td>A-31799885*<br> 1291 N-CVE-2016-8427</td> 1292 <td>Critical</td> 1293 <td>Nexus 9</td> 1294 <td>Sep 28, 2016</td> 1295 </tr> 1296 <tr> 1297 <td>CVE-2016-8428</td> 1298 <td>A-31993456*<br> 1299 N-CVE-2016-8428</td> 1300 <td>Critical</td> 1301 <td>Nexus 9</td> 1302 <td>Oct 6, 2016</td> 1303 </tr> 1304 <tr> 1305 <td>CVE-2016-8429</td> 1306 <td>A-32160775*<br> 1307 N-CVE-2016-8429</td> 1308 <td>Critical</td> 1309 <td>Nexus 9</td> 1310 <td>Oct 13, 2016</td> 1311 </tr> 1312 <tr> 1313 <td>CVE-2016-8430</td> 1314 <td>A-32225180*<br> 1315 N-CVE-2016-8430</td> 1316 <td>Critical</td> 1317 <td>Nexus 9</td> 1318 <td>Oct 17, 2016</td> 1319 </tr> 1320 <tr> 1321 <td>CVE-2016-8431</td> 1322 <td>A-32402179*<br> 1323 N-CVE-2016-8431</td> 1324 <td>Critical</td> 1325 <td>Pixel C</td> 1326 <td>Oct 25, 2016</td> 1327 </tr> 1328 <tr> 1329 <td>CVE-2016-8432</td> 1330 <td>A-32447738*<br> 1331 N-CVE-2016-8432</td> 1332 <td>Critical</td> 1333 <td>Pixel C</td> 1334 <td>Oct 26, 2016</td> 1335 </tr> 1336</table> 1337<p> 1338* The patch for this issue is not publicly available. The update is contained 1339in the latest binary drivers for Nexus devices available from the <a 1340href="https://developers.google.com/android/nexus/drivers">Google Developer 1341site</a>. 1342</p> 1343 1344 1345<h3 id="eop-in-mediatek-driver">Elevation of privilege vulnerability in 1346MediaTek driver</h3> 1347<p> 1348An elevation of privilege vulnerability in the MediaTek driver could enable a 1349local malicious application to execute arbitrary code within the context of the 1350kernel. This issue is rated as Critical due to the possibility of a local 1351permanent device compromise, which may require reflashing the operating system 1352to repair the device. 1353</p> 1354 1355<table> 1356 <col width="19%"> 1357 <col width="20%"> 1358 <col width="10%"> 1359 <col width="23%"> 1360 <col width="17%"> 1361 <tr> 1362 <th>CVE</th> 1363 <th>References</th> 1364 <th>Severity</th> 1365 <th>Updated Google devices</th> 1366 <th>Date reported</th> 1367 </tr> 1368 <tr> 1369 <td>CVE-2016-8433</td> 1370 <td>A-31750190*<br> 1371 MT-ALPS02974192</td> 1372 <td>Critical</td> 1373 <td>None**</td> 1374 <td>Sep 24, 2016</td> 1375 </tr> 1376</table> 1377<p> 1378* The patch for this issue is not publicly available. The update is contained 1379in the latest binary drivers for Nexus devices available from the <a 1380href="https://developers.google.com/android/nexus/drivers">Google Developer 1381site</a>. 1382</p> 1383<p> 1384** Supported Google devices on Android 7.0 or later that have installed all 1385available updates are not affected by this vulnerability. 1386</p> 1387 1388 1389<h3 id="eop-in-qualcomm-gpu-driver">Elevation of privilege vulnerability in 1390Qualcomm GPU driver</h3> 1391<p> 1392An elevation of privilege vulnerability in the Qualcomm GPU driver could enable 1393a local malicious application to execute arbitrary code within the context of 1394the kernel. This issue is rated as Critical due to the possibility of a local 1395permanent device compromise, which may require reflashing the operating system 1396to repair the device. 1397</p> 1398 1399<table> 1400 <col width="19%"> 1401 <col width="20%"> 1402 <col width="10%"> 1403 <col width="23%"> 1404 <col width="17%"> 1405 <tr> 1406 <th>CVE</th> 1407 <th>References</th> 1408 <th>Severity</th> 1409 <th>Updated Google devices</th> 1410 <th>Date reported</th> 1411 </tr> 1412 <tr> 1413 <td>CVE-2016-8434</td> 1414 <td>A-32125137<br> 1415 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.14/commit/?id=3e3866a5fced40ccf9ca442675cf915961efe4d9"> 1416QC-CR#1081855</a></td> 1417 <td>Critical</td> 1418 <td>Nexus 5X, Nexus 6, Nexus 6P, Android One</td> 1419 <td>Oct 12, 2016</td> 1420 </tr> 1421</table> 1422 1423 1424<h3 id="eop-in-nvidia-gpu-driver-2">Elevation of privilege vulnerability in 1425NVIDIA GPU driver</h3> 1426<p> 1427An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a 1428local malicious application to execute arbitrary code within the context of the 1429kernel. This issue is rated as Critical due to the possibility of a local 1430permanent device compromise, which may require reflashing the operating system 1431to repair the device. 1432</p> 1433 1434<table> 1435 <col width="19%"> 1436 <col width="20%"> 1437 <col width="10%"> 1438 <col width="23%"> 1439 <col width="17%"> 1440 <tr> 1441 <th>CVE</th> 1442 <th>References</th> 1443 <th>Severity</th> 1444 <th>Updated Google devices</th> 1445 <th>Date reported</th> 1446 </tr> 1447 <tr> 1448 <td>CVE-2016-8435</td> 1449 <td>A-32700935*<br> 1450 N-CVE-2016-8435</td> 1451 <td>Critical</td> 1452 <td>Pixel C</td> 1453 <td>Nov 7, 2016</td> 1454 </tr> 1455</table> 1456<p> 1457* The patch for this issue is not publicly available. The update is contained 1458in the latest binary drivers for Nexus devices available from the 1459<a href="https://developers.google.com/android/nexus/drivers">Google Developer 1460site</a>. 1461</p> 1462 1463 1464<h3 id="eop-in-qualcomm-video-driver">Elevation of privilege vulnerability in 1465Qualcomm video driver</h3> 1466<p> 1467An elevation of privilege vulnerability in the Qualcomm video driver could 1468enable a local malicious application to execute arbitrary code within the 1469context of the kernel. This issue is rated as Critical due to the possibility 1470of a local permanent device compromise, which may require reflashing the 1471operating system to repair the device. 1472</p> 1473 1474<table> 1475 <col width="19%"> 1476 <col width="20%"> 1477 <col width="10%"> 1478 <col width="23%"> 1479 <col width="17%"> 1480 <tr> 1481 <th>CVE</th> 1482 <th>References</th> 1483 <th>Severity</th> 1484 <th>Updated Google devices</th> 1485 <th>Date reported</th> 1486 </tr> 1487 <tr> 1488 <td>CVE-2016-8436</td> 1489 <td>A-32450261<br> 1490 <a href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=228e8d17b9f5d22cf9896ab8eff88dc6737c2ced"> 1491QC-CR#1007860</a></td> 1492 <td>Critical</td> 1493 <td>None*</td> 1494 <td>Oct 13, 2016</td> 1495 </tr> 1496</table> 1497<p> 1498* Supported Google devices on Android 7.0 or later that have installed all 1499available updates are not affected by this vulnerability. 1500</p> 1501 1502 1503<h3 id="vulnerabilities-in-qualcomm-components">Vulnerabilities in Qualcomm 1504components</h3> 1505<p> 1506The following vulnerabilities affects Qualcomm components and are described in 1507further detail in Qualcomm AMSS November 2015, August 2016, September 2016, and 1508October 2016 security bulletins. 1509</p> 1510 1511<table> 1512 <col width="19%"> 1513 <col width="20%"> 1514 <col width="10%"> 1515 <col width="23%"> 1516 <col width="17%"> 1517 <tr> 1518 <th>CVE</th> 1519 <th>References</th> 1520 <th>Severity*</th> 1521 <th>Updated Google devices</th> 1522 <th>Date reported</th> 1523 </tr> 1524 <tr> 1525 <td>CVE-2016-8438</td> 1526 <td>A-31624565**</td> 1527 <td>Critical</td> 1528 <td>None***</td> 1529 <td>Qualcomm internal</td> 1530 </tr> 1531 <tr> 1532 <td>CVE-2016-8442</td> 1533 <td>A-31625910**</td> 1534 <td>Critical</td> 1535 <td>None***</td> 1536 <td>Qualcomm internal</td> 1537 </tr> 1538 <tr> 1539 <td>CVE-2016-8443</td> 1540 <td>A-32576499**</td> 1541 <td>Critical</td> 1542 <td>None***</td> 1543 <td>Qualcomm internal</td> 1544 </tr> 1545 <tr> 1546 <td>CVE-2016-8437</td> 1547 <td>A-31623057**</td> 1548 <td>High</td> 1549 <td>None***</td> 1550 <td>Qualcomm internal</td> 1551 </tr> 1552 <tr> 1553 <td>CVE-2016-8439</td> 1554 <td>A-31625204**</td> 1555 <td>High</td> 1556 <td>None***</td> 1557 <td>Qualcomm internal</td> 1558 </tr> 1559 <tr> 1560 <td>CVE-2016-8440</td> 1561 <td>A-31625306**</td> 1562 <td>High</td> 1563 <td>None***</td> 1564 <td>Qualcomm internal</td> 1565 </tr> 1566 <tr> 1567 <td>CVE-2016-8441</td> 1568 <td>A-31625904**</td> 1569 <td>High</td> 1570 <td>None***</td> 1571 <td>Qualcomm internal</td> 1572 </tr> 1573 <tr> 1574 <td>CVE-2016-8398</td> 1575 <td>A-31548486**</td> 1576 <td>High</td> 1577 <td>Nexus 5X, Nexus 6, Nexus 6P, Android One</td> 1578 <td>Qualcomm internal</td> 1579 </tr> 1580 <tr> 1581 <td>CVE-2016-8459</td> 1582 <td>A-32577972**</td> 1583 <td>High</td> 1584 <td>None***</td> 1585 <td>Qualcomm internal</td> 1586 </tr> 1587 <tr> 1588 <td>CVE-2016-5080</td> 1589 <td>A-31115235**</td> 1590 <td>Moderate</td> 1591 <td>Nexus 5X</td> 1592 <td>Qualcomm internal</td> 1593 </tr> 1594</table> 1595<p> 1596* The severity rating for these vulnerabilities was determined by the vendor. 1597</p> 1598<p> 1599* The patch for this issue is not publicly available. The update is contained 1600in the latest binary drivers for Nexus devices available from the 1601<a href="https://developers.google.com/android/nexus/drivers">Google Developer 1602site</a>. 1603</p> 1604<p> 1605*** Supported Google devices on Android 7.0 or later that have installed all 1606available updates are not affected by this vulnerability. 1607</p> 1608 1609 1610<h3 id="eop-in-qualcomm-camera">Elevation of privilege vulnerability in 1611Qualcomm camera</h3> 1612<p> 1613An elevation of privilege vulnerability in the Qualcomm camera could enable a 1614local malicious application to execute arbitrary code within the context of the 1615kernel. This issue is rated as High because it first requires compromising a 1616privileged process. 1617</p> 1618 1619<table> 1620 <col width="19%"> 1621 <col width="20%"> 1622 <col width="10%"> 1623 <col width="23%"> 1624 <col width="17%"> 1625 <tr> 1626 <th>CVE</th> 1627 <th>References</th> 1628 <th>Severity</th> 1629 <th>Updated Google devices</th> 1630 <th>Date reported</th> 1631 </tr> 1632 <tr> 1633 <td>CVE-2016-8412</td> 1634 <td>A-31225246<br> 1635 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=42a98c44669d92dafcf4d6336bdccaeb2db12786"> 1636QC-CR#1071891</a></td> 1637 <td>High</td> 1638 <td>Nexus 5X, Nexus 6, Nexus 6P, Android One, Pixel, Pixel XL</td> 1639 <td>Aug 26, 2016</td> 1640 </tr> 1641 <tr> 1642 <td>CVE-2016-8444</td> 1643 <td>A-31243641*<br> 1644 QC-CR#1074310</td> 1645 <td>High</td> 1646 <td>Nexus 5X, Nexus 6, Nexus 6P</td> 1647 <td>Aug 26, 2016</td> 1648 </tr> 1649</table> 1650<p> 1651* The patch for this issue is not publicly available. The update is contained 1652in the latest binary drivers for Nexus devices available from the 1653<a href="https://developers.google.com/android/nexus/drivers">Google Developer 1654site</a>. 1655</p> 1656 1657 1658<h3 id="eop-in-mediatek-components">Elevation of privilege vulnerability in 1659MediaTek components</h3> 1660<p> 1661An elevation of privilege vulnerability in MediaTek components, including the 1662thermal driver and video driver, could enable a local malicious application to 1663execute arbitrary code within the context of the kernel. This issue is rated as 1664High because it first requires compromising a privileged process. 1665</p> 1666 1667<table> 1668 <col width="19%"> 1669 <col width="20%"> 1670 <col width="10%"> 1671 <col width="23%"> 1672 <col width="17%"> 1673 <tr> 1674 <th>CVE</th> 1675 <th>References</th> 1676 <th>Severity</th> 1677 <th>Updated Google devices</th> 1678 <th>Date reported</th> 1679 </tr> 1680 <tr> 1681 <td>CVE-2016-8445</td> 1682 <td>A-31747590*<br> 1683 MT-ALPS02968983</td> 1684 <td>High</td> 1685 <td>None**</td> 1686 <td>Sep 25, 2016</td> 1687 </tr> 1688 <tr> 1689 <td>CVE-2016-8446</td> 1690 <td>A-31747749*<br> 1691 MT-ALPS02968909</td> 1692 <td>High</td> 1693 <td>None**</td> 1694 <td>Sep 25, 2016</td> 1695 </tr> 1696 <tr> 1697 <td>CVE-2016-8447</td> 1698 <td>A-31749463*<br> 1699 MT-ALPS02968886</td> 1700 <td>High</td> 1701 <td>None**</td> 1702 <td>Sep 25, 2016</td> 1703 </tr> 1704 <tr> 1705 <td>CVE-2016-8448</td> 1706 <td>A-31791148*<br> 1707 MT-ALPS02982181</td> 1708 <td>High</td> 1709 <td>None**</td> 1710 <td>Sep 28, 2016</td> 1711 </tr> 1712</table> 1713<p> 1714* The patch for this issue is not publicly available. The update is contained 1715in the latest binary drivers for Nexus devices available from the 1716<a href="https://developers.google.com/android/nexus/drivers">Google Developer 1717site</a>. 1718</p> 1719<p> 1720** Supported Google devices on Android 7.0 or later that have installed all 1721available updates are not affected by this vulnerability. 1722</p> 1723 1724 1725<h3 id="eop-in-qualcomm-wi-fi-driver">Elevation of privilege vulnerability in 1726Qualcomm Wi-Fi driver</h3> 1727<p> 1728An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could 1729enable a local malicious application to execute arbitrary code within the 1730context of the kernel. This issue is rated as High because it first requires 1731compromising a privileged process. 1732</p> 1733 1734<table> 1735 <col width="19%"> 1736 <col width="20%"> 1737 <col width="10%"> 1738 <col width="23%"> 1739 <col width="17%"> 1740 <tr> 1741 <th>CVE</th> 1742 <th>References</th> 1743 <th>Severity</th> 1744 <th>Updated Google devices</th> 1745 <th>Date reported</th> 1746 </tr> 1747 <tr> 1748 <td>CVE-2016-8415</td> 1749 <td>A-31750554<br> 1750 <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=188e12a816508b11771f362c852782ec9a6f9394"> 1751QC-CR#1079596</a></td> 1752 <td>High</td> 1753 <td>Nexus 5X, Pixel, Pixel XL</td> 1754 <td>Sep 26, 2016</td> 1755 </tr> 1756</table> 1757 1758 1759<h3 id="eop-in-nvidia-gpu-driver-3">Elevation of privilege vulnerability in 1760NVIDIA GPU driver</h3> 1761<p> 1762An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a 1763local malicious application to execute arbitrary code within the context of the 1764kernel. This issue is rated as High because it first requires compromising a 1765privileged process. 1766</p> 1767 1768<table> 1769 <col width="19%"> 1770 <col width="20%"> 1771 <col width="10%"> 1772 <col width="23%"> 1773 <col width="17%"> 1774 <tr> 1775 <th>CVE</th> 1776 <th>References</th> 1777 <th>Severity</th> 1778 <th>Updated Google devices</th> 1779 <th>Date reported</th> 1780 </tr> 1781 <tr> 1782 <td>CVE-2016-8449</td> 1783 <td>A-31798848*<br> 1784 N-CVE-2016-8449</td> 1785 <td>High</td> 1786 <td>Nexus 9</td> 1787 <td>Sep 28, 2016</td> 1788 </tr> 1789</table> 1790<p> 1791* The patch for this issue is not publicly available. The update is contained 1792in the latest binary drivers for Nexus devices available from the 1793<a href="https://developers.google.com/android/nexus/drivers">Google Developer 1794site</a>. 1795</p> 1796 1797 1798<h3 id="eop-in-qualcomm-sound-driver">Elevation of privilege vulnerability in 1799Qualcomm sound driver</h3> 1800<p> 1801An elevation of privilege vulnerability in the Qualcomm sound driver could 1802enable a local malicious application to execute arbitrary code within the 1803context of the kernel. This issue is rated as High because it first requires 1804compromising a privileged process. 1805</p> 1806 1807<table> 1808 <col width="19%"> 1809 <col width="20%"> 1810 <col width="10%"> 1811 <col width="23%"> 1812 <col width="17%"> 1813 <tr> 1814 <th>CVE</th> 1815 <th>References</th> 1816 <th>Severity</th> 1817 <th>Updated Google devices</th> 1818 <th>Date reported</th> 1819 </tr> 1820 <tr> 1821 <td>CVE-2016-8450</td> 1822 <td>A-32450563<br> 1823 <a href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=e909d159ad1998ada853ed35be27c7b6ba241bdb"> 1824QC-CR#880388</a></td> 1825 <td>High</td> 1826 <td>Nexus 5X, Nexus 6, Nexus 6P, Android One</td> 1827 <td>Oct 13, 2016</td> 1828 </tr> 1829</table> 1830 1831 1832<h3 id="eop-in-synaptics-touchscreen-driver">Elevation of privilege 1833vulnerability in Synaptics touchscreen driver</h3> 1834<p> 1835An elevation of privilege vulnerability in the Synaptics touchscreen driver 1836could enable a local malicious application to execute arbitrary code within the 1837context of the kernel. This issue is rated as High because it first requires 1838compromising a privileged process. 1839</p> 1840 1841<table> 1842 <col width="19%"> 1843 <col width="20%"> 1844 <col width="10%"> 1845 <col width="23%"> 1846 <col width="17%"> 1847 <tr> 1848 <th>CVE</th> 1849 <th>References</th> 1850 <th>Severity</th> 1851 <th>Updated Google devices</th> 1852 <th>Date reported</th> 1853 </tr> 1854 <tr> 1855 <td>CVE-2016-8451</td> 1856 <td>A-32178033*</td> 1857 <td>High</td> 1858 <td>None**</td> 1859 <td>Oct 13, 2016</td> 1860 </tr> 1861</table> 1862<p> 1863* The patch for this issue is not publicly available. The update is contained 1864in the latest binary drivers for Nexus devices available from the 1865<a href="https://developers.google.com/android/nexus/drivers">Google Developer 1866site</a>. 1867</p> 1868<p> 1869** Supported Google devices on Android 7.0 or later that have installed all 1870available updates are not affected by this vulnerability. 1871</p> 1872 1873 1874<h3 id="eop-in-kernel-security-subsystem">Elevation of privilege vulnerability 1875in kernel security subsystem</h3> 1876<p> 1877An elevation of privilege vulnerability in kernel security subsystem could 1878enable a local malicious application to execute arbitrary code within the 1879context of the kernel. This issue is rated as High because it first requires 1880compromising a privileged process. 1881</p> 1882 1883<table> 1884 <col width="19%"> 1885 <col width="20%"> 1886 <col width="10%"> 1887 <col width="23%"> 1888 <col width="17%"> 1889 <tr> 1890 <th>CVE</th> 1891 <th>References</th> 1892 <th>Severity</th> 1893 <th>Updated Google devices</th> 1894 <th>Date reported</th> 1895 </tr> 1896 <tr> 1897 <td>CVE-2016-7042</td> 1898 <td>A-32178986<br> 1899 <a href="http://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=03dab869b7b239c4e013ec82aea22e181e441cfc"> 1900Upstream kernel</a></td> 1901 <td>High</td> 1902 <td>Pixel C</td> 1903 <td>Oct 14, 2016</td> 1904 </tr> 1905</table> 1906 1907 1908<h3 id="eop-in-kernel-performance-subsystem">Elevation of privilege 1909vulnerability in kernel performance subsystem</h3> 1910<p> 1911An elevation of privilege vulnerability in the kernel performance subsystem 1912could enable a local malicious application to execute arbitrary code within the 1913context of the kernel. This issue is rated as High because it first requires 1914compromising a privileged process. 1915</p> 1916 1917<table> 1918 <col width="19%"> 1919 <col width="20%"> 1920 <col width="10%"> 1921 <col width="23%"> 1922 <col width="17%"> 1923 <tr> 1924 <th>CVE</th> 1925 <th>References</th> 1926 <th>Severity</th> 1927 <th>Updated Google devices</th> 1928 <th>Date reported</th> 1929 </tr> 1930 <tr> 1931 <td>CVE-2017-0403</td> 1932 <td>A-32402548*</td> 1933 <td>High</td> 1934 <td>Nexus 5X, Nexus 6, Nexus 6P, Nexus 9, Android One, Pixel C, Nexus 1935Player, Pixel, Pixel XL</td> 1936 <td>Oct 25, 2016</td> 1937 </tr> 1938</table> 1939<p> 1940* The patch for this issue is not publicly available. The update is contained 1941in the latest binary drivers for Nexus devices available from the 1942<a href="https://developers.google.com/android/nexus/drivers">Google Developer 1943site</a>. 1944</p> 1945 1946 1947<h3 id="eop-in-kernel-sound-subsystem">Elevation of privilege vulnerability in 1948kernel sound subsystem</h3> 1949<p> 1950An elevation of privilege vulnerability in the kernel sound subsystem could 1951enable a local malicious application to execute arbitrary code within the 1952context of the kernel. This issue is rated as High because it first requires 1953compromising a privileged process. 1954</p> 1955 1956<table> 1957 <col width="19%"> 1958 <col width="20%"> 1959 <col width="10%"> 1960 <col width="23%"> 1961 <col width="17%"> 1962 <tr> 1963 <th>CVE</th> 1964 <th>References</th> 1965 <th>Severity</th> 1966 <th>Updated Google devices</th> 1967 <th>Date reported</th> 1968 </tr> 1969 <tr> 1970 <td>CVE-2017-0404</td> 1971 <td>A-32510733*</td> 1972 <td>High</td> 1973 <td>Nexus 5X, Nexus 6P, Nexus 9, Pixel C, Nexus Player, Pixel, Pixel 1974XL</td> 1975 <td>Oct 27, 2016</td> 1976 </tr> 1977</table> 1978<p> 1979* The patch for this issue is not publicly available. The update is contained 1980in the latest binary drivers for Nexus devices available from the 1981<a href="https://developers.google.com/android/nexus/drivers">Google Developer 1982site</a>. 1983</p> 1984 1985 1986<h3 id="eop-in-qualcomm-wi-fi-driver-2">Elevation of privilege vulnerability in 1987Qualcomm Wi-Fi driver</h3> 1988<p> 1989An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could 1990enable a local malicious application to execute arbitrary code within the 1991context of the kernel. This issue is rated as High because it first requires 1992compromising a privileged process. 1993</p> 1994 1995<table> 1996 <col width="19%"> 1997 <col width="20%"> 1998 <col width="10%"> 1999 <col width="23%"> 2000 <col width="17%"> 2001 <tr> 2002 <th>CVE</th> 2003 <th>References</th> 2004 <th>Severity</th> 2005 <th>Updated Google devices</th> 2006 <th>Date reported</th> 2007 </tr> 2008 <tr> 2009 <td>CVE-2016-8452</td> 2010 <td>A-32506396<br> 2011 <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=39fa8e972fa1b10dc68a066f4f9432753d8a2526"> 2012QC-CR#1050323</a></td> 2013 <td>High</td> 2014 <td>Nexus 5X, Android One, Pixel, Pixel XL</td> 2015 <td>Oct 28, 2016</td> 2016 </tr> 2017</table> 2018 2019 2020<h3 id="eop-in-qualcomm-radio-driver">Elevation of privilege vulnerability in 2021Qualcomm radio driver</h3> 2022<p> 2023An elevation of privilege vulnerability in the Qualcomm radio driver could 2024enable a local malicious application to execute arbitrary code within the 2025context of the kernel. This issue is rated as High because it first requires 2026compromising a privileged process. 2027</p> 2028 2029<table> 2030 <col width="19%"> 2031 <col width="20%"> 2032 <col width="10%"> 2033 <col width="23%"> 2034 <col width="17%"> 2035 <tr> 2036 <th>CVE</th> 2037 <th>References</th> 2038 <th>Severity</th> 2039 <th>Updated Google devices</th> 2040 <th>Date reported</th> 2041 </tr> 2042 <tr> 2043 <td>CVE-2016-5345</td> 2044 <td>A-32639452<br> 2045 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=67118716a2933f6f30a25ea7e3946569a8b191c6"> 2046QC-CR#1079713</a></td> 2047 <td>High</td> 2048 <td>Android One</td> 2049 <td>Nov 3, 2016</td> 2050 </tr> 2051</table> 2052 2053 2054<h3 id="eop-in-kernel-profiling-subsystem">Elevation of privilege vulnerability 2055in kernel profiling subsystem</h3> 2056<p> 2057An elevation of privilege vulnerability in the kernel profiling subsystem could 2058enable a local malicious application to execute arbitrary code within the 2059context of the kernel. This issue is rated as High because it first requires 2060compromising a privileged process. 2061</p> 2062 2063<table> 2064 <col width="19%"> 2065 <col width="20%"> 2066 <col width="10%"> 2067 <col width="23%"> 2068 <col width="17%"> 2069 <tr> 2070 <th>CVE</th> 2071 <th>References</th> 2072 <th>Severity</th> 2073 <th>Updated Google devices</th> 2074 <th>Date reported</th> 2075 </tr> 2076 <tr> 2077 <td>CVE-2016-9754</td> 2078 <td>A-32659848<br> 2079 <a href="http://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=59643d1535eb220668692a5359de22545af579f6"> 2080Upstream kernel</a></td> 2081 <td>High</td> 2082 <td>Nexus 5X, Nexus 6, Nexus 6P, Nexus 9, Android One, Pixel C, Nexus 2083Player</td> 2084 <td>Nov 4, 2016</td> 2085 </tr> 2086</table> 2087 2088 2089<h3 id="eop-in-broadcom-wi-fi-driver">Elevation of privilege vulnerability in 2090Broadcom Wi-Fi driver</h3> 2091<p> 2092An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could 2093enable a local malicious application to execute arbitrary code within the 2094context of the kernel. This issue is rated as High because it first requires 2095compromising a privileged process. 2096</p> 2097 2098<table> 2099 <col width="19%"> 2100 <col width="20%"> 2101 <col width="10%"> 2102 <col width="23%"> 2103 <col width="17%"> 2104 <tr> 2105 <th>CVE</th> 2106 <th>References</th> 2107 <th>Severity</th> 2108 <th>Updated Google devices</th> 2109 <th>Date reported</th> 2110 </tr> 2111 <tr> 2112 <td>CVE-2016-8453 2113</td> 2114 <td>A-24739315*<br> 2115 B-RB#73392</td> 2116 <td>High</td> 2117 <td>Nexus 6</td> 2118 <td>Google internal</td> 2119 </tr> 2120 <tr> 2121 <td>CVE-2016-8454</td> 2122 <td>A-32174590*<br> 2123 B-RB#107142</td> 2124 <td>High</td> 2125 <td>Nexus 6, Nexus 6P, Nexus 9, Pixel C, Nexus Player</td> 2126 <td>Oct 14, 2016</td> 2127 </tr> 2128 <tr> 2129 <td>CVE-2016-8455</td> 2130 <td>A-32219121*<br> 2131 B-RB#106311</td> 2132 <td>High</td> 2133 <td>Nexus 6P</td> 2134 <td>Oct 15, 2016</td> 2135 </tr> 2136 <tr> 2137 <td>CVE-2016-8456</td> 2138 <td>A-32219255*<br> 2139 B-RB#105580</td> 2140 <td>High</td> 2141 <td>Nexus 6, Nexus 6P, Nexus 9, Pixel C, Nexus Player</td> 2142 <td>Oct 15, 2016</td> 2143 </tr> 2144 <tr> 2145 <td>CVE-2016-8457</td> 2146 <td>A-32219453*<br> 2147 B-RB#106116</td> 2148 <td>High</td> 2149 <td>Nexus 6, Nexus 6P, Nexus 9, Pixel C</td> 2150 <td>Oct 15, 2016</td> 2151 </tr> 2152</table> 2153<p> 2154* The patch for this issue is not publicly available. The update is contained 2155in the latest binary drivers for Nexus devices available from the 2156<a href="https://developers.google.com/android/nexus/drivers">Google Developer 2157site</a>. 2158</p> 2159 2160 2161<h3 id="eop-in-synaptics-touchscreen-driver-2">Elevation of privilege 2162vulnerability in Synaptics touchscreen driver</h3> 2163<p> 2164An elevation of privilege vulnerability in the Synaptics touchscreen driver 2165could enable a local malicious application to execute arbitrary code within the 2166context of the kernel. This issue is rated as High because it first requires 2167compromising a privileged process. 2168</p> 2169 2170<table> 2171 <col width="19%"> 2172 <col width="20%"> 2173 <col width="10%"> 2174 <col width="23%"> 2175 <col width="17%"> 2176 <tr> 2177 <th>CVE</th> 2178 <th>References</th> 2179 <th>Severity</th> 2180 <th>Updated Google devices</th> 2181 <th>Date reported</th> 2182 </tr> 2183 <tr> 2184 <td>CVE-2016-8458</td> 2185 <td>A-31968442*</td> 2186 <td>High</td> 2187 <td>Nexus 5X, Nexus 6P, Nexus 9, Android One, Pixel, Pixel XL</td> 2188 <td>Google internal</td> 2189 </tr> 2190</table> 2191<p> 2192* The patch for this issue is not publicly available. The update is contained 2193in the latest binary drivers for Nexus devices available from the 2194<a href="https://developers.google.com/android/nexus/drivers">Google Developer 2195site</a>. 2196</p> 2197 2198 2199<h3 id="id-in-nvidia-video-driver">Information disclosure vulnerability in 2200NVIDIA video driver</h3> 2201<p> 2202An information disclosure vulnerability in the NVIDIA video driver could enable 2203a local malicious application to access data outside of its permission levels. 2204This issue is rated as High because it could be used to access sensitive data 2205without explicit user permission. 2206</p> 2207 2208<table> 2209 <col width="19%"> 2210 <col width="20%"> 2211 <col width="10%"> 2212 <col width="23%"> 2213 <col width="17%"> 2214 <tr> 2215 <th>CVE</th> 2216 <th>References</th> 2217 <th>Severity</th> 2218 <th>Updated Google devices</th> 2219 <th>Date reported</th> 2220 </tr> 2221 <tr> 2222 <td>CVE-2016-8460</td> 2223 <td>A-31668540*<br> 2224 N-CVE-2016-8460</td> 2225 <td>High</td> 2226 <td>Nexus 9</td> 2227 <td>Sep 21, 2016</td> 2228 </tr> 2229</table> 2230<p> 2231* The patch for this issue is not publicly available. The update is contained 2232in the latest binary drivers for Nexus devices available from the 2233<a href="https://developers.google.com/android/nexus/drivers">Google Developer 2234site</a>. 2235</p> 2236 2237 2238<h3 id="id-in-bootloader">Information disclosure vulnerability in 2239bootloader</h3> 2240<p> 2241An information disclosure vulnerability in the bootloader could enable a local 2242attacker to access data outside of its permission level. This issue is rated as 2243High because it could be used to access sensitive data. 2244</p> 2245 2246<table> 2247 <col width="19%"> 2248 <col width="20%"> 2249 <col width="10%"> 2250 <col width="23%"> 2251 <col width="17%"> 2252 <tr> 2253 <th>CVE</th> 2254 <th>References</th> 2255 <th>Severity</th> 2256 <th>Updated Google devices</th> 2257 <th>Date reported</th> 2258 </tr> 2259 <tr> 2260 <td>CVE-2016-8461</td> 2261 <td>A-32369621*</td> 2262 <td>High</td> 2263 <td>Nexus 9, Pixel, Pixel XL</td> 2264 <td>Oct 21, 2016</td> 2265 </tr> 2266 <tr> 2267 <td>CVE-2016-8462</td> 2268 <td>A-32510383*</td> 2269 <td>High</td> 2270 <td>Pixel, Pixel XL</td> 2271 <td>Oct 27, 2016</td> 2272 </tr> 2273</table> 2274<p> 2275* The patch for this issue is not publicly available. The update is contained 2276in the latest binary drivers for Nexus devices available from the 2277<a href="https://developers.google.com/android/nexus/drivers">Google Developer 2278site</a>. 2279</p> 2280 2281 2282<h3 id="dos-in-qualcomm-fuse-file-system">Denial of service vulnerability in 2283Qualcomm FUSE file system</h3> 2284<p> 2285A denial of service vulnerability in the Qualcomm FUSE file system could enable 2286a remote attacker to use a specially crafted file to cause a device hang or 2287reboot. This issue is rated as High due to the possibility of remote denial of 2288service. 2289</p> 2290 2291<table> 2292 <col width="19%"> 2293 <col width="20%"> 2294 <col width="10%"> 2295 <col width="23%"> 2296 <col width="17%"> 2297 <tr> 2298 <th>CVE</th> 2299 <th>References</th> 2300 <th>Severity</th> 2301 <th>Updated Google devices</th> 2302 <th>Date reported</th> 2303 </tr> 2304 <tr> 2305 <td>CVE-2016-8463</td> 2306 <td>A-30786860<br> 2307 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=cd0fa86de6ca1d40c0a93d86d1c0f7846e8a9a10"> 2308QC-CR#586855</a></td> 2309 <td>High</td> 2310 <td>None*</td> 2311 <td>Jan 03, 2014</td> 2312 </tr> 2313</table> 2314<p> 2315* Supported Google devices on Android 7.0 or later that have installed all 2316available updates are not affected by this vulnerability. 2317</p> 2318 2319 2320<h3 id="dos-in-bootloader">Denial of service vulnerability in bootloader</h3> 2321<p> 2322A denial of service vulnerability in the bootloader could enable an attacker to 2323cause a local permanent denial of service, which may require reflashing the 2324operating system to repair the device. This issue is rated as High due to the 2325possibility of local permanent denial of service. 2326</p> 2327 2328<table> 2329 <col width="19%"> 2330 <col width="20%"> 2331 <col width="10%"> 2332 <col width="23%"> 2333 <col width="17%"> 2334 <tr> 2335 <th>CVE</th> 2336 <th>References</th> 2337 <th>Severity</th> 2338 <th>Updated Google devices</th> 2339 <th>Date reported</th> 2340 </tr> 2341 <tr> 2342 <td>CVE-2016-8467</td> 2343 <td>A-30308784*</td> 2344 <td>High</td> 2345 <td>Nexus 6, Nexus 6P</td> 2346 <td>Jun 29, 2016</td> 2347 </tr> 2348</table> 2349<p> 2350* The patch for this issue is not publicly available. The update is contained 2351in the latest binary drivers for Nexus devices available from the 2352<a href="https://developers.google.com/android/nexus/drivers">Google Developer 2353site</a>. 2354</p> 2355 2356 2357<h3 id="eop-in-broadcom-wi-fi-driver-2">Elevation of privilege vulnerability in 2358Broadcom Wi-Fi driver</h3> 2359<p> 2360An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could 2361enable a local malicious application to execute arbitrary code within the 2362context of the kernel. This issue is rated as Moderate because it first 2363requires compromising a privileged process and is mitigated by current platform 2364configurations. 2365</p> 2366 2367<table> 2368 <col width="19%"> 2369 <col width="20%"> 2370 <col width="10%"> 2371 <col width="23%"> 2372 <col width="17%"> 2373 <tr> 2374 <th>CVE</th> 2375 <th>References</th> 2376 <th>Severity</th> 2377 <th>Updated Google devices</th> 2378 <th>Date reported</th> 2379 </tr> 2380 <tr> 2381 <td>CVE-2016-8464</td> 2382 <td>A-29000183*<br> 2383 B-RB#106314</td> 2384 <td>Moderate</td> 2385 <td>Nexus 6, Nexus 6P, Nexus 9, Pixel C, Nexus Player</td> 2386 <td>May 26, 2016</td> 2387 </tr> 2388 <tr> 2389 <td>CVE-2016-8466</td> 2390 <td>A-31822524*<br> 2391 B-RB#105268</td> 2392 <td>Moderate</td> 2393 <td>Nexus 6, Nexus 6P, Nexus 9, Pixel C, Nexus Player</td> 2394 <td>Sep 28, 2016</td> 2395 </tr> 2396 <tr> 2397 <td>CVE-2016-8465</td> 2398 <td>A-32474971*<br> 2399 B-RB#106053</td> 2400 <td>Moderate</td> 2401 <td>Nexus 6, Nexus 6P, Nexus 9, Pixel C, Nexus Player</td> 2402 <td>Oct 27, 2016</td> 2403 </tr> 2404</table> 2405<p> 2406* The patch for this issue is not publicly available. The update is contained 2407in the latest binary drivers for Nexus devices available from the 2408<a href="https://developers.google.com/android/nexus/drivers">Google Developer 2409site</a>. 2410</p> 2411 2412 2413<h3 id="eop-in-binder">Elevation of privilege vulnerability in Binder</h3> 2414<p> 2415An elevation of privilege vulnerability in Binder could enable a local 2416malicious application to execute arbitrary code within the context of a 2417privileged process. This issue is rated as Moderate because it first requires 2418compromising a privileged process and is mitigated by current platform 2419configurations. 2420</p> 2421 2422<table> 2423 <col width="19%"> 2424 <col width="20%"> 2425 <col width="10%"> 2426 <col width="23%"> 2427 <col width="17%"> 2428 <tr> 2429 <th>CVE</th> 2430 <th>References</th> 2431 <th>Severity</th> 2432 <th>Updated Google devices</th> 2433 <th>Date reported</th> 2434 </tr> 2435 <tr> 2436 <td>CVE-2016-8468</td> 2437 <td>A-32394425*</td> 2438 <td>Moderate</td> 2439 <td>Pixel C, Pixel, Pixel XL</td> 2440 <td>Google internal</td> 2441 </tr> 2442</table> 2443<p> 2444* The patch for this issue is not publicly available. The update is contained 2445in the latest binary drivers for Nexus devices available from the 2446<a href="https://developers.google.com/android/nexus/drivers">Google Developer 2447site</a>. 2448</p> 2449 2450 2451<h3 id="id-in-nvidia-camera-driver">Information disclosure vulnerability in 2452NVIDIA camera driver</h3> 2453<p> 2454An information disclosure vulnerability in the camera driver could enable a 2455local malicious application to access data outside of its permission levels. 2456This issue is rated as Moderate because it first requires compromising a 2457privileged process. 2458</p> 2459 2460<table> 2461 <col width="19%"> 2462 <col width="20%"> 2463 <col width="10%"> 2464 <col width="23%"> 2465 <col width="17%"> 2466 <tr> 2467 <th>CVE</th> 2468 <th>References</th> 2469 <th>Severity</th> 2470 <th>Updated Google devices</th> 2471 <th>Date reported</th> 2472 </tr> 2473 <tr> 2474 <td>CVE-2016-8469</td> 2475 <td>A-31351206*<br> 2476 N-CVE-2016-8469</td> 2477 <td>Moderate</td> 2478 <td>Nexus 9</td> 2479 <td>Sep 7, 2016</td> 2480 </tr> 2481</table> 2482<p> 2483* The patch for this issue is not publicly available. The update is contained 2484in the latest binary drivers for Nexus devices available from the 2485<a href="https://developers.google.com/android/nexus/drivers">Google Developer 2486site</a>. 2487</p> 2488 2489 2490<h3 id="id-in-mediatek-driver">Information disclosure vulnerability in MediaTek 2491driver</h3> 2492<p> 2493An information disclosure vulnerability in the MediaTek driver could enable a 2494local malicious application to access data outside of its permission levels. 2495This issue is rated as Moderate because it first requires compromising a 2496privileged process. 2497</p> 2498 2499<table> 2500 <col width="19%"> 2501 <col width="20%"> 2502 <col width="10%"> 2503 <col width="23%"> 2504 <col width="17%"> 2505 <tr> 2506 <th>CVE</th> 2507 <th>References</th> 2508 <th>Severity</th> 2509 <th>Updated Google devices</th> 2510 <th>Date reported</th> 2511 </tr> 2512 <tr> 2513 <td>CVE-2016-8470</td> 2514 <td>A-31528889*<br> 2515 MT-ALPS02961395</td> 2516 <td>Moderate</td> 2517 <td>None**</td> 2518 <td>Sep 15, 2016</td> 2519 </tr> 2520 <tr> 2521 <td>CVE-2016-8471</td> 2522 <td>A-31528890*<br> 2523 MT-ALPS02961380</td> 2524 <td>Moderate</td> 2525 <td>None**</td> 2526 <td>Sep 15, 2016</td> 2527 </tr> 2528 <tr> 2529 <td>CVE-2016-8472</td> 2530 <td>A-31531758*<br> 2531 MT-ALPS02961384</td> 2532 <td>Moderate</td> 2533 <td>None**</td> 2534 <td>Sep 15, 2016</td> 2535 </tr> 2536</table> 2537<p> 2538* The patch for this issue is not publicly available. The update is contained 2539in the latest binary drivers for Nexus devices available from the 2540<a href="https://developers.google.com/android/nexus/drivers">Google Developer 2541site</a>. 2542</p> 2543<p> 2544** Supported Google devices on Android 7.0 or later that have installed all 2545available updates are not affected by this vulnerability. 2546</p> 2547 2548 2549<h3 id="id-in-stmicroelectronics-driver">Information disclosure vulnerability 2550in STMicroelectronics driver</h3> 2551<p> 2552An information disclosure vulnerability in the STMicroelectronics driver could 2553enable a local malicious application to access data outside of its permission 2554levels. This issue is rated as Moderate because it first requires compromising 2555a privileged process. 2556</p> 2557 2558<table> 2559 <col width="19%"> 2560 <col width="20%"> 2561 <col width="10%"> 2562 <col width="23%"> 2563 <col width="17%"> 2564 <tr> 2565 <th>CVE</th> 2566 <th>References</th> 2567 <th>Severity</th> 2568 <th>Updated Google devices</th> 2569 <th>Date reported</th> 2570 </tr> 2571 <tr> 2572 <td>CVE-2016-8473</td> 2573 <td>A-31795790*</td> 2574 <td>Moderate</td> 2575 <td>Nexus 5X, Nexus 6P</td> 2576 <td>Sep 28, 2016</td> 2577 </tr> 2578 <tr> 2579 <td>CVE-2016-8474</td> 2580 <td>A-31799972*</td> 2581 <td>Moderate</td> 2582 <td>Nexus 5X, Nexus 6P</td> 2583 <td>Sep 28, 2016</td> 2584 </tr> 2585</table> 2586<p> 2587* The patch for this issue is not publicly available. The update is contained 2588in the latest binary drivers for Nexus devices available from the 2589<a href="https://developers.google.com/android/nexus/drivers">Google Developer 2590site</a>. 2591</p> 2592 2593 2594<h3 id="id-in-qualcomm-audio-post-processor-">Information disclosure 2595vulnerability in Qualcomm audio post processor </h3> 2596<p> 2597An information disclosure vulnerability in the Qualcomm audio post processor 2598could enable a local malicious application to access data outside of its 2599permission levels. This issue is rated as Moderate because it could be used to 2600access sensitive data without permission. 2601</p> 2602 2603<table> 2604 <col width="18%"> 2605 <col width="17%"> 2606 <col width="10%"> 2607 <col width="19%"> 2608 <col width="18%"> 2609 <col width="17%"> 2610 <tr> 2611 <th>CVE</th> 2612 <th>References</th> 2613 <th>Severity</th> 2614 <th>Updated Google devices</th> 2615 <th>Updated AOSP versions</th> 2616 <th>Date reported</th> 2617 </tr> 2618 <tr> 2619 <td>CVE-2017-0399 2620 </td> 2621 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/c66c43ad571ed2590dcd55a762c73c90d9744bac"> 2622 A-32588756</a> 2623[<a href="https://android.googlesource.com/platform/hardware/qcom/audio/+/d72ea85c78a1a68bf99fd5804ad9784b4102fe57">2</a>]</td> 2624 <td>Moderate</td> 2625 <td>All</td> 2626 <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 2627 <td>Oct 18, 2016</td> 2628 </tr> 2629 <tr> 2630 <td>CVE-2017-0400</td> 2631 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/c66c43ad571ed2590dcd55a762c73c90d9744bac"> 2632 A-32438598</a> 2633[<a href="https://android.googlesource.com/platform/hardware/qcom/audio/+/d72ea85c78a1a68bf99fd5804ad9784b4102fe57">2</a>] 2634 </td> 2635 <td>Moderate</td> 2636 <td>All</td> 2637 <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 2638 <td>Oct 25, 2016</td> 2639 </tr> 2640 <tr> 2641 <td>CVE-2017-0401</td> 2642 <td><a href="https://android.googlesource.com/platform/hardware/qcom/audio/+/ed79f2cc961d7d35fdbbafdd235c1436bcd74358"> 2643 A-32588016</a> 2644 </td> 2645 <td>Moderate</td> 2646 <td>All</td> 2647 <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 2648 <td>Oct 26, 2016</td> 2649 </tr> 2650 <tr> 2651 <td>CVE-2017-0402</td> 2652 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/c66c43ad571ed2590dcd55a762c73c90d9744bac"> 2653 A-32588352</a> 2654[<a href="https://android.googlesource.com/platform/hardware/qcom/audio/+/d72ea85c78a1a68bf99fd5804ad9784b4102fe57">2</a>] 2655 </td> 2656 <td>Moderate</td> 2657 <td>All</td> 2658 <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td> 2659 <td>Oct 25, 2016</td> 2660 </tr> 2661</table> 2662 2663 2664<h3 id="id-in-htc-input-driver">Information disclosure vulnerability in HTC 2665input driver</h3> 2666<p> 2667An information disclosure vulnerability in the HTC input driver could enable a 2668local malicious application to access data outside of its permission levels. 2669This issue is rated as Moderate because it first requires compromising a 2670privileged process. 2671</p> 2672 2673<table> 2674 <col width="19%"> 2675 <col width="20%"> 2676 <col width="10%"> 2677 <col width="23%"> 2678 <col width="17%"> 2679 <tr> 2680 <th>CVE</th> 2681 <th>References</th> 2682 <th>Severity</th> 2683 <th>Updated Google devices</th> 2684 <th>Date reported</th> 2685 </tr> 2686 <tr> 2687 <td>CVE-2016-8475</td> 2688 <td>A-32591129*</td> 2689 <td>Moderate</td> 2690 <td>Pixel, Pixel XL</td> 2691 <td>Oct 30, 2016</td> 2692 </tr> 2693</table> 2694<p> 2695* The patch for this issue is not publicly available. The update is contained 2696in the latest binary drivers for Nexus devices available from the 2697<a href="https://developers.google.com/android/nexus/drivers">Google Developer 2698site</a>. 2699</p> 2700 2701 2702<h3 id="dos-in-kernel-file-system">Denial of service vulnerability in kernel 2703file system</h3> 2704<p> 2705A denial of service vulnerability in the kernel file system could enable a 2706local malicious application to cause a device hang or reboot. This issue is 2707rated as Moderate because it is a temporary denial of service that requires a 2708factory reset to fix. 2709</p> 2710 2711<table> 2712 <col width="19%"> 2713 <col width="20%"> 2714 <col width="10%"> 2715 <col width="23%"> 2716 <col width="17%"> 2717 <tr> 2718 <th>CVE</th> 2719 <th>References</th> 2720 <th>Severity</th> 2721 <th>Updated Google devices</th> 2722 <th>Date reported</th> 2723 </tr> 2724 <tr> 2725 <td>CVE-2014-9420</td> 2726 <td>A-32477499<br> 2727 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f54e18f1b831c92f6512d2eedb224cd63d607d3d"> 2728Upstream kernel</a></td> 2729 <td>Moderate</td> 2730 <td>Pixel C</td> 2731 <td>Dec 25, 2014</td> 2732 </tr> 2733</table> 2734 2735<h2 id="common-questions-and-answers">Common Questions and Answers</h2> 2736<p>This section answers common questions that may occur after reading this 2737bulletin.</p> 2738 2739<p><strong>1. How do I determine if my device is updated to address these issues? 2740</strong></p> 2741 2742<p>To learn how to check a device's security patch level, read the instructions on 2743the <a 2744href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">Pixel 2745and Nexus update schedule</a>.</p> 2746<ul> 2747 <li>Security patch levels of 2017-01-01 or later address all issues associated 2748 with the 2017-01-01 security patch level.</li> 2749 <li>Security patch levels of 2017-01-05 or later address all issues associated 2750 with the 2017-01-05 security patch level and all previous patch levels.</li> 2751</ul> 2752<p>Device manufacturers that include these updates should set the patch string 2753level to:</p> 2754<ul> 2755 <li>[ro.build.version.security_patch]:[2017-01-01]</li> 2756 <li>[ro.build.version.security_patch]:[2017-01-05]</li> 2757</ul> 2758<p><strong>2. Why does this bulletin have two security patch levels?</strong></p> 2759 2760<p>This bulletin has two security patch levels so that Android partners have the 2761flexibility to fix a subset of vulnerabilities that are similar across all 2762Android devices more quickly. Android partners are encouraged to fix all issues 2763in this bulletin and use the latest security patch level.</p> 2764<ul> 2765 <li>Devices that use the January 1, 2017 security patch level must include all 2766 issues associated with that security patch level, as well as fixes for all 2767 issues reported in previous security bulletins.</li> 2768 <li>Devices that use the security patch level of January 5, 2017 or newer must 2769 include all applicable patches in this (and previous) security 2770 bulletins.</li> 2771</ul> 2772<p>Partners are encouraged to bundle the fixes for all issues they are addressing 2773in a single update.</p> 2774 2775<p><strong>3. How do I determine which Google devices are affected by each 2776issue?</strong></p> 2777 2778<p>In the <a href="#2017-01-01-details">2017-01-01</a> and 2779<a href="#2017-01-05-details">2017-01-05</a> 2780security vulnerability details sections, each table has an <em>Updated Google 2781devices</em> column that covers the range of affected Google devices updated for 2782each issue. This column has a few options:</p> 2783<ul> 2784 <li><strong>All Google devices</strong>: If an issue affects All and Pixel 2785 devices, the table will have "All" in the <em>Updated Google devices</em> 2786 column. "All" encapsulates the following <a 2787 href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">supported 2788 devices</a>: Nexus 5X, Nexus 6, Nexus 6P, Nexus 7 (2013), Nexus 9, Android One, 2789 Nexus Player, Pixel C, Pixel, and Pixel XL.</li> 2790 <li><strong>Some Google devices</strong>: If an issue doesn't affect all Google 2791 devices, the affected Google devices are listed in the <em>Updated Google 2792 devices</em> column.</li> 2793 <li><strong>No Google devices</strong>: If no Google devices running the 2794 latest available version of Android are affected by the issue, the table 2795 will have "None" in the <em>Updated Google devices</em> column.</li> 2796</ul> 2797<p><strong>4. What do the entries in the references column map to?</strong></p> 2798 2799<p>Entries under the <em>References</em> column of the vulnerability details table 2800may contain a prefix identifying the organization to which the reference value 2801belongs. These prefixes map as follows:</p> 2802 2803<table> 2804 <tr> 2805 <th>Prefix</th> 2806 <th>Reference</th> 2807 </tr> 2808 <tr> 2809 <td>A-</td> 2810 <td>Android bug ID</td> 2811 </tr> 2812 <tr> 2813 <td>QC-</td> 2814 <td>Qualcomm reference number</td> 2815 </tr> 2816 <tr> 2817 <td>M-</td> 2818 <td>MediaTek reference number</td> 2819 </tr> 2820 <tr> 2821 <td>N-</td> 2822 <td>NVIDIA reference number</td> 2823 </tr> 2824 <tr> 2825 <td>B-</td> 2826 <td>Broadcom reference number</td> 2827 </tr> 2828</table> 2829<h2 id="revisions">Revisions</h2> 2830<ul> 2831 <li>January 03, 2017: Bulletin published.</li> 2832 <li>January 04, 2017: Bulletin revised to include AOSP links.</li> 2833 <li>January 05, 2017: Clarified AOSP version number from 7.1 to 7.1.1.</li> 2834 <li>January 12, 2017: Removed duplicate entry for CVE-2016-8467.</li> 2835 <li>January 24, 2017: Updated description and severity for CVE-2017-0381.</li> 2836 <li>February 2, 2017: Updated CVE-2017-0389 with additional patch link.</li> 2837</ul> 2838