1 page.title=Android 2016 9 2 @jd:body 3 <!-- 4 Copyright 2016 The Android Open Source Project 5 Licensed under the Apache License, Version 2.0 (the "License"); 6 you may not use this file except in compliance with the License. 7 You may obtain a copy of the License at 8 http://www.apache.org/licenses/LICENSE-2.0 9 Unless required by applicable law or agreed to in writing, software 10 distributed under the License is distributed on an "AS IS" BASIS, 11 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 See the License for the specific language governing permissions and 13 limitations under the License. 14 --> 15 <p><em>2016 9 6 | 2016 9 12 </em> 16 </p> 17 18 <p> 19 Android Android 20 . (OTA) 21 Nexus . 22 Nexus <a href="https://developers.google.com/android/nexus/images">Google </a> 23 . 2016 9 6 24 . 25 <a href="https://support.google.com/nexus/answer/4457705#nexus_devices"></a> . Nexus 2016 9 6 26 OTA . 27 </p> 28 29 <p> 30 2016 8 5 31 . , 32 Android (AOSP) . 33 AOSP . 34 </p> 35 36 <p> 37 38 , MMS 39 . 40 </p> 41 42 <p> 43 44 . SafetyNet Android 45 <a href="{@docRoot}security/enhancements/index.html">Android </a> 46 47 <a href="#mitigations">Android Google </a> . 48 </p> 49 50 <p> 51 . 52 </p> 53 54 <h2 id="announcements"></h2> 55 <ul> 56 <li> Android Android 57 58 . <a href="#common-questions-and-answers"> 59 </a> 60 . 61 <ul> 62 <li><strong>2016-09-01</strong>: . 63 2016-09-01 64 . 65 <li><strong>2016-09-05</strong>: . 66 2016-09-01 2016-09-05 67 . 68 <li><strong>2016-09-06</strong>: . 69 . 70 2016-09-01, 2016-09-05 2016-09-06 71 . 72 <li> Nexus 2016 9 6 73 OTA .</li> 74 </li></li></li></ul> 75 </li> 76 </ul> 77 <h2> </h2> 78 <p> 79 , ID(CVE), 80 Nexus 81 . <a href="{@docRoot}security/overview/updates-resources.html#severity"> </a> 82 83 84 . 85 </p> 86 87 <h3 id="2016-09-01-summary">2016-09-01 </h3> 88 <p> 89 2016 9 1 . 90 </p> 91 92 <table> 93 <col width="55%"> 94 <col width="20%"> 95 <col width="13%"> 96 <col width="12%"> 97 <tr> 98 <th></th> 99 <th>CVE</th> 100 <th></th> 101 <th>Nexus </th> 102 </tr> 103 <tr> 104 <td>LibUtils </td> 105 <td>CVE-2016-3861</td> 106 <td></td> 107 <td></td> 108 </tr> 109 <tr> 110 <td> </td> 111 <td>CVE-2016-3862</td> 112 <td></td> 113 <td></td> 114 </tr> 115 <tr> 116 <td>MediaMuxer </td> 117 <td>CVE-2016-3863</td> 118 <td></td> 119 <td></td> 120 </tr> 121 <tr> 122 <td> </td> 123 <td>CVE-2016-3870, CVE-2016-3871, CVE-2016-3872</td> 124 <td></td> 125 <td></td> 126 </tr> 127 <tr> 128 <td> </td> 129 <td>CVE-2016-3875</td> 130 <td></td> 131 <td>*</td> 132 </tr> 133 <tr> 134 <td> </td> 135 <td>CVE-2016-3876</td> 136 <td></td> 137 <td></td> 138 </tr> 139 <tr> 140 <td> (DoS) </td> 141 <td>CVE-2016-3899, CVE-2016-3878, 142 CVE-2016-3879, CVE-2016-3880, CVE-2016-3881</td> 143 <td></td> 144 <td></td> 145 </tr> 146 <tr> 147 <td> </td> 148 <td>CVE-2016-3883</td> 149 <td></td> 150 <td></td> 151 </tr> 152 <tr> 153 <td> </td> 154 <td>CVE-2016-3884</td> 155 <td></td> 156 <td></td> 157 </tr> 158 <tr> 159 <td>Debuggerd </td> 160 <td>CVE-2016-3885</td> 161 <td></td> 162 <td></td> 163 </tr> 164 <tr> 165 <td> UI </td> 166 <td>CVE-2016-3886</td> 167 <td></td> 168 <td></td> 169 </tr> 170 <tr> 171 <td> </td> 172 <td>CVE-2016-3887</td> 173 <td></td> 174 <td></td> 175 </tr> 176 <tr> 177 <td>SMS </td> 178 <td>CVE-2016-3888</td> 179 <td></td> 180 <td></td> 181 </tr> 182 <tr> 183 <td> </td> 184 <td>CVE-2016-3889</td> 185 <td></td> 186 <td></td> 187 </tr> 188 <tr> 189 <td> </td> 190 <td>CVE-2016-3890</td> 191 <td></td> 192 <td>*</td> 193 </tr> 194 <tr> 195 <td> </td> 196 <td>CVE-2016-3895</td> 197 <td></td> 198 <td></td> 199 </tr> 200 <tr> 201 <td>AOSP </td> 202 <td>CVE-2016-3896</td> 203 <td></td> 204 <td>*</td> 205 </tr> 206 <tr> 207 <td>Wi-Fi </td> 208 <td>CVE-2016-3897</td> 209 <td></td> 210 <td>*</td> 211 </tr> 212 <tr> 213 <td> (DoS) </td> 214 <td>CVE-2016-3898</td> 215 <td></td> 216 <td></td> 217 </tr> 218 </table> 219 <p> 220 * Android 7.0 Nexus 221 . 222 </p> 223 224 <h3 id="2016-09-05-summary">2016-09-05 </h3> 225 <p> 226 2016-09-01 2016 9 5 227 . 228 </p> 229 230 <table> 231 <col width="55%"> 232 <col width="20%"> 233 <col width="13%"> 234 <col width="12%"> 235 <tr> 236 <th></th> 237 <th>CVE</th> 238 <th></th> 239 <th>Nexus </th> 240 </tr> 241 <tr> 242 <td> </td> 243 <td>CVE-2014-9529, CVE-2016-4470</td> 244 <td></td> 245 <td></td> 246 </tr> 247 <tr> 248 <td> </td> 249 <td>CVE-2013-7446</td> 250 <td></td> 251 <td></td> 252 </tr> 253 <tr> 254 <td> </td> 255 <td>CVE-2016-3134</td> 256 <td></td> 257 <td></td> 258 </tr> 259 <tr> 260 <td> USB </td> 261 <td>CVE-2016-3951</td> 262 <td></td> 263 <td></td> 264 </tr> 265 <tr> 266 <td> </td> 267 <td>CVE-2014-4655</td> 268 <td></td> 269 <td></td> 270 </tr> 271 <tr> 272 <td> ASN.1 </td> 273 <td>CVE-2016-2053</td> 274 <td></td> 275 <td></td> 276 </tr> 277 <tr> 278 <td>Qualcomm </td> 279 <td>CVE-2016-3864</td> 280 <td></td> 281 <td></td> 282 </tr> 283 <tr> 284 <td>Qualcomm </td> 285 <td>CVE-2016-3858</td> 286 <td></td> 287 <td></td> 288 </tr> 289 <tr> 290 <td> </td> 291 <td>CVE-2016-4805</td> 292 <td></td> 293 <td></td> 294 </tr> 295 <tr> 296 <td>Synaptics </td> 297 <td>CVE-2016-3865</td> 298 <td></td> 299 <td></td> 300 </tr> 301 <tr> 302 <td>Qualcomm </td> 303 <td>CVE-2016-3859</td> 304 <td></td> 305 <td></td> 306 </tr> 307 <tr> 308 <td>Qualcomm </td> 309 <td>CVE-2016-3866</td> 310 <td></td> 311 <td></td> 312 </tr> 313 <tr> 314 <td>Qualcomm IPA </td> 315 <td>CVE-2016-3867</td> 316 <td></td> 317 <td></td> 318 </tr> 319 <tr> 320 <td>Qualcomm </td> 321 <td>CVE-2016-3868</td> 322 <td></td> 323 <td></td> 324 </tr> 325 <tr> 326 <td>Broadcom Wi-Fi </td> 327 <td>CVE-2016-3869</td> 328 <td></td> 329 <td></td> 330 </tr> 331 <tr> 332 <td> eCryptfs </td> 333 <td>CVE-2016-1583</td> 334 <td></td> 335 <td></td> 336 </tr> 337 <tr> 338 <td>NVIDIA </td> 339 <td>CVE-2016-3873</td> 340 <td></td> 341 <td></td> 342 </tr> 343 <tr> 344 <td>Qualcomm Wi-Fi </td> 345 <td>CVE-2016-3874</td> 346 <td></td> 347 <td></td> 348 </tr> 349 <tr> 350 <td> (DoS) </td> 351 <td>CVE-2015-1465, CVE-2015-5364</td> 352 <td></td> 353 <td></td> 354 </tr> 355 <tr> 356 <td> ext4 (DoS) </td> 357 <td>CVE-2015-8839</td> 358 <td></td> 359 <td></td> 360 </tr> 361 <tr> 362 <td>Qualcomm SPMI </td> 363 <td>CVE-2016-3892</td> 364 <td></td> 365 <td></td> 366 </tr> 367 <tr> 368 <td>Qualcomm </td> 369 <td>CVE-2016-3893</td> 370 <td></td> 371 <td></td> 372 </tr> 373 <tr> 374 <td>Qualcomm DMA </td> 375 <td>CVE-2016-3894</td> 376 <td></td> 377 <td></td> 378 </tr> 379 <tr> 380 <td> </td> 381 <td>CVE-2016-4998</td> 382 <td></td> 383 <td></td> 384 </tr> 385 <tr> 386 <td> (DoS) </td> 387 <td>CVE-2015-2922</td> 388 <td></td> 389 <td></td> 390 </tr> 391 <tr> 392 <td>Qualcomm </td> 393 <td>CVE-2016-2469</td> 394 <td></td> 395 <td></td> 396 </tr> 397 </table> 398 <h3 id="2016-09-06-summary">2016-09-06 </h3> 399 <p> 400 2016-09-05 2016-09-01 2016 9 6 401 . 402 </p> 403 404 <table> 405 <col width="55%"> 406 <col width="20%"> 407 <col width="13%"> 408 <col width="12%"> 409 <tr> 410 <th></th> 411 <th>CVE</th> 412 <th></th> 413 <th>Nexus </th> 414 </tr> 415 <tr> 416 <td> </td> 417 <td>CVE-2016-5340</td> 418 <td></td> 419 <td></td> 420 </tr> 421 <tr> 422 <td>Qualcomm </td> 423 <td>CVE-2016-2059</td> 424 <td></td> 425 <td></td> 426 </tr> 427 </table> 428 <h2 id="mitigations">Android Google </h2> 429 <p> 430 SafetyNet <a href="{@docRoot}security/enhancements/index.html">Android </a> 431 . 432 Android 433 . 434 </p> 435 <ul> 436 <li>Android Android 437 . Android 438 .</li> 439 <li>Android <a href="http://static.googleusercontent.com/media/source.android.com/en//security/reports/Google_Android_Security_PHA_classifications.pdf"> </a> 440 441 <a href="http://static.googleusercontent.com/media/source.android.com/en//security/reports/Google_Android_Security_2015_Report_Final.pdf"> SafetyNet</a> 442 . <a href="http://www.android.com/gms">Google </a> 443 444 Google Play . Google 445 Play 446 447 . 448 449 . 450 .</li> 451 <li> Google 452 .</li> 453 </ul> 454 455 <h2 id="acknowledgements"></h2> 456 <p> 457 . 458 </p> 459 460 461 <ul> 462 <li> Cory Pruce: CVE-2016-3897</li> 463 <li>Qihoo 360 Technology Co. Ltd. IceSword Lab 464 Gengjia Chen(<a href="https://twitter.com/chengjia4574">@chengjia4574</a>), <a href="http://weibo.com/jfpan">pjf</a>: 465 CVE-2016-3869, CVE-2016-3865, CVE-2016-3866, CVE-2016-3867</li> 466 <li><a href="http://www.cmcm.com">Cheetah Mobile</a> Security Research Lab 467 Hao Qin: CVE-2016-3863</li> 468 <li>Google Project Zero Jann Horn: CVE-2016-3885</li> 469 <li>Qihoo 360 IceSword Lab Jianqiang Zhao(<a href="https://twitter.com/jianqiangzhao">@jianqiangzhao</a>) 470 <a href="http://weibo.com/jfpan">pjf</a>: CVE-2016-3858</li> 471 <li>Joshua Drake(<a href="https://twitter.com/jduck">@jduck</a>): CVE-2016-3861</li> 472 <li> CISPA Madhu Priya Murugan: CVE-2016-3896</li> 473 <li>Google Makoto Onuki: CVE-2016-3876</li> 474 <li>Google Project Zero Mark Brand: CVE-2016-3861</li> 475 <li>Android Max Spector: CVE-2016-3888</li> 476 <li>Android Max Spector, Quan To: CVE-2016-3889</li> 477 <li><a href="http://c0reteam.org">C0RE </a> Mingjian Zhou(<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>), 478 Chiachih Wu(<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>), 479 Xuxian Jiang: CVE-2016-3895</li> 480 <li>Tesla Motors Nathan Crandall(<a href="https://twitter.com/natecray">@natecray</a>) 481 : CVE-2016-2446 </li> 482 <li>Google Oleksiy Vyalov: CVE-2016-3890</li> 483 <li>Google Chrome Oliver Chang: CVE-2016-3880</li> 484 <li>Alibaba Mobile Security Group Peng Xiao, Chengming Yang, Ning You, Chao Yang, 485 Yang song: CVE-2016-3859</li> 486 <li>TEAM Lv51 Ronald L. Loor Vargas(<a href="https://twitter.com/loor_rlv">@loor_rlv</a>) 487 : CVE-2016-3886</li> 488 <li>IBM Security X-Force Sagi Kedmi: CVE-2016-3873</li> 489 <li><a href="mailto:sbauer (a] plzdonthack.me">Scott Bauer</a> 490 (<a href="https://twitter.com/ScottyBauer1">@ScottyBauer1</a>): CVE-2016-3893, 491 CVE-2016-3868, CVE-2016-3867</li> 492 <li>TrendMicro Seven Shen 493 (<a href="https://twitter.com/lingtongshen">@lingtongshen</a>): CVE-2016-3894</li> 494 <li>SentinelOne / RedNaga 495 Tim Strazzere(<a href="https://twitter.com/timstrazz">@timstrazz</a>): CVE-2016-3862</li> 496 <li>trotmaster(<a href="https://twitter.com/trotmaster99">@trotmaster99</a>): 497 CVE-2016-3883</li> 498 <li>Google Victor Chang: CVE-2016-3887</li> 499 <li>Google Vignesh Venkatasubramanian: CVE-2016-3881</li> 500 <li>Alibaba Inc. Weichao Sun(<a href="https://twitter.com/sunblate">@sunblate</a>): CVE-2016-3878</li> 501 <li><a href="http://c0reteam.org">C0RE </a> <a href="mailto:vancouverdou (a] gmail.com">Wenke Dou</a>, Mingjian Zhou 502 (<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>), Chiachih Wu 503 (<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>), Xuxian Jiang 504 : CVE-2016-3870, CVE-2016-3871, 505 CVE-2016-3872</li> 506 <li><a href="http://blog.trendmicro.com/trendlabs-security-intelligence/author/wishwu/">Trend Micro Inc</a> 507 Wish Wu(<a href="http://weibo.com/wishlinux"></a>) 508 (<a href="https://twitter.com/wish_wu">@wish_wu</a>) 509 : CVE-2016-3892</li> 510 <li><a href="http://www.alibaba.com/">Alibaba Inc</a> Xingyu He() 511 (<a href="https://twitter.com/Spid3r_">@Spid3r_</a>) 512 : CVE-2016-3879</li> 513 <li>Chinese Academy of Sciences Institute of Software TCA Lab Yacong Gu 514 : CVE-2016-3884</li> 515 <li> <a href="http://yurushao.info">Yuru Shao</a> 516 : CVE-2016-3898</li> 517 </ul> 518 519 <h2 id="2016-09-01-details">2016-09-01 </h2> 520 <p> 521 <a href="#2016-09-01-summary">2016-09-01 522 </a> 523 . , 524 CVE, , , Nexus , 525 AOSP ( ), . 526 AOSP ID 527 . 528 ID . 529 </p> 530 531 <h3>LibUtils </h3> 532 <p> 533 LibUtils 534 535 . 536 . 537 </p> 538 539 <table> 540 <col width="18%"> 541 <col width="16%"> 542 <col width="10%"> 543 <col width="19%"> 544 <col width="19%"> 545 <col width="17%"> 546 <tr> 547 <th>CVE</th> 548 <th></th> 549 <th></th> 550 <th> Nexus </th> 551 <th> AOSP </th> 552 <th> </th> 553 </tr> 554 <tr> 555 <td>CVE-2016-3861</td> 556 <td><a href="https://android.googlesource.com/platform/system/core/+/ecf5fd58a8f50362ce9e8d4245a33d56f29f142b"> 557 A-29250543</a> 558 [<a href="https://android.googlesource.com/platform/frameworks/av/+/3944c65637dfed14a5a895685edfa4bacaf9f76e">2</a>] 559 [<a href="https://android.googlesource.com/platform/frameworks/base/+/866dc26ad4a98cc835d075b627326e7d7e52ffa1">3</a>] 560 [<a href="https://android.googlesource.com/platform/frameworks/native/+/1f4b49e64adf4623eefda503bca61e253597b9bf">4</a>] 561 </td> 562 <td></td> 563 <td> Nexus</td> 564 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0</td> 565 <td>2016 6 9</td> 566 </tr> 567 </table> 568 <h3> </h3> 569 <p> 570 571 572 . 573 . 574 </p> 575 576 <table> 577 <col width="18%"> 578 <col width="18%"> 579 <col width="10%"> 580 <col width="19%"> 581 <col width="17%"> 582 <col width="17%"> 583 <tr> 584 <th>CVE</th> 585 <th></th> 586 <th></th> 587 <th> Nexus </th> 588 <th> AOSP </th> 589 <th> </th> 590 </tr> 591 <tr> 592 <td>CVE-2016-3862</td> 593 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/e739d9ca5469ed30129d0fa228e3d0f2878671ac"> 594 A-29270469</a></td> 595 <td></td> 596 <td> Nexus</td> 597 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 598 <td>2016 6 10</td> 599 </tr> 600 </table> 601 <h3>MediaMuxer </h3> 602 <p> 603 MediaMuxer 604 605 . MediaMuxer 606 . 607 </p> 608 609 <table> 610 <col width="18%"> 611 <col width="16%"> 612 <col width="10%"> 613 <col width="19%"> 614 <col width="19%"> 615 <col width="17%"> 616 <tr> 617 <th>CVE</th> 618 <th></th> 619 <th></th> 620 <th> Nexus </th> 621 <th> AOSP </th> 622 <th> </th> 623 </tr> 624 <tr> 625 <td>CVE-2016-3863</td> 626 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/119a012b2a9a186655da4bef3ed4ed8dd9b94c26"> 627 A-29161888</a></td> 628 <td></td> 629 <td> Nexus</td> 630 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0</td> 631 <td>2016 6 6</td> 632 </tr> 633 </table> 634 <h3> </h3> 635 <p> 636 637 638 . 639 640 . 641 </p> 642 643 <table> 644 <col width="18%"> 645 <col width="16%"> 646 <col width="10%"> 647 <col width="19%"> 648 <col width="19%"> 649 <col width="17%"> 650 <tr> 651 <th>CVE</th> 652 <th></th> 653 <th></th> 654 <th> Nexus </th> 655 <th> AOSP </th> 656 <th> </th> 657 </tr> 658 <tr> 659 <td>CVE-2016-3870</td> 660 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/1e9801783770917728b7edbdeff3d0ec09c621ac"> 661 A-29421804</a> 662 <td></td> 663 <td> Nexus</td> 664 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0</td> 665 <td>2016 6 15</td> 666 </td></tr> 667 <tr> 668 <td>CVE-2016-3871</td> 669 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/c2639afac631f5c1ffddf70ee8a6fe943d0bedf9"> 670 A-29422022</a> 671 [<a href="https://android.googlesource.com/platform/frameworks/av/+/3c4edac2a5b00dec6c8579a0ee658cfb3bb16d94">2</a>] 672 [<a href="https://android.googlesource.com/platform/frameworks/av/+/c17ad2f0c7e00fd1bbf01d0dfed41f72d78267ad">3</a>] 673 </td> 674 <td></td> 675 <td> Nexus</td> 676 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0</td> 677 <td>2016 6 15</td> 678 </tr> 679 <tr> 680 <td>CVE-2016-3872</td> 681 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/630ed150f7201ddadb00b8b8ce0c55c4cc6e8742"> 682 A-29421675</a> 683 [<a href="https://android.googlesource.com/platform/frameworks/av/+/9f9ba255a0c59544f3555c9c45512c3a2fac5fad">2</a>] 684 </td> 685 <td></td> 686 <td> Nexus</td> 687 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0</td> 688 <td>2016 6 15</td> 689 </tr> 690 </table> 691 <h3> </h3> 692 <p> 693 694 . 695 . 696 </p> 697 698 <table> 699 <col width="18%"> 700 <col width="18%"> 701 <col width="10%"> 702 <col width="19%"> 703 <col width="17%"> 704 <col width="17%"> 705 <tr> 706 <th>CVE</th> 707 <th></th> 708 <th></th> 709 <th> Nexus </th> 710 <th> AOSP </th> 711 <th> </th> 712 </tr> 713 <tr> 714 <td>CVE-2016-3875</td> 715 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/69729fa8b13cadbf3173fe1f389fe4f3b7bd0f9c"> 716 A-26251884</a></td> 717 <td></td> 718 <td>*</td> 719 <td>6.0, 6.0.1</td> 720 <td>Google </td> 721 </tr> 722 </table> 723 <p> 724 * Android 7.0 Nexus 725 . 726 </p> 727 728 <h3> </h3> 729 <p> 730 731 . 732 . 733 </p> 734 735 <table> 736 <col width="18%"> 737 <col width="18%"> 738 <col width="10%"> 739 <col width="19%"> 740 <col width="17%"> 741 <col width="17%"> 742 <tr> 743 <th>CVE</th> 744 <th></th> 745 <th></th> 746 <th> Nexus </th> 747 <th> AOSP </th> 748 <th> </th> 749 </tr> 750 <tr> 751 <td>CVE-2016-3876</td> 752 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/91fc934bb2e5ea59929bb2f574de6db9b5100745"> 753 A-29900345</a></td> 754 <td></td> 755 <td> Nexus</td> 756 <td>6.0, 6.0.1, 7.0</td> 757 <td>Google </td> 758 </tr> 759 </table> 760 <h3> (DoS) </h3> 761 <p> 762 763 . 764 . 765 </p> 766 767 <table> 768 <col width="18%"> 769 <col width="16%"> 770 <col width="10%"> 771 <col width="19%"> 772 <col width="19%"> 773 <col width="17%"> 774 <tr> 775 <th>CVE</th> 776 <th></th> 777 <th></th> 778 <th> Nexus </th> 779 <th> AOSP </th> 780 <th> </th> 781 </tr> 782 <tr> 783 <td>CVE-2016-3899</td> 784 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/97837bb6cbac21ea679843a0037779d3834bed64"> 785 A-29421811</a></td> 786 <td></td> 787 <td> Nexus</td> 788 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0</td> 789 <td>2016 6 16</td> 790 </tr> 791 <tr> 792 <td>CVE-2016-3878</td> 793 <td><a href="https://android.googlesource.com/platform/external/libavc/+/7109ce3f8f90a28ca9f0ee6e14f6ac5e414c62cf"> 794 A-29493002</a></td> 795 <td></td> 796 <td> Nexus*</td> 797 <td>6.0, 6.0.1</td> 798 <td>2016 6 17</td> 799 </tr> 800 <tr> 801 <td>CVE-2016-3879</td> 802 <td><a href="https://android.googlesource.com/platform/external/sonivox/+/cadfb7a3c96d4fef06656cf37143e1b3e62cae86"> 803 A-29770686</a></td> 804 <td></td> 805 <td> Nexus*</td> 806 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 807 <td>2016 6 25</td> 808 </tr> 809 <tr> 810 <td>CVE-2016-3880</td> 811 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/68f67ef6cf1f41e77337be3bc4bff91f3a3c6324"> 812 A-25747670</a></td> 813 <td></td> 814 <td> Nexus</td> 815 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0</td> 816 <td>Google </td> 817 </tr> 818 <tr> 819 <td>CVE-2016-3881</td> 820 <td><a href="https://android.googlesource.com/platform/external/libvpx/+/4974dcbd0289a2530df2ee2a25b5f92775df80da"> 821 A-30013856</a></td> 822 <td></td> 823 <td> Nexus</td> 824 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0</td> 825 <td>Google </td> 826 </tr> 827 </table> 828 <p> 829 * Android 7.0 Nexus 830 . 831 </p> 832 833 <h3> </h3> 834 <p> 835 836 SMS . 837 838 . 839 </p> 840 841 <table> 842 <col width="18%"> 843 <col width="16%"> 844 <col width="10%"> 845 <col width="19%"> 846 <col width="19%"> 847 <col width="17%"> 848 <tr> 849 <th>CVE</th> 850 <th></th> 851 <th></th> 852 <th> Nexus </th> 853 <th> AOSP </th> 854 <th> </th> 855 </tr> 856 <tr> 857 <td>CVE-2016-3883</td> 858 <td><a href="https://android.googlesource.com/platform/frameworks/opt/telephony/+/b2c89e6f8962dc7aff88cb38aa3ee67d751edda9"> 859 A-28557603</a></td> 860 <td></td> 861 <td> Nexus</td> 862 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0</td> 863 <td>2016 5 3</td> 864 </tr> 865 </table> 866 <h3> </h3> 867 <p> 868 869 870 . ( ) . 871 </p> 872 873 <table> 874 <col width="18%"> 875 <col width="18%"> 876 <col width="10%"> 877 <col width="19%"> 878 <col width="17%"> 879 <col width="17%"> 880 <tr> 881 <th>CVE</th> 882 <th></th> 883 <th></th> 884 <th> Nexus </th> 885 <th> AOSP </th> 886 <th> </th> 887 </tr> 888 <tr> 889 <td>CVE-2016-3884</td> 890 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/61e9103b5725965568e46657f4781dd8f2e5b623"> 891 A-29421441</a></td> 892 <td></td> 893 <td> Nexus</td> 894 <td>6.0, 6.0.1, 7.0</td> 895 <td>2016 6 15</td> 896 </tr> 897 </table> 898 <h3>Debuggerd </h3> 899 <p> 900 Android 901 Android 902 . 903 . 904 </p> 905 906 <table> 907 <col width="18%"> 908 <col width="18%"> 909 <col width="10%"> 910 <col width="19%"> 911 <col width="17%"> 912 <col width="17%"> 913 <tr> 914 <th>CVE</th> 915 <th></th> 916 <th></th> 917 <th> Nexus </th> 918 <th> AOSP </th> 919 <th> </th> 920 </tr> 921 <tr> 922 <td>CVE-2016-3885</td> 923 <td><a href="https://android.googlesource.com/platform/system/core/+/d7603583f90c2bc6074a4ee2886bd28082d7c65b"> 924 A-29555636</a></td> 925 <td></td> 926 <td> Nexus</td> 927 <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0</td> 928 <td>2016 6 21</td> 929 </tr> 930 </table> 931 <h3> UI </h3> 932 <p> 933 UI 934 . 935 . 936 </p> 937 938 <table> 939 <col width="18%"> 940 <col width="18%"> 941 <col width="10%"> 942 <col width="19%"> 943 <col width="17%"> 944 <col width="17%"> 945 <tr> 946 <th>CVE</th> 947 <th></th> 948 <th></th> 949 <th> Nexus </th> 950 <th> AOSP </th> 951 <th> </th> 952 </tr> 953 <tr> 954 <td>CVE-2016-3886</td> 955 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/6ca6cd5a50311d58a1b7bf8fbef3f9aa29eadcd5"> 956 A-30107438</a></td> 957 <td></td> 958 <td> Nexus</td> 959 <td>7.0</td> 960 <td>2016 6 23</td> 961 </tr> 962 </table> 963 <h3> </h3> 964 <p> 965 VPN 966 . 967 968 969 . 970 </p> 971 972 <table> 973 <col width="18%"> 974 <col width="17%"> 975 <col width="10%"> 976 <col width="19%"> 977 <col width="17%"> 978 <col width="18%"> 979 <tr> 980 <th>CVE</th> 981 <th></th> 982 <th></th> 983 <th> Nexus </th> 984 <th> AOSP </th> 985 <th> </th> 986 </tr> 987 <tr> 988 <td>CVE-2016-3887</td> 989 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/335702d106797bce8a88044783fa1fc1d5f751d0"> 990 A-29899712</a></td> 991 <td></td> 992 <td> Nexus</td> 993 <td>7.0</td> 994 <td>Google </td> 995 </tr> 996 </table> 997 <h3>SMS </h3> 998 <p> 999 SMS 1000 SMS . 1001 . 1002 </p> 1003 1004 <table> 1005 <col width="18%"> 1006 <col width="16%"> 1007 <col width="10%"> 1008 <col width="19%"> 1009 <col width="19%"> 1010 <col width="17%"> 1011 <tr> 1012 <th>CVE</th> 1013 <th></th> 1014 <th></th> 1015 <th> Nexus </th> 1016 <th> AOSP </th> 1017 <th> </th> 1018 </tr> 1019 <tr> 1020 <td>CVE-2016-3888</td> 1021 <td><a href="https://android.googlesource.com/platform/frameworks/opt/telephony/+/b8d1aee993dcc565e6576b2f2439a8f5a507cff6"> 1022 A-29420123</a></td> 1023 <td></td> 1024 <td> Nexus</td> 1025 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0</td> 1026 <td>Google </td> 1027 </tr> 1028 </table> 1029 <h3> </h3> 1030 <p> 1031 1032 . 1033 1034 1035 . 1036 </p> 1037 1038 <table> 1039 <col width="18%"> 1040 <col width="17%"> 1041 <col width="10%"> 1042 <col width="19%"> 1043 <col width="17%"> 1044 <col width="18%"> 1045 <tr> 1046 <th>CVE</th> 1047 <th></th> 1048 <th></th> 1049 <th> Nexus </th> 1050 <th> AOSP </th> 1051 <th> </th> 1052 </tr> 1053 <tr> 1054 <td>CVE-2016-3889</td> 1055 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/e206f02d46ae5e38c74d138b51f6e1637e261abe"> 1056 A-29194585</a> 1057 [<a href="https://android.googlesource.com/platform/packages/apps/Settings/+/bd5d5176c74021e8cf4970f93f273ba3023c3d72">2</a>] 1058 </td> 1059 <td></td> 1060 <td> Nexus</td> 1061 <td>6.0, 6.0.1, 7.0</td> 1062 <td>Google </td> 1063 </tr> 1064 </table> 1065 <h3> </h3> 1066 <p> 1067 1068 1069 . 1070 . 1071 </p> 1072 1073 <table> 1074 <col width="18%"> 1075 <col width="16%"> 1076 <col width="10%"> 1077 <col width="19%"> 1078 <col width="18%"> 1079 <col width="18%"> 1080 <tr> 1081 <th>CVE</th> 1082 <th></th> 1083 <th></th> 1084 <th> Nexus </th> 1085 <th> AOSP </th> 1086 <th> </th> 1087 </tr> 1088 <tr> 1089 <td>CVE-2016-3890</td> 1090 <td><a href="https://android.googlesource.com/platform/system/core/+/268068f25673242d1d5130d96202d3288c91b700"> 1091 A-28347842</a> 1092 [<a href="https://android.googlesource.com/platform/system/core/+/014b01706cc64dc9c2ad94a96f62e07c058d0b5d">2</a>] 1093 </td> 1094 <td></td> 1095 <td>*</td> 1096 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 1097 <td>Google </td> 1098 </tr> 1099 </table> 1100 <p> 1101 * Android 7.0 Nexus 1102 . 1103 </p> 1104 1105 <h3> </h3> 1106 <p> 1107 1108 . 1109 1110 . 1111 </p> 1112 1113 <table> 1114 <col width="18%"> 1115 <col width="18%"> 1116 <col width="10%"> 1117 <col width="19%"> 1118 <col width="17%"> 1119 <col width="17%"> 1120 <tr> 1121 <th>CVE</th> 1122 <th></th> 1123 <th></th> 1124 <th> Nexus </th> 1125 <th> AOSP </th> 1126 <th> </th> 1127 </tr> 1128 <tr> 1129 <td>CVE-2016-3895</td> 1130 <td><a href="https://android.googlesource.com/platform/frameworks/native/+/363247929c35104b3e5ee9e637e9dcf579080aee"> 1131 A-29983260</a></td> 1132 <td></td> 1133 <td> Nexus</td> 1134 <td>6.0, 6.0.1, 7.0</td> 1135 <td>2016 7 4</td> 1136 </tr> 1137 </table> 1138 <h3>AOSP </h3> 1139 <p> 1140 AOSP 1141 . 1142 1143 . 1144 </p> 1145 1146 <table> 1147 <col width="18%"> 1148 <col width="16%"> 1149 <col width="10%"> 1150 <col width="19%"> 1151 <col width="19%"> 1152 <col width="17%"> 1153 <tr> 1154 <th>CVE</th> 1155 <th></th> 1156 <th></th> 1157 <th> Nexus </th> 1158 <th> AOSP </th> 1159 <th> </th> 1160 </tr> 1161 <tr> 1162 <td>CVE-2016-3896</td> 1163 <td><a href="https://android.googlesource.com/platform/packages/apps/Email/+/cb2dfe43f25cb0c32cc73aa4569c0a5186a4ef43"> 1164 A-29767043</a></td> 1165 <td></td> 1166 <td>*</td> 1167 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 1168 <td>2016 7 24</td> 1169 </tr> 1170 </table> 1171 <p> 1172 * Android 7.0 Nexus 1173 . 1174 </p> 1175 1176 <h3>Wi-Fi </h3> 1177 <p> 1178 Wi-Fi 1179 . 1180 . 1181 </p> 1182 1183 <table> 1184 <col width="18%"> 1185 <col width="16%"> 1186 <col width="10%"> 1187 <col width="19%"> 1188 <col width="19%"> 1189 <col width="17%"> 1190 <tr> 1191 <th>CVE</th> 1192 <th></th> 1193 <th></th> 1194 <th> Nexus </th> 1195 <th> AOSP </th> 1196 <th> </th> 1197 </tr> 1198 <tr> 1199 <td>CVE-2016-3897</td> 1200 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/55271d454881b67ff38485fdd97598c542cc2d55"> 1201 A-25624963</a> 1202 [<a href="https://android.googlesource.com/platform/frameworks/base/+/81be4e3aac55305cbb5c9d523cf5c96c66604b39">2</a>] 1203 </td> 1204 <td></td> 1205 <td>*</td> 1206 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 1207 <td>2015 11 5</td> 1208 </tr> 1209 </table> 1210 <p> 1211 * Android 7.0 Nexus 1212 . 1213 </p> 1214 1215 <h3> (DoS) </h3> 1216 <p> 1217 1218 119 TTY . 1219 1220 . 1221 </p> 1222 1223 <table> 1224 <col width="18%"> 1225 <col width="18%"> 1226 <col width="10%"> 1227 <col width="19%"> 1228 <col width="17%"> 1229 <col width="17%"> 1230 <tr> 1231 <th>CVE</th> 1232 <th></th> 1233 <th></th> 1234 <th> Nexus </th> 1235 <th> AOSP </th> 1236 <th> </th> 1237 </tr> 1238 <tr> 1239 <td>CVE-2016-3898</td> 1240 <td><a href="https://android.googlesource.com/platform/packages/services/Telephony/+/d1d248d10cf03498efb7041f1a8c9c467482a19d"> 1241 A-29832693</a></td> 1242 <td></td> 1243 <td> Nexus</td> 1244 <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0</td> 1245 <td>2016 6 28</td> 1246 </tr> 1247 </table> 1248 <h2 id="2016-09-05-details">2016-09-05 </h2> 1249 <p> 1250 <a href="#2016-09-05-summary">2016-09-05 1251 </a> 1252 . , 1253 CVE, , , Nexus , 1254 AOSP ( ), . 1255 AOSP ID 1256 . 1257 ID . 1258 </p> 1259 1260 <h3> </h3> 1261 <p> 1262 1263 1264 . 1265 , 1266 . 1267 </p> 1268 1269 <table> 1270 <col width="19%"> 1271 <col width="20%"> 1272 <col width="10%"> 1273 <col width="23%"> 1274 <col width="17%"> 1275 <tr> 1276 <th>CVE</th> 1277 <th></th> 1278 <th></th> 1279 <th> Nexus </th> 1280 <th> </th> 1281 </tr> 1282 <tr> 1283 <td>CVE-2014-9529</td> 1284 <td>A-29510361 1285 <p> 1286 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a3a8784454692dd72e5d5d34dcdab17b4420e74c"> 1287 </a></p></td> 1288 <td></td> 1289 <td>Nexus 5, Nexus 6, Nexus 9, Nexus Player, Android One</td> 1290 <td>2015 1 6</td> 1291 </tr> 1292 <tr> 1293 <td>CVE-2016-4470</td> 1294 <td>A-29823941 1295 <p> 1296 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=38327424b40bcebe2de92d07312c89360ac9229a"> 1297 </a></p></td> 1298 <td></td> 1299 <td>Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, Nexus 9, Nexus Player</td> 1300 <td>2016 6 15</td> 1301 </tr> 1302 </table> 1303 <h3> </h3> 1304 <p> 1305 1306 1307 . 1308 , 1309 . 1310 </p> 1311 1312 <table> 1313 <col width="19%"> 1314 <col width="20%"> 1315 <col width="10%"> 1316 <col width="23%"> 1317 <col width="17%"> 1318 <tr> 1319 <th>CVE</th> 1320 <th></th> 1321 <th></th> 1322 <th> Nexus </th> 1323 <th> </th> 1324 </tr> 1325 <tr> 1326 <td>CVE-2013-7446</td> 1327 <td>A-29119002 1328 <p> 1329 <a href="https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/net/unix/af_unix.c?id=7d267278a9ece963d77eefec61630223fce08c6c"> 1330 </a></p></td> 1331 <td></td> 1332 <td>Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, Nexus 9, Nexus Player, Pixel C, 1333 Android One</td> 1334 <td>2015 11 18</td> 1335 </tr> 1336 </table> 1337 <h3> </h3> 1338 <p> 1339 1340 1341 . 1342 , 1343 . 1344 </p> 1345 1346 <table> 1347 <col width="19%"> 1348 <col width="20%"> 1349 <col width="10%"> 1350 <col width="23%"> 1351 <col width="17%"> 1352 <tr> 1353 <th>CVE</th> 1354 <th></th> 1355 <th></th> 1356 <th> Nexus </th> 1357 <th> </th> 1358 </tr> 1359 <tr> 1360 <td>CVE-2016-3134</td> 1361 <td>A-28940694 1362 <p> 1363 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=54d83fc74aa9ec72794373cb47432c5f7fb1a309"> 1364 </a></p></td> 1365 <td></td> 1366 <td>Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, Nexus 9, Nexus Player, Pixel C, 1367 Android One</td> 1368 <td>2016 3 9</td> 1369 </tr> 1370 </table> 1371 <h3> USB </h3> 1372 <p> 1373 USB 1374 1375 . 1376 , 1377 . 1378 </p> 1379 1380 <table> 1381 <col width="19%"> 1382 <col width="20%"> 1383 <col width="10%"> 1384 <col width="23%"> 1385 <col width="17%"> 1386 <tr> 1387 <th>CVE</th> 1388 <th></th> 1389 <th></th> 1390 <th> Nexus </th> 1391 <th> </th> 1392 </tr> 1393 <tr> 1394 <td>CVE-2016-3951</td> 1395 <td>A-28744625 1396 <p> 1397 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4d06dd537f95683aba3651098ae288b7cbff8274"> </a> 1398 [<a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1666984c8625b3db19a9abc298931d35ab7bc64b">2</a>]</p></td> 1399 <td></td> 1400 <td>Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, Nexus 9, Nexus Player, Pixel C, 1401 Android One</td> 1402 <td>2016 4 6</td> 1403 </tr> 1404 </table> 1405 <h3> </h3> 1406 <p> 1407 1408 1409 . 1410 . 1411 </p> 1412 1413 <table> 1414 <col width="19%"> 1415 <col width="20%"> 1416 <col width="10%"> 1417 <col width="23%"> 1418 <col width="17%"> 1419 <tr> 1420 <th>CVE</th> 1421 <th></th> 1422 <th></th> 1423 <th> Nexus </th> 1424 <th> </th> 1425 </tr> 1426 <tr> 1427 <td>CVE-2014-4655</td> 1428 <td>A-29916012 1429 <p> 1430 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=82262a46627bebb0febcc26664746c25cef08563"> 1431 </a></p></td> 1432 <td></td> 1433 <td>Nexus 5, Nexus 6, Nexus 9, Nexus Player</td> 1434 <td>2014 6 26</td> 1435 </tr> 1436 </table> 1437 <h3> ASN.1 </h3> 1438 <p> 1439 ASN.1 1440 1441 . 1442 . 1443 </p> 1444 1445 <table> 1446 <col width="19%"> 1447 <col width="20%"> 1448 <col width="10%"> 1449 <col width="23%"> 1450 <col width="17%"> 1451 <tr> 1452 <th>CVE</th> 1453 <th></th> 1454 <th></th> 1455 <th> Nexus </th> 1456 <th> </th> 1457 </tr> 1458 <tr> 1459 <td>CVE-2016-2053</td> 1460 <td>A-28751627 1461 <p> 1462 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=0d62e9dd6da45bbf0f33a8617afc5fe774c8f45f"> 1463 </a></p></td> 1464 <td></td> 1465 <td>Nexus 5X, Nexus 6P</td> 1466 <td>2016 1 25</td> 1467 </tr> 1468 </table> 1469 <h3>Qualcomm </h3> 1470 <p> 1471 Qualcomm 1472 1473 . 1474 . 1475 </p> 1476 1477 <table> 1478 <col width="19%"> 1479 <col width="18%"> 1480 <col width="10%"> 1481 <col width="25%"> 1482 <col width="17%"> 1483 <tr> 1484 <th>CVE</th> 1485 <th></th> 1486 <th></th> 1487 <th> Nexus </th> 1488 <th> </th> 1489 </tr> 1490 <tr> 1491 <td>CVE-2016-3864</td> 1492 <td>A-28823714*<br> 1493 QC-CR#913117</td> 1494 <td></td> 1495 <td>Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, Android One</td> 1496 <td>2016 4 29</td> 1497 </tr> 1498 </table> 1499 <p> 1500 * . 1501 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1502 . 1503 </p> 1504 1505 <h3>Qualcomm </h3> 1506 <p> 1507 Qualcomm 1508 1509 . 1510 . 1511 </p> 1512 1513 <table> 1514 <col width="19%"> 1515 <col width="20%"> 1516 <col width="10%"> 1517 <col width="23%"> 1518 <col width="17%"> 1519 <tr> 1520 <th>CVE</th> 1521 <th></th> 1522 <th></th> 1523 <th> Nexus </th> 1524 <th> </th> 1525 </tr> 1526 <tr> 1527 <td>CVE-2016-3858</td> 1528 <td>A-28675151<br> 1529 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=0c148b9a9028c566eac680f19e5d664b483cdee3">QC-CR#1022641</a></td> 1530 <td></td> 1531 <td>Nexus 5X, Nexus 6P</td> 1532 <td>2016 5 9</td> 1533 </tr> 1534 </table> 1535 <h3> </h3> 1536 <p> 1537 1538 1539 . 1540 . 1541 </p> 1542 1543 <table> 1544 <col width="19%"> 1545 <col width="20%"> 1546 <col width="10%"> 1547 <col width="23%"> 1548 <col width="17%"> 1549 <tr> 1550 <th>CVE</th> 1551 <th></th> 1552 <th></th> 1553 <th> Nexus </th> 1554 <th> </th> 1555 </tr> 1556 <tr> 1557 <td>CVE-2016-4805</td> 1558 <td>A-28979703 1559 <p> 1560 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=1f461dcdd296eecedaffffc6bae2bfa90bd7eb89"> 1561 </a></p></td> 1562 <td></td> 1563 <td>Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, Nexus 9</td> 1564 <td>2016 5 15</td> 1565 </tr> 1566 </table> 1567 <h3>Synaptics </h3> 1568 <p> 1569 Synaptics 1570 1571 . 1572 . 1573 </p> 1574 1575 <table> 1576 <col width="19%"> 1577 <col width="20%"> 1578 <col width="10%"> 1579 <col width="23%"> 1580 <col width="17%"> 1581 <tr> 1582 <th>CVE</th> 1583 <th></th> 1584 <th></th> 1585 <th> Nexus </th> 1586 <th> </th> 1587 </tr> 1588 <tr> 1589 <td>CVE-2016-3865</td> 1590 <td>A-28799389*</td> 1591 <td></td> 1592 <td>Nexus 5X, Nexus 9</td> 1593 <td>2016 5 16</td> 1594 </tr> 1595 </table> 1596 <p> 1597 * . 1598 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1599 . 1600 </p> 1601 1602 <h3>Qualcomm </h3> 1603 <p> 1604 Qualcomm 1605 1606 . 1607 . 1608 </p> 1609 1610 <table> 1611 <col width="19%"> 1612 <col width="20%"> 1613 <col width="10%"> 1614 <col width="23%"> 1615 <col width="17%"> 1616 <tr> 1617 <th>CVE</th> 1618 <th></th> 1619 <th></th> 1620 <th> Nexus </th> 1621 <th> </th> 1622 </tr> 1623 <tr> 1624 <td>CVE-2016-3859</td> 1625 <td>A-28815326*<br> 1626 QC-CR#1034641</td> 1627 <td></td> 1628 <td>Nexus 5, Nexus 5X, Nexus 6, Nexus 6P</td> 1629 <td>2016 5 17</td> 1630 </tr> 1631 </table> 1632 <p> 1633 * . 1634 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1635 . 1636 </p> 1637 1638 <h3>Qualcomm </h3> 1639 <p> 1640 Qualcomm 1641 1642 . 1643 . 1644 </p> 1645 1646 <table> 1647 <col width="19%"> 1648 <col width="20%"> 1649 <col width="10%"> 1650 <col width="23%"> 1651 <col width="17%"> 1652 <tr> 1653 <th>CVE</th> 1654 <th></th> 1655 <th></th> 1656 <th> Nexus </th> 1657 <th> </th> 1658 </tr> 1659 <tr> 1660 <td>CVE-2016-3866</td> 1661 <td>A-28868303*<br> 1662 QC-CR#1032820</td> 1663 <td></td> 1664 <td>Nexus 5X, Nexus 6, Nexus 6P</td> 1665 <td>2016 5 18</td> 1666 </tr> 1667 </table> 1668 <p> 1669 * . 1670 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1671 . 1672 </p> 1673 1674 <h3>Qualcomm IPA </h3> 1675 <p> 1676 Qualcomm IPA 1677 1678 . 1679 . 1680 </p> 1681 1682 <table> 1683 <col width="19%"> 1684 <col width="20%"> 1685 <col width="10%"> 1686 <col width="23%"> 1687 <col width="17%"> 1688 <tr> 1689 <th>CVE</th> 1690 <th></th> 1691 <th></th> 1692 <th> Nexus </th> 1693 <th> </th> 1694 </tr> 1695 <tr> 1696 <td>CVE-2016-3867</td> 1697 <td>A-28919863*<br> 1698 QC-CR#1037897</td> 1699 <td></td> 1700 <td>Nexus 5X, Nexus 6P</td> 1701 <td>2016 5 21</td> 1702 </tr> 1703 </table> 1704 <p> 1705 * . 1706 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1707 . 1708 </p> 1709 1710 <h3>Qualcomm </h3> 1711 <p> 1712 Qualcomm 1713 1714 . 1715 . 1716 </p> 1717 1718 <table> 1719 <col width="19%"> 1720 <col width="20%"> 1721 <col width="10%"> 1722 <col width="23%"> 1723 <col width="17%"> 1724 <tr> 1725 <th>CVE</th> 1726 <th></th> 1727 <th></th> 1728 <th> Nexus </th> 1729 <th> </th> 1730 </tr> 1731 <tr> 1732 <td>CVE-2016-3868</td> 1733 <td>A-28967028*<br> 1734 QC-CR#1032875</td> 1735 <td></td> 1736 <td>Nexus 5X, Nexus 6P</td> 1737 <td>2016 5 25</td> 1738 </tr> 1739 </table> 1740 <p> 1741 * . 1742 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1743 . 1744 </p> 1745 1746 <h3>Broadcom Wi-Fi </h3> 1747 <p> 1748 Broadcom Wi-Fi 1749 1750 . 1751 . 1752 </p> 1753 1754 <table> 1755 <col width="19%"> 1756 <col width="20%"> 1757 <col width="10%"> 1758 <col width="23%"> 1759 <col width="17%"> 1760 <tr> 1761 <th>CVE</th> 1762 <th></th> 1763 <th></th> 1764 <th> Nexus </th> 1765 <th> </th> 1766 </tr> 1767 <tr> 1768 <td>CVE-2016-3869</td> 1769 <td>A-29009982*<br> 1770 B-RB#96070</td> 1771 <td></td> 1772 <td>Nexus 5, Nexus 6, Nexus 6P, Nexus 9, Nexus Player, Pixel C</td> 1773 <td>2016 5 27</td> 1774 </tr> 1775 </table> 1776 <p> 1777 * . 1778 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1779 . 1780 </p> 1781 1782 <h3> eCryptfs </h3> 1783 <p> 1784 eCryptfs 1785 1786 . 1787 . 1788 </p> 1789 1790 <table> 1791 <col width="17%"> 1792 <col width="22%"> 1793 <col width="10%"> 1794 <col width="23%"> 1795 <col width="17%"> 1796 <tr> 1797 <th>CVE</th> 1798 <th></th> 1799 <th></th> 1800 <th> Nexus </th> 1801 <th> </th> 1802 </tr> 1803 <tr> 1804 <td>CVE-2016-1583</td> 1805 <td>A-29444228<br> 1806 <a href="https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e54ad7f1ee263ffa5a2de9c609d58dfa27b21cd9"> </a> 1807 [<a href="https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=2f36db71009304b3f0b95afacd8eba1f9f046b87">2</a>] 1808 [<a href="https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=29d6455178a09e1dc340380c582b13356227e8df">3</a>]</td> 1809 <td></td> 1810 <td>Pixel C</td> 1811 <td>2016 6 1</td> 1812 </tr> 1813 </table> 1814 <h3>NVIDIA </h3> 1815 <p> 1816 NVIDIA 1817 1818 . 1819 . 1820 </p> 1821 1822 <table> 1823 <col width="19%"> 1824 <col width="20%"> 1825 <col width="10%"> 1826 <col width="23%"> 1827 <col width="17%"> 1828 <tr> 1829 <th>CVE</th> 1830 <th></th> 1831 <th></th> 1832 <th> Nexus </th> 1833 <th> </th> 1834 </tr> 1835 <tr> 1836 <td>CVE-2016-3873</td> 1837 <td>A-29518457*<br> 1838 N-CVE-2016-3873</td> 1839 <td></td> 1840 <td>Nexus 9</td> 1841 <td>2016 6 20</td> 1842 </tr> 1843 </table> 1844 <p> 1845 * . 1846 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1847 . 1848 </p> 1849 1850 <h3>Qualcomm Wi-Fi </h3> 1851 <p> 1852 Qualcomm Wi-Fi 1853 1854 . 1855 . 1856 </p> 1857 1858 <table> 1859 <col width="19%"> 1860 <col width="20%"> 1861 <col width="10%"> 1862 <col width="23%"> 1863 <col width="17%"> 1864 <tr> 1865 <th>CVE</th> 1866 <th></th> 1867 <th></th> 1868 <th> Nexus </th> 1869 <th> </th> 1870 </tr> 1871 <tr> 1872 <td>CVE-2016-3874</td> 1873 <td>A-29944562<br> 1874 <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=50e8f265b3f7926aeb4e49c33f7301ace89faa77">QC-CR#997797</a> 1875 [<a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=a3974e61c960aadcc147c3c5704a67309171642d">2</a>]</td> 1876 <td></td> 1877 <td>Nexus 5X</td> 1878 <td>2016 7 1</td> 1879 </tr> 1880 </table> 1881 <h3> (DoS) </h3> 1882 <p> 1883 1884 . 1885 . 1886 </p> 1887 1888 <table> 1889 <col width="19%"> 1890 <col width="18%"> 1891 <col width="10%"> 1892 <col width="25%"> 1893 <col width="17%"> 1894 <tr> 1895 <th>CVE</th> 1896 <th></th> 1897 <th></th> 1898 <th> Nexus </th> 1899 <th> </th> 1900 </tr> 1901 <tr> 1902 <td>CVE-2015-1465</td> 1903 <td>A-29506807 1904 <p> 1905 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=df4d92549f23e1c037e83323aff58a21b3de7fe0"> 1906 </a></p></td> 1907 <td></td> 1908 <td>Nexus 5, Nexus 6, Nexus 9, Nexus Player, Pixel C, Android One</td> 1909 <td>2015 2 3</td> 1910 </tr> 1911 <tr> 1912 <td>CVE-2015-5364</td> 1913 <td>A-29507402 1914 <p> 1915 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=beb39db59d14990e401e235faf66a6b9b31240b0"> 1916 </a></p></td> 1917 <td></td> 1918 <td>Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, Nexus 9, Nexus Player, Pixel C, 1919 Android One</td> 1920 <td>2015 6 30</td> 1921 </tr> 1922 </table> 1923 <h3> ext4 (DoS) </h3> 1924 <p> 1925 ext4 , . 1926 . 1927 </p> 1928 1929 <table> 1930 <col width="19%"> 1931 <col width="16%"> 1932 <col width="10%"> 1933 <col width="27%"> 1934 <col width="17%"> 1935 <tr> 1936 <th>CVE</th> 1937 <th></th> 1938 <th></th> 1939 <th> Nexus </th> 1940 <th> </th> 1941 </tr> 1942 <tr> 1943 <td>CVE-2015-8839</td> 1944 <td>A-28760453*</td> 1945 <td></td> 1946 <td>Nexus 5X, Nexus 6, Nexus 6P, Nexus 9, Nexus Player, Pixel C, Android One</td> 1947 <td>2016 4 4</td> 1948 </tr> 1949 </table> 1950 <p> 1951 * . 1952 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1953 . 1954 </p> 1955 1956 <h3>Qualcomm SPMI </h3> 1957 <p> 1958 Qualcomm SPMI 1959 . 1960 . 1961 </p> 1962 1963 <table> 1964 <col width="19%"> 1965 <col width="20%"> 1966 <col width="10%"> 1967 <col width="23%"> 1968 <col width="17%"> 1969 <tr> 1970 <th>CVE</th> 1971 <th></th> 1972 <th></th> 1973 <th> Nexus </th> 1974 <th> </th> 1975 </tr> 1976 <tr> 1977 <td>CVE-2016-3892</td> 1978 <td>A-28760543*<br> 1979 QC-CR#1024197</td> 1980 <td></td> 1981 <td>Nexus 5, Nexus 5X, Nexus 6, Nexus 6P</td> 1982 <td>2016 5 13</td> 1983 </tr> 1984 </table> 1985 <p> 1986 * . 1987 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1988 . 1989 </p> 1990 1991 <h3>Qualcomm </h3> 1992 <p> 1993 Qualcomm 1994 . 1995 . 1996 </p> 1997 1998 <table> 1999 <col width="19%"> 2000 <col width="20%"> 2001 <col width="10%"> 2002 <col width="23%"> 2003 <col width="17%"> 2004 <tr> 2005 <th>CVE</th> 2006 <th></th> 2007 <th></th> 2008 <th> Nexus </th> 2009 <th> </th> 2010 </tr> 2011 <tr> 2012 <td>CVE-2016-3893</td> 2013 <td>A-29512527<br> 2014 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=a7a6ddc91cce7ad5ad55c9709b24bfc80f5ac873">QC-CR#856400</a></td> 2015 <td></td> 2016 <td>Nexus 6P</td> 2017 <td>2016 6 20</td> 2018 </tr> 2019 </table> 2020 <h3>Qualcomm DMA </h3> 2021 <p> 2022 Qualcomm DMA 2023 . . 2024 </p> 2025 2026 <table> 2027 <col width="19%"> 2028 <col width="20%"> 2029 <col width="10%"> 2030 <col width="23%"> 2031 <col width="17%"> 2032 <tr> 2033 <th>CVE</th> 2034 <th></th> 2035 <th></th> 2036 <th> Nexus </th> 2037 <th> </th> 2038 </tr> 2039 <tr> 2040 <td>CVE-2016-3894</td> 2041 <td>A-29618014*<br> 2042 QC-CR#1042033</td> 2043 <td></td> 2044 <td>Nexus 6</td> 2045 <td>2016 6 23</td> 2046 </tr> 2047 </table> 2048 <p> 2049 * . 2050 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 2051 . 2052 </p> 2053 2054 <h3> </h3> 2055 <p> 2056 2057 . . 2058 </p> 2059 2060 <table> 2061 <col width="19%"> 2062 <col width="20%"> 2063 <col width="10%"> 2064 <col width="23%"> 2065 <col width="17%"> 2066 <tr> 2067 <th>CVE</th> 2068 <th></th> 2069 <th></th> 2070 <th> Nexus </th> 2071 <th> </th> 2072 </tr> 2073 <tr> 2074 <td>CVE-2016-4998</td> 2075 <td>A-29637687<br> 2076 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=bdf533de6968e9686df777dc178486f600c6e617"> </a> 2077 [<a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6e94e0cfb0887e4013b3b930fa6ab1fe6bb6ba91">2</a>]</td> 2078 <td></td> 2079 <td>Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, Nexus 9, Nexus Player, Pixel C, 2080 Android One</td> 2081 <td>2016 6 24</td> 2082 </tr> 2083 </table> 2084 <h3> (DoS) </h3> 2085 <p> 2086 2087 Wi-Fi . Wi-Fi 2088 . 2089 </p> 2090 2091 <table> 2092 <col width="19%"> 2093 <col width="20%"> 2094 <col width="10%"> 2095 <col width="23%"> 2096 <col width="17%"> 2097 <tr> 2098 <th>CVE</th> 2099 <th></th> 2100 <th></th> 2101 <th> Nexus </th> 2102 <th> </th> 2103 </tr> 2104 <tr> 2105 <td>CVE-2015-2922</td> 2106 <td>A-29409847 2107 <p> 2108 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6fd99094de2b83d1d4c8457f2c83483b2828e75a"> 2109 </a></p></td> 2110 <td></td> 2111 <td>Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, Nexus 9, Nexus Player, Pixel C, 2112 Android One</td> 2113 <td>2015 4 4</td> 2114 </tr> 2115 </table> 2116 <h3>Qualcomm </h3> 2117 <p> 2118 , , , , 2119 Qualcomm 2120 . 2121 </p> 2122 2123 <table> 2124 <col width="19%"> 2125 <col width="20%"> 2126 <col width="10%"> 2127 <col width="23%"> 2128 <col width="17%"> 2129 <tr> 2130 <th>CVE</th> 2131 <th></th> 2132 <th></th> 2133 <th> Nexus </th> 2134 <th> </th> 2135 </tr> 2136 <tr> 2137 <td>CVE-2016-2469</td> 2138 <td><a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=7eb824e8e1ebbdbfad896b090a9f048ca6e63c9e">QC-CR#997025</a></td> 2139 <td></td> 2140 <td></td> 2141 <td>2016 6</td> 2142 </tr> 2143 <tr> 2144 <td>CVE-2016-2469</td> 2145 <td><a href="https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=e7369163162e7773bc887f7a264d6aa46cfcc665">QC-CR#997015</a></td> 2146 <td></td> 2147 <td></td> 2148 <td>2016 6</td> 2149 </tr> 2150 </table> 2151 <h2 id="2016-09-06-details">2016-09-06 </h2> 2152 <p> 2153 <a href="#2016-09-06-summary">2016-09-06 2154 </a> 2155 . , 2156 CVE, , , Nexus , 2157 AOSP ( ), . 2158 AOSP ID 2159 . 2160 ID . 2161 </p> 2162 2163 <h3> </h3> 2164 <p> 2165 2166 2167 . 2168 , 2169 . 2170 </p> 2171 2172 <table> 2173 <col width="19%"> 2174 <col width="20%"> 2175 <col width="10%"> 2176 <col width="23%"> 2177 <col width="17%"> 2178 <tr> 2179 <th>CVE</th> 2180 <th></th> 2181 <th></th> 2182 <th> Nexus </th> 2183 <th> </th> 2184 </tr> 2185 <tr> 2186 <td>CVE-2016-5340</td> 2187 <td>A-30652312<br> 2188 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=06e51489061e5473b4e2035c79dcf7c27a6f75a6">QC-CR#1008948</a></td> 2189 <td></td> 2190 <td>Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, Android One</td> 2191 <td>2016 7 26</td> 2192 </tr> 2193 </table> 2194 <h3>Qualcomm </h3> 2195 <p> 2196 Qualcomm 2197 2198 . 2199 . 2200 </p> 2201 2202 <table> 2203 <col width="19%"> 2204 <col width="20%"> 2205 <col width="10%"> 2206 <col width="23%"> 2207 <col width="17%"> 2208 <tr> 2209 <th>CVE</th> 2210 <th></th> 2211 <th></th> 2212 <th> Nexus </th> 2213 <th> </th> 2214 </tr> 2215 <tr> 2216 <td>CVE-2016-2059</td> 2217 <td>A-27045580<br> 2218 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=9e8bdd63f7011dff5523ea435433834b3702398d">QC-CR#974577</a></td> 2219 <td></td> 2220 <td>Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, Android One</td> 2221 <td>2016 2 4</td> 2222 </tr> 2223 </table> 2224 <h2 id="common-questions-and-answers"> </h2> 2225 <p> 2226 . 2227 </p> 2228 2229 <p> 2230 <strong>1. ? 2231 </strong> 2232 </p> 2233 2234 <p> 2235 2016-09-01 2016-09-01 2236 . 2016-09-05 2237 2016-09-05 . 2238 2016-09-06 2016-09-06 2239 . 2240 <a href="https://support.google.com/nexus/answer/4457705"></a> . 2241 . 2242 [ro.build.version.security_patch]:[2016-09-01], 2243 [ro.build.version.security_patch]:[2016-09-05] 2244 [ro.build.version.security_patch]:[2016-09-06] 2245 </p> 2246 2247 <p> 2248 <strong>2. ?</strong> 2249 </p> 2250 2251 <p> 2252 Android Android 2253 2254 . Android 2255 . 2256 </p> 2257 2258 <p> 2259 2016 9 6 2260 . 2261 2262 . 2263 </p> 2264 2265 <p> 2266 2016 9 5 2267 2016 9 1 2268 . 2016 9 5 2269 2016 9 5 2270 . 2271 </p> 2272 2273 <p> 2274 2016 9 1 2275 2276 . 2016 9 1 2277 2016 9 5 2016 9 6 2278 . 2279 </p> 2280 2281 <p> 2282 3<strong>. Nexus ?</strong> 2283 </p> 2284 2285 <p> 2286 <a href="#2016-09-01-details">2016-09-01</a>, 2287 <a href="#2016-09-05-details">2016-09-05</a>, 2288 <a href="#2016-09-06-details">2016-09-06</a> 2289 Nexus <em> Nexus </em> . . 2290 </p> 2291 2292 <ul> 2293 <li><strong> Nexus </strong>: Nexus 2294 <em> Nexus </em> ' Nexus' . 2295 ' Nexus' 2296 <a href="https://support.google.com/nexus/answer/4457705#nexus_devices"> </a> 2297 . Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, Nexus 7(2013), Nexus 9, 2298 Android One, Nexus Player, Pixel C.</li> 2299 <li><strong> Nexus </strong>: Nexus 2300 , Nexus 2301 <em> Nexus .</em></li> 2302 <li><strong>Nexus </strong>: Nexus 2303 <em> Nexus </em> '' .</li> 2304 </ul> 2305 <p> 2306 <strong>4. ?</strong> 2307 </p> 2308 2309 <p> 2310 <em></em> 2311 . 2312 . 2313 </p> 2314 2315 <table> 2316 <tr> 2317 <th></th> 2318 <th> </th> 2319 </tr> 2320 <tr> 2321 <td>A-</td> 2322 <td>Android ID</td> 2323 </tr> 2324 <tr> 2325 <td>QC-</td> 2326 <td>Qualcomm </td> 2327 </tr> 2328 <tr> 2329 <td>M-</td> 2330 <td>MediaTek </td> 2331 </tr> 2332 <tr> 2333 <td>N-</td> 2334 <td>NVIDIA </td> 2335 </tr> 2336 <tr> 2337 <td>B-</td> 2338 <td>Broadcom </td> 2339 </tr> 2340 </table> 2341 2342 <h2 id="revisions"> </h2> 2343 <ul> 2344 <li>2016 9 6: </li> 2345 <li>2016 9 7: AOSP </li> 2346 <li>2016 9 12: CVE-2016-3861 2347 CVE-2016-3877 </li> 2348 </ul> 2349
