| <html devsite> |
| <head> |
| <title>Android Security Bulletin—April 2018</title> |
| <meta name="project_path" value="/_project.yaml" /> |
| <meta name="book_path" value="/_book.yaml" /> |
| </head> |
| <body> |
| <!-- |
| Copyright 2018 The Android Open Source Project |
| |
| Licensed under the Apache License, Version 2.0 (the "License"); |
| you may not use this file except in compliance with the License. |
| You may obtain a copy of the License at |
| |
| //www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, software |
| distributed under the License is distributed on an "AS IS" BASIS, |
| WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| See the License for the specific language governing permissions and |
| limitations under the License. |
| --> |
| <p><em>Published April 2, 2018 | Updated April 4, 2018</em></p> |
| |
| <p> |
| The Android Security Bulletin contains details of security vulnerabilities |
| affecting Android devices. Security patch levels of 2018-04-05 or later address |
| all of these issues. To learn how to check a device's security patch level, see |
| <a href="https://support.google.com/pixelphone/answer/4457705">Check and update |
| your Android version</a>. |
| </p> |
| <p> |
| Android partners are notified of all issues at least a month before publication. |
| Source code patches for these issues have been released to the Android Open |
| Source Project (AOSP) repository and linked from this bulletin. This bulletin |
| also includes links to patches outside of AOSP. |
| </p> |
| <p> |
| The most severe of these issues is a critical security vulnerability in Media |
| framework that could enable a remote attacker using a specially crafted file to |
| execute arbitrary code within the context of a privileged process. The |
| <a href="/security/overview/updates-resources.html#severity">severity |
| assessment</a> is based on the effect that exploiting the vulnerability would |
| possibly have on an affected device, assuming the platform and service |
| mitigations are turned off for development purposes or if successfully bypassed. |
| </p> |
| <p> |
| We have had no reports of active customer exploitation or abuse of these newly |
| reported issues. Refer to the |
| <a href="#mitigations">Android and Google Play Protect mitigations</a> |
| section for details on the |
| <a href="/security/enhancements/index.html">Android security platform protections</a> |
| and Google Play Protect, which improve the security of the Android platform. |
| </p> |
| <p class="note"> |
| <strong>Note:</strong> Information on the latest over-the-air update (OTA) and |
| firmware images for Google devices is available in the |
| <a href="/security/bulletin/pixel/2018-04-01.html">April 2018 |
| Pixel / Nexus Security Bulletin</a>. |
| </p> |
| |
| <h2 id="announcements">Announcements</h2> |
| <p>We would like to thank Qualcomm for their dedicated efforts to improve the |
| security of mobile devices. The 2018-04-05 SPL includes a cumulative list of |
| addressed security issues taken from Qualcomm’s 2014–2016 partner focused |
| bulletins, and is a reflection of their continued effort and commitment.</p> |
| |
| <h2 id="mitigations">Android and Google service mitigations</h2> |
| <p> |
| This is a summary of the mitigations provided by the |
| <a href="/security/enhancements/index.html">Android security platform</a> |
| and service protections such as |
| <a href="https://www.android.com/play-protect">Google Play Protect</a>. |
| These capabilities reduce the likelihood that security vulnerabilities |
| could be successfully exploited on Android. |
| </p> |
| <ul> |
| <li>Exploitation for many issues on Android is made more difficult by |
| enhancements in newer versions of the Android platform. We encourage all users |
| to update to the latest version of Android where possible.</li> |
| <li>The Android security team actively monitors for abuse through |
| <a href="https://www.android.com/play-protect">Google Play Protect</a> |
| and warns users about |
| <a href="/security/reports/Google_Android_Security_PHA_classifications.pdf">Potentially |
| Harmful Applications</a>. Google Play Protect is enabled by default on devices |
| with <a href="http://www.android.com/gms">Google Mobile Services</a>, and is |
| especially important for users who install apps from outside of Google |
| Play.</li> |
| </ul> |
| <h2 id="2018-04-01-details">2018-04-01 security patch level vulnerability details</h2> |
| <p> |
| In the sections below, we provide details for each of the security |
| vulnerabilities that apply to the 2018-04-01 patch level. Vulnerabilities are |
| grouped under the component that they affect. There is a description of the |
| issue and a table with the CVE, associated references, |
| <a href="#type">type of vulnerability</a>, |
| <a href="/security/overview/updates-resources.html#severity">severity</a>, |
| and updated AOSP versions (where applicable). When available, we link the public |
| change that addressed the issue to the bug ID, like the AOSP change list. When |
| multiple changes relate to a single bug, additional references are linked to |
| numbers following the bug ID. |
| </p> |
| |
| <h3 id="android-runtime">Android runtime</h3> |
| <p>The most severe vulnerability in this section could enable a remote attacker |
| to bypass user interaction requirements in order to gain access to additional |
| permissions.</p> |
| |
| <table> |
| <col width="17%"> |
| <col width="19%"> |
| <col width="9%"> |
| <col width="14%"> |
| <col width="39%"> |
| <tr> |
| <th>CVE</th> |
| <th>References</th> |
| <th>Type</th> |
| <th>Severity</th> |
| <th>Updated AOSP versions</th> |
| </tr> |
| <tr> |
| <td>CVE-2017-13274</td> |
| <td><a href="https://android.googlesource.com/platform/frameworks/base/+/0b57631939f5824afef06517df723d2e766e0159">A-71360761</a></td> |
| <td>EoP</td> |
| <td>High</td> |
| <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td> |
| </tr> |
| </table> |
| |
| |
| <h3 id="framework">Framework</h3> |
| <p>The most severe vulnerability in this section could enable a local malicious |
| application to bypass operating system protections that isolate application |
| data from other applications.</p> |
| |
| <table> |
| <col width="17%"> |
| <col width="19%"> |
| <col width="9%"> |
| <col width="14%"> |
| <col width="39%"> |
| <tr> |
| <th>CVE</th> |
| <th>References</th> |
| <th>Type</th> |
| <th>Severity</th> |
| <th>Updated AOSP versions</th> |
| </tr> |
| <tr> |
| <td>CVE-2017-13275</td> |
| <td><a href="https://android.googlesource.com/platform/frameworks/minikin/+/3056f04d293bd16e56cc72e10edd060b8c1ca0f5">A-70808908</a></td> |
| <td>ID</td> |
| <td>High</td> |
| <td>8.0, 8.1</td> |
| </tr> |
| </table> |
| |
| |
| <h3 id="media-framework">Media framework</h3> |
| <p>The most severe vulnerability in this section could enable a remote attacker |
| using a specially crafted file to execute arbitrary code within the context of |
| a privileged process.</p> |
| |
| <table> |
| <col width="17%"> |
| <col width="19%"> |
| <col width="9%"> |
| <col width="14%"> |
| <col width="39%"> |
| <tr> |
| <th>CVE</th> |
| <th>References</th> |
| <th>Type</th> |
| <th>Severity</th> |
| <th>Updated AOSP versions</th> |
| </tr> |
| <tr> |
| <td>CVE-2017-13276</td> |
| <td><a href="https://android.googlesource.com/platform/external/aac/+/1b9cbed05b4fd376677d67b6442aa30256834ed4">A-70637599</a></td> |
| <td>RCE</td> |
| <td>Critical</td> |
| <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td> |
| </tr> |
| <tr> |
| <td>CVE-2017-13277</td> |
| <td><a href="https://android.googlesource.com/platform/external/libhevc/+/b7d4d588e8fcbe254f7a3d9a247af4b91ccc7285">A-72165027</a></td> |
| <td>RCE</td> |
| <td>Critical</td> |
| <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td> |
| </tr> |
| <tr> |
| <td>CVE-2017-13278</td> |
| <td><a href="https://android.googlesource.com/platform/frameworks/av/+/8a54af87b632c03ff2ae15a4a088801bb39fdae7">A-70546581</a></td> |
| <td>EoP</td> |
| <td>High</td> |
| <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td> |
| </tr> |
| <tr> |
| <td>CVE-2017-13279</td> |
| <td><a href="https://android.googlesource.com/platform/frameworks/av/+/d32af5db10f018219e0379f333c7f0452a4f7a31">A-68399439</a></td> |
| <td>DoS</td> |
| <td>High</td> |
| <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td> |
| </tr> |
| <tr> |
| <td>CVE-2017-13280</td> |
| <td><a href="https://android.googlesource.com/platform/frameworks/ex/+/ebd849ed8aa77c0e1dad7a08df4a55845a067b76">A-71361451</a></td> |
| <td>DoS</td> |
| <td>High</td> |
| <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td> |
| </tr> |
| </table> |
| |
| |
| <h3 id="system">System</h3> |
| <p>The most severe vulnerability in this section could enable a remote attacker |
| using a specially crafted file to execute arbitrary code within the context of |
| a privileged process.</p> |
| |
| <table> |
| <col width="17%"> |
| <col width="19%"> |
| <col width="9%"> |
| <col width="14%"> |
| <col width="39%"> |
| <tr> |
| <th>CVE</th> |
| <th>References</th> |
| <th>Type</th> |
| <th>Severity</th> |
| <th>Updated AOSP versions</th> |
| </tr> |
| <tr> |
| <td>CVE-2017-13281</td> |
| <td><a href="https://android.googlesource.com/platform/system/bt/+/6f3ddf3f5cf2b3eb52fb0adabd814a45cff07221">A-71603262</a></td> |
| <td>RCE</td> |
| <td>Critical</td> |
| <td>8.0, 8.1</td> |
| </tr> |
| <tr> |
| <td>CVE-2017-13282</td> |
| <td><a href="https://android.googlesource.com/platform/system/bt/+/6ecbbc093f4383e90cbbf681cd55da1303a8ef94">A-71603315</a></td> |
| <td>RCE</td> |
| <td>Critical</td> |
| <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1</td> |
| </tr> |
| <tr> |
| <td>CVE-2017-13283</td> |
| <td><a href="https://android.googlesource.com/platform/system/bt/+/e4ec79be45304f819c88c8dbf826d58b68f6c8f8">A-71603410</a></td> |
| <td>RCE</td> |
| <td>Critical</td> |
| <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1</td> |
| </tr> |
| <tr> |
| <td>CVE-2017-13267</td> |
| <td><a href="https://android.googlesource.com/platform/system/bt/+/57dc5964428697a104988f0aa0d1fd1d88fec939">A-69479009</a></td> |
| <td>RCE</td> |
| <td>Critical</td> |
| <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td> |
| </tr> |
| <tr> |
| <td>CVE-2017-13284</td> |
| <td><a href="https://android.googlesource.com/platform/system/bt/+/7f8bfcc35285ca6e93a4436699bc95c13b920caf">A-70808273</a></td> |
| <td>EoP</td> |
| <td>Critical</td> |
| <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td> |
| </tr> |
| <tr> |
| <td>CVE-2017-13285</td> |
| <td><a href="https://android.googlesource.com/platform/external/svox/+/cee78199bbfae81f54a40671db47096f5f32cdad">A-69177126</a></td> |
| <td>RCE</td> |
| <td>High</td> |
| <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td> |
| </tr> |
| <tr> |
| <td>CVE-2017-13286</td> |
| <td><a href="https://android.googlesource.com/platform/frameworks/base/+/47ebfaa2196aaf4fbeeec34f1a1c5be415cf041b">A-69683251</a></td> |
| <td>EoP</td> |
| <td>High</td> |
| <td>8.0, 8.1</td> |
| </tr> |
| <tr> |
| <td>CVE-2017-13287</td> |
| <td><a href="https://android.googlesource.com/platform/frameworks/base/+/09ba8fdffd9c8d74fdc6bfb51bcebc27fc43884a">A-71714464</a></td> |
| <td>EoP</td> |
| <td>High</td> |
| <td>6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td> |
| </tr> |
| <tr> |
| <td>CVE-2017-13288</td> |
| <td><a href="https://android.googlesource.com/platform/frameworks/base/+/b796cd32a45bcc0763c50cc1a0cc8236153dcea3">A-69634768</a></td> |
| <td>EoP</td> |
| <td>High</td> |
| <td>8.0, 8.1</td> |
| </tr> |
| <tr> |
| <td>CVE-2017-13289</td> |
| <td><a href="https://android.googlesource.com/platform/frameworks/base/+/5a3d2708cd2289a4882927c0e2cb0d3c21a99c02">A-70398564</a></td> |
| <td>EoP</td> |
| <td>High</td> |
| <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td> |
| </tr> |
| <tr> |
| <td>CVE-2017-13290</td> |
| <td><a href="https://android.googlesource.com/platform/system/bt/+/72b1cebaa9cc7ace841d887f0d4a4bf6daccde6e">A-69384124</a></td> |
| <td>ID</td> |
| <td>High</td> |
| <td>6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1</td> |
| </tr> |
| <tr> |
| <td>CVE-2017-13291</td> |
| <td><a href="https://android.googlesource.com/platform/system/bt/+/1696f97011f5f30f1a630f3b24442ca64232b1f5">A-71603553</a></td> |
| <td>DoS</td> |
| <td>High</td> |
| <td>7.0, 7.1.1, 7.1.2, 8.0, 8.1</td> |
| </tr> |
| </table> |
| |
| <h2 id="2018-04-05-details">2018-04-05 security patch level vulnerability details</h2> |
| <p>In the sections below, we provide details for each of the security |
| vulnerabilities that apply to the 2018-04-05 patch level. Vulnerabilities are |
| grouped under the component that they affect and include details such as the |
| CVE, associated references, <a href="#type">type of vulnerability</a>, <a |
| href="/security/overview/updates-resources.html#severity">severity</a>, |
| component (where applicable), and updated AOSP versions (where applicable). |
| When available, we link the public change that addressed the issue to the bug |
| ID, like the AOSP change list.</p> |
| |
| <p>When multiple changes relate to a single bug, additional references are |
| linked to numbers following the bug ID.</p> |
| |
| <h3 id="broadcom-components">Broadcom components</h3> |
| <p>The most severe vulnerability in this section could enable a proximate |
| attacker using a specially crafted file to execute arbitrary code within the |
| context of a privileged process.</p> |
| |
| <table> |
| <col width="17%"> |
| <col width="19%"> |
| <col width="9%"> |
| <col width="14%"> |
| <col width="39%"> |
| <tr> |
| <th>CVE</th> |
| <th>References</th> |
| <th>Type</th> |
| <th>Severity</th> |
| <th>Component</th> |
| </tr> |
| <tr> |
| <td>CVE-2017-13292</td> |
| <td>A-70722061<a href="#asterisk">*</a><br /> |
| B-V2018010201</td> |
| <td>RCE</td> |
| <td>Critical</td> |
| <td>bcmdhd driver</td> |
| </tr> |
| </table> |
| |
| |
| <h3 id="kernel-components">Kernel components</h3> |
| <p>The most severe vulnerability in this section could enable a local malicious |
| application to execute arbitrary code within the context of a privileged |
| process.</p> |
| |
| <table> |
| <col width="17%"> |
| <col width="19%"> |
| <col width="9%"> |
| <col width="14%"> |
| <col width="39%"> |
| <tr> |
| <th>CVE</th> |
| <th>References</th> |
| <th>Type</th> |
| <th>Severity</th> |
| <th>Component</th> |
| </tr> |
| <tr> |
| <td>CVE-2017-13293</td> |
| <td>A-62679701<a href="#asterisk">*</a></td> |
| <td>EoP</td> |
| <td>High</td> |
| <td>NFC driver</td> |
| </tr> |
| <tr> |
| <td>CVE-2017-16534</td> |
| <td>A-69052594<br /> |
| <a href="https://github.com/torvalds/linux/commit/2e1c42391ff2556387b3cb6308b24f6f65619feb"> |
| Upstream kernel</a></td> |
| <td>ID</td> |
| <td>High</td> |
| <td>USB</td> |
| </tr> |
| </table> |
| |
| |
| <h3 id="qualcomm-components">Qualcomm components</h3> |
| <p>The most severe vulnerability in this section could enable a proximate |
| attacker using a specially crafted file to execute arbitrary code within the |
| context of a privileged process.</p> |
| |
| <table> |
| <col width="17%"> |
| <col width="21%"> |
| <col width="9%"> |
| <col width="14%"> |
| <col width="37%"> |
| <tr> |
| <th>CVE</th> |
| <th>References</th> |
| <th>Type</th> |
| <th>Severity</th> |
| <th>Component</th> |
| </tr> |
| <tr> |
| <td>CVE-2017-15822</td> |
| <td>A-71501534<br /> |
| <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=dba4c106922d637ff5965b023b451f6273348eb6"> |
| QC-CR#2123807</a></td> |
| <td>RCE</td> |
| <td>Critical</td> |
| <td>WiFi</td> |
| </tr> |
| <tr> |
| <td>CVE-2017-17770</td> |
| <td>A-70237684<br /> |
| <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=284f963af0accf7f921ec10e23acafd71c3a724b">QC-CR#2103199</a> |
| [<a href="https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=3b0c1463e4a6b37d4413a4ba02f1727eeb8693be">2</a>]</td> |
| <td>EoP</td> |
| <td>High</td> |
| <td>Binder</td> |
| </tr> |
| <tr> |
| <td>CVE-2018-3566</td> |
| <td>A-72957177<br /> |
| <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=11868230d4fe79f76eae30c742b4c68c2899caea"> |
| QC-CR#2143847</a></td> |
| <td>EoP</td> |
| <td>High</td> |
| <td>WLAN</td> |
| </tr> |
| <tr> |
| <td>CVE-2018-3563</td> |
| <td>A-72956842<br /> |
| <a href="https://source.codeaurora.org/quic/la/kernel/msm-4.4/commit/?id=c643a15d73b3fb6329b002662e72dfa96acfdb8a">QC-CR#2143207</a> |
| [<a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=0b8320cd49255177f0c0c8589708e983116ac420">2</a>] |
| [<a href="https://source.codeaurora.org/quic/la/platform/vendor/opensource/audio-kernel/commit/?id=d5231fa166521a32621c32fb749b80fc37c13c6a">3</a>]</td> |
| <td>EoP</td> |
| <td>High</td> |
| <td>Audio Driver</td> |
| </tr> |
| <tr> |
| <td>CVE-2017-13077</td> |
| <td>A-72957017<br /> |
| <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-3.0/commit/?id=776f17c87599fae3202e69bb5718ac9062f14695"> |
| QC-CR#2129237</a></td> |
| <td>ID</td> |
| <td>High</td> |
| <td>WLAN</td> |
| </tr> |
| </table> |
| |
| |
| <h3 id="qualcomm-closed-source-components">Qualcomm closed-source |
| components</h3> |
| <p>These vulnerabilities affect Qualcomm components and are described in |
| further detail in the appropriate Qualcomm AMSS security bulletin or security |
| alert. The severity assessment of these issues is provided directly by |
| Qualcomm.</p> |
| |
| <table> |
| <col width="17%"> |
| <col width="19%"> |
| <col width="9%"> |
| <col width="14%"> |
| <col width="39%"> |
| <tr> |
| <th>CVE</th> |
| <th>References</th> |
| <th>Type</th> |
| <th>Severity</th> |
| <th>Component</th> |
| </tr> |
| <tr> |
| <td>CVE-2017-18071</td> |
| <td>A-68326813<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>Critical</td> |
| <td>Closed-source component |
| </td> |
| </tr> |
| <tr> |
| <td>CVE-2017-8274</td> |
| <td>A-68141335<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>Critical</td> |
| <td>Closed-source component |
| </td> |
| </tr> |
| <tr> |
| <td>CVE-2017-18146</td> |
| <td>A-70221449<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>Critical</td> |
| <td>Closed-source component |
| </td> |
| </tr> |
| <tr> |
| <td>CVE-2017-18128</td> |
| <td>A-70221448<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>Critical</td> |
| <td>Closed-source component |
| </td> |
| </tr> |
| <tr> |
| <td>CVE-2018-3592</td> |
| <td>A-71501105<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>Critical</td> |
| <td>Closed-source component |
| </td> |
| </tr> |
| <tr> |
| <td>CVE-2018-3591</td> |
| <td>A-71501103<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>Critical</td> |
| <td>Closed-source component |
| </td> |
| </tr> |
| <tr> |
| <td>CVE-2017-18074</td> |
| <td>A-68326816<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component |
| </td> |
| </tr> |
| <tr> |
| <td>CVE-2017-18073</td> |
| <td>A-68326820<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component |
| </td> |
| </tr> |
| <tr> |
| <td>CVE-2017-18125</td> |
| <td>A-68326821<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component |
| </td> |
| </tr> |
| <tr> |
| <td>CVE-2017-8275</td> |
| <td>A-68141336<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component |
| </td> |
| </tr> |
| <tr> |
| <td>CVE-2017-11011</td> |
| <td>A-68326823<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component |
| </td> |
| </tr> |
| <tr> |
| <td>CVE-2017-18137</td> |
| <td>A-67712318<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component |
| </td> |
| </tr> |
| <tr> |
| <td>CVE-2017-18134</td> |
| <td>A-67712320<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component |
| </td> |
| </tr> |
| <tr> |
| <td>CVE-2017-18136</td> |
| <td>A-68989810<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component |
| </td> |
| </tr> |
| <tr> |
| <td>CVE-2017-18140</td> |
| <td>A-68989811<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component |
| </td> |
| </tr> |
| <tr> |
| <td>CVE-2017-18135</td> |
| <td>A-68989813<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component |
| </td> |
| </tr> |
| <tr> |
| <td>CVE-2017-18142</td> |
| <td>A-68989814<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component |
| </td> |
| </tr> |
| <tr> |
| <td>CVE-2017-18138</td> |
| <td>A-68989815<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component |
| </td> |
| </tr> |
| <tr> |
| <td>CVE-2017-18139</td> |
| <td>A-68989819<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component |
| </td> |
| </tr> |
| <tr> |
| <td>CVE-2017-18129</td> |
| <td>A-68989822<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component |
| </td> |
| </tr> |
| <tr> |
| <td>CVE-2017-18132</td> |
| <td>A-68989825<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component |
| </td> |
| </tr> |
| <tr> |
| <td>CVE-2017-18133</td> |
| <td>A-68989826<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component |
| </td> |
| </tr> |
| <tr> |
| <td>CVE-2017-18072</td> |
| <td>A-68989828<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component |
| </td> |
| </tr> |
| <tr> |
| <td>CVE-2017-18126</td> |
| <td>A-68989829<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component |
| </td> |
| </tr> |
| <tr> |
| <td>CVE-2017-18144</td> |
| <td>A-70221450<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component |
| </td> |
| </tr> |
| <tr> |
| <td>CVE-2017-18145</td> |
| <td>A-70221453<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component |
| </td> |
| </tr> |
| <tr> |
| <td>CVE-2017-18147</td> |
| <td>A-70221456<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component |
| </td> |
| </tr> |
| <tr> |
| <td>CVE-2017-18130</td> |
| <td>A-70221460<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component |
| </td> |
| </tr> |
| <tr> |
| <td>CVE-2017-18143</td> |
| <td>A-70221461<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component |
| </td> |
| </tr> |
| <tr> |
| <td>CVE-2017-18127</td> |
| <td>A-70221462<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component |
| </td> |
| </tr> |
| <tr> |
| <td>CVE-2018-3590</td> |
| <td>A-71501106<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2018-3593</td> |
| <td>A-71501107<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2018-3589</td> |
| <td>A-71501108<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2018-3594</td> |
| <td>A-71501112<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| </table> |
| |
| <h3 id="qualcomm-closed-source-components-2014-2016-cumulative-update">Qualcomm |
| closed-source components 2014-2016 cumulative update</h3> |
| <p>These vulnerabilities affect Qualcomm components and were shared by Qualcomm |
| with their partners through Qualcomm AMSS security bulletins or security alerts |
| between 2014 and 2016. They are included in this Android security bulletin in |
| order to associate them with a security patch level (many Android devices may |
| have already addressed these issues in prior updates). The severity assessment |
| of these issues is provided directly by Qualcomm.</p> |
| |
| <table> |
| <col width="17%"> |
| <col width="19%"> |
| <col width="9%"> |
| <col width="14%"> |
| <col width="39%"> |
| <tr> |
| <th>CVE</th> |
| <th>References</th> |
| <th>Type</th> |
| <th>Severity</th> |
| <th>Component</th> |
| </tr> |
| <tr> |
| <td>CVE-2014-9996</td> |
| <td>A-37535090<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>Critical</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2014-9971</td> |
| <td>A-37546253<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2014-9972</td> |
| <td>A-37546853<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2014-10063</td> |
| <td>A-37534948<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2014-10057</td> |
| <td>A-62261099<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2014-10059</td> |
| <td>A-62260706<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2014-10053</td> |
| <td>A-37544066<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2014-10054</td> |
| <td>A-62261100<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2014-10052</td> |
| <td>A-62258372<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2014-10050</td> |
| <td>A-37546901<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2014-10055</td> |
| <td>A-37545605<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2014-10051</td> |
| <td>A-37546302<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2014-10048</td> |
| <td>A-62258088<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2014-10062</td> |
| <td>A-62258373<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2014-10058</td> |
| <td>A-62260741<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2014-10047</td> |
| <td>A-37538492<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2014-10045</td> |
| <td>A-62258536<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2014-10056</td> |
| <td>A-62261338<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2014-9976</td> |
| <td>A-37534895<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2014-10043</td> |
| <td>A-62259947<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2014-10044</td> |
| <td>A-62260777<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2014-10046</td> |
| <td>A-62261408<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2014-9981</td> |
| <td>A-37534949<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2014-9993</td> |
| <td>A-37540928<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2014-9986</td> |
| <td>A-37534645<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2014-9994</td> |
| <td>A-37538493<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2014-9995</td> |
| <td>A-37546303<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2014-9997</td> |
| <td>A-37546854<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2014-9988</td> |
| <td>A-62258089<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2014-9990</td> |
| <td>A-62261216<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2014-9987</td> |
| <td>A-62261293<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2014-9989</td> |
| <td>A-62261380<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2014-9991</td> |
| <td>A-62261409<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2014-10039</td> |
| <td>A-62261608<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2014-9985</td> |
| <td>A-62261609<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9204</td> |
| <td>A-37540929<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-0574</td> |
| <td>A-37546304<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9205</td> |
| <td>A-37534696<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9221</td> |
| <td>A-37534796<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9212</td> |
| <td>A-37535795<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9210</td> |
| <td>A-62258538<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9211</td> |
| <td>A-62261217<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9207</td> |
| <td>A-62261410<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9202</td> |
| <td>A-37540473<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9213</td> |
| <td>A-37547700<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9209</td> |
| <td>A-38193247<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9203</td> |
| <td>A-62261218<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9206</td> |
| <td>A-62261294<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9215</td> |
| <td>A-62251854<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9216</td> |
| <td>A-62260780<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9169</td> |
| <td>A-37535098<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9173</td> |
| <td>A-37536244<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9179</td> |
| <td>A-37542567<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9177</td> |
| <td>A-37544075<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9187</td> |
| <td>A-37544109<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9162</td> |
| <td>A-37544110<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9172</td> |
| <td>A-37545607<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9181</td> |
| <td>A-37546754<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9219</td> |
| <td>A-37546859<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9183</td> |
| <td>A-37546860<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9182</td> |
| <td>A-37546904<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9185</td> |
| <td>A-37546952<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9184</td> |
| <td>A-37546953<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9170</td> |
| <td>A-37546954<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9175</td> |
| <td>A-37547404<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9171</td> |
| <td>A-37547405<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9192</td> |
| <td>A-37547750<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9208</td> |
| <td>A-62258540<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9224</td> |
| <td>A-62259949<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9201</td> |
| <td>A-62260711<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9200</td> |
| <td>A-62260779<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9198</td> |
| <td>A-62261219<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9196</td> |
| <td>A-62261339<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9199</td> |
| <td>A-62261411<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9174</td> |
| <td>A-62258090<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9178</td> |
| <td>A-62258541<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9180</td> |
| <td>A-62260712<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9176</td> |
| <td>A-62260713<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9189</td> |
| <td>A-62260820<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9188</td> |
| <td>A-62260821<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-0576</td> |
| <td>A-37543715<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9156</td> |
| <td>A-62260743<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9195</td> |
| <td>A-62251855<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9197</td> |
| <td>A-62260742<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9218</td> |
| <td>A-62260781<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9217</td> |
| <td>A-62261295<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9166</td> |
| <td>A-62251856<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9164</td> |
| <td>A-62258542<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9190</td> |
| <td>A-62259744<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9159</td> |
| <td>A-62259745<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9167</td> |
| <td>A-62259950<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9191</td> |
| <td>A-62260394<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9161</td> |
| <td>A-62260462<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9163</td> |
| <td>A-62260822<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9158</td> |
| <td>A-62261381<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9152</td> |
| <td>A-37546305<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9144</td> |
| <td>A-37540474<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9165</td> |
| <td>A-37539224<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9223</td> |
| <td>A-37543718<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9222</td> |
| <td>A-62258374<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9193</td> |
| <td>A-62259951<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9194</td> |
| <td>A-62261296<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9153</td> |
| <td>A-62260395<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9151</td> |
| <td>A-62260396<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9148</td> |
| <td>A-62260463<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9149</td> |
| <td>A-62260744<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9146</td> |
| <td>A-62260745<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9186</td> |
| <td>A-62261340<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9150</td> |
| <td>A-62261341<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9147</td> |
| <td>A-62261488<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-8593</td> |
| <td>A-37535091<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9160</td> |
| <td>A-37546254<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-8594</td> |
| <td>A-37546855<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9145</td> |
| <td>A-37535099<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9143</td> |
| <td>A-62260900<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9157</td> |
| <td>A-62260934<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9141</td> |
| <td>A-62261297<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9140</td> |
| <td>A-62259746<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9135</td> |
| <td>A-37546950<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9138</td> |
| <td>A-62259952<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9136</td> |
| <td>A-62260823<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9137</td> |
| <td>A-62260975<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9131</td> |
| <td>A-37542272<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9139</td> |
| <td>A-62251857<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9130</td> |
| <td>A-62252820<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9129</td> |
| <td>A-62260397<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9133</td> |
| <td>A-62260464<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9127</td> |
| <td>A-62260824<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9132</td> |
| <td>A-62260976<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9134</td> |
| <td>A-62261382<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9128</td> |
| <td>A-62261610<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9065</td> |
| <td>A-37538494<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9064</td> |
| <td>A-37546801<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9063</td> |
| <td>A-37546802<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9126</td> |
| <td>A-62258375<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9124</td> |
| <td>A-62252821<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9142</td> |
| <td>A-62260901<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9066</td> |
| <td>A-37540467<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2014-9998</td> |
| <td>A-62260398<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9220</td> |
| <td>A-62261299<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9122</td> |
| <td>A-62261611<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9123</td> |
| <td>A-62259953<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9118</td> |
| <td>A-62261220<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9120</td> |
| <td>A-62261298<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9119</td> |
| <td>A-62261489<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9116</td> |
| <td>A-37540934<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9115</td> |
| <td>A-37544076<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9113</td> |
| <td>A-37544077<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9112</td> |
| <td>A-62258091<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9114</td> |
| <td>A-62259954<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9111</td> |
| <td>A-62260465<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9108</td> |
| <td>A-62260714<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9109</td> |
| <td>A-62260977<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2015-9110</td> |
| <td>A-62261383<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-10492</td> |
| <td>A-62261300<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-10482</td> |
| <td>A-62260978<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-10483</td> |
| <td>A-62258092<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-10489</td> |
| <td>A-62258093<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-10487</td> |
| <td>A-62259955<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-10477</td> |
| <td>A-62260399<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-10485</td> |
| <td>A-62260902<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-10478</td> |
| <td>A-62260979<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-10476</td> |
| <td>A-62260980<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-10475</td> |
| <td>A-62260981<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-10474</td> |
| <td>A-62260982<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-10494</td> |
| <td>A-62261102<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-10484</td> |
| <td>A-62261342<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-10491</td> |
| <td>A-62261490<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-10486</td> |
| <td>A-62267788<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-10472</td> |
| <td>A-62259956<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-10490</td> |
| <td>A-62260468<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-10480</td> |
| <td>A-62261301<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-10467</td> |
| <td>A-37526814<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-10495</td> |
| <td>A-62261103<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-10481</td> |
| <td>A-62260401<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-10479</td> |
| <td>A-62261412<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-10384</td> |
| <td>A-37536238<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-10385</td> |
| <td>A-37544067<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-10452</td> |
| <td>A-37523164<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-10423</td> |
| <td>A-37534896<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-10424</td> |
| <td>A-37540034<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-10449</td> |
| <td>A-37546861<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-10454</td> |
| <td>A-37544078<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-10450</td> |
| <td>A-62260825<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-10451</td> |
| <td>A-62267789<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-10386</td> |
| <td>A-37534646<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-10469</td> |
| <td>A-37542273<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-10440</td> |
| <td>A-37535092<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-10499</td> |
| <td>A-62259957<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-10446</td> |
| <td>A-37547406<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-10473</td> |
| <td>A-62260746<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-10466</td> |
| <td>A-62260783<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-10457</td> |
| <td>A-62260826<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-10442</td> |
| <td>A-62267790<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-10433</td> |
| <td>A-37540468<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-10430</td> |
| <td>A-37540930<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-10445</td> |
| <td>A-37545608<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-10426</td> |
| <td>A-62252822<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-10435</td> |
| <td>A-62260402<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-10425</td> |
| <td>A-62260983<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-10438</td> |
| <td>A-62261302<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-10436</td> |
| <td>A-62261494<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-10439</td> |
| <td>A-62263656<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-10431</td> |
| <td>A-37540931<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-10434</td> |
| <td>A-37540932<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-10432</td> |
| <td>A-37546902<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-10462</td> |
| <td>A-37539225<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-10443</td> |
| <td>A-37540475<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-10427</td> |
| <td>A-62261495<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-10387</td> |
| <td>A-32583751<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-10390</td> |
| <td>A-37536239<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-10498</td> |
| <td>A-32582870<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-10419</td> |
| <td>A-32577129<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-10420</td> |
| <td>A-32579916<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-10429</td> |
| <td>A-32579411<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-10493</td> |
| <td>A-32574787<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-10447</td> |
| <td>A-37542968<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-10444</td> |
| <td>A-37544163<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-5348</td> |
| <td>A-37546905<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-10421</td> |
| <td>A-32579095<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-10455</td> |
| <td>A-32580964<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-10441</td> |
| <td>A-32582927<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-10418</td> |
| <td>A-37547407<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-10417</td> |
| <td>A-32576287<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-10464</td> |
| <td>A-32580243<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-10458</td> |
| <td>A-32583424<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-10471</td> |
| <td>A-37539226<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-10416</td> |
| <td>A-62259747<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-10411</td> |
| <td>A-62260404<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-10496</td> |
| <td>A-62260469<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-10410</td> |
| <td>A-62260936<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-10414</td> |
| <td>A-62260937<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-10461</td> |
| <td>A-62263657<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-10460</td> |
| <td>A-62271227<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-10392</td> |
| <td>A-37544068<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-10409</td> |
| <td>A-37544164<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-10459</td> |
| <td>A-62260716<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-10407</td> |
| <td>A-62261222<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-10406</td> |
| <td>A-62267791<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-10497</td> |
| <td>A-62271228<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-10501</td> |
| <td>A-62261303<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>High</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-10381</td> |
| <td>A-37539788<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>Moderate</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-10380</td> |
| <td>A-37541976<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>Moderate</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-10412</td> |
| <td>A-37536245<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>Moderate</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-10415</td> |
| <td>A-62260403<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>Moderate</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-10422</td> |
| <td>A-37542966<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>Moderate</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-10456</td> |
| <td>A-62261413<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>Moderate</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-10428</td> |
| <td>A-37534697<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>Moderate</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-10448</td> |
| <td>A-62261414<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>Moderate</td> |
| <td>Closed-source component</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-10437</td> |
| <td>A-62260715<a href="#asterisk">*</a></td> |
| <td>N/A</td> |
| <td>Moderate</td> |
| <td>Closed-source component</td> |
| </tr> |
| </table> |
| |
| <h2 id="common-questions-and-answers">Common questions and answers</h2> |
| <p> |
| This section answers common questions that may occur after reading this |
| bulletin.</p> |
| <p><strong>1. How do I determine if my device is updated to address these issues? |
| </strong></p> |
| <p>To learn how to check a device's security patch level, see |
| <a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">Check |
| and update your Android version</a>.</p> |
| <ul> |
| <li>Security patch levels of 2018-04-01 or later address all issues associated |
| with the 2018-04-01 security patch level.</li> |
| <li>Security patch levels of 2018-04-05 or later address all issues associated |
| with the 2018-04-05 security patch level and all previous patch levels.</li> |
| </ul> |
| <p> |
| Device manufacturers that include these updates should set the patch string |
| level to: |
| </p> |
| <ul> |
| <li>[ro.build.version.security_patch]:[2018-04-01]</li> |
| <li>[ro.build.version.security_patch]:[2018-04-05]</li> |
| </ul> |
| <p> |
| <strong>2. Why does this bulletin have two security patch levels?</strong> |
| </p> |
| <p> |
| This bulletin has two security patch levels so that Android partners have the |
| flexibility to fix a subset of vulnerabilities that are similar across all |
| Android devices more quickly. Android partners are encouraged to fix all issues |
| in this bulletin and use the latest security patch level. |
| </p> |
| <ul> |
| <li>Devices that use the 2018-04-01 security patch level must include all issues |
| associated with that security patch level, as well as fixes for all issues |
| reported in previous security bulletins.</li> |
| <li>Devices that use the security patch level of 2018-04-05 or newer must |
| include all applicable patches in this (and previous) security |
| bulletins.</li> |
| </ul> |
| <p> |
| Partners are encouraged to bundle the fixes for all issues they are addressing |
| in a single update. |
| </p> |
| <p id="type"> |
| <strong>3. What do the entries in the <em>Type</em> column mean?</strong> |
| </p> |
| <p> |
| Entries in the <em>Type</em> column of the vulnerability details table reference |
| the classification of the security vulnerability. |
| </p> |
| <table> |
| <col width="25%"> |
| <col width="75%"> |
| <tr> |
| <th>Abbreviation</th> |
| <th>Definition</th> |
| </tr> |
| <tr> |
| <td>RCE</td> |
| <td>Remote code execution</td> |
| </tr> |
| <tr> |
| <td>EoP</td> |
| <td>Elevation of privilege</td> |
| </tr> |
| <tr> |
| <td>ID</td> |
| <td>Information disclosure</td> |
| </tr> |
| <tr> |
| <td>DoS</td> |
| <td>Denial of service</td> |
| </tr> |
| <tr> |
| <td>N/A</td> |
| <td>Classification not available</td> |
| </tr> |
| </table> |
| <p> |
| <strong>4. What do the entries in the <em>References</em> column mean?</strong> |
| </p> |
| <p> |
| Entries under the <em>References</em> column of the vulnerability details table |
| may contain a prefix identifying the organization to which the reference value |
| belongs. |
| </p> |
| <table> |
| <col width="25%"> |
| <col width="75%"> |
| <tr> |
| <th>Prefix</th> |
| <th>Reference</th> |
| </tr> |
| <tr> |
| <td>A-</td> |
| <td>Android bug ID</td> |
| </tr> |
| <tr> |
| <td>QC-</td> |
| <td>Qualcomm reference number</td> |
| </tr> |
| <tr> |
| <td>M-</td> |
| <td>MediaTek reference number</td> |
| </tr> |
| <tr> |
| <td>N-</td> |
| <td>NVIDIA reference number</td> |
| </tr> |
| <tr> |
| <td>B-</td> |
| <td>Broadcom reference number</td> |
| </tr> |
| </table> |
| <p id="asterisk"> |
| <strong>5. What does a * next to the Android bug ID in the <em>References</em> |
| column mean?</strong> |
| </p> |
| <p> |
| Issues that are not publicly available have a * next to the Android bug ID in |
| the <em>References</em> column. The update for that issue is generally contained |
| in the latest binary drivers for Nexus devices available from the <a |
| href="https://developers.google.com/android/nexus/drivers">Google Developer |
| site</a>. |
| </p> |
| <p> |
| <strong>6. Why are security vulnerabilities split between this bulletin and |
| device/partner security bulletins, such as the Pixel / Nexus bulletin?</strong> |
| </p> |
| <p> |
| Security vulnerabilities that are documented in this security bulletin are |
| required in order to declare the latest security patch level on Android devices. |
| Additional security vulnerabilities that are documented in the device/partner |
| security bulletins are not required for declaring a security patch level. |
| Android device and chipset manufacturers are encouraged to document the presence |
| of other fixes on their devices through their own security websites, such as the |
| <a href="https://security.samsungmobile.com/securityUpdate.smsb">Samsung</a>, |
| <a href="https://lgsecurity.lge.com/security_updates.html">LGE</a>, or |
| <a href="/security/bulletin/pixel/">Pixel / Nexus</a> |
| security bulletins. |
| </p> |
| <h2 id="versions">Versions</h2> |
| <table> |
| <col width="25%"> |
| <col width="25%"> |
| <col width="50%"> |
| <tr> |
| <th>Version</th> |
| <th>Date</th> |
| <th>Notes</th> |
| </tr> |
| <tr> |
| <td>1.0</td> |
| <td>April 2, 2018</td> |
| <td>Bulletin published.</td> |
| </tr> |
| <tr> |
| <td>1.1</td> |
| <td>April 4, 2018</td> |
| <td>Bulletin revised to include AOSP links.</td> |
| </tr> |
| <tr> |
| <td>1.2</td> |
| <td>May 1, 2018</td> |
| <td>Bulletin revised to remove CVE-2017-5754 from the Kernel Components section. It now appears |
| in the May 2018 bulletin.</td> |
| </tr> |
| </table> |
| </body></html> |