Merge "Docs: Publish April 2017 security bulletin"
am: 4ac4638d43
Change-Id: I5eea1039af24cc3e2eebdd73f20a2afa618bb8e3
diff --git a/src/security/bulletin/2017-04-01.jd b/src/security/bulletin/2017-04-01.jd
new file mode 100644
index 0000000..17f4593
--- /dev/null
+++ b/src/security/bulletin/2017-04-01.jd
@@ -0,0 +1,3090 @@
+page.title=Android Security Bulletin—April 2017
+@jd:body
+
+ <!--
+ Copyright 2017 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+ -->
+<p><em>Published April 03, 2017</em></p>
+<p>The Android Security Bulletin contains details of security vulnerabilities
+affecting Android devices. Alongside the bulletin, we have released a security
+update to Nexus devices through an over-the-air (OTA) update. The Google device
+firmware images have also been released to the <a
+href="https://developers.google.com/android/nexus/images">Google Developer
+site</a>. Security patch levels of April 05, 2017 or later address all of these
+issues. Refer to the <a
+href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">Pixel
+and Nexus update schedule</a> to learn how to check a device's security patch
+level.</p>
+<p>Partners were notified of the issues described in the bulletin on March 06, 2017
+or earlier. Source code patches for these issues will be released to the Android
+Open Source Project (AOSP) repository in the next 48 hours. We will revise this
+bulletin with the AOSP links when they are available.</p>
+<p>The most severe of these issues is a Critical security vulnerability that could
+enable remote code execution on an affected device through multiple methods such
+as email, web browsing, and MMS when processing media files.</p>
+<p>We have had no reports of active customer exploitation or abuse of these newly
+reported issues. Refer to the <a href="#mitigations">Android and Google service
+mitigations</a> section for details on the <a
+href="/security/enhancements/index.html">Android
+security platform protections</a> and service protections such as <a
+href="https://developer.android.com/training/safetynet/index.html">SafetyNet</a>,
+which improve the security of the Android platform.</p>
+<p>We encourage all customers to accept these updates to their devices.</p>
+
+<h2 id="announcements">Announcements</h2>
+<ul>
+<li>This bulletin has two security patch level strings to provide Android
+partners with the flexibility to more quickly fix a subset of vulnerabilities
+that are similar across all Android devices. See <a
+href="#common-questions-and-answers">Common questions and answers</a> for
+additional information:
+ <ul>
+ <li><strong>2017-04-01</strong>: Partial security patch level string. This
+ security patch level string indicates that all issues associated with 2017-04-01
+ (and all previous security patch level strings) are addressed.</li>
+ <li><strong>2017-04-05</strong>: Complete security patch level string. This
+ security patch level string indicates that all issues associated with 2017-04-01
+ and 2017-04-05 (and all previous security patch level strings) are addressed.</li>
+ </ul>
+</li>
+<li>Supported Google devices will receive a single OTA update with the April 05,
+2017 security patch level.</li>
+</ul>
+
+<h2 id="security-vulnerability-summary">Security Vulnerability Summary</h2>
+<p>The tables below contains a list of security vulnerabilities, the Common
+Vulnerability and Exposures ID (CVE), the assessed severity, and whether or not
+Google devices are affected. The
+<a href="/security/overview/updates-resources.html#severity">severity
+assessment</a> is based on the effect that exploiting the vulnerability would
+possibly have on an affected device, assuming the platform and service
+mitigations are disabled for development purposes or if successfully bypassed.</p>
+
+<h3 id="2017-04-01-summary">2017-04-01 security patch level—Vulnerability summary</h3>
+<p>Security patch levels of 2017-04-01 or later must address the following issues.</p>
+<table>
+ <col width="55%">
+ <col width="20%">
+ <col width="13%">
+ <col width="12%">
+ <tr>
+ <th>Issue</th>
+ <th>CVE</th>
+ <th>Severity</th>
+ <th>Affects Google devices?</th>
+ </tr>
+ <tr>
+ <td>Remote code execution vulnerability in Mediaserver</td>
+ <td>CVE-2017-0538, CVE-2017-0539, CVE-2017-0540, CVE-2017-0541,
+CVE-2017-0542, CVE-2017-0543</td>
+ <td>Critical</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of privilege vulnerability in CameraBase</td>
+ <td>CVE-2017-0544</td>
+ <td>High</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of privilege vulnerability in Audioserver</td>
+ <td>CVE-2017-0545</td>
+ <td>High</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of privilege vulnerability in SurfaceFlinger</td>
+ <td>CVE-2017-0546</td>
+ <td>High</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Information disclosure vulnerability in Mediaserver</td>
+ <td>CVE-2017-0547</td>
+ <td>High</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Denial of service vulnerability in libskia</td>
+ <td>CVE-2017-0548</td>
+ <td>High</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Denial of service vulnerability in Mediaserver</td>
+ <td>CVE-2017-0549, CVE-2017-0550, CVE-2017-0551, CVE-2017-0552</td>
+ <td>High</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of privilege vulnerability in libnl</td>
+ <td>CVE-2017-0553</td>
+ <td>Moderate</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of privilege vulnerability in Telephony</td>
+ <td>CVE-2017-0554</td>
+ <td>Moderate</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Information disclosure vulnerability in Mediaserver</td>
+ <td>CVE-2017-0555, CVE-2017-0556, CVE-2017-0557, CVE-2017-0558</td>
+ <td>Moderate</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Information disclosure vulnerability in libskia</td>
+ <td>CVE-2017-0559</td>
+ <td>Moderate</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Information disclosure vulnerability in Factory Reset</td>
+ <td>CVE-2017-0560</td>
+ <td>Moderate</td>
+ <td>Yes</td>
+ </tr>
+</table>
+
+<h3 id="2017-04-05-summary">2017-04-05 security patch level—Vulnerability summary</h3>
+<p>Security patch levels of 2017-04-05 or later must address all of the 2017-04-01
+issues, as well as the following issues.</p>
+<table>
+ <col width="55%">
+ <col width="20%">
+ <col width="13%">
+ <col width="12%">
+ <tr>
+ <th>Issue</th>
+ <th>CVE</th>
+ <th>Severity</th>
+ <th>Affects Google devices?</th>
+ </tr>
+ <tr>
+ <td>Remote code execution vulnerability in Broadcom Wi-Fi firmware</td>
+ <td>CVE-2017-0561</td>
+ <td>Critical</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Remote code execution vulnerability in Qualcomm crypto engine driver</td>
+ <td>CVE-2016-10230</td>
+ <td>Critical</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Remote code execution vulnerability in kernel networking subsystem</td>
+ <td>CVE-2016-10229</td>
+ <td>Critical</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of privilege vulnerability in MediaTek touchscreen driver</td>
+ <td>CVE-2017-0562</td>
+ <td>Critical</td>
+ <td>No*</td>
+ </tr>
+ <tr>
+ <td>Elevation of privilege vulnerability in HTC touchscreen driver</td>
+ <td>CVE-2017-0563</td>
+ <td>Critical</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of privilege vulnerability in kernel ION subsystem</td>
+ <td>CVE-2017-0564</td>
+ <td>Critical</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Vulnerabilities in Qualcomm components</td>
+ <td>CVE-2016-10237, CVE-2016-10238, CVE-2016-10239</td>
+ <td>Critical</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Remote code execution vulnerability in v8</td>
+ <td>CVE-2016-5129</td>
+ <td>High</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Remote code execution vulnerability in Freetype</td>
+ <td>CVE-2016-10244</td>
+ <td>High</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of privilege vulnerability in kernel sound subsystem</td>
+ <td>CVE-2014-4656</td>
+ <td>High</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of privilege vulnerability in NVIDIA crypto driver</td>
+ <td>CVE-2017-0339, CVE-2017-0332, CVE-2017-0327</td>
+ <td>High</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of privilege vulnerability in MediaTek thermal driver</td>
+ <td>CVE-2017-0565</td>
+ <td>High</td>
+ <td>No*</td>
+ </tr>
+ <tr>
+ <td>Elevation of privilege vulnerability in MediaTek camera driver</td>
+ <td>CVE-2017-0566</td>
+ <td>High</td>
+ <td>No*</td>
+ </tr>
+ <tr>
+ <td>Elevation of privilege vulnerability in Broadcom Wi-Fi driver</td>
+ <td>CVE-2017-0567, CVE-2017-0568, CVE-2017-0569, CVE-2017-0570,
+CVE-2017-0571, CVE-2017-0572, CVE-2017-0573, CVE-2017-0574</td>
+ <td>High</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of privilege vulnerability in Qualcomm Wi-Fi driver</td>
+ <td>CVE-2017-0575</td>
+ <td>High</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of privilege vulnerability in NVIDIA I2C HID driver</td>
+ <td>CVE-2017-0325</td>
+ <td>High</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of privilege vulnerability in Qualcomm audio driver</td>
+ <td>CVE-2017-0454</td>
+ <td>High</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of privilege vulnerability in Qualcomm crypto engine driver</td>
+ <td>CVE-2017-0576</td>
+ <td>High</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of privilege vulnerability in HTC touchscreen driver</td>
+ <td>CVE-2017-0577</td>
+ <td>High</td>
+ <td>No*</td>
+ </tr>
+ <tr>
+ <td>Elevation of privilege vulnerability in DTS sound driver</td>
+ <td>CVE-2017-0578</td>
+ <td>High</td>
+ <td>No*</td>
+ </tr>
+ <tr>
+ <td>Elevation of privilege vulnerability in Qualcomm sound codec driver</td>
+ <td>CVE-2016-10231</td>
+ <td>High</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of privilege vulnerability in Qualcomm video driver</td>
+ <td>CVE-2017-0579, CVE-2016-10232, CVE-2016-10233</td>
+ <td>High</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of privilege vulnerability in NVIDIA boot and power management
+processor driver</td>
+ <td>CVE-2017-0329</td>
+ <td>High</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of privilege vulnerability in Synaptics touchscreen driver</td>
+ <td>CVE-2017-0580, CVE-2017-0581</td>
+ <td>High</td>
+ <td>No*</td>
+ </tr>
+ <tr>
+ <td>Elevation of privilege vulnerability in Qualcomm Seemp driver</td>
+ <td>CVE-2017-0462</td>
+ <td>High</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of privilege vulnerability in Qualcomm Kyro L2 driver</td>
+ <td>CVE-2017-6423</td>
+ <td>High</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of privilege vulnerability in kernel file system</td>
+ <td>CVE-2014-9922</td>
+ <td>High</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Information disclosure vulnerability in kernel memory subsystem</td>
+ <td>CVE-2014-0206</td>
+ <td>High</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Information disclosure vulnerability in kernel networking subsystem</td>
+ <td>CVE-2014-3145</td>
+ <td>High</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Information disclosure vulnerability in Qualcomm TrustZone</td>
+ <td>CVE-2016-5349</td>
+ <td>High</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Information disclosure vulnerability in Qualcomm IPA driver</td>
+ <td>CVE-2016-10234</td>
+ <td>High</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Denial of service vulnerability in kernel networking subsystem</td>
+ <td>CVE-2014-2706</td>
+ <td>High</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Denial of service vulnerability in Qualcomm Wi-Fi driver</td>
+ <td>CVE-2016-10235</td>
+ <td>High</td>
+ <td>No*</td>
+ </tr>
+ <tr>
+ <td>Elevation of privilege vulnerability in kernel file system</td>
+ <td>CVE-2016-7097</td>
+ <td>Moderate</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of privilege vulnerability in Qualcomm Wi-Fi driver</td>
+ <td>CVE-2017-6424</td>
+ <td>Moderate</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of privilege vulnerability in Broadcom Wi-Fi driver</td>
+ <td>CVE-2016-8465</td>
+ <td>Moderate</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of privilege vulnerability in HTC OEM fastboot command</td>
+ <td>CVE-2017-0582</td>
+ <td>Moderate</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of privilege vulnerability in Qualcomm CP access driver</td>
+ <td>CVE-2017-0583</td>
+ <td>Moderate</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Information disclosure vulnerability in kernel media driver</td>
+ <td>CVE-2014-1739</td>
+ <td>Moderate</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Information disclosure vulnerability in Qualcomm Wi-Fi driver</td>
+ <td>CVE-2017-0584</td>
+ <td>Moderate</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Information disclosure vulnerability in Broadcom Wi-Fi driver</td>
+ <td>CVE-2017-0585</td>
+ <td>Moderate</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Information disclosure vulnerability in Qualcomm Avtimer driver</td>
+ <td>CVE-2016-5346</td>
+ <td>Moderate</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Information disclosure vulnerability in Qualcomm video driver</td>
+ <td>CVE-2017-6425</td>
+ <td>Moderate</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Information disclosure vulnerability in Qualcomm USB driver</td>
+ <td>CVE-2016-10236</td>
+ <td>Moderate</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Information disclosure vulnerability in Qualcomm sound driver</td>
+ <td>CVE-2017-0586</td>
+ <td>Moderate</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Information disclosure vulnerability in Qualcomm SPMI driver</td>
+ <td>CVE-2017-6426</td>
+ <td>Moderate</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Information disclosure vulnerability in NVIDIA crypto driver</td>
+ <td>CVE-2017-0328, CVE-2017-0330</td>
+ <td>Moderate</td>
+ <td>No*</td>
+ </tr>
+ <tr>
+ <td>Vulnerabilities in Qualcomm components**</td>
+ <td>CVE-2014-9931, CVE-2014-9932, CVE-2014-9933, CVE-2014-9934,
+CVE-2014-9935, CVE-2014-9936, CVE-2014-9937, CVE-2015-8995, CVE-2015-8996,
+CVE-2015-8997, CVE-2015-8998, CVE-2015-8999, CVE-2015-9000, CVE-2015-9001,
+CVE-2015-9002, CVE-2015-9003, CVE-2016-8489</td>
+ <td>Critical</td>
+ <td>No*</td>
+ </tr>
+</table>
+<p>* Supported Google devices on Android 7.0 or later that have installed all
+available updates are not affected by this vulnerability.</p>
+<p>** These vulnerabilities affecting Qualcomm components were released by
+Qualcomm to their partners as part of Qualcomm AMSS security bulletins
+between 2014–2016.</p>
+
+<h2 id="mitigations">Android and Google Service Mitigations</h2>
+<p>This is a summary of the mitigations provided by the <a
+href="/security/enhancements/index.html">Android
+security platform</a> and service protections such as SafetyNet. These
+capabilities reduce the likelihood that security vulnerabilities could be
+successfully exploited on Android.</p>
+<ul>
+ <li>Exploitation for many issues on Android is made more difficult by
+ enhancements in newer versions of the Android platform. We encourage all users
+ to update to the latest version of Android where possible.</li>
+ <li>The Android Security team actively monitors for abuse with <a
+ href="http://static.googleusercontent.com/media/source.android.com/en//security/reports/Google_Android_Security_2016_Report_Final.pdf">Verify
+ Apps and SafetyNet</a>, which are designed to warn users about <a
+ href="http://static.googleusercontent.com/media/source.android.com/en//security/reports/Google_Android_Security_PHA_classifications.pdf">Potentially
+ Harmful Applications</a>. Verify Apps is enabled by default on devices with <a
+ href="http://www.android.com/gms">Google Mobile Services</a> and is especially
+ important for users who install applications from outside of Google Play. Device
+ rooting tools are prohibited within Google Play, but Verify Apps warns users
+ when they attempt to install a detected rooting application—no matter where it
+ comes from. Additionally, Verify Apps attempts to identify and block
+ installation of known malicious applications that exploit a privilege escalation
+ vulnerability. If such an application has already been installed, Verify Apps
+ will notify the user and attempt to remove the detected application.</li>
+ <li>As appropriate, Google Hangouts and Messenger applications do not
+ automatically pass media to processes such as Mediaserver.</li>
+</ul>
+
+<h2 id="acknowledgements">Acknowledgements</h2>
+<p>We would like to thank these researchers for their contributions:</p>
+<ul>
+ <li>Aravind Machiry (donfos) of Shellphish Grill Team: CVE-2016-5349</li>
+ <li>Daxing Guo (<a href="https://twitter.com/freener0">@freener0</a>) of Xuanwu
+ Lab, Tencent: CVE-2017-0585, CVE-2017-0553</li>
+ <li><a href="mailto:derrek.haxx@gmail.com">Derrek</a> (<a
+ href="https://twitter.com/derrekr6">@derrekr6</a>) and Scott Bauer:
+ CVE-2017-0576</li>
+ <li>Gal Beniamini of Project Zero: CVE-2017-0571, CVE-2017-0570, CVE-2017-0572,
+ CVE-2017-0569, CVE-2017-0561</li>
+ <li>Gengjia Chen (<a href="https://twitter.com/chengjia4574">@chengjia4574</a>)
+ and <a href="http://weibo.com/jfpan">pjf </a>of IceSword Lab, Qihoo 360
+ Technology Co. Ltd.: CVE-2017-6426, CVE-2017-0581, CVE-2017-0329, CVE-2017-0332,
+ CVE-2017-0566</li>
+ <li>Guang Gong (龚广) (<a href="https://twitter.com/oldfresher">@oldfresher</a>)
+ of Alpha Team, Qihoo 360 Technology Co. Ltd.: CVE-2017-0547</li>
+ <li>Hao Chen and Guang Gong of Alpha Team, Qihoo 360 Technology Co. Ltd.:
+ CVE-2017-6424, CVE-2017-0584, CVE-2017-0454, CVE-2017-0575, CVE-2017-0567</li>
+ <li>Ian Foster (<a href="https://twitter.com/lanrat">@lanrat</a>): CVE-2017-0554</li>
+ <li>Jack Tang of Trend Micro Inc.: CVE-2017-0579</li>
+ <li>Jianjun Dai (<a href="https://twitter.com/Jioun_dai">@Jioun_dai</a>) of <a
+ href="https://skyeye.360safe.com">Qihoo 360 Skyeye Labs</a>: CVE-2017-0559,
+ CVE-2017-0541</li>
+ <li>Jianqiang Zhao (<a
+ href="https://twitter.com/jianqiangzhao">@jianqiangzhao</a>) and <a
+ href="http://weibo.com/jfpan">pjf</a> of IceSword Lab, Qihoo 360: CVE-2017-6425,
+ CVE-2016-5346</li>
+ <li><a href="mailto:salyzyn@android.com">Mark Salyzyn</a> of Google:
+ CVE-2017-0558</li>
+ <li>Mike Anderson (<a href="https://twitter.com/manderbot">@manderbot</a>) and
+ Nathan Crandall (<a href="https://twitter.com/natecray">@natecray</a>) of
+ Tesla's Product Security Team: CVE-2017-0327, CVE-2017-0328</li>
+ <li>Peng Xiao, Chengming Yang, Ning You, Chao Yang, and Yang song of Alibaba
+ Mobile Security Group: CVE-2017-0565</li>
+ <li>Pengfei Ding (丁鹏飞), Chenfu Bao (包沉浮), and Lenx Wei (韦韬) of Baidu X-Lab
+ (百度安全实验室): CVE-2016-10236</li>
+ <li>Qidan He (何淇丹 - <a href="https://twitter.com/flanker_hqd">@flanker_hqd</a>)
+ of KeenLab, Tencent: CVE-2017-0544, CVE-2016-10231, CVE-2017-0325</li>
+ <li><a href="mailto:sbauer@plzdonthack.me">Scott Bauer</a> (<a
+ href="https://twitter.com/ScottyBauer1">@ScottyBauer1</a>): CVE-2017-0562,
+ CVE-2017-0339</li>
+ <li>Seven Shen (<a href="https://twitter.com/lingtongshen">@lingtongshen</a>) of
+ TrendMicro Mobile Threat Research Team: CVE-2017-0578</li>
+ <li>Tim Becker: CVE-2017-0546</li>
+ <li>Uma Sankar Pradhan (<a
+ href="https://twitter.com/umasankar_iitd">@umasankar_iitd</a>): CVE-2017-0560</li>
+ <li>V.E.O (<a href="https://twitter.com/vysea">@VYSEa</a>) of <a
+ href="http://blog.trendmicro.com/trendlabs-security-intelligence/category/mobile">Mobile
+ Threat Response Team</a>, <a href="http://www.trendmicro.com">Trend Micro</a>:
+ CVE-2017-0555, CVE-2017-0538, CVE-2017-0539, CVE-2017-0540, CVE-2017-0557,
+ CVE-2017-0556</li>
+ <li>Weichao Sun (<a href="https://twitter.com/sunblate">@sunblate</a>) of
+ Alibaba Inc: CVE-2017-0549</li>
+ <li>Wenlin Yang (<a href="https://twitter.com/wenlin_yang">@wenlin_yang</a>),
+ Guang Gong (<a href="https://twitter.com/oldfresher">@oldfresher</a>), and Hao
+ Chen of Alpha Team, Qihoo 360 Technology Co. Ltd.: CVE-2017-0580, CVE-2017-0577</li>
+ <li>Yonggang Guo (<a href="https://twitter.com/guoygang">@guoygang</a>) of
+ IceSword Lab, Qihoo 360 Technology Co. Ltd.: CVE-2017-0586, CVE-2017-0564</li>
+ <li><a href="http://weibo.com/ele7enxxh">Zinuo Han</a> from Chengdu Security
+ Response Center of Qihoo 360 Technology Co. Ltd.: CVE-2017-0548</li>
+ <li>Zubin Mithra of Google: CVE-2017-0462</li>
+</ul>
+
+<h2 id="2017-04-01-details">2017-04-01 security patch level—Vulnerability
+details</h2>
+<p>In the sections below, we provide details for each of the security
+vulnerabilities listed in the
+<a href="#2017-04-01-summary">2017-04-01
+security patch level—Vulnerability summary</a> above. There is a description of
+the issue, a severity rationale, and a table with the CVE, associated
+references, severity, updated Google devices, updated AOSP versions (where
+applicable), and date reported. When available, we will link the public change
+that addressed the issue to the bug ID, like the AOSP change list. When multiple
+changes relate to a single bug, additional references are linked to numbers
+following the bug ID.</p>
+
+
+<h3 id="rce-in-mediaserver">Remote code execution vulnerability in
+Mediaserver</h3>
+<p>A remote code execution vulnerability in Mediaserver could enable an attacker
+using a specially crafted file to cause memory corruption during media file and
+data processing. This issue is rated as Critical due to the possibility of
+remote code execution within the context of the Mediaserver process.</p>
+
+<table>
+ <col width="18%">
+ <col width="17%">
+ <col width="10%">
+ <col width="19%">
+ <col width="18%">
+ <col width="17%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Google devices</th>
+ <th>Updated AOSP versions</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-0538</td>
+ <td>A-33641588</td>
+ <td>Critical</td>
+ <td>All</td>
+ <td>6.0, 6.0.1, 7.0, 7.1.1</td>
+ <td>Dec 13, 2016</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0539</td>
+ <td>A-33864300</td>
+ <td>Critical</td>
+ <td>All</td>
+ <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td>
+ <td>Dec 23, 2016</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0540</td>
+ <td>A-33966031</td>
+ <td>Critical</td>
+ <td>All</td>
+ <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td>
+ <td>Dec 29, 2016</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0541</td>
+ <td>A-34031018</td>
+ <td>Critical</td>
+ <td>All</td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td>
+ <td>Jan 1, 2017</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0542</td>
+ <td>A-33934721</td>
+ <td>Critical</td>
+ <td>All</td>
+ <td>6.0, 6.0.1, 7.0, 7.1.1</td>
+ <td>Google internal</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0543</td>
+ <td>A-34097866</td>
+ <td>Critical</td>
+ <td>All</td>
+ <td>6.0, 6.0.1, 7.0, 7.1.1</td>
+ <td>Google internal</td>
+ </tr>
+</table>
+
+
+<h3 id="eop-in-camerabase">Elevation of privilege vulnerability in
+CameraBase</h3>
+<p>An elevation of privilege vulnerability in CameraBase could enable a local
+malicious application to execute arbitrary code. This issue is rated as High
+because it is a local arbitrary code execution in a privileged process.</p>
+
+<table>
+ <col width="18%">
+ <col width="17%">
+ <col width="10%">
+ <col width="19%">
+ <col width="18%">
+ <col width="17%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Google devices</th>
+ <th>Updated AOSP versions</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-0544</td>
+ <td>A-31992879</td>
+ <td>High</td>
+ <td>All</td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td>
+ <td>Oct 6, 2016</td>
+ </tr>
+</table>
+
+
+<h3 id="eop-in-audioserver">Elevation of privilege vulnerability in
+Audioserver</h3>
+<p>An elevation of privilege vulnerability in Audioserver could enable a local
+malicious application to execute arbitrary code within the context of a
+privileged process. This issue is rated as High because it could be used to
+gain local access to elevated capabilities, which are not normally accessible
+to a third-party application.</p>
+
+<table>
+ <col width="18%">
+ <col width="17%">
+ <col width="10%">
+ <col width="19%">
+ <col width="18%">
+ <col width="17%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Google devices</th>
+ <th>Updated AOSP versions</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-0545</td>
+ <td>A-32591350</td>
+ <td>High</td>
+ <td>All</td>
+ <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td>
+ <td>Oct 31, 2016</td>
+ </tr>
+</table>
+
+
+<h3 id="eop-in-surfaceflinger">Elevation of privilege vulnerability in
+SurfaceFlinger</h3>
+<p>An elevation of privilege vulnerability in SurfaceFlinger could enable a local
+malicious application to execute arbitrary code within the context of a
+privileged process. This issue is rated as High because it could be used to
+gain local access to elevated capabilities, which are not normally accessible
+to a third-party application.</p>
+
+<table>
+ <col width="18%">
+ <col width="17%">
+ <col width="10%">
+ <col width="19%">
+ <col width="18%">
+ <col width="17%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Google devices</th>
+ <th>Updated AOSP versions</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-0546</td>
+ <td>A-32628763</td>
+ <td>High</td>
+ <td>All</td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td>
+ <td>Nov 2, 2016</td>
+ </tr>
+</table>
+
+
+<h3 id="id-in-mediaserver">Information disclosure vulnerability in
+Mediaserver</h3>
+<p>An information disclosure vulnerability in Mediaserver could enable a local
+malicious application to access data outside of its permission levels. This
+issue is rated as High because it is a general bypass for operating system
+protections that isolate application data from other applications.</p>
+
+<table>
+ <col width="18%">
+ <col width="17%">
+ <col width="10%">
+ <col width="19%">
+ <col width="18%">
+ <col width="17%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Google devices</th>
+ <th>Updated AOSP versions</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-0547</td>
+ <td>A-33861560</td>
+ <td>High</td>
+ <td>All</td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td>
+ <td>Dec 22, 2016</td>
+ </tr>
+</table>
+
+
+<h3 id="dos-in-libskia">Denial of service vulnerability in libskia</h3>
+<p>A remote denial of service vulnerability in libskia could enable an attacker to
+use a specially crafted file to cause a device hang or reboot. This issue is
+rated as High severity due to the possibility of remote denial of service.</p>
+
+<table>
+ <col width="18%">
+ <col width="17%">
+ <col width="10%">
+ <col width="19%">
+ <col width="18%">
+ <col width="17%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Google devices</th>
+ <th>Updated AOSP versions</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-0548</td>
+ <td>A-33251605</td>
+ <td>High</td>
+ <td>All</td>
+ <td>7.0, 7.1.1</td>
+ <td>Nov 29, 2016</td>
+ </tr>
+</table>
+
+
+<h3 id="dos-in-mediaserver">Denial of service vulnerability in Mediaserver</h3>
+<p>A remote denial of service vulnerability in Mediaserver could enable an
+attacker to use a specially crafted file to cause a device hang or reboot. This
+issue is rated as High severity due to the possibility of remote denial of
+service.</p>
+
+<table>
+ <col width="18%">
+ <col width="17%">
+ <col width="10%">
+ <col width="19%">
+ <col width="18%">
+ <col width="17%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Google devices</th>
+ <th>Updated AOSP versions</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-0549</td>
+ <td>A-33818508</td>
+ <td>High</td>
+ <td>All</td>
+ <td>6.0, 6.0.1, 7.0, 7.1.1</td>
+ <td>Dec 20, 2016</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0550</td>
+ <td>A-33933140</td>
+ <td>High</td>
+ <td>All</td>
+ <td>6.0, 6.0.1, 7.0, 7.1.1</td>
+ <td>Google internal</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0551</td>
+ <td>A-34097231</td>
+ <td>High</td>
+ <td>All</td>
+ <td>6.0, 6.0.1, 7.0, 7.1.1</td>
+ <td>Google internal</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0552</td>
+ <td>A-34097915</td>
+ <td>High</td>
+ <td>All</td>
+ <td>6.0, 6.0.1, 7.0, 7.1.1</td>
+ <td>Google internal</td>
+ </tr>
+</table>
+
+
+<h3 id="eop-in-libnl">Elevation of privilege vulnerability in libnl</h3>
+<p>An elevation of privilege vulnerability in libnl could enable a local malicious
+application to execute arbitrary code within the context of the Wi-Fi service.
+This issue is rated as Moderate because it first requires compromising a
+privileged process and is mitigated by current platform configurations.</p>
+
+<table>
+ <col width="18%">
+ <col width="17%">
+ <col width="10%">
+ <col width="19%">
+ <col width="18%">
+ <col width="17%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Google devices</th>
+ <th>Updated AOSP versions</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-0553</td>
+ <td>A-32342065</td>
+ <td>Moderate</td>
+ <td>All</td>
+ <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td>
+ <td>Oct 21, 2016</td>
+ </tr>
+</table>
+
+
+<h3 id="eop-in-telephony">Elevation of privilege vulnerability in
+Telephony</h3>
+<p>An elevation of privilege vulnerability in the Telephony component could enable
+a local malicious application to access capabilities outside of its permission
+levels. This issue is rated as Moderate because it could be used to gain access
+to elevated capabilities, which are not normally accessible to a third-party
+application.</p>
+
+<table>
+ <col width="18%">
+ <col width="17%">
+ <col width="10%">
+ <col width="19%">
+ <col width="18%">
+ <col width="17%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Google devices</th>
+ <th>Updated AOSP versions</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-0554</td>
+ <td>A-33815946</td>
+ <td>Moderate</td>
+ <td>All</td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td>
+ <td>Dec 20, 2016</td>
+ </tr>
+</table>
+
+
+<h3 id="id-in-mediaserver-2">Information disclosure vulnerability in
+Mediaserver</h3>
+<p>An information disclosure vulnerability in Mediaserver could enable a local
+malicious application to access data outside of its permission levels. This
+issue is rated as Moderate because it could be used to access data without
+permission.</p>
+
+<table>
+ <col width="18%">
+ <col width="17%">
+ <col width="10%">
+ <col width="19%">
+ <col width="18%">
+ <col width="17%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Google devices</th>
+ <th>Updated AOSP versions</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-0555</td>
+ <td>A-33551775</td>
+ <td>Moderate</td>
+ <td>All</td>
+ <td>6.0, 6.0.1, 7.0, 7.1.1</td>
+ <td>Dec 12, 2016</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0556</td>
+ <td>A-34093952</td>
+ <td>Moderate</td>
+ <td>All</td>
+ <td>6.0, 6.0.1, 7.0, 7.1.1</td>
+ <td>Jan 4, 2017</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0557</td>
+ <td>A-34093073</td>
+ <td>Moderate</td>
+ <td>All</td>
+ <td>6.0, 6.0.1, 7.0, 7.1.1</td>
+ <td>Jan 4, 2017</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0558</td>
+ <td>A-34056274</td>
+ <td>Moderate</td>
+ <td>All</td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td>
+ <td>Google internal</td>
+ </tr>
+</table>
+
+
+<h3 id="id-in-libskia">Information disclosure vulnerability in libskia</h3>
+<p>An information disclosure vulnerability in libskia could enable a local
+malicious application to access data outside of its permission levels. This
+issue is rated as Moderate because it could be used to access data without
+permission.</p>
+
+<table>
+ <col width="18%">
+ <col width="17%">
+ <col width="10%">
+ <col width="19%">
+ <col width="18%">
+ <col width="17%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Google devices</th>
+ <th>Updated AOSP versions</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-0559</td>
+ <td>A-33897722</td>
+ <td>Moderate</td>
+ <td>All</td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td>
+ <td>Dec 25, 2016</td>
+ </tr>
+</table>
+
+
+<h3 id="id-in-factory-reset">Information disclosure vulnerability in Factory
+Reset</h3>
+<p>An information disclosure vulnerability in the factory reset process could
+enable a local malicious attacker to access data from the previous owner. This
+issue is rated as Moderate due to the possibility of bypassing device
+protection.</p>
+
+<table>
+ <col width="18%">
+ <col width="17%">
+ <col width="10%">
+ <col width="19%">
+ <col width="18%">
+ <col width="17%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Google devices</th>
+ <th>Updated AOSP versions</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-0560</td>
+ <td>A-30681079</td>
+ <td>Moderate</td>
+ <td>All</td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1</td>
+ <td>Google internal</td>
+ </tr>
+</table>
+
+<h2 id="2017-04-05-details">2017-04-05 security patch level—Vulnerability
+details</h2>
+<p>In the sections below, we provide details for each of the security
+vulnerabilities listed in the
+<a href="#2017-04-05-summary">2017-04-05
+security patch level—Vulnerability summary</a> above. There is a description of
+the issue, a severity rationale, and a table with the CVE, associated
+references, severity, updated Google devices, updated AOSP versions (where
+applicable), and date reported. When available, we will link the public change
+that addressed the issue to the bug ID, like the AOSP change list. When multiple
+changes relate to a single bug, additional references are linked to numbers
+following the bug ID.</p>
+
+
+<h3 id="rce-in-broadcom-wi-fi-firmware">Remote code execution vulnerability in
+Broadcom Wi-Fi firmware</h3>
+<p>A remote code execution vulnerability in the Broadcom Wi-Fi firmware could
+enable a remote attacker to execute arbitrary code within the context of the
+Wi-Fi SoC. This issue is rated as Critical due to the possibility of remote
+code execution in the context of the Wi-Fi SoC.</p>
+
+<table>
+ <col width="19%">
+ <col width="20%">
+ <col width="10%">
+ <col width="23%">
+ <col width="17%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Google devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-0561</td>
+ <td>A-34199105*<br>
+ B-RB#110814</td>
+ <td>Critical</td>
+ <td>Nexus 6, Nexus 6P, Nexus 9, Pixel C, Nexus Player</td>
+ <td>Jan 9, 2017</td>
+ </tr>
+</table>
+<p>* The patch for this issue is not publicly available. The update is contained
+in the latest binary drivers for Nexus devices available from the
+<a href="https://developers.google.com/android/nexus/drivers">
+Google Developer site</a>.</p>
+
+
+<h3 id="rce-in-qualcomm-crypto-engine-driver">Remote code execution
+vulnerability in Qualcomm crypto engine driver</h3>
+<p>A remote code execution vulnerability in the Qualcomm crypto engine driver
+could enable a remote attacker to execute arbitrary code within the context of
+the kernel. This issue is rated as Critical due to the possibility of remote
+code execution in the context of the kernel.</p>
+
+<table>
+ <col width="19%">
+ <col width="20%">
+ <col width="10%">
+ <col width="23%">
+ <col width="17%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Google devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-10230</td>
+ <td>A-34389927<br>
+ <a
+href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=bd9a8fc6d7f6bd1a0b936994630006de450df657">
+QC-CR#1091408</a></td>
+ <td>Critical</td>
+ <td>Nexus 5X, Nexus 6, Nexus 6P, Pixel, Pixel XL, Android One</td>
+ <td>Jan 10, 2017</td>
+ </tr>
+</table>
+
+
+<h3 id="rce-in-kernel-networking-subsystem">Remote code execution vulnerability
+in kernel networking subsystem</h3>
+<p>A remote code execution vulnerability in the kernel networking subsystem could
+enable a remote attacker to execute arbitrary code within the context of the
+kernel. This issue is rated as Critical due to the possibility of remote code
+execution in the context of the kernel.</p>
+
+<table>
+ <col width="19%">
+ <col width="20%">
+ <col width="10%">
+ <col width="23%">
+ <col width="17%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Google devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-10229</td>
+ <td>A-32813456<br>
+ <a
+href="http://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=197c949e7798fbf28cfadc69d9ca0c2abbf93191">
+Upstream kernel</a></td>
+ <td>Critical</td>
+ <td>Nexus 5X, Nexus 6, Nexus 6P, Pixel, Pixel XL, Pixel C, Android One,
+Nexus Player</td>
+ <td>Google internal</td>
+ </tr>
+</table>
+
+
+<h3 id="eop-in-mediatek-touchscreen-driver">Elevation of privilege
+vulnerability in MediaTek touchscreen driver</h3>
+<p>An elevation of privilege vulnerability in the MediaTek touchscreen driver
+could enable a local malicious application to execute arbitrary code within the
+context of the kernel. This issue is rated as Critical due to the possibility
+of a local permanent device compromise, which may require reflashing the
+operating system to repair the device.</p>
+
+<table>
+ <col width="19%">
+ <col width="20%">
+ <col width="10%">
+ <col width="23%">
+ <col width="17%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Google devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-0562</td>
+ <td>A-30202425*<br>
+ M-ALPS02898189</td>
+ <td>Critical*</td>
+ <td>None**</td>
+ <td>Jul 16, 2016</td>
+ </tr>
+</table>
+<p>* The patch for this issue is not publicly available. The update is contained
+in the latest binary drivers for Nexus devices available from the
+<a href="https://developers.google.com/android/nexus/drivers">
+Google Developer site</a>.</p>
+<p>** Supported Google devices on Android 7.0 or later that have installed all
+available updates are not affected by this vulnerability.</p>
+
+
+<h3 id="eop-in-htc-touchscreen-driver">Elevation of privilege vulnerability in
+HTC touchscreen driver</h3>
+<p>An elevation of privilege vulnerability in the HTC touchscreen driver could
+enable a local malicious application to execute arbitrary code within the
+context of the kernel. This issue is rated as Critical due to the possibility
+of a local permanent device compromise, which may require reflashing the
+operating system to repair the device.</p>
+
+<table>
+ <col width="19%">
+ <col width="20%">
+ <col width="10%">
+ <col width="23%">
+ <col width="17%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Google devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-0563</td>
+ <td>A-32089409*<br>
+ </td>
+ <td>Critical</td>
+ <td>Nexus 9</td>
+ <td>Oct 9, 2016</td>
+ </tr>
+</table>
+<p>* The patch for this issue is not publicly available. The update is contained
+in the latest binary drivers for Nexus devices available from the
+<a href="https://developers.google.com/android/nexus/drivers">
+Google Developer site</a>.</p>
+
+
+<h3 id="eop-in-kernel-ion-subsystem">Elevation of privilege vulnerability in
+kernel ION subsystem</h3>
+<p>An elevation of privilege vulnerability in the kernel ION subsystem could
+enable a local malicious application to execute arbitrary code within the
+context of the kernel. This issue is rated as Critical due to the possibility
+of a local permanent device compromise, which may require reflashing the
+operating system to repair the device.</p>
+
+<table>
+ <col width="19%">
+ <col width="20%">
+ <col width="10%">
+ <col width="23%">
+ <col width="17%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Google devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-0564</td>
+ <td>A-34276203*<br>
+ </td>
+ <td>Critical</td>
+ <td>Nexus 5X, Nexus 6, Nexus 6P, Pixel, Pixel XL, Pixel C, Android One,
+Nexus Player</td>
+ <td>Jan 12, 2017</td>
+ </tr>
+</table>
+<p>* The patch for this issue is not publicly available. The update is contained
+in the latest binary drivers for Nexus devices available from the
+<a href="https://developers.google.com/android/nexus/drivers">
+Google Developer site</a>.</p>
+
+
+<h3 id="vulnerabilities-in-qualcomm-components">Vulnerabilities in Qualcomm
+components</h3>
+<p>These vulnerabilities affect Qualcomm components and are described in further
+detail in the Qualcomm AMSS October 2016 security bulletin.</p>
+
+<table>
+ <col width="19%">
+ <col width="20%">
+ <col width="10%">
+ <col width="23%">
+ <col width="17%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Google devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-10237</td>
+ <td>A-31628601**<br>
+ QC-CR#1046751</td>
+ <td>Critical</td>
+ <td>None**</td>
+ <td>Qualcomm internal</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10238</td>
+ <td>A-35358527**<br>
+ QC-CR#1042558</td>
+ <td>Critical</td>
+ <td>None***</td>
+ <td>Qualcomm internal</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10239</td>
+ <td>A-31624618**<br>
+ QC-CR#1032929</td>
+ <td>High</td>
+ <td>Pixel, Pixel XL</td>
+ <td>Qualcomm internal</td>
+ </tr>
+</table>
+<p>* The severity rating for these vulnerabilities was determined by the vendor.</p>
+<p>* The patch for this issue is not publicly available. The update is contained
+in the latest binary drivers for Nexus devices available from the
+<a href="https://developers.google.com/android/nexus/drivers">
+Google Developer site</a>.</p>
+<p>*** Supported Google devices on Android 7.0 or later that have installed all
+available updates are not affected by this vulnerability.</p>
+
+
+<h3 id="rce-in-v8">Remote code execution vulnerability in v8</h3>
+<p>A remote code execution vulnerability in v8 could enable remote attackers to
+execute arbitrary code within the context of a privileged process. This issue
+is rated as High due to the possibility of remote code execution in websites. </p>
+
+<table>
+ <col width="18%">
+ <col width="17%">
+ <col width="10%">
+ <col width="19%">
+ <col width="18%">
+ <col width="17%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Google devices</th>
+ <th>Updated AOSP versions</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-5129</td>
+ <td>A-29178923</td>
+ <td>High</td>
+ <td>All</td>
+ <td>6.0, 6.0.1, 7.0</td>
+ <td>Jul 20, 2016</td>
+ </tr>
+</table>
+
+
+<h3 id="rce-in-freetype">Remote code execution vulnerability in Freetype</h3>
+<p>A remote code execution vulnerability in Freetype could enable a local
+malicious application to load a specially crafted font to cause memory
+corruption in an unprivileged process. This issue is rated as High due to the
+possibility of remote code execution in an application that uses this library.</p>
+
+<table>
+ <col width="18%">
+ <col width="17%">
+ <col width="10%">
+ <col width="19%">
+ <col width="18%">
+ <col width="17%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Google devices</th>
+ <th>Updated AOSP versions</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-10244</td>
+ <td>A-31470908</td>
+ <td>High</td>
+ <td>All</td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0</td>
+ <td>Sep 13, 2016</td>
+ </tr>
+</table>
+
+
+<h3 id="eop-in-kernel-sound-subsystem">Elevation of privilege vulnerability in
+kernel sound subsystem</h3>
+<p>An elevation of privilege vulnerability in the kernel sound subsystem could
+enable a local malicious application to execute arbitrary code within the
+context of the kernel. This issue is rated as High because it first requires
+compromising a privileged process.</p>
+
+<table>
+ <col width="19%">
+ <col width="20%">
+ <col width="10%">
+ <col width="23%">
+ <col width="17%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Google devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2014-4656</td>
+ <td>A-34464977<br>
+ <a
+href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=883a1d49f0d77d30012f114b2e19fc141beb3e8e">
+Upstream kernel</a></td>
+ <td>High</td>
+ <td>Nexus 6, Nexus Player</td>
+ <td>Jun 26, 2014</td>
+ </tr>
+</table>
+
+
+<h3 id="eop-in-nvidia-crypto-driver">Elevation of privilege vulnerability in
+NVIDIA crypto driver</h3>
+<p>An elevation of privilege vulnerability in the NVIDIA crypto driver could
+enable a local malicious application to execute arbitrary code within the
+context of the kernel. This issue is rated as High because it first requires
+compromising a privileged process.</p>
+
+<table>
+ <col width="19%">
+ <col width="20%">
+ <col width="10%">
+ <col width="23%">
+ <col width="17%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Google devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-0339</td>
+ <td>A-27930566*<br>
+ N-CVE-2017-0339</td>
+ <td>High</td>
+ <td>Nexus 9</td>
+ <td>Mar 29, 2016</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0332</td>
+ <td>A-33812508*<br>
+ N-CVE-2017-0332</td>
+ <td>High</td>
+ <td>Nexus 9</td>
+ <td>Dec 21, 2016</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0327</td>
+ <td>A-33893669*<br>
+ N-CVE-2017-0327</td>
+ <td>High</td>
+ <td>Nexus 9</td>
+ <td>Dec 24, 2016</td>
+ </tr>
+</table>
+<p>* The patch for this issue is not publicly available. The update is contained
+in the latest binary drivers for Nexus devices available from the
+<a href="https://developers.google.com/android/nexus/drivers">
+Google Developer site</a>.</p>
+
+
+<h3 id="eop-in-mediatek-thermal-driver">Elevation of privilege vulnerability in
+MediaTek thermal driver</h3>
+<p>An elevation of privilege vulnerability in the MediaTek thermal driver could
+enable a local malicious application to execute arbitrary code within the
+context of the kernel. This issue is rated as High because it first requires
+compromising a privileged process.</p>
+
+<table>
+ <col width="19%">
+ <col width="20%">
+ <col width="10%">
+ <col width="23%">
+ <col width="17%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Google devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-0565</td>
+ <td>A-28175904*<br>
+ M-ALPS02696516</td>
+ <td>High</td>
+ <td>None**</td>
+ <td>Apr 11, 2016</td>
+ </tr>
+</table>
+<p>* The patch for this issue is not publicly available. The update is contained
+in the latest binary drivers for Nexus devices available from the
+<a href="https://developers.google.com/android/nexus/drivers">
+Google Developer site</a>.</p>
+<p>** Supported Google devices on Android 7.0 or later that have installed all
+available updates are not affected by this vulnerability.</p>
+
+
+<h3 id="eop-in-mediatek-camera-driver">Elevation of privilege vulnerability in
+MediaTek camera driver</h3>
+<p>An elevation of privilege vulnerability in the MediaTek camera driver could
+enable a local malicious application to execute arbitrary code within the
+context of the kernel. This issue is rated as High because it first requires
+compromising a privileged process.</p>
+
+<table>
+ <col width="19%">
+ <col width="20%">
+ <col width="10%">
+ <col width="23%">
+ <col width="17%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Google devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-0566</td>
+ <td>A-28470975*<br>
+ M-ALPS02696367</td>
+ <td>High</td>
+ <td>None**</td>
+ <td>Apr 29, 2016</td>
+ </tr>
+</table>
+<p>* The patch for this issue is not publicly available. The update is contained
+in the latest binary drivers for Nexus devices available from the
+<a href="https://developers.google.com/android/nexus/drivers">
+Google Developer site</a>.</p>
+<p>** Supported Google devices on Android 7.0 or later that have installed all
+available updates are not affected by this vulnerability.</p>
+
+
+<h3 id="eop-in-broadcom-wi-fi-driver">Elevation of privilege vulnerability in
+Broadcom Wi-Fi driver</h3>
+<p>An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could
+enable a local malicious application to execute arbitrary code within the
+context of the kernel. This issue is rated as High because it first requires
+compromising a privileged process.</p>
+
+<table>
+ <col width="19%">
+ <col width="20%">
+ <col width="10%">
+ <col width="23%">
+ <col width="17%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Google devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-0567</td>
+ <td>A-32125310*<br>
+ B-RB#112575</td>
+ <td>High</td>
+ <td>Nexus 6, Nexus 6P, Nexus 9, Pixel C, Nexus Player</td>
+ <td>Oct 12, 2016</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0568</td>
+ <td>A-34197514*<br>
+ B-RB#112600</td>
+ <td>High</td>
+ <td>Nexus 6, Nexus 6P, Nexus 9, Pixel C, Nexus Player</td>
+ <td>Jan 9, 2017</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0569</td>
+ <td>A-34198729*<br>
+ B-RB#110666</td>
+ <td>High</td>
+ <td>Nexus 6, Nexus 6P, Nexus 9, Pixel C, Nexus Player</td>
+ <td>Jan 9, 2017</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0570</td>
+ <td>A-34199963*<br>
+ B-RB#110688</td>
+ <td>High</td>
+ <td>Nexus 6, Nexus 6P, Nexus 9, Pixel C, Nexus Player</td>
+ <td>Jan 9, 2017</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0571</td>
+ <td>A-34203305*<br>
+ B-RB#111541</td>
+ <td>High</td>
+ <td>Nexus 6, Nexus 6P, Pixel C, Nexus Player</td>
+ <td>Jan 9, 2017</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0572</td>
+ <td>A-34198931*<br>
+ B-RB#112597</td>
+ <td>High</td>
+ <td>None**</td>
+ <td>Jan 9, 2017</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0573</td>
+ <td>A-34469904*<br>
+ B-RB#91539</td>
+ <td>High</td>
+ <td>Nexus 6, Nexus 6P, Nexus 9, Pixel C, Nexus Player</td>
+ <td>Jan 18, 2017</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0574</td>
+ <td>A-34624457*<br>
+ B-RB#113189</td>
+ <td>High</td>
+ <td>Nexus 6, Nexus 6P, Nexus 9, Pixel C</td>
+ <td>Jan 22, 2017</td>
+ </tr>
+</table>
+<p>* The patch for this issue is not publicly available. The update is contained
+in the latest binary drivers for Nexus devices available from the
+<a href="https://developers.google.com/android/nexus/drivers">
+Google Developer site</a>.</p>
+<p>** Supported Google devices on Android 7.0 or later that have installed all
+available updates are not affected by this vulnerability.</p>
+
+
+<h3 id="eop-in-qualcomm-wi-fi-driver">Elevation of privilege vulnerability in
+Qualcomm Wi-Fi driver</h3>
+<p>An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could
+enable a local malicious application to execute arbitrary code within the
+context of the kernel. This issue is rated as High because it first requires
+compromising a privileged process.</p>
+
+<table>
+ <col width="19%">
+ <col width="20%">
+ <col width="10%">
+ <col width="23%">
+ <col width="17%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Google devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-0575</td>
+ <td>A-32658595*<br>
+ QC-CR#1103099</td>
+ <td>High</td>
+ <td>Nexus 5X, Pixel, Pixel XL</td>
+ <td>Nov 3, 2016</td>
+ </tr>
+</table>
+<p>* The patch for this issue is not publicly available. The update is contained
+in the latest binary drivers for Nexus devices available from the
+<a href="https://developers.google.com/android/nexus/drivers">
+Google Developer site</a>.</p>
+
+
+<h3 id="eop-in-nvidia-i2c-hid-driver">Elevation of privilege vulnerability in
+NVIDIA I2C HID driver</h3>
+<p>An elevation of privilege vulnerability in the NVIDIA I2C HID driver could
+enable a local malicious application to execute arbitrary code within the
+context of the kernel. This issue is rated as High because it first requires
+compromising a privileged process.</p>
+
+<table>
+ <col width="19%">
+ <col width="20%">
+ <col width="10%">
+ <col width="23%">
+ <col width="17%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Google devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-0325</td>
+ <td>A-33040280*<br>
+ N-CVE-2017-0325</td>
+ <td>High</td>
+ <td>Nexus 9, Pixel C</td>
+ <td>Nov 20, 2016</td>
+ </tr>
+</table>
+<p>* The patch for this issue is not publicly available. The update is contained
+in the latest binary drivers for Nexus devices available from the
+<a href="https://developers.google.com/android/nexus/drivers">
+Google Developer site</a>.</p>
+
+
+<h3 id="eop-in-qualcomm-audio-driver">Elevation of privilege vulnerability in
+Qualcomm audio driver</h3>
+<p>An elevation of privilege vulnerability in the Qualcomm audio driver could
+enable a local malicious application to execute arbitrary code within the
+context of the kernel. This issue is rated as High because it first requires
+compromising a privileged process.</p>
+
+<table>
+ <col width="19%">
+ <col width="20%">
+ <col width="10%">
+ <col width="23%">
+ <col width="17%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Google devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-0454</td>
+ <td>A-33353700<br>
+ <a
+href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=cb0701a2f99fa19f01fbd4249bda9a8eadb0241f">
+QC-CR#1104067</a></td>
+ <td>High</td>
+ <td>Nexus 5X, Nexus 6P, Pixel, Pixel XL</td>
+ <td>Dec 5, 2016</td>
+ </tr>
+</table>
+
+
+<h3 id="eop-in-qualcomm-crypto-engine-driver">Elevation of privilege
+vulnerability in Qualcomm crypto engine driver</h3>
+<p>An elevation of privilege vulnerability in the Qualcomm crypto engine driver
+could enable a local malicious application to execute arbitrary code within the
+context of the kernel. This issue is rated as High because it first requires
+compromising a privileged process.</p>
+
+<table>
+ <col width="19%">
+ <col width="20%">
+ <col width="10%">
+ <col width="23%">
+ <col width="17%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Google devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-0576</td>
+ <td>A-33544431<br>
+ <a
+href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=2b09507d78b25637df6879cd2ee2031b208b3532">
+QC-CR#1103089</a></td>
+ <td>High</td>
+ <td>Nexus 5X, Nexus 6, Nexus 6P, Pixel, Pixel XL, Android One</td>
+ <td>Dec 9, 2016</td>
+ </tr>
+</table>
+
+
+<h3 id="eop-in-htc-touchscreen-driver-2">Elevation of privilege vulnerability
+in HTC touchscreen driver</h3>
+<p>An elevation of privilege vulnerability in the HTC touchscreen driver could
+enable a local malicious application to execute arbitrary code within the
+context of the kernel. This issue is rated as High because it first requires
+compromising a privileged process.</p>
+
+<table>
+ <col width="19%">
+ <col width="20%">
+ <col width="10%">
+ <col width="23%">
+ <col width="17%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Google devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-0577</td>
+ <td>A-33842951*<br>
+ </td>
+ <td>High</td>
+ <td>None**</td>
+ <td>Dec 21, 2016</td>
+ </tr>
+</table>
+<p>* The patch for this issue is not publicly available. The update is contained
+in the latest binary drivers for Nexus devices available from the
+<a href="https://developers.google.com/android/nexus/drivers">
+Google Developer site</a>.</p>
+<p>** Supported Google devices on Android 7.0 or later that have installed all
+available updates are not affected by this vulnerability.</p>
+
+
+<h3 id="eop-in-dts-sound-driver">Elevation of privilege vulnerability in DTS
+sound driver</h3>
+<p>An elevation of privilege vulnerability in the DTS sound driver could enable a
+local malicious application to execute arbitrary code within the context of the
+kernel. This issue is rated as High because it first requires compromising a
+privileged process.</p>
+
+<table>
+ <col width="19%">
+ <col width="20%">
+ <col width="10%">
+ <col width="23%">
+ <col width="17%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Google devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-0578</td>
+ <td>A-33964406*<br>
+ </td>
+ <td>High</td>
+ <td>None**</td>
+ <td>Dec 28, 2016</td>
+ </tr>
+</table>
+<p>* The patch for this issue is not publicly available. The update is contained
+in the latest binary drivers for Nexus devices available from the
+<a href="https://developers.google.com/android/nexus/drivers">
+Google Developer site</a>.</p>
+<p>** Supported Google devices on Android 7.0 or later that have installed all
+available updates are not affected by this vulnerability.</p>
+
+
+<h3 id="eop-in-qualcomm-sound-codec-driver">Elevation of privilege
+vulnerability in Qualcomm sound codec driver</h3>
+<p>An elevation of privilege vulnerability in the Qualcomm sound codec driver
+could enable a local malicious application to execute arbitrary code within the
+context of the kernel. This issue is rated as High because it first requires
+compromising a privileged process.</p>
+
+<table>
+ <col width="19%">
+ <col width="20%">
+ <col width="10%">
+ <col width="23%">
+ <col width="17%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Google devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-10231</td>
+ <td>A-33966912<br>
+ <a
+href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=3bfe5a89916f7d29492e9f6d941d108b688cb804">
+QC-CR#1096799</a></td>
+ <td>High</td>
+ <td>Pixel, Pixel XL</td>
+ <td>Dec 29, 2016</td>
+ </tr>
+</table>
+
+
+<h3 id="eop-in-qualcomm-video-driver">Elevation of privilege vulnerability in
+Qualcomm video driver</h3>
+<p>An elevation of privilege vulnerability in the Qualcomm video driver could
+enable a local malicious application to execute arbitrary code within the
+context of the kernel. This issue is rated as High because it first requires
+compromising a privileged process.</p>
+
+<table>
+ <col width="19%">
+ <col width="20%">
+ <col width="10%">
+ <col width="23%">
+ <col width="17%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Google devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-0579</td>
+ <td>A-34125463*<br>
+ QC-CR#1115406</td>
+ <td>High</td>
+ <td>Nexus 5X, Nexus 6P, Pixel, Pixel XL</td>
+ <td>Jan 5, 2017</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10232</td>
+ <td>A-34386696<br>
+ <a
+href="https://source.codeaurora.org/quic/la//kernel/msm-3.10/commit/?id=21e0ead58e47798567d846b84f16f89cf69a57ae">
+QC-CR#1024872</a> <a
+href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=27f7b3b3059f6181e2786f886f4cd92f413bc30c">
+[2]</a></td>
+ <td>High</td>
+ <td>Nexus 5X, Nexus 6P, Pixel, Pixel XL, Android One</td>
+ <td>Jan 10, 2017</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10233</td>
+ <td>A-34389926<br>
+ <a
+href="https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=d793c6d91ecba2a1fd206ad47a4fd408d290addf">
+QC-CR#897452</a></td>
+ <td>High</td>
+ <td>None**</td>
+ <td>Jan 10, 2017</td>
+ </tr>
+</table>
+<p>* The patch for this issue is not publicly available. The update is contained
+in the latest binary drivers for Nexus devices available from the
+<a href="https://developers.google.com/android/nexus/drivers">
+Google Developer site</a>.</p>
+<p>** Supported Google devices on Android 7.0 or later that have installed all
+available updates are not affected by this vulnerability.</p>
+
+
+<h3 id="eop-in-nvidia-boot-and-power-management-processor-driver">Elevation of
+privilege vulnerability in NVIDIA boot and power management processor
+driver</h3>
+<p>An elevation of privilege vulnerability in the NVIDIA boot and power management
+processor driver could enable a local malicious application to execute
+arbitrary code within the context of the boot and power management processor.
+This issue is rated as High because it first requires compromising a privileged
+process.</p>
+
+<table>
+ <col width="19%">
+ <col width="20%">
+ <col width="10%">
+ <col width="23%">
+ <col width="17%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Google devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-0329</td>
+ <td>A-34115304*<br>
+ N-CVE-2017-0329</td>
+ <td>High</td>
+ <td>Pixel C</td>
+ <td>Jan 5, 2017</td>
+ </tr>
+</table>
+<p>* The patch for this issue is not publicly available. The update is contained
+in the latest binary drivers for Nexus devices available from the
+<a href="https://developers.google.com/android/nexus/drivers">
+Google Developer site</a>.</p>
+
+
+<h3 id="eop-in-synaptics-touchscreen-driver">Elevation of privilege
+vulnerability in Synaptics touchscreen driver</h3>
+<p>An elevation of privilege vulnerability in the Synaptics Touchscreen driver
+could enable a local malicious application to execute arbitrary code within the
+context of the kernel. This issue is rated as High because it first requires
+compromising a privileged process.</p>
+
+<table>
+ <col width="19%">
+ <col width="20%">
+ <col width="10%">
+ <col width="23%">
+ <col width="17%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Google devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-0580</td>
+ <td>A-34325986*<br>
+ </td>
+ <td>High</td>
+ <td>None**</td>
+ <td>Jan 16, 2017</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0581</td>
+ <td>A-34614485*<br>
+ </td>
+ <td>High</td>
+ <td>None**</td>
+ <td>Jan 22, 2017</td>
+ </tr>
+</table>
+<p>* The patch for this issue is not publicly available. The update is contained
+in the latest binary drivers for Nexus devices available from the
+<a href="https://developers.google.com/android/nexus/drivers">
+Google Developer site</a>.</p>
+<p>** Supported Google devices on Android 7.0 or later that have installed all
+available updates are not affected by this vulnerability.</p>
+
+
+<h3 id="eop-in-qualcomm-seemp-driver">Elevation of privilege vulnerability in
+Qualcomm Seemp driver</h3>
+<p>An elevation of privilege vulnerability in the Qualcomm Seemp driver could
+enable a local malicious application to execute arbitrary code within the
+context of the kernel. This issue is rated as High because it first requires
+compromising a privileged process.</p>
+
+<table>
+ <col width="19%">
+ <col width="20%">
+ <col width="10%">
+ <col width="23%">
+ <col width="17%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Google devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-0462</td>
+ <td>A-33353601<br>
+ <a
+href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=eb7b1426279e751b1fc3e86f434dc349945c1ae7">
+QC-CR#1102288</a></td>
+ <td>High</td>
+ <td>Pixel, Pixel XL</td>
+ <td>Google internal</td>
+ </tr>
+</table>
+
+
+<h3 id="eop-in-qualcomm-kyro-l2-driver">Elevation of privilege vulnerability in
+Qualcomm Kyro L2 driver</h3>
+<p>An elevation of privilege vulnerability in the Qualcomm Kyro L2 driver could
+enable a local malicious application to execute arbitrary code within the
+context of the kernel. This issue is rated as High because it first requires
+compromising a privileged process.</p>
+
+<table>
+ <col width="19%">
+ <col width="20%">
+ <col width="10%">
+ <col width="23%">
+ <col width="17%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Google devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-6423</td>
+ <td>A-32831370<br>
+ <a
+href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=0f264f812b61884390b432fdad081a3e995ba768">
+QC-CR#1103158</a></td>
+ <td>High</td>
+ <td>Pixel, Pixel XL</td>
+ <td>Google internal</td>
+ </tr>
+</table>
+
+
+<h3 id="eop-in-kernel-file-system">Elevation of privilege vulnerability in
+kernel file system</h3>
+<p>An elevation of privilege vulnerability in the kernel file system could enable
+a local malicious application to execute arbitrary code within the context of
+the kernel. This issue is rated as High because it first requires compromising
+a privileged process.</p>
+
+<table>
+ <col width="19%">
+ <col width="20%">
+ <col width="10%">
+ <col width="23%">
+ <col width="17%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Google devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2014-9922</td>
+ <td>A-32761463<br>
+ <a
+href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=69c433ed2ecd2d3264efd7afec4439524b319121">
+Upstream kernel</a></td>
+ <td>High</td>
+ <td>Nexus 5X, Nexus 6, Nexus 6P, Nexus 9, Pixel, Pixel XL, Pixel C, Android
+One, Nexus Player</td>
+ <td>Google internal</td>
+ </tr>
+</table>
+
+
+<h3 id="id-in-kernel-memory-subsystem">Information disclosure vulnerability in
+kernel memory subsystem</h3>
+<p>An information disclosure vulnerability in the kernel memory subsystem could
+enable a local malicious application to access data outside of its permission
+levels. This issue is rated as High because it could be used to access
+sensitive data without explicit user permission.</p>
+
+<table>
+ <col width="19%">
+ <col width="20%">
+ <col width="10%">
+ <col width="23%">
+ <col width="17%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Google devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2014-0206</td>
+ <td>A-34465735<br>
+ <a
+href="https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=d36db46c2cba973557eb6138d22210c4e0cf17d6">
+Upstream kernel</a></td>
+ <td>High</td>
+ <td>Nexus 6, Nexus Player</td>
+ <td>May 6, 2014</td>
+ </tr>
+</table>
+
+
+<h3 id="id-in-kernel-networking-subsystem">Information disclosure vulnerability
+in kernel networking subsystem</h3>
+<p>An information disclosure vulnerability in the kernel networking subsystem
+could enable a local malicious application to access data outside of its
+permission levels. This issue is rated as High because it could be used to
+access sensitive data without explicit user permission.</p>
+
+<table>
+ <col width="19%">
+ <col width="20%">
+ <col width="10%">
+ <col width="23%">
+ <col width="17%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Google devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2014-3145</td>
+ <td>A-34469585<br>
+ <a
+href="https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=314760e66c35c8ffa51b4c4ca6948d207e783079">
+Upstream kernel</a> <a
+href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=05ab8f2647e4221cbdb3856dd7d32bd5407316b3">
+[2]</a></td>
+ <td>High</td>
+ <td>Nexus 6, Nexus Player</td>
+ <td>May 9, 2014</td>
+ </tr>
+</table>
+
+
+<h3 id="id-in-qualcomm-trustzone">Information disclosure vulnerability in
+Qualcomm TrustZone</h3>
+<p>An information disclosure vulnerability in the Qualcomm TrustZone could enable
+a local malicious application to access data outside of its permission levels.
+This issue is rated as High because it could be used to access sensitive data
+without explicit user permission.</p>
+
+<table>
+ <col width="19%">
+ <col width="20%">
+ <col width="10%">
+ <col width="23%">
+ <col width="17%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Google devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-5349</td>
+ <td>A-29083830<br>
+ <a
+href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=7c3bf6557c62d904b15507eb451fda8fd7ef750c">
+QC-CR#1021945</a> <a
+href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=03853a58952834ac3e1e3007c9c680dd4c001a2f">
+[2]</a> <a
+href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=e3d969000fb60ecb9bc01667fa89957f67763514">
+[3]</a> <a
+href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=9bd398661cae758ffc557adc7de74ba32654e1f9">
+[4]</a></td>
+ <td>High</td>
+ <td>Nexus 5X, Nexus 6, Nexus 6P, Pixel, Pixel XL, Android One</td>
+ <td>Jun 1, 2016</td>
+ </tr>
+</table>
+
+
+<h3 id="id-in-qualcomm-ipa-driver">Information disclosure vulnerability in
+Qualcomm IPA driver</h3>
+<p>An information disclosure vulnerability in the Qualcomm IPA driver could enable
+a local malicious application to access data outside of its permission levels.
+This issue is rated as High because it could be used to access sensitive data
+without explicit user permission.</p>
+
+<table>
+ <col width="19%">
+ <col width="20%">
+ <col width="10%">
+ <col width="23%">
+ <col width="17%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Google devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-10234</td>
+ <td>A-34390017<br>
+ <a
+href="https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=c7d7492c1e329fdeb28a7901c4cd634d41a996b1">
+QC-CR#1069060</a> <a
+href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=d12370c7f3ecded1867fbd6b70ded35db55cab1d">
+[2]</a></td>
+ <td>High</td>
+ <td>Nexus 5X, Nexus 6P, Pixel, Pixel XL</td>
+ <td>Jan 10, 2017</td>
+ </tr>
+</table>
+
+
+<h3 id="dos-in-kernel-networking-subsystem">Denial of service vulnerability in
+kernel networking subsystem</h3>
+<p>A denial of service vulnerability in the kernel networking subsystem could
+enable a remote attacker to use a specially crafted network packet to cause a
+device hang or reboot. This issue is rated as High due to the possibility of
+remote denial of service.</p>
+
+<table>
+ <col width="19%">
+ <col width="20%">
+ <col width="10%">
+ <col width="23%">
+ <col width="17%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Google devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2014-2706</td>
+ <td>A-34160553<br>
+ <a
+href="https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=1d147bfa64293b2723c4fec50922168658e613ba">
+Upstream kernel</a></td>
+ <td>High</td>
+ <td>Nexus Player</td>
+ <td>Apr 1, 2014</td>
+ </tr>
+</table>
+
+
+<h3 id="dos-in-qualcomm-wi-fi-driver">Denial of service vulnerability in
+Qualcomm Wi-Fi driver</h3>
+<p>A denial of service vulnerability in the Qualcomm Wi-Fi driver could enable a
+proximate attacker to cause a denial of service in the Wi-Fi subsystem. This
+issue is rated as High due to the possibility of remote denial of service.</p>
+
+<table>
+ <col width="19%">
+ <col width="20%">
+ <col width="10%">
+ <col width="23%">
+ <col width="17%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Google devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-10235</td>
+ <td>A-34390620<br>
+ <a
+href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=5bb0059243515ecdac138cfdb4cee7259bbd0bbc">
+QC-CR#1046409</a></td>
+ <td>High</td>
+ <td>None**</td>
+ <td>Jan 10, 2017</td>
+ </tr>
+</table>
+<p>** Supported Google devices on Android 7.0 or later that have installed all
+available updates are not affected by this vulnerability.</p>
+
+
+<h3 id="eop-in-kernel-file-system-2">Elevation of privilege vulnerability in
+kernel file system</h3>
+<p>An elevation of privilege vulnerability in the kernel file system could enable
+a local malicious application to execute arbitrary code outside of its
+permission levels. This issue is rated as Moderate because it first requires
+compromising a privileged process and is mitigated by current platform
+configurations.</p>
+
+<table>
+ <col width="19%">
+ <col width="20%">
+ <col width="10%">
+ <col width="23%">
+ <col width="17%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Google devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-7097</td>
+ <td>A-32458736<br>
+ <a
+href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=073931017b49d9458aa351605b43a7e34598caef">
+Upstream kernel</a></td>
+ <td>Moderate</td>
+ <td>Nexus 5X, Nexus 6, Nexus 6P, Nexus 9, Pixel, Pixel XL, Pixel C, Nexus
+Player</td>
+ <td>Aug 28, 2016</td>
+ </tr>
+</table>
+
+
+<h3 id="eop-in-qualcomm-wi-fi-driver-2">Elevation of privilege vulnerability in
+Qualcomm Wi-Fi driver</h3>
+<p>An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could
+enable a local malicious application to execute arbitrary code within the
+context of the kernel. This issue is rated as Moderate because it first
+requires compromising a privileged process and because of vulnerability
+specific details which limit the impact of the issue.</p>
+
+<table>
+ <col width="19%">
+ <col width="20%">
+ <col width="10%">
+ <col width="23%">
+ <col width="17%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Google devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-6424</td>
+ <td>A-32086742<br>
+ <a
+href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=5cc2ac840e36a3342c5194c20b314f0bb95ef7e1">
+QC-CR#1102648</a></td>
+ <td>Moderate</td>
+ <td>Nexus 5X, Pixel, Pixel XL, Android One</td>
+ <td>Oct 9, 2016</td>
+ </tr>
+</table>
+
+
+<h3 id="eop-in-broadcom-wi-fi-driver-2">Elevation of privilege vulnerability in
+Broadcom Wi-Fi driver</h3>
+<p>An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could
+enable a local malicious application to execute arbitrary code within the
+context of the kernel. This issue is rated as Moderate because it first
+requires compromising a privileged process and is mitigated by current platform
+configurations.</p>
+
+<table>
+ <col width="19%">
+ <col width="20%">
+ <col width="10%">
+ <col width="23%">
+ <col width="17%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Google devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-8465</td>
+ <td>A-32474971*<br>
+ B-RB#106053</td>
+ <td>Moderate</td>
+ <td>Nexus 6, Nexus 6P, Nexus 9, Pixel C, Nexus Player</td>
+ <td>Oct 27, 2016</td>
+ </tr>
+</table>
+<p>* The patch for this issue is not publicly available. The update is contained
+in the latest binary drivers for Nexus devices available from the
+<a href="https://developers.google.com/android/nexus/drivers">
+Google Developer site</a>.</p>
+
+
+<h3 id="eop-in-htc-oem-fastboot-command">Elevation of privilege vulnerability
+in HTC OEM fastboot command</h3>
+<p>An elevation of privilege vulnerability in the HTC OEM fastboot command could
+enable a local malicious application to execute arbitrary code within the
+context of the sensor hub. This issue is rated as Moderate because it first
+requires exploitation of separate vulnerabilities.</p>
+
+<table>
+ <col width="19%">
+ <col width="20%">
+ <col width="10%">
+ <col width="23%">
+ <col width="17%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Google devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-0582</td>
+ <td>A-33178836*<br>
+ </td>
+ <td>Moderate</td>
+ <td>Nexus 9</td>
+ <td>Nov 28, 2016</td>
+ </tr>
+</table>
+<p>* The patch for this issue is not publicly available. The update is contained
+in the latest binary drivers for Nexus devices available from the
+<a href="https://developers.google.com/android/nexus/drivers">
+Google Developer site</a>.</p>
+
+
+<h3 id="eop-in-qualcomm-cp-access-driver">Elevation of privilege vulnerability
+in Qualcomm CP access driver</h3>
+<p>An elevation of privilege vulnerability in the Qualcomm CP access driver could
+enable a local malicious application to execute arbitrary code within the
+context of the kernel. This issue is rated as Moderate because it first
+requires compromising a privileged process and because of vulnerability
+specific details which limit the impact of the issue.</p>
+
+<table>
+ <col width="19%">
+ <col width="20%">
+ <col width="10%">
+ <col width="23%">
+ <col width="17%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Google devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-0583</td>
+ <td>A-32068683<br>
+ <a
+href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=452d2ad331d20b19e8a0768c4b6e7fe1b65abe8f">
+QC-CR#1103788</a></td>
+ <td>Moderate</td>
+ <td>Nexus 5X, Nexus 6P, Pixel, Pixel XL, Android One</td>
+ <td>Google internal</td>
+ </tr>
+</table>
+
+
+<h3 id="id-in-kernel-media-driver">Information disclosure vulnerability in
+kernel media driver</h3>
+<p>An information disclosure vulnerability in the kernel media driver could enable
+a local malicious application to access data outside of its permission levels.
+This issue is rated as Moderate because it first requires compromising a
+privileged process.</p>
+
+<table>
+ <col width="19%">
+ <col width="20%">
+ <col width="10%">
+ <col width="23%">
+ <col width="17%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Google devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2014-1739</td>
+ <td>A-34460642<br>
+ <a
+href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e6a623460e5fc960ac3ee9f946d3106233fd28d8">
+Upstream kernel</a></td>
+ <td>Moderate</td>
+ <td>Nexus 6, Nexus 9, Nexus Player</td>
+ <td>Jun 15, 2014</td>
+ </tr>
+</table>
+
+
+<h3 id="id-in-qualcomm-wi-fi-driver">Information disclosure vulnerability in
+Qualcomm Wi-Fi driver</h3>
+<p>An information disclosure vulnerability in the Qualcomm Wi-Fi driver could
+enable a local malicious application to access data outside of its permission
+levels. This issue is rated as Moderate because it first requires compromising
+a privileged process.</p>
+
+<table>
+ <col width="19%">
+ <col width="20%">
+ <col width="10%">
+ <col width="23%">
+ <col width="17%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Google devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-0584</td>
+ <td>A-32074353*<br>
+ QC-CR#1104731</td>
+ <td>Moderate</td>
+ <td>Nexus 5X, Pixel, Pixel XL</td>
+ <td>Oct 9, 2016</td>
+ </tr>
+</table>
+<p>* The patch for this issue is not publicly available. The update is contained
+in the latest binary drivers for Nexus devices available from the
+<a href="https://developers.google.com/android/nexus/drivers">
+Google Developer site</a>.</p>
+
+
+<h3 id="id-in-broadcom-wi-fi-driver">Information disclosure vulnerability in
+Broadcom Wi-Fi driver</h3>
+<p>An information disclosure vulnerability in the Broadcom Wi-Fi driver could
+enable a local malicious application to access data outside of its permission
+levels. This issue is rated as Moderate because it first requires compromising
+a privileged process.</p>
+
+<table>
+ <col width="19%">
+ <col width="20%">
+ <col width="10%">
+ <col width="23%">
+ <col width="17%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Google devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-0585</td>
+ <td>A-32475556*<br>
+ B-RB#112953</td>
+ <td>Moderate</td>
+ <td>Nexus 6, Nexus 6P, Nexus 9, Pixel C, Nexus Player</td>
+ <td>Oct 27, 2016</td>
+ </tr>
+</table>
+<p>* The patch for this issue is not publicly available. The update is contained
+in the latest binary drivers for Nexus devices available from the
+<a href="https://developers.google.com/android/nexus/drivers">
+Google Developer site</a>.</p>
+
+
+<h3 id="id-in-qualcomm-avtimer-driver">Information disclosure vulnerability in
+Qualcomm Avtimer driver</h3>
+<p>An information disclosure vulnerability in the Qualcomm Avtimer driver could
+enable a local malicious application to access data outside of its permission
+levels. This issue is rated as Moderate because it first requires compromising
+a privileged process.</p>
+
+<table>
+ <col width="19%">
+ <col width="20%">
+ <col width="10%">
+ <col width="23%">
+ <col width="17%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Google devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-5346</td>
+ <td>A-32551280<br>
+ <a
+href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=6298a474322fb2182f795a622b2faa64abfd8474">
+QC-CR#1097878</a></td>
+ <td>Moderate</td>
+ <td>Pixel, Pixel XL</td>
+ <td>Oct 29, 2016</td>
+ </tr>
+</table>
+
+
+<h3 id="id-in-qualcomm-video-driver">Information disclosure vulnerability in
+Qualcomm video driver</h3>
+<p>An information disclosure vulnerability in the Qualcomm video driver could
+enable a local malicious application to access data outside of its permission
+levels. This issue is rated as Moderate because it first requires compromising
+a privileged process.</p>
+
+<table>
+ <col width="19%">
+ <col width="20%">
+ <col width="10%">
+ <col width="23%">
+ <col width="17%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Google devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-6425</td>
+ <td>A-32577085<br>
+ <a
+href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=ef86560a21fe1f256f6ba772a195201ff202c657">
+QC-CR#1103689</a></td>
+ <td>Moderate</td>
+ <td>Pixel, Pixel XL</td>
+ <td>Oct 29, 2016</td>
+ </tr>
+</table>
+
+
+<h3 id="id-in-qualcomm-usb-driver">Information disclosure vulnerability in
+Qualcomm USB driver</h3>
+<p>An information disclosure vulnerability in the Qualcomm USB driver could enable
+a local malicious application to access data outside of its permission levels.
+This issue is rated as Moderate because it first requires compromising a
+privileged process.</p>
+
+<table>
+ <col width="19%">
+ <col width="20%">
+ <col width="10%">
+ <col width="23%">
+ <col width="17%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Google devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-10236</td>
+ <td>A-33280689<br>
+ <a
+href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=b8199c2b852f1e23c988e10b8fbb8d34c98b4a1c">
+QC-CR#1102418</a></td>
+ <td>Moderate</td>
+ <td>Pixel, Pixel XL</td>
+ <td>Nov 30, 2016</td>
+ </tr>
+</table>
+
+
+<h3 id="id-in-qualcomm-sound-driver">Information disclosure vulnerability in
+Qualcomm sound driver</h3>
+<p>An information disclosure vulnerability in the Qualcomm sound driver could
+enable a local malicious application to access data outside of its permission
+levels. This issue is rated as Moderate because it first requires compromising
+a privileged process.</p>
+
+<table>
+ <col width="19%">
+ <col width="20%">
+ <col width="10%">
+ <col width="23%">
+ <col width="17%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Google devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-0586</td>
+ <td>A-33649808<br>
+ QC-CR#1097569</td>
+ <td>Moderate</td>
+ <td>Nexus 5X, Nexus 6, Nexus 6P, Pixel, Pixel XL, Android One</td>
+ <td>Dec 13, 2016</td>
+ </tr>
+</table>
+
+
+<h3 id="id-in-qualcomm-spmi-driver">Information disclosure vulnerability in
+Qualcomm SPMI driver</h3>
+<p>An information disclosure vulnerability in the Qualcomm SPMI driver could
+enable a local malicious application to access data outside of its permission
+levels. This issue is rated as Moderate because it first requires compromising
+a privileged process.</p>
+
+<table>
+ <col width="19%">
+ <col width="20%">
+ <col width="10%">
+ <col width="23%">
+ <col width="17%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Google devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-6426</td>
+ <td>A-33644474<br>
+ <a
+href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=80decd6365deec08c35ecb902a58f9210599b39a">
+QC-CR#1106842</a></td>
+ <td>Moderate</td>
+ <td>Pixel, Pixel XL</td>
+ <td>Dec 14, 2016</td>
+ </tr>
+</table>
+
+
+<h3 id="id-in-nvidia-crypto-driver">Information disclosure vulnerability in
+NVIDIA crypto driver</h3>
+<p>An information disclosure vulnerability in the NVIDIA crypto driver could
+enable a local malicious application to access data outside of its permission
+levels. This issue is rated as Moderate because it first requires compromising
+a privileged process.</p>
+
+<table>
+ <col width="19%">
+ <col width="20%">
+ <col width="10%">
+ <col width="23%">
+ <col width="17%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Google devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2017-0328</td>
+ <td>A-33898322*<br>
+ N-CVE-2017-0328</td>
+ <td>Moderate</td>
+ <td>None**</td>
+ <td>Dec 24, 2016</td>
+ </tr>
+ <tr>
+ <td>CVE-2017-0330</td>
+ <td>A-33899858*<br>
+ N-CVE-2017-0330</td>
+ <td>Moderate</td>
+ <td>None**</td>
+ <td>Dec 24, 2016</td>
+ </tr>
+</table>
+<p>* The patch for this issue is not publicly available. The update is contained
+in the latest binary drivers for Nexus devices available from the
+<a href="https://developers.google.com/android/nexus/drivers">
+Google Developer site</a>.</p>
+<p>** Supported Google devices on Android 7.0 or later that have installed all
+available updates are not affected by this vulnerability.</p>
+
+
+<h3 id="vulnerabilities-in-qualcomm-components-2">Vulnerabilities in Qualcomm
+components</h3>
+<p>These vulnerabilities affecting Qualcomm components were released as part of
+Qualcomm AMSS security bulletins between 2014–2016. They are included in this
+Android security bulletin to associate their fixes with an Android security
+patch level. </p>
+
+<table>
+ <col width="19%">
+ <col width="20%">
+ <col width="10%">
+ <col width="23%">
+ <col width="17%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Google devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2014-9931</td>
+ <td>A-35445101**<br>
+ QC-CR#612410</td>
+ <td>Critical</td>
+ <td>None**</td>
+ <td>Qualcomm internal</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9932</td>
+ <td>A-35434683**<br>
+ QC-CR#626734</td>
+ <td>Critical</td>
+ <td>Pixel, Pixel XL</td>
+ <td>Qualcomm internal</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9933</td>
+ <td>A-35442512<br>
+ QC-CR#675463</td>
+ <td>Critical</td>
+ <td>None**</td>
+ <td>Qualcomm internal</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9934</td>
+ <td>A-35439275**<br>
+ QC-CR#658249</td>
+ <td>Critical</td>
+ <td>None**</td>
+ <td>Qualcomm internal</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9935</td>
+ <td>A-35444951**<br>
+ QC-CR#717626</td>
+ <td>Critical</td>
+ <td>None**</td>
+ <td>Qualcomm internal</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9936</td>
+ <td>A-35442420**<br>
+ QC-CR#727389</td>
+ <td>Critical</td>
+ <td>None**</td>
+ <td>Qualcomm internal</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9937</td>
+ <td>A-35445102**<br>
+ QC-CR#734095</td>
+ <td>Critical</td>
+ <td>None**</td>
+ <td>Qualcomm internal</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-8995</td>
+ <td>A-35445002**<br>
+ QC-CR#733690</td>
+ <td>Critical</td>
+ <td>None**</td>
+ <td>Qualcomm internal</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-8996</td>
+ <td>A-35444658**<br>
+ QC-CR#734698</td>
+ <td>Critical</td>
+ <td>None**</td>
+ <td>Qualcomm internal</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-8997</td>
+ <td>A-35432947**<br>
+ QC-CR#734707</td>
+ <td>Critical</td>
+ <td>None**</td>
+ <td>Qualcomm internal</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-8998</td>
+ <td>A-35441175**<br>
+ QC-CR#735337</td>
+ <td>Critical</td>
+ <td>None**</td>
+ <td>Qualcomm internal</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-8999</td>
+ <td>A-35445401**<br>
+ QC-CR#736119</td>
+ <td>Critical</td>
+ <td>None**</td>
+ <td>Qualcomm internal</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9000</td>
+ <td>A-35441076**<br>
+ QC-CR#740632</td>
+ <td>Critical</td>
+ <td>None**</td>
+ <td>Qualcomm internal</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9001</td>
+ <td>A-35445400**<br>
+ QC-CR#736083</td>
+ <td>Critical</td>
+ <td>None**</td>
+ <td>Qualcomm internal</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9002</td>
+ <td>A-35442421**<br>
+ QC-CR#748428</td>
+ <td>Critical</td>
+ <td>None**</td>
+ <td>Qualcomm internal</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-9003</td>
+ <td>A-35440626**<br>
+ QC-CR#749215</td>
+ <td>Critical</td>
+ <td>None**</td>
+ <td>Qualcomm internal</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-10242</td>
+ <td>A-35434643**<br>
+ QC-CR#985139</td>
+ <td>Critical</td>
+ <td>None**</td>
+ <td>Qualcomm internal</td>
+ </tr>
+</table>
+<p>* The severity rating for these vulnerabilities was determined by the vendor.</p>
+<p>* The patch for this issue is not publicly available. The update is contained
+in the latest binary drivers for Nexus devices available from the
+<a href="https://developers.google.com/android/nexus/drivers">
+Google Developer site</a>.</p>
+<p>*** Supported Google devices on Android 7.0 or later that have installed all
+available updates are not affected by this vulnerability.</p>
+
+<h2 id="common-questions-and-answers">Common Questions and Answers</h2>
+<p>This section answers common questions that may occur after reading this
+bulletin.</p>
+<p><strong>1. How do I determine if my device is updated to address these issues?</strong></p>
+<p>To learn how to check a device's security patch level, read the instructions on
+the <a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">Pixel
+and Nexus update schedule</a>.</p>
+<ul>
+ <li>Security patch levels of 2017-04-01 or later address all issues associated
+ with the 2017-04-01 security patch level.</li>
+ <li>Security patch levels of 2017-04-05 or later address all issues associated
+ with the 2017-04-05 security patch level and all previous patch levels.</li>
+</ul>
+<p>Device manufacturers that include these updates should set the patch string
+level to:</p>
+<ul>
+ <li>[ro.build.version.security_patch]:[2017-04-01]</li>
+ <li>[ro.build.version.security_patch]:[2017-04-05]</li>
+</ul>
+
+<p><strong>2. Why does this bulletin have two security patch levels?</strong></p>
+<p>This bulletin has two security patch levels so that Android partners have the
+flexibility to fix a subset of vulnerabilities that are similar across all
+Android devices more quickly. Android partners are encouraged to fix all issues
+in this bulletin and use the latest security patch level.</p>
+<ul>
+ <li>Devices that use the April 01, 2017 security patch level must include all
+ issues associated with that security patch level, as well as fixes for all
+ issues reported in previous security bulletins.</li>
+ <li>Devices that use the security patch level of April 05, 2017 or newer must
+ include all applicable patches in this (and previous) security
+ bulletins.</li>
+</ul>
+<p>Partners are encouraged to bundle the fixes for all issues they are addressing
+in a single update.</p>
+<p><strong>3. How do I determine which Google devices are affected by each
+issue?</strong></p>
+<p>In the <a
+href="#2017-04-01-security-patch-level—vulnerability-details">2017-04-01</a> and
+<a href="#2017-04-05-security-patch-level—vulnerability-details">2017-04-05</a>
+security vulnerability details sections, each table has an <em>Updated Google
+devices</em> column that covers the range of affected Google devices updated for
+each issue. This column has a few options:</p>
+<ul>
+ <li><strong>All Google devices</strong>: If an issue affects All and Pixel
+ devices, the table will have "All" in the <em>Updated Google devices</em>
+ column. "All" encapsulates the following <a
+ href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">supported
+ devices</a>: Nexus 5X, Nexus 6, Nexus 6P, Nexus 7 (2013), Nexus 9, Android One,
+ Nexus Player, Pixel C, Pixel, and Pixel XL.</li>
+ <li><strong>Some Google devices</strong>: If an issue doesn't affect all Google
+ devices, the affected Google devices are listed in the <em>Updated Google
+ devices</em> column.</li>
+ <li><strong>No Google devices</strong>: If no Google devices running Android 7.0
+ are affected by the issue, the table will have "None" in the <em>Updated Google
+ devices</em> column. </li>
+</ul>
+<p><strong>4. What do the entries in the references column map to?</strong></p>
+<p>Entries under the <em>References</em> column of the vulnerability details table
+may contain a prefix identifying the organization to which the reference value
+belongs. These prefixes map as follows:</p>
+<table>
+ <tr>
+ <th>Prefix</th>
+ <th>Reference</th>
+ </tr>
+ <tr>
+ <td>A-</td>
+ <td>Android bug ID</td>
+ </tr>
+ <tr>
+ <td>QC-</td>
+ <td>Qualcomm reference number</td>
+ </tr>
+ <tr>
+ <td>M-</td>
+ <td>MediaTek reference number</td>
+ </tr>
+ <tr>
+ <td>N-</td>
+ <td>NVIDIA reference number</td>
+ </tr>
+ <tr>
+ <td>B-</td>
+ <td>Broadcom reference number</td>
+ </tr>
+</table>
+
+<h2 id="revisions">Revisions</h2>
+<ul>
+ <li>April 03, 2017: Bulletin published.</li>
+</ul>
+
diff --git a/src/security/bulletin/index.jd b/src/security/bulletin/index.jd
index 7f433e8..14733af 100644
--- a/src/security/bulletin/index.jd
+++ b/src/security/bulletin/index.jd
@@ -76,6 +76,14 @@
<th>Security Patch Level</th>
</tr>
<tr>
+ <td><a href="2017-04-01.html">April 2017</a></td>
+ <td>Coming soon
+ </td>
+ <td>April 3, 2017</td>
+ <td>2017-04-01<br>
+ 2017-04-05</td>
+ </tr>
+ <tr>
<td><a href="2017-03-01.html">March 2017</a></td>
<td>Coming soon
</td>
diff --git a/src/security/overview/acknowledgements.jd b/src/security/overview/acknowledgements.jd
index 00623b0..06724bf 100644
--- a/src/security/overview/acknowledgements.jd
+++ b/src/security/overview/acknowledgements.jd
@@ -104,6 +104,10 @@
<p><a href="mailto:hlhan@bupt.edu.cn">Hongli Han</a> of
<a href="http://c0reteam.org">C0RE Team</a></p>
+<p>Ian Foster (<a href="https://twitter.com/lanrat">@lanrat</a>)</p>
+
+<p>Jack Tang of Trend Micro Inc.</p>
+
<p>Jeff Sharkey of Google</p>
<p>Jeff Trim</p>
@@ -127,10 +131,15 @@
<p>Makoto Onuki of Google</p>
+<p><a href="mailto:salyzyn@android.com">Mark Salyzyn</a> of Google</p>
+
<p>Max Spector of Google:</p>
<p>Michael Goberman of IBM Security X-Force</p>
+<p>Mike Anderson (<a href="https://twitter.com/manderbot">@manderbot</a>)
+ of Tesla Motors Product Security Team</p>
+
<p>Mingjian Zhou (<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>)
of <a href="http://c0reteam.org">C0RE Team</a></p>
@@ -186,9 +195,13 @@
<p>Svetoslav Ganov of Google</p>
+<p>Tim Becker</p>
+
<p><a href="mailto:segfault5514@gmail.com">Tong Lin</a>
of <a href="http://c0reteam.org">C0RE Team</a></p>
+<p>Uma Sankar Pradhan (<a href="https://twitter.com/umasankar_iitd">@umasankar_iitd</a>)</p>
+
<p>V.E.O (<a href="https://twitter.com/vysea">@VYSEa</a>) of Mobile Threat
Research Team, <a href="http://www.trendmicro.com">Trend Micro</a></p>
@@ -199,6 +212,9 @@
<p><a href="mailto:vancouverdou@gmail.com">Wenke Dou</a> of
<a href="http://c0reteam.org">C0RE Team</a></p>
+
+<p>Wenlin Yang (<a href="https://twitter.com/wenlin_yang">@wenlin_yang</a>)
+of Alpha Team, Qihoo 360 Technology Co. Ltd.</p>
<p>Wish Wu (<a href="https://twitter.com/wish_wu">@wish_wu</a>)
(<a href="http://www.weibo.com/wishlinux">吴潍浠</a> 此彼) of Ant-financial Light-Year
@@ -219,6 +235,9 @@
<p>Yong Wang (王勇) (<a href="https://twitter.com/ThomasKing2014">@ThomasKing2014</a>)
of Alibaba Inc.</p>
+
+<p>Yonggang Guo (<a href="https://twitter.com/guoygang">@guoygang</a>) of
+ IceSword Lab, Qihoo 360 Technology Co. Ltd.</p>
<p>Yu Pan of Vulpecker Team, Qihoo 360 Technology Co. Ltd</p>
@@ -240,6 +259,11 @@
<p><a href="mailto:sundaywind2004@gmail.com">Zhixin Li</a> of
<a href="http://www.nsfocus.com">NSFocus</a></p>
+
+<p><a href="http://weibo.com/ele7enxxh">Zinuo Han</a> from Chengdu Security
+ Response Center of Qihoo 360 Technology Co. Ltd.</p>
+
+ <p>Zubin Mithra of Google</p>
</div>
diff --git a/src/security/security_toc.cs b/src/security/security_toc.cs
index 53aa8d3..36ff2aa 100644
--- a/src/security/security_toc.cs
+++ b/src/security/security_toc.cs
@@ -62,6 +62,7 @@
<li><a href="<?cs var:toroot ?>security/advisory/2016-03-18.html">2016-03-18</a></li>
</ul>
</li>
+ <li><a href="<?cs var:toroot ?>security/bulletin/2017-04-01.html">April 2017</a></li>
<li><a href="<?cs var:toroot ?>security/bulletin/2017-03-01.html">March 2017</a></li>
<li><a href="<?cs var:toroot ?>security/bulletin/2017-02-01.html">February 2017</a></li>
<li><a href="<?cs var:toroot ?>security/bulletin/2017-01-01.html">January 2017</a></li>
