| <html devsite> |
| <head> |
| <title>Pixel / Nexus Security Bulletin—October 2017</title> |
| <meta name="project_path" value="/_project.yaml" /> |
| <meta name="book_path" value="/_book.yaml" /> |
| </head> |
| <body> |
| <!-- |
| Copyright 2017 The Android Open Source Project |
| |
| Licensed under the Apache License, Version 2.0 (the "License"); |
| you may not use this file except in compliance with the License. |
| You may obtain a copy of the License at |
| |
| //www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, software |
| distributed under the License is distributed on an "AS IS" BASIS, |
| WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| See the License for the specific language governing permissions and |
| limitations under the License. |
| --> |
| <p><em>Published October 2, 2017 | Updated October 3, 2017</em></p> |
| |
| <p>The Pixel / Nexus Security Bulletin contains details of security vulnerabilities |
| and functional improvements affecting |
| <a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices"> |
| supported Google Pixel and Nexus devices</a> (Google devices). For |
| Google devices, security patch levels of October 05, 2017 or later |
| address all issues in this bulletin and all issues in the |
| <a href="/security/bulletin/2017-10-01">October 2017 Android Security Bulletin</a>. |
| To learn how to check a device's security patch level, see |
| <a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices"> |
| Check & update your Android version</a>.</p> |
| |
| |
| <p>All supported Google devices will receive an update to the 2017-10-05 patch |
| level. We encourage all customers to accept these updates to their devices.</p> |
| |
| <p class="note"><strong>Note:</strong> The Google device firmware images are |
| available on the <a href="https://developers.google.com/android/nexus/images"> |
| Google Developer site</a>.</p> |
| |
| <h2 id="announcements">Announcements</h2> |
| <ul> |
| <li>In addition to the security vulnerabilities described in the |
| <a href="/security/bulletin/2017-10-01">October 2017 Android Security |
| Bulletin</a>, Pixel and Nexus devices also contain patches for the |
| security vulnerabilities described below. Partners were notified of |
| these issues at least a month ago and may choose to |
| incorporate them as part of their device updates. |
| </li> |
| <li>Security bulletin acknowledgements are listed directly in the |
| <a href="/security/overview/acknowledgements.html">Android Security |
| Acknowledgements</a> page.</li> |
| </ul> |
| |
| <h2 id="patches">Security patches</h2> |
| Vulnerabilities are grouped under the component that they affect. There is a |
| description of the issue and a table with the CVE, associated references, |
| <a href="#type">type of vulnerability</a>, |
| <a href="/security/overview/updates-resources.html#severity">severity</a>, |
| and updated Android Open Source Project (AOSP) versions (where applicable). |
| When available, we link the public change that addressed the issue to the bug |
| ID, like the AOSP change list. When multiple changes relate to a single bug, |
| additional references are linked to numbers following the bug ID.</p> |
| |
| <h3 id="framework">Framework</h3> |
| |
| <table> |
| <col width="17%"> |
| <col width="19%"> |
| <col width="9%"> |
| <col width="14%"> |
| <col width="39%"> |
| <tr> |
| <th>CVE</th> |
| <th>References</th> |
| <th>Type</th> |
| <th>Severity</th> |
| <th>Updated AOSP versions</th> |
| </tr> |
| <tr> |
| <td>CVE-2017-0807</td> |
| <td>A-35056974<a href="#asterisk">*</a></td> |
| <td>EoP</td> |
| <td>High</td> |
| <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> |
| </tr> |
| <tr> |
| <td>CVE-2017-0808</td> |
| <td><a href="https://android.googlesource.com/platform/libcore/+/809681f310663288e83587089abb7715c68f6924">A-62301183</a> |
| [<a href="https://android.googlesource.com/platform/libcore/+/100a8006a7baab1bb62820eb62577c0b0849fbc3">2</a>]</td> |
| <td>ID</td> |
| <td>Moderate</td> |
| <td>7.0, 7.1.1, 7.1.2, 8.0</td> |
| </tr> |
| </table> |
| |
| <h3 id="media-framework">Media framework</h3> |
| |
| <table> |
| <col width="17%"> |
| <col width="19%"> |
| <col width="9%"> |
| <col width="14%"> |
| <col width="39%"> |
| <tr> |
| <th>CVE</th> |
| <th>References</th> |
| <th>Type</th> |
| <th>Severity</th> |
| <th>Updated AOSP versions</th> |
| </tr> |
| <tr> |
| <td>CVE-2017-0813</td> |
| <td><a href="https://android.googlesource.com/platform/frameworks/av/+/7fa3f552a6f34ed05c15e64ea30b8eed53f77a41">A-36531046</a></td> |
| <td>DoS</td> |
| <td>Moderate</td> |
| <td>7.0, 7.1.1, 7.1.2</td> |
| </tr> |
| <tr> |
| <td rowspan="2">CVE-2017-0814</td> |
| <td rowspan="2"><a href="https://android.googlesource.com/platform/external/tremolo/+/eeb4e45d5683f88488c083ecf142dc89bc3f0b47">A-62800140</a></td> |
| <td>ID</td> |
| <td>Moderate</td> |
| <td>7.0, 7.1.1, 7.1.2, 8.0</td> |
| </tr> |
| <tr> |
| <td>DoS</td> |
| <td>High</td> |
| <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> |
| </tr> |
| <tr> |
| <td>CVE-2017-0817</td> |
| <td><a href="https://android.googlesource.com/platform/frameworks/av/+/d834160d9759f1098df692b34e6eeb548f9e317b">A-63522430</a></td> |
| <td>ID</td> |
| <td>Moderate</td> |
| <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0</td> |
| </tr> |
| <tr> |
| <td rowspan="2">CVE-2017-0818</td> |
| <td rowspan="2"><a href="https://android.googlesource.com/platform/frameworks/av/+/d07f5c14e811951ff9b411ceb84e7288e0d04aaf">A-63581671</a></td> |
| <td>NSI</td> |
| <td>NSI</td> |
| <td>7.0, 7.1.1, 7.1.2, 8.0</td> |
| </tr> |
| <tr> |
| <td>DoS</td> |
| <td>High</td> |
| <td>6.0, 6.0.1</td> |
| </tr> |
| <tr> |
| <td rowspan="2">CVE-2017-0819</td> |
| <td rowspan="2"><a href="https://android.googlesource.com/platform/external/libhevc/+/87fb7909c49e6a4510ba86ace1ffc83459c7e1b9">A-63045918</a></td> |
| <td>NSI</td> |
| <td>NSI</td> |
| <td>7.0, 7.1.1, 7.1.2, 8.0</td> |
| </tr> |
| <tr> |
| <td>DoS</td> |
| <td>High</td> |
| <td>6.0, 6.0.1</td> |
| </tr> |
| <tr> |
| <td rowspan="2">CVE-2017-0820</td> |
| <td rowspan="2"><a href="https://android.googlesource.com/platform/frameworks/av/+/8a3a2f6ea7defe1a81bb32b3c9f3537f84749b9d">A-62187433</a></td> |
| <td>NSI</td> |
| <td>NSI</td> |
| <td>7.0, 7.1.1, 7.1.2, 8.0</td> |
| </tr> |
| <tr> |
| <td>DoS</td> |
| <td>High</td> |
| <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> |
| </tr> |
| </table> |
| |
| <h3 id="system">System</h3> |
| |
| <table> |
| <col width="17%"> |
| <col width="19%"> |
| <col width="9%"> |
| <col width="14%"> |
| <col width="39%"> |
| <tr> |
| <th>CVE</th> |
| <th>References</th> |
| <th>Type</th> |
| <th>Severity</th> |
| <th>Updated AOSP versions</th> |
| </tr> |
| <tr> |
| <td>CVE-2017-0822</td> |
| <td><a href="https://android.googlesource.com/platform/frameworks/base/+/c574568aaede7f652432deb7707f20ae54bbdf9a">A-63787722</a></td> |
| <td>EoP</td> |
| <td>Moderate</td> |
| <td>6.0.1, 7.0, 7.1.1, 7.1.2, 8.0</td> |
| </tr> |
| <tr> |
| <td>CVE-2017-0823</td> |
| <td><a href="https://android.googlesource.com/platform/hardware/ril/+/cd5f15f588a5d27e99ba12f057245bfe507f8c42">A-37896655</a></td> |
| <td>ID</td> |
| <td>Moderate</td> |
| <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2</td> |
| </tr> |
| </table> |
| |
| <h3 id="broadcom-components">Broadcom components</h3> |
| |
| <table> |
| <col width="17%"> |
| <col width="19%"> |
| <col width="9%"> |
| <col width="14%"> |
| <col width="39%"> |
| <tr> |
| <th>CVE</th> |
| <th>References</th> |
| <th>Type</th> |
| <th>Severity</th> |
| <th>Component</th> |
| </tr> |
| <tr> |
| <td>CVE-2017-0824</td> |
| <td>A-37622847<a href="#asterisk">*</a><br /> |
| B-V2017063001</td> |
| <td>EoP</td> |
| <td>Moderate</td> |
| <td>WiFi driver</td> |
| </tr> |
| <tr> |
| <td>CVE-2017-0825</td> |
| <td>A-37305633<a href="#asterisk">*</a><br /> |
| B-V2017063002</td> |
| <td>ID</td> |
| <td>Moderate</td> |
| <td>WiFi driver</td> |
| </tr> |
| </table> |
| |
| <h3 id="htc-components">HTC components</h3> |
| |
| <table> |
| <col width="17%"> |
| <col width="19%"> |
| <col width="9%"> |
| <col width="14%"> |
| <col width="39%"> |
| <tr> |
| <th>CVE</th> |
| <th>References</th> |
| <th>Type</th> |
| <th>Severity</th> |
| <th>Component</th> |
| </tr> |
| <tr> |
| <td>CVE-2017-0826</td> |
| <td>A-34949781<a href="#asterisk">*</a></td> |
| <td>EoP</td> |
| <td>Moderate</td> |
| <td>Bootloader</td> |
| </tr> |
| </table> |
| |
| <h3 id="huawei-components">Huawei components</h3> |
| |
| <table> |
| <col width="17%"> |
| <col width="19%"> |
| <col width="9%"> |
| <col width="14%"> |
| <col width="39%"> |
| <tr> |
| <th>CVE</th> |
| <th>References</th> |
| <th>Type</th> |
| <th>Severity</th> |
| <th>Component</th> |
| </tr> |
| <tr> |
| <td>CVE-2017-0828</td> |
| <td>A-34622855<a href="#asterisk">*</a></td> |
| <td>EoP</td> |
| <td>Moderate</td> |
| <td>Bootloader</td> |
| </tr> |
| </table> |
| |
| <h3 id="kernel-components">Kernel components</h3> |
| |
| <table> |
| <col width="17%"> |
| <col width="19%"> |
| <col width="9%"> |
| <col width="14%"> |
| <col width="39%"> |
| <tr> |
| <th>CVE</th> |
| <th>References</th> |
| <th>Type</th> |
| <th>Severity</th> |
| <th>Component</th> |
| </tr> |
| <tr> |
| <td>CVE-2017-7187</td> |
| <td>A-63666227<br /> |
| <a |
| href="https://git.kernel.org/pub/scm/linux/kernel/git/mkp/scsi.git/commit/?h=4.11/scsi-fixes&id=bf33f87dd04c371ea33feb821b60d63d754e3124"> |
| Upstream kernel</a></td> |
| <td>EoP</td> |
| <td>Moderate</td> |
| <td>SCSI driver</td> |
| </tr> |
| </table> |
| |
| <h3 id="motorola-components">Motorola components</h3> |
| |
| <table> |
| <col width="17%"> |
| <col width="19%"> |
| <col width="9%"> |
| <col width="14%"> |
| <col width="39%"> |
| <tr> |
| <th>CVE</th> |
| <th>References</th> |
| <th>Type</th> |
| <th>Severity</th> |
| <th>Component</th> |
| </tr> |
| <tr> |
| <td>CVE-2017-0829</td> |
| <td>A-62345044<a href="#asterisk">*</a></td> |
| <td>EoP</td> |
| <td>Moderate</td> |
| <td>Bootloader</td> |
| </tr> |
| </table> |
| |
| <h3 id="qualcomm-components">Qualcomm components</h3> |
| |
| <table> |
| <col width="17%"> |
| <col width="19%"> |
| <col width="9%"> |
| <col width="14%"> |
| <col width="39%"> |
| <tr> |
| <th>CVE</th> |
| <th>References</th> |
| <th>Type</th> |
| <th>Severity</th> |
| <th>Component</th> |
| </tr> |
| <tr> |
| <td>CVE-2017-9686</td> |
| <td>A-62827928<br /> |
| <a |
| href="https://www.codeaurora.org/gitweb/quic/la/?p=kernel/msm-3.18.git;a=commit;h=de875dd095d3ec0906c77518d28f793e6c69a9da"> |
| QC-CR#1115359</a></td> |
| <td>EoP</td> |
| <td>Moderate</td> |
| <td>SPS driver</td> |
| </tr> |
| <tr> |
| <td>CVE-2017-11050</td> |
| <td>A-62085265<br /> |
| <a |
| href="https://source.codeaurora.org/quic/la//platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=725674586f5bc009ef5175d29eb0fd677e0ef1f2"> |
| QC-CR#2064785</a></td> |
| <td>EoP</td> |
| <td>Moderate</td> |
| <td>WLAN</td> |
| </tr> |
| <tr> |
| <td>CVE-2017-11067</td> |
| <td>A-62058746<a href="#asterisk">*</a><br /> |
| QC-CR#2062012</td> |
| <td>EoP</td> |
| <td>Moderate</td> |
| <td>WLAN</td> |
| </tr> |
| <tr> |
| <td>CVE-2017-11057</td> |
| <td>A-37949660<a href="#asterisk">*</a><br /> |
| QC-CR#2059812</td> |
| <td>EoP</td> |
| <td>Moderate</td> |
| <td>Camera</td> |
| </tr> |
| <tr> |
| <td>CVE-2017-11056</td> |
| <td>A-37893116<a href="#asterisk">*</a><br /> |
| QC-CR#2060504</td> |
| <td>EoP</td> |
| <td>Moderate</td> |
| <td>Crypto driver</td> |
| </tr> |
| <tr> |
| <td>CVE-2017-11046</td> |
| <td>A-37623773<a href="#asterisk">*</a><br /> |
| QC-CR#2059656</td> |
| <td>EoP</td> |
| <td>Moderate</td> |
| <td>Audio driver</td> |
| </tr> |
| <tr> |
| <td>CVE-2017-11059</td> |
| <td>A-37284397<a href="#asterisk">*</a><br /> |
| QC-CR#2057375</td> |
| <td>EoP</td> |
| <td>Moderate</td> |
| <td>Crypto Driver</td> |
| </tr> |
| <tr> |
| <td>CVE-2017-9706</td> |
| <td>A-34170483<a href="#asterisk">*</a><br /> |
| QC-CR#2030399</td> |
| <td>EoP</td> |
| <td>Moderate</td> |
| <td>Video driver</td> |
| </tr> |
| <tr> |
| <td>CVE-2017-11048</td> |
| <td>A-37093119<a href="#asterisk">*</a><br /> |
| QC-CR#2052691</td> |
| <td>EoP</td> |
| <td>Moderate</td> |
| <td>Video driver</td> |
| </tr> |
| <tr> |
| <td>CVE-2017-9697</td> |
| <td>A-63868628<br /> |
| <a |
| href="https://www.codeaurora.org/gitweb/quic/la/?p=kernel/msm-4.4.git;a=commit;h=7e45e3a6c1f6dd46d71fb6824a7cf702d2e79225"> |
| QC-CR#2032672</a></td> |
| <td>EoP</td> |
| <td>Moderate</td> |
| <td>SoC driver</td> |
| </tr> |
| <tr> |
| <td>CVE-2017-11051</td> |
| <td>A-62456806<br /> |
| <a |
| href="https://source.codeaurora.org/quic/la//platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=c8f263f0e3b0b6cba38fae9b2330d77f802c51d8"> |
| QC-CR#2061755</a></td> |
| <td>ID</td> |
| <td>Moderate</td> |
| <td>WLAN</td> |
| </tr> |
| <tr> |
| <td>CVE-2017-9715</td> |
| <td>A-36730104<a href="#asterisk">*</a><br /> |
| QC-CR#2054958<br /> |
| QC-CR#2057034</td> |
| <td>ID</td> |
| <td>Moderate</td> |
| <td>WLAN</td> |
| </tr> |
| <tr> |
| <td>CVE-2017-11061</td> |
| <td>A-36816726<a href="#asterisk">*</a><br /> |
| QC-CR#2054693<br /> |
| QC-CR#2059701</td> |
| <td>ID</td> |
| <td>Moderate</td> |
| <td>WLAN</td> |
| </tr> |
| <tr> |
| <td>CVE-2017-11060</td> |
| <td>A-36817548<a href="#asterisk">*</a><br /> |
| QC-CR#2058447<br /> |
| QC-CR#2054770</td> |
| <td>ID</td> |
| <td>Moderate</td> |
| <td>WLAN</td> |
| </tr> |
| <tr> |
| <td>CVE-2017-9717</td> |
| <td>A-36817053<a href="#asterisk">*</a><br /> |
| QC-CR#2051450</td> |
| <td>ID</td> |
| <td>Moderate</td> |
| <td>WLAN</td> |
| </tr> |
| <tr> |
| <td>CVE-2017-11052</td> |
| <td>A-37687303<a href="#asterisk">*</a><br /> |
| QC-CR#2061688</td> |
| <td>ID</td> |
| <td>Moderate</td> |
| <td>WLAN</td> |
| </tr> |
| <tr> |
| <td>CVE-2017-11054</td> |
| <td>A-37713609<a href="#asterisk">*</a><br /> |
| QC-CR#2061251</td> |
| <td>ID</td> |
| <td>Moderate</td> |
| <td>WLAN</td> |
| </tr> |
| <tr> |
| <td>CVE-2017-11062</td> |
| <td>A-37720349<a href="#asterisk">*</a><br /> |
| QC-CR#2058448</td> |
| <td>ID</td> |
| <td>Moderate</td> |
| <td>WLAN</td> |
| </tr> |
| <tr> |
| <td>CVE-2017-11055</td> |
| <td>A-37721426<a href="#asterisk">*</a><br /> |
| QC-CR#2061241</td> |
| <td>ID</td> |
| <td>Moderate</td> |
| <td>WLAN</td> |
| </tr> |
| <tr> |
| <td>CVE-2017-11064</td> |
| <td>A-36815952<a href="#asterisk">*</a><br /> |
| QC-CR#2054770<br /> |
| QC-CR#2058447 |
| QC-CR#2066628<br /> |
| QC-CR#2087785</td> |
| <td>ID</td> |
| <td>Moderate</td> |
| <td>WLAN</td> |
| </tr> |
| <tr> |
| <td>CVE-2017-9687</td> |
| <td>A-62827190<br /> |
| <a href="https://www.codeaurora.org/gitweb/quic/la/?p=kernel/msm-4.4.git;a=commit;h=8f1a77f5da53edd2b5a1c42ddd766712a90109d6"> |
| QC-CR#2016076</a></td> |
| <td>EoP</td> |
| <td>Low</td> |
| <td>Modem</td> |
| </tr> |
| <tr> |
| <td>CVE-2017-11063</td> |
| <td>A-36716469<a href="#asterisk">*</a><br /> |
| QC-CR#2053027</td> |
| <td>DoS</td> |
| <td>Low</td> |
| <td>Camera driver</td> |
| </tr> |
| </table> |
| |
| |
| <h2 id="functional-patches">Functional patches</h2> |
| <p>There are no functional patches included this month.</p> |
| |
| |
| <h2 id="questions">Common questions and answers</h2> |
| <p>This section answers common questions that may occur after reading this |
| bulletin.</p> |
| |
| <p><strong>1. How do I determine if my device is updated to address these issues? |
| </strong></p> |
| |
| <p>Security patch levels of 2017-10-05 or later address all issues associated |
| with the 2017-10-05 security patch level and all previous patch levels.To learn |
| how to check a device's security patch level, read the instructions on the |
| <a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">Pixel |
| and Nexus update schedule</a>.</p> |
| |
| <p id="type"> |
| <strong>2. What do the entries in the <em>Type</em> column mean?</strong></p> |
| |
| <p>Entries in the <em>Type</em> column of the vulnerability details table reference |
| the classification of the security vulnerability.</p> |
| |
| <table> |
| <col width="25%"> |
| <col width="75%"> |
| <tr> |
| <th>Abbreviation</th> |
| <th>Definition</th> |
| </tr> |
| <tr> |
| <td>RCE</td> |
| <td>Remote code execution</td> |
| </tr> |
| <tr> |
| <td>EoP</td> |
| <td>Elevation of privilege</td> |
| </tr> |
| <tr> |
| <td>ID</td> |
| <td>Information disclosure</td> |
| </tr> |
| <tr> |
| <td>DoS</td> |
| <td>Denial of service</td> |
| </tr> |
| <tr> |
| <td>N/A</td> |
| <td>Classification not available</td> |
| </tr> |
| </table> |
| <p><strong>3. What do the entries in the <em>References</em> column mean?</strong></p> |
| |
| <p>Entries under the <em>References</em> column of the vulnerability details table |
| may contain a prefix identifying the organization to which the reference value |
| belongs.</p> |
| |
| <table> |
| <col width="25%"> |
| <col width="75%"> |
| <tr> |
| <th>Prefix</th> |
| <th>Reference</th> |
| </tr> |
| <tr> |
| <td>A-</td> |
| <td>Android bug ID</td> |
| </tr> |
| <tr> |
| <td>QC-</td> |
| <td>Qualcomm reference number</td> |
| </tr> |
| <tr> |
| <td>M-</td> |
| <td>MediaTek reference number</td> |
| </tr> |
| <tr> |
| <td>N-</td> |
| <td>NVIDIA reference number</td> |
| </tr> |
| <tr> |
| <td>B-</td> |
| <td>Broadcom reference number</td> |
| </tr> |
| </table> |
| |
| <p id="asterisk"><strong>4. What does a * next to the Android bug ID in the <em>References</em> |
| column mean?</strong></p> |
| |
| <p>Issues that are not publicly available have a * next to the Android bug ID in |
| the <em>References</em> column. The update for that issue is generally contained |
| in the latest binary drivers for Nexus devices available from the <a |
| href="https://developers.google.com/android/nexus/drivers">Google Developer |
| site</a>.</p> |
| |
| <p id="split"> |
| <strong>5. Why are security vulnerabilities split between this bulletin and |
| the Android Security Bulletins?</strong> |
| </p> |
| <p> |
| Security vulnerabilities that are documented in the Android Security Bulletins are |
| required in order to declare the latest security patch level on Android devices. |
| Additional security vulnerabilities, such as those documented in this bulletin, |
| are not required for declaring a security patch level. |
| </p> |
| |
| <h2 id="versions">Versions</h2> |
| <table> |
| <col width="25%"> |
| <col width="25%"> |
| <col width="50%"> |
| <tr> |
| <th>Version</th> |
| <th>Date</th> |
| <th>Notes</th> |
| </tr> |
| <tr> |
| <td>1.0</td> |
| <td>October 2, 2017</td> |
| <td>Bulletin published.</td> |
| </tr> |
| <tr> |
| <td>1.1</td> |
| <td>October 3, 2017</td> |
| <td>Bulletin revised to include AOSP links.</td> |
| </tr> |
| </table> |
| </body> |
| </html> |