Pixel / Nexus Security Bulletin—June 2018

Published June 4, 2018 | Updated June 6, 2018

The Pixel / Nexus Security Bulletin contains details of security vulnerabilities and functional improvements affecting supported Google Pixel and Nexus devices (Google devices). For Google devices, security patch levels of 2018-06-05 or later address all issues in this bulletin and all issues in the June 2018 Android Security Bulletin. To learn how to check a device's security patch level, see Check & update your Android version.

All supported Google devices will receive an update to the 2018-06-05 patch level. We encourage all customers to accept these updates to their devices.

Note: The Google device firmware images are available on the Google Developer site.

Announcements

In addition to the security vulnerabilities described in the June 2018 Android Security Bulletin, Pixel and Nexus devices also contain patches for the security vulnerabilities described below. Partners were notified of these issues at least a month ago and may choose to incorporate them as part of their device updates.

Security patches

Vulnerabilities are grouped under the component that they affect. There is a description of the issue and a table with the CVE, associated references, type of vulnerability, severity, and updated Android Open Source Project (AOSP) versions (where applicable). When available, we link the public change that addressed the issue to the bug ID, like the AOSP change list. When multiple changes relate to a single bug, additional references are linked to numbers following the bug ID.

Framework

CVE References Type Severity Updated AOSP versions
CVE-2018-9374 A-72710897 EoP Moderate 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1
CVE-2018-9375 A-75298708 EoP Moderate 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1
CVE-2018-9377 A-64752751* ID Moderate 6.0, 6.0.1

Media framework

CVE References Type Severity Updated AOSP versions
CVE-2018-9378 A-73126106 ID Moderate 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1
CVE-2018-9379 A-63766886 [2] ID Moderate 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2, 8.0, 8.1
CVE-2018-9349 A-72510002 ID Moderate 7.0, 7.1.1, 7.1.2, 8.0, 8.1
DoS High 6.0, 6.0.1
CVE-2018-9350 A-73552574 ID Moderate 7.0, 7.1.1, 7.1.2, 8.0, 8.1
DoS High 6.0, 6.0.1
CVE-2018-9351 A-73625898 ID Moderate 7.0, 7.1.1, 7.1.2, 8.0, 8.1
DoS High 6.0, 6.0.1
CVE-2018-9352 A-73965867 [2] ID Moderate 7.0, 7.1.1, 7.1.2, 8.0, 8.1
DoS High 6.0, 6.0.1
CVE-2018-9353 A-73965890 ID Moderate 7.0, 7.1.1, 7.1.2, 8.0, 8.1
DoS High 6.0, 6.0.1
CVE-2018-9354 A-74067957 NSI NSI 7.0, 7.1.1, 7.1.2, 8.0, 8.1
DoS High 6.0, 6.0.1

System

CVE References Type Severity Updated AOSP versions
CVE-2018-9380 A-75298652 EoP Moderate 7.0, 7.1.1, 7.1.2, 8.0, 8.1
CVE-2018-9381 A-73125709 ID Moderate 8.1
CVE-2018-9382 A-35765136* EoP Moderate 6.0, 6.0.1, 7.0, 7.1.1, 7.1.2

Kernel components

CVE References Type Severity Component
CVE-2018-9383 A-73827422* ID Moderate asn1_decoder
CVE-2018-9384 A-74356909
Upstream kernel
ID Moderate Kernel
CVE-2018-9385 A-74128061
Upstream kernel
EoP Moderate amba
CVE-2018-9386 A-71363680* EoP Moderate HTC reboot_block driver
CVE-2018-9387 A-69006385* EoP Moderate mnh_sm driver
CVE-2018-9388 A-68343441* EoP Moderate ftm4_touch
CVE-2018-9389 A-65023306* EoP Moderate ipv4/ipv6
CVE-2018-7480 A-76106168
Upstream kernel
EoP Moderate Block handler
CVE-2017-18075 A-73237057
Upstream kernel
EoP Moderate pcrypt

MediaTek components

CVE References Type Severity Component
CVE-2018-9390 A-76100614*
M-ALPS03849277
EoP Moderate wlanThermo procfs entry
CVE-2018-9391 A-72313579*
M-ALPS03762614
EoP Moderate GPS HAL
CVE-2018-9392 A-72312594*
M-ALPS03762614
EoP Moderate GPS HAL
CVE-2018-9393 A-72312577*
M-ALPS03753748
EoP Moderate MTK wlan
CVE-2018-9394 A-72312468*
M-ALPS03753652
EoP Moderate MTK P2P driver
CVE-2018-9395 A-72312071*
M-ALPS03753735
EoP Moderate MTK cfg80211
CVE-2018-9396 A-71867113*
M-ALPS03740353
EoP Moderate Mediatek CCCI
CVE-2018-9397 A-71866634*
M-ALPS03532675
M-ALPS03479586
EoP Moderate Mediatek WMT device
CVE-2018-9398 A-71866289*
M-ALPS03740468
EoP Moderate FM Radio Driver
CVE-2018-9399 A-71866200*
M-ALPS03740489
EoP Moderate /proc/driver/wmt_dbg driver
CVE-2018-9400 A-71865884*
M-ALPS03753678
EoP Moderate Goodix Touchscreen Driver
CVE-2017-13308 A-70728757*
M-ALPS03751855
EoP Moderate thermal
CVE-2018-9401 A-70511226*
M-ALPS03693409
EoP Moderate cameraisp
CVE-2018-9402 A-70728072*
M-ALPS03684171
EoP Moderate WLAN driver
CVE-2018-9403 A-72313700*
M-ALPS03762413
EoP Moderate HAL
CVE-2018-9404 A-72314374*
M-ALPS03773299
EoP Moderate Radio Interface Layer
CVE-2018-9405 A-72314804*
M-ALPS03762818
EoP Moderate DmAgent
CVE-2018-9406 A-70726950*
M-ALPS03684231
ID Moderate NlpService
CVE-2018-9407 A-70728406*
M-ALPS03902529
ID Moderate emmc
CVE-2018-9408 A-70729980*
M-ALPS03693684
ID Moderate GPS

Qualcomm components

CVE References Type Severity Component
CVE-2017-15824 A-68163089*
QC-CR#2107596
ID Moderate EDK2 bootloader
CVE-2018-5897 A-70528036*
QC-CR#2172685
ID Moderate diag
CVE-2018-5895 A-70293535*
QC-CR#2161027
ID Moderate qcacld
CVE-2018-5836 A-74237168
QC-CR#2160375
ID Moderate WLAN
CVE-2018-3577 A-72957387
QC-CR#2129566
ID Moderate WLAN
CVE-2017-15824 A-68992463
QC-CR#2107596
ID Moderate bootloader
CVE-2017-14893 A-68992461
QC-CR#2104835
ID Moderate bootloader
CVE-2017-14872 A-68992457
QC-CR#2073366
ID Moderate bootloader
CVE-2018-5893 A-74237664
QC-CR#2146949
EoP Moderate WLAN
CVE-2016-5342, CVE-2016-5080 A-72232294*
QC-CR#1032174
EoP Moderate WLAN Driver
CVE-2018-5899 A-71638332*
QC-CR#1040612
EoP Moderate WLAN Driver
CVE-2018-5890 A-71501675
QC-CR#2127348
EoP Moderate Bootloader
CVE-2018-5889 A-71501674
QC-CR#2127341
EoP Moderate Bootloader
CVE-2018-5888 A-71501672
QC-CR#2127312
EoP Moderate Bootloader
CVE-2018-5887 A-71501669
QC-CR#2127305
EoP Moderate Bootloader
CVE-2018-5898 A-71363804*
QC-CR#2173850
EoP Moderate QC Audio Driver
CVE-2018-5832 A-69065862*
QC-CR#2149998
EoP Moderate Camerav2
CVE-2018-5857 A-62536960*
QC-CR#2169403
EoP Moderate wcd_cpe_core
CVE-2018-3597 A-74237782
QC-CR#2143070
EoP Moderate DSP_Services
CVE-2018-3564 A-72957546
QC-CR#2062648
EoP Moderate DSP_Services
CVE-2017-15856 A-72957506
QC-CR#2111922
EoP Moderate power_stats debugfs node

Qualcomm closed-source components

These vulnerabilities affect Qualcomm components and are described in further detail in the appropriate Qualcomm AMSS security bulletin or security alert. The severity assessment of these issues is provided directly by Qualcomm.

CVE References Type Severity Component
CVE-2017-11088 A-72951251* N/A Moderate Closed-source component
CVE-2017-11076 A-65049457* N/A Moderate Closed-source component

Functional patches

These updates are included for affected Pixel devices to address functionality issues not related to the security of Pixel devices. The table includes associated references; the affected category, such as Bluetooth or mobile data; improvements; and affected devices.

References Category Improvements Devices
A-74413120 Bluetooth Improve BLE performance All
A-76022834 Performance Improve antenna-switching behavior in areas of weak coverage Pixel 2, Pixel 2 XL
A-77963927 Wi-Fi Improve Wi-Fi connectivity with certain Wi-Fi access points Pixel, Pixel XL, Pixel 2, Pixel 2 XL
A-77458860 UI IMEI SV format correctly displays as numeric Pixel, Pixel XL, Pixel 2, Pixel 2 XL
A-68114567
A-74058011
Display Improve consistency of Always On Display Pixel 2 XL
A-70282393 Performance Improve proximity sensor behavior Pixel 2 XL

Common questions and answers

This section answers common questions that may occur after reading this bulletin.

1. How do I determine if my device is updated to address these issues?

Security patch levels of 2018-06-05 or later address all issues associated with the 2018-06-05 security patch level and all previous patch levels. To learn how to check a device's security patch level, read the instructions on the Pixel and Nexus update schedule.

2. What do the entries in the Type column mean?

Entries in the Type column of the vulnerability details table reference the classification of the security vulnerability.

Abbreviation Definition
RCE Remote code execution
EoP Elevation of privilege
ID Information disclosure
DoS Denial of service
N/A Classification not available

3. What do the entries in the References column mean?

Entries under the References column of the vulnerability details table may contain a prefix identifying the organization to which the reference value belongs.

Prefix Reference
A- Android bug ID
QC- Qualcomm reference number
M- MediaTek reference number
N- NVIDIA reference number
B- Broadcom reference number

4. What does a * next to the Android bug ID in the References column mean?

Issues that are not publicly available have a * next to the Android bug ID in the References column. The update for that issue is generally contained in the latest binary drivers for Pixel / Nexus devices available from the Google Developer site.

5. Why are security vulnerabilities split between this bulletin and the Android Security Bulletins?

Security vulnerabilities that are documented in the Android Security Bulletins are required in order to declare the latest security patch level on Android devices. Additional security vulnerabilities, such as those documented in this bulletin are not required for declaring a security patch level.

Versions

Version Date Notes
1.0 June 4, 2018 Bulletin published.
1.1 June 6, 2018 Bulletin revised to include AOSP links.