Google released the Android Security Bulletin—November 2017 that address 31 vulnerabilities, 9 of which are critical remote code execution flaws.
The Android Security Bulletin includes three different security patch levels.
“Android partners were notified of all issues in the 2017-11-01 and 2017-11-05 patch levels at least a month before publication. Android partners were notified of all issues in the 2017-11-06 patch level within the last month. Source code patches for these issues will be released to the Android Open Source Project (AOSP) repository in the next 48 hours. We will revise this bulletin with the AOSP links when they are available.” states the Android Security Bulletin—November 2017.
The 2017-11-01 security patch level addresses 11 issues, 6 of which are Critical RCE, 3 High severity elevation of privilege bugs, and 2 High severity information disclosure vulnerabilities.
The largest number of vulnerabilities affects the Media framework, the security patchers addressed 7 issues.
|CVE||References||Type||Severity||Updated AOSP versions|
|CVE-2017-0832||A-62887820||RCE||Critical||6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0|
|CVE-2017-0833||A-62896384||RCE||Critical||6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0|
|CVE-2017-0834||A-63125953||RCE||Critical||6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0|
|CVE-2017-0835||A-63316832||RCE||Critical||6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0|
|CVE-2017-0836||A-64893226||RCE||Critical||5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0|
|CVE-2017-0839||A-64478003||ID||High||5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0|
|CVE-2017-0840||A-62948670||ID||High||5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0|
The 2017-11-05 security patch level addressed 11 vulnerabilities, including 3 Critical RCE vulnerabilities, 7 High risk elevation of privilege bugs, and 1 High severity information disclosure. Qualcomm components were most impacted, the bulletin addressed 7 issues, one of the vulnerabilities could be exploited by a remote attacker to execute arbitrary code within the context of a privileged process.
The 2017-11-06 security patch level addresses 9 vulnerabilities related to the KRACK attack.
Starting in October 2017, Google began releasing a separate security bulletin for Nexus and Pixel devices.
The Pixel / Nexus Security Bulletin—November 2017 includes patches for over 50 bugs affecting components such as Framework, Media framework, Runtime, System, and Kernel, MediaTek, NVIDIA, and Qualcomm components.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.