| <html devsite> |
| <head> |
| <title>Pixel / Nexus Security Bulletin—November 2017</title> |
| <meta name="project_path" value="/_project.yaml" /> |
| <meta name="book_path" value="/_book.yaml" /> |
| </head> |
| <body> |
| <!-- |
| Copyright 2017 The Android Open Source Project |
| |
| Licensed under the Apache License, Version 2.0 (the "License"); |
| you may not use this file except in compliance with the License. |
| You may obtain a copy of the License at |
| |
| //www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, software |
| distributed under the License is distributed on an "AS IS" BASIS, |
| WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| See the License for the specific language governing permissions and |
| limitations under the License. |
| --> |
| |
| <p><em>Published November 6, 2017 | Updated November 8, 2017</em></p> |
| <p> |
| The Pixel / Nexus Security Bulletin contains details of security vulnerabilities |
| and functional improvements affecting <a |
| href="//support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">supported |
| Google Pixel and Nexus devices</a> (Google devices). |
| For Google devices, security patch levels of 2017-11-05 or later also address all |
| issues in this bulletin. To learn how to check a device's security patch level, see <a |
| href="//support.google.com/pixelphone/answer/4457705">Check and update your |
| Android version</a>. |
| </p> |
| <p> |
| All supported Google devices will receive an update to the 2017-11-05 patch |
| level. We encourage all customers to accept these updates to their devices. |
| </p> |
| <p class="note"> |
| <strong>Note:</strong> The Google device firmware images are available on the <a |
| href="//developers.google.com/android/nexus/images">Google Developer site</a>. |
| </p> |
| <h2 id="announcements">Announcements</h2> |
| <p> |
| In addition to the security vulnerabilities described in the <a |
| href="/security/bulletin/2017-11-01">November 2017 Android |
| Security Bulletin</a>, Pixel and Nexus devices also contain patches for the |
| security vulnerabilities described below. Partners were notified of these issues |
| at least a month ago and may choose to incorporate them as part of their device |
| updates. |
| </p> |
| <h2 id="security-patches">Security patches</h2> |
| <p> |
| Vulnerabilities are grouped under the component that they affect. There is a |
| description of the issue and a table with the CVE, associated references, <a |
| href="#type">type of vulnerability</a>, <a |
| href="/security/overview/updates-resources.html#severity">severity</a>, |
| and updated Android Open Source Project (AOSP) versions (where applicable). When |
| available, we link the public change that addressed the issue to the bug ID, |
| like the AOSP change list. When multiple changes relate to a single bug, |
| additional references are linked to numbers following the bug ID. |
| </p> |
| |
| <h3 id="framework">Framework</h3> |
| |
| <table> |
| <col width="17%"> |
| <col width="19%"> |
| <col width="9%"> |
| <col width="14%"> |
| <col width="39%"> |
| <tr> |
| <th>CVE</th> |
| <th>References</th> |
| <th>Type</th> |
| <th>Severity</th> |
| <th>Updated AOSP versions</th> |
| </tr> |
| <tr> |
| <td>CVE-2017-0845</td> |
| <td><a href="https://android.googlesource.com/platform/frameworks/base/+/e5787fc13164856e39690e40e81d3d46839eea16">A-35028827</a></td> |
| <td>DoS</td> |
| <td>Moderate</td> |
| <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> |
| </tr> |
| </table> |
| |
| |
| <h3 id="media-framework">Media framework</h3> |
| |
| <table> |
| <col width="17%"> |
| <col width="19%"> |
| <col width="9%"> |
| <col width="14%"> |
| <col width="39%"> |
| <tr> |
| <th>CVE</th> |
| <th>References</th> |
| <th>Type</th> |
| <th>Severity</th> |
| <th>Updated AOSP versions</th> |
| </tr> |
| <tr> |
| <td>CVE-2017-0838</td> |
| <td><a href="https://android.googlesource.com/platform/frameworks/av/+/528c7dd7c2387ac634b23973d0c1120d0f3d7ee7">A-63522818</a></td> |
| <td>EoP</td> |
| <td>High</td> |
| <td>7.0, 7.1.1, 7.1.2</td> |
| </tr> |
| <tr> |
| <td>CVE-2017-0852</td> |
| <td><a href="https://android.googlesource.com/platform/external/libhevc/+/5aee2541810f19aec67a1a9ea64973eb557aae9c">A-62815506</a></td> |
| <td>DoS</td> |
| <td>High</td> |
| <td>5.0.2, 5.1.1, 6.0</td> |
| </tr> |
| <tr> |
| <td>CVE-2017-0847</td> |
| <td><a href="https://android.googlesource.com/platform/frameworks/av/+/d162b02aefa4d2039f377ba9a45d753cd84d75f6">A-65540999</a></td> |
| <td>EoP</td> |
| <td>Moderate</td> |
| <td>8.0</td> |
| </tr> |
| <tr> |
| <td>CVE-2017-0848</td> |
| <td><a href="https://android.googlesource.com/platform/frameworks/av/+/2bec2c3b1fd778b35f45ff4f8b385ff9208fe692">A-64477217</a></td> |
| <td>ID</td> |
| <td>Moderate</td> |
| <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0</td> |
| </tr> |
| <tr> |
| <td>CVE-2017-0849</td> |
| <td><a href="https://android.googlesource.com/platform/external/libavc/+/aa11ab9fdbb63766703a6280f4fc778f2f2c91ed">A-62688399</a></td> |
| <td>ID</td> |
| <td>Moderate</td> |
| <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0</td> |
| </tr> |
| <tr> |
| <td>CVE-2017-0850</td> |
| <td>A-64836941<a href="#asterisk">*</a></td> |
| <td>ID</td> |
| <td>Moderate</td> |
| <td>7.0, 7.1.1, 7.1.2</td> |
| </tr> |
| <tr> |
| <td>CVE-2017-0851</td> |
| <td><a href="https://android.googlesource.com/platform/external/libhevc/+/8c5bb82f982e5949b3c2e3e0c80045cc5ff30ac8">A-35430570</a></td> |
| <td>ID</td> |
| <td>Moderate</td> |
| <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0</td> |
| </tr> |
| <tr> |
| <td rowspan="2">CVE-2017-0853</td> |
| <td rowspan="2"><a href="https://android.googlesource.com/platform/external/libmpeg2/+/dd89269aa283dd740fd16c6d7d3cf225b3623338">A-63121644</a></td> |
| <td>ID</td> |
| <td>Moderate</td> |
| <td>7.0, 7.1.1, 7.1.2, 8.0</td> |
| </tr> |
| <tr> |
| <td>DoS</td> |
| <td>High</td> |
| <td>6.0, 6.0.1</td> |
| </tr> |
| <tr> |
| <td rowspan="2">CVE-2017-0854</td> |
| <td rowspan="2"><a href="https://android.googlesource.com/platform/external/libmpeg2/+/8c0289c09cddd378cd9a321ccdb1c62e7b80f626">A-63873837</a></td> |
| <td>ID</td> |
| <td>Moderate</td> |
| <td>7.0, 7.1.1, 7.1.2, 8.0</td> |
| </tr> |
| <tr> |
| <td>DoS</td> |
| <td>High</td> |
| <td>6.0, 6.0.1</td> |
| </tr> |
| <tr> |
| <td rowspan="2">CVE-2017-0857</td> |
| <td rowspan="2"><a href="https://android.googlesource.com/platform/external/libavc/+/3eb692de916c3576a18990e3e4193fce93c016dc">A-65122447</a></td> |
| <td>NSI</td> |
| <td>NSI</td> |
| <td>7.0, 7.1.1, 7.1.2, 8.0</td> |
| </tr> |
| <tr> |
| <td>DoS</td> |
| <td>High</td> |
| <td>6.0, 6.0.1</td> |
| </tr> |
| <tr> |
| <td rowspan="2">CVE-2017-0858</td> |
| <td rowspan="2"><a href="https://android.googlesource.com/platform/external/libavc/+/208c74d62a3e1039dc87818306e057877760fbaa">A-64836894</a></td> |
| <td>NSI</td> |
| <td>NSI</td> |
| <td>7.0, 7.1.1, 7.1.2, 8.0</td> |
| </tr> |
| <tr> |
| <td>DoS</td> |
| <td>High</td> |
| <td>6.0, 6.0.1</td> |
| </tr> |
| <tr> |
| <td rowspan="2">CVE-2017-0859</td> |
| <td rowspan="2">A-36075131<a href="#asterisk">*</a></td> |
| <td>NSI</td> |
| <td>NSI</td> |
| <td>7.0, 7.1.1, 7.1.2</td> |
| </tr> |
| <tr> |
| <td>DoS</td> |
| <td>High</td> |
| <td>6.0, 6.0.1</td> |
| </tr> |
| </table> |
| |
| |
| <h3 id="runtime">Runtime</h3> |
| |
| <table> |
| <col width="17%"> |
| <col width="19%"> |
| <col width="9%"> |
| <col width="14%"> |
| <col width="39%"> |
| <tr> |
| <th>CVE</th> |
| <th>References</th> |
| <th>Type</th> |
| <th>Severity</th> |
| <th>Updated AOSP versions</th> |
| </tr> |
| <tr> |
| <td>CVE-2016-2105</td> |
| <td>A-63710022<a href="#asterisk">*</a></td> |
| <td>RCE</td> |
| <td>Moderate</td> |
| <td>5.0.2, 5.1.1</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-2106</td> |
| <td>A-63709511<a href="#asterisk">*</a></td> |
| <td>RCE</td> |
| <td>Moderate</td> |
| <td>5.0.2, 5.1.1</td> |
| </tr> |
| <tr> |
| <td>CVE-2017-3731</td> |
| <td>A-63710076<a href="#asterisk">*</a></td> |
| <td>ID</td> |
| <td>Moderate</td> |
| <td>5.0.2, 5.1.1</td> |
| </tr> |
| </table> |
| |
| |
| <h3 id="system">System</h3> |
| |
| <table> |
| <col width="17%"> |
| <col width="19%"> |
| <col width="9%"> |
| <col width="14%"> |
| <col width="39%"> |
| <tr> |
| <th>CVE</th> |
| <th>References</th> |
| <th>Type</th> |
| <th>Severity</th> |
| <th>Updated AOSP versions</th> |
| </tr> |
| <tr> |
| <td>CVE-2017-0860</td> |
| <td><a href="https://android.googlesource.com/platform/frameworks/native/+/5508ca2c191f8fdf29d8898890a58bf1a3a225b3">A-31097064</a></td> |
| <td>EoP</td> |
| <td>Moderate</td> |
| <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> |
| </tr> |
| </table> |
| |
| |
| <h3 id="kernel-components">Kernel components</h3> |
| |
| <table> |
| <col width="17%"> |
| <col width="19%"> |
| <col width="9%"> |
| <col width="14%"> |
| <col width="39%"> |
| <tr> |
| <th>CVE</th> |
| <th>References</th> |
| <th>Type</th> |
| <th>Severity</th> |
| <th>Component</th> |
| </tr> |
| <tr> |
| <td>CVE-2017-6001</td> |
| <td>A-37901413<br /> |
| <a href="//android-review.googlesource.com/#/c/438399/">Upstream |
| kernel</a></td> |
| <td>EoP</td> |
| <td>Moderate</td> |
| <td>Core kernel</td> |
| </tr> |
| <tr> |
| <td>CVE-2017-0861</td> |
| <td>A-36006981<a href="#asterisk">*</a></td> |
| <td>EoP</td> |
| <td>Moderate</td> |
| <td>Audio driver</td> |
| </tr> |
| <tr> |
| <td>CVE-2017-0862</td> |
| <td>A-36006779<a href="#asterisk">*</a></td> |
| <td>EoP</td> |
| <td>Moderate</td> |
| <td>Kernel</td> |
| </tr> |
| <tr> |
| <td>CVE-2017-11600</td> |
| <td>A-64257838<br /> |
| <a href="//git.kernel.org/pub/scm/linux/kernel/git/klassert/ipsec.git/commit/?id=7bab09631c2a303f87a7eb7e3d69e888673b9b7e"> |
| Upstream kernel</a></td> |
| <td>EoP</td> |
| <td>Moderate</td> |
| <td>Networking subsystem</td> |
| </tr> |
| <tr> |
| <td>CVE-2017-0863</td> |
| <td>A-37950620<a href="#asterisk">*</a></td> |
| <td>EoP</td> |
| <td>Moderate</td> |
| <td>Video driver</td> |
| </tr> |
| </table> |
| |
| |
| <h3 id="mediatek-components">MediaTek components</h3> |
| |
| <table> |
| <col width="17%"> |
| <col width="19%"> |
| <col width="9%"> |
| <col width="14%"> |
| <col width="39%"> |
| <tr> |
| <th>CVE</th> |
| <th>References</th> |
| <th>Type</th> |
| <th>Severity</th> |
| <th>Component</th> |
| </tr> |
| <tr> |
| <td>CVE-2017-0864</td> |
| <td>A-37277147<a href="#asterisk">*</a><br /> |
| M-ALPS03394571</td> |
| <td>EoP</td> |
| <td>Moderate</td> |
| <td>IoCtl (Flashlight)</td> |
| </tr> |
| <tr> |
| <td>CVE-2017-0865</td> |
| <td>A-65025090<a href="#asterisk">*</a><br /> |
| M-ALPS02973195</td> |
| <td>EoP</td> |
| <td>Moderate</td> |
| <td>SoC driver</td> |
| </tr> |
| </table> |
| |
| |
| <h3 id="nvidia-components">NVIDIA components</h3> |
| |
| <table> |
| <col width="17%"> |
| <col width="19%"> |
| <col width="9%"> |
| <col width="14%"> |
| <col width="39%"> |
| <tr> |
| <th>CVE</th> |
| <th>References</th> |
| <th>Type</th> |
| <th>Severity</th> |
| <th>Component</th> |
| </tr> |
| <tr> |
| <td>CVE-2017-0866</td> |
| <td>A-38415808<a href="#asterisk">*</a><br /> |
| N-CVE-2017-0866</td> |
| <td>EoP</td> |
| <td>Moderate</td> |
| <td>Direct rendering infrastructure</td> |
| </tr> |
| <tr> |
| <td>CVE-2017-6274 </td> |
| <td>A-34705801<a href="#asterisk">*</a><br /> |
| N-CVE-2017-6274</td> |
| <td>EoP</td> |
| <td>Moderate</td> |
| <td>Thermal driver</td> |
| </tr> |
| <tr> |
| <td>CVE-2017-6275</td> |
| <td>A-34702397<a href="#asterisk">*</a><br /> |
| N-CVE-2017-6275</td> |
| <td>ID</td> |
| <td>Moderate</td> |
| <td>Thermal driver</td> |
| </tr> |
| </table> |
| |
| |
| <h3 id="qualcomm-components">Qualcomm components</h3> |
| |
| <table> |
| <col width="17%"> |
| <col width="19%"> |
| <col width="9%"> |
| <col width="14%"> |
| <col width="39%"> |
| <tr> |
| <th>CVE</th> |
| <th>References</th> |
| <th>Type</th> |
| <th>Severity</th> |
| <th>Component</th> |
| </tr> |
| <tr> |
| <td>CVE-2017-11073</td> |
| <td>A-62084791<a href="#asterisk">*</a><br /> |
| QC-CR#2064767</td> |
| <td>EoP</td> |
| <td>Moderate</td> |
| <td>Networking subsystem</td> |
| </tr> |
| <tr> |
| <td>CVE-2017-11035</td> |
| <td>A-64431968<br /> |
| <a href="//source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=c5060da3e741577578d66dfadb7922d853da6156"> |
| QC-CR#2055659</a> |
| [<a href="//source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=cc1896424ae7a346090f601bc69c6ca51d9c3e04">2</a>]</td> |
| <td>EoP</td> |
| <td>Moderate</td> |
| <td>WLAN</td> |
| </tr> |
| <tr> |
| <td>CVE-2017-11012</td> |
| <td>A-64455446<br /> |
| <a href="//source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=7d0e40d328fa092c36b9585516ed29fc6041be55"> |
| QC-CR#2054760</a></td> |
| <td>EoP</td> |
| <td>Moderate</td> |
| <td>WLAN</td> |
| </tr> |
| <tr> |
| <td>CVE-2017-11085</td> |
| <td>A-62952032<a href="#asterisk">*</a><br /> |
| QC-CR#2077909</td> |
| <td>EoP</td> |
| <td>Moderate</td> |
| <td>Audio</td> |
| </tr> |
| <tr> |
| <td>CVE-2017-11091</td> |
| <td>A-37478866<a href="#asterisk">*</a><br /> |
| QC-CR#2064235</td> |
| <td>EoP</td> |
| <td>Moderate</td> |
| <td>Video driver</td> |
| </tr> |
| <tr> |
| <td>CVE-2017-11026</td> |
| <td>A-64453104<br /> |
| <a |
| href="//source.codeaurora.org/quic/la/kernel/lk/commit/?id=88af13428d72d980003d99dd1dd0894ec3799a3e">QC-CR#1021460</a></td> |
| <td>EoP</td> |
| <td>Moderate</td> |
| <td>Linux boot</td> |
| </tr> |
| <tr> |
| <td>CVE-2017-11038</td> |
| <td>A-35888677<a href="#asterisk">*</a><br /> |
| QC-CR#2034087</td> |
| <td>EoP</td> |
| <td>Moderate</td> |
| <td>Memory subsystem</td> |
| </tr> |
| <tr> |
| <td>CVE-2017-11032</td> |
| <td>A-64431966<br /> |
| <a href="//source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=2720294757d0ad5294283c15dc837852f7b2329a"> |
| QC-CR#1051435</a></td> |
| <td>EoP</td> |
| <td>Moderate</td> |
| <td>Linux kernel</td> |
| </tr> |
| <tr> |
| <td>CVE-2017-9719</td> |
| <td>A-64438726<br /> |
| <a href="//source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=a491499c3490999555b7ccf8ad1a7d6455625807"> |
| QC-CR#2042697</a> |
| [<a href="//source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=d815f54f15d765b5e0035a9d208d71567bcaace0">2</a>]</td> |
| <td>EoP</td> |
| <td>Moderate</td> |
| <td>Display</td> |
| </tr> |
| <tr> |
| <td>CVE-2017-11024</td> |
| <td>A-64441352<br /> |
| <a href="//source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=f2a482422fefadfa0fa9b4146fc0e2b46ac04922"> |
| QC-CR#2031178</a></td> |
| <td>EoP</td> |
| <td>Moderate</td> |
| <td>Wired connectivity</td> |
| </tr> |
| <tr> |
| <td>CVE-2017-11025</td> |
| <td>A-64440043<br /> |
| <a href="//source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=95e72ae9281b77abc3ed0cc6a33c17b989241efa"> |
| QC-CR#2013494</a></td> |
| <td>EoP</td> |
| <td>Moderate</td> |
| <td>Audio</td> |
| </tr> |
| <tr> |
| <td>CVE-2017-11023</td> |
| <td>A-64434485<br /> |
| <a href="//source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=c36e61af0f770125d0061a8d988d0987cc8d116a"> |
| QC-CR#2029216</a></td> |
| <td>EoP</td> |
| <td>Moderate</td> |
| <td>Services</td> |
| </tr> |
| <tr> |
| <td>CVE-2017-11029</td> |
| <td>A-64433362<br /> |
| <a href="//source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=86f0d207d478e1681f6711b46766cfb3c6a30fb5"> |
| QC-CR#2025367</a> |
| [<a href="//source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=74ab23917b82769644a3299da47b58e080aa63f2">2</a>]</td> |
| <td>EoP</td> |
| <td>Moderate</td> |
| <td>Camera</td> |
| </tr> |
| <tr> |
| <td>CVE-2017-11018</td> |
| <td>A-64441628<br /> |
| <a href="//source.codeaurora.org/quic/la/kernel/msm/commit/?id=1d718286c4c482502a2c4356cebef28aef2fb01f"> |
| QC-CR#897844</a></td> |
| <td>EoP</td> |
| <td>Moderate</td> |
| <td>Camera</td> |
| </tr> |
| <tr> |
| <td>CVE-2017-9721</td> |
| <td>A-64441353<br /> |
| <a href="//source.codeaurora.org/quic/la/kernel/lk/commit/?id=b40eb596bc96724a46bf00bfd9764e87775e7f1e"> |
| QC-CR#2039552</a></td> |
| <td>EoP</td> |
| <td>Moderate</td> |
| <td>Display</td> |
| </tr> |
| <tr> |
| <td>CVE-2017-9702</td> |
| <td>A-36492827<a href="#asterisk">*</a><br /> |
| QC-CR#2037398</td> |
| <td>EoP</td> |
| <td>Moderate</td> |
| <td>Camera</td> |
| </tr> |
| <tr> |
| <td>CVE-2017-11089</td> |
| <td>A-36819059<a href="#asterisk">*</a><br /> |
| QC-CR#2055013</td> |
| <td>ID</td> |
| <td>Moderate</td> |
| <td>WLAN</td> |
| </tr> |
| <tr> |
| <td>CVE-2017-8239</td> |
| <td>A-36251230<a href="#asterisk">*</a><br /> |
| QC-CR#1091603</td> |
| <td>ID</td> |
| <td>Moderate</td> |
| <td>Camera</td> |
| </tr> |
| <tr> |
| <td>CVE-2017-11090</td> |
| <td>A-36818836<a href="#asterisk">*</a><br /> |
| QC-CR#2061676</td> |
| <td>ID</td> |
| <td>Moderate</td> |
| <td>WLAN</td> |
| </tr> |
| <tr> |
| <td>CVE-2017-11093</td> |
| <td>A-37625232<a href="#asterisk">*</a><br /> |
| QC-CR#2077623</td> |
| <td>ID</td> |
| <td>Moderate</td> |
| <td>HDMI</td> |
| </tr> |
| <tr> |
| <td>CVE-2017-8279</td> |
| <td>A-62378962<br /> |
| <a href="//source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=f09aee50c2ee6b79d94cb42eafc82413968b15cb"> |
| QC-CR#2015227</a></td> |
| <td>ID</td> |
| <td>Moderate</td> |
| <td>Services</td> |
| </tr> |
| <tr> |
| <td>CVE-2017-9696</td> |
| <td>A-36232584<a href="#asterisk">*</a><br /> |
| QC-CR#2029867</td> |
| <td>ID</td> |
| <td>Moderate</td> |
| <td>Kernel</td> |
| </tr> |
| <tr> |
| <td>CVE-2017-11058</td> |
| <td>A-37718081<br /> |
| <a href="//source.codeaurora.org/quic/la//platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=4d9812973e8b12700afd8c3d6f36a94506ffb6fc"> |
| QC-CR#2061251</a></td> |
| <td>ID</td> |
| <td>Moderate</td> |
| <td>WLAN</td> |
| </tr> |
| <tr> |
| <td>CVE-2017-11022</td> |
| <td>A-64440918<br /> |
| <a href="//source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=1379bfb6c09ee2ad5969db45c27fb675602b4ed0">QC-CR#1086582</a> |
| [<a href="//source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=f41e3dbc92d448d3d56cae5517e41a4bafafdf3f">2</a>]</td> |
| <td>ID</td> |
| <td>Moderate</td> |
| <td>WLAN</td> |
| </tr> |
| <tr> |
| <td>CVE-2017-9701</td> |
| <td>A-63868730<br /> |
| <a href="//source.codeaurora.org/quic/la//kernel/lk/commit/?id=60a6821ca7723f84067faba64fb883d94357df16"> |
| QC-CR#2038992</a></td> |
| <td>ID</td> |
| <td>Moderate</td> |
| <td>Linux boot</td> |
| </tr> |
| <tr> |
| <td>CVE-2017-11027</td> |
| <td>A-64453534<br /> |
| <a href="//source.codeaurora.org/quic/la/kernel/lk/commit/?id=393e5d1cc9e216e1d37bf25be6c376b395882f29"> |
| QC-CR#2055630</a></td> |
| <td>ID</td> |
| <td>Moderate</td> |
| <td>Linux boot</td> |
| </tr> |
| </table> |
| |
| <h2 id="functional-updates">Functional updates</h2> |
| <p> |
| These updates are included for affected Pixel devices to address functionality |
| issues not related to the security of Pixel devices. The table includes |
| associated references; the affected category, such as Bluetooth or mobile data; |
| and a summary of the issue. |
| </p> |
| <table> |
| <col width="15%"> |
| <col width="15%"> |
| <col width="70%"> |
| <tr> |
| <th>References</th> |
| <th>Category</th> |
| <th>Improvements</th> |
| </tr> |
| <tr> |
| <td>A-65225835</td> |
| <td>Audio</td> |
| <td>Volume warning threshold adjusted in some regions.</td> |
| </tr> |
| <tr> |
| <td>A-37943083</td> |
| <td>Bluetooth</td> |
| <td>Improvements for Bluetooth devices only supporting AVRCP version 1.3.</td> |
| </tr> |
| <tr> |
| <td>A-63790458</td> |
| <td>Bluetooth</td> |
| <td>Improved headset connection pairing.</td> |
| </tr> |
| <tr> |
| <td>A-64142363</td> |
| <td>Bluetooth</td> |
| <td>Improved song info display on some Bluetooth carkits.</td> |
| </tr> |
| <tr> |
| <td>A-64991621</td> |
| <td>Bluetooth</td> |
| <td>Improved metadata in some carkits.</td> |
| </tr> |
| <tr> |
| <td>A-65223508</td> |
| <td>Bluetooth</td> |
| <td>Improved Bluetooth connections to some carkits.</td> |
| </tr> |
| <tr> |
| <td>A-65463237</td> |
| <td>Bluetooth</td> |
| <td>Improved Magic Tether on BLE.</td> |
| </tr> |
| <tr> |
| <td>A-64977836</td> |
| <td>Camera</td> |
| <td>Improved Autofocus during video capture.</td> |
| </tr> |
| <tr> |
| <td>A-65099590</td> |
| <td>Camera</td> |
| <td>Improved front camera response speed.</td> |
| </tr> |
| <tr> |
| <td>A-68159303</td> |
| <td>Display</td> |
| <td>Adjustments to display color mode setting.</td> |
| </tr> |
| <tr> |
| <td>A-68254840</td> |
| <td>Display</td> |
| <td>Adjustments to display brightness settings.</td> |
| </tr> |
| <tr> |
| <td>A-68279369</td> |
| <td>Display</td> |
| <td>Adjustments to navigation bar brightness.</td> |
| </tr> |
| <tr> |
| <td>A-64103722</td> |
| <td>Mobile data</td> |
| <td>Adjusted YouTube switching from mobile data to Wi-Fi.</td> |
| </tr> |
| <tr> |
| <td>A-65113738</td> |
| <td>Mobile data</td> |
| <td>Mobile data adjustments on 3 Network.</td> |
| </tr> |
| <tr> |
| <td>A-37187694</td> |
| <td>Stability</td> |
| <td>Improved application stability.</td> |
| </tr> |
| <tr> |
| <td>A-67959484</td> |
| <td>Stability</td> |
| <td>Adjustments to call quality.</td> |
| </tr> |
| </table> |
| |
| <h2 id="common-questions-and-answers">Common questions and answers</h2> |
| <p> |
| This section answers common questions that may occur after reading this |
| bulletin. |
| </p> |
| <p> |
| <strong>1. How do I determine if my device is updated to address these issues? |
| </strong> |
| </p> |
| <p> |
| Security patch levels of 2017-11-05 or later address all issues associated with |
| the 2017-11-05 security patch level and all previous patch levels. To learn how |
| to check a device's security patch level, read the instructions on the <a |
| href="//support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">Pixel |
| and Nexus update schedule</a>. |
| </p> |
| <p id="type"> |
| <strong>2. What do the entries in the <em>Type</em> column mean?</strong> |
| </p> |
| <p> |
| Entries in the <em>Type</em> column of the vulnerability details table reference |
| the classification of the security vulnerability. |
| </p> |
| <table> |
| <col width="25%"> |
| <col width="75%"> |
| <tr> |
| <th>Abbreviation</th> |
| <th>Definition</th> |
| </tr> |
| <tr> |
| <td>RCE</td> |
| <td>Remote code execution</td> |
| </tr> |
| <tr> |
| <td>EoP</td> |
| <td>Elevation of privilege</td> |
| </tr> |
| <tr> |
| <td>ID</td> |
| <td>Information disclosure</td> |
| </tr> |
| <tr> |
| <td>DoS</td> |
| <td>Denial of service</td> |
| </tr> |
| <tr> |
| <td>N/A</td> |
| <td>Classification not available</td> |
| </tr> |
| </table> |
| <p> |
| <strong>3. What do the entries in the <em>References</em> column mean?</strong> |
| </p> |
| <p> |
| Entries under the <em>References</em> column of the vulnerability details table |
| may contain a prefix identifying the organization to which the reference value |
| belongs. |
| </p> |
| <table> |
| <col width="25%"> |
| <col width="75%"> |
| <tr> |
| <th>Prefix</th> |
| <th>Reference</th> |
| </tr> |
| <tr> |
| <td>A-</td> |
| <td>Android bug ID</td> |
| </tr> |
| <tr> |
| <td>QC-</td> |
| <td>Qualcomm reference number</td> |
| </tr> |
| <tr> |
| <td>M-</td> |
| <td>MediaTek reference number</td> |
| </tr> |
| <tr> |
| <td>N-</td> |
| <td>NVIDIA reference number</td> |
| </tr> |
| <tr> |
| <td>B-</td> |
| <td>Broadcom reference number</td> |
| </tr> |
| </table> |
| <p id="asterisk"> |
| <strong>4. What does a * next to the Android bug ID in the <em>References</em> |
| column mean?</strong> |
| </p> |
| <p> |
| Issues that are not publicly available have a * next to the Android bug ID in |
| the <em>References</em> column. The update for that issue is generally contained |
| in the latest binary drivers for Nexus devices available from the <a |
| href="//developers.google.com/android/nexus/drivers">Google Developer |
| site</a>. |
| </p> |
| <p> |
| <strong>5. Why are security vulnerabilities split between this bulletin and the |
| Android Security Bulletins?</strong> |
| </p> |
| <p> |
| Security vulnerabilities that are documented in the Android Security Bulletins |
| are required in order to declare the latest security patch level on Android |
| devices. Additional security vulnerabilities, such as those documented in this |
| bulletin, are not required for declaring a security patch level. |
| </p> |
| <h2 id="versions">Versions</h2> |
| <table> |
| <col width="25%"> |
| <col width="25%"> |
| <col width="50%"> |
| <tr> |
| <th>Version</th> |
| <th>Date</th> |
| <th>Notes</th> |
| </tr> |
| <tr> |
| <td>1.0</td> |
| <td>November 6, 2017</td> |
| <td>Bulletin published.</td> |
| </tr> |
| <tr> |
| <td>1.1</td> |
| <td>November 8, 2017</td> |
| <td>Bulletin updated with AOSP links and additional details on |
| functional updates.</td> |
| </tr> |
| </table> |
| </body></html> |