1 page.title=Android 2016 8 2 @jd:body 3 <!-- 4 Copyright 2016 The Android Open Source Project 5 Licensed under the Apache License, Version 2.0 (the "License"); 6 you may not use this file except in compliance with the License. 7 You may obtain a copy of the License at 8 http://www.apache.org/licenses/LICENSE-2.0 9 Unless required by applicable law or agreed to in writing, software 10 distributed under the License is distributed on an "AS IS" BASIS, 11 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 See the License for the specific language governing permissions and 13 limitations under the License. 14 --> 15 16 <p><em>2016 8 1 | 2016 8 2 </em></p> 17 <p> 18 Android Android 19 . 20 Nexus . 21 Nexus <a href="https://developers.google.com/android/nexus/images">Google </a> 22 . 2016 8 5 23 . 24 <a href="https://support.google.com/nexus/answer/4457705#nexus_devices"></a> . 25 </p> 26 <p> 27 2016 7 6 28 . , Android 29 (AOSP) . 30 AOSP . 31 </p> 32 <p> 33 34 , MMS 35 . 36 </p> 37 <p> 38 39 . SafetyNet Android 40 <a href="{@docRoot}security/enhancements/index.html">Android </a> 41 42 <a href="#mitigations">Android Google </a> . 43 </p> 44 <p> 45 . 46 </p> 47 <h2 id="announcements"></h2> 48 <ul> 49 <li> Android Android 50 51 . <a href="#common-questions-and-answers"> 52 </a> 53 . 54 <ul> 55 <li><strong>2016-08-01</strong>: . 56 2016-08-01 57 .</li> 58 <li><strong>2016-08-05</strong>: . 59 2016-08-01 2016-08-05 60 .</li> 61 </ul> 62 </li> 63 <li> Nexus 2016 8 5 OTA 64 .</li> 65 </ul> 66 67 <h2 id="security-vulnerability-summary"> </h2> 68 <p> 69 , ID(CVE), 70 Nexus 71 . <a href="{@docRoot}security/overview/updates-resources.html#severity"> 72 </a> 73 74 . 75 </p> 76 77 <h3 id="2016-08-01-security-patch-level-vulnerability-summary">2016-08-01 </h3> 78 <p> 79 2016 8 1 . 80 </p> 81 <table> 82 <col width="55%"> 83 <col width="20%"> 84 <col width="13%"> 85 <col width="12%"> 86 <tr> 87 <th></th> 88 <th>CVE</th> 89 <th></th> 90 <th>Nexus </th> 91 </tr> 92 <tr> 93 <td> </td> 94 <td>CVE-2016-3819, CVE-2016-3820, CVE-2016-3821</td> 95 <td></td> 96 <td></td> 97 </tr> 98 <tr> 99 <td>libjhead </td> 100 <td>CVE-2016-3822</td> 101 <td></td> 102 <td></td> 103 </tr> 104 <tr> 105 <td> </td> 106 <td>CVE-2016-3823, CVE-2016-3824, CVE-2016-3825, CVE-2016-3826</td> 107 <td></td> 108 <td></td> 109 </tr> 110 <tr> 111 <td> (DoS) </td> 112 <td>CVE-2016-3827, CVE-2016-3828, CVE-2016-3829, CVE-2016-3830</td> 113 <td></td> 114 <td></td> 115 </tr> 116 <tr> 117 <td> (DoS) </td> 118 <td>CVE-2016-3831</td> 119 <td></td> 120 <td></td> 121 </tr> 122 <tr> 123 <td> API </td> 124 <td>CVE-2016-3832</td> 125 <td></td> 126 <td></td> 127 </tr> 128 <tr> 129 <td>Shell </td> 130 <td>CVE-2016-3833</td> 131 <td></td> 132 <td></td> 133 </tr> 134 <tr> 135 <td>OpenSSL </td> 136 <td>CVE-2016-2842</td> 137 <td></td> 138 <td>*</td> 139 </tr> 140 <tr> 141 <td> API </td> 142 <td>CVE-2016-3834</td> 143 <td></td> 144 <td></td> 145 </tr> 146 <tr> 147 <td> </td> 148 <td>CVE-2016-3835</td> 149 <td></td> 150 <td></td> 151 </tr> 152 <tr> 153 <td>SurfaceFlinger </td> 154 <td>CVE-2016-3836</td> 155 <td></td> 156 <td></td> 157 </tr> 158 <tr> 159 <td>Wi-Fi </td> 160 <td>CVE-2016-3837</td> 161 <td></td> 162 <td></td> 163 </tr> 164 <tr> 165 <td> UI (Dos) </td> 166 <td>CVE-2016-3838</td> 167 <td></td> 168 <td></td> 169 </tr> 170 <tr> 171 <td> (DoS) </td> 172 <td>CVE-2016-3839</td> 173 <td></td> 174 <td></td> 175 </tr> 176 </table> 177 <p>* Nexus 178 .</p> 179 180 <h3 id="2016-08-05-security-patch-level-vulnerability-summary">2016-08-05 </h3> 181 <p> 182 2016-08-01 2016 8 5 183 . 184 </p> 185 <table> 186 <col width="55%"> 187 <col width="20%"> 188 <col width="13%"> 189 <col width="12%"> 190 <tr> 191 <th></th> 192 <th>CVE</th> 193 <th></th> 194 <th>Nexus </th> 195 </tr> 196 <tr> 197 <td>Qualcomm Wi-Fi </td> 198 <td>CVE-2014-9902</td> 199 <td></td> 200 <td></td> 201 </tr> 202 <tr> 203 <td>Conscrypt </td> 204 <td>CVE-2016-3840</td> 205 <td></td> 206 <td></td> 207 </tr> 208 <tr> 209 <td>Qualcomm </td> 210 <td>CVE-2014-9863, CVE-2014-9864, CVE-2014-9865, CVE-2014-9866, 211 CVE-2014-9867, CVE-2014-9868, CVE-2014-9869, CVE-2014-9870, 212 CVE-2014-9871, CVE-2014-9872, CVE-2014-9873, CVE-2014-9874, 213 CVE-2014-9875, CVE-2014-9876, CVE-2014-9877, CVE-2014-9878, 214 CVE-2014-9879, CVE-2014-9880, CVE-2014-9881, CVE-2014-9882, 215 CVE-2014-9883, CVE-2014-9884, CVE-2014-9885, CVE-2014-9886, 216 CVE-2014-9887, CVE-2014-9888, CVE-2014-9889, CVE-2014-9890, 217 CVE-2014-9891, CVE-2015-8937, CVE-2015-8938, CVE-2015-8939, 218 CVE-2015-8940, CVE-2015-8941, CVE-2015-8942, CVE-2015-8943</td> 219 <td></td> 220 <td></td> 221 </tr> 222 <tr> 223 <td> </td> 224 <td>CVE-2015-2686, CVE-2016-3841</td> 225 <td></td> 226 <td></td> 227 </tr> 228 <tr> 229 <td>Qualcomm GPU </td> 230 <td>CVE-2016-2504, CVE-2016-3842</td> 231 <td></td> 232 <td></td> 233 </tr> 234 <tr> 235 <td>Qualcomm </td> 236 <td>CVE-2016-3843</td> 237 <td></td> 238 <td></td> 239 </tr> 240 <tr> 241 <td> </td> 242 <td>CVE-2016-3857</td> 243 <td></td> 244 <td></td> 245 </tr> 246 <tr> 247 <td> </td> 248 <td>CVE-2015-1593, CVE-2016-3672</td> 249 <td></td> 250 <td></td> 251 </tr> 252 <tr> 253 <td> </td> 254 <td>CVE-2016-2544, CVE-2016-2546, CVE-2014-9904</td> 255 <td></td> 256 <td></td> 257 </tr> 258 <tr> 259 <td> </td> 260 <td>CVE-2012-6701</td> 261 <td></td> 262 <td></td> 263 </tr> 264 <tr> 265 <td> </td> 266 <td>CVE-2016-3844</td> 267 <td></td> 268 <td></td> 269 </tr> 270 <tr> 271 <td> </td> 272 <td>CVE-2016-3845</td> 273 <td></td> 274 <td></td> 275 </tr> 276 <tr> 277 <td> </td> 278 <td>CVE-2016-3846</td> 279 <td></td> 280 <td></td> 281 </tr> 282 <tr> 283 <td>NVIDIA </td> 284 <td>CVE-2016-3847, CVE-2016-3848</td> 285 <td></td> 286 <td></td> 287 </tr> 288 <tr> 289 <td>ION </td> 290 <td>CVE-2016-3849</td> 291 <td></td> 292 <td></td> 293 </tr> 294 <tr> 295 <td>Qualcomm </td> 296 <td>CVE-2016-3850</td> 297 <td></td> 298 <td></td> 299 </tr> 300 <tr> 301 <td> </td> 302 <td>CVE-2016-3843</td> 303 <td></td> 304 <td></td> 305 </tr> 306 <tr> 307 <td>LG </td> 308 <td>CVE-2016-3851</td> 309 <td></td> 310 <td></td> 311 </tr> 312 <tr> 313 <td>Qualcomm </td> 314 <td>CVE-2014-9892, CVE-2014-9893 CVE-2014-9894, CVE-2014-9895 CVE-2014-9896, 315 CVE-2014-9897 CVE-2014-9898, CVE-2014-9899 CVE-2014-9900, CVE-2015-8944</td> 316 <td></td> 317 <td></td> 318 </tr> 319 <tr> 320 <td> </td> 321 <td>CVE-2014-9903</td> 322 <td></td> 323 <td></td> 324 </tr> 325 <tr> 326 <td>MediaTek Wi-Fi </td> 327 <td>CVE-2016-3852</td> 328 <td></td> 329 <td></td> 330 </tr> 331 <tr> 332 <td>USB </td> 333 <td>CVE-2016-4482</td> 334 <td></td> 335 <td></td> 336 </tr> 337 <tr> 338 <td>Qualcomm (DoS) </td> 339 <td>CVE-2014-9901</td> 340 <td></td> 341 <td></td> 342 </tr> 343 <tr> 344 <td>Google Play </td> 345 <td>CVE-2016-3853</td> 346 <td></td> 347 <td></td> 348 </tr> 349 <tr> 350 <td> API </td> 351 <td>CVE-2016-2497</td> 352 <td></td> 353 <td></td> 354 </tr> 355 <tr> 356 <td> </td> 357 <td>CVE-2016-4578</td> 358 <td></td> 359 <td></td> 360 </tr> 361 <tr> 362 <td> </td> 363 <td>CVE-2016-4569, CVE-2016-4578</td> 364 <td></td> 365 <td></td> 366 </tr> 367 <tr> 368 <td>Qualcomm </td> 369 <td>CVE-2016-3854, CVE-2016-3855, CVE-2016-2060</td> 370 <td></td> 371 <td></td> 372 </tr> 373 </table> 374 <h2 id="mitigations">Android Google </h2> 375 <p> 376 SafetyNet <a href="{@docRoot}security/enhancements/index.html">Android </a> 377 . 378 Android 379 . 380 </p> 381 <ul> 382 <li>Android Android 383 . Android 384 .</li> 385 <li>Android <a href="http://static.googleusercontent.com/media/source.android.com/en//security/reports/Google_Android_Security_PHA_classifications.pdf"> </a> 386 <a href="http://static.googleusercontent.com/media/source.android.com/en//security/reports/Google_Android_Security_2015_Report_Final.pdf"> SafetyNet</a> 387 . <a href="http://www.android.com/gms">Google </a> 388 389 Google Play . Google Play 390 391 392 . 393 394 . 395 .</li> 396 <li> Google 397 .</li> 398 </ul> 399 <h2 id="acknowledgements"></h2> 400 <p> 401 . 402 </p> 403 <ul> 404 <li>Google Chrome Abhishek Arya, Oliver Chang, Martin Barbella: 405 CVE-2016-3821, CVE-2016-3837</li> 406 <li>Check Point Software Technologies Ltd. Adam Donenfeld : 407 CVE-2016-2504</li> 408 <li><a href="http://c0reteam.org">C0RE</a> Chiachih Wu(<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>), 409 Mingjian Zhou(<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>), 410 Xuxian Jiang: CVE-2016-3844</li> 411 <li><a href="http://c0reteam.org">C0RE </a> Chiachih Wu(<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>), 412 Yuan-Tsung Lo(<a href="mailto:computernik (a] gmail.com">computernik (a] gmail.com)</a>, Xuxian Jiang 413 : CVE-2016-3857</li> 414 <li>Google David Benjamin, Kenny Root: CVE-2016-3840</li> 415 <li><a href="http://jaq.alibaba.com">Alibaba </a> Dawei Peng(<a href="http://weibo.com/u/5622360291">Vinc3nt4H</a>): CVE-2016-3822</li> 416 <li>Tencent KeenLab(<a href="https://twitter.com/keen_lab">@keen_lab</a>) Di Shen(<a href="https://twitter.com/returnsme">@returnsme</a>): CVE-2016-3842</li> 417 <li>Google Dianne Hackborn: CVE-2016-2497</li> 418 <li>Google Dynamic Tools Dmitry Vyukov : CVE-2016-3841</li> 419 <li><a href="http://www.360.com">Qihoo 360 Technology Co. Ltd</a> IceSword Lab Gengjia Chen(<a href="https://twitter.com/chengjia4574">@chengjia4574</a>), 420 pjf (<a href="http://weibo.com/jfpan">weibo.com/jfpan</a>): CVE-2016-3852</li> 421 <li><a href="http://www.360.com">Qihoo 360 Technology Co. Ltd</a>. Alpha Guang Gong ()(<a href="https://twitter.com/oldfresher">@oldfresher</a>) 422 : CVE-2016-3834</li> 423 <li>Fortinet's FortiGuard Labs Kai Lu(<a href="https://twitter.com/K3vinLuSec">@K3vinLuSec</a>) 424 : CVE-2016-3820</li> 425 <li>Kandala Shivaram reddy, DS, Uppi: CVE-2016-3826</li> 426 <li><a href="http://c0reteam.org">C0RE </a> Mingjian Zhou(<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>), Chiachih Wu (<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>), Xuxian Jiang: CVE-2016-3823, CVE-2016-3835, 427 CVE-2016-3824, CVE-2016-3825</li> 428 <li>Tesla Motors Nathan Crandall(<a href="https://twitter.com/natecray">@natecray</a>) 429 : CVE-2016-3847, CVE-2016-3848</li> 430 <li>Alibaba Mobile Security Group Peng Xiao, Chengming Yang, Ning You, Chao Yang, Yang song: CVE-2016-3845</li> 431 <li>Trend Micro Peter Pi(<a href="https://twitter.com/heisecode">@heisecode</a>): 432 CVE-2016-3849</li> 433 <li><a href="http://www.wooyun.org/">WooYun TangLab</a> Qianwei Hu(<a href="mailto:rayxcp (a] gmail.com">rayxcp (a] gmail.com</a>): CVE-2016-3846</li> 434 <li>Tencent KeenLab(<a href="https://twitter.com/keen_lab">@keen_lab</a>) 435 Qidan He(<a href="https://twitter.com/flanker_hqd">@flanker_hqd</a>): 436 CVE-2016-3832</li> 437 <li>Google Sharvil Nanavati: CVE-2016-3839</li> 438 <li><a href="http://www.isti.tu-berlin.de/security_in_telecommunications">Security in Telecommunications</a> 439 Shinjo Park(<a href="https://twitter.com/ad_ili_rai">@ad_ili_rai</a>) 440 Altaf Shaik : CVE-2016-3831</li> 441 <li>Tom Rootjunky: CVE-2016-3853</li> 442 <li>Vasily Vasiliev: CVE-2016-3819</li> 443 <li>Alibaba Inc Weichao Sun(<a href="https://twitter.com/sunblate">@sunblate</a>) 444 : CVE-2016-3827, CVE-2016-3828, CVE-2016-3829</li> 445 <li><a href="http://blog.trendmicro.com/trendlabs-security-intelligence/author/wishwu/">Trend Micro Inc</a> Wish Wu(<a href="http://weibo.com/wishlinux"></a>) 446 (<a href="https://twitter.com/wish_wu">@wish_wu</a>): CVE-2016-3843</li> 447 <li>Tencent's Xuanwu LAB Yongke Wang 448 (<a href="https://twitter.com/rudykewang">@Rudykewang</a>): CVE-2016-3836</li> 449 </ul> 450 <p> 451 CVE-2016-3843 452 Copperhead Security Daniel Micay Google Jeff Vander Stoep, Yabin Cui . 453 Grsecurity Brad Spengler . 454 </p> 455 <h2 id="2016-08-01-security-patch-level-security-vulnerability-details"> 456 2016-08-01 </h2> 457 <p> 458 <a href="#2016-08-01-security-patch-level-vulnerability-summary">2016-08-01 459 </a> 460 . , 461 CVE, , , Nexus , 462 AOSP ( ), . 463 AOSP ID 464 . 465 ID . 466 </p> 467 468 <h3 id="remote-code-execution-vulnerability-in-mediaserver"> 469 </h3> 470 <p> 471 472 473 . 474 . 475 476 . 477 </p> 478 <p> 479 , 480 , MMS 481 . 482 </p> 483 <table> 484 <col width="18%"> 485 <col width="18%"> 486 <col width="10%"> 487 <col width="19%"> 488 <col width="17%"> 489 <col width="17%"> 490 <tr> 491 <th>CVE</th> 492 <th></th> 493 <th></th> 494 <th> Nexus </th> 495 <th> AOSP </th> 496 <th> </th> 497 </tr> 498 <tr> 499 <td>CVE-2016-3819</td> 500 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/590d1729883f700ab905cdc9ad850f3ddd7e1f56"> 501 A-28533562</a></td> 502 <td></td> 503 <td> Nexus</td> 504 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 505 <td>2016 5 2</td> 506 </tr> 507 <tr> 508 <td>CVE-2016-3820</td> 509 <td><a href="https://android.googlesource.com/platform/external/libavc/+/a78887bcffbc2995cf9ed72e0697acf560875e9e"> 510 A-28673410</a></td> 511 <td></td> 512 <td> Nexus</td> 513 <td>6.0, 6.0.1</td> 514 <td>2016 5 6</td> 515 </tr> 516 <tr> 517 <td>CVE-2016-3821</td> 518 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/42a25c46b844518ff0d0b920c20c519e1417be69"> 519 A-28166152</a></td> 520 <td></td> 521 <td> Nexus</td> 522 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 523 <td>Google </td> 524 </tr> 525 </table> 526 527 <h3 id="remote-code-execution-vulnerability-in-libjhead"> 528 libjhead </h3> 529 <p> 530 libjhead 531 532 . 533 . 534 </p> 535 <table> 536 <col width="18%"> 537 <col width="18%"> 538 <col width="10%"> 539 <col width="19%"> 540 <col width="17%"> 541 <col width="17%"> 542 <tr> 543 <th>CVE</th> 544 <th></th> 545 <th></th> 546 <th> Nexus </th> 547 <th> AOSP </th> 548 <th> </th> 549 </tr> 550 <tr> 551 <td>CVE-2016-3822</td> 552 <td><a href="https://android.googlesource.com/platform/external/jhead/+/bae671597d47b9e5955c4cb742e468cebfd7ca6b"> 553 A-28868315</a></td> 554 <td></td> 555 <td> Nexus</td> 556 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 557 <td>Google </td> 558 </tr> 559 </table> 560 561 <h3 id="elevation-of-privilege-vulnerability-in-mediaserver"> 562 </h3> 563 <p> 564 565 566 . 567 568 . 569 </p> 570 <table> 571 <col width="18%"> 572 <col width="18%"> 573 <col width="10%"> 574 <col width="19%"> 575 <col width="17%"> 576 <col width="17%"> 577 <tr> 578 <th>CVE</th> 579 <th></th> 580 <th></th> 581 <th> Nexus </th> 582 <th> AOSP </th> 583 <th> </th> 584 </tr> 585 <tr> 586 <td>CVE-2016-3823</td> 587 <td><a href="https://android.googlesource.com/platform/hardware/qcom/media/+/7558d03e6498e970b761aa44fff6b2c659202d95"> 588 A-28815329</a></td> 589 <td></td> 590 <td> Nexus</td> 591 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 592 <td>2016 5 17</td> 593 </tr> 594 <tr> 595 <td>CVE-2016-3824</td> 596 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/b351eabb428c7ca85a34513c64601f437923d576"> 597 A-28816827</a></td> 598 <td></td> 599 <td> Nexus</td> 600 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 601 <td>2016 5 17</td> 602 </tr> 603 <tr> 604 <td>CVE-2016-3825</td> 605 <td><a href="https://android.googlesource.com/platform/hardware/qcom/media/+/d575ecf607056d8e3328ef2eb56c52e98f81e87d"> 606 A-28816964</a></td> 607 <td></td> 608 <td> Nexus</td> 609 <td>5.0.2, 5.1.1, 6.0, 6.0.1</td> 610 <td>2016 5 17</td> 611 </tr> 612 <tr> 613 <td>CVE-2016-3826</td> 614 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/9cd8c3289c91254b3955bd7347cf605d6fa032c6"> 615 A-29251553</a></td> 616 <td></td> 617 <td> Nexus</td> 618 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 619 <td>2016 6 9</td> 620 </tr> 621 </table> 622 623 <h3 id="denial-of-service-vulnerability-in-mediaserver"> 624 (DoS) </h3> 625 <p> 626 627 . 628 . 629 </p> 630 <table> 631 <col width="18%"> 632 <col width="18%"> 633 <col width="10%"> 634 <col width="19%"> 635 <col width="17%"> 636 <col width="17%"> 637 <tr> 638 <th>CVE</th> 639 <th></th> 640 <th></th> 641 <th> Nexus </th> 642 <th> AOSP </th> 643 <th> </th> 644 </tr> 645 <tr> 646 <td>CVE-2016-3827</td> 647 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/a4567c66f4764442c6cb7b5c1858810194480fb5"> 648 A-28816956</a></td> 649 <td></td> 650 <td> Nexus</td> 651 <td>6.0.1</td> 652 <td>2016 5 16</td> 653 </tr> 654 <tr> 655 <td>CVE-2016-3828</td> 656 <td><a href="https://android.googlesource.com/platform/external/libavc/+/7554755536019e439433c515eeb44e701fb3bfb2"> 657 A-28835995</a></td> 658 <td></td> 659 <td> Nexus</td> 660 <td>6.0, 6.0.1</td> 661 <td>2016 5 17</td> 662 </tr> 663 <tr> 664 <td>CVE-2016-3829</td> 665 <td><a href="https://android.googlesource.com/platform/external/libavc/+/326fe991a4b7971e8aeaf4ac775491dd8abd85bb"> 666 A-29023649</a></td> 667 <td></td> 668 <td> Nexus</td> 669 <td>6.0, 6.0.1</td> 670 <td>2016 5 27</td> 671 </tr> 672 <tr> 673 <td>CVE-2016-3830</td> 674 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/8e438e153f661e9df8db0ac41d587e940352df06"> 675 A-29153599</a></td> 676 <td></td> 677 <td> Nexus</td> 678 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 679 <td>Google </td> 680 </tr> 681 </table> 682 683 <h3 id="denial-of-service-vulnerability-in-system-clock"> 684 (DoS) </h3> 685 <p> 686 687 . 688 . 689 </p> 690 <table> 691 <col width="18%"> 692 <col width="18%"> 693 <col width="10%"> 694 <col width="19%"> 695 <col width="17%"> 696 <col width="17%"> 697 <tr> 698 <th>CVE</th> 699 <th></th> 700 <th></th> 701 <th> Nexus </th> 702 <th> AOSP </th> 703 <th> </th> 704 </tr> 705 <tr> 706 <td>CVE-2016-3831</td> 707 <td><a href="https://android.googlesource.com/platform/frameworks/opt/telephony/+/f47bc301ccbc5e6d8110afab5a1e9bac1d4ef058"> 708 A-29083635</a></td> 709 <td></td> 710 <td> Nexus</td> 711 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 712 <td>2016 5 31</td> 713 </tr> 714 </table> 715 716 <h3 id="elevation-of-privilege-vulnerability-in-framework-apis"> 717 API </h3> 718 <p> 719 API 720 721 . 722 . 723 </p> 724 <table> 725 <col width="18%"> 726 <col width="17%"> 727 <col width="10%"> 728 <col width="19%"> 729 <col width="18%"> 730 <col width="17%"> 731 <tr> 732 <th>CVE</th> 733 <th></th> 734 <th></th> 735 <th> Nexus </th> 736 <th> AOSP </th> 737 <th> </th> 738 </tr> 739 <tr> 740 <td>CVE-2016-3832</td> 741 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/e7cf91a198de995c7440b3b64352effd2e309906"> 742 A-28795098</a></td> 743 <td></td> 744 <td> Nexus</td> 745 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 746 <td>2016 5 15</td> 747 </tr> 748 </table> 749 750 <h3 id="elevation-of-privilege-vulnerability-in-shell"> 751 Shell </h3> 752 <p> 753 Shell 754 . 755 . 756 </p> 757 <table> 758 <col width="18%"> 759 <col width="17%"> 760 <col width="10%"> 761 <col width="19%"> 762 <col width="17%"> 763 <col width="18%"> 764 <tr> 765 <th>CVE</th> 766 <th></th> 767 <th></th> 768 <th> Nexus </th> 769 <th> AOSP </th> 770 <th> </th> 771 </tr> 772 <tr> 773 <td>CVE-2016-3833</td> 774 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/01875b0274e74f97edf6b0d5c92de822e0555d03"> 775 A-29189712</a> 776 [<a href="https://android.googlesource.com/platform/frameworks/base/+/4e4743a354e26467318b437892a9980eb9b8328a">2</a>]</td> 777 <td></td> 778 <td> Nexus</td> 779 <td>5.0.2, 5.1.1, 6.0, 6.0.1</td> 780 <td>Google </td> 781 </tr> 782 </table> 783 784 <h3 id="information-disclosure-vulnerability-in-openssl"> 785 OpenSSL </h3> 786 <p> 787 OpenSSL 788 . 789 790 . 791 </p> 792 <table> 793 <col width="18%"> 794 <col width="18%"> 795 <col width="10%"> 796 <col width="19%"> 797 <col width="17%"> 798 <col width="17%"> 799 <tr> 800 <th>CVE</th> 801 <th></th> 802 <th></th> 803 <th> Nexus </th> 804 <th> AOSP </th> 805 <th> </th> 806 </tr> 807 <tr> 808 <td>CVE-2016-2842</td> 809 <td>A-29060514</td> 810 <td>*</td> 811 <td> Nexus</td> 812 <td>4.4.4, 5.0.2, 5.1.1</td> 813 <td>2016 3 29</td> 814 </tr> 815 </table> 816 <p>* Nexus 817 .</p> 818 819 <h3 id="information-disclosure-vulnerability-in-camera-apis"> 820 API </h3> 821 <p> 822 API 823 . 824 825 . 826 </p> 827 <table> 828 <col width="18%"> 829 <col width="17%"> 830 <col width="10%"> 831 <col width="19%"> 832 <col width="18%"> 833 <col width="17%"> 834 <tr> 835 <th>CVE</th> 836 <th></th> 837 <th></th> 838 <th> Nexus </th> 839 <th> AOSP </th> 840 <th> </th> 841 </tr> 842 <tr> 843 <td>CVE-2016-3834</td> 844 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/1f24c730ab6ca5aff1e3137b340b8aeaeda4bdbc"> 845 A-28466701</a></td> 846 <td></td> 847 <td> Nexus</td> 848 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 849 <td>2016 4 28</td> 850 </tr> 851 </table> 852 853 <h3 id="information-disclosure-vulnerability-in-mediaserver"> 854 </h3> 855 <p> 856 857 . 858 859 . 860 </p> 861 <table> 862 <col width="18%"> 863 <col width="17%"> 864 <col width="10%"> 865 <col width="19%"> 866 <col width="18%"> 867 <col width="17%"> 868 <tr> 869 <th>CVE</th> 870 <th></th> 871 <th></th> 872 <th> Nexus </th> 873 <th> AOSP </th> 874 <th> </th> 875 </tr> 876 <tr> 877 <td>CVE-2016-3835</td> 878 <td><a href="https://android.googlesource.com/platform/hardware/qcom/media/+/7558d03e6498e970b761aa44fff6b2c659202d95"> 879 A-28920116</a></td> 880 <td></td> 881 <td> Nexus</td> 882 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 883 <td>2016 5 23</td> 884 </tr> 885 </table> 886 887 <h3 id="information-disclosure-vulnerability-in-surfaceflinger"> 888 SurfaceFlinger </h3> 889 <p> 890 SurfaceFlinger 891 . 892 . 893 </p> 894 <table> 895 <col width="18%"> 896 <col width="18%"> 897 <col width="10%"> 898 <col width="19%"> 899 <col width="17%"> 900 <col width="17%"> 901 <tr> 902 <th>CVE</th> 903 <th></th> 904 <th></th> 905 <th> Nexus </th> 906 <th> AOSP </th> 907 <th> </th> 908 </tr> 909 <tr> 910 <td>CVE-2016-3836</td> 911 <td><a href="https://android.googlesource.com/platform/frameworks/native/+/3bcf0caa8cca9143443814b36676b3bae33a4368"> 912 A-28592402</a></td> 913 <td></td> 914 <td> Nexus</td> 915 <td>5.0.2, 5.1.1, 6.0, 6.0.1</td> 916 <td>2016 5 4</td> 917 </tr> 918 </table> 919 920 <h3 id="information-disclosure-vulnerability-in-wi-fi"> 921 Wi-Fi </h3> 922 <p> 923 Wi-Fi 924 . 925 . 926 </p> 927 <table> 928 <col width="18%"> 929 <col width="18%"> 930 <col width="10%"> 931 <col width="19%"> 932 <col width="17%"> 933 <col width="17%"> 934 <tr> 935 <th>CVE</th> 936 <th></th> 937 <th></th> 938 <th> Nexus </th> 939 <th> AOSP </th> 940 <th> </th> 941 </tr> 942 <tr> 943 <td>CVE-2016-3837</td> 944 <td><a href="https://android.googlesource.com/platform/frameworks/opt/net/wifi/+/a209ff12ba9617c10550678ff93d01fb72a33399"> 945 A-28164077</a></td> 946 <td></td> 947 <td> Nexus</td> 948 <td>5.0.2, 5.1.1, 6.0, 6.0.1</td> 949 <td>Google </td> 950 </tr> 951 </table> 952 953 <h3 id="denial-of-service-vulnerability-in-system-ui"> 954 UI (Dos) </h3> 955 <p> 956 UI 957 119 . 958 959 . 960 </p> 961 <table> 962 <col width="18%"> 963 <col width="18%"> 964 <col width="10%"> 965 <col width="19%"> 966 <col width="17%"> 967 <col width="17%"> 968 <tr> 969 <th>CVE</th> 970 <th></th> 971 <th></th> 972 <th> Nexus </th> 973 <th> AOSP </th> 974 <th> </th> 975 </tr> 976 <tr> 977 <td>CVE-2016-3838</td> 978 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/468651c86a8adb7aa56c708d2348e99022088af3"> 979 A-28761672</a></td> 980 <td></td> 981 <td> Nexus</td> 982 <td>6.0, 6.0.1</td> 983 <td>Google </td> 984 </tr> 985 </table> 986 987 <h3 id="denial-of-service-vulnerability-in-bluetooth"> 988 (DoS) </h3> 989 <p> 990 991 119 . 992 993 . 994 </p> 995 <table> 996 <col width="18%"> 997 <col width="17%"> 998 <col width="10%"> 999 <col width="19%"> 1000 <col width="18%"> 1001 <col width="17%"> 1002 <tr> 1003 <th>CVE</th> 1004 <th></th> 1005 <th></th> 1006 <th> Nexus </th> 1007 <th> AOSP </th> 1008 <th> </th> 1009 </tr> 1010 <tr> 1011 <td>CVE-2016-3839</td> 1012 <td><a href="https://android.googlesource.com/platform/system/bt/+/472271b153c5dc53c28beac55480a8d8434b2d5c"> 1013 A-28885210</a></td> 1014 <td></td> 1015 <td> Nexus</td> 1016 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 1017 <td>Google </td> 1018 </tr> 1019 </table> 1020 <h2 id="2016-08-05-security-patch-level-vulnerability-details"> 1021 2016-08-05 </h2> 1022 <p> 1023 <a href="#2016-08-05 ">2016-08-05 1024 </a> 1025 . , 1026 CVE, , , Nexus , 1027 AOSP ( ), . 1028 AOSP ID 1029 . 1030 ID . 1031 </p> 1032 1033 <h3 id="remote-code-execution-vulnerability-in-qualcomm-wi-fi-driver"> 1034 Qualcomm Wi-Fi </h3> 1035 <p> 1036 Qualcomm Wi-Fi 1037 . 1038 1039 1040 . 1041 </p> 1042 <table> 1043 <col width="19%"> 1044 <col width="20%"> 1045 <col width="10%"> 1046 <col width="23%"> 1047 <col width="17%"> 1048 <tr> 1049 <th>CVE</th> 1050 <th></th> 1051 <th></th> 1052 <th> Nexus </th> 1053 <th> </th> 1054 </tr> 1055 <tr> 1056 <td>CVE-2014-9902</td> 1057 <td>A-28668638 1058 <p> 1059 <a href="https://us.codeaurora.org/cgit/quic/la//platform/vendor/qcom-opensource/wlan/prima/commit/?id=3b1c44a3a7129dc25abe2c23543f6f66c59e8f50"> 1060 QC-CR#553937</a><br> 1061 <a href="https://us.codeaurora.org/cgit/quic/la//platform/vendor/qcom-opensource/wlan/prima/commit/?id=3b1c44a3a7129dc25abe2c23543f6f66c59e8f50"> 1062 QC-CR#553941</a> 1063 </p> 1064 </td> 1065 <td></td> 1066 <td>Nexus 7(2013)</td> 1067 <td>2014 3 31</td> 1068 </tr> 1069 </table> 1070 1071 <h3 id="remote-code-execution-vulnerability-in-conscrypt">Conscrypt 1072 </h3> 1073 <p> 1074 Conscrypt 1075 . 1076 . 1077 </p> 1078 <table> 1079 <col width="18%"> 1080 <col width="18%"> 1081 <col width="10%"> 1082 <col width="19%"> 1083 <col width="17%"> 1084 <col width="17%"> 1085 <tr> 1086 <th>CVE</th> 1087 <th></th> 1088 <th></th> 1089 <th> Nexus </th> 1090 <th> AOSP </th> 1091 <th> </th> 1092 </tr> 1093 <tr> 1094 <td>CVE-2016-3840</td> 1095 <td><a href="https://android.googlesource.com/platform/external/conscrypt/+/5af5e93463f4333187e7e35f3bd2b846654aa214"> 1096 A-28751153</a></td> 1097 <td></td> 1098 <td> Nexus</td> 1099 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 1100 <td>Google </td> 1101 </tr> 1102 </table> 1103 1104 <h3 id="elevation-of-privilege-vulnerability-in-qualcomm-components"> 1105 Qualcomm </h3> 1106 <p> 1107 , , , , 1108 Qualcomm 1109 . 1110 </p> 1111 <p> 1112 1113 1114 , 1115 . 1116 </p> 1117 <table> 1118 <col width="19%"> 1119 <col width="20%"> 1120 <col width="10%"> 1121 <col width="23%"> 1122 <col width="17%"> 1123 <tr> 1124 <th>CVE</th> 1125 <th></th> 1126 <th></th> 1127 <th> Nexus </th> 1128 <th> </th> 1129 </tr> 1130 <tr> 1131 <td>CVE-2014-9863</td> 1132 <td>A-28768146 1133 <p> 1134 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=75eac48a48562f819f50eeff8369b296d89102d7"> 1135 QC-CR#549470</a> 1136 </p> 1137 </td> 1138 <td></td> 1139 <td>Nexus 5, Nexus 7(2013)</td> 1140 <td>2014 4 30</td> 1141 </tr> 1142 <tr> 1143 <td>CVE-2014-9864</td> 1144 <td>A-28747998 1145 <p> 1146 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=a1124defc680055e2f2a8c8e3da4a94ca2ec842e"> 1147 QC-CR#561841</a> 1148 </p></td> 1149 <td></td> 1150 <td>Nexus 5, Nexus 7(2013)</td> 1151 <td>2014 3 27</td> 1152 </tr> 1153 <tr> 1154 <td>CVE-2014-9865</td> 1155 <td>A-28748271 1156 <p> 1157 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=e65a876a155de945e306f2726f3a557415e6044e"> 1158 QC-CR#550013</a> 1159 </p> 1160 </td> 1161 <td></td> 1162 <td>Nexus 5, Nexus 7(2013)</td> 1163 <td>2014 3 27</td> 1164 </tr> 1165 <tr> 1166 <td>CVE-2014-9866</td> 1167 <td>A-28747684 1168 <p> 1169 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=8e6daae70422ad35146a87700e6634a747d1ff5d"> 1170 QC-CR#511358</a> 1171 </p> 1172 </td> 1173 <td></td> 1174 <td>Nexus 5, Nexus 7(2013)</td> 1175 <td>2014 3 31</td> 1176 </tr> 1177 <tr> 1178 <td>CVE-2014-9867</td> 1179 <td>A-28749629 1180 <p> 1181 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=322c518689a7f820165ca4c5d6b750b02ac34665"> 1182 QC-CR#514702</a> 1183 </p> 1184 </td> 1185 <td></td> 1186 <td>Nexus 5, Nexus 7(2013)</td> 1187 <td>2014 3 31</td> 1188 </tr> 1189 <tr> 1190 <td>CVE-2014-9868</td> 1191 <td>A-28749721 1192 <p> 1193 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=1f274b74c00187ba1c379971503f51944148b22f"> 1194 QC-CR#511976</a> 1195 </p> 1196 </td> 1197 <td></td> 1198 <td>Nexus 5, Nexus 7(2013)</td> 1199 <td>2014 3 31</td> 1200 </tr> 1201 <tr> 1202 <td>CVE-2014-9869</td> 1203 <td>A-28749728 1204 <p> 1205 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=8d1f7531ff379befc129a6447642061e87562bca"> 1206 QC-CR#514711</a> 1207 [<a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=7a26934e4196b4aa61944081989189d59b108768">2</a>] 1208 </p> 1209 </td> 1210 <td></td> 1211 <td>Nexus 5, Nexus 7(2013)</td> 1212 <td>2014 3 31</td> 1213 </tr> 1214 <tr> 1215 <td>CVE-2014-9870</td> 1216 <td>A-28749743 1217 <p> 1218 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm/commit/?id=4f57652fcd2dce7741f1ac6dc0417e2f265cd1de"> 1219 QC-CR#561044</a> 1220 </p> 1221 </td> 1222 <td></td> 1223 <td>Nexus 5, Nexus 7(2013)</td> 1224 <td>2014 3 31</td> 1225 </tr> 1226 <tr> 1227 <td>CVE-2014-9871</td> 1228 <td>A-28749803 1229 <p> 1230 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=f615e40c706708f74cd826d5b19c63025f54c041"> 1231 QC-CR#514717</a> 1232 </p> 1233 </td> 1234 <td></td> 1235 <td>Nexus 5, Nexus 7(2013)</td> 1236 <td>2014 3 31</td> 1237 </tr> 1238 <tr> 1239 <td>CVE-2014-9872</td> 1240 <td>A-28750155 1241 <p> 1242 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=fc787ebd71fa231cc7dd2a0d5f2208da0527096a"> 1243 QC-CR#590721</a> 1244 </p> 1245 </td> 1246 <td></td> 1247 <td>Nexus 5</td> 1248 <td>2014 3 31</td> 1249 </tr> 1250 <tr> 1251 <td>CVE-2014-9873</td> 1252 <td>A-28750726 1253 <p> 1254 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm/commit/?id=ef29ae1d40536fef7fb95e4d5bb5b6b57bdf9420"> 1255 QC-CR#556860</a> 1256 </p> 1257 </td> 1258 <td></td> 1259 <td>Nexus 5, Nexus 7(2013)</td> 1260 <td>2014 3 31</td> 1261 </tr> 1262 <tr> 1263 <td>CVE-2014-9874</td> 1264 <td>A-28751152 1265 <p> 1266 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm/commit/?id=56ff68b1f93eaf22e5e0284648fd862dc08c9236"> 1267 QC-CR#563086</a> 1268 </p> 1269 </td> 1270 <td></td> 1271 <td>Nexus 5, Nexus 5X, Nexus 6P, Nexus 7(2013) </td> 1272 <td>2014 3 31</td> 1273 </tr> 1274 <tr> 1275 <td>CVE-2014-9875</td> 1276 <td>A-28767589 1277 <p> 1278 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=b77c694b88a994d077316c157168c710696f8805"> 1279 QC-CR#483310</a> 1280 </p> 1281 </td> 1282 <td></td> 1283 <td>Nexus 7(2013)</td> 1284 <td>2014 4 30</td> 1285 </tr> 1286 <tr> 1287 <td>CVE-2014-9876</td> 1288 <td>A-28767796 1289 <p> 1290 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=7efd393ca08ac74b2e3d2639b0ad77da139e9139"> 1291 QC-CR#483408</a> 1292 </p> 1293 </td> 1294 <td></td> 1295 <td>Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, Nexus 7(2013)</td> 1296 <td>2014 4 30</td> 1297 </tr> 1298 <tr> 1299 <td>CVE-2014-9877</td> 1300 <td>A-28768281 1301 <p> 1302 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=f0c0112a6189747a3f24f20210157f9974477e03"> 1303 QC-CR#547231</a> 1304 </p> 1305 </td> 1306 <td></td> 1307 <td>Nexus 5, Nexus 7(2013)</td> 1308 <td>2014 4 30</td> 1309 </tr> 1310 <tr> 1311 <td>CVE-2014-9878</td> 1312 <td>A-28769208 1313 <p> 1314 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=96a62c1de93a44e6ca69514411baf4b3d67f6dee"> 1315 QC-CR#547479</a> 1316 </p> 1317 </td> 1318 <td></td> 1319 <td>Nexus 5</td> 1320 <td>2014 4 30</td> 1321 </tr> 1322 <tr> 1323 <td>CVE-2014-9879</td> 1324 <td>A-28769221 1325 <p> 1326 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=ecc8116e1befb3a764109f47ba0389434ddabbe4"> 1327 QC-CR#524490</a> 1328 </p> 1329 </td> 1330 <td></td> 1331 <td>Nexus 5</td> 1332 <td>2014 4 30</td> 1333 </tr> 1334 <tr> 1335 <td>CVE-2014-9880</td> 1336 <td>A-28769352 1337 <p> 1338 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=f2a3f5e63e15e97a66e8f5a300457378bcb89d9c"> 1339 QC-CR#556356</a> 1340 </p> 1341 </td> 1342 <td></td> 1343 <td>Nexus 7(2013)</td> 1344 <td>2014 4 30</td> 1345 </tr> 1346 <tr> 1347 <td>CVE-2014-9881</td> 1348 <td>A-28769368 1349 <p> 1350 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=ba3f404a10b3bb7e9c20440837df3cd35c5d0c4b"> 1351 QC-CR#539008</a> 1352 </p> 1353 </td> 1354 <td></td> 1355 <td>Nexus 7(2013)</td> 1356 <td>2014 4 30</td> 1357 </tr> 1358 <tr> 1359 <td>CVE-2014-9882</td> 1360 <td>A-28769546 1361 <p> 1362 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=3a4ebaac557a9e3fbcbab4561650abac8298a4d9"> 1363 QC-CR#552329</a> 1364 [<a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=0f6afe815b1b3f920f3502be654c848bdfe5ef38">2</a>]</p> 1365 </td> 1366 <td></td> 1367 <td>Nexus 7(2013)</td> 1368 <td>2014 4 30</td> 1369 </tr> 1370 <tr> 1371 <td>CVE-2014-9883</td> 1372 <td>A-28769912 1373 <p> 1374 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=cbf79a67348e48557c0d0bb9bc58391b3f84bc46"> 1375 QC-CR#565160</a> 1376 </p> 1377 </td> 1378 <td></td> 1379 <td>Nexus 5, Nexus 7(2013)</td> 1380 <td>2014 4 30</td> 1381 </tr> 1382 <tr> 1383 <td>CVE-2014-9884</td> 1384 <td>A-28769920 1385 <p> 1386 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=f4948193c46f75e16d4382c4472485ab12b7bd17"> 1387 QC-CR#580740</a> 1388 </p> 1389 </td> 1390 <td></td> 1391 <td>Nexus 5, Nexus 7(2013)</td> 1392 <td>2014 4 30</td> 1393 </tr> 1394 <tr> 1395 <td>CVE-2014-9885</td> 1396 <td>A-28769959 1397 <p> 1398 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=a1d5a4cbd5aa8656bc23b40c7cc43941e10f89c3"> 1399 QC-CR#562261</a> 1400 </p> 1401 </td> 1402 <td></td> 1403 <td>Nexus 5</td> 1404 <td>2014 4 30</td> 1405 </tr> 1406 <tr> 1407 <td>CVE-2014-9886</td> 1408 <td>A-28815575 1409 <p> 1410 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=80be0e249c906704085d13d4ae446f73913fc225"> 1411 QC-CR#555030</a> 1412 </p> 1413 </td> 1414 <td></td> 1415 <td>Nexus 5, Nexus 7(2013)</td> 1416 <td>2014 4 30</td> 1417 </tr> 1418 <tr> 1419 <td>CVE-2014-9887</td> 1420 <td>A-28804057 1421 <p> 1422 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm-3.10/commit/?id=b1bc773cf61265e0e3871b2e52bd6b3270ffc6c3"> 1423 QC-CR#636633</a> 1424 </p> 1425 </td> 1426 <td></td> 1427 <td>Nexus 5, Nexus 7(2013)</td> 1428 <td>2014 7 3</td> 1429 </tr> 1430 <tr> 1431 <td>CVE-2014-9888</td> 1432 <td>A-28803642 1433 <p> 1434 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=f044936caab337a4384fbfe64a4cbae33c7e22a1"> 1435 QC-CR#642735</a> 1436 </p> 1437 </td> 1438 <td></td> 1439 <td>Nexus 5, Nexus 7(2013)</td> 1440 <td>2014 8 29</td> 1441 </tr> 1442 <tr> 1443 <td>CVE-2014-9889</td> 1444 <td>A-28803645 1445 <p> 1446 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit?id=f4e2f2d4ef58c88340774099dff3324ec8baa24a"> 1447 QC-CR#674712</a> 1448 </p></td> 1449 <td></td> 1450 <td>Nexus 5</td> 1451 <td>2014 10 31</td> 1452 </tr> 1453 <tr> 1454 <td>CVE-2015-8937</td> 1455 <td>A-28803962 1456 <p> 1457 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm-3.10/commit/?id=c66202b9288cc4ab1c38f7c928fa1005c285c170"> 1458 QC-CR#770548</a> 1459 </p> 1460 </td> 1461 <td></td> 1462 <td>Nexus 5, Nexus 6, Nexus 7(2013)</td> 1463 <td>2015 3 31</td> 1464 </tr> 1465 <tr> 1466 <td>CVE-2015-8938</td> 1467 <td>A-28804030 1468 <p> 1469 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm-3.10/commit/?id=51c39420e3a49d1a7f05a77c64369b7623088238"> 1470 QC-CR#766022</a></p></td> 1471 <td></td> 1472 <td>Nexus 6</td> 1473 <td>2015 3 31</td> 1474 </tr> 1475 <tr> 1476 <td>CVE-2015-8939</td> 1477 <td>A-28398884 1478 <p> 1479 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=884cff808385788fa620833c7e2160a4b98a21da"> 1480 QC-CR#779021</a></p></td> 1481 <td></td> 1482 <td>Nexus 7(2013)</td> 1483 <td>2015 4 30</td> 1484 </tr> 1485 <tr> 1486 <td>CVE-2015-8940</td> 1487 <td>A-28813987 1488 <p> 1489 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm-3.10/commit/?id=e13ebd727d161db7003be6756e61283dce85fa3b"> 1490 QC-CR#792367</a></p></td> 1491 <td></td> 1492 <td>Nexus 6</td> 1493 <td>2015 4 30</td> 1494 </tr> 1495 <tr> 1496 <td>CVE-2015-8941</td> 1497 <td>A-28814502 1498 <p> 1499 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm-3.10/commit/?id=d4d4d1dd626b21e68e78395bab3382c1eb04877f"> 1500 QC-CR#792473</a></p></td> 1501 <td></td> 1502 <td>Nexus 6, Nexus 7(2013)</td> 1503 <td>2015 5 29</td> 1504 </tr> 1505 <tr> 1506 <td>CVE-2015-8942</td> 1507 <td>A-28814652 1508 <p> 1509 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm-3.10/commit/?id=9ec380c06bbd79493828fcc3c876d8a53fd3369f"> 1510 QC-CR#803246</a></p></td> 1511 <td></td> 1512 <td>Nexus 6</td> 1513 <td>2015 6 30</td> 1514 </tr> 1515 <tr> 1516 <td>CVE-2015-8943</td> 1517 <td>A-28815158 1518 <p> 1519 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm/commit/?id=ad376e4053b87bd58f62f45b6df2c5544bc21aee"> 1520 QC-CR#794217</a></p> 1521 <p> 1522 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm/commit/?id=ad376e4053b87bd58f62f45b6df2c5544bc21aee"> 1523 QC-CR#836226</a></p></td> 1524 <td></td> 1525 <td>Nexus 5</td> 1526 <td>2015 9 11</td> 1527 </tr> 1528 <tr> 1529 <td>CVE-2014-9891</td> 1530 <td>A-28749283 1531 <p> 1532 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=c10f03f191307f7114af89933f2d91b830150094"> 1533 QC-CR#550061</a></p></td> 1534 <td></td> 1535 <td>Nexus 5</td> 1536 <td>2014 3 13</td> 1537 </tr> 1538 <tr> 1539 <td>CVE-2014-9890</td> 1540 <td>A-28770207 1541 <p> 1542 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm-3.10/commit/?id=14e0c8614d2715589583d8a95e33c422d110eb6f"> 1543 QC-CR#529177</a></p></td> 1544 <td></td> 1545 <td>Nexus 5, Nexus 7(2013)</td> 1546 <td>2014 6 2</td> 1547 </tr> 1548 </table> 1549 1550 <h3 id="elevation-of-privilege-vulnerability-in-kernel-networking-component"> 1551 </h3> 1552 <p> 1553 1554 1555 . 1556 , 1557 . 1558 </p> 1559 <table> 1560 <col width="19%"> 1561 <col width="20%"> 1562 <col width="10%"> 1563 <col width="23%"> 1564 <col width="17%"> 1565 <tr> 1566 <th>CVE</th> 1567 <th></th> 1568 <th></th> 1569 <th> Nexus </th> 1570 <th> </th> 1571 </tr> 1572 <tr> 1573 <td>CVE-2015-2686</td> 1574 <td>A-28759139 1575 <p> 1576 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4de930efc23b92ddf88ce91c405ee645fe6e27ea"> 1577 </a></p></td> 1578 <td></td> 1579 <td> Nexus</td> 1580 <td>2015 3 23</td> 1581 </tr> 1582 <tr> 1583 <td>CVE-2016-3841</td> 1584 <td>A-28746669 1585 <p> 1586 <a href="https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=45f6fad84cc305103b28d73482b344d7f5b76f39"> 1587 </a></p></td> 1588 <td></td> 1589 <td> Nexus</td> 1590 <td>2015 12 3</td> 1591 </tr> 1592 </table> 1593 1594 <h3 id="elevation-of-privilege-vulnerability-in-qualcomm-gpu-driver"> 1595 Qualcomm GPU </h3> 1596 <p> 1597 Qualcomm GPU 1598 1599 . 1600 , 1601 . 1602 </p> 1603 <table> 1604 <col width="19%"> 1605 <col width="20%"> 1606 <col width="10%"> 1607 <col width="23%"> 1608 <col width="17%"> 1609 <tr> 1610 <th>CVE</th> 1611 <th></th> 1612 <th></th> 1613 <th> Nexus </th> 1614 <th> </th> 1615 </tr> 1616 <tr> 1617 <td>CVE-2016-2504</td> 1618 <td>A-28026365 1619 <p>QC-CR#1002974</p></td> 1620 <td></td> 1621 <td>Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, Nexus 7(2013)</td> 1622 <td>2016 4 5</td> 1623 </tr> 1624 <tr> 1625 <td>CVE-2016-3842</td> 1626 <td>A-28377352 1627 <p> 1628 QC-CR#1002974</p></td> 1629 <td></td> 1630 <td>Nexus 5X, Nexus 6, Nexus 6P</td> 1631 <td>2016 4 25</td> 1632 </tr> 1633 </table> 1634 <p> 1635 * . 1636 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1637 . 1638 </p> 1639 1640 1641 <h3 id="elevation-of-privilege-vulnerability-in-qualcomm-performance-component"> 1642 Qualcomm </h3> 1643 <p> 1644 Qualcomm 1645 1646 . 1647 , 1648 . 1649 </p> 1650 <p class="note"> 1651 <strong>:</strong> A-29119870 1652 . 1653 </p> 1654 <table> 1655 <col width="19%"> 1656 <col width="20%"> 1657 <col width="10%"> 1658 <col width="23%"> 1659 <col width="17%"> 1660 <tr> 1661 <th>CVE</th> 1662 <th></th> 1663 <th></th> 1664 <th> Nexus </th> 1665 <th> </th> 1666 </tr> 1667 <tr> 1668 <td>CVE-2016-3843</td> 1669 <td>A-28086229* 1670 <p> 1671 QC-CR#1011071</p></td> 1672 <td></td> 1673 <td>Nexus 5X, Nexus 6P</td> 1674 <td>2016 4 7</td> 1675 </tr> 1676 </table> 1677 <p> 1678 * . 1679 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1680 . 1681 </p> 1682 1683 <h3 id="elevation-of-privilege-vulnerability-in-kernel"> 1684 </h3> 1685 <p> 1686 1687 1688 . 1689 , 1690 . 1691 </p> 1692 <table> 1693 <col width="19%"> 1694 <col width="20%"> 1695 <col width="10%"> 1696 <col width="23%"> 1697 <col width="17%"> 1698 <tr> 1699 <th>CVE</th> 1700 <th></th> 1701 <th></th> 1702 <th> Nexus </th> 1703 <th> </th> 1704 </tr> 1705 <tr> 1706 <td>CVE-2016-3857</td> 1707 <td>A-28522518*</td> 1708 <td></td> 1709 <td>Nexus 7(2013)</td> 1710 <td>2016 5 2</td> 1711 </tr> 1712 </table> 1713 <p> 1714 * . 1715 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1716 . 1717 </p> 1718 1719 <h3 id="elevation-of-privilege-vulnerability-in-kernel-memory-system"> 1720 </h3> 1721 <p> 1722 1723 1724 . 1725 . 1726 </p> 1727 <table> 1728 <col width="19%"> 1729 <col width="20%"> 1730 <col width="10%"> 1731 <col width="23%"> 1732 <col width="17%"> 1733 <tr> 1734 <th>CVE</th> 1735 <th></th> 1736 <th></th> 1737 <th> Nexus </th> 1738 <th> </th> 1739 </tr> 1740 <tr> 1741 <td>CVE-2015-1593</td> 1742 <td>A-29577822 1743 <p> 1744 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4e7c22d447bb6d7e37bfe39ff658486ae78e8d77"> 1745 </a></p></td> 1746 <td></td> 1747 <td>Nexus Player</td> 1748 <td>2015 2 13</td> 1749 </tr> 1750 <tr> 1751 <td>CVE-2016-3672</td> 1752 <td>A-28763575 1753 <p> 1754 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8b8addf891de8a00e4d39fc32f93f7c5eb8feceb"> 1755 </a></p></td> 1756 <td></td> 1757 <td>Nexus Player</td> 1758 <td>2016 3 25</td> 1759 </tr> 1760 </table> 1761 1762 <h3 id="elevation-of-privilege-vulnerability-in-kernel-sound-component"> 1763 </h3> 1764 <p> 1765 1766 1767 . 1768 . 1769 </p> 1770 <table> 1771 <col width="19%"> 1772 <col width="20%"> 1773 <col width="10%"> 1774 <col width="23%"> 1775 <col width="17%"> 1776 <tr> 1777 <th>CVE</th> 1778 <th></th> 1779 <th></th> 1780 <th> Nexus </th> 1781 <th> </th> 1782 </tr> 1783 <tr> 1784 <td>CVE-2016-2544</td> 1785 <td>A-28695438 1786 <p> 1787 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3567eb6af614dac436c4b16a8d426f9faed639b3"> 1788 </a></p></td> 1789 <td></td> 1790 <td> Nexus</td> 1791 <td>2016 1 19</td> 1792 </tr> 1793 <tr> 1794 <td>CVE-2016-2546</td> 1795 <td>A-28694392 1796 <p> 1797 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=af368027a49a751d6ff4ee9e3f9961f35bb4fede"> 1798 </a></p></td> 1799 <td></td> 1800 <td>Pixel C</td> 1801 <td>2016 1 19</td> 1802 </tr> 1803 <tr> 1804 <td>CVE-2014-9904</td> 1805 <td>A-28592007 1806 <p> 1807 <a href="https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6217e5ede23285ddfee10d2e4ba0cc2d4c046205"> 1808 </a></p></td> 1809 <td></td> 1810 <td>Nexus 5X, Nexus 6, Nexus 6P, Nexus 9, Nexus Player</td> 1811 <td>2016 5 4</td> 1812 </tr> 1813 </table> 1814 1815 <h3 id="elevation-of-privilege-vulnerability-in-kernel-file-system"> 1816 </h3> 1817 <p> 1818 1819 1820 . 1821 . 1822 </p> 1823 <table> 1824 <col width="19%"> 1825 <col width="20%"> 1826 <col width="10%"> 1827 <col width="23%"> 1828 <col width="17%"> 1829 <tr> 1830 <th>CVE</th> 1831 <th></th> 1832 <th></th> 1833 <th> Nexus </th> 1834 <th> </th> 1835 </tr> 1836 <tr> 1837 <td>CVE-2012-6701</td> 1838 <td>A-28939037 1839 <p> 1840 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a70b52ec1aaeaf60f4739edb1b422827cb6f3893"> 1841 </a></p></td> 1842 <td></td> 1843 <td>Nexus 5, Nexus 7(2013)</td> 1844 <td>2016 3 2</td> 1845 </tr> 1846 </table> 1847 1848 <h3 id="elevation-of-privilege-vulnerability-in-mediaserver"> 1849 </h3> 1850 <p> 1851 1852 1853 . 1854 . 1855 </p> 1856 <table> 1857 <col width="19%"> 1858 <col width="20%"> 1859 <col width="10%"> 1860 <col width="23%"> 1861 <col width="17%"> 1862 <tr> 1863 <th>CVE</th> 1864 <th></th> 1865 <th></th> 1866 <th> Nexus </th> 1867 <th> </th> 1868 </tr> 1869 <tr> 1870 <td>CVE-2016-3844</td> 1871 <td>A-28299517* 1872 <p> 1873 N-CVE-2016-3844</p></td> 1874 <td></td> 1875 <td>Nexus 9, Pixel C</td> 1876 <td>2016 4 19</td> 1877 </tr> 1878 </table> 1879 <p> 1880 * . 1881 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1882 . 1883 </p> 1884 1885 <h3> </h3> 1886 <p> 1887 1888 1889 . 1890 . 1891 </p> 1892 <table> 1893 <col width="19%"> 1894 <col width="20%"> 1895 <col width="10%"> 1896 <col width="23%"> 1897 <col width="17%"> 1898 <tr> 1899 <th>CVE</th> 1900 <th></th> 1901 <th></th> 1902 <th> Nexus </th> 1903 <th> </th> 1904 </tr> 1905 <tr> 1906 <td>CVE-2016-3845</td> 1907 <td>A-28399876*</td> 1908 <td></td> 1909 <td>Nexus 5</td> 1910 <td>2016 4 20</td> 1911 </tr> 1912 </table> 1913 <p> 1914 * . 1915 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1916 . 1917 </p> 1918 1919 <h3 id="elevation-of-privilege-vulnerability-in-serial-peripheral-interface-driver"> 1920 </h3> 1921 <p> 1922 1923 1924 . 1925 . 1926 </p> 1927 <table> 1928 <col width="19%"> 1929 <col width="20%"> 1930 <col width="10%"> 1931 <col width="23%"> 1932 <col width="17%"> 1933 <tr> 1934 <th>CVE</th> 1935 <th></th> 1936 <th></th> 1937 <th> Nexus </th> 1938 <th> </th> 1939 </tr> 1940 <tr> 1941 <td>CVE-2016-3846</td> 1942 <td>A-28817378*</td> 1943 <td></td> 1944 <td>Nexus 5X, Nexus 6P</td> 1945 <td>2016 5 17</td> 1946 </tr> 1947 </table> 1948 <p> 1949 * . 1950 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1951 . 1952 </p> 1953 1954 <h3 id="elevation-of-privilege-vulnerability-in-nvidia-media-driver"> 1955 NVIDIA </h3> 1956 <p> 1957 NVIDIA 1958 1959 . 1960 . 1961 </p> 1962 <table> 1963 <col width="19%"> 1964 <col width="20%"> 1965 <col width="10%"> 1966 <col width="23%"> 1967 <col width="17%"> 1968 <tr> 1969 <th>CVE</th> 1970 <th></th> 1971 <th></th> 1972 <th> Nexus </th> 1973 <th> </th> 1974 </tr> 1975 <tr> 1976 <td>CVE-2016-3847</td> 1977 <td>A-28871433* 1978 <p> 1979 N-CVE-2016-3847</p></td> 1980 <td></td> 1981 <td>Nexus 9</td> 1982 <td>2016 5 19</td> 1983 </tr> 1984 <tr> 1985 <td>CVE-2016-3848</td> 1986 <td>A-28919417* 1987 <p> 1988 N-CVE-2016-3848</p></td> 1989 <td></td> 1990 <td>Nexus 9</td> 1991 <td>2016 5 19</td> 1992 </tr> 1993 </table> 1994 <p> 1995 * . 1996 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1997 . 1998 </p> 1999 2000 <h3 id="elevation-of-privilege-vulnerability-in-ion-driver"> 2001 ION </h3> 2002 <p> 2003 ION 2004 2005 . 2006 . 2007 </p> 2008 <table> 2009 <col width="19%"> 2010 <col width="20%"> 2011 <col width="10%"> 2012 <col width="23%"> 2013 <col width="17%"> 2014 <tr> 2015 <th>CVE</th> 2016 <th></th> 2017 <th></th> 2018 <th> Nexus </th> 2019 <th> </th> 2020 </tr> 2021 <tr> 2022 <td>CVE-2016-3849</td> 2023 <td>A-28939740</td> 2024 <td></td> 2025 <td>Pixel C</td> 2026 <td>2016 5 24</td> 2027 </tr> 2028 </table> 2029 <p> 2030 * . 2031 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 2032 . 2033 </p> 2034 2035 <h3 id="elevation-of-privilege-vulnerability-in-qualcomm-bootloader">Qualcomm </h3> 2036 <p> 2037 Qualcomm 2038 2039 . 2040 . 2041 </p> 2042 <table> 2043 <col width="19%"> 2044 <col width="20%"> 2045 <col width="10%"> 2046 <col width="26%"> 2047 <col width="17%"> 2048 <tr> 2049 <th>CVE</th> 2050 <th></th> 2051 <th></th> 2052 <th> Nexus </th> 2053 <th> </th> 2054 </tr> 2055 <tr> 2056 <td>CVE-2016-3850</td> 2057 <td>A-27917291 2058 <p> 2059 <a href="https://source.codeaurora.org/quic/la/kernel/lk/commit/?id=030371d45a9dcda4d0cc3c76647e753a1cc1b782"> 2060 QC-CR#945164</a></p></td> 2061 <td></td> 2062 <td>Nexus 5, Nexus 5X, Nexus 6P, Nexus 7(2013) </td> 2063 <td>2016 3 28</td> 2064 </tr> 2065 </table> 2066 2067 <h3 id="elevation-of-privilege-vulnerability-in-kernel-performance"> 2068 </h3> 2069 <p> 2070 2071 . 2072 . 2073 </p> 2074 <p class="note"> 2075 <strong>:</strong> CVE-2016-3843(A-28086229) 2076 . 2077 </p> 2078 <table> 2079 <col width="18%"> 2080 <col width="18%"> 2081 <col width="10%"> 2082 <col width="19%"> 2083 <col width="17%"> 2084 <col width="17%"> 2085 <tr> 2086 <th>CVE</th> 2087 <th></th> 2088 <th></th> 2089 <th> Nexus </th> 2090 <th> AOSP </th> 2091 <th> </th> 2092 </tr> 2093 <tr> 2094 <td>CVE-2016-3843</td> 2095 <td>A-29119870*</td> 2096 <td></td> 2097 <td> Nexus</td> 2098 <td>6.0, 6.1</td> 2099 <td>Google </td> 2100 </tr> 2101 </table> 2102 <p> 2103 * . 2104 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 2105 . 2106 </p> 2107 2108 <h3 id="elevation-of-privilege-vulnerability-in-lg-electronics-bootloader"> 2109 LG </h3> 2110 <p> 2111 LG 2112 2113 . 2114 2115 2116 . 2117 </p> 2118 <table> 2119 <col width="19%"> 2120 <col width="20%"> 2121 <col width="10%"> 2122 <col width="23%"> 2123 <col width="17%"> 2124 <tr> 2125 <th>CVE</th> 2126 <th></th> 2127 <th></th> 2128 <th> Nexus </th> 2129 <th> </th> 2130 </tr> 2131 <tr> 2132 <td>CVE-2016-3851</td> 2133 <td>A-29189941*</td> 2134 <td></td> 2135 <td>Nexus 5X</td> 2136 <td>Google </td> 2137 </tr> 2138 </table> 2139 <p> 2140 * . 2141 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 2142 . 2143 </p> 2144 2145 <h3 id="information-disclosure-vulnerability-in-qualcomm-components"> 2146 Qualcomm </h3> 2147 <p> 2148 , , , , 2149 Qualcomm 2150 . 2151 </p> 2152 <p> 2153 2154 2155 . 2156 </p> 2157 <table> 2158 <col width="19%"> 2159 <col width="20%"> 2160 <col width="10%"> 2161 <col width="23%"> 2162 <col width="17%"> 2163 <tr> 2164 <th>CVE</th> 2165 <th></th> 2166 <th></th> 2167 <th> Nexus </th> 2168 <th> </th> 2169 </tr> 2170 <tr> 2171 <td>CVE-2014-9892</td> 2172 <td>A-28770164 2173 <p> 2174 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm-3.10/commit/?id=591b1f455c32206704cbcf426bb30911c260c33e"> 2175 QC-CR#568717</a></p></td> 2176 <td></td> 2177 <td>Nexus 5, Nexus 7(2013)</td> 2178 <td>2014 6 2</td> 2179 </tr> 2180 <tr> 2181 <td>CVE-2015-8944</td> 2182 <td>A-28814213 2183 <p> 2184 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm-3.10/commit/?id=e758417e7c31b975c862aa55d0ceef28f3cc9104"> 2185 QC-CR#786116</a></p></td> 2186 <td></td> 2187 <td>Nexus 6, Nexus 7(2013)</td> 2188 <td>2015 4 30</td> 2189 </tr> 2190 <tr> 2191 <td>CVE-2014-9893</td> 2192 <td>A-28747914 2193 <p> 2194 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=bfc6eee5e30a0c20bc37495233506f4f0cc4991d"> 2195 QC-CR#542223</a></p></td> 2196 <td></td> 2197 <td>Nexus 5</td> 2198 <td>2014 3 27</td> 2199 </tr> 2200 <tr> 2201 <td>CVE-2014-9894</td> 2202 <td>A-28749708 2203 <p> 2204 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=83214431cd02674c70402b160b16b7427e28737f"> 2205 QC-CR#545736</a></p></td> 2206 <td></td> 2207 <td>Nexus 7(2013)</td> 2208 <td>2014 3 31</td> 2209 </tr> 2210 <tr> 2211 <td>CVE-2014-9895</td> 2212 <td>A-28750150 2213 <p> 2214 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm/commit/?id=cc4b26575602e492efd986e9a6ffc4278cee53b5"> 2215 QC-CR#570757</a></p></td> 2216 <td></td> 2217 <td>Nexus 5, Nexus 7(2013)</td> 2218 <td>2014 3 31</td> 2219 </tr> 2220 <tr> 2221 <td>CVE-2014-9896</td> 2222 <td>A-28767593 2223 <p> 2224 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=89f2bcf1ac860b0b380e579e9a8764013f263a7d"> 2225 QC-CR#551795</a></p></td> 2226 <td></td> 2227 <td>Nexus 5, Nexus 7(2013)</td> 2228 <td>2014 4 30</td> 2229 </tr> 2230 <tr> 2231 <td>CVE-2014-9897</td> 2232 <td>A-28769856 2233 <p> 2234 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=46135d80765cb70a914f02a6e7b6abe64679ec86"> 2235 QC-CR#563752</a></p></td> 2236 <td></td> 2237 <td>Nexus 5</td> 2238 <td>2014 4 30</td> 2239 </tr> 2240 <tr> 2241 <td>CVE-2014-9898</td> 2242 <td>A-28814690 2243 <p> 2244 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=80be0e249c906704085d13d4ae446f73913fc225"> 2245 QC-CR#554575</a></p></td> 2246 <td></td> 2247 <td>Nexus 5, Nexus 7(2013)</td> 2248 <td>2014 4 30</td> 2249 </tr> 2250 <tr> 2251 <td>CVE-2014-9899</td> 2252 <td>A-28803909 2253 <p> 2254 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm-3.10/commit/?id=8756624acb1e090b45baf07b2a8d0ebde114000e"> 2255 QC-CR#547910</a></p></td> 2256 <td></td> 2257 <td>Nexus 5</td> 2258 <td>2014 7 3</td> 2259 </tr> 2260 <tr> 2261 <td>CVE-2014-9900</td> 2262 <td>A-28803952 2263 <p> 2264 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm-3.10/commit/?id=63c317dbee97983004dffdd9f742a20d17150071"> 2265 QC-CR#570754</a></p></td> 2266 <td></td> 2267 <td>Nexus 5, Nexus 7(2013)</td> 2268 <td>2014 8 8</td> 2269 </tr> 2270 </table> 2271 2272 <h3 id="information-disclosure-vulnerability-in-kernel-scheduler"> 2273 </h3> 2274 <p> 2275 2276 . 2277 2278 . 2279 </p> 2280 <table> 2281 <col width="19%"> 2282 <col width="20%"> 2283 <col width="10%"> 2284 <col width="23%"> 2285 <col width="17%"> 2286 <tr> 2287 <th>CVE</th> 2288 <th></th> 2289 <th></th> 2290 <th> Nexus </th> 2291 <th> </th> 2292 </tr> 2293 <tr> 2294 <td>CVE-2014-9903</td> 2295 <td>A-28731691 2296 <p> 2297 <a href="https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4efbc454ba68def5ef285b26ebfcfdb605b52755"> 2298 </a></p></td> 2299 <td></td> 2300 <td>Nexus 5X, Nexus 6P</td> 2301 <td>2014 2 21</td> 2302 </tr> 2303 </table> 2304 2305 <h3 id="information-disclosure-vulnerability-in-mediatek-wi-fi-driver-device-specific"> 2306 MediaTek Wi-Fi ( )</h3> 2307 <p> 2308 MediaTek Wi-Fi 2309 2310 . 2311 . 2312 </p> 2313 <table> 2314 <col width="19%"> 2315 <col width="20%"> 2316 <col width="10%"> 2317 <col width="23%"> 2318 <col width="17%"> 2319 <tr> 2320 <th>CVE</th> 2321 <th></th> 2322 <th></th> 2323 <th> Nexus </th> 2324 <th> </th> 2325 </tr> 2326 <tr> 2327 <td>CVE-2016-3852</td> 2328 <td>A-29141147* 2329 <p> 2330 M-ALPS02751738</p></td> 2331 <td></td> 2332 <td>Android One</td> 2333 <td>2016 4 12</td> 2334 </tr> 2335 </table> 2336 <p> 2337 * . 2338 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 2339 . 2340 </p> 2341 2342 <h3 id="information-disclosure-vulnerability-in-usb-driver">USB </h3> 2343 <p> 2344 USB 2345 . 2346 2347 . 2348 </p> 2349 <table> 2350 <col width="19%"> 2351 <col width="20%"> 2352 <col width="10%"> 2353 <col width="23%"> 2354 <col width="17%"> 2355 <tr> 2356 <th>CVE</th> 2357 <th></th> 2358 <th></th> 2359 <th> Nexus </th> 2360 <th> </th> 2361 </tr> 2362 <tr> 2363 <td>CVE-2016-4482</td> 2364 <td>A-28619695 2365 <p> 2366 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=681fef8380eb818c0b845fca5d2ab1dcbab114ee"> 2367 </a></p></td> 2368 <td></td> 2369 <td> Nexus</td> 2370 <td>2016 5 3</td> 2371 </tr> 2372 </table> 2373 2374 <h3 id="denial-of-service-vulnerability-in-qualcomm-components"> 2375 Qualcomm (DoS) </h3> 2376 <p> 2377 Wi-Fi Qualcomm 2378 . 2379 </p> 2380 <p> 2381 2382 2383 . 2384 </p> 2385 <table> 2386 <col width="19%"> 2387 <col width="20%"> 2388 <col width="10%"> 2389 <col width="23%"> 2390 <col width="17%"> 2391 <tr> 2392 <th>CVE</th> 2393 <th></th> 2394 <th></th> 2395 <th> Nexus </th> 2396 <th> </th> 2397 </tr> 2398 <tr> 2399 <td>CVE-2014-9901</td> 2400 <td>A-28670333 2401 <p> 2402 <a href="https://us.codeaurora.org/cgit/quic/la//platform/vendor/qcom-opensource/wlan/prima/commit/?id=637f0f7931dd7265ac1c250dc2884d6389c66bde"> 2403 QC-CR#548711</a></p></td> 2404 <td></td> 2405 <td>Nexus 7(2013)</td> 2406 <td>2014 3 31</td> 2407 </tr> 2408 </table> 2409 2410 <h3 id="elevation-of-privilege-vulnerability-in-google-play-services"> 2411 Google Play </h3> 2412 <p> 2413 Google Play 2414 . 2415 2416 . 2417 </p> 2418 <table> 2419 <col width="18%"> 2420 <col width="18%"> 2421 <col width="10%"> 2422 <col width="19%"> 2423 <col width="17%"> 2424 <col width="17%"> 2425 <tr> 2426 <th>CVE</th> 2427 <th></th> 2428 <th></th> 2429 <th> Nexus </th> 2430 <th> AOSP </th> 2431 <th> </th> 2432 </tr> 2433 <tr> 2434 <td>CVE-2016-3853</td> 2435 <td>A-26803208*</td> 2436 <td></td> 2437 <td> Nexus</td> 2438 <td></td> 2439 <td>2016 5 4</td> 2440 </tr> 2441 </table> 2442 <p> 2443 * . 2444 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 2445 . 2446 </p> 2447 2448 <h3 id="elevation-of-privilege-vulnerability-in-framework-apis-2"> 2449 API </h3> 2450 <p> 2451 API 2452 2453 . 2454 2455 . 2456 </p> 2457 <table> 2458 <col width="18%"> 2459 <col width="17%"> 2460 <col width="10%"> 2461 <col width="19%"> 2462 <col width="18%"> 2463 <col width="17%"> 2464 <tr> 2465 <th>CVE</th> 2466 <th></th> 2467 <th></th> 2468 <th> Nexus </th> 2469 <th> AOSP </th> 2470 <th> </th> 2471 </tr> 2472 <tr> 2473 <td>CVE-2016-2497</td> 2474 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/a75537b496e9df71c74c1d045ba5569631a16298"> 2475 A-27450489</a></td> 2476 <td></td> 2477 <td> Nexus</td> 2478 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 2479 <td>Google </td> 2480 </tr> 2481 </table> 2482 2483 <h3 id="information-disclosure-vulnerability-in-kernel-networking-component"> 2484 </h3> 2485 <p> 2486 2487 . 2488 . 2489 </p> 2490 <table> 2491 <col width="19%"> 2492 <col width="20%"> 2493 <col width="10%"> 2494 <col width="23%"> 2495 <col width="17%"> 2496 <tr> 2497 <th>CVE</th> 2498 <th></th> 2499 <th></th> 2500 <th> Nexus </th> 2501 <th> </th> 2502 </tr> 2503 <tr> 2504 <td>CVE-2016-4578</td> 2505 <td>A-28620102 2506 <p> 2507 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5f8e44741f9f216e33736ea4ec65ca9ac03036e6"> 2508 </a></p></td> 2509 <td></td> 2510 <td> Nexus</td> 2511 <td>2016 5 3</td> 2512 </tr> 2513 </table> 2514 2515 <h3 id="information-disclosure-vulnerability-in-kernel-sound-component"> 2516 </h3> 2517 <p> 2518 2519 . 2520 . 2521 </p> 2522 <table> 2523 <col width="19%"> 2524 <col width="20%"> 2525 <col width="10%"> 2526 <col width="23%"> 2527 <col width="17%"> 2528 <tr> 2529 <th>CVE</th> 2530 <th></th> 2531 <th></th> 2532 <th> Nexus </th> 2533 <th> </th> 2534 </tr> 2535 <tr> 2536 <td>CVE-2016-4569</td> 2537 <td>A-28980557 2538 <p> 2539 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cec8f96e49d9be372fdb0c3836dcf31ec71e457e"> 2540 </a></p></td> 2541 <td></td> 2542 <td> Nexus</td> 2543 <td>2016 5 9</td> 2544 </tr> 2545 <tr> 2546 <td>CVE-2016-4578</td> 2547 <td>A-28980217 2548 <p> 2549 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e4ec8cc8039a7063e24204299b462bd1383184a5"> 2550 </a> 2551 [<a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9a47e9cff994f37f7f0dbd9ae23740d0f64f9fe6">2</a>]</p></td> 2552 <td></td> 2553 <td> Nexus</td> 2554 <td>2016 5 11</td> 2555 </tr> 2556 </table> 2557 2558 <h3 id="vulnerabilities-in-qualcomm-components"> 2559 Qualcomm </h3> 2560 <p> 2561 , , , , 2562 Qualcomm 2563 . 2564 </p> 2565 <table> 2566 <col width="19%"> 2567 <col width="20%"> 2568 <col width="10%"> 2569 <col width="23%"> 2570 <col width="17%"> 2571 <tr> 2572 <th>CVE</th> 2573 <th></th> 2574 <th></th> 2575 <th> Nexus </th> 2576 <th> </th> 2577 </tr> 2578 <tr> 2579 <td>CVE-2016-3854</td> 2580 <td><a href="https://source.codeaurora.org/quic/la/kernel/msm/commit/?h=LA.AF.1.2.1_rb1.5&id=cc96def76dfd18fba88575065b29f2ae9191fafa"> 2581 QC-CR#897326</a></td> 2582 <td></td> 2583 <td></td> 2584 <td>2016 2</td> 2585 </tr> 2586 <tr> 2587 <td>CVE-2016-3855</td> 2588 <td><a href="https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=ab3f46119ca10de87a11fe966b0723c48f27acd4"> 2589 QC-CR#990824</a></td> 2590 <td></td> 2591 <td></td> 2592 <td>2016 5</td> 2593 </tr> 2594 <tr> 2595 <td>CVE-2016-2060</td> 2596 <td><a href="https://source.codeaurora.org/quic/la/platform/system/netd/commit/?id=e9925f5acb4401588e23ea8a27c3e318f71b5cf8"> 2597 QC-CR#959631</a> 2598 <td></td> 2599 <td></td> 2600 <td>2016 4</td> 2601 </tr> 2602 </table> 2603 <h2 id="common-questions-and-answers"> </h2> 2604 <p> 2605 . 2606 </p> 2607 <p> 2608 <strong>1. ? 2609 </strong> 2610 </p> 2611 <p> 2612 2016-08-01 2016-08-01 2613 . 2016-08-05 2016-08-05 2614 . 2615 <a href="https://support.google.com/nexus/answer/4457705"></a> . 2616 . 2617 [ro.build.version.security_patch]:[2016-08-01] 2618 [ro.build.version.security_patch]:[2016-08-05] 2619 </p> 2620 <p> 2621 <strong>2. ?</strong> 2622 </p> 2623 <p> 2624 Android Android 2625 2626 . Android 2627 2628 . 2629 </p> 2630 <p> 2631 2016 8 5 2632 . 2633 </p> 2634 <p> 2635 2016 8 1 2636 2637 . 2016 8 1 2638 2016 8 5 2639 . 2640 </p> 2641 <p> 2642 3<strong>. Nexus ?</strong> 2643 </p> 2644 <p> 2645 <a href="#2016-08-01-security-patch-level-security-vulnerability-details">2016-08-01</a> 2646 <a href="#2016-08-05-security-patch-level-vulnerability-details">2016-08-05</a> 2647 Nexus 2648 ' Nexus ' . 2649 . 2650 </p> 2651 <ul> 2652 <li><strong> Nexus </strong>: Nexus 2653 <em> Nexus </em> ' Nexus' . 2654 ' Nexus' 2655 <a href="https://support.google.com/nexus/answer/4457705#nexus_devices"> </a> 2656 . Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, Nexus 7(2013), Nexus 9, 2657 Android One, Nexus Player, Pixel C</li> 2658 <li><strong> Nexus </strong>: Nexus 2659 , Nexus 2660 <em> Nexus </em> .</li> 2661 <li><strong>Nexus </strong>: Nexus 2662 <em> Nexus </em> '' . 2663 </li> 2664 </ul> 2665 <p> 2666 <strong>4. ?</strong> 2667 </p> 2668 <p> 2669 <em></em> 2670 . 2671 . 2672 </p> 2673 <table> 2674 <tr> 2675 <th></th> 2676 <th> </th> 2677 </tr> 2678 <tr> 2679 <td>A-</td> 2680 <td>Android ID</td> 2681 </tr> 2682 <tr> 2683 <td>QC-</td> 2684 <td>Qualcomm </td> 2685 </tr> 2686 <tr> 2687 <td>M-</td> 2688 <td>MediaTek </td> 2689 </tr> 2690 <tr> 2691 <td>N-</td> 2692 <td>NVIDIA </td> 2693 </tr> 2694 </table> 2695 <h2 id="revisions"></h2> 2696 2697 <ul> 2698 <li>2016 8 1: </li> 2699 <li>2016 8 2: AOSP </li> 2700 </ul> 2701
