1 <html devsite> 2 <head> 3 <title>Android Security BulletinAugust 2016</title> 4 <meta name="project_path" value="/_project.yaml" /> 5 <meta name="book_path" value="/_book.yaml" /> 6 </head> 7 <body> 8 <!-- 9 Copyright 2017 The Android Open Source Project 10 11 Licensed under the Apache License, Version 2.0 (the "License"); 12 you may not use this file except in compliance with the License. 13 You may obtain a copy of the License at 14 15 http://www.apache.org/licenses/LICENSE-2.0 16 17 Unless required by applicable law or agreed to in writing, software 18 distributed under the License is distributed on an "AS IS" BASIS, 19 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 20 See the License for the specific language governing permissions and 21 limitations under the License. 22 --> 23 24 25 <p><em>Published August 01, 2016 | Updated October 21, 2016</em></p> 26 <p> 27 The Android Security Bulletin contains details of security vulnerabilities 28 affecting Android devices. Alongside the bulletin, we have released a security 29 update to Nexus devices through an over-the-air (OTA) update. The Nexus firmware 30 images have also been released to the <a 31 href="https://developers.google.com/android/nexus/images">Google Developer 32 site</a>. Security Patch Levels of August 05, 2016 or later address these 33 issues. Refer to the <a 34 href="https://support.google.com/nexus/answer/4457705#nexus_devices">documentation</a> 35 to learn how to check the security patch level. 36 </p> 37 <p> 38 Partners were notified about the issues described in the bulletin on July 06, 39 2016 or earlier. Where applicable, source code patches for these issues have 40 been released to the Android Open Source Project (AOSP) repository. This 41 bulletin also includes links to patches outside of AOSP. 42 </p> 43 <p> 44 The most severe of these issues is a Critical security vulnerability that could 45 enable remote code execution on an affected device through multiple methods such 46 as email, web browsing, and MMS when processing media files. The 47 <a href="/security/overview/updates-resources.html#severity">severity 48 assessment</a> is based on the effect that exploiting the vulnerability would 49 possibly have on an affected device, assuming the platform and service 50 mitigations are disabled for development purposes or if successfully bypassed. 51 </p> 52 <p> 53 We have had no reports of active customer exploitation or abuse of these newly 54 reported issues. Refer to the 55 <a href="#mitigations">Android and Google service mitigations</a> 56 section for details on the 57 <a href="/security/enhancements/index.html">Android 58 security platform protections</a> and service protections such as SafetyNet, 59 which improve the security of the Android platform. 60 </p> 61 <p> 62 We encourage all customers to accept these updates to their devices. 63 </p> 64 <h2 id="announcements">Announcements</h2> 65 <ul> 66 <li>Bulletin revised to correct CVE-2016-3856 to CVE-2016-2060.</li> 67 <li>This bulletin has two security patch level strings to provide Android 68 partners with the flexibility to move more quickly to fix a subset of 69 vulnerabilities that are similar across all Android devices. See <a 70 href="#common-questions-and-answers">Common questions and answers</a> for 71 additional information: 72 <ul> 73 <li><strong>2016-08-01</strong>: Partial security patch level string. This 74 security patch level string indicates that all issues associated with 2016-08-01 75 (and all previous security patch level strings) are addressed.</li> 76 <li><strong>2016-08-05</strong>: Complete security patch level string. This 77 security patch level string indicates that all issues associated with 2016-08-01 78 and 2016-08-05 (and all previous security patch level strings) are addressed.</li> 79 </ul> 80 </li> 81 <li>Supported Nexus devices will receive a single OTA update with the August 05, 82 2016 security patch level.</li> 83 </ul> 84 <h2 id="mitigations">Android and Google service mitigations</h2> 85 <p> 86 This is a summary of the mitigations provided by the <a 87 href="/security/enhancements/index.html">Android 88 security platform</a> and service protections such as SafetyNet. These 89 capabilities reduce the likelihood that security vulnerabilities could be 90 successfully exploited on Android. 91 </p> 92 <ul> 93 <li>Exploitation for many issues on Android is made more difficult by 94 enhancements in newer versions of the Android platform. We encourage all users 95 to update to the latest version of Android where possible.</li> 96 <li>The Android Security team actively monitors for abuse with <a 97 href="http://static.googleusercontent.com/media/source.android.com/en//security/reports/Google_Android_Security_2015_Report_Final.pdf">Verify 98 Apps and SafetyNet</a>, which are designed to warn users about <a 99 href="http://static.googleusercontent.com/media/source.android.com/en//security/reports/Google_Android_Security_PHA_classifications.pdf">Potentially 100 Harmful Applications</a>. Verify Apps is enabled by default on devices with <a 101 href="http://www.android.com/gms">Google Mobile Services</a>, and is especially 102 important for users who install applications from outside of Google Play. Device 103 rooting tools are prohibited within Google Play, but Verify Apps warns users 104 when they attempt to install a detected rooting applicationno matter where it 105 comes from. Additionally, Verify Apps attempts to identify and block 106 installation of known malicious applications that exploit a privilege escalation 107 vulnerability. If such an application has already been installed, Verify Apps 108 will notify the user and attempt to remove the detected application.</li> 109 <li>As appropriate, Google Hangouts and Messenger applications do not 110 automatically pass media to processes such as Mediaserver.</li> 111 </ul> 112 <h2 id="acknowledgements">Acknowledgements</h2> 113 <p> 114 We would like to thank these researchers for their contributions: 115 </p> 116 <ul> 117 <li>Abhishek Arya, Oliver Chang, and Martin Barbella of Google Chrome Security 118 Team: CVE-2016-3821, CVE-2016-3837</li> 119 <li>Adam Donenfeld et al. of Check Point Software Technologies Ltd.: 120 CVE-2016-2504</li> 121 <li>Chiachih Wu (<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>), 122 Mingjian Zhou (<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>), 123 and Xuxian Jiang of <a href="http://c0reteam.org">C0RE Team</a>: CVE-2016-3844</li> 124 <li>Chiachih Wu (<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>), 125 Yuan-Tsung Lo (<a 126 href="mailto:computernik (a] gmail.com">computernik (a] gmail.com)</a>, and Xuxian Jiang 127 of <a href="http://c0reteam.org">C0RE Team</a>: CVE-2016-3857</li> 128 <li>David Benjamin and Kenny Root of Google: CVE-2016-3840</li> 129 <li>Dawei Peng (<a href="http://weibo.com/u/5622360291">Vinc3nt4H</a>) of <a 130 href="http://jaq.alibaba.com">Alibaba Mobile Security Team</a>: CVE-2016-3822</li> 131 <li>Di Shen (<a href="https://twitter.com/returnsme">@returnsme</a>) of KeenLab 132 (<a href="https://twitter.com/keen_lab">@keen_lab</a>), Tencent: CVE-2016-3842</li> 133 <li>Dianne Hackborn of Google: CVE-2016-2497</li> 134 <li>Dmitry Vyukov of Google Dynamic Tools team: CVE-2016-3841</li> 135 <li>Gengjia Chen (<a href="https://twitter.com/chengjia4574">@chengjia4574</a>), 136 pjf (<a href="http://weibo.com/jfpan">weibo.com/jfpan</a>) of IceSword Lab, <a 137 href="http://www.360.com">Qihoo 360 Technology Co. Ltd</a>.: CVE-2016-3852</li> 138 <li>Guang Gong () (<a href="https://twitter.com/oldfresher">@oldfresher</a>) 139 of Alpha Team, <a href="http://www.360.com">Qihoo 360 Technology Co. Ltd</a>.: 140 CVE-2016-3834</li> 141 <li>Kai Lu (<a href="https://twitter.com/K3vinLuSec">@K3vinLuSec</a>) of 142 Fortinet's FortiGuard Labs: CVE-2016-3820</li> 143 <li>Kandala Shivaram reddy, DS, and Uppi: CVE-2016-3826</li> 144 <li>Mingjian Zhou (<a 145 href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>), Chiachih Wu (<a 146 href="https://twitter.com/chiachih_wu">@chiachih_wu</a>), and Xuxian Jiang of <a 147 href="http://c0reteam.org">C0RE Team</a>: CVE-2016-3823, CVE-2016-3835, 148 CVE-2016-3824, CVE-2016-3825</li> 149 <li>Nathan Crandall (<a href="https://twitter.com/natecray">@natecray</a>) of 150 Tesla Motors Product Security Team: CVE-2016-3847, CVE-2016-3848</li> 151 <li>Peng Xiao, Chengming Yang, Ning You, Chao Yang, and Yang song of Alibaba 152 Mobile Security Group: CVE-2016-3845</li> 153 <li>Peter Pi (<a href="https://twitter.com/heisecode">@heisecode</a>) of Trend 154 Micro: CVE-2016-3849</li> 155 <li>Qianwei Hu (<a href="mailto:rayxcp (a] gmail.com">rayxcp (a] gmail.com</a>) of <a 156 href="http://www.wooyun.org/">WooYun TangLab</a>: CVE-2016-3846</li> 157 <li>Qidan He (<a href="https://twitter.com/flanker_hqd">@flanker_hqd</a>) of 158 KeenLab (<a href="https://twitter.com/keen_lab">@keen_lab</a>), Tencent: 159 CVE-2016-3832</li> 160 <li>Sharvil Nanavati of Google: CVE-2016-3839</li> 161 <li>Shinjo Park (<a href="https://twitter.com/ad_ili_rai">@ad_ili_rai</a>) and 162 Altaf Shaik of <a 163 href="http://www.isti.tu-berlin.de/security_in_telecommunications">Security in 164 Telecommunications</a>: CVE-2016-3831</li> 165 <li>Tom Rootjunky: CVE-2016-3853</li> 166 <li>Vasily Vasiliev: CVE-2016-3819</li> 167 <li>Weichao Sun (<a href="https://twitter.com/sunblate">@sunblate</a>) of 168 Alibaba Inc.: CVE-2016-3827, CVE-2016-3828, CVE-2016-3829</li> 169 <li>Wish Wu (<a href="http://weibo.com/wishlinux"></a>) (<a 170 href="https://twitter.com/wish_wu">@wish_wu</a>) of <a 171 href="http://blog.trendmicro.com/trendlabs-security-intelligence/author/wishwu/">Trend 172 Micro Inc</a>.: CVE-2016-3843</li> 173 <li>Yongke Wang (<a href="https://twitter.com/rudykewang">@Rudykewang</a>) of 174 Tencent's Xuanwu LAB: CVE-2016-3836</li> 175 </ul> 176 <p> 177 We would like to thank Daniel Micay of Copperhead Security, Jeff Vander Stoep, 178 and Yabin Cui of Google for their contribution of platform level updates to 179 mitigate a class of vulnerabilities such as CVE-2016-3843. This mitigation is 180 based on work by Brad Spengler of Grsecurity. 181 </p> 182 <h2 183 id="2016-08-01-details"> 184 2016-08-01 security patch levelSecurity vulnerability details</h2> 185 <p> 186 In the sections below, we provide details for each of the security 187 vulnerabilities that apply to the 2016-08-01 patch level. There is a description of 188 the issue, a severity rationale, and a table with the CVE, associated 189 references, severity, updated Nexus devices, updated AOSP versions (where 190 applicable), and date reported. When available, we will link the public change 191 that addressed the issue to the bug ID, such as the AOSP change list. When 192 multiple changes relate to a single bug, additional references are linked to 193 numbers following the bug ID. 194 </p> 195 196 <h3 id="remote-code-execution-vulnerability-in-mediaserver"> 197 Remote code execution vulnerability in Mediaserver</h3> 198 <p> 199 A remote code execution vulnerability in Mediaserver could enable an attacker 200 using a specially crafted file to cause memory corruption during media file and 201 data processing. This issue is rated as Critical due to the possibility of 202 remote code execution within the context of the Mediaserver process. The 203 Mediaserver process has access to audio and video streams, as well as access to 204 privileges that third-party apps could not normally access. 205 </p> 206 <p> 207 The affected functionality is provided as a core part of the operating system 208 and there are multiple applications that allow it to be reached with remote 209 content, most notably MMS and browser playback of media. 210 </p> 211 <table> 212 <col width="18%"> 213 <col width="18%"> 214 <col width="10%"> 215 <col width="19%"> 216 <col width="17%"> 217 <col width="17%"> 218 <tr> 219 <th>CVE</th> 220 <th>References</th> 221 <th>Severity</th> 222 <th>Updated Nexus devices</th> 223 <th>Updated AOSP versions</th> 224 <th>Date reported</th> 225 </tr> 226 <tr> 227 <td>CVE-2016-3819</td> 228 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/590d1729883f700ab905cdc9ad850f3ddd7e1f56"> 229 A-28533562</a></td> 230 <td>Critical</td> 231 <td>All Nexus</td> 232 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 233 <td>May 2, 2016</td> 234 </tr> 235 <tr> 236 <td>CVE-2016-3820</td> 237 <td><a href="https://android.googlesource.com/platform/external/libavc/+/a78887bcffbc2995cf9ed72e0697acf560875e9e"> 238 A-28673410</a></td> 239 <td>Critical</td> 240 <td>All Nexus</td> 241 <td>6.0, 6.0.1</td> 242 <td>May 6, 2016</td> 243 </tr> 244 <tr> 245 <td>CVE-2016-3821</td> 246 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/42a25c46b844518ff0d0b920c20c519e1417be69"> 247 A-28166152</a></td> 248 <td>Critical</td> 249 <td>All Nexus</td> 250 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 251 <td>Google internal</td> 252 </tr> 253 </table> 254 255 <h3 id="remote-code-execution-vulnerability-in-libjhead"> 256 Remote code execution vulnerability in libjhead</h3> 257 <p> 258 A remote code execution vulnerability in libjhead could enable an attacker using 259 a specially crafted file to execute arbitrary code in the context of an 260 unprivileged process. This issue is rated as High due to the possibility of 261 remote code execution in applications that use this library. 262 </p> 263 <table> 264 <col width="18%"> 265 <col width="18%"> 266 <col width="10%"> 267 <col width="19%"> 268 <col width="17%"> 269 <col width="17%"> 270 <tr> 271 <th>CVE</th> 272 <th>References</th> 273 <th>Severity</th> 274 <th>Updated Nexus devices</th> 275 <th>Updated AOSP versions</th> 276 <th>Date reported</th> 277 </tr> 278 <tr> 279 <td>CVE-2016-3822</td> 280 <td><a href="https://android.googlesource.com/platform/external/jhead/+/bae671597d47b9e5955c4cb742e468cebfd7ca6b"> 281 A-28868315</a></td> 282 <td>High</td> 283 <td>All Nexus</td> 284 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 285 <td>Google internal</td> 286 </tr> 287 </table> 288 289 <h3 id="elevation-of-privilege-vulnerability-in-mediaserver"> 290 Elevation of privilege vulnerability in Mediaserver</h3> 291 <p> 292 An elevation of privilege vulnerability in Mediaserver could enable a local 293 malicious application to execute arbitrary code within the context of a 294 privileged process. This issue is rated as High because it could be used to gain 295 local access to elevated capabilities, which are not normally accessible to a 296 third-party application. 297 </p> 298 <table> 299 <col width="18%"> 300 <col width="18%"> 301 <col width="10%"> 302 <col width="19%"> 303 <col width="17%"> 304 <col width="17%"> 305 <tr> 306 <th>CVE</th> 307 <th>References</th> 308 <th>Severity</th> 309 <th>Updated Nexus devices</th> 310 <th>Updated AOSP versions</th> 311 <th>Date reported</th> 312 </tr> 313 <tr> 314 <td>CVE-2016-3823</td> 315 <td><a href="https://android.googlesource.com/platform/hardware/qcom/media/+/7558d03e6498e970b761aa44fff6b2c659202d95"> 316 A-28815329</a></td> 317 <td>High</td> 318 <td>All Nexus</td> 319 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 320 <td>May 17, 2016</td> 321 </tr> 322 <tr> 323 <td>CVE-2016-3824</td> 324 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/b351eabb428c7ca85a34513c64601f437923d576"> 325 A-28816827</a></td> 326 <td>High</td> 327 <td>All Nexus</td> 328 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 329 <td>May 17, 2016</td> 330 </tr> 331 <tr> 332 <td>CVE-2016-3825</td> 333 <td><a href="https://android.googlesource.com/platform/hardware/qcom/media/+/d575ecf607056d8e3328ef2eb56c52e98f81e87d"> 334 A-28816964</a></td> 335 <td>High</td> 336 <td>All Nexus</td> 337 <td>5.0.2, 5.1.1, 6.0, 6.0.1</td> 338 <td>May 17, 2016</td> 339 </tr> 340 <tr> 341 <td>CVE-2016-3826</td> 342 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/9cd8c3289c91254b3955bd7347cf605d6fa032c6"> 343 A-29251553</a></td> 344 <td>High</td> 345 <td>All Nexus</td> 346 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 347 <td>Jun 9, 2016</td> 348 </tr> 349 </table> 350 351 <h3 id="denial-of-service-vulnerability-in-mediaserver"> 352 Denial of service vulnerability in Mediaserver</h3> 353 <p> 354 A denial of service vulnerability in Mediaserver could enable an attacker using 355 a specially crafted file to cause a device hang or reboot. This issue is rated 356 as High due to the possibility of a temporary remote denial of service. 357 </p> 358 <table> 359 <col width="18%"> 360 <col width="18%"> 361 <col width="10%"> 362 <col width="19%"> 363 <col width="17%"> 364 <col width="17%"> 365 <tr> 366 <th>CVE</th> 367 <th>References</th> 368 <th>Severity</th> 369 <th>Updated Nexus devices</th> 370 <th>Updated AOSP versions</th> 371 <th>Date reported</th> 372 </tr> 373 <tr> 374 <td>CVE-2016-3827</td> 375 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/a4567c66f4764442c6cb7b5c1858810194480fb5"> 376 A-28816956</a></td> 377 <td>High</td> 378 <td>All Nexus</td> 379 <td>6.0.1</td> 380 <td>May 16, 2016</td> 381 </tr> 382 <tr> 383 <td>CVE-2016-3828</td> 384 <td><a href="https://android.googlesource.com/platform/external/libavc/+/7554755536019e439433c515eeb44e701fb3bfb2"> 385 A-28835995</a></td> 386 <td>High</td> 387 <td>All Nexus</td> 388 <td>6.0, 6.0.1</td> 389 <td>May 17, 2016</td> 390 </tr> 391 <tr> 392 <td>CVE-2016-3829</td> 393 <td><a href="https://android.googlesource.com/platform/external/libavc/+/326fe991a4b7971e8aeaf4ac775491dd8abd85bb"> 394 A-29023649</a></td> 395 <td>High</td> 396 <td>All Nexus</td> 397 <td>6.0, 6.0.1</td> 398 <td>May 27, 2016</td> 399 </tr> 400 <tr> 401 <td>CVE-2016-3830</td> 402 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/8e438e153f661e9df8db0ac41d587e940352df06"> 403 A-29153599</a></td> 404 <td>High</td> 405 <td>All Nexus</td> 406 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 407 <td>Google internal</td> 408 </tr> 409 </table> 410 411 <h3 id="denial-of-service-vulnerability-in-system-clock"> 412 Denial of service vulnerability in system clock</h3> 413 <p> 414 A denial of service vulnerability in the system clock could enable a remote 415 attacker to crash the device. This issue is rated as High due to the possibility 416 of a temporary remote denial of service. 417 </p> 418 <table> 419 <col width="18%"> 420 <col width="18%"> 421 <col width="10%"> 422 <col width="19%"> 423 <col width="17%"> 424 <col width="17%"> 425 <tr> 426 <th>CVE</th> 427 <th>References</th> 428 <th>Severity</th> 429 <th>Updated Nexus devices</th> 430 <th>Updated AOSP versions</th> 431 <th>Date reported</th> 432 </tr> 433 <tr> 434 <td>CVE-2016-3831</td> 435 <td><a href="https://android.googlesource.com/platform/frameworks/opt/telephony/+/f47bc301ccbc5e6d8110afab5a1e9bac1d4ef058"> 436 A-29083635</a></td> 437 <td>High</td> 438 <td>All Nexus</td> 439 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 440 <td>May 31, 2016</td> 441 </tr> 442 </table> 443 444 <h3 id="elevation-of-privilege-vulnerability-in-framework-apis"> 445 Elevation of privilege vulnerability in framework APIs</h3> 446 <p> 447 An elevation of privilege vulnerability in the framework APIs could enable a 448 local malicious application to bypass operating system protections that isolate 449 application data from other applications. This issue is rated as Moderate 450 because it could be used to gain access to data that is outside of the 451 applications permission levels. 452 </p> 453 <table> 454 <col width="18%"> 455 <col width="17%"> 456 <col width="10%"> 457 <col width="19%"> 458 <col width="18%"> 459 <col width="17%"> 460 <tr> 461 <th>CVE</th> 462 <th>References</th> 463 <th>Severity</th> 464 <th>Updated Nexus devices</th> 465 <th>Updated AOSP versions</th> 466 <th>Date reported</th> 467 </tr> 468 <tr> 469 <td>CVE-2016-3832</td> 470 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/e7cf91a198de995c7440b3b64352effd2e309906"> 471 A-28795098</a></td> 472 <td>Moderate</td> 473 <td>All Nexus</td> 474 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 475 <td>May 15, 2016</td> 476 </tr> 477 </table> 478 479 <h3 id="elevation-of-privilege-vulnerability-in-shell"> 480 Elevation of privilege vulnerability in Shell</h3> 481 <p> 482 An elevation of privilege in the Shell could enable a local malicious 483 application to bypass device constraints such as user restrictions. This issue 484 is rated as Moderate because it is a local bypass of user permissions. 485 </p> 486 <table> 487 <col width="18%"> 488 <col width="17%"> 489 <col width="10%"> 490 <col width="19%"> 491 <col width="17%"> 492 <col width="18%"> 493 <tr> 494 <th>CVE</th> 495 <th>References</th> 496 <th>Severity</th> 497 <th>Updated Nexus devices</th> 498 <th>Updated AOSP versions</th> 499 <th>Date reported</th> 500 </tr> 501 <tr> 502 <td>CVE-2016-3833</td> 503 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/01875b0274e74f97edf6b0d5c92de822e0555d03"> 504 A-29189712</a> 505 [<a href="https://android.googlesource.com/platform/frameworks/base/+/4e4743a354e26467318b437892a9980eb9b8328a">2</a>]</td> 506 <td>Moderate</td> 507 <td>All Nexus</td> 508 <td>5.0.2, 5.1.1, 6.0, 6.0.1</td> 509 <td>Google internal</td> 510 </tr> 511 </table> 512 513 <h3 id="information-disclosure-vulnerability-in-openssl"> 514 Information disclosure vulnerability in OpenSSL</h3> 515 <p> 516 An information disclosure vulnerability in OpenSSL could allow a local malicious 517 application to access data outside of its permission levels. This issue is rated 518 as Moderate because it could be used to access sensitive data without 519 permission. 520 </p> 521 <table> 522 <col width="18%"> 523 <col width="18%"> 524 <col width="10%"> 525 <col width="19%"> 526 <col width="17%"> 527 <col width="17%"> 528 <tr> 529 <th>CVE</th> 530 <th>References</th> 531 <th>Severity</th> 532 <th>Updated Nexus devices</th> 533 <th>Updated AOSP versions</th> 534 <th>Date reported</th> 535 </tr> 536 <tr> 537 <td>CVE-2016-2842</td> 538 <td>A-29060514</td> 539 <td>None*</td> 540 <td>All Nexus</td> 541 <td>4.4.4, 5.0.2, 5.1.1</td> 542 <td>Mar 29, 2016</td> 543 </tr> 544 </table> 545 <p>* Supported Nexus devices that have installed all available updates are not 546 affected by this vulnerability</p> 547 548 <h3 id="information-disclosure-vulnerability-in-camera-apis"> 549 Information disclosure vulnerability in camera APIs</h3> 550 <p> 551 An information disclosure vulnerability in the camera APIs could allow a local 552 malicious application to access data structures outside of its permission levels. This 553 issue is rated as Moderate because it could be used to access sensitive data 554 without permission. 555 </p> 556 <table> 557 <col width="18%"> 558 <col width="17%"> 559 <col width="10%"> 560 <col width="19%"> 561 <col width="18%"> 562 <col width="17%"> 563 <tr> 564 <th>CVE</th> 565 <th>References</th> 566 <th>Severity</th> 567 <th>Updated Nexus devices</th> 568 <th>Updated AOSP versions</th> 569 <th>Date reported</th> 570 </tr> 571 <tr> 572 <td>CVE-2016-3834</td> 573 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/1f24c730ab6ca5aff1e3137b340b8aeaeda4bdbc"> 574 A-28466701</a></td> 575 <td>Moderate</td> 576 <td>All Nexus</td> 577 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 578 <td>Apr 28, 2016</td> 579 </tr> 580 </table> 581 582 <h3 id="information-disclosure-vulnerability-in-mediaserver"> 583 Information disclosure vulnerability in Mediaserver</h3> 584 <p> 585 An information disclosure vulnerability in Mediaserver could allow a local 586 malicious application to access data outside of its permission levels. This 587 issue is rated as Moderate because it could be used to access sensitive data 588 without permission. 589 </p> 590 <table> 591 <col width="18%"> 592 <col width="17%"> 593 <col width="10%"> 594 <col width="19%"> 595 <col width="18%"> 596 <col width="17%"> 597 <tr> 598 <th>CVE</th> 599 <th>References</th> 600 <th>Severity</th> 601 <th>Updated Nexus devices</th> 602 <th>Updated AOSP versions</th> 603 <th>Date reported</th> 604 </tr> 605 <tr> 606 <td>CVE-2016-3835</td> 607 <td><a href="https://android.googlesource.com/platform/hardware/qcom/media/+/7558d03e6498e970b761aa44fff6b2c659202d95"> 608 A-28920116</a></td> 609 <td>Moderate</td> 610 <td>All Nexus</td> 611 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 612 <td>May 23, 2016</td> 613 </tr> 614 </table> 615 616 <h3 id="information-disclosure-vulnerability-in-surfaceflinger"> 617 Information disclosure vulnerability in SurfaceFlinger</h3> 618 <p> 619 An information disclosure vulnerability in the SurfaceFlinger service could 620 enable a local malicious application to access data outside of its permission 621 levels. This issue is rated as Moderate because it could be used to access 622 sensitive data without explicit user permission. 623 </p> 624 <table> 625 <col width="18%"> 626 <col width="18%"> 627 <col width="10%"> 628 <col width="19%"> 629 <col width="17%"> 630 <col width="17%"> 631 <tr> 632 <th>CVE</th> 633 <th>References</th> 634 <th>Severity</th> 635 <th>Updated Nexus devices</th> 636 <th>Updated AOSP versions</th> 637 <th>Date reported</th> 638 </tr> 639 <tr> 640 <td>CVE-2016-3836</td> 641 <td><a href="https://android.googlesource.com/platform/frameworks/native/+/3bcf0caa8cca9143443814b36676b3bae33a4368"> 642 A-28592402</a></td> 643 <td>Moderate</td> 644 <td>All Nexus</td> 645 <td>5.0.2, 5.1.1, 6.0, 6.0.1</td> 646 <td>May 4, 2016</td> 647 </tr> 648 </table> 649 650 <h3 id="information-disclosure-vulnerability-in-wi-fi"> 651 Information disclosure vulnerability in Wi-Fi</h3> 652 <p> 653 An information disclosure vulnerability in Wi-Fi could allow a local malicious 654 application to to access data outside of its permission levels. This issue is 655 rated Moderate because it could be used to access sensitive data without 656 permission. 657 </p> 658 <table> 659 <col width="18%"> 660 <col width="18%"> 661 <col width="10%"> 662 <col width="19%"> 663 <col width="17%"> 664 <col width="17%"> 665 <tr> 666 <th>CVE</th> 667 <th>References</th> 668 <th>Severity</th> 669 <th>Updated Nexus devices</th> 670 <th>Updated AOSP versions</th> 671 <th>Date reported</th> 672 </tr> 673 <tr> 674 <td>CVE-2016-3837</td> 675 <td><a href="https://android.googlesource.com/platform/frameworks/opt/net/wifi/+/a209ff12ba9617c10550678ff93d01fb72a33399"> 676 A-28164077</a></td> 677 <td>Moderate</td> 678 <td>All Nexus</td> 679 <td>5.0.2, 5.1.1, 6.0, 6.0.1</td> 680 <td>Google internal</td> 681 </tr> 682 </table> 683 684 <h3 id="denial-of-service-vulnerability-in-system-ui"> 685 Denial of service vulnerability in system UI</h3> 686 <p> 687 A denial of service vulnerability in the system UI could enable a local 688 malicious application to prevent 911 calls from a locked screen. This issue is 689 rated as Moderate due to the possibility of a denial of service on a critical 690 function. 691 </p> 692 <table> 693 <col width="18%"> 694 <col width="18%"> 695 <col width="10%"> 696 <col width="19%"> 697 <col width="17%"> 698 <col width="17%"> 699 <tr> 700 <th>CVE</th> 701 <th>References</th> 702 <th>Severity</th> 703 <th>Updated Nexus devices</th> 704 <th>Updated AOSP versions</th> 705 <th>Date reported</th> 706 </tr> 707 <tr> 708 <td>CVE-2016-3838</td> 709 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/468651c86a8adb7aa56c708d2348e99022088af3"> 710 A-28761672</a></td> 711 <td>Moderate</td> 712 <td>All Nexus</td> 713 <td>6.0, 6.0.1</td> 714 <td>Google internal</td> 715 </tr> 716 </table> 717 718 <h3 id="denial-of-service-vulnerability-in-bluetooth"> 719 Denial of service vulnerability in Bluetooth</h3> 720 <p> 721 A denial of service vulnerability in Bluetooth could enable a local malicious 722 application to prevent 911 calls from a Bluetooth device. This issue is rated as 723 Moderate due to the possibility of a denial of service on a critical function. 724 </p> 725 <table> 726 <col width="18%"> 727 <col width="17%"> 728 <col width="10%"> 729 <col width="19%"> 730 <col width="18%"> 731 <col width="17%"> 732 <tr> 733 <th>CVE</th> 734 <th>References</th> 735 <th>Severity</th> 736 <th>Updated Nexus devices</th> 737 <th>Updated AOSP versions</th> 738 <th>Date reported</th> 739 </tr> 740 <tr> 741 <td>CVE-2016-3839</td> 742 <td><a href="https://android.googlesource.com/platform/system/bt/+/472271b153c5dc53c28beac55480a8d8434b2d5c"> 743 A-28885210</a></td> 744 <td>Moderate</td> 745 <td>All Nexus</td> 746 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 747 <td>Google internal</td> 748 </tr> 749 </table> 750 <h2 id="2016-08-05-details"> 751 2016-08-05 security patch levelVulnerability details</h2> 752 <p> 753 In the sections below, we provide details for each of the security 754 vulnerabilities that apply to the 2016-08-05 patch level. There is a description of 755 the issue, a severity rationale, and a table with the CVE, associated 756 references, severity, updated Nexus devices, updated AOSP versions (where 757 applicable), and date reported. When available, we will link the public change 758 that addressed the issue to the bug ID, like the AOSP change list. When multiple 759 changes relate to a single bug, additional references are linked to numbers 760 following the bug ID. 761 </p> 762 763 <h3 id="remote-code-execution-vulnerability-in-qualcomm-wi-fi-driver"> 764 Remote code execution vulnerability in Qualcomm Wi-Fi driver</h3> 765 <p> 766 A remote code execution vulnerability in the Qualcomm Wi-Fi driver could enable 767 a remote attacker to execute arbitrary code within the context of the kernel. 768 This issue is rated as Critical due to the possibility of a local permanent 769 device compromise. 770 </p> 771 <table> 772 <col width="19%"> 773 <col width="20%"> 774 <col width="10%"> 775 <col width="23%"> 776 <col width="17%"> 777 <tr> 778 <th>CVE</th> 779 <th>References</th> 780 <th>Severity</th> 781 <th>Updated Nexus devices</th> 782 <th>Date reported</th> 783 </tr> 784 <tr> 785 <td>CVE-2014-9902</td> 786 <td>A-28668638 787 <p> 788 <a href="https://us.codeaurora.org/cgit/quic/la//platform/vendor/qcom-opensource/wlan/prima/commit/?id=3b1c44a3a7129dc25abe2c23543f6f66c59e8f50"> 789 QC-CR#553937</a><br /> 790 <a href="https://us.codeaurora.org/cgit/quic/la//platform/vendor/qcom-opensource/wlan/prima/commit/?id=3b1c44a3a7129dc25abe2c23543f6f66c59e8f50"> 791 QC-CR#553941</a> 792 </p> 793 </td> 794 <td>Critical</td> 795 <td>Nexus 7 (2013)</td> 796 <td>Mar 31, 2014</td> 797 </tr> 798 </table> 799 800 <h3 id="remote-code-execution-vulnerability-in-conscrypt">Remote code execution 801 vulnerability in Conscrypt</h3> 802 <p> 803 A remote code execution vulnerability in Conscrypt could enable a remote 804 attacker to execute arbitrary code within the context of a privileged process. 805 This issue is rated as Critical due to the possibility of remote code execution. 806 </p> 807 <table> 808 <col width="18%"> 809 <col width="18%"> 810 <col width="10%"> 811 <col width="19%"> 812 <col width="17%"> 813 <col width="17%"> 814 <tr> 815 <th>CVE</th> 816 <th>References</th> 817 <th>Severity</th> 818 <th>Updated Nexus devices</th> 819 <th>Updated AOSP versions</th> 820 <th>Date reported</th> 821 </tr> 822 <tr> 823 <td>CVE-2016-3840</td> 824 <td><a href="https://android.googlesource.com/platform/external/conscrypt/+/5af5e93463f4333187e7e35f3bd2b846654aa214"> 825 A-28751153</a></td> 826 <td>Critical</td> 827 <td>All Nexus</td> 828 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 829 <td>Google internal</td> 830 </tr> 831 </table> 832 833 <h3 id="elevation-of-privilege-vulnerability-in-qualcomm-components"> 834 Elevation of privilege vulnerability in Qualcomm components</h3> 835 <p> 836 The table below contains security vulnerabilities affecting Qualcomm components, 837 potentially including the bootloader, camera driver, character drive, 838 networking, sound driver, and video driver. 839 </p> 840 <p> 841 The most severe of these issues is rated as Critical due to possibility that a 842 local malicious application could execute arbitrary code within the context of 843 the kernel leading to a local permanent device compromise, which may require 844 reflashing the operating system to repair the device. 845 </p> 846 <table> 847 <col width="19%"> 848 <col width="20%"> 849 <col width="10%"> 850 <col width="23%"> 851 <col width="17%"> 852 <tr> 853 <th>CVE</th> 854 <th>References</th> 855 <th>Severity</th> 856 <th>Updated Nexus devices</th> 857 <th>Date reported</th> 858 </tr> 859 <tr> 860 <td>CVE-2014-9863</td> 861 <td>A-28768146 862 <p> 863 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=75eac48a48562f819f50eeff8369b296d89102d7"> 864 QC-CR#549470</a> 865 </p> 866 </td> 867 <td>Critical</td> 868 <td>Nexus 5, Nexus 7 (2013)</td> 869 <td>Apr 30, 2014</td> 870 </tr> 871 <tr> 872 <td>CVE-2014-9864</td> 873 <td>A-28747998 874 <p> 875 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=a1124defc680055e2f2a8c8e3da4a94ca2ec842e"> 876 QC-CR#561841</a> 877 </p></td> 878 <td>High</td> 879 <td>Nexus 5, Nexus 7 (2013)</td> 880 <td>Mar 27, 2014</td> 881 </tr> 882 <tr> 883 <td>CVE-2014-9865</td> 884 <td>A-28748271 885 <p> 886 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=e65a876a155de945e306f2726f3a557415e6044e"> 887 QC-CR#550013</a> 888 </p> 889 </td> 890 <td>High</td> 891 <td>Nexus 5, Nexus 7 (2013)</td> 892 <td>Mar 27, 2014</td> 893 </tr> 894 <tr> 895 <td>CVE-2014-9866</td> 896 <td>A-28747684 897 <p> 898 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=8e6daae70422ad35146a87700e6634a747d1ff5d"> 899 QC-CR#511358</a> 900 </p> 901 </td> 902 <td>High</td> 903 <td>Nexus 5, Nexus 7 (2013)</td> 904 <td>Mar 31, 2014</td> 905 </tr> 906 <tr> 907 <td>CVE-2014-9867</td> 908 <td>A-28749629 909 <p> 910 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=322c518689a7f820165ca4c5d6b750b02ac34665"> 911 QC-CR#514702</a> 912 </p> 913 </td> 914 <td>High</td> 915 <td>Nexus 5, Nexus 7 (2013)</td> 916 <td>Mar 31, 2014</td> 917 </tr> 918 <tr> 919 <td>CVE-2014-9868</td> 920 <td>A-28749721 921 <p> 922 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=1f274b74c00187ba1c379971503f51944148b22f"> 923 QC-CR#511976</a> 924 </p> 925 </td> 926 <td>High</td> 927 <td>Nexus 5, Nexus 7 (2013)</td> 928 <td>Mar 31, 2014</td> 929 </tr> 930 <tr> 931 <td>CVE-2014-9869</td> 932 <td>A-28749728 933 <p> 934 <a 935 href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=8d1f7531ff379befc129a6447642061e87562bca"> 936 QC-CR#514711</a> 937 [<a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=7a26934e4196b4aa61944081989189d59b108768">2</a>] 938 </p> 939 </td> 940 <td>High</td> 941 <td>Nexus 5, Nexus 7 (2013)</td> 942 <td>Mar 31, 2014</td> 943 </tr> 944 <tr> 945 <td>CVE-2014-9870</td> 946 <td>A-28749743 947 <p> 948 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm/commit/?id=4f57652fcd2dce7741f1ac6dc0417e2f265cd1de"> 949 QC-CR#561044</a> 950 </p> 951 </td> 952 <td>High</td> 953 <td>Nexus 5, Nexus 7 (2013)</td> 954 <td>Mar 31, 2014</td> 955 </tr> 956 <tr> 957 <td>CVE-2014-9871</td> 958 <td>A-28749803 959 <p> 960 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=f615e40c706708f74cd826d5b19c63025f54c041"> 961 QC-CR#514717</a> 962 </p> 963 </td> 964 <td>High</td> 965 <td>Nexus 5, Nexus 7 (2013)</td> 966 <td>Mar 31, 2014</td> 967 </tr> 968 <tr> 969 <td>CVE-2014-9872</td> 970 <td>A-28750155 971 <p> 972 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=fc787ebd71fa231cc7dd2a0d5f2208da0527096a"> 973 QC-CR#590721</a> 974 </p> 975 </td> 976 <td>High</td> 977 <td>Nexus 5</td> 978 <td>Mar 31, 2014</td> 979 </tr> 980 <tr> 981 <td>CVE-2014-9873</td> 982 <td>A-28750726 983 <p> 984 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm/commit/?id=ef29ae1d40536fef7fb95e4d5bb5b6b57bdf9420"> 985 QC-CR#556860</a> 986 </p> 987 </td> 988 <td>High</td> 989 <td>Nexus 5, Nexus 7 (2013)</td> 990 <td>Mar 31, 2014</td> 991 </tr> 992 <tr> 993 <td>CVE-2014-9874</td> 994 <td>A-28751152 995 <p> 996 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm/commit/?id=56ff68b1f93eaf22e5e0284648fd862dc08c9236"> 997 QC-CR#563086</a> 998 </p> 999 </td> 1000 <td>High</td> 1001 <td>Nexus 5, Nexus 5X, Nexus 6P, Nexus 7 (2013)</td> 1002 <td>Mar 31, 2014</td> 1003 </tr> 1004 <tr> 1005 <td>CVE-2014-9875</td> 1006 <td>A-28767589 1007 <p> 1008 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=b77c694b88a994d077316c157168c710696f8805"> 1009 QC-CR#483310</a> 1010 </p> 1011 </td> 1012 <td>High</td> 1013 <td>Nexus 7 (2013)</td> 1014 <td>Apr 30, 2014</td> 1015 </tr> 1016 <tr> 1017 <td>CVE-2014-9876</td> 1018 <td>A-28767796 1019 <p> 1020 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=7efd393ca08ac74b2e3d2639b0ad77da139e9139"> 1021 QC-CR#483408</a> 1022 </p> 1023 </td> 1024 <td>High</td> 1025 <td>Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, Nexus 7 (2013)</td> 1026 <td>Apr 30, 2014</td> 1027 </tr> 1028 <tr> 1029 <td>CVE-2014-9877</td> 1030 <td>A-28768281 1031 <p> 1032 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=f0c0112a6189747a3f24f20210157f9974477e03"> 1033 QC-CR#547231</a> 1034 </p> 1035 </td> 1036 <td>High</td> 1037 <td>Nexus 5, Nexus 7 (2013)</td> 1038 <td>Apr 30, 2014</td> 1039 </tr> 1040 <tr> 1041 <td>CVE-2014-9878</td> 1042 <td>A-28769208 1043 <p> 1044 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=96a62c1de93a44e6ca69514411baf4b3d67f6dee"> 1045 QC-CR#547479</a> 1046 </p> 1047 </td> 1048 <td>High</td> 1049 <td>Nexus 5</td> 1050 <td>Apr 30, 2014</td> 1051 </tr> 1052 <tr> 1053 <td>CVE-2014-9879</td> 1054 <td>A-28769221 1055 <p> 1056 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=ecc8116e1befb3a764109f47ba0389434ddabbe4"> 1057 QC-CR#524490</a> 1058 </p> 1059 </td> 1060 <td>High</td> 1061 <td>Nexus 5</td> 1062 <td>Apr 30, 2014</td> 1063 </tr> 1064 <tr> 1065 <td>CVE-2014-9880</td> 1066 <td>A-28769352 1067 <p> 1068 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=f2a3f5e63e15e97a66e8f5a300457378bcb89d9c"> 1069 QC-CR#556356</a> 1070 </p> 1071 </td> 1072 <td>High</td> 1073 <td>Nexus 7 (2013)</td> 1074 <td>Apr 30, 2014</td> 1075 </tr> 1076 <tr> 1077 <td>CVE-2014-9881</td> 1078 <td>A-28769368 1079 <p> 1080 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=ba3f404a10b3bb7e9c20440837df3cd35c5d0c4b"> 1081 QC-CR#539008</a> 1082 </p> 1083 </td> 1084 <td>High</td> 1085 <td>Nexus 7 (2013)</td> 1086 <td>Apr 30, 2014</td> 1087 </tr> 1088 <tr> 1089 <td>CVE-2014-9882</td> 1090 <td>A-28769546 1091 <p> 1092 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=3a4ebaac557a9e3fbcbab4561650abac8298a4d9"> 1093 QC-CR#552329</a> 1094 [<a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=0f6afe815b1b3f920f3502be654c848bdfe5ef38">2</a>]</p> 1095 </td> 1096 <td>High</td> 1097 <td>Nexus 7 (2013)</td> 1098 <td>Apr 30, 2014</td> 1099 </tr> 1100 <tr> 1101 <td>CVE-2014-9883</td> 1102 <td>A-28769912 1103 <p> 1104 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=cbf79a67348e48557c0d0bb9bc58391b3f84bc46"> 1105 QC-CR#565160</a> 1106 </p> 1107 </td> 1108 <td>High</td> 1109 <td>Nexus 5, Nexus 7 (2013)</td> 1110 <td>Apr 30, 2014</td> 1111 </tr> 1112 <tr> 1113 <td>CVE-2014-9884</td> 1114 <td>A-28769920 1115 <p> 1116 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=f4948193c46f75e16d4382c4472485ab12b7bd17"> 1117 QC-CR#580740</a> 1118 </p> 1119 </td> 1120 <td>High</td> 1121 <td>Nexus 5, Nexus 7 (2013)</td> 1122 <td>Apr 30, 2014</td> 1123 </tr> 1124 <tr> 1125 <td>CVE-2014-9885</td> 1126 <td>A-28769959 1127 <p> 1128 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=a1d5a4cbd5aa8656bc23b40c7cc43941e10f89c3"> 1129 QC-CR#562261</a> 1130 </p> 1131 </td> 1132 <td>High</td> 1133 <td>Nexus 5</td> 1134 <td>Apr 30, 2014</td> 1135 </tr> 1136 <tr> 1137 <td>CVE-2014-9886</td> 1138 <td>A-28815575 1139 <p> 1140 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=80be0e249c906704085d13d4ae446f73913fc225"> 1141 QC-CR#555030</a> 1142 </p> 1143 </td> 1144 <td>High</td> 1145 <td>Nexus 5, Nexus 7 (2013)</td> 1146 <td>Apr 30, 2014</td> 1147 </tr> 1148 <tr> 1149 <td>CVE-2014-9887</td> 1150 <td>A-28804057 1151 <p> 1152 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm-3.10/commit/?id=b1bc773cf61265e0e3871b2e52bd6b3270ffc6c3"> 1153 QC-CR#636633</a> 1154 </p> 1155 </td> 1156 <td>High</td> 1157 <td>Nexus 5, Nexus 7 (2013)</td> 1158 <td>Jul 3, 2014</td> 1159 </tr> 1160 <tr> 1161 <td>CVE-2014-9888</td> 1162 <td>A-28803642 1163 <p> 1164 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=f044936caab337a4384fbfe64a4cbae33c7e22a1"> 1165 QC-CR#642735</a> 1166 </p> 1167 </td> 1168 <td>High</td> 1169 <td>Nexus 5, Nexus 7 (2013)</td> 1170 <td>Aug 29, 2014</td> 1171 </tr> 1172 <tr> 1173 <td>CVE-2014-9889</td> 1174 <td>A-28803645 1175 <p> 1176 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit?id=f4e2f2d4ef58c88340774099dff3324ec8baa24a"> 1177 QC-CR#674712</a> 1178 </p></td> 1179 <td>High</td> 1180 <td>Nexus 5</td> 1181 <td>Oct 31, 2014</td> 1182 </tr> 1183 <tr> 1184 <td>CVE-2015-8937</td> 1185 <td>A-28803962 1186 <p> 1187 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm-3.10/commit/?id=c66202b9288cc4ab1c38f7c928fa1005c285c170"> 1188 QC-CR#770548</a> 1189 </p> 1190 </td> 1191 <td>High</td> 1192 <td>Nexus 5, Nexus 6, Nexus 7 (2013)</td> 1193 <td>Mar 31, 2015</td> 1194 </tr> 1195 <tr> 1196 <td>CVE-2015-8938</td> 1197 <td>A-28804030 1198 <p> 1199 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm-3.10/commit/?id=51c39420e3a49d1a7f05a77c64369b7623088238"> 1200 QC-CR#766022</a></p></td> 1201 <td>High</td> 1202 <td>Nexus 6</td> 1203 <td>Mar 31, 2015</td> 1204 </tr> 1205 <tr> 1206 <td>CVE-2015-8939</td> 1207 <td>A-28398884 1208 <p> 1209 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=884cff808385788fa620833c7e2160a4b98a21da"> 1210 QC-CR#779021</a></p></td> 1211 <td>High</td> 1212 <td>Nexus 7 (2013)</td> 1213 <td>Apr 30, 2015</td> 1214 </tr> 1215 <tr> 1216 <td>CVE-2015-8940</td> 1217 <td>A-28813987 1218 <p> 1219 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm-3.10/commit/?id=e13ebd727d161db7003be6756e61283dce85fa3b"> 1220 QC-CR#792367</a></p></td> 1221 <td>High</td> 1222 <td>Nexus 6</td> 1223 <td>Apr 30, 2015</td> 1224 </tr> 1225 <tr> 1226 <td>CVE-2015-8941</td> 1227 <td>A-28814502 1228 <p> 1229 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm-3.10/commit/?id=d4d4d1dd626b21e68e78395bab3382c1eb04877f"> 1230 QC-CR#792473</a></p></td> 1231 <td>High</td> 1232 <td>Nexus 6, Nexus 7 (2013)</td> 1233 <td>May 29, 2015</td> 1234 </tr> 1235 <tr> 1236 <td>CVE-2015-8942</td> 1237 <td>A-28814652 1238 <p> 1239 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm-3.10/commit/?id=9ec380c06bbd79493828fcc3c876d8a53fd3369f"> 1240 QC-CR#803246</a></p></td> 1241 <td>High</td> 1242 <td>Nexus 6</td> 1243 <td>Jun 30, 2015</td> 1244 </tr> 1245 <tr> 1246 <td>CVE-2015-8943</td> 1247 <td>A-28815158 1248 <p> 1249 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm/commit/?id=ad376e4053b87bd58f62f45b6df2c5544bc21aee"> 1250 QC-CR#794217</a></p> 1251 <p> 1252 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm/commit/?id=ad376e4053b87bd58f62f45b6df2c5544bc21aee"> 1253 QC-CR#836226</a></p></td> 1254 <td>High</td> 1255 <td>Nexus 5</td> 1256 <td>Sep 11, 2015</td> 1257 </tr> 1258 <tr> 1259 <td>CVE-2014-9891</td> 1260 <td>A-28749283 1261 <p> 1262 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=c10f03f191307f7114af89933f2d91b830150094"> 1263 QC-CR#550061</a></p></td> 1264 <td>Moderate</td> 1265 <td>Nexus 5</td> 1266 <td>Mar 13, 2014</td> 1267 </tr> 1268 <tr> 1269 <td>CVE-2014-9890</td> 1270 <td>A-28770207 1271 <p> 1272 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm-3.10/commit/?id=14e0c8614d2715589583d8a95e33c422d110eb6f"> 1273 QC-CR#529177</a></p></td> 1274 <td>Moderate</td> 1275 <td>Nexus 5, Nexus 7 (2013)</td> 1276 <td>Jun 2, 2014</td> 1277 </tr> 1278 </table> 1279 1280 <h3 1281 id="elevation-of-privilege-vulnerability-in-kernel-networking-component"> 1282 Elevation of privilege vulnerability in kernel networking component</h3> 1283 <p> 1284 An elevation of privilege vulnerability in the kernel networking component could 1285 enable a local malicious application to execute arbitrary code within the 1286 context of the kernel. This issue is rated as Critical due to the possibility of 1287 a local permanent device compromise, which may require reflashing the operating 1288 system to repair the device. 1289 </p> 1290 <table> 1291 <col width="19%"> 1292 <col width="20%"> 1293 <col width="10%"> 1294 <col width="23%"> 1295 <col width="17%"> 1296 <tr> 1297 <th>CVE</th> 1298 <th>References</th> 1299 <th>Severity</th> 1300 <th>Updated Nexus devices</th> 1301 <th>Date reported</th> 1302 </tr> 1303 <tr> 1304 <td>CVE-2015-2686</td> 1305 <td>A-28759139 1306 <p> 1307 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4de930efc23b92ddf88ce91c405ee645fe6e27ea"> 1308 Upstream kernel</a></p></td> 1309 <td>Critical</td> 1310 <td>All Nexus</td> 1311 <td>Mar 23, 2015</td> 1312 </tr> 1313 <tr> 1314 <td>CVE-2016-3841</td> 1315 <td>A-28746669 1316 <p> 1317 <a href="https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=45f6fad84cc305103b28d73482b344d7f5b76f39"> 1318 Upstream kernel</a></p></td> 1319 <td>Critical</td> 1320 <td>All Nexus</td> 1321 <td>Dec 3, 2015</td> 1322 </tr> 1323 </table> 1324 1325 <h3 id="elevation-of-privilege-vulnerability-in-qualcomm-gpu-driver"> 1326 Elevation of privilege vulnerability in Qualcomm GPU driver</h3> 1327 <p> 1328 An elevation of privilege vulnerability in the Qualcomm GPU driver could enable 1329 a local malicious application to execute arbitrary code within the context of 1330 the kernel. This issue is rated as Critical due to the possibility of a local 1331 permanent device compromise, which may require reflashing the operating system 1332 to repair the device. 1333 </p> 1334 <table> 1335 <col width="19%"> 1336 <col width="20%"> 1337 <col width="10%"> 1338 <col width="23%"> 1339 <col width="17%"> 1340 <tr> 1341 <th>CVE</th> 1342 <th>References</th> 1343 <th>Severity</th> 1344 <th>Updated Nexus devices</th> 1345 <th>Date reported</th> 1346 </tr> 1347 <tr> 1348 <td>CVE-2016-2504</td> 1349 <td>A-28026365 1350 <p>QC-CR#1002974</p></td> 1351 <td>Critical</td> 1352 <td>Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, Nexus 7 (2013)</td> 1353 <td>Apr 5, 2016</td> 1354 </tr> 1355 <tr> 1356 <td>CVE-2016-3842</td> 1357 <td>A-28377352 1358 <p> 1359 QC-CR#1002974</p></td> 1360 <td>Critical</td> 1361 <td>Nexus 5X, Nexus 6, Nexus 6P</td> 1362 <td>Apr 25, 2016</td> 1363 </tr> 1364 </table> 1365 <p> 1366 * The patch for this issue is not publicly available. The update is contained in 1367 the latest binary drivers for Nexus devices available from the <a 1368 href="https://developers.google.com/android/nexus/drivers">Google Developer 1369 site</a>. 1370 </p> 1371 1372 1373 <h3 id="elevation-of-privilege-vulnerability-in-qualcomm-performance-component"> 1374 Elevation of privilege vulnerability in Qualcomm performance component</h3> 1375 <p> 1376 An elevation of privilege vulnerability in the Qualcomm performance component 1377 could enable a local malicious application to execute arbitrary code within the 1378 context of the kernel. This issue is rated as Critical due to the possibility of 1379 a local permanent device compromise, which may require reflashing the operating 1380 system to repair the device. 1381 </p> 1382 <p class="note"> 1383 <strong>Note:</strong> There is also a platform-level update in this bulletin 1384 under A-29119870 that is designed to mitigate this class of vulnerabilities. 1385 </p> 1386 <table> 1387 <col width="19%"> 1388 <col width="20%"> 1389 <col width="10%"> 1390 <col width="23%"> 1391 <col width="17%"> 1392 <tr> 1393 <th>CVE</th> 1394 <th>References</th> 1395 <th>Severity</th> 1396 <th>Updated Nexus devices</th> 1397 <th>Date reported</th> 1398 </tr> 1399 <tr> 1400 <td>CVE-2016-3843</td> 1401 <td>A-28086229* 1402 <p> 1403 QC-CR#1011071</p></td> 1404 <td>Critical</td> 1405 <td>Nexus 5X, Nexus 6P</td> 1406 <td>Apr 7, 2016</td> 1407 </tr> 1408 </table> 1409 <p> 1410 * The patch for this issue is not publicly available. The update is contained in 1411 the latest binary drivers for Nexus devices available from the <a 1412 href="https://developers.google.com/android/nexus/drivers">Google Developer 1413 site</a>. 1414 </p> 1415 1416 <h3 id="elevation-of-privilege-vulnerability-in-kernel"> 1417 Elevation of privilege vulnerability in kernel</h3> 1418 <p> 1419 An elevation of privilege vulnerability in the kernel could enable a local 1420 malicious application to execute arbitrary code within the context of the 1421 kernel. This issue is rated as Critical due to the possibility of a local 1422 permanent device compromise, which may require reflashing the operating system 1423 to repair the device. 1424 </p> 1425 <table> 1426 <col width="19%"> 1427 <col width="20%"> 1428 <col width="10%"> 1429 <col width="23%"> 1430 <col width="17%"> 1431 <tr> 1432 <th>CVE</th> 1433 <th>References</th> 1434 <th>Severity</th> 1435 <th>Updated Nexus devices</th> 1436 <th>Date reported</th> 1437 </tr> 1438 <tr> 1439 <td>CVE-2016-3857</td> 1440 <td>A-28522518*</td> 1441 <td>Critical</td> 1442 <td>Nexus 7 (2013)</td> 1443 <td>May 2, 2016</td> 1444 </tr> 1445 </table> 1446 <p> 1447 * The patch for this issue is not publicly available. The update is contained in 1448 the latest binary drivers for Nexus devices available from the <a 1449 href="https://developers.google.com/android/nexus/drivers">Google Developer 1450 site</a>. 1451 </p> 1452 1453 <h3 id="elevation-of-privilege-vulnerability-in-kernel-memory-system"> 1454 Elevation of privilege vulnerability in kernel memory system</h3> 1455 <p> 1456 An elevation of privilege vulnerability in the kernel memory system could enable 1457 a local malicious application to execute arbitrary code within the context of 1458 the kernel. This issue is rated as High because it first requires compromising a 1459 privileged process. 1460 </p> 1461 <table> 1462 <col width="19%"> 1463 <col width="20%"> 1464 <col width="10%"> 1465 <col width="23%"> 1466 <col width="17%"> 1467 <tr> 1468 <th>CVE</th> 1469 <th>References</th> 1470 <th>Severity</th> 1471 <th>Updated Nexus devices</th> 1472 <th>Date reported</th> 1473 </tr> 1474 <tr> 1475 <td>CVE-2015-1593</td> 1476 <td>A-29577822 1477 <p> 1478 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4e7c22d447bb6d7e37bfe39ff658486ae78e8d77"> 1479 Upstream kernel</a></p></td> 1480 <td>High</td> 1481 <td>Nexus Player</td> 1482 <td>Feb 13, 2015</td> 1483 </tr> 1484 <tr> 1485 <td>CVE-2016-3672</td> 1486 <td>A-28763575 1487 <p> 1488 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8b8addf891de8a00e4d39fc32f93f7c5eb8feceb"> 1489 Upstream kernel</a></p></td> 1490 <td>High</td> 1491 <td>Nexus Player</td> 1492 <td>Mar 25, 2016</td> 1493 </tr> 1494 </table> 1495 1496 <h3 id="elevation-of-privilege-vulnerability-in-kernel-sound-component"> 1497 Elevation of privilege vulnerability in kernel sound component</h3> 1498 <p> 1499 An elevation of privilege vulnerability in the kernel sound component could 1500 enable a local malicious application to execute arbitrary code within the 1501 context of the kernel. This issue is rated as High because it first requires 1502 compromising a privileged process. 1503 </p> 1504 <table> 1505 <col width="19%"> 1506 <col width="20%"> 1507 <col width="10%"> 1508 <col width="23%"> 1509 <col width="17%"> 1510 <tr> 1511 <th>CVE</th> 1512 <th>References</th> 1513 <th>Severity</th> 1514 <th>Updated Nexus devices</th> 1515 <th>Date reported</th> 1516 </tr> 1517 <tr> 1518 <td>CVE-2016-2544</td> 1519 <td>A-28695438 1520 <p> 1521 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3567eb6af614dac436c4b16a8d426f9faed639b3"> 1522 Upstream kernel</a></p></td> 1523 <td>High</td> 1524 <td>All Nexus</td> 1525 <td>Jan 19, 2016</td> 1526 </tr> 1527 <tr> 1528 <td>CVE-2016-2546</td> 1529 <td>A-28694392 1530 <p> 1531 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=af368027a49a751d6ff4ee9e3f9961f35bb4fede"> 1532 Upstream kernel</a></p></td> 1533 <td>High</td> 1534 <td>Pixel C</td> 1535 <td>Jan 19, 2016</td> 1536 </tr> 1537 <tr> 1538 <td>CVE-2014-9904</td> 1539 <td>A-28592007 1540 <p> 1541 <a href="https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6217e5ede23285ddfee10d2e4ba0cc2d4c046205"> 1542 Upstream kernel</a></p></td> 1543 <td>High</td> 1544 <td>Nexus 5X, Nexus 6, Nexus 6P, Nexus 9, Nexus Player</td> 1545 <td>May 4, 2016</td> 1546 </tr> 1547 </table> 1548 1549 <h3 id="elevation-of-privilege-vulnerability-in-kernel-file-system"> 1550 Elevation of privilege vulnerability in kernel file system</h3> 1551 <p> 1552 An elevation of privilege vulnerability in the kernel file system could enable a 1553 local malicious application to execute arbitrary code within the context of the 1554 kernel. This issue is rated as High because it first requires compromising a 1555 privileged process. 1556 </p> 1557 <table> 1558 <col width="19%"> 1559 <col width="20%"> 1560 <col width="10%"> 1561 <col width="23%"> 1562 <col width="17%"> 1563 <tr> 1564 <th>CVE</th> 1565 <th>References</th> 1566 <th>Severity</th> 1567 <th>Updated Nexus devices</th> 1568 <th>Date reported</th> 1569 </tr> 1570 <tr> 1571 <td>CVE-2012-6701</td> 1572 <td>A-28939037 1573 <p> 1574 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a70b52ec1aaeaf60f4739edb1b422827cb6f3893"> 1575 Upstream kernel</a></p></td> 1576 <td>High</td> 1577 <td>Nexus 5, Nexus 7 (2013)</td> 1578 <td>Mar 2, 2016</td> 1579 </tr> 1580 </table> 1581 1582 <h3 id="elevation-of-privilege-vulnerability-in-mediaserver"> 1583 Elevation of privilege vulnerability in Mediaserver</h3> 1584 <p> 1585 An elevation of privilege vulnerability in Mediaserver could enable a local 1586 malicious application to execute arbitrary code within the context of a 1587 privileged process. This issue is rated as High because it could be used to gain 1588 local access to elevated capabilities, which are not accessible to a third-party 1589 application. 1590 </p> 1591 <table> 1592 <col width="19%"> 1593 <col width="20%"> 1594 <col width="10%"> 1595 <col width="23%"> 1596 <col width="17%"> 1597 <tr> 1598 <th>CVE</th> 1599 <th>References</th> 1600 <th>Severity</th> 1601 <th>Updated Nexus devices</th> 1602 <th>Date reported</th> 1603 </tr> 1604 <tr> 1605 <td>CVE-2016-3844</td> 1606 <td>A-28299517* 1607 <p> 1608 N-CVE-2016-3844</p></td> 1609 <td>High</td> 1610 <td>Nexus 9, Pixel C</td> 1611 <td>Apr 19, 2016</td> 1612 </tr> 1613 </table> 1614 <p> 1615 * The patch for this issue is not publicly available. The update is contained in 1616 the latest binary drivers for Nexus devices available from the <a 1617 href="https://developers.google.com/android/nexus/drivers">Google Developer 1618 site</a>. 1619 </p> 1620 1621 <h3>Elevation of privilege vulnerability in kernel video driver</h3> 1622 <p> 1623 An elevation of privilege vulnerability in the kernel video driver could enable 1624 a local malicious application to execute arbitrary code within the context of 1625 the kernel. This issue is rated as High because it first requires compromising a 1626 privileged process. 1627 </p> 1628 <table> 1629 <col width="19%"> 1630 <col width="20%"> 1631 <col width="10%"> 1632 <col width="23%"> 1633 <col width="17%"> 1634 <tr> 1635 <th>CVE</th> 1636 <th>References</th> 1637 <th>Severity</th> 1638 <th>Updated Nexus devices</th> 1639 <th>Date reported</th> 1640 </tr> 1641 <tr> 1642 <td>CVE-2016-3845</td> 1643 <td>A-28399876*</td> 1644 <td>High</td> 1645 <td>Nexus 5</td> 1646 <td>Apr 20, 2016</td> 1647 </tr> 1648 </table> 1649 <p> 1650 * The patch for this issue is not publicly available. The update is contained in 1651 the latest binary drivers for Nexus devices available from the <a 1652 href="https://developers.google.com/android/nexus/drivers">Google Developer 1653 site</a>. 1654 </p> 1655 1656 <h3 id="elevation-of-privilege-vulnerability-in-serial-peripheral-interface-driver"> 1657 Elevation of privilege vulnerability in Serial Peripheral Interface driver</h3> 1658 <p> 1659 An elevation of privilege vulnerability in the Serial Peripheral Interface 1660 driver could enable a local malicious application to execute arbitrary code 1661 within the context of the kernel. This issue is rated as High because it first 1662 requires compromising a privileged process. 1663 </p> 1664 <table> 1665 <col width="19%"> 1666 <col width="20%"> 1667 <col width="10%"> 1668 <col width="23%"> 1669 <col width="17%"> 1670 <tr> 1671 <th>CVE</th> 1672 <th>References</th> 1673 <th>Severity</th> 1674 <th>Updated Nexus devices</th> 1675 <th>Date reported</th> 1676 </tr> 1677 <tr> 1678 <td>CVE-2016-3846</td> 1679 <td>A-28817378*</td> 1680 <td>High</td> 1681 <td>Nexus 5X, Nexus 6P</td> 1682 <td>May 17, 2016</td> 1683 </tr> 1684 </table> 1685 <p> 1686 * The patch for this issue is not publicly available. The update is contained in 1687 the latest binary drivers for Nexus devices available from the <a 1688 href="https://developers.google.com/android/nexus/drivers">Google Developer 1689 site</a>. 1690 </p> 1691 1692 <h3 id="elevation-of-privilege-vulnerability-in-nvidia-media-driver"> 1693 Elevation of privilege vulnerability in NVIDIA media driver</h3> 1694 <p> 1695 An elevation of privilege vulnerability in the NVIDIA media driver could enable 1696 a local malicious application to execute arbitrary code within the context of 1697 the kernel. This issue is rated as High because it first requires compromising a 1698 privileged process. 1699 </p> 1700 <table> 1701 <col width="19%"> 1702 <col width="20%"> 1703 <col width="10%"> 1704 <col width="23%"> 1705 <col width="17%"> 1706 <tr> 1707 <th>CVE</th> 1708 <th>References</th> 1709 <th>Severity</th> 1710 <th>Updated Nexus devices</th> 1711 <th>Date reported</th> 1712 </tr> 1713 <tr> 1714 <td>CVE-2016-3847</td> 1715 <td>A-28871433* 1716 <p> 1717 N-CVE-2016-3847</p></td> 1718 <td>High</td> 1719 <td>Nexus 9</td> 1720 <td>May 19, 2016</td> 1721 </tr> 1722 <tr> 1723 <td>CVE-2016-3848</td> 1724 <td>A-28919417* 1725 <p> 1726 N-CVE-2016-3848</p></td> 1727 <td>High</td> 1728 <td>Nexus 9</td> 1729 <td>May 19, 2016</td> 1730 </tr> 1731 </table> 1732 <p> 1733 * The patch for this issue is not publicly available. The update is contained in 1734 the latest binary drivers for Nexus devices available from the <a 1735 href="https://developers.google.com/android/nexus/drivers">Google Developer 1736 site</a>. 1737 </p> 1738 1739 <h3 id="elevation-of-privilege-vulnerability-in-ion-driver"> 1740 Elevation of privilege vulnerability in ION driver</h3> 1741 <p> 1742 An elevation of privilege vulnerability in the ION driver could enable a local 1743 malicious application to execute arbitrary code within the context of the 1744 kernel. This issue is rated as High because it first requires compromising a 1745 privileged process. 1746 </p> 1747 <table> 1748 <col width="19%"> 1749 <col width="20%"> 1750 <col width="10%"> 1751 <col width="23%"> 1752 <col width="17%"> 1753 <tr> 1754 <th>CVE</th> 1755 <th>References</th> 1756 <th>Severity</th> 1757 <th>Updated Nexus devices</th> 1758 <th>Date reported</th> 1759 </tr> 1760 <tr> 1761 <td>CVE-2016-3849</td> 1762 <td>A-28939740</td> 1763 <td>High</td> 1764 <td>Pixel C</td> 1765 <td>May 24, 2016</td> 1766 </tr> 1767 </table> 1768 <p> 1769 * The patch for this issue is not publicly available. The update is contained in 1770 the latest binary drivers for Nexus devices available from the <a 1771 href="https://developers.google.com/android/nexus/drivers">Google Developer 1772 site</a>. 1773 </p> 1774 1775 <h3 id="elevation-of-privilege-vulnerability-in-qualcomm-bootloader">Elevation 1776 of privilege vulnerability in Qualcomm bootloader</h3> 1777 <p> 1778 An elevation of privilege vulnerability in the Qualcomm bootloader could enable 1779 a local malicious application to execute arbitrary code within the context of 1780 the kernel. This issue is rated as High because it first requires compromising a 1781 privileged process. 1782 </p> 1783 <table> 1784 <col width="19%"> 1785 <col width="20%"> 1786 <col width="10%"> 1787 <col width="26%"> 1788 <col width="17%"> 1789 <tr> 1790 <th>CVE</th> 1791 <th>References</th> 1792 <th>Severity</th> 1793 <th>Updated Nexus devices</th> 1794 <th>Date reported</th> 1795 </tr> 1796 <tr> 1797 <td>CVE-2016-3850</td> 1798 <td>A-27917291 1799 <p> 1800 <a href="https://source.codeaurora.org/quic/la/kernel/lk/commit/?id=030371d45a9dcda4d0cc3c76647e753a1cc1b782"> 1801 QC-CR#945164</a></p></td> 1802 <td>High</td> 1803 <td>Nexus 5, Nexus 5X, Nexus 6P, Nexus 7 (2013)</td> 1804 <td>Mar 28, 2016</td> 1805 </tr> 1806 </table> 1807 1808 <h3 id="elevation-of-privilege-vulnerability-in-kernel-performance"> 1809 Elevation of privilege vulnerability in kernel performance subsystem</h3> 1810 <p> 1811 Elevation of privilege vulnerabilities in the kernel performance subsystem could 1812 enable a local malicious application to execute arbitrary code within the 1813 context of the kernel. This issue is rated as High because of the kernel attack 1814 surface available for attackers to exploit. 1815 </p> 1816 <p class="note"> 1817 <strong>Note:</strong> This is a platform level update designed to mitigate a 1818 class of vulnerabilities such as CVE-2016-3843 (A-28086229). 1819 </p> 1820 <table> 1821 <col width="18%"> 1822 <col width="18%"> 1823 <col width="10%"> 1824 <col width="19%"> 1825 <col width="17%"> 1826 <col width="17%"> 1827 <tr> 1828 <th>CVE</th> 1829 <th>References</th> 1830 <th>Severity</th> 1831 <th>Updated Nexus devices</th> 1832 <th>Updated AOSP versions</th> 1833 <th>Date reported</th> 1834 </tr> 1835 <tr> 1836 <td>CVE-2016-3843</td> 1837 <td>A-29119870*</td> 1838 <td>High</td> 1839 <td>All Nexus</td> 1840 <td>6.0, 6.1</td> 1841 <td>Google internal</td> 1842 </tr> 1843 </table> 1844 <p> 1845 * A patch for this issue is not publicly available. The update is contained in 1846 the latest binary drivers for Nexus devices available from the <a 1847 href="https://developers.google.com/android/nexus/drivers">Google Developer 1848 site</a>. 1849 </p> 1850 1851 <h3 1852 id="elevation-of-privilege-vulnerability-in-lg-electronics-bootloader"> 1853 Elevation of privilege vulnerability in LG Electronics bootloader</h3> 1854 <p> 1855 An elevation of privilege vulnerability in the LG Electronics bootloader could 1856 enable an attacker to execute arbitrary code within the context of the kernel. 1857 This issue is rated as High because it first requires compromising a privileged 1858 process. 1859 </p> 1860 <table> 1861 <col width="19%"> 1862 <col width="20%"> 1863 <col width="10%"> 1864 <col width="23%"> 1865 <col width="17%"> 1866 <tr> 1867 <th>CVE</th> 1868 <th>References</th> 1869 <th>Severity</th> 1870 <th>Updated Nexus devices</th> 1871 <th>Date reported</th> 1872 </tr> 1873 <tr> 1874 <td>CVE-2016-3851</td> 1875 <td>A-29189941*</td> 1876 <td>High</td> 1877 <td>Nexus 5X</td> 1878 <td>Google internal</td> 1879 </tr> 1880 </table> 1881 <p> 1882 * The patch for this issue is not publicly available. The update is contained in 1883 the latest binary drivers for Nexus devices available from the <a 1884 href="https://developers.google.com/android/nexus/drivers">Google Developer 1885 site</a>. 1886 </p> 1887 1888 <h3 id="information-disclosure-vulnerability-in-qualcomm-components"> 1889 Information disclosure vulnerability in Qualcomm components</h3> 1890 <p> 1891 The table below contains security vulnerabilities affecting Qualcomm components, 1892 potentially including the bootloader, camera driver, character driver, 1893 networking, sound driver and video driver. 1894 </p> 1895 <p> 1896 The most severe of these issues is rated as High due to the possibility that a 1897 local malicious application could access data outside of its permission levels 1898 such as sensitive data without explicit user permission. 1899 </p> 1900 <table> 1901 <col width="19%"> 1902 <col width="20%"> 1903 <col width="10%"> 1904 <col width="23%"> 1905 <col width="17%"> 1906 <tr> 1907 <th>CVE</th> 1908 <th>References</th> 1909 <th>Severity</th> 1910 <th>Updated Nexus devices</th> 1911 <th>Date reported</th> 1912 </tr> 1913 <tr> 1914 <td>CVE-2014-9892</td> 1915 <td>A-28770164 1916 <p> 1917 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm-3.10/commit/?id=591b1f455c32206704cbcf426bb30911c260c33e"> 1918 QC-CR#568717</a></p></td> 1919 <td>High</td> 1920 <td>Nexus 5, Nexus 7 (2013)</td> 1921 <td>Jun 2, 2014</td> 1922 </tr> 1923 <tr> 1924 <td>CVE-2015-8944</td> 1925 <td>A-28814213 1926 <p> 1927 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm-3.10/commit/?id=e758417e7c31b975c862aa55d0ceef28f3cc9104"> 1928 QC-CR#786116</a></p></td> 1929 <td>High</td> 1930 <td>Nexus 6, Nexus 7 (2013)</td> 1931 <td>Apr 30, 2015</td> 1932 </tr> 1933 <tr> 1934 <td>CVE-2014-9893</td> 1935 <td>A-28747914 1936 <p> 1937 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=bfc6eee5e30a0c20bc37495233506f4f0cc4991d"> 1938 QC-CR#542223</a></p></td> 1939 <td>Moderate</td> 1940 <td>Nexus 5</td> 1941 <td>Mar 27, 2014</td> 1942 </tr> 1943 <tr> 1944 <td>CVE-2014-9894</td> 1945 <td>A-28749708 1946 <p> 1947 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=83214431cd02674c70402b160b16b7427e28737f"> 1948 QC-CR#545736</a></p></td> 1949 <td>Moderate</td> 1950 <td>Nexus 7 (2013)</td> 1951 <td>Mar 31, 2014</td> 1952 </tr> 1953 <tr> 1954 <td>CVE-2014-9895</td> 1955 <td>A-28750150 1956 <p> 1957 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm/commit/?id=cc4b26575602e492efd986e9a6ffc4278cee53b5"> 1958 QC-CR#570757</a></p></td> 1959 <td>Moderate</td> 1960 <td>Nexus 5, Nexus 7 (2013)</td> 1961 <td>Mar 31, 2014</td> 1962 </tr> 1963 <tr> 1964 <td>CVE-2014-9896</td> 1965 <td>A-28767593 1966 <p> 1967 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=89f2bcf1ac860b0b380e579e9a8764013f263a7d"> 1968 QC-CR#551795</a></p></td> 1969 <td>Moderate</td> 1970 <td>Nexus 5, Nexus 7 (2013)</td> 1971 <td>Apr 30, 2014</td> 1972 </tr> 1973 <tr> 1974 <td>CVE-2014-9897</td> 1975 <td>A-28769856 1976 <p> 1977 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=46135d80765cb70a914f02a6e7b6abe64679ec86"> 1978 QC-CR#563752</a></p></td> 1979 <td>Moderate</td> 1980 <td>Nexus 5</td> 1981 <td>Apr 30, 2014</td> 1982 </tr> 1983 <tr> 1984 <td>CVE-2014-9898</td> 1985 <td>A-28814690 1986 <p> 1987 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=80be0e249c906704085d13d4ae446f73913fc225"> 1988 QC-CR#554575</a></p></td> 1989 <td>Moderate</td> 1990 <td>Nexus 5, Nexus 7 (2013)</td> 1991 <td>Apr 30, 2014</td> 1992 </tr> 1993 <tr> 1994 <td>CVE-2014-9899</td> 1995 <td>A-28803909 1996 <p> 1997 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm-3.10/commit/?id=8756624acb1e090b45baf07b2a8d0ebde114000e"> 1998 QC-CR#547910</a></p></td> 1999 <td>Moderate</td> 2000 <td>Nexus 5</td> 2001 <td>Jul 3, 2014</td> 2002 </tr> 2003 <tr> 2004 <td>CVE-2014-9900</td> 2005 <td>A-28803952 2006 <p> 2007 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm-3.10/commit/?id=63c317dbee97983004dffdd9f742a20d17150071"> 2008 QC-CR#570754</a></p></td> 2009 <td>Moderate</td> 2010 <td>Nexus 5, Nexus 7 (2013)</td> 2011 <td>Aug 8, 2014</td> 2012 </tr> 2013 </table> 2014 2015 <h3 id="information-disclosure-vulnerability-in-kernel-scheduler"> 2016 Information disclosure vulnerability in kernel scheduler</h3> 2017 <p> 2018 An information disclosure vulnerability in the kernel scheduler could enable a 2019 local malicious application to access data outside of its permission levels. 2020 This issue is rated as High because it could be used to access sensitive data 2021 without explicit user permission. 2022 </p> 2023 <table> 2024 <col width="19%"> 2025 <col width="20%"> 2026 <col width="10%"> 2027 <col width="23%"> 2028 <col width="17%"> 2029 <tr> 2030 <th>CVE</th> 2031 <th>References</th> 2032 <th>Severity</th> 2033 <th>Updated Nexus devices</th> 2034 <th>Date reported</th> 2035 </tr> 2036 <tr> 2037 <td>CVE-2014-9903</td> 2038 <td>A-28731691 2039 <p> 2040 <a href="https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4efbc454ba68def5ef285b26ebfcfdb605b52755"> 2041 Upstream kernel</a></p></td> 2042 <td>High</td> 2043 <td>Nexus 5X, Nexus 6P</td> 2044 <td>Feb 21, 2014</td> 2045 </tr> 2046 </table> 2047 2048 <h3 id="information-disclosure-vulnerability-in-mediatek-wi-fi-driver-device-specific"> 2049 Information disclosure vulnerability in MediaTek Wi-Fi driver (device specific)</h3> 2050 <p> 2051 An information disclosure vulnerability in the MediaTek Wi-Fi driver could 2052 enable a local malicious application to access data outside of its permission 2053 levels. This issue is rated as High because it could be used to access sensitive 2054 data without explicit user permission. 2055 </p> 2056 <table> 2057 <col width="19%"> 2058 <col width="20%"> 2059 <col width="10%"> 2060 <col width="23%"> 2061 <col width="17%"> 2062 <tr> 2063 <th>CVE</th> 2064 <th>References</th> 2065 <th>Severity</th> 2066 <th>Updated Nexus devices</th> 2067 <th>Date reported</th> 2068 </tr> 2069 <tr> 2070 <td>CVE-2016-3852</td> 2071 <td>A-29141147* 2072 <p> 2073 M-ALPS02751738</p></td> 2074 <td>High</td> 2075 <td>Android One</td> 2076 <td>Apr 12, 2016</td> 2077 </tr> 2078 </table> 2079 <p> 2080 * The patch for this issue is not publicly available. The update is contained in 2081 the latest binary drivers for Nexus devices available from the <a 2082 href="https://developers.google.com/android/nexus/drivers">Google Developer 2083 site</a>. 2084 </p> 2085 2086 <h3 id="information-disclosure-vulnerability-in-usb-driver">Information 2087 disclosure vulnerability in USB driver</h3> 2088 <p> 2089 An information disclosure vulnerability in the USB driver could enable a local 2090 malicious application to access data outside of its permission levels. This 2091 issue is rated as High because it could be used to access sensitive data without 2092 explicit user permission. 2093 </p> 2094 <table> 2095 <col width="19%"> 2096 <col width="20%"> 2097 <col width="10%"> 2098 <col width="23%"> 2099 <col width="17%"> 2100 <tr> 2101 <th>CVE</th> 2102 <th>References</th> 2103 <th>Severity</th> 2104 <th>Updated Nexus devices</th> 2105 <th>Date reported</th> 2106 </tr> 2107 <tr> 2108 <td>CVE-2016-4482</td> 2109 <td>A-28619695 2110 <p> 2111 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=681fef8380eb818c0b845fca5d2ab1dcbab114ee"> 2112 Upstream kernel</a></p></td> 2113 <td>High</td> 2114 <td>All Nexus</td> 2115 <td>May 3, 2016</td> 2116 </tr> 2117 </table> 2118 2119 <h3 id="denial-of-service-vulnerability-in-qualcomm-components"> 2120 Denial of service vulnerability in Qualcomm components</h3> 2121 <p> 2122 The table below contains security vulnerabilities affecting Qualcomm components, 2123 potentially including the Wi-Fi driver. 2124 </p> 2125 <p> 2126 The most severe of these issues is rated as High due to the possibility that an 2127 attacker could cause a temporary remote denial of service resulting in a device 2128 hang or reboot. 2129 </p> 2130 <table> 2131 <col width="19%"> 2132 <col width="20%"> 2133 <col width="10%"> 2134 <col width="23%"> 2135 <col width="17%"> 2136 <tr> 2137 <th>CVE</th> 2138 <th>References</th> 2139 <th>Severity</th> 2140 <th>Updated Nexus devices</th> 2141 <th>Date reported</th> 2142 </tr> 2143 <tr> 2144 <td>CVE-2014-9901</td> 2145 <td>A-28670333 2146 <p> 2147 <a href="https://us.codeaurora.org/cgit/quic/la//platform/vendor/qcom-opensource/wlan/prima/commit/?id=637f0f7931dd7265ac1c250dc2884d6389c66bde"> 2148 QC-CR#548711</a></p></td> 2149 <td>High</td> 2150 <td>Nexus 7 (2013)</td> 2151 <td>Mar 31, 2014</td> 2152 </tr> 2153 </table> 2154 2155 <h3 id="elevation-of-privilege-vulnerability-in-google-play-services"> 2156 Elevation of privilege vulnerability in Google Play services</h3> 2157 <p> 2158 An elevation of privilege vulnerability in Google Play services could allow a 2159 local attacker to bypass the Factory Reset Protection and gain access to the 2160 device. This is rated as Moderate due to the possibility of bypassing Factory 2161 Reset Protection, which could lead to successfully resetting the device and 2162 erasing all its data. 2163 </p> 2164 <table> 2165 <col width="18%"> 2166 <col width="18%"> 2167 <col width="10%"> 2168 <col width="19%"> 2169 <col width="17%"> 2170 <col width="17%"> 2171 <tr> 2172 <th>CVE</th> 2173 <th>References</th> 2174 <th>Severity</th> 2175 <th>Updated Nexus devices</th> 2176 <th>Updated AOSP versions</th> 2177 <th>Date reported</th> 2178 </tr> 2179 <tr> 2180 <td>CVE-2016-3853</td> 2181 <td>A-26803208*</td> 2182 <td>Moderate</td> 2183 <td>All Nexus</td> 2184 <td>None</td> 2185 <td>May 4, 2016</td> 2186 </tr> 2187 </table> 2188 <p> 2189 * The patch for this issue is not publicly available. The update is contained in 2190 the latest binary drivers for Nexus devices available from the <a 2191 href="https://developers.google.com/android/nexus/drivers">Google Developer 2192 site</a>. 2193 </p> 2194 2195 <h3 id="elevation-of-privilege-vulnerability-in-framework-apis-2"> 2196 Elevation of privilege vulnerability in Framework APIs</h3> 2197 <p> 2198 An elevation of privilege vulnerability in the framework APIs could enable a 2199 pre-installed application to increase its intent filter priority when the 2200 application is being updated without the user being notified. This issue is 2201 rated as Moderate because it could be used to gain elevated capabilities without 2202 explicit user permission. 2203 </p> 2204 <table> 2205 <col width="18%"> 2206 <col width="17%"> 2207 <col width="10%"> 2208 <col width="19%"> 2209 <col width="18%"> 2210 <col width="17%"> 2211 <tr> 2212 <th>CVE</th> 2213 <th>References</th> 2214 <th>Severity</th> 2215 <th>Updated Nexus devices</th> 2216 <th>Updated AOSP versions</th> 2217 <th>Date reported</th> 2218 </tr> 2219 <tr> 2220 <td>CVE-2016-2497</td> 2221 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/a75537b496e9df71c74c1d045ba5569631a16298"> 2222 A-27450489</a></td> 2223 <td>Moderate</td> 2224 <td>All Nexus</td> 2225 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 2226 <td>Google internal</td> 2227 </tr> 2228 </table> 2229 2230 <h3 id="information-disclosure-vulnerability-in-kernel-networking-component"> 2231 Information disclosure vulnerability in kernel networking component</h3> 2232 <p> 2233 An information disclosure vulnerability in the kernel networking component could 2234 enable a local malicious application to access data outside of its permission 2235 levels. This issue is rated as Moderate because it first requires compromising a 2236 privileged process. 2237 </p> 2238 <table> 2239 <col width="19%"> 2240 <col width="20%"> 2241 <col width="10%"> 2242 <col width="23%"> 2243 <col width="17%"> 2244 <tr> 2245 <th>CVE</th> 2246 <th>References</th> 2247 <th>Severity</th> 2248 <th>Updated Nexus devices</th> 2249 <th>Date reported</th> 2250 </tr> 2251 <tr> 2252 <td>CVE-2016-4486</td> 2253 <td>A-28620102 2254 <p> 2255 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5f8e44741f9f216e33736ea4ec65ca9ac03036e6"> 2256 Upstream kernel</a></p></td> 2257 <td>Moderate</td> 2258 <td>All Nexus</td> 2259 <td>May 3, 2016</td> 2260 </tr> 2261 </table> 2262 2263 <h3 id="information-disclosure-vulnerability-in-kernel-sound-component"> 2264 Information disclosure vulnerability in kernel sound component</h3> 2265 <p> 2266 An information disclosure vulnerability in the kernel sound component could 2267 enable a local malicious application to access data outside of its permission 2268 levels. This issue is rated as Moderate because it first requires compromising a 2269 privileged process. 2270 </p> 2271 <table> 2272 <col width="19%"> 2273 <col width="20%"> 2274 <col width="10%"> 2275 <col width="23%"> 2276 <col width="17%"> 2277 <tr> 2278 <th>CVE</th> 2279 <th>References</th> 2280 <th>Severity</th> 2281 <th>Updated Nexus devices</th> 2282 <th>Date reported</th> 2283 </tr> 2284 <tr> 2285 <td>CVE-2016-4569</td> 2286 <td>A-28980557 2287 <p> 2288 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cec8f96e49d9be372fdb0c3836dcf31ec71e457e"> 2289 Upstream kernel</a></p></td> 2290 <td>Moderate</td> 2291 <td>All Nexus</td> 2292 <td>May 9, 2016</td> 2293 </tr> 2294 <tr> 2295 <td>CVE-2016-4578</td> 2296 <td>A-28980217 2297 <p> 2298 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e4ec8cc8039a7063e24204299b462bd1383184a5"> 2299 Upstream kernel</a> 2300 [<a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9a47e9cff994f37f7f0dbd9ae23740d0f64f9fe6">2</a>]</p></td> 2301 <td>Moderate</td> 2302 <td>All Nexus</td> 2303 <td>May 11, 2016</td> 2304 </tr> 2305 </table> 2306 2307 <h3 id="vulnerabilities-in-qualcomm-components"> 2308 Vulnerabilities in Qualcomm components</h3> 2309 <p> 2310 The table below contains security vulnerabilities affecting Qualcomm components, 2311 potentially including the bootloader, camera driver, character driver, 2312 networking, sound driver, and video driver. 2313 </p> 2314 <table> 2315 <col width="19%"> 2316 <col width="20%"> 2317 <col width="10%"> 2318 <col width="23%"> 2319 <col width="17%"> 2320 <tr> 2321 <th>CVE</th> 2322 <th>References</th> 2323 <th>Severity</th> 2324 <th>Updated Nexus devices</th> 2325 <th>Date reported</th> 2326 </tr> 2327 <tr> 2328 <td>CVE-2016-3854</td> 2329 <td><a href="https://source.codeaurora.org/quic/la/kernel/msm/commit/?h=LA.AF.1.2.1_rb1.5&id=cc96def76dfd18fba88575065b29f2ae9191fafa"> 2330 QC-CR#897326</a></td> 2331 <td>High</td> 2332 <td>None</td> 2333 <td>Feb 2016</td> 2334 </tr> 2335 <tr> 2336 <td>CVE-2016-3855</td> 2337 <td><a href="https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=ab3f46119ca10de87a11fe966b0723c48f27acd4"> 2338 QC-CR#990824</a></td> 2339 <td>High</td> 2340 <td>None</td> 2341 <td>May 2016</td> 2342 </tr> 2343 <tr> 2344 <td>CVE-2016-2060</td> 2345 <td><a href="https://source.codeaurora.org/quic/la/platform/system/netd/commit/?id=e9925f5acb4401588e23ea8a27c3e318f71b5cf8"> 2346 QC-CR#959631</a></td> 2347 <td>Moderate</td> 2348 <td>None</td> 2349 <td>Apr 2016</td> 2350 </tr> 2351 </table> 2352 <h2 id="common-questions-and-answers">Common Questions and Answers</h2> 2353 <p> 2354 This section answers common questions that may occur after reading this 2355 bulletin. 2356 </p> 2357 <p> 2358 <strong>1. How do I determine if my device is updated to address these issues? 2359 </strong> 2360 </p> 2361 <p> 2362 Security Patch Levels of 2016-08-01 or later address all issues associated with 2363 the 2016-08-01 security patch string level. Security Patch Levels of 2016-08-05 2364 or later address all issues associated with the 2016-08-05 security patch string 2365 level. Refer to the <a 2366 href="https://support.google.com/nexus/answer/4457705">help center</a> for 2367 instructions on how to check the security patch level. Device manufacturers that 2368 include these updates should set the patch string level to: 2369 [ro.build.version.security_patch]:[2016-08-01] or 2370 [ro.build.version.security_patch]:[2016-08-05]. 2371 </p> 2372 <p> 2373 <strong>2. Why does this bulletin have two security patch level 2374 strings?</strong> 2375 </p> 2376 <p> 2377 This bulletin has two security patch level strings in order to provide Android 2378 partners with the flexibility to move more quickly to fix a subset of 2379 vulnerabilities that are similar across all Android devices. Android partners 2380 are encouraged to fix all issues in this bulletin and use the latest security 2381 patch level string. 2382 </p> 2383 <p> 2384 Devices that use the security patch level of August 5, 2016 or newer must 2385 include all applicable patches in this (and previous) security bulletins. 2386 </p> 2387 <p> 2388 Devices that use the August 1, 2016 security patch level must include all issues 2389 associated with that security patch level, as well as fixes for all issues 2390 reported in previous security bulletins. Devices that use August 1, 2016 2391 security patch level may also include a subset of fixes associated with the 2392 August 5, 2016 security patch level. 2393 </p> 2394 <p> 2395 3<strong>. How do I determine which Nexus devices are affected by each 2396 issue?</strong> 2397 </p> 2398 <p> 2399 In the <a href="#2016-08-01-details">2016-08-01</a> 2400 and <a href="#2016-08-05-details">2016-08-05</a> 2401 security vulnerability details sections, each table has an Updated Nexus devices 2402 column that covers the range of affected Nexus devices updated for each issue. 2403 This column has a few options: 2404 </p> 2405 <ul> 2406 <li><strong>All Nexus devices</strong>: If an issue affects all Nexus devices, 2407 the table will have All Nexus in the <em>Updated Nexus devices</em> column. 2408 All Nexus encapsulates the following <a 2409 href="https://support.google.com/nexus/answer/4457705#nexus_devices">supported 2410 devices</a>: Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, Nexus 7 (2013), Nexus 9, 2411 Android One, Nexus Player, and Pixel C.</li> 2412 <li><strong>Some Nexus devices</strong>: If an issue doesnt affect all Nexus 2413 devices, the affected Nexus devices are listed in the <em>Updated Nexus 2414 devices</em> column.</li> 2415 <li><strong>No Nexus devices</strong>: If no Nexus devices are affected by the 2416 issue, the table will have None in the <em>Updated Nexus devices</em> column. 2417 </li> 2418 </ul> 2419 <p> 2420 <strong>4. What do the entries in the references column map to?</strong> 2421 </p> 2422 <p> 2423 Entries under the <em>References</em> column of the vulnerability details table 2424 may contain a prefix identifying the organization to which the reference value 2425 belongs. These prefixes map as follows: 2426 </p> 2427 <table> 2428 <tr> 2429 <th>Prefix</th> 2430 <th>Reference</th> 2431 </tr> 2432 <tr> 2433 <td>A-</td> 2434 <td>Android bug ID</td> 2435 </tr> 2436 <tr> 2437 <td>QC-</td> 2438 <td>Qualcomm reference number</td> 2439 </tr> 2440 <tr> 2441 <td>M-</td> 2442 <td>MediaTek reference number</td> 2443 </tr> 2444 <tr> 2445 <td>N-</td> 2446 <td>NVIDIA reference number</td> 2447 </tr> 2448 </table> 2449 <h2 id="revisions">Revisions</h2> 2450 2451 <ul> 2452 <li>August 01, 2016: Bulletin published.</li> 2453 <li>August 02, 2016: Bulletin revised to include AOSP links.</li> 2454 <li>August 16, 2016: CVE-2016-3856 corrected to CVE-2016-2060 and updated the 2455 reference URL.</li> 2456 <li>October 21, 2016: Corrected typo in CVE-2016-4486.</li> 2457 </ul> 2458 2459 </body> 2460 </html> 2461
