Google notes it has been split in two, with 30 specific issues fixed in the September 1 dated patch, with 51 more bugs resolved in the September 5 patch. The most critical bug was with an issue that could “enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process” on an Android device. The most severe of all issues patched included a critical vulnerability in the media framework. The newest security update patches 81 CVEs and vulnerabilities.
Thirteen of these are critical vulnerabilities coming from the Media framework, Wi-Fi driver (Broadcom components), networking subsystem (Kernel components), and LibOmxVenc (Qualcomm components). Most, if not all, of these vulnerabilities, allowed remote attacks which executed arbitrary code within the context of a privileged process. We also have around 43 high-severity vulnerabilities coming from all sectors except for the Android system itself. And the 25 remaining vulnerabilities are of moderate severity.
- 2017-09-05: Complete security patch level string. This security patch level string indicates that all issues associated with 2017-09-01 and 2017-09-05 (and all previous security patch level strings) are addressed.
2017-09-05 security patch level—Vulnerability details
In the sections below, we provide details for each of the security vulnerabilities that apply to the 2017-09-05 patch level. Vulnerabilities are grouped under the component that they affect and include details such as the CVE, associated references, type of vulnerability, severity, component (where applicable), and updated AOSP versions (where applicable). When available, we link the public change that addressed the issue to the bug ID, like the AOSP change list. When multiple changes relate to a single bug, additional references are linked to numbers following the bug ID.
Broadcom components
The most severe vulnerability in this section could enable a proximate attacker using a specially crafted file to execute arbitrary code within the context of a privileged process.
| CVE | References | Type | Severity | Component |
|---|---|---|---|---|
| CVE-2017-7065 | A-62575138* B-V2017061202 |
RCE | Critical | Wi-Fi driver |
| CVE-2017-0786 | A-37351060* B-V2017060101 |
EoP | High | Wi-Fi driver |
| CVE-2017-0787 | A-37722970* B-V2017053104 |
EoP | Moderate | Wi-Fi driver |
| CVE-2017-0788 | A-37722328* B-V2017053103 |
EoP | Moderate | Wi-Fi driver |
| CVE-2017-0789 | A-37685267* B-V2017053102 |
EoP | Moderate | Wi-Fi driver |
| CVE-2017-0790 | A-37357704* B-V2017053101 |
EoP | Moderate | Wi-Fi driver |
| CVE-2017-0791 | A-37306719* B-V2017052302 |
EoP | Moderate | Wi-Fi driver |
| CVE-2017-0792 | A-37305578* B-V2017052301 |
ID | Moderate | Wi-Fi driver |
Imgtk components
The most severe vulnerability in this section could enable a local malicious application to access data outside of its permission levels.
| CVE | References | Type | Severity | Component |
|---|---|---|---|---|
| CVE-2017-0793 | A-35764946* | ID | High | Memory subsystem |
Kernel components
The most severe vulnerability in this section could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process.
| CVE | References | Type | Severity | Component |
|---|---|---|---|---|
| CVE-2017-8890 | A-38413975 Upstream kernel |
RCE | Critical | Networking subsystem |
| CVE-2017-9076 | A-62299478 Upstream kernel |
EoP | High | Networking subsystem |
| CVE-2017-9150 | A-62199770 Upstream kernel |
ID | High | Linux kernel |
| CVE-2017-7487 | A-62070688 Upstream kernel |
EoP | High | IPX protocol driver |
| CVE-2017-6214 | A-37901268 Upstream kernel |
DoS | High | Networking subsystem |
| CVE-2017-6346 | A-37897645 Upstream kernel |
EoP | High | Linux kernel |
| CVE-2017-5897 | A-37871211 Upstream kernel |
ID | High | Networking subsystem |
| CVE-2017-7495 | A-62198330 Upstream kernel |
ID | High | File system |
| CVE-2017-7616 | A-37751399 Upstream kernel |
ID | Moderate | Linux kernel |
| CVE-2017-12146 | A-35676417 Upstream kernel |
EoP | Moderate | Linux kernel |
| CVE-2017-0794 | A-35644812* | EoP | Moderate | SCSI driver |
MediaTek components
The most severe vulnerability in this section could enable a local malicious application to execute arbitrary code within the context of a privileged process.
| CVE | References | Type | Severity | Component |
|---|---|---|---|---|
| CVE-2017-0795 | A-36198473* M-ALPS03361480 |
EoP | High | Accessory detector driver |
| CVE-2017-0796 | A-62458865* M-ALPS03353884 M-ALPS03353886 M-ALPS03353887 |
EoP | High | AUXADC driver |
| CVE-2017-0797 | A-62459766* M-ALPS03353854 |
EoP | High | Accessory detector driver |
| CVE-2017-0798 | A-36100671* M-ALPS03365532 |
EoP | High | Kernel |
| CVE-2017-0799 | A-36731602* M-ALPS03342072 |
EoP | High | Lastbus |
| CVE-2017-0800 | A-37683975* M-ALPS03302988 |
EoP | High | TEEI |
| CVE-2017-0801 | A-38447970* M-ALPS03337980 |
EoP | High | LibMtkOmxVdec |
| CVE-2017-0802 | A-36232120* M-ALPS03384818 |
EoP | Moderate | Kernel |
| CVE-2017-0803 | A-36136137* M-ALPS03361477 |
EoP | Moderate | Accessory detector driver |
| CVE-2017-0804 | A-36274676* M-ALPS03361487 |
EoP | Moderate | MMC driver |
Qualcomm components
The most severe vulnerability in this section could enable a remote attacker using a specially crafted file to execute arbitrary code within the context of a privileged process.
| CVE | References | Type | Severity | Component |
|---|---|---|---|---|
| CVE-2017-11041 | A-36130225* QC-CR#2053101 |
RCE | Critical | LibOmxVenc |
| CVE-2017-10996 | A-38198574 QC-CR#901529 |
ID | High | Linux kernel |
| CVE-2017-9725 | A-38195738 QC-CR#896659 |
EoP | High | Memory subsystem |
| CVE-2017-9724 | A-38196929 QC-CR#863303 |
EoP | High | Linux kernel |
| CVE-2017-8278 | A-62379474 QC-CR#2013236 |
EoP | High | Audio driver |
| CVE-2017-10999 | A-36490777* QC-CR#2010713 |
EoP | Moderate | IPA driver |
| CVE-2017-11001 | A-36815555* QC-CR#270292 |
ID | Moderate | Wi-Fi driver |
| CVE-2017-11002 | A-37712167* QC-CR#2058452 QC-CR#2054690 QC-CR#2058455 |
ID | Moderate | Wi-Fi driver |
| CVE-2017-8250 | A-62379051 QC-CR#2003924 |
EoP | Moderate | GPU driver |
| CVE-2017-9677 | A-62379475 QC-CR#2022953 |
EoP | Moderate | Audio driver |
| CVE-2017-10998 | A-38195131 QC-CR#108461 |
EoP | Moderate | Audio driver |
| CVE-2017-9676 | A-62378596 QC-CR#2016517 |
ID | Moderate | File system |
| CVE-2017-8280 | A-62377236 QC-CR#2015858 |
EoP | Moderate | WLAN driver |
| CVE-2017-8251 | A-62379525 QC-CR#2006015 |
EoP | Moderate | Camera driver |
| CVE-2017-10997 | A-33039685* QC-CR#1103077 |
EoP | Moderate | PCI driver |
| CVE-2017-11000 | A-36136563* QC-CR#2031677 |
EoP | Moderate | Camera driver |
| CVE-2017-8247 | A-62378684 QC-CR#2023513 |
EoP | Moderate | Camera driver |
| CVE-2017-9720 | A-36264696* QC-CR#2041066 |
EoP | Moderate | Camera driver |
| CVE-2017-8277 | A-62378788 QC-CR#2009047 |
EoP | Moderate | Video driver |
| CVE-2017-8281 | A-62378232 QC-CR#2015892 |
ID | Moderate | Automotive multimedia |
| CVE-2017-11040 | A-37567102* QC-CR#2038166 |
ID | Moderate | Video driver |
Google device updates
This table contains the security patch level in the latest over-the-air update (OTA) and firmware images for Google devices. The Google device OTAs may also contain additional updates. The Google device firmware images are available on the Google Developer site.
| Google device | Security patch level |
|---|---|
| Pixel / Pixel XL | 2017-09-05 |
| Nexus 5X | 2017-09-05 |
| Nexus 6 | 2017-09-05 |
| Nexus 6P | 2017-09-05 |
| Nexus 9 | 2017-09-05 |
| Nexus Player | 2017-09-05 |
| Pixel C | 2017-09-05 |
