Google Git
Sign in
android / platform / docs / source.android.com / eea9cc73ff9c12570ba21be21ab482d2dc938fea / . / src / security / bulletin / 2017-01-01.jd
blob: f15c892babf7e1561e76c57d8fe5ce1785c74cd6 [file] [log] [blame]
page.title=Android Security Bulletin—January 2017
@jd:body
<!--
Copyright 2017 The Android Open Source Project
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<p><em>Published January 03, 2017 | Updated February 2, 2017</em></p>
<p>The Android Security Bulletin contains details of security vulnerabilities
affecting Android devices. Alongside the bulletin, we have released a security
update to Google devices through an over-the-air (OTA) update. The Google device
firmware images have also been released to the <a
href="https://developers.google.com/android/nexus/images">Google Developer
site</a>. Security patch levels of January 05, 2017 or later address all of
these issues. Refer to the <a
href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">Pixel
and Nexus update schedule</a> to learn how to check a device's security patch
level.</p>
<p>Partners were notified of the issues described in the bulletin on December 05,
2016 or earlier. Source code patches for these issues have been released to the
Android Open Source Project (AOSP) repository and linked from this bulletin.
This bulletin also includes links to patches outside of AOSP.</p>
<p>The most severe of these issues is a Critical security vulnerability that could
enable remote code execution on an affected device through multiple methods such
as email, web browsing, and MMS when processing media files.</p>
<p>We have had no reports of active customer exploitation or abuse of these newly
reported issues. Refer to the <a
href="#mitigations">Android and Google service
mitigations</a> section for details on the <a
href="{@docRoot}security/enhancements/index.html">Android
security platform protections</a> and service protections such as <a
href="https://developer.android.com/training/safetynet/index.html">SafetyNet</a>,
which improve the security of the Android platform.</p>
<p>We encourage all customers to accept these updates to their devices.</p>
<h2 id="announcements">Announcements</h2>
<ul>
<li>This bulletin has two security patch level strings to provide Android
partners with the flexibility to more quickly fix a subset of vulnerabilities
that are similar across all Android devices. See <a
href="#common-questions-and-answers">Common questions and answers</a> for
additional information:
<ul>
<li><strong>2017-01-01</strong>: Partial security patch level string. This
security patch level string indicates that all issues associated with 2017-01-01
(and all previous security patch level strings) are addressed.</li>
<li><strong>2017-01-05</strong>: Complete security patch level string. This
security patch level string indicates that all issues associated with 2017-01-01
and 2017-01-05 (and all previous security patch level strings) are addressed.</li>
</ul>
</li>
<li>Supported Google devices will receive a single OTA update with the January
05, 2017 security patch level.</li>
</ul>
<h2 id="security-vulnerability-summary">Security vulnerability summary</h2>
<p>The tables below contains a list of security vulnerabilities, the Common
Vulnerability and Exposures ID (CVE), the assessed severity, and whether or not
Google devices are affected. The <a
href="{@docRoot}security/overview/updates-resources.html#severity">severity
assessment</a> is based on the effect that exploiting the vulnerability would
possibly have on an affected device, assuming the platform and service
mitigations are disabled for development purposes or if successfully bypassed.</p>
<h3 id="2017-01-01-summary">2017-01-01
security patch level—Vulnerability summary</h3>
<p>Security patch levels of 2017-01-01 or later must address the following issues.</p>
<table>
<col width="55%">
<col width="20%">
<col width="13%">
<col width="12%">
<tr>
<th>Issue</th>
<th>CVE</th>
<th>Severity</th>
<th>Affects Google devices?</th>
</tr>
<tr>
<td>Remote code execution vulnerability in c-ares</td>
<td>CVE-2016-5180</td>
<td>High</td>
<td>Yes</td>
</tr>
<tr>
<td>Remote code execution vulnerability in Framesequence</td>
<td>CVE-2017-0382</td>
<td>High</td>
<td>Yes</td>
</tr>
<tr>
<td>Elevation of privilege vulnerability in Framework APIs</td>
<td>CVE-2017-0383</td>
<td>High</td>
<td>Yes</td>
</tr>
<tr>
<td>Elevation of privilege vulnerability in Audioserver</td>
<td>CVE-2017-0384, CVE-2017-0385</td>
<td>High</td>
<td>Yes</td>
</tr>
<tr>
<td>Elevation of privilege vulnerability in libnl</td>
<td>CVE-2017-0386</td>
<td>High</td>
<td>Yes</td>
</tr>
<tr>
<td>Elevation of privilege vulnerability in Mediaserver</td>
<td>CVE-2017-0387</td>
<td>High</td>
<td>Yes</td>
</tr>
<tr>
<td>Information disclosure vulnerability in External Storage Provider</td>
<td>CVE-2017-0388</td>
<td>High</td>
<td>Yes</td>
</tr>
<tr>
<td>Denial of service vulnerability in core networking</td>
<td>CVE-2017-0389</td>
<td>High</td>
<td>Yes</td>
</tr>
<tr>
<td>Denial of service vulnerability in Mediaserver</td>
<td>CVE-2017-0390, CVE-2017-0391, CVE-2017-0392, CVE-2017-0393</td>
<td>High</td>
<td>Yes</td>
</tr>
<tr>
<td>Denial of service vulnerability in Telephony</td>
<td>CVE-2017-0394</td>
<td>High</td>
<td>Yes</td>
</tr>
<tr>
<td>Elevation of privilege vulnerability in Contacts</td>
<td>CVE-2017-0395</td>
<td>Moderate</td>
<td>Yes</td>
</tr>
<tr>
<td>Information disclosure vulnerability in Mediaserver</td>
<td>CVE-2017-0381, CVE-2017-0396, CVE-2017-0397</td>
<td>Moderate</td>
<td>Yes</td>
</tr>
<tr>
<td>Information disclosure vulnerability in Audioserver</td>
<td>CVE-2017-0398, CVE-2017-0399, CVE-2017-0400, CVE-2017-0401, CVE-2017-0402</td>
<td>Moderate</td>
<td>Yes</td>
</tr>
</table>
<h3 id="2017-01-05-summary">2017-01-05 security patch level—Vulnerability summary</h3>
<p>Security patch levels of 2017-01-05 or later must address all of the 2017-01-01
issues, as well as the following issues.</p>
<table>
<col width="55%">
<col width="20%">
<col width="13%">
<col width="12%">
<tr>
<th>Issue</th>
<th>CVE</th>
<th>Severity</th>
<th>Affects Google devices?</th>
</tr>
<tr>
<td>Elevation of privilege vulnerability in kernel memory subsystem</td>
<td>CVE-2015-3288</td>
<td>Critical</td>
<td>Yes</td>
</tr>
<tr>
<td>Elevation of privilege vulnerability in Qualcomm bootloader</td>
<td>CVE-2016-8422, CVE-2016-8423</td>
<td>Critical</td>
<td>Yes</td>
</tr>
<tr>
<td>Elevation of privilege vulnerability in kernel file system</td>
<td>CVE-2015-5706</td>
<td>Critical</td>
<td>No*</td>
</tr>
<tr>
<td>Elevation of privilege vulnerability in NVIDIA GPU driver</td>
<td>CVE-2016-8424, CVE-2016-8425, CVE-2016-8426, CVE-2016-8482,
CVE-2016-8427, CVE-2016-8428, CVE-2016-8429, CVE-2016-8430,
CVE-2016-8431, CVE-2016-8432</td>
<td>Critical</td>
<td>Yes</td>
</tr>
<tr>
<td>Elevation of privilege vulnerability in MediaTek driver</td>
<td>CVE-2016-8433</td>
<td>Critical</td>
<td>No*</td>
</tr>
<tr>
<td>Elevation of privilege vulnerability in Qualcomm GPU driver</td>
<td>CVE-2016-8434</td>
<td>Critical</td>
<td>Yes</td>
</tr>
<tr>
<td>Elevation of privilege vulnerability in NVIDIA GPU driver</td>
<td>CVE-2016-8435</td>
<td>Critical</td>
<td>Yes</td>
</tr>
<tr>
<td>Elevation of privilege vulnerability in Qualcomm video driver</td>
<td>CVE-2016-8436</td>
<td>Critical</td>
<td>No*</td>
</tr>
<tr>
<td>Vulnerabilities in Qualcomm components</td>
<td>CVE-2016-5080, CVE-2016-8398, CVE-2016-8437, CVE-2016-8438,
CVE-2016-8439, CVE-2016-8440, CVE-2016-8441, CVE-2016-8442,
CVE-2016-8443, CVE-2016-8459</td>
<td>Critical</td>
<td>No*</td>
</tr>
<tr>
<td>Elevation of privilege vulnerability in Qualcomm camera</td>
<td>CVE-2016-8412, CVE-2016-8444</td>
<td>High</td>
<td>Yes</td>
</tr>
<tr>
<td>Elevation of privilege vulnerability in MediaTek components</td>
<td>CVE-2016-8445, CVE-2016-8446, CVE-2016-8447, CVE-2016-8448</td>
<td>High</td>
<td>No*</td>
</tr>
<tr>
<td>Elevation of privilege vulnerability in Qualcomm Wi-Fi driver</td>
<td>CVE-2016-8415</td>
<td>High</td>
<td>Yes</td>
</tr>
<tr>
<td>Elevation of privilege vulnerability in NVIDIA GPU driver</td>
<td>CVE-2016-8449</td>
<td>High</td>
<td>Yes</td>
</tr>
<tr>
<td>Elevation of privilege vulnerability in Qualcomm sound driver</td>
<td>CVE-2016-8450</td>
<td>High</td>
<td>Yes</td>
</tr>
<tr>
<td>Elevation of privilege vulnerability in Synaptics touchscreen driver</td>
<td>CVE-2016-8451</td>
<td>High</td>
<td>No*</td>
</tr>
<tr>
<td>Elevation of privilege vulnerability in kernel security subsystem</td>
<td>CVE-2016-7042</td>
<td>High</td>
<td>Yes</td>
</tr>
<tr>
<td>Elevation of privilege vulnerability in kernel performance subsystem</td>
<td>CVE-2017-0403</td>
<td>High</td>
<td>Yes</td>
</tr>
<tr>
<td>Elevation of privilege vulnerability in kernel sound subsystem</td>
<td>CVE-2017-0404</td>
<td>High</td>
<td>Yes</td>
</tr>
<tr>
<td>Elevation of privilege vulnerability in Qualcomm Wi-Fi driver</td>
<td>CVE-2016-8452</td>
<td>High</td>
<td>Yes</td>
</tr>
<tr>
<td>Elevation of privilege vulnerability in Qualcomm radio driver</td>
<td>CVE-2016-5345</td>
<td>High</td>
<td>Yes</td>
</tr>
<tr>
<td>Elevation of privilege vulnerability in kernel profiling subsystem</td>
<td>CVE-2016-9754</td>
<td>High</td>
<td>Yes</td>
</tr>
<tr>
<td>Elevation of privilege vulnerability in Broadcom Wi-Fi driver</td>
<td>CVE-2016-8453, CVE-2016-8454, CVE-2016-8455, CVE-2016-8456, CVE-2016-8457</td>
<td>High</td>
<td>Yes</td>
</tr>
<tr>
<td>Elevation of privilege vulnerability in Synaptics touchscreen driver</td>
<td>CVE-2016-8458</td>
<td>High</td>
<td>Yes</td>
</tr>
<tr>
<td>Information disclosure vulnerability in NVIDIA video driver</td>
<td>CVE-2016-8460</td>
<td>High</td>
<td>Yes</td>
</tr>
<tr>
<td>Information disclosure vulnerability in bootloader</td>
<td>CVE-2016-8461, CVE-2016-8462</td>
<td>High</td>
<td>Yes</td>
</tr>
<tr>
<td>Denial of service vulnerability in Qualcomm FUSE file system</td>
<td>CVE-2016-8463</td>
<td>High</td>
<td>No*</td>
</tr>
<tr>
<td>Denial of service vulnerability in bootloader</td>
<td>CVE-2016-8467</td>
<td>High</td>
<td>Yes</td>
</tr>
<tr>
<td>Elevation of privilege vulnerability in Broadcom Wi-Fi driver</td>
<td>CVE-2016-8464, CVE-2016-8465, CVE-2016-8466</td>
<td>Moderate</td>
<td>Yes</td>
</tr>
<tr>
<td>Elevation of privilege vulnerability in Binder</td>
<td>CVE-2016-8468</td>
<td>Moderate</td>
<td>Yes</td>
</tr>
<tr>
<td>Information disclosure vulnerability in NVIDIA camera driver</td>
<td>CVE-2016-8469</td>
<td>Moderate</td>
<td>Yes</td>
</tr>
<tr>
<td>Information disclosure vulnerability in MediaTek driver</td>
<td>CVE-2016-8470, CVE-2016-8471, CVE-2016-8472</td>
<td>Moderate</td>
<td>No*</td>
</tr>
<tr>
<td>Information disclosure vulnerability in STMicroelectronics driver</td>
<td>CVE-2016-8473, CVE-2016-8474</td>
<td>Moderate</td>
<td>Yes</td>
</tr>
<tr>
<td>Information disclosure vulnerability in Qualcomm audio post processor</td>
<td>CVE-2017-0399, CVE-2017-0400, CVE-2017-0401, CVE-2017-0402</td>
<td>Moderate</td>
<td>Yes</td>
</tr>
<tr>
<td>Information disclosure vulnerability in HTC input driver</td>
<td>CVE-2016-8475</td>
<td>Moderate</td>
<td>Yes</td>
</tr>
<tr>
<td>Denial of service vulnerability in kernel file system</td>
<td>CVE-2014-9420</td>
<td>Moderate</td>
<td>Yes</td>
</tr>
</table>
<p>* Supported Google devices on Android 7.0 or later that have installed all
available updates are not affected by this vulnerability.</p>
<h2 id="mitigations">Android and Google service
mitigations</h2>
<p>This is a summary of the mitigations provided by the <a
href="{@docRoot}security/enhancements/index.html">Android
security platform</a> and service protections, such as SafetyNet. These
capabilities reduce the likelihood that security vulnerabilities could be
successfully exploited on Android.</p>
<ul>
<li>Exploitation for many issues on Android is made more difficult by
enhancements in newer versions of the Android platform. We encourage all users
to update to the latest version of Android where possible.</li>
<li>The Android Security team actively monitors for abuse with
<a href="http://static.googleusercontent.com/media/source.android.com/en//security/reports/Google_Android_Security_2015_Report_Final.pdf">Verify
Apps and SafetyNet</a>, which are designed to warn users about
<a href="http://static.googleusercontent.com/media/source.android.com/en//security/reports/Google_Android_Security_PHA_classifications.pdf">Potentially
Harmful Applications</a>. Verify Apps is enabled by default on devices with <a
href="http://www.android.com/gms">Google Mobile Services</a> and is especially
important for users who install applications from outside of Google Play. Device
rooting tools are prohibited within Google Play, but Verify Apps warns users
when they attempt to install a detected rooting application—no matter where it
comes from. Additionally, Verify Apps attempts to identify and block
installation of known malicious applications that exploit a privilege escalation
vulnerability. If such an application has already been installed, Verify Apps
will notify the user and attempt to remove the detected application.</li>
<li>As appropriate, Google Hangouts and Messenger applications do not
automatically pass media to processes such as Mediaserver.</li>
</ul>
<h2 id="acknowledgements">Acknowledgements</h2>
<p>We would like to thank these researchers for their contributions:</p>
<ul>
<li>Alexandru Blanda: CVE-2017-0390</li>
<li>Daniel Micay of Copperhead Security: CVE-2017-0397</li>
<li>Daxing Guo (<a href="https://twitter.com/freener0">@freener0</a>) of Xuanwu
Lab, Tencent: CVE-2017-0386</li>
<li><a href="mailto:[email protected]">derrek</a> (<a
href="https://twitter.com/derrekr6">@derrekr6</a>): CVE-2017-0392</li>
<li>Di Shen (<a href="https://twitter.com/returnsme">@returnsme</a>) of KeenLab
(<a href="https://twitter.com/keen_lab">@keen_lab</a>), Tencent: CVE-2016-8412,
CVE-2016-8444, CVE-2016-8427, CVE-2017-0403</li>
<li>donfos (Aravind Machiry) of Shellphish Grill Team, UC Santa Barbara:
CVE-2016-8448, CVE-2016-8470, CVE-2016-8471, CVE-2016-8472</li>
<li>En He (<a href="http://twitter.com/heeeeen4x">@heeeeen4x</a>) of <a
href="http://www.ms509.com">MS509Team</a>: CVE-2017-0394</li>
<li>Gengjia Chen (<a href="https://twitter.com/chengjia4574">@chengjia4574</a>)
and <a href="http://weibo.com/jfpan">pjf</a> of IceSword Lab, Qihoo 360
Technology Co. Ltd.: CVE-2016-8464</li>
<li>Google WebM Team: CVE-2017-0393</li>
<li>Guang Gong (龚广) (<a href="http://twitter.com/oldfresher">@oldfresher</a>) of
Alpha Team, <a href="http://www.360.com">Qihoo 360 Technology Co. Ltd.</a>:
CVE-2017-0387</li>
<li>Hao Chen and Guang Gong of Alpha Team, Qihoo 360 Technology Co. Ltd.:
CVE-2016-8415, CVE-2016-8454, CVE-2016-8455, CVE-2016-8456, CVE-2016-8457,
CVE-2016-8465</li>
<li>Jianqiang Zhao (<a
href="https://twitter.com/jianqiangzhao">@jianqiangzhao</a>) and <a
href="http://weibo.com/jfpan">pjf</a> of IceSword Lab, Qihoo 360: CVE-2016-8475</li>
<li>Jon Sawyer (<a href="http://twitter.com/jcase">@jcase</a>) and Sean Beaupre
(<a href="https://twitter.com/firewaterdevs">@firewaterdevs</a>): CVE-2016-8462</li>
<li>Jon Sawyer (<a href="http://twitter.com/jcase">@jcase</a>), Sean Beaupre (<a
href="https://twitter.com/firewaterdevs">@firewaterdevs</a>), and Ben Actis (<a
href="https://twitter.com/ben_ra">@Ben_RA</a>): CVE-2016-8461</li>
<li>Mingjian Zhou (<a
href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>), Yuqi Lu (<a
href="https://twitter.com/nikos233__">@nikos233</a>), Chiachih Wu (<a
href="https://twitter.com/chiachih_wu">@chiachih_wu</a>), and Xuxian Jiang of <a
href="http://c0reteam.org">C0RE Team</a>: CVE-2017-0383</li>
<li>Monk Avel: CVE-2017-0396, CVE-2017-0399</li>
<li>Peter Pi (<a href="https://twitter.com/heisecode">@heisecode</a>) of Trend
Micro: CVE-2016-8469, CVE-2016-8424, CVE-2016-8428, CVE-2016-8429,
CVE-2016-8460, CVE-2016-8473, CVE-2016-8474</li>
<li>Qidan He (何淇丹) (<a href="https://twitter.com/flanker_hqd">@flanker_hqd</a>)
of KeenLab, Tencent (腾讯科恩实验室): CVE-2017-0382</li>
<li>Roee Hay and Michael Goberman of IBM Security X-Force: CVE-2016-8467</li>
<li>Seven Shen (<a href="https://twitter.com/lingtongshen">@lingtongshen</a>) of
Trend Micro Mobile Threat Research Team: CVE-2016-8466</li>
<li>Stephen Morrow: CVE-2017-0389</li>
<li>V.E.O (<a href="https://twitter.com/vysea">@VYSEa</a>) of Mobile Threat
Research Team, <a href="http://www.trendmicro.com">Trend Micro</a>:
CVE-2017-0381</li>
<li>Weichao Sun (<a href="https://twitter.com/sunblate">@sunblate</a>) of
Alibaba Inc.: CVE-2017-0391</li>
<li><a href="mailto:[email protected]">Wenke Dou</a>, Chiachih Wu (<a
href="https://twitter.com/chiachih_wu">@chiachih_wu</a>), and Xuxian Jiang of <a
href="http://c0reteam.org">C0RE Team</a>: CVE-2017-0402, CVE-2017-0398</li>
<li><a href="mailto:[email protected]">Wenke Dou</a>, <a
href="mailto:[email protected]">Hanxiang Wen</a>, Chiachih Wu (<a
href="https://twitter.com/chiachih_wu">@chiachih_wu</a>), and Xuxian Jiang of <a
href="http://c0reteam.org">C0RE Team</a>: CVE-2017-0400</li>
<li><a href="mailto:[email protected]">Wenke Dou</a>, <a
href="mailto:[email protected]">Hongli Han</a>, Chiachih Wu (<a
href="https://twitter.com/chiachih_wu">@chiachih_wu</a>), and Xuxian Jiang of <a
href="http://c0reteam.org">C0RE Team</a>: CVE-2017-0384, CVE-2017-0385</li>
<li><a href="mailto:[email protected]">Wenke Dou</a>, Yuqi Lu (<a
href="https://twitter.com/nikos233__">@nikos233</a>), Chiachih Wu (<a
href="https://twitter.com/chiachih_wu">@chiachih_wu</a>), and Xuxian Jiang of <a
href="http://c0reteam.org">C0RE Team</a>: CVE-2017-0401</li>
<li><a href="mailto:[email protected]">Yao Jun</a>, <a
href="mailto:[email protected]">Yuan-Tsung Lo</a>, Chiachih Wu (<a
href="https://twitter.com/chiachih_wu">@chiachih_wu</a>), and Xuxian Jiang of <a
href="http://c0reteam.org">C0RE Team</a>: CVE-2016-8431, CVE-2016-8432,
CVE-2016-8435</li>
<li>Yong Wang (王勇) (<a
href="https://twitter.com/ThomasKing2014">@ThomasKing2014</a>) and Jun Cheng of
Alibaba Inc.: CVE-2017-0404</li>
<li><a href="mailto:[email protected]">Yuan-Tsung Lo</a>, <a
href="mailto:[email protected]">Tong Lin</a>, Chiachih Wu (<a
href="https://twitter.com/chiachih_wu">@chiachih_wu</a>), and Xuxian Jiang of <a
href="http://c0reteam.org">C0RE Team</a>: CVE-2016-8425, CVE-2016-8426,
CVE-2016-8449</li>
<li><a href="mailto:[email protected]">Yuan-Tsung Lo</a>, <a
href="mailto:[email protected]">Yanfeng Wang</a>, Chiachih Wu (<a
href="https://twitter.com/chiachih_wu">@chiachih_wu</a>), and Xuxian Jiang of <a
href="http://c0reteam.org">C0RE Team</a>: CVE-2016-8430, CVE-2016-8482</li>
<li>Yuxiang Li (<a href="https://twitter.com/xbalien29">@Xbalien29</a>) of
Tencent Security Platform Department: CVE-2017-0395</li>
<li>Zhanpeng Zhao (行之) (<a href="https://twitter.com/0xr0ot">@0xr0ot</a>) of
Security Research Lab, <a href="http://www.cmcm.com/">Cheetah Mobile</a>:
CVE-2016-8451</li>
</ul>
<p>We would also like to thank the following researchers for their contributions to
this bulletin:</p>
<ul>
<li>Baozeng Ding, Chengming Yang, Peng Xiao, Ning You, Yang Dong, Chao Yang, Yi
Zhang and Yang Song of Alibaba Mobile Security Group</li>
<li>Peter Pi (<a href="https://twitter.com/heisecode">@heisecode</a>) of Trend
Micro</li>
<li>Zubin Mithra of Google</li>
</ul>
<h2 id="2017-01-01-details">2017-01-01 security patch level—Vulnerability
details</h2>
<p>
In the sections below, we provide details for each of the security
vulnerabilities listed in the <a href="#2017-01-01-summary">2017-01-01 security
patch level—Vulnerability summary</a> above. There is a description of
the issue, a severity rationale, and a table with the CVE, associated
references, severity, updated Google devices, updated AOSP versions (where
applicable), and date reported. When available, we will link the public change
that addressed the issue to the bug ID, like the AOSP change list. When multiple
changes relate to a single bug, additional references are linked to numbers
following the bug ID.</p>
<h3 id="rce-in-c-ares">Remote code execution vulnerability in c-ares</h3>
<p>
A remote code execution vulnerability in c-ares could enable an attacker using
a specially crafted request to execute arbitrary code in the context of an
unprivileged process. This issue is rated as High due to the possibility of
remote code execution in an application that uses this library.
</p>
<table>
<col width="18%">
<col width="17%">
<col width="10%">
<col width="19%">
<col width="18%">
<col width="17%">
<tr>
<th>CVE</th>
<th>References</th>
<th>Severity</th>
<th>Updated Google devices</th>
<th>Updated AOSP versions</th>
<th>Date reported</th>
</tr>
<tr>
<td>CVE-2016-5180</td>
<td><a href="https://android.googlesource.com/platform/external/c-ares/+/f4baf84f285bfbdebb89b2fef8a955720f00c677">
A-32205736</a></td>
<td>High</td>
<td>All</td>
<td>7.0</td>
<td>Sept 29, 2016</td>
</tr>
</table>
<h3 id="rce-vulnerability-in-framesequence">Remote code
execution vulnerability in Framesequence</h3>
<p>
A remote code execution vulnerability in the Framesequence library could enable
an attacker using a specially crafted file to execute arbitrary code in the
context of an unprivileged process. This issue is rated as High due to the
possibility of remote code execution in an application that uses the
Framesequence library.
</p>
<table>
<col width="18%">
<col width="17%">
<col width="10%">
<col width="19%">
<col width="18%">
<col width="17%">
<tr>
<th>CVE</th>
<th>References</th>
<th>Severity</th>
<th>Updated Google devices</th>
<th>Updated AOSP versions</th>
<th>Date reported</th>
</tr>
<tr>
<td>CVE-2017-0382</td>
<td><a href="https://android.googlesource.com/platform/frameworks/ex/+/7f0e3dab5a892228d8dead7f0221cc9ae82474f7">
A-32338390</a></td>
<td>High</td>
<td>All</td>
<td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td>
<td>Oct 21, 2016</td>
</tr>
</table>
<h3 id="eop-in-framework-apis">Elevation of
privilege vulnerability in Framework APIs</h3>
<p>
An elevation of privilege vulnerability in the Framework APIs could enable a
local malicious application to execute arbitrary code within the context of a
privileged process. This issue is rated as High because it could be used to gain
local access to elevated capabilities, which are not normally accessible to a
third-party application.
</p>
<table>
<col width="18%">
<col width="17%">
<col width="10%">
<col width="19%">
<col width="18%">
<col width="17%">
<tr>
<th>CVE</th>
<th>References</th>
<th>Severity</th>
<th>Updated Google devices</th>
<th>Updated AOSP versions</th>
<th>Date reported</th>
</tr>
<tr>
<td>CVE-2017-0383</td>
<td><a href="https://android.googlesource.com/platform/frameworks/native/+/e5753ba087fa59ee02f6026cc13b1ceb42a1f266">
A-31677614</a></td>
<td>High</td>
<td>All</td>
<td>7.0, 7.1.1</td>
<td>Sep 21, 2016</td>
</tr>
</table>
<h3 id="eop-in-audioserver">Elevation of
privilege vulnerability in Audioserver</h3>
<p>
An elevation of privilege vulnerability in Audioserver could enable a local
malicious application to execute arbitrary code within the context of a
privileged process. This issue is rated as High because it could be used to gain
local access to elevated capabilities, which are not normally accessible to a
third-party application.
</p>
<table>
<col width="18%">
<col width="17%">
<col width="10%">
<col width="19%">
<col width="18%">
<col width="17%">
<tr>
<th>CVE</th>
<th>References</th>
<th>Severity</th>
<th>Updated Google devices</th>
<th>Updated AOSP versions</th>
<th>Date reported</th>
</tr>
<tr>
<td>CVE-2017-0384</td>
<td><a href="https://android.googlesource.com/platform/frameworks/av/+/321ea5257e37c8edb26e66fe4ee78cca4cd915fe">
A-32095626</a></td>
<td>High</td>
<td>All</td>
<td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td>
<td>Oct 11, 2016</td>
</tr>
<tr>
<td>CVE-2017-0385</td>
<td><a href="https://android.googlesource.com/platform/hardware/qcom/audio/+/ed79f2cc961d7d35fdbbafdd235c1436bcd74358">
A-32585400</a></td>
<td>High</td>
<td>All</td>
<td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td>
<td>Oct 11, 2016</td>
</tr>
</table>
<h3 id="eop-in-libnl">Elevation of privilege
vulnerability in libnl</h3>
<p>
An elevation of privilege vulnerability in the libnl library could enable a
local malicious application to execute arbitrary code within the context of a
privileged process. This issue is rated as High because it could be used to gain
local access to elevated capabilities, which are not normally accessible to a
third-party application.
</p>
<table>
<col width="18%">
<col width="17%">
<col width="10%">
<col width="19%">
<col width="18%">
<col width="17%">
<tr>
<th>CVE</th>
<th>References</th>
<th>Severity</th>
<th>Updated Google devices</th>
<th>Updated AOSP versions</th>
<th>Date reported</th>
</tr>
<tr>
<td>CVE-2017-0386</td>
<td><a href="https://android.googlesource.com/platform/external/libnl/+/f0b40192efd1af977564ed6335d42a8bbdaf650a">
A-32255299</a></td>
<td>High</td>
<td>All</td>
<td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td>
<td>Oct 18, 2016</td>
</tr>
</table>
<h3 id="eop-in-mediaserver">Elevation of
privilege vulnerability in Mediaserver</h3>
<p>
An elevation of privilege vulnerability in Mediaserver could enable a local
malicious application to execute arbitrary code within the context of a
privileged process. This issue is rated as High because it could be used to gain
local access to elevated capabilities, which are not normally accessible to a
third-party application.
</p>
<table>
<col width="18%">
<col width="17%">
<col width="10%">
<col width="19%">
<col width="18%">
<col width="17%">
<tr>
<th>CVE</th>
<th>References</th>
<th>Severity</th>
<th>Updated Google devices</th>
<th>Updated AOSP versions</th>
<th>Date reported</th>
</tr>
<tr>
<td>CVE-2017-0387</td>
<td><a href="https://android.googlesource.com/platform/frameworks/native/+/675e212c8c6653825cc3352c603caf2e40b00f9f">
A-32660278</a></td>
<td>High</td>
<td>All</td>
<td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td>
<td>Nov 4, 2016</td>
</tr>
</table>
<h3 id="id-in-external-storage-provider">Information disclosure vulnerability
in External Storage Provider</h3>
<p>
An information disclosure vulnerability in the External Storage Provider could
enable a local secondary user to read data from an external storage SD card
inserted by the primary user. This issue is rated as High because it could be
used to access data without permission.
</p>
<table>
<col width="18%">
<col width="17%">
<col width="10%">
<col width="19%">
<col width="18%">
<col width="17%">
<tr>
<th>CVE</th>
<th>References</th>
<th>Severity</th>
<th>Updated Google devices</th>
<th>Updated AOSP versions</th>
<th>Date reported</th>
</tr>
<tr>
<td>CVE-2017-0388</td>
<td><a href="https://android.googlesource.com/platform/frameworks/base/+/47e62b7fe6807a274ba760a8fecfd624fe792da9">
A-32523490</a></td>
<td>High</td>
<td>All</td>
<td>6.0, 6.0.1, 7.0, 7.1.1</td>
<td>Google internal</td>
</tr>
</table>
<h3 id="dos-in-core-networking">Denial of service
vulnerability in core networking</h3>
<p>
A denial of service vulnerability in core networking could enable a remote
attacker to use specially crafted network packet to cause a device hang or
reboot. This issue is rated as High due to the possibility of remote denial of
service.
</p>
<table>
<col width="18%">
<col width="17%">
<col width="10%">
<col width="19%">
<col width="18%">
<col width="17%">
<tr>
<th>CVE</th>
<th>References</th>
<th>Severity</th>
<th>Updated Google devices</th>
<th>Updated AOSP versions</th>
<th>Date reported</th>
</tr>
<tr>
<td>CVE-2017-0389</td>
<td><a href="https://android.googlesource.com/platform/frameworks/base/+/a014b6be3c7c6fb5cf9352a05baf84fca7a133c7">
A-31850211</a>
[<a href="https://android.googlesource.com/platform/frameworks/base/+/47e81a2596b00ee7aaca58716ff164a1708b0b29">2</a>]
[<a href="https://android.googlesource.com/platform/frameworks/base/+/006e0613016c1a0e0627f992f5a93a7b7198edba#">3</a>]</td>
<td>High</td>
<td>All</td>
<td>6.0, 6.0.1, 7.0, 7.1.1</td>
<td>Jul 20, 2016</td>
</tr>
</table>
<h3 id="dos-in-mediaserver">Denial of service
vulnerability in Mediaserver</h3>
<p>
A denial of service vulnerability in Mediaserver could enable a remote attacker
to use a specially crafted file to cause a device hang or reboot. This issue is
rated as High due to the possibility of remote denial of service.
</p>
<table>
<col width="18%">
<col width="17%">
<col width="10%">
<col width="19%">
<col width="18%">
<col width="17%">
<tr>
<th>CVE</th>
<th>References</th>
<th>Severity</th>
<th>Updated Google devices</th>
<th>Updated AOSP versions</th>
<th>Date reported</th>
</tr>
<tr>
<td>CVE-2017-0390</td>
<td><a href="https://android.googlesource.com/platform/external/tremolo/+/5dc99237d49e73c27d3eca54f6ccd97d13f94de0">
A-31647370</a></td>
<td>High</td>
<td>All</td>
<td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td>
<td>Sep 19, 2016</td>
</tr>
<tr>
<td>CVE-2017-0391</td>
<td><a href="https://android.googlesource.com/platform/external/libhevc/+/a33f6725d7e9f92330f995ce2dcf4faa33f6433f">
A-32322258</a></td>
<td>High</td>
<td>All</td>
<td>6.0, 6.0.1, 7.0, 7.1.1</td>
<td>Oct 20, 2016</td>
</tr>
<tr>
<td>CVE-2017-0392</td>
<td><a href="https://android.googlesource.com/platform/frameworks/av/+/453b351ac5bd2b6619925dc966da60adf6b3126c">
A-32577290</a></td>
<td>High</td>
<td>All</td>
<td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td>
<td>Oct 29, 2016</td>
</tr>
<tr>
<td>CVE-2017-0393</td>
<td><a href="https://android.googlesource.com/platform/external/libvpx/+/6886e8e0a9db2dbad723dc37a548233e004b33bc">
A-30436808</a></td>
<td>High</td>
<td>All</td>
<td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td>
<td>Google internal</td>
</tr>
</table>
<h3 id="dos-in-telephony">Denial of service
vulnerability in Telephony</h3>
<p>
A denial of service vulnerability in Telephony could enable a remote attacker to
cause a device hang or reboot. This issue is rated as High due to the
possibility of remote denial of service.
</p>
<table>
<col width="18%">
<col width="17%">
<col width="10%">
<col width="19%">
<col width="18%">
<col width="17%">
<tr>
<th>CVE</th>
<th>References</th>
<th>Severity</th>
<th>Updated Google devices</th>
<th>Updated AOSP versions</th>
<th>Date reported</th>
</tr>
<tr>
<td>CVE-2017-0394</td>
<td><a href="https://android.googlesource.com/platform/packages/services/Telephony/+/1cdced590675ce526c91c6f8983ceabb8038f58d">
A-31752213</a></td>
<td>High</td>
<td>All</td>
<td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td>
<td>Sep 23, 2016</td>
</tr>
</table>
<h3 id="eop-in-contacts">Elevation of privilege
vulnerability in Contacts</h3>
<p>
An elevation of privilege vulnerability in Contacts could enable a local
malicious application to silently create contact information. This issue is
rated as Moderate because it is a local bypass of user interaction requirements
(access to functionality that would normally require either user initiation or
user permission).
</p>
<table>
<col width="18%">
<col width="17%">
<col width="10%">
<col width="19%">
<col width="18%">
<col width="17%">
<tr>
<th>CVE</th>
<th>References</th>
<th>Severity</th>
<th>Updated Google devices</th>
<th>Updated AOSP versions</th>
<th>Date reported</th>
</tr>
<tr>
<td>CVE-2017-0395</td>
<td><a href="https://android.googlesource.com/platform/packages/apps/ContactsCommon/+/d47661ad82d402c1e0c90eb83970687d784add1b">
A-32219099</a></td>
<td>Moderate</td>
<td>All</td>
<td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td>
<td>Oct 15, 2016</td>
</tr>
</table>
<h3 id="id-in-mediaserver">Information
disclosure vulnerability in Mediaserver</h3>
<p>
An information disclosure vulnerability in Mediaserver could enable a local
malicious application to access data outside of its permission levels. This
issue is rated as Moderate because it could be used to access sensitive data
without permission.
</p>
<table>
<col width="18%">
<col width="17%">
<col width="10%">
<col width="19%">
<col width="18%">
<col width="17%">
<tr>
<th>CVE</th>
<th>References</th>
<th>Severity</th>
<th>Updated Google devices</th>
<th>Updated AOSP versions</th>
<th>Date reported</th>
</tr>
<tr>
<td>CVE-2017-0381</td>
<td><a href="https://android.googlesource.com/platform/external/libopus/+/0d052d64480a30e83fcdda80f4774624e044beb7">
A-31607432</a></td>
<td>Moderate</td>
<td>All</td>
<td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td>
<td>Sep 18, 2016</td>
</tr>
<tr>
<td>CVE-2017-0396</td>
<td><a href="https://android.googlesource.com/platform/frameworks/av/+/557bd7bfe6c4895faee09e46fc9b5304a956c8b7">
A-31781965</a></td>
<td>Moderate</td>
<td>All</td>
<td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td>
<td>Sep 27, 2016</td>
</tr>
<tr>
<td>CVE-2017-0397</td>
<td><a href="https://android.googlesource.com/platform/frameworks/av/+/7a3246b870ddd11861eda2ab458b11d723c7f62c">
A-32377688</a></td>
<td>Moderate</td>
<td>All</td>
<td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td>
<td>Oct 21, 2016</td>
</tr>
</table>
<h3 id="id-in-audioserver">Information
disclosure vulnerability in Audioserver</h3>
<p>
An information disclosure vulnerability in Audioserver could enable a local
malicious application to access data outside of its permission levels. This
issue is rated as Moderate because it could be used to access sensitive data
without permission.
</p>
<table>
<col width="18%">
<col width="17%">
<col width="10%">
<col width="19%">
<col width="18%">
<col width="17%">
<tr>
<th>CVE</th>
<th>References</th>
<th>Severity</th>
<th>Updated Google devices</th>
<th>Updated AOSP versions</th>
<th>Date reported</th>
</tr>
<tr>
<td>CVE-2017-0398</td>
<td><a href="https://android.googlesource.com/platform/frameworks/av/+/26965db50a617f69bdefca0d7533796c80374f2c">
A-32438594</a></td>
<td>Moderate</td>
<td>All</td>
<td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td>
<td>Oct 25, 2016</td>
</tr>
<tr>
<td>CVE-2017-0398</td>
<td><a href="https://android.googlesource.com/platform/frameworks/av/+/26965db50a617f69bdefca0d7533796c80374f2c">
A-32635664</a></td>
<td>Moderate</td>
<td>All</td>
<td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td>
<td>Oct 25, 2016</td>
</tr>
<tr>
<td>CVE-2017-0398</td>
<td><a href="https://android.googlesource.com/platform/frameworks/av/+/26965db50a617f69bdefca0d7533796c80374f2c">
A-32624850</a></td>
<td>Moderate</td>
<td>All</td>
<td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td>
<td>Oct 25, 2016</td>
</tr>
<tr>
<td>CVE-2017-0399</td>
<td><a href="https://android.googlesource.com/platform/frameworks/av/+/c66c43ad571ed2590dcd55a762c73c90d9744bac">
A-32247948</a>
[<a href="https://android.googlesource.com/platform/hardware/qcom/audio/+/d72ea85c78a1a68bf99fd5804ad9784b4102fe57">2</a>]</td>
<td>Moderate</td>
<td>All</td>
<td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td>
<td>Oct 18, 2016</td>
</tr>
<tr>
<td>CVE-2017-0400</td>
<td><a href="https://android.googlesource.com/platform/frameworks/av/+/c66c43ad571ed2590dcd55a762c73c90d9744bac">
A-32584034</a>
[<a href="https://android.googlesource.com/platform/hardware/qcom/audio/+/d72ea85c78a1a68bf99fd5804ad9784b4102fe57">2</a>]</td>
<td>Moderate</td>
<td>All</td>
<td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td>
<td>Oct 25, 2016</td>
</tr>
<tr>
<td>CVE-2017-0401</td>
<td><a href="https://android.googlesource.com/platform/frameworks/av/+/321ea5257e37c8edb26e66fe4ee78cca4cd915fe">
A-32448258</a></td>
<td>Moderate</td>
<td>All</td>
<td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td>
<td>Oct 26, 2016</td>
</tr>
<tr>
<td>CVE-2017-0402</td>
<td><a href="https://android.googlesource.com/platform/frameworks/av/+/c66c43ad571ed2590dcd55a762c73c90d9744bac">
A-32436341</a>
[<a href="https://android.googlesource.com/platform/hardware/qcom/audio/+/d72ea85c78a1a68bf99fd5804ad9784b4102fe57">2</a>]</td>
<td>Moderate</td>
<td>All</td>
<td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td>
<td>Oct 25, 2016</td>
</tr>
</table>
<h2 id="2017-01-05-details">2017-01-05 security patch level—Vulnerability
details</h2>
<p>
In the sections below, we provide details for each of the security
vulnerabilities listed in the
<a href="#2017-01-05-summary">2017-01-05
security patch level—Vulnerability summary</a> above. There is a description of
the issue, a severity rationale, and a table with the CVE, associated
references, severity, updated Google devices, updated AOSP versions (where
applicable), and date reported. When available, we will link the public change
that addressed the issue to the bug ID, like the AOSP change list. When multiple
changes relate to a single bug, additional references are linked to numbers
following the bug ID.</p>
<h3 id="eop-in-kernel-memory-subsystem">Elevation of privilege vulnerability in
kernel memory subsystem</h3>
<p>
An elevation of privilege vulnerability in the kernel memory subsystem could
enable a local malicious application to execute arbitrary code within the
context of the kernel. This issue is rated as Critical due to the possibility
of a local permanent device compromise, which may require reflashing the
operating system to repair the device.
</p>
<table>
<col width="19%">
<col width="20%">
<col width="10%">
<col width="23%">
<col width="17%">
<tr>
<th>CVE</th>
<th>References</th>
<th>Severity</th>
<th>Updated Google devices</th>
<th>Date reported</th>
</tr>
<tr>
<td>CVE-2015-3288</td>
<td>A-32460277<br>
<a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6b7339f4c31ad69c8e9c0b2859276e22cf72176d">
Upstream kernel</a></td>
<td>Critical</td>
<td>Nexus 5X, Nexus 6, Nexus 6P, Android One, Pixel C, Nexus Player, Pixel,
Pixel XL</td>
<td>Jul 9, 2015</td>
</tr>
</table>
<h3 id="eop-in-qualcomm-bootloader">Elevation of privilege vulnerability in
Qualcomm bootloader</h3>
<p>
An elevation of privilege vulnerability in the Qualcomm bootloader could enable
a local malicious application to execute arbitrary code within the context of
the kernel. This issue is rated as Critical due to the possibility of a local
permanent device compromise, which may require reflashing the operating system
to repair the device.
</p>
<table>
<col width="19%">
<col width="20%">
<col width="10%">
<col width="23%">
<col width="17%">
<tr>
<th>CVE</th>
<th>References</th>
<th>Severity</th>
<th>Updated Google devices</th>
<th>Date reported</th>
</tr>
<tr>
<td>CVE-2016-8422</td>
<td>A-31471220<br>
<a href="https://source.codeaurora.org/quic/la//kernel/lk/commit/?id=d6639f0a77f8ebfc1e05f3acdf12d5588e7e6213">
QC-CR#979426</a></td>
<td>Critical</td>
<td>Nexus 6, Nexus 6P, Pixel, Pixel XL</td>
<td>Jul 22, 2016</td>
</tr>
<tr>
<td>CVE-2016-8423</td>
<td>A-31399736<br>
<a href="https://source.codeaurora.org/quic/la//kernel/lk/commit/?id=98db6cc526fa1677da05d54785937540cdc84867">
QC-CR#1000546</a></td>
<td>Critical</td>
<td>Nexus 6P, Pixel, Pixel XL</td>
<td>Aug 24, 2016</td>
</tr>
</table>
<h3 id="eop-in-kernel-file-system">Elevation of privilege vulnerability in
kernel file system</h3>
<p>
An elevation of privilege vulnerability in the kernel file system could enable
a local malicious application to execute arbitrary code within the context of
the kernel. This issue is rated as Critical due to the possibility of a local
permanent device compromise, which may require reflashing the operating system
to repair the device.
</p>
<table>
<col width="19%">
<col width="20%">
<col width="10%">
<col width="23%">
<col width="17%">
<tr>
<th>CVE</th>
<th>References</th>
<th>Severity</th>
<th>Updated Google devices</th>
<th>Date reported</th>
</tr>
<tr>
<td>CVE-2015-5706</td>
<td>A-32289301<br>
<a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f15133df088ecadd141ea1907f2c96df67c729f0">
Upstream kernel</a></td>
<td>Critical</td>
<td>None*</td>
<td>Aug 1, 2016</td>
</tr>
</table>
<p>
* Supported Google devices on Android 7.0 or later that have installed all
available updates are not affected by this vulnerability.
</p>
<h3 id="eop-in-nvidia-gpu-driver">Elevation of privilege vulnerability in
NVIDIA GPU driver</h3>
<p>
An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a
local malicious application to execute arbitrary code within the context of the
kernel. This issue is rated as Critical due to the possibility of a local
permanent device compromise, which may require reflashing the operating system
to repair the device.
</p>
<table>
<col width="19%">
<col width="20%">
<col width="10%">
<col width="23%">
<col width="17%">
<tr>
<th>CVE</th>
<th>References</th>
<th>Severity</th>
<th>Updated Google devices</th>
<th>Date reported</th>
</tr>
<tr>
<td>CVE-2016-8424</td>
<td>A-31606947*<br>
N-CVE-2016-8424</td>
<td>Critical</td>
<td>Nexus 9</td>
<td>Sep 17, 2016</td>
</tr>
<tr>
<td>CVE-2016-8425</td>
<td>A-31797770*<br>
N-CVE-2016-8425</td>
<td>Critical</td>
<td>Nexus 9</td>
<td>Sep 28, 2016</td>
</tr>
<tr>
<td>CVE-2016-8426</td>
<td>A-31799206*<br>
N-CVE-2016-8426</td>
<td>Critical</td>
<td>Nexus 9</td>
<td>Sep 28, 2016</td>
</tr>
<tr>
<td>CVE-2016-8482</td>
<td>A-31799863*<br>
N-CVE-2016-8482</td>
<td>Critical</td>
<td>Nexus 9</td>
<td>Sep 28, 2016</td>
</tr>
<tr>
<td>CVE-2016-8427</td>
<td>A-31799885*<br>
N-CVE-2016-8427</td>
<td>Critical</td>
<td>Nexus 9</td>
<td>Sep 28, 2016</td>
</tr>
<tr>
<td>CVE-2016-8428</td>
<td>A-31993456*<br>
N-CVE-2016-8428</td>
<td>Critical</td>
<td>Nexus 9</td>
<td>Oct 6, 2016</td>
</tr>
<tr>
<td>CVE-2016-8429</td>
<td>A-32160775*<br>
N-CVE-2016-8429</td>
<td>Critical</td>
<td>Nexus 9</td>
<td>Oct 13, 2016</td>
</tr>
<tr>
<td>CVE-2016-8430</td>
<td>A-32225180*<br>
N-CVE-2016-8430</td>
<td>Critical</td>
<td>Nexus 9</td>
<td>Oct 17, 2016</td>
</tr>
<tr>
<td>CVE-2016-8431</td>
<td>A-32402179*<br>
N-CVE-2016-8431</td>
<td>Critical</td>
<td>Pixel C</td>
<td>Oct 25, 2016</td>
</tr>
<tr>
<td>CVE-2016-8432</td>
<td>A-32447738*<br>
N-CVE-2016-8432</td>
<td>Critical</td>
<td>Pixel C</td>
<td>Oct 26, 2016</td>
</tr>
</table>
<p>
* The patch for this issue is not publicly available. The update is contained
in the latest binary drivers for Nexus devices available from the <a
href="https://developers.google.com/android/nexus/drivers">Google Developer
site</a>.
</p>
<h3 id="eop-in-mediatek-driver">Elevation of privilege vulnerability in
MediaTek driver</h3>
<p>
An elevation of privilege vulnerability in the MediaTek driver could enable a
local malicious application to execute arbitrary code within the context of the
kernel. This issue is rated as Critical due to the possibility of a local
permanent device compromise, which may require reflashing the operating system
to repair the device.
</p>
<table>
<col width="19%">
<col width="20%">
<col width="10%">
<col width="23%">
<col width="17%">
<tr>
<th>CVE</th>
<th>References</th>
<th>Severity</th>
<th>Updated Google devices</th>
<th>Date reported</th>
</tr>
<tr>
<td>CVE-2016-8433</td>
<td>A-31750190*<br>
MT-ALPS02974192</td>
<td>Critical</td>
<td>None**</td>
<td>Sep 24, 2016</td>
</tr>
</table>
<p>
* The patch for this issue is not publicly available. The update is contained
in the latest binary drivers for Nexus devices available from the <a
href="https://developers.google.com/android/nexus/drivers">Google Developer
site</a>.
</p>
<p>
** Supported Google devices on Android 7.0 or later that have installed all
available updates are not affected by this vulnerability.
</p>
<h3 id="eop-in-qualcomm-gpu-driver">Elevation of privilege vulnerability in
Qualcomm GPU driver</h3>
<p>
An elevation of privilege vulnerability in the Qualcomm GPU driver could enable
a local malicious application to execute arbitrary code within the context of
the kernel. This issue is rated as Critical due to the possibility of a local
permanent device compromise, which may require reflashing the operating system
to repair the device.
</p>
<table>
<col width="19%">
<col width="20%">
<col width="10%">
<col width="23%">
<col width="17%">
<tr>
<th>CVE</th>
<th>References</th>
<th>Severity</th>
<th>Updated Google devices</th>
<th>Date reported</th>
</tr>
<tr>
<td>CVE-2016-8434</td>
<td>A-32125137<br>
<a href="https://source.codeaurora.org/quic/la/kernel/msm-3.14/commit/?id=3e3866a5fced40ccf9ca442675cf915961efe4d9">
QC-CR#1081855</a></td>
<td>Critical</td>
<td>Nexus 5X, Nexus 6, Nexus 6P, Android One</td>
<td>Oct 12, 2016</td>
</tr>
</table>
<h3 id="eop-in-nvidia-gpu-driver-2">Elevation of privilege vulnerability in
NVIDIA GPU driver</h3>
<p>
An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a
local malicious application to execute arbitrary code within the context of the
kernel. This issue is rated as Critical due to the possibility of a local
permanent device compromise, which may require reflashing the operating system
to repair the device.
</p>
<table>
<col width="19%">
<col width="20%">
<col width="10%">
<col width="23%">
<col width="17%">
<tr>
<th>CVE</th>
<th>References</th>
<th>Severity</th>
<th>Updated Google devices</th>
<th>Date reported</th>
</tr>
<tr>
<td>CVE-2016-8435</td>
<td>A-32700935*<br>
N-CVE-2016-8435</td>
<td>Critical</td>
<td>Pixel C</td>
<td>Nov 7, 2016</td>
</tr>
</table>
<p>
* The patch for this issue is not publicly available. The update is contained
in the latest binary drivers for Nexus devices available from the
<a href="https://developers.google.com/android/nexus/drivers">Google Developer
site</a>.
</p>
<h3 id="eop-in-qualcomm-video-driver">Elevation of privilege vulnerability in
Qualcomm video driver</h3>
<p>
An elevation of privilege vulnerability in the Qualcomm video driver could
enable a local malicious application to execute arbitrary code within the
context of the kernel. This issue is rated as Critical due to the possibility
of a local permanent device compromise, which may require reflashing the
operating system to repair the device.
</p>
<table>
<col width="19%">
<col width="20%">
<col width="10%">
<col width="23%">
<col width="17%">
<tr>
<th>CVE</th>
<th>References</th>
<th>Severity</th>
<th>Updated Google devices</th>
<th>Date reported</th>
</tr>
<tr>
<td>CVE-2016-8436</td>
<td>A-32450261<br>
<a href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=228e8d17b9f5d22cf9896ab8eff88dc6737c2ced">
QC-CR#1007860</a></td>
<td>Critical</td>
<td>None*</td>
<td>Oct 13, 2016</td>
</tr>
</table>
<p>
* Supported Google devices on Android 7.0 or later that have installed all
available updates are not affected by this vulnerability.
</p>
<h3 id="vulnerabilities-in-qualcomm-components">Vulnerabilities in Qualcomm
components</h3>
<p>
The following vulnerabilities affects Qualcomm components and are described in
further detail in Qualcomm AMSS November 2015, August 2016, September 2016, and
October 2016 security bulletins.
</p>
<table>
<col width="19%">
<col width="20%">
<col width="10%">
<col width="23%">
<col width="17%">
<tr>
<th>CVE</th>
<th>References</th>
<th>Severity*</th>
<th>Updated Google devices</th>
<th>Date reported</th>
</tr>
<tr>
<td>CVE-2016-8438</td>
<td>A-31624565**</td>
<td>Critical</td>
<td>None***</td>
<td>Qualcomm internal</td>
</tr>
<tr>
<td>CVE-2016-8442</td>
<td>A-31625910**</td>
<td>Critical</td>
<td>None***</td>
<td>Qualcomm internal</td>
</tr>
<tr>
<td>CVE-2016-8443</td>
<td>A-32576499**</td>
<td>Critical</td>
<td>None***</td>
<td>Qualcomm internal</td>
</tr>
<tr>
<td>CVE-2016-8437</td>
<td>A-31623057**</td>
<td>High</td>
<td>None***</td>
<td>Qualcomm internal</td>
</tr>
<tr>
<td>CVE-2016-8439</td>
<td>A-31625204**</td>
<td>High</td>
<td>None***</td>
<td>Qualcomm internal</td>
</tr>
<tr>
<td>CVE-2016-8440</td>
<td>A-31625306**</td>
<td>High</td>
<td>None***</td>
<td>Qualcomm internal</td>
</tr>
<tr>
<td>CVE-2016-8441</td>
<td>A-31625904**</td>
<td>High</td>
<td>None***</td>
<td>Qualcomm internal</td>
</tr>
<tr>
<td>CVE-2016-8398</td>
<td>A-31548486**</td>
<td>High</td>
<td>Nexus 5X, Nexus 6, Nexus 6P, Android One</td>
<td>Qualcomm internal</td>
</tr>
<tr>
<td>CVE-2016-8459</td>
<td>A-32577972**</td>
<td>High</td>
<td>None***</td>
<td>Qualcomm internal</td>
</tr>
<tr>
<td>CVE-2016-5080</td>
<td>A-31115235**</td>
<td>Moderate</td>
<td>Nexus 5X</td>
<td>Qualcomm internal</td>
</tr>
</table>
<p>
* The severity rating for these vulnerabilities was determined by the vendor.
</p>
<p>
* The patch for this issue is not publicly available. The update is contained
in the latest binary drivers for Nexus devices available from the
<a href="https://developers.google.com/android/nexus/drivers">Google Developer
site</a>.
</p>
<p>
*** Supported Google devices on Android 7.0 or later that have installed all
available updates are not affected by this vulnerability.
</p>
<h3 id="eop-in-qualcomm-camera">Elevation of privilege vulnerability in
Qualcomm camera</h3>
<p>
An elevation of privilege vulnerability in the Qualcomm camera could enable a
local malicious application to execute arbitrary code within the context of the
kernel. This issue is rated as High because it first requires compromising a
privileged process.
</p>
<table>
<col width="19%">
<col width="20%">
<col width="10%">
<col width="23%">
<col width="17%">
<tr>
<th>CVE</th>
<th>References</th>
<th>Severity</th>
<th>Updated Google devices</th>
<th>Date reported</th>
</tr>
<tr>
<td>CVE-2016-8412</td>
<td>A-31225246<br>
<a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=42a98c44669d92dafcf4d6336bdccaeb2db12786">
QC-CR#1071891</a></td>
<td>High</td>
<td>Nexus 5X, Nexus 6, Nexus 6P, Android One, Pixel, Pixel XL</td>
<td>Aug 26, 2016</td>
</tr>
<tr>
<td>CVE-2016-8444</td>
<td>A-31243641*<br>
QC-CR#1074310</td>
<td>High</td>
<td>Nexus 5X, Nexus 6, Nexus 6P</td>
<td>Aug 26, 2016</td>
</tr>
</table>
<p>
* The patch for this issue is not publicly available. The update is contained
in the latest binary drivers for Nexus devices available from the
<a href="https://developers.google.com/android/nexus/drivers">Google Developer
site</a>.
</p>
<h3 id="eop-in-mediatek-components">Elevation of privilege vulnerability in
MediaTek components</h3>
<p>
An elevation of privilege vulnerability in MediaTek components, including the
thermal driver and video driver, could enable a local malicious application to
execute arbitrary code within the context of the kernel. This issue is rated as
High because it first requires compromising a privileged process.
</p>
<table>
<col width="19%">
<col width="20%">
<col width="10%">
<col width="23%">
<col width="17%">
<tr>
<th>CVE</th>
<th>References</th>
<th>Severity</th>
<th>Updated Google devices</th>
<th>Date reported</th>
</tr>
<tr>
<td>CVE-2016-8445</td>
<td>A-31747590*<br>
MT-ALPS02968983</td>
<td>High</td>
<td>None**</td>
<td>Sep 25, 2016</td>
</tr>
<tr>
<td>CVE-2016-8446</td>
<td>A-31747749*<br>
MT-ALPS02968909</td>
<td>High</td>
<td>None**</td>
<td>Sep 25, 2016</td>
</tr>
<tr>
<td>CVE-2016-8447</td>
<td>A-31749463*<br>
MT-ALPS02968886</td>
<td>High</td>
<td>None**</td>
<td>Sep 25, 2016</td>
</tr>
<tr>
<td>CVE-2016-8448</td>
<td>A-31791148*<br>
MT-ALPS02982181</td>
<td>High</td>
<td>None**</td>
<td>Sep 28, 2016</td>
</tr>
</table>
<p>
* The patch for this issue is not publicly available. The update is contained
in the latest binary drivers for Nexus devices available from the
<a href="https://developers.google.com/android/nexus/drivers">Google Developer
site</a>.
</p>
<p>
** Supported Google devices on Android 7.0 or later that have installed all
available updates are not affected by this vulnerability.
</p>
<h3 id="eop-in-qualcomm-wi-fi-driver">Elevation of privilege vulnerability in
Qualcomm Wi-Fi driver</h3>
<p>
An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could
enable a local malicious application to execute arbitrary code within the
context of the kernel. This issue is rated as High because it first requires
compromising a privileged process.
</p>
<table>
<col width="19%">
<col width="20%">
<col width="10%">
<col width="23%">
<col width="17%">
<tr>
<th>CVE</th>
<th>References</th>
<th>Severity</th>
<th>Updated Google devices</th>
<th>Date reported</th>
</tr>
<tr>
<td>CVE-2016-8415</td>
<td>A-31750554<br>
<a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=188e12a816508b11771f362c852782ec9a6f9394">
QC-CR#1079596</a></td>
<td>High</td>
<td>Nexus 5X, Pixel, Pixel XL</td>
<td>Sep 26, 2016</td>
</tr>
</table>
<h3 id="eop-in-nvidia-gpu-driver-3">Elevation of privilege vulnerability in
NVIDIA GPU driver</h3>
<p>
An elevation of privilege vulnerability in the NVIDIA GPU driver could enable a
local malicious application to execute arbitrary code within the context of the
kernel. This issue is rated as High because it first requires compromising a
privileged process.
</p>
<table>
<col width="19%">
<col width="20%">
<col width="10%">
<col width="23%">
<col width="17%">
<tr>
<th>CVE</th>
<th>References</th>
<th>Severity</th>
<th>Updated Google devices</th>
<th>Date reported</th>
</tr>
<tr>
<td>CVE-2016-8449</td>
<td>A-31798848*<br>
N-CVE-2016-8449</td>
<td>High</td>
<td>Nexus 9</td>
<td>Sep 28, 2016</td>
</tr>
</table>
<p>
* The patch for this issue is not publicly available. The update is contained
in the latest binary drivers for Nexus devices available from the
<a href="https://developers.google.com/android/nexus/drivers">Google Developer
site</a>.
</p>
<h3 id="eop-in-qualcomm-sound-driver">Elevation of privilege vulnerability in
Qualcomm sound driver</h3>
<p>
An elevation of privilege vulnerability in the Qualcomm sound driver could
enable a local malicious application to execute arbitrary code within the
context of the kernel. This issue is rated as High because it first requires
compromising a privileged process.
</p>
<table>
<col width="19%">
<col width="20%">
<col width="10%">
<col width="23%">
<col width="17%">
<tr>
<th>CVE</th>
<th>References</th>
<th>Severity</th>
<th>Updated Google devices</th>
<th>Date reported</th>
</tr>
<tr>
<td>CVE-2016-8450</td>
<td>A-32450563<br>
<a href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=e909d159ad1998ada853ed35be27c7b6ba241bdb">
QC-CR#880388</a></td>
<td>High</td>
<td>Nexus 5X, Nexus 6, Nexus 6P, Android One</td>
<td>Oct 13, 2016</td>
</tr>
</table>
<h3 id="eop-in-synaptics-touchscreen-driver">Elevation of privilege
vulnerability in Synaptics touchscreen driver</h3>
<p>
An elevation of privilege vulnerability in the Synaptics touchscreen driver
could enable a local malicious application to execute arbitrary code within the
context of the kernel. This issue is rated as High because it first requires
compromising a privileged process.
</p>
<table>
<col width="19%">
<col width="20%">
<col width="10%">
<col width="23%">
<col width="17%">
<tr>
<th>CVE</th>
<th>References</th>
<th>Severity</th>
<th>Updated Google devices</th>
<th>Date reported</th>
</tr>
<tr>
<td>CVE-2016-8451</td>
<td>A-32178033*</td>
<td>High</td>
<td>None**</td>
<td>Oct 13, 2016</td>
</tr>
</table>
<p>
* The patch for this issue is not publicly available. The update is contained
in the latest binary drivers for Nexus devices available from the
<a href="https://developers.google.com/android/nexus/drivers">Google Developer
site</a>.
</p>
<p>
** Supported Google devices on Android 7.0 or later that have installed all
available updates are not affected by this vulnerability.
</p>
<h3 id="eop-in-kernel-security-subsystem">Elevation of privilege vulnerability
in kernel security subsystem</h3>
<p>
An elevation of privilege vulnerability in kernel security subsystem could
enable a local malicious application to execute arbitrary code within the
context of the kernel. This issue is rated as High because it first requires
compromising a privileged process.
</p>
<table>
<col width="19%">
<col width="20%">
<col width="10%">
<col width="23%">
<col width="17%">
<tr>
<th>CVE</th>
<th>References</th>
<th>Severity</th>
<th>Updated Google devices</th>
<th>Date reported</th>
</tr>
<tr>
<td>CVE-2016-7042</td>
<td>A-32178986<br>
<a href="http://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=03dab869b7b239c4e013ec82aea22e181e441cfc">
Upstream kernel</a></td>
<td>High</td>
<td>Pixel C</td>
<td>Oct 14, 2016</td>
</tr>
</table>
<h3 id="eop-in-kernel-performance-subsystem">Elevation of privilege
vulnerability in kernel performance subsystem</h3>
<p>
An elevation of privilege vulnerability in the kernel performance subsystem
could enable a local malicious application to execute arbitrary code within the
context of the kernel. This issue is rated as High because it first requires
compromising a privileged process.
</p>
<table>
<col width="19%">
<col width="20%">
<col width="10%">
<col width="23%">
<col width="17%">
<tr>
<th>CVE</th>
<th>References</th>
<th>Severity</th>
<th>Updated Google devices</th>
<th>Date reported</th>
</tr>
<tr>
<td>CVE-2017-0403</td>
<td>A-32402548*</td>
<td>High</td>
<td>Nexus 5X, Nexus 6, Nexus 6P, Nexus 9, Android One, Pixel C, Nexus
Player, Pixel, Pixel XL</td>
<td>Oct 25, 2016</td>
</tr>
</table>
<p>
* The patch for this issue is not publicly available. The update is contained
in the latest binary drivers for Nexus devices available from the
<a href="https://developers.google.com/android/nexus/drivers">Google Developer
site</a>.
</p>
<h3 id="eop-in-kernel-sound-subsystem">Elevation of privilege vulnerability in
kernel sound subsystem</h3>
<p>
An elevation of privilege vulnerability in the kernel sound subsystem could
enable a local malicious application to execute arbitrary code within the
context of the kernel. This issue is rated as High because it first requires
compromising a privileged process.
</p>
<table>
<col width="19%">
<col width="20%">
<col width="10%">
<col width="23%">
<col width="17%">
<tr>
<th>CVE</th>
<th>References</th>
<th>Severity</th>
<th>Updated Google devices</th>
<th>Date reported</th>
</tr>
<tr>
<td>CVE-2017-0404</td>
<td>A-32510733*</td>
<td>High</td>
<td>Nexus 5X, Nexus 6P, Nexus 9, Pixel C, Nexus Player, Pixel, Pixel
XL</td>
<td>Oct 27, 2016</td>
</tr>
</table>
<p>
* The patch for this issue is not publicly available. The update is contained
in the latest binary drivers for Nexus devices available from the
<a href="https://developers.google.com/android/nexus/drivers">Google Developer
site</a>.
</p>
<h3 id="eop-in-qualcomm-wi-fi-driver-2">Elevation of privilege vulnerability in
Qualcomm Wi-Fi driver</h3>
<p>
An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could
enable a local malicious application to execute arbitrary code within the
context of the kernel. This issue is rated as High because it first requires
compromising a privileged process.
</p>
<table>
<col width="19%">
<col width="20%">
<col width="10%">
<col width="23%">
<col width="17%">
<tr>
<th>CVE</th>
<th>References</th>
<th>Severity</th>
<th>Updated Google devices</th>
<th>Date reported</th>
</tr>
<tr>
<td>CVE-2016-8452</td>
<td>A-32506396<br>
<a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=39fa8e972fa1b10dc68a066f4f9432753d8a2526">
QC-CR#1050323</a></td>
<td>High</td>
<td>Nexus 5X, Android One, Pixel, Pixel XL</td>
<td>Oct 28, 2016</td>
</tr>
</table>
<h3 id="eop-in-qualcomm-radio-driver">Elevation of privilege vulnerability in
Qualcomm radio driver</h3>
<p>
An elevation of privilege vulnerability in the Qualcomm radio driver could
enable a local malicious application to execute arbitrary code within the
context of the kernel. This issue is rated as High because it first requires
compromising a privileged process.
</p>
<table>
<col width="19%">
<col width="20%">
<col width="10%">
<col width="23%">
<col width="17%">
<tr>
<th>CVE</th>
<th>References</th>
<th>Severity</th>
<th>Updated Google devices</th>
<th>Date reported</th>
</tr>
<tr>
<td>CVE-2016-5345</td>
<td>A-32639452<br>
<a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=67118716a2933f6f30a25ea7e3946569a8b191c6">
QC-CR#1079713</a></td>
<td>High</td>
<td>Android One</td>
<td>Nov 3, 2016</td>
</tr>
</table>
<h3 id="eop-in-kernel-profiling-subsystem">Elevation of privilege vulnerability
in kernel profiling subsystem</h3>
<p>
An elevation of privilege vulnerability in the kernel profiling subsystem could
enable a local malicious application to execute arbitrary code within the
context of the kernel. This issue is rated as High because it first requires
compromising a privileged process.
</p>
<table>
<col width="19%">
<col width="20%">
<col width="10%">
<col width="23%">
<col width="17%">
<tr>
<th>CVE</th>
<th>References</th>
<th>Severity</th>
<th>Updated Google devices</th>
<th>Date reported</th>
</tr>
<tr>
<td>CVE-2016-9754</td>
<td>A-32659848<br>
<a href="http://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=59643d1535eb220668692a5359de22545af579f6">
Upstream kernel</a></td>
<td>High</td>
<td>Nexus 5X, Nexus 6, Nexus 6P, Nexus 9, Android One, Pixel C, Nexus
Player</td>
<td>Nov 4, 2016</td>
</tr>
</table>
<h3 id="eop-in-broadcom-wi-fi-driver">Elevation of privilege vulnerability in
Broadcom Wi-Fi driver</h3>
<p>
An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could
enable a local malicious application to execute arbitrary code within the
context of the kernel. This issue is rated as High because it first requires
compromising a privileged process.
</p>
<table>
<col width="19%">
<col width="20%">
<col width="10%">
<col width="23%">
<col width="17%">
<tr>
<th>CVE</th>
<th>References</th>
<th>Severity</th>
<th>Updated Google devices</th>
<th>Date reported</th>
</tr>
<tr>
<td>CVE-2016-8453
</td>
<td>A-24739315*<br>
B-RB#73392</td>
<td>High</td>
<td>Nexus 6</td>
<td>Google internal</td>
</tr>
<tr>
<td>CVE-2016-8454</td>
<td>A-32174590*<br>
B-RB#107142</td>
<td>High</td>
<td>Nexus 6, Nexus 6P, Nexus 9, Pixel C, Nexus Player</td>
<td>Oct 14, 2016</td>
</tr>
<tr>
<td>CVE-2016-8455</td>
<td>A-32219121*<br>
B-RB#106311</td>
<td>High</td>
<td>Nexus 6P</td>
<td>Oct 15, 2016</td>
</tr>
<tr>
<td>CVE-2016-8456</td>
<td>A-32219255*<br>
B-RB#105580</td>
<td>High</td>
<td>Nexus 6, Nexus 6P, Nexus 9, Pixel C, Nexus Player</td>
<td>Oct 15, 2016</td>
</tr>
<tr>
<td>CVE-2016-8457</td>
<td>A-32219453*<br>
B-RB#106116</td>
<td>High</td>
<td>Nexus 6, Nexus 6P, Nexus 9, Pixel C</td>
<td>Oct 15, 2016</td>
</tr>
</table>
<p>
* The patch for this issue is not publicly available. The update is contained
in the latest binary drivers for Nexus devices available from the
<a href="https://developers.google.com/android/nexus/drivers">Google Developer
site</a>.
</p>
<h3 id="eop-in-synaptics-touchscreen-driver-2">Elevation of privilege
vulnerability in Synaptics touchscreen driver</h3>
<p>
An elevation of privilege vulnerability in the Synaptics touchscreen driver
could enable a local malicious application to execute arbitrary code within the
context of the kernel. This issue is rated as High because it first requires
compromising a privileged process.
</p>
<table>
<col width="19%">
<col width="20%">
<col width="10%">
<col width="23%">
<col width="17%">
<tr>
<th>CVE</th>
<th>References</th>
<th>Severity</th>
<th>Updated Google devices</th>
<th>Date reported</th>
</tr>
<tr>
<td>CVE-2016-8458</td>
<td>A-31968442*</td>
<td>High</td>
<td>Nexus 5X, Nexus 6P, Nexus 9, Android One, Pixel, Pixel XL</td>
<td>Google internal</td>
</tr>
</table>
<p>
* The patch for this issue is not publicly available. The update is contained
in the latest binary drivers for Nexus devices available from the
<a href="https://developers.google.com/android/nexus/drivers">Google Developer
site</a>.
</p>
<h3 id="id-in-nvidia-video-driver">Information disclosure vulnerability in
NVIDIA video driver</h3>
<p>
An information disclosure vulnerability in the NVIDIA video driver could enable
a local malicious application to access data outside of its permission levels.
This issue is rated as High because it could be used to access sensitive data
without explicit user permission.
</p>
<table>
<col width="19%">
<col width="20%">
<col width="10%">
<col width="23%">
<col width="17%">
<tr>
<th>CVE</th>
<th>References</th>
<th>Severity</th>
<th>Updated Google devices</th>
<th>Date reported</th>
</tr>
<tr>
<td>CVE-2016-8460</td>
<td>A-31668540*<br>
N-CVE-2016-8460</td>
<td>High</td>
<td>Nexus 9</td>
<td>Sep 21, 2016</td>
</tr>
</table>
<p>
* The patch for this issue is not publicly available. The update is contained
in the latest binary drivers for Nexus devices available from the
<a href="https://developers.google.com/android/nexus/drivers">Google Developer
site</a>.
</p>
<h3 id="id-in-bootloader">Information disclosure vulnerability in
bootloader</h3>
<p>
An information disclosure vulnerability in the bootloader could enable a local
attacker to access data outside of its permission level. This issue is rated as
High because it could be used to access sensitive data.
</p>
<table>
<col width="19%">
<col width="20%">
<col width="10%">
<col width="23%">
<col width="17%">
<tr>
<th>CVE</th>
<th>References</th>
<th>Severity</th>
<th>Updated Google devices</th>
<th>Date reported</th>
</tr>
<tr>
<td>CVE-2016-8461</td>
<td>A-32369621*</td>
<td>High</td>
<td>Nexus 9, Pixel, Pixel XL</td>
<td>Oct 21, 2016</td>
</tr>
<tr>
<td>CVE-2016-8462</td>
<td>A-32510383*</td>
<td>High</td>
<td>Pixel, Pixel XL</td>
<td>Oct 27, 2016</td>
</tr>
</table>
<p>
* The patch for this issue is not publicly available. The update is contained
in the latest binary drivers for Nexus devices available from the
<a href="https://developers.google.com/android/nexus/drivers">Google Developer
site</a>.
</p>
<h3 id="dos-in-qualcomm-fuse-file-system">Denial of service vulnerability in
Qualcomm FUSE file system</h3>
<p>
A denial of service vulnerability in the Qualcomm FUSE file system could enable
a remote attacker to use a specially crafted file to cause a device hang or
reboot. This issue is rated as High due to the possibility of remote denial of
service.
</p>
<table>
<col width="19%">
<col width="20%">
<col width="10%">
<col width="23%">
<col width="17%">
<tr>
<th>CVE</th>
<th>References</th>
<th>Severity</th>
<th>Updated Google devices</th>
<th>Date reported</th>
</tr>
<tr>
<td>CVE-2016-8463</td>
<td>A-30786860<br>
<a href="https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=cd0fa86de6ca1d40c0a93d86d1c0f7846e8a9a10">
QC-CR#586855</a></td>
<td>High</td>
<td>None*</td>
<td>Jan 03, 2014</td>
</tr>
</table>
<p>
* Supported Google devices on Android 7.0 or later that have installed all
available updates are not affected by this vulnerability.
</p>
<h3 id="dos-in-bootloader">Denial of service vulnerability in bootloader</h3>
<p>
A denial of service vulnerability in the bootloader could enable an attacker to
cause a local permanent denial of service, which may require reflashing the
operating system to repair the device. This issue is rated as High due to the
possibility of local permanent denial of service.
</p>
<table>
<col width="19%">
<col width="20%">
<col width="10%">
<col width="23%">
<col width="17%">
<tr>
<th>CVE</th>
<th>References</th>
<th>Severity</th>
<th>Updated Google devices</th>
<th>Date reported</th>
</tr>
<tr>
<td>CVE-2016-8467</td>
<td>A-30308784*</td>
<td>High</td>
<td>Nexus 6, Nexus 6P</td>
<td>Jun 29, 2016</td>
</tr>
</table>
<p>
* The patch for this issue is not publicly available. The update is contained
in the latest binary drivers for Nexus devices available from the
<a href="https://developers.google.com/android/nexus/drivers">Google Developer
site</a>.
</p>
<h3 id="eop-in-broadcom-wi-fi-driver-2">Elevation of privilege vulnerability in
Broadcom Wi-Fi driver</h3>
<p>
An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could
enable a local malicious application to execute arbitrary code within the
context of the kernel. This issue is rated as Moderate because it first
requires compromising a privileged process and is mitigated by current platform
configurations.
</p>
<table>
<col width="19%">
<col width="20%">
<col width="10%">
<col width="23%">
<col width="17%">
<tr>
<th>CVE</th>
<th>References</th>
<th>Severity</th>
<th>Updated Google devices</th>
<th>Date reported</th>
</tr>
<tr>
<td>CVE-2016-8464</td>
<td>A-29000183*<br>
B-RB#106314</td>
<td>Moderate</td>
<td>Nexus 6, Nexus 6P, Nexus 9, Pixel C, Nexus Player</td>
<td>May 26, 2016</td>
</tr>
<tr>
<td>CVE-2016-8466</td>
<td>A-31822524*<br>
B-RB#105268</td>
<td>Moderate</td>
<td>Nexus 6, Nexus 6P, Nexus 9, Pixel C, Nexus Player</td>
<td>Sep 28, 2016</td>
</tr>
<tr>
<td>CVE-2016-8465</td>
<td>A-32474971*<br>
B-RB#106053</td>
<td>Moderate</td>
<td>Nexus 6, Nexus 6P, Nexus 9, Pixel C, Nexus Player</td>
<td>Oct 27, 2016</td>
</tr>
</table>
<p>
* The patch for this issue is not publicly available. The update is contained
in the latest binary drivers for Nexus devices available from the
<a href="https://developers.google.com/android/nexus/drivers">Google Developer
site</a>.
</p>
<h3 id="eop-in-binder">Elevation of privilege vulnerability in Binder</h3>
<p>
An elevation of privilege vulnerability in Binder could enable a local
malicious application to execute arbitrary code within the context of a
privileged process. This issue is rated as Moderate because it first requires
compromising a privileged process and is mitigated by current platform
configurations.
</p>
<table>
<col width="19%">
<col width="20%">
<col width="10%">
<col width="23%">
<col width="17%">
<tr>
<th>CVE</th>
<th>References</th>
<th>Severity</th>
<th>Updated Google devices</th>
<th>Date reported</th>
</tr>
<tr>
<td>CVE-2016-8468</td>
<td>A-32394425*</td>
<td>Moderate</td>
<td>Pixel C, Pixel, Pixel XL</td>
<td>Google internal</td>
</tr>
</table>
<p>
* The patch for this issue is not publicly available. The update is contained
in the latest binary drivers for Nexus devices available from the
<a href="https://developers.google.com/android/nexus/drivers">Google Developer
site</a>.
</p>
<h3 id="id-in-nvidia-camera-driver">Information disclosure vulnerability in
NVIDIA camera driver</h3>
<p>
An information disclosure vulnerability in the camera driver could enable a
local malicious application to access data outside of its permission levels.
This issue is rated as Moderate because it first requires compromising a
privileged process.
</p>
<table>
<col width="19%">
<col width="20%">
<col width="10%">
<col width="23%">
<col width="17%">
<tr>
<th>CVE</th>
<th>References</th>
<th>Severity</th>
<th>Updated Google devices</th>
<th>Date reported</th>
</tr>
<tr>
<td>CVE-2016-8469</td>
<td>A-31351206*<br>
N-CVE-2016-8469</td>
<td>Moderate</td>
<td>Nexus 9</td>
<td>Sep 7, 2016</td>
</tr>
</table>
<p>
* The patch for this issue is not publicly available. The update is contained
in the latest binary drivers for Nexus devices available from the
<a href="https://developers.google.com/android/nexus/drivers">Google Developer
site</a>.
</p>
<h3 id="id-in-mediatek-driver">Information disclosure vulnerability in MediaTek
driver</h3>
<p>
An information disclosure vulnerability in the MediaTek driver could enable a
local malicious application to access data outside of its permission levels.
This issue is rated as Moderate because it first requires compromising a
privileged process.
</p>
<table>
<col width="19%">
<col width="20%">
<col width="10%">
<col width="23%">
<col width="17%">
<tr>
<th>CVE</th>
<th>References</th>
<th>Severity</th>
<th>Updated Google devices</th>
<th>Date reported</th>
</tr>
<tr>
<td>CVE-2016-8470</td>
<td>A-31528889*<br>
MT-ALPS02961395</td>
<td>Moderate</td>
<td>None**</td>
<td>Sep 15, 2016</td>
</tr>
<tr>
<td>CVE-2016-8471</td>
<td>A-31528890*<br>
MT-ALPS02961380</td>
<td>Moderate</td>
<td>None**</td>
<td>Sep 15, 2016</td>
</tr>
<tr>
<td>CVE-2016-8472</td>
<td>A-31531758*<br>
MT-ALPS02961384</td>
<td>Moderate</td>
<td>None**</td>
<td>Sep 15, 2016</td>
</tr>
</table>
<p>
* The patch for this issue is not publicly available. The update is contained
in the latest binary drivers for Nexus devices available from the
<a href="https://developers.google.com/android/nexus/drivers">Google Developer
site</a>.
</p>
<p>
** Supported Google devices on Android 7.0 or later that have installed all
available updates are not affected by this vulnerability.
</p>
<h3 id="id-in-stmicroelectronics-driver">Information disclosure vulnerability
in STMicroelectronics driver</h3>
<p>
An information disclosure vulnerability in the STMicroelectronics driver could
enable a local malicious application to access data outside of its permission
levels. This issue is rated as Moderate because it first requires compromising
a privileged process.
</p>
<table>
<col width="19%">
<col width="20%">
<col width="10%">
<col width="23%">
<col width="17%">
<tr>
<th>CVE</th>
<th>References</th>
<th>Severity</th>
<th>Updated Google devices</th>
<th>Date reported</th>
</tr>
<tr>
<td>CVE-2016-8473</td>
<td>A-31795790*</td>
<td>Moderate</td>
<td>Nexus 5X, Nexus 6P</td>
<td>Sep 28, 2016</td>
</tr>
<tr>
<td>CVE-2016-8474</td>
<td>A-31799972*</td>
<td>Moderate</td>
<td>Nexus 5X, Nexus 6P</td>
<td>Sep 28, 2016</td>
</tr>
</table>
<p>
* The patch for this issue is not publicly available. The update is contained
in the latest binary drivers for Nexus devices available from the
<a href="https://developers.google.com/android/nexus/drivers">Google Developer
site</a>.
</p>
<h3 id="id-in-qualcomm-audio-post-processor-">Information disclosure
vulnerability in Qualcomm audio post processor </h3>
<p>
An information disclosure vulnerability in the Qualcomm audio post processor
could enable a local malicious application to access data outside of its
permission levels. This issue is rated as Moderate because it could be used to
access sensitive data without permission.
</p>
<table>
<col width="18%">
<col width="17%">
<col width="10%">
<col width="19%">
<col width="18%">
<col width="17%">
<tr>
<th>CVE</th>
<th>References</th>
<th>Severity</th>
<th>Updated Google devices</th>
<th>Updated AOSP versions</th>
<th>Date reported</th>
</tr>
<tr>
<td>CVE-2017-0399
</td>
<td><a href="https://android.googlesource.com/platform/frameworks/av/+/c66c43ad571ed2590dcd55a762c73c90d9744bac">
A-32588756</a>
[<a href="https://android.googlesource.com/platform/hardware/qcom/audio/+/d72ea85c78a1a68bf99fd5804ad9784b4102fe57">2</a>]</td>
<td>Moderate</td>
<td>All</td>
<td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td>
<td>Oct 18, 2016</td>
</tr>
<tr>
<td>CVE-2017-0400</td>
<td><a href="https://android.googlesource.com/platform/frameworks/av/+/c66c43ad571ed2590dcd55a762c73c90d9744bac">
A-32438598</a>
[<a href="https://android.googlesource.com/platform/hardware/qcom/audio/+/d72ea85c78a1a68bf99fd5804ad9784b4102fe57">2</a>]
</td>
<td>Moderate</td>
<td>All</td>
<td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td>
<td>Oct 25, 2016</td>
</tr>
<tr>
<td>CVE-2017-0401</td>
<td><a href="https://android.googlesource.com/platform/hardware/qcom/audio/+/ed79f2cc961d7d35fdbbafdd235c1436bcd74358">
A-32588016</a>
</td>
<td>Moderate</td>
<td>All</td>
<td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td>
<td>Oct 26, 2016</td>
</tr>
<tr>
<td>CVE-2017-0402</td>
<td><a href="https://android.googlesource.com/platform/frameworks/av/+/c66c43ad571ed2590dcd55a762c73c90d9744bac">
A-32588352</a>
[<a href="https://android.googlesource.com/platform/hardware/qcom/audio/+/d72ea85c78a1a68bf99fd5804ad9784b4102fe57">2</a>]
</td>
<td>Moderate</td>
<td>All</td>
<td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td>
<td>Oct 25, 2016</td>
</tr>
</table>
<h3 id="id-in-htc-input-driver">Information disclosure vulnerability in HTC
input driver</h3>
<p>
An information disclosure vulnerability in the HTC input driver could enable a
local malicious application to access data outside of its permission levels.
This issue is rated as Moderate because it first requires compromising a
privileged process.
</p>
<table>
<col width="19%">
<col width="20%">
<col width="10%">
<col width="23%">
<col width="17%">
<tr>
<th>CVE</th>
<th>References</th>
<th>Severity</th>
<th>Updated Google devices</th>
<th>Date reported</th>
</tr>
<tr>
<td>CVE-2016-8475</td>
<td>A-32591129*</td>
<td>Moderate</td>
<td>Pixel, Pixel XL</td>
<td>Oct 30, 2016</td>
</tr>
</table>
<p>
* The patch for this issue is not publicly available. The update is contained
in the latest binary drivers for Nexus devices available from the
<a href="https://developers.google.com/android/nexus/drivers">Google Developer
site</a>.
</p>
<h3 id="dos-in-kernel-file-system">Denial of service vulnerability in kernel
file system</h3>
<p>
A denial of service vulnerability in the kernel file system could enable a
local malicious application to cause a device hang or reboot. This issue is
rated as Moderate because it is a temporary denial of service that requires a
factory reset to fix.
</p>
<table>
<col width="19%">
<col width="20%">
<col width="10%">
<col width="23%">
<col width="17%">
<tr>
<th>CVE</th>
<th>References</th>
<th>Severity</th>
<th>Updated Google devices</th>
<th>Date reported</th>
</tr>
<tr>
<td>CVE-2014-9420</td>
<td>A-32477499<br>
<a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f54e18f1b831c92f6512d2eedb224cd63d607d3d">
Upstream kernel</a></td>
<td>Moderate</td>
<td>Pixel C</td>
<td>Dec 25, 2014</td>
</tr>
</table>
<h2 id="common-questions-and-answers">Common Questions and Answers</h2>
<p>This section answers common questions that may occur after reading this
bulletin.</p>
<p><strong>1. How do I determine if my device is updated to address these issues?
</strong></p>
<p>To learn how to check a device's security patch level, read the instructions on
the <a
href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">Pixel
and Nexus update schedule</a>.</p>
<ul>
<li>Security patch levels of 2017-01-01 or later address all issues associated
with the 2017-01-01 security patch level.</li>
<li>Security patch levels of 2017-01-05 or later address all issues associated
with the 2017-01-05 security patch level and all previous patch levels.</li>
</ul>
<p>Device manufacturers that include these updates should set the patch string
level to:</p>
<ul>
<li>[ro.build.version.security_patch]:[2017-01-01]</li>
<li>[ro.build.version.security_patch]:[2017-01-05]</li>
</ul>
<p><strong>2. Why does this bulletin have two security patch levels?</strong></p>
<p>This bulletin has two security patch levels so that Android partners have the
flexibility to fix a subset of vulnerabilities that are similar across all
Android devices more quickly. Android partners are encouraged to fix all issues
in this bulletin and use the latest security patch level.</p>
<ul>
<li>Devices that use the January 1, 2017 security patch level must include all
issues associated with that security patch level, as well as fixes for all
issues reported in previous security bulletins.</li>
<li>Devices that use the security patch level of January 5, 2017 or newer must
include all applicable patches in this (and previous) security
bulletins.</li>
</ul>
<p>Partners are encouraged to bundle the fixes for all issues they are addressing
in a single update.</p>
<p><strong>3. How do I determine which Google devices are affected by each
issue?</strong></p>
<p>In the <a href="#2017-01-01-details">2017-01-01</a> and
<a href="#2017-01-05-details">2017-01-05</a>
security vulnerability details sections, each table has an <em>Updated Google
devices</em> column that covers the range of affected Google devices updated for
each issue. This column has a few options:</p>
<ul>
<li><strong>All Google devices</strong>: If an issue affects All and Pixel
devices, the table will have "All" in the <em>Updated Google devices</em>
column. "All" encapsulates the following <a
href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">supported
devices</a>: Nexus 5X, Nexus 6, Nexus 6P, Nexus 7 (2013), Nexus 9, Android One,
Nexus Player, Pixel C, Pixel, and Pixel XL.</li>
<li><strong>Some Google devices</strong>: If an issue doesn't affect all Google
devices, the affected Google devices are listed in the <em>Updated Google
devices</em> column.</li>
<li><strong>No Google devices</strong>: If no Google devices running the
latest available version of Android are affected by the issue, the table
will have "None" in the <em>Updated Google devices</em> column.</li>
</ul>
<p><strong>4. What do the entries in the references column map to?</strong></p>
<p>Entries under the <em>References</em> column of the vulnerability details table
may contain a prefix identifying the organization to which the reference value
belongs. These prefixes map as follows:</p>
<table>
<tr>
<th>Prefix</th>
<th>Reference</th>
</tr>
<tr>
<td>A-</td>
<td>Android bug ID</td>
</tr>
<tr>
<td>QC-</td>
<td>Qualcomm reference number</td>
</tr>
<tr>
<td>M-</td>
<td>MediaTek reference number</td>
</tr>
<tr>
<td>N-</td>
<td>NVIDIA reference number</td>
</tr>
<tr>
<td>B-</td>
<td>Broadcom reference number</td>
</tr>
</table>
<h2 id="revisions">Revisions</h2>
<ul>
<li>January 03, 2017: Bulletin published.</li>
<li>January 04, 2017: Bulletin revised to include AOSP links.</li>
<li>January 05, 2017: Clarified AOSP version number from 7.1 to 7.1.1.</li>
<li>January 12, 2017: Removed duplicate entry for CVE-2016-8467.</li>
<li>January 24, 2017: Updated description and severity for CVE-2017-0381.</li>
<li>February 2, 2017: Updated CVE-2017-0389 with additional patch link.</li>
</ul>