1 page.title=Android 2016 10 2 @jd:body 3 <!-- 4 Copyright 2016 The Android Open Source Project 5 Licensed under the Apache License, Version 2.0 (the "License"); 6 you may not use this file except in compliance with the License. 7 You may obtain a copy of the License at 8 http://www.apache.org/licenses/LICENSE-2.0 9 Unless required by applicable law or agreed to in writing, software 10 distributed under the License is distributed on an "AS IS" BASIS, 11 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 See the License for the specific language governing permissions and 13 limitations under the License. 14 --> 15 <p><em>2016 10 3 | 2016 10 4 </em> 16 </p> 17 <p>Android Android Google OTA Nexus Nexus <a href="https://developers.google.com/android/nexus/images">Google Developers </a>2016 10 5 <a href="https://support.google.com/nexus/answer/4457705#nexus_devices"></a> Nexus 2016 10 5 OTA 18 </p> 19 <p> 20 2016 9 6 () Android (AOSP) AOSP 21 </p> 22 <p> 23 (Re-flash) 24 </p> 25 <p> <a href="{@docRoot}security/enhancements/index.html">Android </a> ( <a href="https://developer.android.com/training/safetynet/index.html">SafetyNet</a>) Android <a href="#mitigations">Android Google </a> 26 </p> 27 <p> 28 </p> 29 <h2 id="announcements"></h2> 30 <ul> 31 <li> Android Android <a href="#common-questions-and-answers"></a> 32 <ul> 33 <li><strong>2016-10-01</strong> 2016-10-01 () </li> 34 <li><strong>2016-10-05</strong> 2016-10-01 2016-10-05 () </li> 35 </ul> 36 </li> 37 <li> Nexus 2016 10 5 OTA </li> 38 </ul> 39 <h2 id="security-vulnerability-summary"></h2> 40 <p> 41 ID (CVE) Nexus <a href="{@docRoot}security/overview/updates-resources.html#severity"></a> 42 </p> 43 <h3 id="2016-10-01-security-patch-level-vulnerability-summary">2016-10-01 44 </h3> 45 <p> 46 2016-10-01 47 </p> 48 <table> 49 <col width="55%"> 50 <col width="20%"> 51 <col width="13%"> 52 <col width="12%"> 53 <tr> 54 <th></th> 55 <th>CVE</th> 56 <th></th> 57 <th> Nexus </th> 58 </tr> 59 <tr> 60 <td>ServiceManager </td> 61 <td>CVE-2016-3900</td> 62 <td></td> 63 <td></td> 64 </tr> 65 <tr> 66 <td></td> 67 <td>CVE-2016-3908</td> 68 <td></td> 69 <td></td> 70 </tr> 71 <tr> 72 <td></td> 73 <td>CVE-2016-3909CVE-2016-3910CVE-2016-3913</td> 74 <td></td> 75 <td></td> 76 </tr> 77 <tr> 78 <td>Zygote </td> 79 <td>CVE-2016-3911</td> 80 <td></td> 81 <td></td> 82 </tr> 83 <tr> 84 <td>Framework API </td> 85 <td>CVE-2016-3912</td> 86 <td></td> 87 <td></td> 88 </tr> 89 <tr> 90 <td></td> 91 <td>CVE-2016-3914</td> 92 <td></td> 93 <td></td> 94 </tr> 95 <tr> 96 <td></td> 97 <td>CVE-2016-3915CVE-2016-3916</td> 98 <td></td> 99 <td></td> 100 </tr> 101 <tr> 102 <td></td> 103 <td>CVE-2016-3917</td> 104 <td></td> 105 <td></td> 106 </tr> 107 <tr> 108 <td>AOSP Mail </td> 109 <td>CVE-2016-3918</td> 110 <td></td> 111 <td></td> 112 </tr> 113 <tr> 114 <td>Wi-Fi </td> 115 <td>CVE-2016-3882</td> 116 <td></td> 117 <td></td> 118 </tr> 119 <tr> 120 <td>GPS </td> 121 <td>CVE-2016-5348</td> 122 <td></td> 123 <td></td> 124 </tr> 125 <tr> 126 <td></td> 127 <td>CVE-2016-3920</td> 128 <td></td> 129 <td></td> 130 </tr> 131 <tr> 132 <td>Framework </td> 133 <td>CVE-2016-3921</td> 134 <td></td> 135 <td></td> 136 </tr> 137 <tr> 138 <td></td> 139 <td>CVE-2016-3922</td> 140 <td></td> 141 <td></td> 142 </tr> 143 <tr> 144 <td></td> 145 <td>CVE-2016-3923</td> 146 <td></td> 147 <td></td> 148 </tr> 149 <tr> 150 <td></td> 151 <td>CVE-2016-3924</td> 152 <td></td> 153 <td></td> 154 </tr> 155 <tr> 156 <td>Wi-Fi </td> 157 <td>CVE-2016-3925</td> 158 <td></td> 159 <td></td> 160 </tr> 161 </table> 162 <h3 id="2016-10-05-security-patch-level-vulnerability-summary">2016-10-05 163 </h3> 164 <p> 165 2016-10-05 2016-10-01 166 </p> 167 <table> 168 <col width="55%"> 169 <col width="20%"> 170 <col width="13%"> 171 <col width="12%"> 172 <tr> 173 <th></th> 174 <th>CVE</th> 175 <th></th> 176 <th> Nexus </th> 177 </tr> 178 <tr> 179 <td> ASN.1 </td> 180 <td>CVE-2016-0758</td> 181 <td></td> 182 <td></td> 183 </tr> 184 <tr> 185 <td></td> 186 <td>CVE-2016-7117</td> 187 <td></td> 188 <td></td> 189 </tr> 190 <tr> 191 <td>MediaTek </td> 192 <td>CVE-2016-3928</td> 193 <td></td> 194 <td></td> 195 </tr> 196 <tr> 197 <td></td> 198 <td>CVE-2016-5340</td> 199 <td></td> 200 <td></td> 201 </tr> 202 <tr> 203 <td>Qualcomm </td> 204 <td>CVE-2016-3926CVE-2016-3927CVE-2016-3929</td> 205 <td></td> 206 <td></td> 207 </tr> 208 209 <tr> 210 <td>Qualcomm </td> 211 <td>CVE-2016-2059</td> 212 <td></td> 213 <td></td> 214 </tr> 215 <tr> 216 <td>NVIDIA MMC </td> 217 <td>CVE-2016-3930</td> 218 <td></td> 219 <td></td> 220 </tr> 221 <tr> 222 <td>Qualcomm </td> 223 <td>CVE-2016-3931</td> 224 <td></td> 225 <td></td> 226 </tr> 227 <tr> 228 <td></td> 229 <td>CVE-2016-3932CVE-2016-3933</td> 230 <td></td> 231 <td></td> 232 </tr> 233 <tr> 234 <td>Qualcomm </td> 235 <td>CVE-2016-3903CVE-2016-3934</td> 236 <td></td> 237 <td></td> 238 </tr> 239 <tr> 240 <td>Qualcomm </td> 241 <td>CVE-2015-8951</td> 242 <td></td> 243 <td></td> 244 </tr> 245 <tr> 246 <td>Qualcomm </td> 247 <td>CVE-2016-3901CVE-2016-3935</td> 248 <td></td> 249 <td></td> 250 </tr> 251 <tr> 252 <td>MediaTek </td> 253 <td>CVE-2016-3936CVE-2016-3937</td> 254 <td></td> 255 <td></td> 256 </tr> 257 <tr> 258 <td>Qualcomm </td> 259 <td>CVE-2016-3938CVE-2016-3939</td> 260 <td></td> 261 <td></td> 262 </tr> 263 <tr> 264 <td>Synaptics </td> 265 <td>CVE-2016-3940CVE-2016-6672</td> 266 <td></td> 267 <td></td> 268 </tr> 269 <tr> 270 <td>NVIDIA </td> 271 <td>CVE-2016-6673</td> 272 <td></td> 273 <td></td> 274 </tr> 275 <tr> 276 <td>System_server </td> 277 <td>CVE-2016-6674</td> 278 <td></td> 279 <td></td> 280 </tr> 281 <tr> 282 <td>Qualcomm Wi-Fi </td> 283 <td>CVE-2016-3905CVE-2016-6675CVE-2016-6676CVE-2016-5342</td> 284 <td></td> 285 <td></td> 286 </tr> 287 <tr> 288 <td></td> 289 <td>CVE-2015-8955</td> 290 <td></td> 291 <td></td> 292 </tr> 293 <tr> 294 <td> ION </td> 295 <td>CVE-2015-8950</td> 296 <td></td> 297 <td></td> 298 </tr> 299 <tr> 300 <td>NVIDIA GPU </td> 301 <td>CVE-2016-6677</td> 302 <td></td> 303 <td></td> 304 </tr> 305 <tr> 306 <td>Qualcomm </td> 307 <td>CVE-2015-0572</td> 308 <td></td> 309 <td></td> 310 </tr> 311 <tr> 312 <td>Qualcomm </td> 313 <td>CVE-2016-3860</td> 314 <td></td> 315 <td></td> 316 </tr> 317 <tr> 318 <td>Motorola USBNet </td> 319 <td>CVE-2016-6678</td> 320 <td></td> 321 <td></td> 322 </tr> 323 <tr> 324 <td>Qualcomm </td> 325 <td>CVE-2016-6679CVE-2016-3902CVE-2016-6680CVE-2016-6681CVE-2016-6682</td> 326 <td></td> 327 <td></td> 328 </tr> 329 <tr> 330 <td></td> 331 <td>CVE-2016-6683CVE-2016-6684CVE-2015-8956CVE-2016-6685</td> 332 <td></td> 333 <td></td> 334 </tr> 335 <tr> 336 <td>NVIDIA </td> 337 <td>CVE-2016-6686CVE-2016-6687CVE-2016-6688</td> 338 <td></td> 339 <td></td> 340 </tr> 341 <tr> 342 <td></td> 343 <td>CVE-2016-6689</td> 344 <td></td> 345 <td></td> 346 </tr> 347 <tr> 348 <td></td> 349 <td>CVE-2016-5696</td> 350 <td></td> 351 <td></td> 352 </tr> 353 <tr> 354 <td></td> 355 <td>CVE-2016-6690</td> 356 <td></td> 357 <td></td> 358 </tr> 359 <tr> 360 <td>Qualcomm </td> 361 <td>CVE-2016-6691CVE-2016-6692CVE-2016-6693CVE-2016-6694CVE-2016-6695CVE-2016-6696CVE-2016-5344CVE-2016-5343</td> 362 <td></td> 363 <td></td> 364 </tr> 365 </table> 366 367 <h2 id="mitigations">Android Google </h2> 368 <p> 369 <a href="{@docRoot}security/enhancements/index.html">Android </a> SafetyNet Android 370 </p> 371 <ul> 372 <li>Android Android Android</li> 373 <li>Android <a href="http://static.googleusercontent.com/media/source.android.com/en//security/reports/Google_Android_Security_2015_Report_Final.pdf"> SafetyNet</a> <a href="http://static.googleusercontent.com/media/source.android.com/en//security/reports/Google_Android_Security_PHA_classifications.pdf"></a> <a href="http://www.android.com/gms">Google </a> Google Play Google Play Root Root () </li> 374 <li>Google Hangouts Messenger </li> 375 </ul> 376 <h2 id="acknowledgements"></h2> 377 <p> 378 </p> 379 <ul> 380 <li>Andre Teixeira RizzoCVE-2016-3882</li> 381 <li>Andrea BiondoCVE-2016-3921</li> 382 <li>Copperhead Security Daniel MicayCVE-2016-3922</li> 383 <li>Google <a href="https://github.com/google/syzkaller">Dmitry Vyukov</a>CVE-2016-7117</li> 384 <li>dosomderCVE-2016-3931</li> 385 <li> Ecular Xu ()CVE-2016-3920</li> 386 <li> 360 IceSword Gengjia Chen (<a href="https://twitter.com/chengjia4574">@chengjia4574</a>) <a href="http://weibo.com/jfpan ">pjf</a>CVE-2016-6690CVE-2016-3901CVE-2016-6672CVE-2016-3940CVE-2016-3935</li> 387 <li> <a href="mailto:hzhan033 (a] ucr.edu">Hang Zhang</a><a href="mailto:dshe002 (a] ucr.edu">Dongdong She</a> <a href="mailto:zhiyunq (a] cs.ucr.edu">Zhiyun Qian</a>CVE-2015-8950</li> 388 <li> 360 Alpha Hao ChenCVE-2016-3860</li> 389 <li>Google Project Zero Jann HornCVE-2016-3900CVE-2016-3885</li> 390 <li><a href="http://keybase.io/jasonrogena">Jason Rogena</a>CVE-2016-3917</li> 391 <li> 360 IceSword Jianqiang Zhao (<a href="https://twitter.com/jianqiangzhao ">@jianqiangzhao</a>) <a href="http://weibo.com/jfpan ">pjf</a>CVE-2016-6688CVE-2016-6677CVE-2016-6673CVE-2016-6687CVE-2016-6686CVE-2016-6681CVE-2016-6682CVE-2016-3930</li> 392 <li>Joshua Drake (<a href="https://twitter.com/jduck">@jduck</a>)CVE-2016-3920</li> 393 <li>Google Maciej SzawowskiCVE-2016-3905</li> 394 <li>Google Project Zero Mark BrandCVE-2016-6689</li> 395 <li><a href="https://github.com/michalbednarski">Micha Bednarski</a>CVE-2016-3914CVE-2016-6674CVE-2016-3911CVE-2016-3912</li> 396 <li><a href="http://c0reteam.org">C0RE </a> Mingjian Zhou (<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>)Chiachih Wu (<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>) Xuxian JiangCVE-2016-3933CVE-2016-3932</li> 397 <li>Nightwatch Cybersecurity Research (<a href="https://twitter.com/nightwatchcyber">@nightwatchcyber</a>)CVE-2016-5348</li> 398 <li>IBM X-Force Roee HayCVE-2016-6678</li> 399 <li>Google Samuel TanCVE-2016-3925</li> 400 <li><a href="mailto:sbauer (a] plzdonthack.me">Scott Bauer</a> (<a href="https://twitter.com/ScottyBauer1">@ScottyBauer1</a>)CVE-2016-3936CVE-2016-3928CVE-2016-3902CVE-2016-3937CVE-2016-6696</li> 401 <li> Seven Shen (<a href="https://twitter.com/lingtongshen">@lingtongshen</a>)CVE-2016-6685CVE-2016-6683CVE-2016-6680CVE-2016-6679CVE-2016-3903CVE-2016-6693CVE-2016-6694CVE-2016-6695</li> 402 <li><a href="http://c0reteam.org">C0RE </a> <a href="mailto:vancouverdou (a] gmail.com">Wenke Dou</a>Mingjian Zhou (<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>)Chiachih Wu (<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>) Xuxian JiangCVE-2016-3909</li> 403 <li> 360 Alpha Wenlin Yang Guang Gong () (<a href="https://twitter.com/oldfresher">@oldfresher</a>)CVE-2016-3918</li> 404 <li><a href="http://blog.trendmicro.com/trendlabs-security-intelligence/author/wishwu/"></a> Wish Wu (<a href="http://weibo.com/wishlinux"></a>) (<a href="https://twitter.com/wish_wu">@wish_wu)</a>CVE-2016-3924CVE-2016-3915CVE-2016-3916CVE-2016-3910</li> 405 <li> SCC Eagleye Yong ShiCVE-2016-3938</li> 406 <li><a href="http://www.cmcm.com"></a> Zhanpeng Zhao () (<a href="https://twitter.com/0xr0ot">@0xr0ot</a>)CVE-2016-3908</li> 407 </ul> 408 409 <h2 id="2016-10-01-security-patch-level-vulnerability-details">2016-10-01 410 </h2> 411 <p> 412 <a href="#2016-10-01-security-patch-level-vulnerability-summary">2016-10-01 </a> CVE Nexus AOSP () ID ( AOSP ) ID </p> 413 <h3 id="eopv-in-servicemanager">ServiceManager </h3> 414 <p> 415 ServiceManager ( system_server) 416 </p> 417 <table> 418 <col width="18%"> 419 <col width="16%"> 420 <col width="10%"> 421 <col width="19%"> 422 <col width="19%"> 423 <col width="17%"> 424 <tr> 425 <th>CVE</th> 426 <th></th> 427 <th></th> 428 <th> Nexus </th> 429 <th> AOSP </th> 430 <th></th> 431 </tr> 432 <tr> 433 <td>CVE-2016-3900</td> 434 <td><a href="https://android.googlesource.com/platform/frameworks/native/+/d3c6ce463ac91ecbeb2128beb475d31d3ca6ef42">A-29431260</a> 435 [<a href="https://android.googlesource.com/platform/frameworks/native/+/047eec456943dc082e33220d28abb7df4e089f69">2</a>] 436 </td> 437 <td></td> 438 <td> Nexus </td> 439 <td>5.0.25.1.16.06.0.17.0</td> 440 <td>2016 6 15 </td> 441 </tr> 442 </table> 443 <h3 id="eopv-in-lock-settings-service"></h3> 444 <p> 445 PIN 446 </p> 447 <table> 448 <col width="18%"> 449 <col width="16%"> 450 <col width="10%"> 451 <col width="19%"> 452 <col width="19%"> 453 <col width="17%"> 454 <tr> 455 <th>CVE</th> 456 <th></th> 457 <th></th> 458 <th> Nexus </th> 459 <th> AOSP </th> 460 <th></th> 461 </tr> 462 <tr> 463 <td>CVE-2016-3908</td> 464 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/96daf7d4893f614714761af2d53dfb93214a32e4">A-30003944</a> 465 </td> 466 <td></td> 467 <td> Nexus </td> 468 <td>6.06.0.17.0</td> 469 <td>2016 7 6 </td> 470 </tr> 471 </table> 472 <h3 id="eopv-in-mediaserver"></h3> 473 <p> 474 </p> 475 <table> 476 <col width="18%"> 477 <col width="16%"> 478 <col width="10%"> 479 <col width="19%"> 480 <col width="19%"> 481 <col width="17%"> 482 <tr> 483 <th>CVE</th> 484 <th></th> 485 <th></th> 486 <th> Nexus </th> 487 <th> AOSP </th> 488 <th></th> 489 </tr> 490 <tr> 491 <td>CVE-2016-3909</td> 492 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/d4271b792bdad85a80e2b83ab34c4b30b74f53ec">A-30033990</a> 493 [<a href="https://android.googlesource.com/platform/frameworks/av/+/c48ef757cc50906e8726a3bebc3b60716292cdba">2</a>] 494 </td> 495 <td></td> 496 <td> Nexus </td> 497 <td>4.4.45.0.25.1.16.06.0.17.0</td> 498 <td>2016 7 8 </td> 499 </tr> 500 <tr> 501 <td>CVE-2016-3910</td> 502 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/035cb12f392860113dce96116a5150e2fde6f0cc">A-30148546</a> 503 </td> 504 <td></td> 505 <td> Nexus </td> 506 <td>5.0.25.1.16.06.0.17.0</td> 507 <td>2016 7 13 </td> 508 </tr> 509 <tr> 510 <td>CVE-2016-3913</td> 511 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/0c3b93c8c2027e74af642967eee5c142c8fd185d">A-30204103</a> 512 </td> 513 <td></td> 514 <td> Nexus </td> 515 <td>4.4.45.0.25.1.16.06.0.17.0</td> 516 <td>2016 7 18 </td> 517 </tr> 518 </table> 519 <h3 id="eopv-in-zygote-process">Zygote </h3> 520 <p> 521 Zygote 522 </p> 523 <table> 524 <col width="18%"> 525 <col width="16%"> 526 <col width="10%"> 527 <col width="19%"> 528 <col width="19%"> 529 <col width="17%"> 530 <tr> 531 <th>CVE</th> 532 <th></th> 533 <th></th> 534 <th> Nexus </th> 535 <th> AOSP </th> 536 <th></th> 537 </tr> 538 <tr> 539 <td>CVE-2016-3911</td> 540 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/2c7008421cb67f5d89f16911bdbe36f6c35311ad">A-30143607</a> 541 </td> 542 <td></td> 543 <td> Nexus </td> 544 <td>4.4.45.0.25.1.16.06.0.17.0</td> 545 <td>2016 7 16 </td> 546 </tr> 547 </table> 548 <h3 id="eopv-in-framework-apis">Framework API </h3> 549 <p> 550 Framework API 551 </p> 552 <table> 553 <col width="18%"> 554 <col width="16%"> 555 <col width="10%"> 556 <col width="19%"> 557 <col width="19%"> 558 <col width="17%"> 559 <tr> 560 <th>CVE</th> 561 <th></th> 562 <th></th> 563 <th> Nexus </th> 564 <th> AOSP </th> 565 <th></th> 566 </tr> 567 <tr> 568 <td>CVE-2016-3912</td> 569 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/6c049120c2d749f0c0289d822ec7d0aa692f55c5">A-30202481</a> 570 </td> 571 <td></td> 572 <td> Nexus </td> 573 <td>4.4.45.0.25.1.16.06.0.17.0</td> 574 <td>2016 7 17 </td> 575 </tr> 576 </table> 577 <h3 id="eopv-in-telephony"></h3> 578 <p> 579 580 </p> 581 <table> 582 <col width="18%"> 583 <col width="16%"> 584 <col width="10%"> 585 <col width="19%"> 586 <col width="19%"> 587 <col width="17%"> 588 <tr> 589 <th>CVE</th> 590 <th></th> 591 <th></th> 592 <th> Nexus </th> 593 <th> AOSP </th> 594 <th></th> 595 </tr> 596 <tr> 597 <td>CVE-2016-3914</td> 598 <td><a href="https://android.googlesource.com/platform/packages/providers/TelephonyProvider/+/3a3a5d145d380deef2d5b7c3150864cd04be397f">A-30481342</a> 599 </td> 600 <td></td> 601 <td> Nexus </td> 602 <td>4.4.45.0.25.1.16.06.0.17.0</td> 603 <td>2016 7 28 </td> 604 </tr> 605 </table> 606 <h3 id="eopv-in-camera-service"></h3> 607 <p> 608 609 </p> 610 <table> 611 <col width="18%"> 612 <col width="16%"> 613 <col width="10%"> 614 <col width="19%"> 615 <col width="19%"> 616 <col width="17%"> 617 <tr> 618 <th>CVE</th> 619 <th></th> 620 <th></th> 621 <th> Nexus </th> 622 <th> AOSP </th> 623 <th></th> 624 </tr> 625 <tr> 626 <td>CVE-2016-3915</td> 627 <td><a href="https://android.googlesource.com/platform/system/media/+/e9e44f797742f52996ebf307740dad58c28fd9b5">A-30591838</a> 628 </td> 629 <td></td> 630 <td> Nexus </td> 631 <td>4.4.45.0.25.1.16.06.0.17.0</td> 632 <td>2016 8 1 </td> 633 </tr> 634 <tr> 635 <td>CVE-2016-3916</td> 636 <td><a href="https://android.googlesource.com/platform/system/media/+/8e7a2b4d13bff03973dbad2bfb88a04296140433">A-30741779</a> 637 </td> 638 <td></td> 639 <td> Nexus </td> 640 <td>4.4.45.0.25.1.16.06.0.17.0</td> 641 <td>2016 8 2 </td> 642 </tr> 643 </table> 644 <h3 id="eopv-in-fingerprint-login"></h3> 645 <p> 646 647 </p> 648 <table> 649 <col width="18%"> 650 <col width="16%"> 651 <col width="10%"> 652 <col width="19%"> 653 <col width="19%"> 654 <col width="17%"> 655 <tr> 656 <th>CVE</th> 657 <th></th> 658 <th></th> 659 <th> Nexus </th> 660 <th> AOSP </th> 661 <th></th> 662 </tr> 663 <tr> 664 <td>CVE-2016-3917</td> 665 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/f5334952131afa835dd3f08601fb3bced7b781cd">A-30744668</a> 666 </td> 667 <td></td> 668 <td> Nexus </td> 669 <td>6.0.17.0</td> 670 <td>2016 8 5 </td> 671 </tr> 672 </table> 673 <h3 id="information-disclosure-vulnerability-in-aosp-mail">AOSP Mail </h3> 674 <p> 675 AOSP Mail 676 </p> 677 <table> 678 <col width="18%"> 679 <col width="16%"> 680 <col width="10%"> 681 <col width="19%"> 682 <col width="19%"> 683 <col width="17%"> 684 <tr> 685 <th>CVE</th> 686 <th></th> 687 <th></th> 688 <th> Nexus </th> 689 <th> AOSP </th> 690 <th></th> 691 </tr> 692 <tr> 693 <td>CVE-2016-3918</td> 694 <td><a href="https://android.googlesource.com/platform/packages/apps/Email/+/6b2b0bd7c771c698f11d7be89c2c57c8722c7454">A-30745403</a> 695 </td> 696 <td></td> 697 <td> Nexus </td> 698 <td>4.4.45.0.25.1.16.06.0.17.0</td> 699 <td>2016 8 5 </td> 700 </tr> 701 </table> 702 <h3 id="dosv-in-wi-fi">Wi-Fi </h3> 703 <p> 704 Wi-Fi 705 </p> 706 <table> 707 <col width="18%"> 708 <col width="16%"> 709 <col width="10%"> 710 <col width="19%"> 711 <col width="17%"> 712 <col width="19%"> 713 <tr> 714 <th>CVE</th> 715 <th></th> 716 <th></th> 717 <th> Nexus </th> 718 <th> AOSP </th> 719 <th></th> 720 </tr> 721 <tr> 722 <td>CVE-2016-3882</td> 723 <td><a href="https://android.googlesource.com/platform/frameworks/opt/net/wifi/+/35a86eef3c0eef760f7e61c52a343327ba601630">A-29464811</a> 724 </td> 725 <td></td> 726 <td> Nexus </td> 727 <td>6.06.0.17.0</td> 728 <td>2016 6 17 </td> 729 </tr> 730 </table> 731 <h3 id="dosv-in-gps">GPS </h3> 732 <p> 733 GPS 734 </p> 735 <table> 736 <col width="18%"> 737 <col width="16%"> 738 <col width="10%"> 739 <col width="19%"> 740 <col width="19%"> 741 <col width="17%"> 742 <tr> 743 <th>CVE</th> 744 <th></th> 745 <th></th> 746 <th> Nexus </th> 747 <th> AOSP </th> 748 <th></th> 749 </tr> 750 <tr> 751 <td>CVE-2016-5348</td> 752 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/218b813d5bc2d7d3952ea1861c38b4aa944ac59b">A-29555864</a> 753 </td> 754 <td></td> 755 <td> Nexus </td> 756 <td>4.4.45.0.25.1.16.06.0.17.0</td> 757 <td>2016 6 20 </td> 758 </tr> 759 </table> 760 <h3 id="dosv-in-mediaserver"></h3> 761 <p> 762 763 </p> 764 <table> 765 <col width="18%"> 766 <col width="16%"> 767 <col width="10%"> 768 <col width="19%"> 769 <col width="19%"> 770 <col width="17%"> 771 <tr> 772 <th>CVE</th> 773 <th></th> 774 <th></th> 775 <th> Nexus </th> 776 <th> AOSP </th> 777 <th></th> 778 </tr> 779 <tr> 780 <td>CVE-2016-3920</td> 781 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/6d0249be2275fd4086783f259f4e2c54722a7c55">A-30744884</a> 782 </td> 783 <td></td> 784 <td> Nexus </td> 785 <td>5.0.25.1.16.06.0.17.0</td> 786 <td>2016 8 5 </td> 787 </tr> 788 </table> 789 <h3 id="eopv-in-framework-listener">Framework </h3> 790 <p> 791 Framework 792 </p> 793 <table> 794 <col width="18%"> 795 <col width="16%"> 796 <col width="10%"> 797 <col width="18%"> 798 <col width="20%"> 799 <col width="17%"> 800 <tr> 801 <th>CVE</th> 802 <th></th> 803 <th></th> 804 <th> Nexus </th> 805 <th> AOSP </th> 806 <th></th> 807 </tr> 808 <tr> 809 <td>CVE-2016-3921</td> 810 <td><a href="https://android.googlesource.com/platform/system/core/+/771ab014c24a682b32990da08e87e2f0ab765bd2">A-29831647</a> 811 </td> 812 <td></td> 813 <td> Nexus </td> 814 <td>4.4.45.0.25.1.16.06.0.17.0</td> 815 <td>2016 6 25 </td> 816 </tr> 817 </table> 818 <h3 id="eopv-in-telephony-2"></h3> 819 <p> 820 821 </p> 822 <table> 823 <col width="18%"> 824 <col width="16%"> 825 <col width="10%"> 826 <col width="19%"> 827 <col width="19%"> 828 <col width="17%"> 829 <tr> 830 <th>CVE</th> 831 <th></th> 832 <th></th> 833 <th> Nexus </th> 834 <th> AOSP </th> 835 <th></th> 836 </tr> 837 <tr> 838 <td>CVE-2016-3922</td> 839 <td><a href="https://android.googlesource.com/platform/hardware/ril/+/95610818918f6f11fe7d23aca1380e6c0fac2af0">A-30202619</a> 840 </td> 841 <td></td> 842 <td> Nexus </td> 843 <td>6.06.0.17.0</td> 844 <td>2016 7 17 </td> 845 </tr> 846 </table> 847 <h3 id="eopv-in-accessibility-services"></h3> 848 <p> 849 () 850 </p> 851 <table> 852 <col width="18%"> 853 <col width="16%"> 854 <col width="10%"> 855 <col width="19%"> 856 <col width="18%"> 857 <col width="18%"> 858 <tr> 859 <th>CVE</th> 860 <th></th> 861 <th></th> 862 <th> Nexus </th> 863 <th> AOSP </th> 864 <th></th> 865 </tr> 866 <tr> 867 <td>CVE-2016-3923</td> 868 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/5f256310187b4ff2f13a7abb9afed9126facd7bc">A-30647115</a> 869 </td> 870 <td></td> 871 <td> Nexus </td> 872 <td>7.0</td> 873 <td>Google </td> 874 </tr> 875 </table> 876 <h3 id="information-disclosure-vulnerability-in-mediaserver"></h3> 877 <p> 878 879 </p> 880 <table> 881 <col width="18%"> 882 <col width="16%"> 883 <col width="10%"> 884 <col width="18%"> 885 <col width="20%"> 886 <col width="17%"> 887 <tr> 888 <th>CVE</th> 889 <th></th> 890 <th></th> 891 <th> Nexus </th> 892 <th> AOSP </th> 893 <th></th> 894 </tr> 895 <tr> 896 <td>CVE-2016-3924</td> 897 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/c894aa36be535886a8e5ff02cdbcd07dd24618f6">A-30204301</a> 898 </td> 899 <td></td> 900 <td> Nexus </td> 901 <td>4.4.45.0.25.1.16.06.0.17.0</td> 902 <td>2016 7 18 </td> 903 </tr> 904 </table> 905 <h3 id="dosv-in-wi-fi-2">Wi-Fi </h3> 906 <p> 907 Wi-Fi Wi-Fi 908 </p> 909 <table> 910 <col width="18%"> 911 <col width="16%"> 912 <col width="10%"> 913 <col width="19%"> 914 <col width="17%"> 915 <col width="19%"> 916 <tr> 917 <th>CVE</th> 918 <th></th> 919 <th></th> 920 <th> Nexus </th> 921 <th> AOSP </th> 922 <th></th> 923 </tr> 924 <tr> 925 <td>CVE-2016-3925</td> 926 <td><a href="https://android.googlesource.com/platform/frameworks/opt/net/wifi/+/c2905409c20c8692d4396b8531b09e7ec81fa3fb">A-30230534</a> 927 </td> 928 <td></td> 929 <td> Nexus </td> 930 <td>6.06.0.17.0</td> 931 <td>Google </td> 932 </tr> 933 </table> 934 <h2 id="2016-10-05-security-patch-level-vulnerability-details">2016-10-05 935 </h2> 936 <p> <a href="#2016-10-05-security-patch-level-vulnerability-summary">2016-10-05 </a> CVE Nexus AOSP () ID ( AOSP ) ID </p> 937 <h3 id="remote-code-execution-vulnerability-in-kernel-asn-1-decoder"> ASN.1 </h3> 938 <p> 939 ASN.1 (Re-flash) 940 </p> 941 <table> 942 <col width="19%"> 943 <col width="20%"> 944 <col width="10%"> 945 <col width="23%"> 946 <col width="17%"> 947 <tr> 948 <th>CVE</th> 949 <th></th> 950 <th></th> 951 <th> Nexus </th> 952 <th></th> 953 </tr> 954 <tr> 955 <td>CVE-2016-0758</td> 956 <td>A-29814470<br> 957 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=23c8a812dc3c621009e4f0e5342aa4e2ede1ceaa"> 958 </a></td> 959 <td></td> 960 <td>Nexus 5XNexus 6P</td> 961 <td>2016 5 12 </td> 962 </tr> 963 </table> 964 <h3 id="remote-code-execution-vulnerability-in-kernel-networking-subsystem"></h3> 965 <p> 966 (Re-flash) 967 </p> 968 <table> 969 <col width="19%"> 970 <col width="20%"> 971 <col width="10%"> 972 <col width="23%"> 973 <col width="17%"> 974 <tr> 975 <th>CVE</th> 976 <th></th> 977 <th></th> 978 <th> Nexus </th> 979 <th></th> 980 </tr> 981 <tr> 982 <td>CVE-2016-7117</td> 983 <td>A-30515201<br> 984 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=34b88a68f26a75e4fded796f1a49c40f82234b7d"></a></td> 985 <td></td> 986 <td> Nexus </td> 987 <td>Google </td> 988 </tr> 989 </table> 990 <h3 id="eopv-in-mediatek-video-driver">MediaTek </h3> 991 <p> 992 MediaTek (Re-flash) 993 </p> 994 <table> 995 <col width="19%"> 996 <col width="20%"> 997 <col width="10%"> 998 <col width="23%"> 999 <col width="17%"> 1000 <tr> 1001 <th>CVE</th> 1002 <th></th> 1003 <th></th> 1004 <th> Nexus </th> 1005 <th></th> 1006 </tr> 1007 <tr> 1008 <td>CVE-2016-3928</td> 1009 <td>A-30019362*<br> 1010 M-ALPS02829384</td> 1011 <td></td> 1012 <td></td> 1013 <td>2016 7 6 </td> 1014 </tr> 1015 </table> 1016 <p>* Nexus <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> 1017 </p> 1018 <h3 id="eopv-in-kernel-shared-memory-driver"></h3> 1019 <p> 1020 (Re-flash) 1021 </p> 1022 <table> 1023 <col width="19%"> 1024 <col width="20%"> 1025 <col width="10%"> 1026 <col width="23%"> 1027 <col width="17%"> 1028 <tr> 1029 <th>CVE</th> 1030 <th></th> 1031 <th></th> 1032 <th> Nexus </th> 1033 <th></th> 1034 </tr> 1035 <tr> 1036 <td>CVE-2016-5340</td> 1037 <td>A-30652312<br> 1038 <a href="https://source.codeaurora.org/quic/la//kernel/msm-3.10/commit/?id=06e51489061e5473b4e2035c79dcf7c27a6f75a6">QC-CR#1008948</a></td> 1039 <td></td> 1040 <td>Nexus 5Nexus 5XNexus 6Nexus 6PAndroid One</td> 1041 <td>2016 7 26 </td> 1042 </tr> 1043 </table> 1044 1045 <h3 id="vulnerabilities-in-qc-components">Qualcomm </h3> 1046 <p> 1047 Qualcomm 2016 3 4 Qualcomm AMSS 1048 </p> 1049 <table> 1050 <col width="19%"> 1051 <col width="16%"> 1052 <col width="10%"> 1053 <col width="23%"> 1054 <col width="21%"> 1055 <tr> 1056 <th>CVE</th> 1057 <th></th> 1058 <th></th> 1059 <th> Nexus </th> 1060 <th></th> 1061 </tr> 1062 <tr> 1063 <td>CVE-2016-3926</td> 1064 <td>A-28823953*</td> 1065 <td></td> 1066 <td>Nexus 5Nexus 5XNexus 6Nexus 6P</td> 1067 <td>Qualcomm </td> 1068 </tr> 1069 <tr> 1070 <td>CVE-2016-3927</td> 1071 <td>A-28823244*</td> 1072 <td></td> 1073 <td>Nexus 5XNexus 6P</td> 1074 <td>Qualcomm </td> 1075 </tr> 1076 <tr> 1077 <td>CVE-2016-3929</td> 1078 <td>A-28823675*</td> 1079 <td></td> 1080 <td>Nexus 5XNexus 6P</td> 1081 <td>Qualcomm </td> 1082 </tr> 1083 </table> 1084 <p>* Nexus <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> 1085 </p> 1086 <h3 id="eopv-in-qualcomm-networking-component">Qualcomm </h3> 1087 <p> 1088 Qualcomm 1089 </p> 1090 <table> 1091 <col width="19%"> 1092 <col width="20%"> 1093 <col width="10%"> 1094 <col width="23%"> 1095 <col width="17%"> 1096 <tr> 1097 <th>CVE</th> 1098 <th></th> 1099 <th></th> 1100 <th> Nexus </th> 1101 <th></th> 1102 </tr> 1103 <tr> 1104 <td>CVE-2016-2059</td> 1105 <td>A-27045580<br> 1106 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=9e8bdd63f7011dff5523ea435433834b3702398d">QC-CR#974577</a></td> 1107 <td></td> 1108 <td>Nexus 5Nexus 5XNexus 6Nexus 6PAndroid One</td> 1109 <td>2016 2 4 </td> 1110 </tr> 1111 </table> 1112 <h3 id="eopv-in-nvidia-mmc-test-driver">NVIDIA MMC </h3> 1113 <p> 1114 NVIDIA MMC 1115 </p> 1116 <table> 1117 <col width="19%"> 1118 <col width="20%"> 1119 <col width="10%"> 1120 <col width="23%"> 1121 <col width="17%"> 1122 <tr> 1123 <th>CVE</th> 1124 <th></th> 1125 <th></th> 1126 <th> Nexus </th> 1127 <th></th> 1128 </tr> 1129 <tr> 1130 <td>CVE-2016-3930</td> 1131 <td>A-28760138*<br> 1132 N-CVE-2016-3930</td> 1133 <td></td> 1134 <td>Nexus 9</td> 1135 <td>2016 5 12 </td> 1136 </tr> 1137 </table> 1138 <p>* Nexus <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> 1139 </p> 1140 <h3 id="eopv-in-qsee-communicator-driver">Qualcomm QSEE </h3> 1141 <p>Qualcomm QSEE 1142 </p> 1143 <table> 1144 <col width="19%"> 1145 <col width="20%"> 1146 <col width="10%"> 1147 <col width="23%"> 1148 <col width="17%"> 1149 <tr> 1150 <th>CVE</th> 1151 <th></th> 1152 <th></th> 1153 <th> Nexus </th> 1154 <th></th> 1155 </tr> 1156 <tr> 1157 <td>CVE-2016-3931</td> 1158 <td>A-29157595<br> 1159 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=e80b88323f9ff0bb0e545f209eec08ec56fca816">QC-CR#1036418</a></td> 1160 <td></td> 1161 <td>Nexus 5XNexus 6Nexus 6PAndroid One</td> 1162 <td>2016 6 4 </td> 1163 </tr> 1164 </table> 1165 <h3 id="eopv-in-mediaserver-2"></h3> 1166 <p> 1167 </p> 1168 <table> 1169 <col width="19%"> 1170 <col width="20%"> 1171 <col width="10%"> 1172 <col width="23%"> 1173 <col width="17%"> 1174 <tr> 1175 <th>CVE</th> 1176 <th></th> 1177 <th></th> 1178 <th> Nexus </th> 1179 <th></th> 1180 </tr> 1181 <tr> 1182 <td>CVE-2016-3932</td> 1183 <td>A-29161895<br> 1184 M-ALPS02770870</td> 1185 <td></td> 1186 <td></td> 1187 <td>2016 6 6 </td> 1188 </tr> 1189 <tr> 1190 <td>CVE-2016-3933</td> 1191 <td>A-29421408*<br> 1192 N-CVE-2016-3933</td> 1193 <td></td> 1194 <td>Nexus 9Pixel C</td> 1195 <td>2016 6 14 </td> 1196 </tr> 1197 </table> 1198 <p>* Nexus <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> 1199 </p> 1200 <h3 id="eopv-in-qualcomm-camera-driver">Qualcomm </h3> 1201 <p> 1202 Qualcomm 1203 </p> 1204 <table> 1205 <col width="19%"> 1206 <col width="20%"> 1207 <col width="10%"> 1208 <col width="23%"> 1209 <col width="17%"> 1210 <tr> 1211 <th>CVE</th> 1212 <th></th> 1213 <th></th> 1214 <th> Nexus </th> 1215 <th></th> 1216 </tr> 1217 <tr> 1218 <td>CVE-2016-3903</td> 1219 <td>A-29513227<br> 1220 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=b8874573428e8ce024f57c6242d662fcca5e5d55">QC-CR#1040857</a></td> 1221 <td></td> 1222 <td>Nexus 5Nexus 5XNexus 6Nexus 6PAndroid One</td> 1223 <td>2016 6 20 </td> 1224 </tr> 1225 <tr> 1226 <td>CVE-2016-3934</td> 1227 <td>A-30102557<br> 1228 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=27fbeb6b025d5d46ccb0497cbed4c6e78ed1c5cc">QC-CR#789704</a></td> 1229 <td></td> 1230 <td>Nexus 5Nexus 5XNexus 6Nexus 6PAndroid One</td> 1231 <td>2016 7 16 </td> 1232 </tr> 1233 </table> 1234 <h3 id="eopv-in-qualcomm-sound-driver">Qualcomm </h3> 1235 <p> 1236 Qualcomm 1237 </p> 1238 <table> 1239 <col width="19%"> 1240 <col width="20%"> 1241 <col width="10%"> 1242 <col width="23%"> 1243 <col width="17%"> 1244 <tr> 1245 <th>CVE</th> 1246 <th></th> 1247 <th></th> 1248 <th> Nexus </th> 1249 <th></th> 1250 </tr> 1251 <tr> 1252 <td>CVE-2015-8951</td> 1253 <td>A-30142668<br> 1254 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?h=APSS.FSM.3.0&id=ccff36b07bfc49efc77b9f1b55ed2bf0900b1d5b">QC-CR#948902</a><br> 1255 QC-CR#948902</td> 1256 <td></td> 1257 <td>Nexus 5XNexus 6PAndroid One</td> 1258 <td>2016 6 20 </td> 1259 </tr> 1260 </table> 1261 <h3 id="eopv-in-qualcomm-crypto-engine-driver">Qualcomm </h3> 1262 <p>Qualcomm 1263 </p> 1264 <table> 1265 <col width="19%"> 1266 <col width="20%"> 1267 <col width="10%"> 1268 <col width="23%"> 1269 <col width="17%"> 1270 <tr> 1271 <th>CVE</th> 1272 <th></th> 1273 <th></th> 1274 <th> Nexus </th> 1275 <th></th> 1276 </tr> 1277 <tr> 1278 <td>CVE-2016-3901</td> 1279 <td>A-29999161<br> 1280 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=5f69ccf3b011c1d14a1b1b00dbaacf74307c9132">QC-CR#1046434</a></td> 1281 <td></td> 1282 <td>Nexus 5XNexus 6Nexus 6PAndroid One</td> 1283 <td>2016 7 6 </td> 1284 </tr> 1285 <tr> 1286 <td>CVE-2016-3935</td> 1287 <td>A-29999665<br> 1288 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=5f69ccf3b011c1d14a1b1b00dbaacf74307c9132">QC-CR#1046507</a></td> 1289 <td></td> 1290 <td>Nexus 5XNexus 6Nexus 6PAndroid One</td> 1291 <td>2016 7 6 </td> 1292 </tr> 1293 </table> 1294 <h3 id="eopv-in-mediatek-video-driver-2">MediaTek </h3> 1295 <p> 1296 MediaTek 1297 </p> 1298 <table> 1299 <col width="19%"> 1300 <col width="20%"> 1301 <col width="10%"> 1302 <col width="23%"> 1303 <col width="17%"> 1304 <tr> 1305 <th>CVE</th> 1306 <th></th> 1307 <th></th> 1308 <th> Nexus </th> 1309 <th></th> 1310 </tr> 1311 <tr> 1312 <td>CVE-2016-3936</td> 1313 <td>A-30019037*<br> 1314 M-ALPS02829568</td> 1315 <td></td> 1316 <td></td> 1317 <td>2016 7 6 </td> 1318 </tr> 1319 <tr> 1320 <td>CVE-2016-3937</td> 1321 <td>A-30030994*<br> 1322 M-ALPS02834874</td> 1323 <td></td> 1324 <td></td> 1325 <td>2016 7 7 </td> 1326 </tr> 1327 </table> 1328 <p>* Nexus <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> 1329 </p> 1330 <h3 id="eopv-in-qualcomm-video-driver">Qualcomm </h3> 1331 <p> 1332 Qualcomm 1333 </p> 1334 <table> 1335 <col width="19%"> 1336 <col width="20%"> 1337 <col width="10%"> 1338 <col width="23%"> 1339 <col width="17%"> 1340 <tr> 1341 <th>CVE</th> 1342 <th></th> 1343 <th></th> 1344 <th> Nexus </th> 1345 <th></th> 1346 </tr> 1347 <tr> 1348 <td>CVE-2016-3938</td> 1349 <td>A-30019716<br> 1350 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=467c81f9736b1ebc8d4ba70f9221bba02425ca10">QC-CR#1049232</a></td> 1351 <td></td> 1352 <td>Nexus 5XNexus 6Nexus 6PAndroid One</td> 1353 <td>2016 7 7 </td> 1354 </tr> 1355 <tr> 1356 <td>CVE-2016-3939</td> 1357 <td>A-30874196<br> 1358 <a href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=e0bb18771d6ca71db2c2a61226827059be3fa424">QC-CR#1001224</a></td> 1359 <td></td> 1360 <td>Nexus 5XNexus 6Nexus 6PAndroid One</td> 1361 <td>2016 8 15 </td> 1362 </tr> 1363 </table> 1364 <h3 id="eopv-in-synaptics-touchscreen-driver">Synaptics </h3> 1365 <p>Synaptics 1366 </p> 1367 <table> 1368 <col width="19%"> 1369 <col width="20%"> 1370 <col width="10%"> 1371 <col width="23%"> 1372 <col width="17%"> 1373 <tr> 1374 <th>CVE</th> 1375 <th></th> 1376 <th></th> 1377 <th> Nexus </th> 1378 <th></th> 1379 </tr> 1380 <tr> 1381 <td>CVE-2016-3940</td> 1382 <td>A-30141991*</td> 1383 <td></td> 1384 <td>Nexus 6PAndroid One</td> 1385 <td>2016 7 16 </td> 1386 </tr> 1387 <tr> 1388 <td>CVE-2016-6672</td> 1389 <td>A-30537088*</td> 1390 <td></td> 1391 <td>Nexus 5X</td> 1392 <td>2016 7 31 </td> 1393 </tr> 1394 </table> 1395 <p>* Nexus <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> 1396 </p> 1397 <h3 id="eopv-in-nvidia-camera-driver">NVIDIA </h3> 1398 <p> 1399 NVIDIA 1400 </p> 1401 <table> 1402 <col width="19%"> 1403 <col width="20%"> 1404 <col width="10%"> 1405 <col width="23%"> 1406 <col width="17%"> 1407 <tr> 1408 <th>CVE</th> 1409 <th></th> 1410 <th></th> 1411 <th> Nexus </th> 1412 <th></th> 1413 </tr> 1414 <tr> 1415 <td>CVE-2016-6673</td> 1416 <td>A-30204201*<br> 1417 N-CVE-2016-6673</td> 1418 <td></td> 1419 <td>Nexus 9</td> 1420 <td>2016 7 17 </td> 1421 </tr> 1422 </table> 1423 <p>* Nexus <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> 1424 </p> 1425 <h3 id="eopv-in-system_server">System_server </h3> 1426 <p>System_server 1427 </p> 1428 <table> 1429 <col width="19%"> 1430 <col width="20%"> 1431 <col width="10%"> 1432 <col width="23%"> 1433 <col width="17%"> 1434 <tr> 1435 <th>CVE</th> 1436 <th></th> 1437 <th></th> 1438 <th> Nexus </th> 1439 <th></th> 1440 </tr> 1441 <tr> 1442 <td>CVE-2016-6674</td> 1443 <td>A-30445380*</td> 1444 <td></td> 1445 <td> Nexus </td> 1446 <td>2016 7 26 </td> 1447 </tr> 1448 </table> 1449 <p>* Nexus <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> 1450 </p> 1451 <h3 id="eopv-in-qualcomm-wi-fi-driver">Qualcomm Wi-Fi </h3> 1452 <p> 1453 Qualcomm Wi-Fi 1454 </p> 1455 <table> 1456 <col width="19%"> 1457 <col width="20%"> 1458 <col width="10%"> 1459 <col width="23%"> 1460 <col width="17%"> 1461 <tr> 1462 <th>CVE</th> 1463 <th></th> 1464 <th></th> 1465 <th> Nexus </th> 1466 <th></th> 1467 </tr> 1468 <tr> 1469 <td>CVE-2016-3905</td> 1470 <td>A-28061823<br> 1471 <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=b5112838eb91b71eded4b5ee37338535784e0aef">QC-CR#1001449</a></td> 1472 <td></td> 1473 <td>Nexus 5X</td> 1474 <td>Google </td> 1475 </tr> 1476 <tr> 1477 <td>CVE-2016-6675</td> 1478 <td>A-30873776<br> 1479 <a href="https://source.codeaurora.org/quic/la//platform/vendor/qcom-opensource/wlan/prima/commit/?id=1353fa0bd0c78427f3ae7d9bde7daeb75bd01d09">QC-CR#1000861</a></td> 1480 <td></td> 1481 <td>Nexus 5XAndroid One</td> 1482 <td>2016 8 15 </td> 1483 </tr> 1484 <tr> 1485 <td>CVE-2016-6676</td> 1486 <td>A-30874066<br> 1487 <a href="https://source.codeaurora.org/quic/la//platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=6ba9136879232442a182996427e5c88e5a7512a8">QC-CR#1000853</a></td> 1488 <td></td> 1489 <td>Nexus 5XAndroid One</td> 1490 <td>2016 8 15 </td> 1491 </tr> 1492 <tr> 1493 <td>CVE-2016-5342</td> 1494 <td>A-30878283<br> 1495 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=579e796cb089324c55e0e689a180575ba81b23d9">QC-CR#1032174</a></td> 1496 <td></td> 1497 <td>Android One</td> 1498 <td>2016 8 15 </td> 1499 </tr> 1500 </table> 1501 <h3 id="eopv-in-kernel-performance-subsystem"></h3> 1502 <p> 1503 1504 </p> 1505 <table> 1506 <col width="19%"> 1507 <col width="20%"> 1508 <col width="10%"> 1509 <col width="23%"> 1510 <col width="17%"> 1511 <tr> 1512 <th>CVE</th> 1513 <th></th> 1514 <th></th> 1515 <th> Nexus </th> 1516 <th></th> 1517 </tr> 1518 <tr> 1519 <td>CVE-2015-8955</td> 1520 <td>A-29508816<br> 1521 <a href="https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=8fff105e13041e49b82f92eef034f363a6b1c071"></a></td> 1522 <td></td> 1523 <td>Nexus 5XNexus 6PPixel CAndroid One</td> 1524 <td>Google </td> 1525 </tr> 1526 </table> 1527 <h3 id="information-disclosure-vulnerability-in-kernel-ion-subsystem"> ION </h3> 1528 <p> 1529 ION 1530 </p> 1531 <table> 1532 <col width="19%"> 1533 <col width="20%"> 1534 <col width="10%"> 1535 <col width="23%"> 1536 <col width="17%"> 1537 <tr> 1538 <th>CVE</th> 1539 <th></th> 1540 <th></th> 1541 <th> Nexus </th> 1542 <th></th> 1543 </tr> 1544 <tr> 1545 <td>CVE-2015-8950</td> 1546 <td>A-29795245<br> 1547 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=6e2c437a2d0a85d90d3db85a7471f99764f7bbf8">QC-CR#1041735</a></td> 1548 <td></td> 1549 <td>Nexus 5Nexus 5XNexus 6Nexus 6P</td> 1550 <td>2016 5 12 </td> 1551 </tr> 1552 </table> 1553 <h3 id="information-disclosure-vulnerability-in-nvidia-gpu-driver">NVIDIA GPU </h3> 1554 <p> 1555 NVIDIA GPU 1556 </p> 1557 <table> 1558 <col width="19%"> 1559 <col width="20%"> 1560 <col width="10%"> 1561 <col width="23%"> 1562 <col width="17%"> 1563 <tr> 1564 <th>CVE</th> 1565 <th></th> 1566 <th></th> 1567 <th> Nexus </th> 1568 <th></th> 1569 </tr> 1570 <tr> 1571 <td>CVE-2016-6677</td> 1572 <td>A-30259955*<br> 1573 N-CVE-2016-6677</td> 1574 <td></td> 1575 <td>Nexus 9</td> 1576 <td>2016 7 19 </td> 1577 </tr> 1578 </table> 1579 <p>* Nexus <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> 1580 </p> 1581 <h3 id="eopv-in-qualcomm-character-driver">Qualcomm </h3> 1582 <p> 1583 Qualcomm 1584 </p> 1585 <table> 1586 <col width="19%"> 1587 <col width="20%"> 1588 <col width="10%"> 1589 <col width="23%"> 1590 <col width="17%"> 1591 <tr> 1592 <th>CVE</th> 1593 <th></th> 1594 <th></th> 1595 <th> Nexus </th> 1596 <th></th> 1597 </tr> 1598 <tr> 1599 <td>CVE-2015-0572</td> 1600 <td>A-29156684<br> 1601 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=34ad3d34fbff11b8e1210b9da0dac937fb956b61">QC-CR#848489</a></td> 1602 <td></td> 1603 <td>Nexus 5XNexus 6P</td> 1604 <td>2016 5 28 </td> 1605 </tr> 1606 </table> 1607 <h3 id="information-disclosure-vulnerability-in-qualcomm-sound-driver">Qualcomm </h3> 1608 <p> 1609 Qualcomm 1610 </p> 1611 <table> 1612 <col width="19%"> 1613 <col width="20%"> 1614 <col width="10%"> 1615 <col width="23%"> 1616 <col width="17%"> 1617 <tr> 1618 <th>CVE</th> 1619 <th></th> 1620 <th></th> 1621 <th> Nexus </th> 1622 <th></th> 1623 </tr> 1624 <tr> 1625 <td>CVE-2016-3860</td> 1626 <td>A-29323142<br> 1627 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/diff/sound/soc/msm/qdsp6v2/audio_calibration.c?id=528976f54be246ec93a71ac53aa4faf3e3791c48">QC-CR#1038127</a></td> 1628 <td></td> 1629 <td>Nexus 5XNexus 6PAndroid One</td> 1630 <td>20164 6 13 </td> 1631 </tr> 1632 </table> 1633 <h3 id="information-disclosure-vulnerability-in-motorola-usbnet-driver">Motorola USBNet </h3> 1634 <p> 1635 Motorola USBNet 1636 </p> 1637 <table> 1638 <col width="19%"> 1639 <col width="20%"> 1640 <col width="10%"> 1641 <col width="23%"> 1642 <col width="17%"> 1643 <tr> 1644 <th>CVE</th> 1645 <th></th> 1646 <th></th> 1647 <th> Nexus </th> 1648 <th></th> 1649 </tr> 1650 <tr> 1651 <td>CVE-2016-6678</td> 1652 <td>A-29914434*</td> 1653 <td></td> 1654 <td>Nexus 6</td> 1655 <td>2016 6 30 </td> 1656 </tr> 1657 </table> 1658 <p>* Nexus <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> 1659 </p> 1660 <h3 id="information-disclosure-vulnerability-in-qualcomm-components">Qualcomm </h3> 1661 <p> 1662 Qualcomm (IPA Wi-Fi ) 1663 </p> 1664 <table> 1665 <col width="19%"> 1666 <col width="20%"> 1667 <col width="10%"> 1668 <col width="23%"> 1669 <col width="17%"> 1670 <tr> 1671 <th>CVE</th> 1672 <th></th> 1673 <th></th> 1674 <th> Nexus </th> 1675 <th></th> 1676 </tr> 1677 <tr> 1678 <td>CVE-2016-6679</td> 1679 <td>A-29915601<br> 1680 <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=d39345f0abc309959d831d09fcbf1619cc0ae0f5">QC-CR#1000913</a> 1681 [<a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=f081695446679aa44baa0d00940ea18455eeb4c5">2</a>]</td> 1682 <td></td> 1683 <td>Nexus 5XAndroid One</td> 1684 <td>2016 6 30 </td> 1685 </tr> 1686 <tr> 1687 <td>CVE-2016-3902</td> 1688 <td>A-29953313*<br> 1689 <a href="https://source.codeaurora.org/quic/la//kernel/msm-3.10/commit/?id=2fca425d781572393fbe51abe2e27a932d24a768">QC-CR#1044072</a></td> 1690 <td></td> 1691 <td>Nexus 5XNexus 6P</td> 1692 <td>2016 7 2 </td> 1693 </tr> 1694 <tr> 1695 <td>CVE-2016-6680</td> 1696 <td>A-29982678*<br> 1697 <a href="https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/qcacld-2.0/commit/?id=2f2fa073b95d4700de88c0f7558b4a18c13ac552">QC-CR#1048052</a></td> 1698 <td></td> 1699 <td>Nexus 5XAndroid One</td> 1700 <td>2016 7 3 </td> 1701 </tr> 1702 <tr> 1703 <td>CVE-2016-6681</td> 1704 <td>A-30152182<br> 1705 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=0950fbd39ff189497f1b6115825c210e3eeaf395">QC-CR#1049521</a></td> 1706 <td></td> 1707 <td>Nexus 5XNexus 6PAndroid One</td> 1708 <td>2016 7 14 </td> 1709 </tr> 1710 <tr> 1711 <td>CVE-2016-6682</td> 1712 <td>A-30152501<br> 1713 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=0950fbd39ff189497f1b6115825c210e3eeaf395">QC-CR#1049615</a></td> 1714 <td></td> 1715 <td>Nexus 5XNexus 6PAndroid One</td> 1716 <td>2016 7 14 </td> 1717 </tr> 1718 </table> 1719 <p>* Nexus <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> 1720 </p> 1721 <h3 id="information-disclosure-vulnerability-in-kernel-components"></h3> 1722 <p> 1723 () 1724 </p> 1725 <table> 1726 <col width="19%"> 1727 <col width="18%"> 1728 <col width="10%"> 1729 <col width="25%"> 1730 <col width="17%"> 1731 <tr> 1732 <th>CVE</th> 1733 <th></th> 1734 <th></th> 1735 <th> Nexus </th> 1736 <th></th> 1737 </tr> 1738 <tr> 1739 <td>CVE-2016-6683</td> 1740 <td>A-30143283*</td> 1741 <td></td> 1742 <td> Nexus </td> 1743 <td>2016 7 13 </td> 1744 </tr> 1745 <tr> 1746 <td>CVE-2016-6684</td> 1747 <td>A-30148243*</td> 1748 <td></td> 1749 <td>Nexus 5Nexus 5XNexus 6Nexus 6PNexus 9Nexus PlayerAndroid One</td> 1750 <td>2016 7 13 </td> 1751 </tr> 1752 <tr> 1753 <td>CVE-2015-8956</td> 1754 <td>A-30149612*</td> 1755 <td></td> 1756 <td>Nexus 5Nexus 6PAndroid One</td> 1757 <td>2016 7 14 </td> 1758 </tr> 1759 <tr> 1760 <td>CVE-2016-6685</td> 1761 <td>A-30402628*</td> 1762 <td></td> 1763 <td>Nexus 6P</td> 1764 <td>2016 7 25 </td> 1765 </tr> 1766 </table> 1767 <p>* Nexus <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> 1768 </p> 1769 <h3 id="information-disclosure-vulnerability-in-nvidia-profiler">NVIDIA </h3> 1770 <p> 1771 NVIDIA 1772 </p> 1773 <table> 1774 <col width="19%"> 1775 <col width="20%"> 1776 <col width="10%"> 1777 <col width="23%"> 1778 <col width="17%"> 1779 <tr> 1780 <th>CVE</th> 1781 <th></th> 1782 <th></th> 1783 <th> Nexus </th> 1784 <th></th> 1785 </tr> 1786 <tr> 1787 <td>CVE-2016-6686</td> 1788 <td>A-30163101*<br> 1789 N-CVE-2016-6686</td> 1790 <td></td> 1791 <td>Nexus 9</td> 1792 <td>2016 7 15 </td> 1793 </tr> 1794 <tr> 1795 <td>CVE-2016-6687</td> 1796 <td>A-30162222*<br> 1797 N-CVE-2016-6687</td> 1798 <td></td> 1799 <td>Nexus 9</td> 1800 <td>2016 7 15 </td> 1801 </tr> 1802 <tr> 1803 <td>CVE-2016-6688</td> 1804 <td>A-30593080*<br> 1805 N-CVE-2016-6688</td> 1806 <td></td> 1807 <td>Nexus 9</td> 1808 <td>2016 8 2 </td> 1809 </tr> 1810 </table> 1811 <p>* Nexus <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> 1812 </p> 1813 <h3 id="information-disclosure-vulnerability-in-kernel"></h3> 1814 <p> 1815 1816 </p> 1817 <table> 1818 <col width="19%"> 1819 <col width="20%"> 1820 <col width="10%"> 1821 <col width="23%"> 1822 <col width="17%"> 1823 <tr> 1824 <th>CVE</th> 1825 <th></th> 1826 <th></th> 1827 <th> Nexus </th> 1828 <th></th> 1829 </tr> 1830 <tr> 1831 <td>CVE-2016-6689</td> 1832 <td>A-30768347*</td> 1833 <td></td> 1834 <td> Nexus </td> 1835 <td>2016 8 9 </td> 1836 </tr> 1837 </table> 1838 <p>* Nexus <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> 1839 </p> 1840 <h3 id="dosv-in-kernel-networking-subsystem"></h3> 1841 <p> 1842 TCP 1843 </p> 1844 <table> 1845 <col width="19%"> 1846 <col width="18%"> 1847 <col width="10%"> 1848 <col width="25%"> 1849 <col width="17%"> 1850 <tr> 1851 <th>CVE</th> 1852 <th></th> 1853 <th></th> 1854 <th> Nexus </th> 1855 <th></th> 1856 </tr> 1857 <tr> 1858 <td>CVE-2016-5696</td> 1859 <td>A-30809774<br> 1860 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=75ff39ccc1bd5d3c455b6822ab09e533c551f758"></a></td> 1861 <td></td> 1862 <td>Nexus 5XNexus 6Nexus 6PNexus 9Nexus PlayerPixel CAndroid One</td> 1863 <td>2016 7 16 </td> 1864 </tr> 1865 </table> 1866 <h3 id="dosv-in-kernel-sound-driver"></h3> 1867 <p> 1868 1869 </p> 1870 <table> 1871 <col width="19%"> 1872 <col width="18%"> 1873 <col width="10%"> 1874 <col width="25%"> 1875 <col width="17%"> 1876 <tr> 1877 <th>CVE</th> 1878 <th></th> 1879 <th></th> 1880 <th> Nexus </th> 1881 <th></th> 1882 </tr> 1883 <tr> 1884 <td>CVE-2016-6690</td> 1885 <td>A-28838221*</td> 1886 <td></td> 1887 <td>Nexus 5Nexus 5XNexus 6Nexus 6PNexus Player</td> 1888 <td>2016 5 18 </td> 1889 </tr> 1890 </table> 1891 <p>* Nexus <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> 1892 </p> 1893 <h3 id="vulnerabilities-in-qualcomm-components">Qualcomm </h3> 1894 <p> 1895 Qualcomm 1896 </p> 1897 <table> 1898 <col width="19%"> 1899 <col width="20%"> 1900 <col width="10%"> 1901 <col width="23%"> 1902 <col width="17%"> 1903 <tr> 1904 <th>CVE</th> 1905 <th></th> 1906 <th></th> 1907 <th> Nexus </th> 1908 <th></th> 1909 </tr> 1910 <tr> 1911 <td>CVE-2016-6691</td> 1912 <td><a href="https://source.codeaurora.org/quic/la//platform/frameworks/opt/net/wifi/commit/?id=343f123c396b2a97fc7cce396cd5d99365cb9131">QC-CR#978452</a></td> 1913 <td></td> 1914 <td></td> 1915 <td>2016 7 </td> 1916 </tr> 1917 <tr> 1918 <td>CVE-2016-6692</td> 1919 <td><a href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=0f0e7047d39f9fb3a1a7f389918ff79cdb4a50b3">QC-CR#1004933</a></td> 1920 <td></td> 1921 <td></td> 1922 <td>2016 8 </td> 1923 </tr> 1924 <tr> 1925 <td>CVE-2016-6693</td> 1926 <td><a href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=ac328eb631fa74a63d5d2583e6bfeeb5a7a2df65">QC-CR#1027585</a></td> 1927 <td></td> 1928 <td></td> 1929 <td>2016 8 </td> 1930 </tr> 1931 <tr> 1932 <td>CVE-2016-6694</td> 1933 <td><a href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=961e38553aae8ba9b1af77c7a49acfbb7b0b6f62">QC-CR#1033525</a></td> 1934 <td></td> 1935 <td></td> 1936 <td>2016 8 </td> 1937 </tr> 1938 <tr> 1939 <td>CVE-2016-6695</td> 1940 <td><a href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=c319c2b0926d1ea5edb4d0778d88bd3ce37c4b95">QC-CR#1033540</a></td> 1941 <td></td> 1942 <td></td> 1943 <td>2016 8 </td> 1944 </tr> 1945 <tr> 1946 <td>CVE-2016-6696</td> 1947 <td><a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=c3c9341bfdf93606983f893a086cb33a487306e5">QC-CR#1041130</a></td> 1948 <td></td> 1949 <td></td> 1950 <td>2016 8 </td> 1951 </tr> 1952 <tr> 1953 <td>CVE-2016-5344</td> 1954 <td><a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=64e15c36d6c1c57dc2d95a3f163bc830a469fc20">QC-CR#993650</a></td> 1955 <td></td> 1956 <td></td> 1957 <td>2016 8 </td> 1958 </tr> 1959 <tr> 1960 <td>CVE-2016-5343</td> 1961 <td><a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=6927e2e0af4dcac357be86ba563c9ae12354bb08">QC-CR#1010081</a></td> 1962 <td></td> 1963 <td></td> 1964 <td>2016 8 </td> 1965 </tr> 1966 </table> 1967 <h2 id="common-questions-and-answers"></h2> 1968 <p> 1969 </p> 1970 <p> 1971 <strong>1. 1972 </strong> 1973 </p> 1974 <p> 1975 2016 10 1 2016-10-01 2016 10 5 2016-10-05 <a href="https://support.google.com/nexus/answer/4457705"></a>[ro.build.version.security_patch]:[2016-10-01] [ro.build.version.security_patch]:[2016-10-05] 1976 </p> 1977 <p> 1978 <strong>2. </strong> 1979 </p> 1980 <p> 1981 Android Android Android 1982 </p> 1983 <p> 1984 2016 10 5 () 1985 </p> 1986 <p> 1987 2016 10 1 1988 </p> 1989 <p> 1990 <strong>3. Nexus </strong> 1991 </p> 1992 <p> 1993 <a href="#2016-10-01-security-patch-level-vulnerability-details">2016-10-01</a> <a href="#2016-10-05-security-patch-level-vulnerability-details">2016-10-05</a> Nexus <em></em> Nexus </p> 1994 <ul> 1995 <li><strong> Nexus </strong> Nexus Nexus <em></em> Nexus Nexus <a href="https://support.google.com/nexus/answer/4457705#nexus_devices"></a>Nexus 5Nexus 5XNexus 6Nexus 6PNexus 7 (2013)Nexus 9Android OneNexus Player Pixel C</li> 1996 <li><strong> Nexus </strong> Nexus Nexus <em></em> Nexus </li> 1997 <li><strong> Nexus </strong> Android 7.0 Nexus Nexus <em></em></li> 1998 </ul> 1999 <p> 2000 <strong>4. </strong> 2001 </p> 2002 <p><em></em> 2003 </p> 2004 <table> 2005 <tr> 2006 <th></th> 2007 <th></th> 2008 </tr> 2009 <tr> 2010 <td>A-</td> 2011 <td>Android ID</td> 2012 </tr> 2013 <tr> 2014 <td>QC-</td> 2015 <td>Qualcomm </td> 2016 </tr> 2017 <tr> 2018 <td>M-</td> 2019 <td>MediaTek </td> 2020 </tr> 2021 <tr> 2022 <td>N-</td> 2023 <td>NVIDIA </td> 2024 </tr> 2025 <tr> 2026 <td>B-</td> 2027 <td>Broadcom </td> 2028 </tr> 2029 </table> 2030 2031 <h2 id="revisions"></h2> 2032 <ul> 2033 <li>2016 10 3 </li> 2034 <li>2016 10 4 AOSP CVE-2016-3920CVE-2016-6693CVE-2016-6694CVE-2016-6695 CVE-2016-6696 </li> 2035 </ul> 2036
