1 <html devsite> 2 <head> 3 <title>Android - 2016 7 </title> 4 <meta name="project_path" value="/_project.yaml" /> 5 <meta name="book_path" value="/_book.yaml" /> 6 </head> 7 <body> 8 <!-- 9 Copyright 2017 The Android Open Source Project 10 11 Licensed under the Apache License, Version 2.0 (the "License"); 12 you may not use this file except in compliance with the License. 13 You may obtain a copy of the License at 14 15 http://www.apache.org/licenses/LICENSE-2.0 16 17 Unless required by applicable law or agreed to in writing, software 18 distributed under the License is distributed on an "AS IS" BASIS, 19 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 20 See the License for the specific language governing permissions and 21 limitations under the License. 22 --> 23 24 25 26 <p><em>2016 7 6 | 2016 7 14 </em></p> 27 <p>Android Android Nexus OTANexus <a href="https://developers.google.com/android/nexus/images">Google </a>2016 7 5 <a href="https://support.google.com/nexus/answer/4457705#nexus_devices"></a></p> 28 <p> 29 2016 6 6 Android AOSP AOSP </p> 30 31 <p>MMS </p> 32 <p><a href="/security/enhancements/index.html">Android </a> SafetyNet <a href="">Android Google </a>Android </p> 33 <p></p> 34 <h2 id="announcements"></h2> 35 <ul> 36 <li> Android Android 2 <a href="#common-questions-and-answers"></a><ul> 37 <li><strong>2016-07-01</strong>: 2016-07-01 38 <li><strong>2016-07-05</strong>: 2016-07-01 2016-07-05 </li> 39 </li></ul> 40 </li> 41 <li> Nexus 2016 7 5 1 OTA </li> 42 </ul> 43 <h2 id="security_vulnerability_summary"></h2> 44 <p>CVENexus <a href="/security/overview/updates-resources.html#severity"></a></p> 45 46 <h3 id="2016-07-01_summary"> 2016-07-01 </h3> 47 <p> 48 2016-07-01 </p> 49 50 <table> 51 <col width="55%"> 52 <col width="20%"> 53 <col width="13%"> 54 <col width="12%"> 55 <tr> 56 <th></th> 57 <th>CVE</th> 58 <th></th> 59 <th>Nexus </th> 60 </tr> 61 <tr> 62 <td></td> 63 <td>CVE-2016-2506CVE-2016-2505CVE-2016-2507CVE-2016-2508 64 CVE-2016-3741CVE-2016-3742CVE-2016-3743</td> 65 <td></td> 66 <td></td> 67 </tr> 68 <tr> 69 <td>OpenSSL BoringSSL </td> 70 <td>CVE-2016-2108</td> 71 <td></td> 72 <td></td> 73 </tr> 74 <tr> 75 <td>Bluetooth </td> 76 <td>CVE-2016-3744</td> 77 <td></td> 78 <td></td> 79 </tr> 80 <tr> 81 <td>libpng </td> 82 <td>CVE-2016-3751</td> 83 <td></td> 84 <td></td> 85 </tr> 86 <tr> 87 <td></td> 88 <td>CVE-2016-3745CVE-2016-3746CVE-2016-3747</td> 89 <td></td> 90 <td></td> 91 </tr> 92 <tr> 93 <td></td> 94 <td>CVE-2016-3748</td> 95 <td></td> 96 <td></td> 97 </tr> 98 <tr> 99 <td>LockSettingsService </td> 100 <td>CVE-2016-3749</td> 101 <td></td> 102 <td></td> 103 </tr> 104 <tr> 105 <td> API </td> 106 <td>CVE-2016-3750</td> 107 <td></td> 108 <td></td> 109 </tr> 110 <tr> 111 <td>ChooserTarget </td> 112 <td>CVE-2016-3752</td> 113 <td></td> 114 <td></td> 115 </tr> 116 <tr> 117 <td></td> 118 <td>CVE-2016-3753</td> 119 <td></td> 120 <td>*</td> 121 </tr> 122 <tr> 123 <td>OpenSSL </td> 124 <td>CVE-2016-2107</td> 125 <td></td> 126 <td>*</td> 127 </tr> 128 <tr> 129 <td></td> 130 <td>CVE-2016-3754CVE-2016-3755CVE-2016-3756</td> 131 <td></td> 132 <td></td> 133 </tr> 134 <tr> 135 <td>libc </td> 136 <td>CVE-2016-3818</td> 137 <td></td> 138 <td>*</td> 139 </tr> 140 <tr> 141 <td>lsof </td> 142 <td>CVE-2016-3757</td> 143 <td></td> 144 <td></td> 145 </tr> 146 <tr> 147 <td>DexClassLoader </td> 148 <td>CVE-2016-3758</td> 149 <td></td> 150 <td></td> 151 </tr> 152 <tr> 153 <td> API </td> 154 <td>CVE-2016-3759</td> 155 <td></td> 156 <td></td> 157 </tr> 158 <tr> 159 <td>Bluetooth </td> 160 <td>CVE-2016-3760</td> 161 <td></td> 162 <td></td> 163 </tr> 164 <tr> 165 <td>NFC </td> 166 <td>CVE-2016-3761</td> 167 <td></td> 168 <td></td> 169 </tr> 170 <tr> 171 <td></td> 172 <td>CVE-2016-3762</td> 173 <td></td> 174 <td></td> 175 </tr> 176 <tr> 177 <td></td> 178 <td>CVE-2016-3763</td> 179 <td></td> 180 <td></td> 181 </tr> 182 <tr> 183 <td></td> 184 <td>CVE-2016-3764CVE-2016-3765</td> 185 <td></td> 186 <td></td> 187 </tr> 188 <tr> 189 <td></td> 190 <td>CVE-2016-3766</td> 191 <td></td> 192 <td></td> 193 </tr> 194 </table> 195 <p>* Nexus </p> 196 197 198 <h3 id="2016-07-05_summary"> 2016-07-05 </h3> 199 <p> 200 2016-07-05 2016-07-01 </p> 201 202 <table> 203 <col width="55%"> 204 <col width="20%"> 205 <col width="13%"> 206 <col width="12%"> 207 <tr> 208 <th></th> 209 <th>CVE</th> 210 <th></th> 211 <th>Nexus </th> 212 </tr> 213 <tr> 214 <td>Qualcomm GPU </td> 215 <td>CVE-2016-2503CVE-2016-2067</td> 216 <td></td> 217 <td></td> 218 </tr> 219 <tr> 220 <td>MediaTek Wi-Fi </td> 221 <td>CVE-2016-3767</td> 222 <td></td> 223 <td></td> 224 </tr> 225 <tr> 226 <td>Qualcomm </td> 227 <td>CVE-2016-3768</td> 228 <td></td> 229 <td></td> 230 </tr> 231 <tr> 232 <td>NVIDIA </td> 233 <td>CVE-2016-3769</td> 234 <td></td> 235 <td></td> 236 </tr> 237 <tr> 238 <td>MediaTek </td> 239 <td>CVE-2016-3770CVE-2016-3771CVE-2016-3772CVE-2016-3773CVE-2016-3774</td> 240 <td></td> 241 <td></td> 242 </tr> 243 <tr> 244 <td> </td> 245 <td>CVE-2016-3775</td> 246 <td></td> 247 <td></td> 248 </tr> 249 <tr> 250 <td>USB </td> 251 <td>CVE-2015-8816</td> 252 <td></td> 253 <td></td> 254 </tr> 255 <tr> 256 <td>Qualcomm </td> 257 <td>CVE-2014-9794CVE-2014-9795CVE-2015-8892CVE-2013-7457CVE-2014-9781CVE-2014-9786CVE-2014-9788CVE-2014-9779CVE-2014-9780CVE-2014-9789CVE-2014-9793CVE-2014-9782CVE-2014-9783CVE-2014-9785CVE-2014-9787CVE-2014-9784CVE-2014-9777CVE-2014-9778CVE-2014-9790CVE-2014-9792CVE-2014-9797CVE-2014-9791CVE-2014-9796CVE-2014-9800CVE-2014-9799CVE-2014-9801CVE-2014-9802CVE-2015-8891CVE-2015-8888CVE-2015-8889CVE-2015-8890</td> 258 <td></td> 259 <td></td> 260 </tr> 261 <tr> 262 <td>Qualcomm USB </td> 263 <td>CVE-2016-2502</td> 264 <td></td> 265 <td></td> 266 </tr> 267 <tr> 268 <td>Qualcomm Wi-Fi </td> 269 <td>CVE-2016-3792</td> 270 <td></td> 271 <td></td> 272 </tr> 273 <tr> 274 <td>Qualcomm </td> 275 <td>CVE-2016-2501</td> 276 <td></td> 277 <td></td> 278 </tr> 279 <tr> 280 <td>NVIDIA </td> 281 <td>CVE-2016-3793</td> 282 <td></td> 283 <td></td> 284 </tr> 285 <tr> 286 <td>MediaTek </td> 287 <td>CVE-2016-3795CVE-2016-3796</td> 288 <td></td> 289 <td></td> 290 </tr> 291 <tr> 292 <td>Qualcomm Wi-Fi </td> 293 <td>CVE-2016-3797</td> 294 <td></td> 295 <td></td> 296 </tr> 297 <tr> 298 <td>MediaTek </td> 299 <td>CVE-2016-3798</td> 300 <td></td> 301 <td></td> 302 </tr> 303 <tr> 304 <td>MediaTek </td> 305 <td>CVE-2016-3799CVE-2016-3800</td> 306 <td></td> 307 <td></td> 308 </tr> 309 <tr> 310 <td>MediaTek GPS </td> 311 <td>CVE-2016-3801</td> 312 <td></td> 313 <td></td> 314 </tr> 315 <tr> 316 <td> </td> 317 <td>CVE-2016-3802CVE-2016-3803</td> 318 <td></td> 319 <td></td> 320 </tr> 321 <tr> 322 <td>MediaTek </td> 323 <td>CVE-2016-3804CVE-2016-3805</td> 324 <td></td> 325 <td></td> 326 </tr> 327 <tr> 328 <td>MediaTek </td> 329 <td>CVE-2016-3806</td> 330 <td></td> 331 <td></td> 332 </tr> 333 <tr> 334 <td> </td> 335 <td>CVE-2016-3807CVE-2016-3808</td> 336 <td></td> 337 <td></td> 338 </tr> 339 <tr> 340 <td>Qualcomm </td> 341 <td>CVE-2016-2068</td> 342 <td></td> 343 <td></td> 344 </tr> 345 <tr> 346 <td></td> 347 <td>CVE-2014-9803</td> 348 <td></td> 349 <td></td> 350 </tr> 351 <tr> 352 <td> </td> 353 <td>CVE-2016-3809</td> 354 <td></td> 355 <td></td> 356 </tr> 357 <tr> 358 <td>MediaTek Wi-Fi </td> 359 <td>CVE-2016-3810</td> 360 <td></td> 361 <td></td> 362 </tr> 363 <tr> 364 <td> </td> 365 <td>CVE-2016-3811</td> 366 <td></td> 367 <td></td> 368 </tr> 369 <tr> 370 <td>MediaTek </td> 371 <td>CVE-2016-3812</td> 372 <td></td> 373 <td></td> 374 </tr> 375 <tr> 376 <td>Qualcomm USB </td> 377 <td>CVE-2016-3813</td> 378 <td></td> 379 <td></td> 380 </tr> 381 <tr> 382 <td>NVIDIA </td> 383 <td>CVE-2016-3814CVE-2016-3815</td> 384 <td></td> 385 <td></td> 386 </tr> 387 <tr> 388 <td>MediaTek </td> 389 <td>CVE-2016-3816</td> 390 <td></td> 391 <td></td> 392 </tr> 393 <tr> 394 <td> </td> 395 <td>CVE-2016-0723</td> 396 <td></td> 397 <td></td> 398 </tr> 399 <tr> 400 <td>Qualcomm </td> 401 <td>CVE-2014-9798CVE-2015-8893</td> 402 <td></td> 403 <td></td> 404 </tr> 405 </table> 406 407 <h2 id="mitigations">Android Google </h2> 408 <p><a href="/security/enhancements/index.html">Android </a> SafetyNet Android </p> 409 <ul> 410 <li>Android Android Google Android </li> 411 <li>Android <a href="/security/reports/Google_Android_Security_2015_Report_Final.pdf"> SafetyNet</a> <a href="/security/reports/Google_Android_Security_PHA_classifications.pdf"></a><a href="http://www.android.com/gms">Google </a>Google Play Google Play </li> 412 <li>Google </li> 413 </ul> 414 415 <h2 id="acknowledgements"></h2> 416 <p></p> 417 <ul> 418 <li>Google Chrome Abhishek AryaOliver ChangMartin Barbella: CVE-2016-3756CVE-2016-3741CVE-2016-3743CVE-2016-3742<li>Check Point Software Technologies Ltd. Adam Donenfeld : CVE-2016-2503<li>Google Adam Powell: CVE-2016-3752<li>Context Information Security Alex Chapman Paul Stone: CVE-2016-3763<li><a href="https://www.e2e-assure.com/">e2e-assure</a> Andy Tyler<a href="https://twitter.com/ticarpi">@ticarpi</a>: CVE-2016-2457<li>Google Project Zero Ben Hawkes: CVE-2016-3775<li><a href="http://c0reteam.org">C0RE </a> Chiachih Wu<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>Yuan-Tsung Lo<a href="mailto:computernik (a] gmail.com">computernik (a] gmail.com</a>Xuxian Jiang: CVE-2016-3770CVE-2016-3771CVE-2016-3772CVE-2016-3773CVE-2016-3774<li>Google Christopher Tate: CVE-2016-3759<li>Tencent KeenLab<a href="https://twitter.com/keen_lab">@keen_lab</a> Di Shen<a href="https://twitter.com/returnsme">@returnsme</a>: CVE-2016-3762<li><a href="http://www.360.com">Qihoo 360 Technology Co. Ltd.</a> IceSword Lab Gengjia Chen<a href="https://twitter.com/chengjia4574">@chengjia4574</a> pjf<a href="http://weibo.com/jfpan">weibo.com/jfpan</a>: CVE-2016-3806CVE-2016-3816CVE-2016-3805CVE-2016-3804CVE-2016-3767CVE-2016-3810CVE-2016-3795CVE-2016-3796<li>Google Android Greg Kaiser: CVE-2016-3758<li><a href="http://www.360.com">Qihoo 360 Technology Co. Ltd</a>. Guang Gong<a href="https://twitter.com/oldfresher">@oldfresher</a>: CVE-2016-3764<li><a href="http://www.360.com">Qihoo 360 Technology Co. Ltd</a>. Hao Chen Guang Gong: CVE-2016-3792CVE-2016-3768<li><a href="http://www.cmcm.com">Cheetah Mobile</a> Security Research Lab Hao Qin: CVE-2016-3754CVE-2016-3766<li><a href="http://www.360.com">Qihoo 360 Technology Co. Ltd.</a> IceSword Lab Jianqiang Zhao<a href="https://twitter.com/jianqiangzhao">@jianqiangzhao</a> pjf<a href="http://weibo.com/jfpan">weibo.com/jfpan</a>: CVE-2016-3814CVE-2016-3802CVE-2016-3769CVE-2016-3807CVE-2016-3808<li>Google Marco Nelissen: CVE-2016-3818<li>Google Project Zero Mark Brand: CVE-2016-3757<li><a href="https://github.com/michalbednarski">Micha Bednarski</a>: CVE-2016-3750<li><a href="http://c0reteam.org">C0RE </a> Mingjian Zhou<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>Chiachih Wu<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>Xuxian Jiang: CVE-2016-3747CVE-2016-3746CVE-2016-3765<li>Alibaba Peng XiaoChengming YangNing YouChao YangYang Ssong: CVE-2016-3800CVE-2016-3799CVE-2016-3801CVE-2016-3812CVE-2016-3798<li>Trend Micro Peter Pi<a href="https://twitter.com/heisecode">@heisecode</a>: CVE-2016-3793<li>Google Ricky Wai: CVE-2016-3749<li>Roeland Krak: CVE-2016-3753<li>Scott Bauer<a href="https://twitter.com/ScottyBauer1">@ScottyBauer1</a>: CVE-2016-3797CVE-2016-3813CVE-2016-3815CVE-2016-2501CVE-2016-2502<li>Vasily Vasilev: CVE-2016-2507<li>Alibaba Inc. Weichao Sun<a href="https://twitter.com/sunblate">@sunblate</a>: CVE-2016-2508CVE-2016-3755<li>Tencent KeenLab<a href="https://twitter.com/keen_lab">@keen_lab</a> Wen Niu<a href="https://twitter.com/NWMonster">@NWMonster</a>: CVE-2016-3809<li>Tencent Security Platform Department Xiling Gong: CVE-2016-3745<li>Chinese Academy of SciencesInstitute of Software TCA Lab Yacong Gu: CVE-2016-3761<li>Tencent Xuanwu LAB Yongke Wang<a href="https://twitter.com/Rudykewang">@Rudykewang</a>: CVE-2016-2505<li>Tencent Xuanwu LAB Yongke Wang<a href="https://twitter.com/Rudykewang">@Rudykewang</a> Wei Wei<a href="https://twitter.com/Danny__Wei">@Danny__Wei</a>: CVE-2016-2506<li>Baidu X-Lab Yulong Zhang TaoLenxWei: CVE-2016-3744</li> 419 </li></li></li></li></li></li></li></li></li></li></li></li></li></li></li></li></li></li></li></li></li></li></li></li></li></li></li></li></li></li></li></ul> 420 421 <h2 id="2016-07-01_details"> 2016-07-01 </h2> 422 <p><a href="#2016-07-01_summary"> 2016-07-01 </a>CVE Nexus AOSP ID AOSP ID </p> 423 424 <h3 id="remote-code-execution-vulnerability-in-mediaserver"> 425 </h3> 426 <p> </p> 427 <p> MMS </p> 428 429 <table> 430 <col width="19%"> 431 <col width="19%"> 432 <col width="10%"> 433 <col width="16%"> 434 <col width="17%"> 435 <col width="17%"> 436 <tr> 437 <th>CVE</th> 438 <th></th> 439 <th></th> 440 <th> Nexus </th> 441 <th> AOSP </th> 442 <th></th> 443 </tr> 444 <tr> 445 <td>CVE-2016-2506</td> 446 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/e248db02fbab2ee9162940bc19f087fd7d96cb9d"> 447 A-28175045</a></td> 448 <td></td> 449 <td><a href="#all_nexus"> Nexus</a></td> 450 <td>4.4.45.0.25.1.16.06.0.1</td> 451 <td>2016 4 11 </td> 452 </tr> 453 <tr> 454 <td>CVE-2016-2505</td> 455 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/4f236c532039a61f0cf681d2e3c6e022911bbb5c"> 456 A-28333006</a></td> 457 <td></td> 458 <td><a href="#all_nexus"> Nexus</a></td> 459 <td>6.06.0.1</td> 460 <td>2016 4 21 </td> 461 </tr> 462 <tr> 463 <td>CVE-2016-2507</td> 464 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/60547808ca4e9cfac50028c00c58a6ceb2319301"> 465 A-28532266</a></td> 466 <td></td> 467 <td><a href="#all_nexus"> Nexus</a></td> 468 <td>4.4.45.0.25.1.16.06.0.1</td> 469 <td>2016 5 2 </td> 470 </tr> 471 <tr> 472 <td>CVE-2016-2508</td> 473 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/f81038006b4c59a5a148dcad887371206033c28f"> 474 A-28799341</a> 475 [<a href="https://android.googlesource.com/platform/frameworks/av/+/d112f7d0c1dbaf0368365885becb11ca8d3f13a4">2</a>] 476 </td> 477 <td></td> 478 <td><a href="#all_nexus"> Nexus</a></td> 479 <td>4.4.45.0.25.1.16.06.0.1</td> 480 <td>2016 5 16 </td> 481 </tr> 482 <tr> 483 <td>CVE-2016-3741</td> 484 <td><a href="https://android.googlesource.com/platform/external/libavc/+/e629194c62a9a129ce378e08cb1059a8a53f1795"> 485 A-28165661</a> 486 [<a href="https://android.googlesource.com/platform/external/libavc/+/cc676ebd95247646e67907ccab150fb77a847335">2</a>] 487 </td> 488 <td></td> 489 <td><a href="#all_nexus"> Nexus</a></td> 490 <td>6.06.0.1</td> 491 <td>Google </td> 492 </tr> 493 <tr> 494 <td>CVE-2016-3742</td> 495 <td><a href="https://android.googlesource.com/platform/external/libavc/+/a583270e1c96d307469c83dc42bd3c5f1b9ef63f"> 496 A-28165659</a> 497 </td> 498 <td></td> 499 <td><a href="#all_nexus"> Nexus</a></td> 500 <td>6.06.0.1</td> 501 <td>Google </td> 502 </tr> 503 <tr> 504 <td>CVE-2016-3743</td> 505 <td><a href="https://android.googlesource.com/platform/external/libavc/+/ecf6c7ce6d5a22d52160698aab44fc234c63291a"> 506 A-27907656</a> 507 </td> 508 <td></td> 509 <td><a href="#all_nexus"> Nexus</a></td> 510 <td>6.06.0.1</td> 511 <td>Google </td> 512 </tr> 513 </table> 514 515 516 <h3 id="remote-code-execution-vulnerability-in-openssl-&-boringssl"> 517 OpenSSL BoringSSL </h3> 518 <p>OpenSSL BoringSSL </p> 519 520 <table> 521 <col width="19%"> 522 <col width="16%"> 523 <col width="10%"> 524 <col width="19%"> 525 <col width="18%"> 526 <col width="16%"> 527 <tr> 528 <th>CVE</th> 529 <th></th> 530 <th></th> 531 <th> Nexus </th> 532 <th> AOSP </th> 533 <th></th> 534 </tr> 535 <tr> 536 <td>CVE-2016-2108</td> 537 <td><a href="https://android.googlesource.com/platform/external/boringssl/+/74750e1fb24149043a533497f79c577b704d6e30"> 538 A-28175332</a> 539 </td> 540 <td></td> 541 <td><a href="#all_nexus"> Nexus</a></td> 542 <td>4.4.45.0.25.1.16.06.0.1</td> 543 <td>2016 5 3 </td> 544 </tr> 545 </table> 546 547 <h3 id="remote-code-execution-vulnerability-in-bluetooth"> 548 Bluetooth </h3> 549 <p>Bluetooth Bluetooth </p> 550 551 <table> 552 <col width="19%"> 553 <col width="16%"> 554 <col width="10%"> 555 <col width="19%"> 556 <col width="18%"> 557 <col width="16%"> 558 <tr> 559 <th>CVE</th> 560 <th></th> 561 <th></th> 562 <th> Nexus </th> 563 <th> AOSP </th> 564 <th></th> 565 </tr> 566 <tr> 567 <td>CVE-2016-3744</td> 568 <td><a href="https://android.googlesource.com/platform/system/bt/+/514139f4b40cbb035bb92f3e24d5a389d75db9e6"> 569 A-27930580</a></td> 570 <td></td> 571 <td><a href="#all_nexus"> Nexus</a></td> 572 <td>4.4.45.0.25.1.16.06.0.1</td> 573 <td>2016 3 30 </td> 574 </tr> 575 </table> 576 577 <h3 id="elevation-of-privilege-vulnerability-in-libpng"> 578 libpng </h3> 579 <p>libpng <a href="https://developer.android.com/guide/topics/manifest/permission-element.html#plevel">signature</a> <a href="https://developer.android.com/guide/topics/manifest/permission-element.html#plevel">signatureOrSystem</a> </p> 580 581 <table> 582 <col width="19%"> 583 <col width="16%"> 584 <col width="10%"> 585 <col width="19%"> 586 <col width="18%"> 587 <col width="16%"> 588 <tr> 589 <th>CVE</th> 590 <th></th> 591 <th></th> 592 <th> Nexus </th> 593 <th> AOSP </th> 594 <th></th> 595 </tr> 596 <tr> 597 <td>CVE-2016-3751</td> 598 <td><a href="https://android.googlesource.com/platform/external/libpng/+/9d4853418ab2f754c2b63e091c29c5529b8b86ca"> 599 A-23265085</a> 600 </td> 601 <td></td> 602 <td><a href="#all_nexus"> Nexus</a></td> 603 <td>4.4.45.0.25.1.16.06.0.1</td> 604 <td>2015 12 3 </td> 605 </tr> 606 </table> 607 608 <h3 id="elevation-of-privilege-vulnerability-in-mediaserver"> 609 </h3> 610 <p> <a href="https://developer.android.com/guide/topics/manifest/permission-element.html#plevel">signature</a> <a href="https://developer.android.com/guide/topics/manifest/permission-element.html#plevel">signatureOrSystem</a> </p> 611 612 <table> 613 <col width="19%"> 614 <col width="16%"> 615 <col width="10%"> 616 <col width="19%"> 617 <col width="18%"> 618 <col width="16%"> 619 <tr> 620 <th>CVE</th> 621 <th></th> 622 <th></th> 623 <th> Nexus </th> 624 <th> AOSP </th> 625 <th></th> 626 </tr> 627 <tr> 628 <td>CVE-2016-3745</td> 629 <td><a href="https://android.googlesource.com/platform/hardware/qcom/audio/+/073a80800f341325932c66818ce4302b312909a4"> 630 A-28173666</a> 631 </td> 632 <td></td> 633 <td><a href="#all_nexus"> Nexus</a></td> 634 <td>4.4.45.0.25.1.16.06.0.1</td> 635 <td>2016 4 10 </td> 636 </tr> 637 <tr> 638 <td>CVE-2016-3746</td> 639 <td><a href="https://android.googlesource.com/platform/hardware/qcom/media/+/5b82f4f90c3d531313714df4b936f92fb0ff15cf"> 640 A-27890802</a> 641 </td> 642 <td></td> 643 <td><a href="#all_nexus"> Nexus</a></td> 644 <td>4.4.45.0.25.1.16.06.0.1</td> 645 <td>2016 3 27 </td> 646 </tr> 647 <tr> 648 <td>CVE-2016-3747</td> 649 <td><a href="https://android.googlesource.com/platform/hardware/qcom/media/+/4ed06d14080d8667d5be14eed200e378cba78345"> 650 A-27903498</a> 651 </td> 652 <td></td> 653 <td><a href="#all_nexus"> Nexus</a></td> 654 <td>4.4.45.0.25.1.16.06.0.1</td> 655 <td>2016 3 28 </td> 656 </tr> 657 </table> 658 659 <h3 id="elevation-of-privilege-vulnerability-in-sockets"> 660 </h3> 661 <p></p> 662 663 <table> 664 <col width="19%"> 665 <col width="16%"> 666 <col width="10%"> 667 <col width="19%"> 668 <col width="18%"> 669 <col width="16%"> 670 <tr> 671 <th>CVE</th> 672 <th></th> 673 <th></th> 674 <th> Nexus </th> 675 <th> AOSP </th> 676 <th></th> 677 </tr> 678 <tr> 679 <td>CVE-2016-3748</td> 680 <td><a href="https://android.googlesource.com/platform/external/sepolicy/+/556bb0f55324e8839d7b735a0de9bc31028e839e"> 681 A-28171804</a> 682 </td> 683 <td></td> 684 <td><a href="#all_nexus"> Nexus</a></td> 685 <td>6.06.0.1</td> 686 <td>2016 4 13 </td> 687 </tr> 688 </table> 689 690 <h3 id="elevation-of-privilege-vulnerability-in-locksettingsservice"> 691 LockSettingsService </h3> 692 <p>LockSettingsService </p> 693 694 <table> 695 <col width="19%"> 696 <col width="16%"> 697 <col width="10%"> 698 <col width="19%"> 699 <col width="17%"> 700 <col width="17%"> 701 <tr> 702 <th>CVE</th> 703 <th></th> 704 <th></th> 705 <th> Nexus </th> 706 <th> AOSP </th> 707 <th></th> 708 </tr> 709 <tr> 710 <td>CVE-2016-3749</td> 711 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/e83f0f6a5a6f35323f5367f99c8e287c440f33f5"> 712 A-28163930</a> 713 </td> 714 <td></td> 715 <td><a href="#all_nexus"> Nexus</a></td> 716 <td>6.06.0.1</td> 717 <td>Google </td> 718 </tr> 719 </table> 720 721 <h3 id="elevation-of-privilege-vulnerability-in-framework-apis"> 722 API </h3> 723 <p>Parcels API </p> 724 725 <table> 726 <col width="19%"> 727 <col width="16%"> 728 <col width="10%"> 729 <col width="19%"> 730 <col width="17%"> 731 <col width="17%"> 732 <tr> 733 <th>CVE</th> 734 <th></th> 735 <th></th> 736 <th> Nexus </th> 737 <th> AOSP </th> 738 <th></th> 739 </tr> 740 <tr> 741 <td>CVE-2016-3750</td> 742 <td><a href="https://android.googlesource.com/platform/frameworks/native/+/54cb02ad733fb71b1bdf78590428817fb780aff8"> 743 A-28395952</a> 744 </td> 745 <td></td> 746 <td><a href="#all_nexus"> Nexus</a></td> 747 <td>4.4.45.0.25.1.16.06.0.1</td> 748 <td>2015 12 16 </td> 749 </tr> 750 </table> 751 752 <h3 id="elevation-of-privilege-vulnerability-in-choosertarget-service"> 753 ChooserTarget </h3> 754 <p>ChooserTarget </p> 755 756 <table> 757 <col width="19%"> 758 <col width="16%"> 759 <col width="10%"> 760 <col width="19%"> 761 <col width="17%"> 762 <col width="17%"> 763 <tr> 764 <th>CVE</th> 765 <th></th> 766 <th></th> 767 <th> Nexus </th> 768 <th> AOSP </th> 769 <th></th> 770 </tr> 771 <tr> 772 <td>CVE-2016-3752</td> 773 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/ddbf2db5b946be8fdc45c7b0327bf560b2a06988"> 774 A-28384423</a> 775 </td> 776 <td></td> 777 <td><a href="#all_nexus"> Nexus</a></td> 778 <td>6.06.0.1</td> 779 <td>Google </td> 780 </tr> 781 </table> 782 783 <h3 id="information-disclosure-vulnerability-in-mediaserver"> 784 </h3> 785 <p></p> 786 787 <table> 788 <col width="19%"> 789 <col width="16%"> 790 <col width="10%"> 791 <col width="19%"> 792 <col width="18%"> 793 <col width="16%"> 794 <tr> 795 <th>CVE</th> 796 <th></th> 797 <th></th> 798 <th> Nexus </th> 799 <th> AOSP </th> 800 <th></th> 801 </tr> 802 <tr> 803 <td>CVE-2016-3753</td> 804 <td>A-27210135</td> 805 <td></td> 806 <td>*</td> 807 <td>4.4.4</td> 808 <td>2016 2 15 </td> 809 </tr> 810 </table> 811 <p>* Nexus </p> 812 813 <h3 id="information-disclosure-vulnerability-in-openssl"> 814 OpenSSL </h3> 815 <p>OpenSSL </p> 816 817 <table> 818 <col width="19%"> 819 <col width="16%"> 820 <col width="10%"> 821 <col width="19%"> 822 <col width="18%"> 823 <col width="16%"> 824 <tr> 825 <th>CVE</th> 826 <th></th> 827 <th></th> 828 <th> Nexus </th> 829 <th> AOSP </th> 830 <th></th> 831 </tr> 832 <tr> 833 <td>CVE-2016-2107</td> 834 <td>A-28550804</td> 835 <td></td> 836 <td>*</td> 837 <td>4.4.45.0.25.1.1</td> 838 <td>2016 4 13 </td> 839 </tr> 840 </table> 841 <p>* Nexus </p> 842 843 <h3 id="denial-of-service-vulnerability-in-mediaserver"> 844 </h3> 845 <p></p> 846 847 <table> 848 <col width="19%"> 849 <col width="19%"> 850 <col width="10%"> 851 <col width="16%"> 852 <col width="17%"> 853 <col width="17%"> 854 <tr> 855 <th>CVE</th> 856 <th></th> 857 <th></th> 858 <th> Nexus </th> 859 <th> AOSP </th> 860 <th></th> 861 </tr> 862 <tr> 863 <td>CVE-2016-3754</td> 864 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/6fdee2a83432b3b150d6a34f231c4e2f7353c01e"> 865 A-28615448</a> 866 [<a href="https://android.googlesource.com/platform/frameworks/av/+/e7142a0703bc93f75e213e96ebc19000022afed9">2</a>] 867 </td> 868 <td></td> 869 <td><a href="#all_nexus"> Nexus</a></td> 870 <td>4.4.45.0.25.1.16.06.0.1</td> 871 <td>2016 5 5 </td> 872 </tr> 873 <tr> 874 <td>CVE-2016-3755</td> 875 <td><a href="https://android.googlesource.com/platform/external/libavc/+/d4841f1161bdb5e13cb19e81af42437a634dd6ef"> 876 A-28470138</a> 877 </td> 878 <td></td> 879 <td><a href="#all_nexus"> Nexus</a></td> 880 <td>6.06.0.1</td> 881 <td>2016 4 29 </td> 882 </tr> 883 <tr> 884 <td>CVE-2016-3756</td> 885 <td><a href="https://android.googlesource.com/platform/external/tremolo/+/659030a2e80c38fb8da0a4eb68695349eec6778b"> 886 A-28556125</a> 887 </td> 888 <td></td> 889 <td><a href="#all_nexus"> Nexus</a></td> 890 <td>4.4.45.0.25.1.16.06.0.1</td> 891 <td>Google </td> 892 </tr> 893 </table> 894 895 <h3 id="denial-of-service-vulnerability-in-libc"> 896 libc </h3> 897 <p>libc </p> 898 899 <table> 900 <col width="19%"> 901 <col width="16%"> 902 <col width="10%"> 903 <col width="19%"> 904 <col width="17%"> 905 <col width="17%"> 906 <tr> 907 <th>CVE</th> 908 <th></th> 909 <th></th> 910 <th> Nexus </th> 911 <th> AOSP </th> 912 <th></th> 913 </tr> 914 <tr> 915 <td>CVE-2016-3818</td> 916 <td>A-28740702</td> 917 <td></td> 918 <td>*</td> 919 <td>4.4.4</td> 920 <td>Google </td> 921 </tr> 922 </table> 923 <p>* Nexus </p> 924 925 <h3 id="elevation-of-privilege-vulnerability-in-lsof"> 926 lsof </h3> 927 <p>lsof </p> 928 929 <table> 930 <col width="19%"> 931 <col width="16%"> 932 <col width="10%"> 933 <col width="19%"> 934 <col width="18%"> 935 <col width="16%"> 936 <tr> 937 <th>CVE</th> 938 <th></th> 939 <th></th> 940 <th> Nexus </th> 941 <th> AOSP </th> 942 <th></th> 943 </tr> 944 <tr> 945 <td>CVE-2016-3757</td> 946 <td><a href="https://android.googlesource.com/platform/system/core/+/ae18eb014609948a40e22192b87b10efc680daa7"> 947 A-28175237</a> 948 </td> 949 <td></td> 950 <td><a href="#all_nexus"> Nexus</a></td> 951 <td>4.4.45.0.25.1.16.06.0.1</td> 952 <td>2016 4 11 </td> 953 </tr> 954 </table> 955 956 <h3 id="elevation-of-privilege-vulnerability-in-dexclassloader"> 957 DexClassLoader </h3> 958 <p>DexClassLoader </p> 959 960 <table> 961 <col width="19%"> 962 <col width="16%"> 963 <col width="10%"> 964 <col width="19%"> 965 <col width="17%"> 966 <col width="17%"> 967 <tr> 968 <th>CVE</th> 969 <th></th> 970 <th></th> 971 <th> Nexus </th> 972 <th> AOSP </th> 973 <th></th> 974 </tr> 975 <tr> 976 <td>CVE-2016-3758</td> 977 <td><a href="https://android.googlesource.com/platform/dalvik/+/338aeaf28e9981c15d0673b18487dba61eb5447c"> 978 A-27840771</a> 979 </td> 980 <td></td> 981 <td><a href="#all_nexus"> Nexus</a></td> 982 <td>4.4.45.0.25.1.16.06.0.1</td> 983 <td>Google </td> 984 </tr> 985 </table> 986 987 <h3 id="elevation-of-privilege-vulnerability-in-framework-apis-2"> 988 API </h3> 989 <p> API </p> 990 991 <table> 992 <col width="19%"> 993 <col width="16%"> 994 <col width="10%"> 995 <col width="19%"> 996 <col width="17%"> 997 <col width="17%"> 998 <tr> 999 <th>CVE</th> 1000 <th></th> 1001 <th></th> 1002 <th> Nexus </th> 1003 <th> AOSP </th> 1004 <th></th> 1005 </tr> 1006 <tr> 1007 <td>CVE-2016-3759</td> 1008 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/9b8c6d2df35455ce9e67907edded1e4a2ecb9e28"> 1009 A-28406080</a> 1010 </td> 1011 <td></td> 1012 <td><a href="#all_nexus"> Nexus</a></td> 1013 <td>5.0.25.1.16.06.0.1</td> 1014 <td>Google </td> 1015 </tr> 1016 </table> 1017 1018 <h3 id="elevation-of-privilege-vulnerability-in-bluetooth"> 1019 Bluetooth </h3> 1020 <p>Bluetooth Bluetooth </p> 1021 1022 <table> 1023 <col width="19%"> 1024 <col width="16%"> 1025 <col width="10%"> 1026 <col width="19%"> 1027 <col width="18%"> 1028 <col width="16%"> 1029 <tr> 1030 <th>CVE</th> 1031 <th></th> 1032 <th></th> 1033 <th> Nexus </th> 1034 <th> AOSP </th> 1035 <th></th> 1036 </tr> 1037 <tr> 1038 <td>CVE-2016-3760</td> 1039 <td><a href="https://android.googlesource.com/platform/hardware/libhardware/+/8b3d5a64c3c8d010ad4517f652731f09107ae9c5">A-27410683</a> 1040 [<a href="https://android.googlesource.com/platform/system/bt/+/37c88107679d36c419572732b4af6e18bb2f7dce">2</a>] 1041 [<a href="https://android.googlesource.com/platform/packages/apps/Bluetooth/+/122feb9a0b04290f55183ff2f0384c6c53756bd8">3</a>] 1042 </td> 1043 <td></td> 1044 <td><a href="#all_nexus"> Nexus</a></td> 1045 <td>5.0.25.1.16.06.0.1</td> 1046 <td>2016 2 29 </td> 1047 </tr> 1048 </table> 1049 1050 <h3 id="elevation-of-privilege-vulnerability-in-nfc"> 1051 NFC </h3> 1052 <p>NFC </p> 1053 1054 <table> 1055 <col width="19%"> 1056 <col width="16%"> 1057 <col width="10%"> 1058 <col width="19%"> 1059 <col width="18%"> 1060 <col width="16%"> 1061 <tr> 1062 <th>CVE</th> 1063 <th></th> 1064 <th></th> 1065 <th> Nexus </th> 1066 <th> AOSP </th> 1067 <th></th> 1068 </tr> 1069 <tr> 1070 <td>CVE-2016-3761</td> 1071 <td><a href="https://android.googlesource.com/platform/packages/apps/Nfc/+/9ea802b5456a36f1115549b645b65c791eff3c2c"> 1072 A-28300969</a> 1073 </td> 1074 <td></td> 1075 <td><a href="#all_nexus"> Nexus</a></td> 1076 <td>4.4.45.0.25.1.16.06.0.1</td> 1077 <td>2016 4 20 </td> 1078 </tr> 1079 </table> 1080 1081 <h3 id="elevation-of-privilege-vulnerability-in-sockets-2"> 1082 </h3> 1083 <p></p> 1084 1085 <table> 1086 <col width="19%"> 1087 <col width="16%"> 1088 <col width="10%"> 1089 <col width="19%"> 1090 <col width="18%"> 1091 <col width="16%"> 1092 <tr> 1093 <th>CVE</th> 1094 <th></th> 1095 <th></th> 1096 <th> Nexus </th> 1097 <th> AOSP </th> 1098 <th></th> 1099 </tr> 1100 <tr> 1101 <td>CVE-2016-3762</td> 1102 <td><a href="https://android.googlesource.com/platform/external/sepolicy/+/abf0663ed884af7bc880a05e9529e6671eb58f39"> 1103 A-28612709</a> 1104 </td> 1105 <td></td> 1106 <td><a href="#all_nexus"> Nexus</a></td> 1107 <td>5.0.25.1.16.06.0.1</td> 1108 <td>2016 4 21 </td> 1109 </tr> 1110 </table> 1111 1112 <h3 id="information-disclosure-vulnerability-in-proxy-auto-config"> 1113 </h3> 1114 <p></p> 1115 1116 <table> 1117 <col width="19%"> 1118 <col width="16%"> 1119 <col width="10%"> 1120 <col width="19%"> 1121 <col width="18%"> 1122 <col width="16%"> 1123 <tr> 1124 <th>CVE</th> 1125 <th></th> 1126 <th></th> 1127 <th> Nexus </th> 1128 <th> AOSP </th> 1129 <th></th> 1130 </tr> 1131 <tr> 1132 <td>CVE-2016-3763</td> 1133 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/ec2fc50d202d975447211012997fe425496c849c"> 1134 A-27593919</a> 1135 </td> 1136 <td></td> 1137 <td><a href="#all_nexus"> Nexus</a></td> 1138 <td>4.4.45.0.25.1.16.06.0.1</td> 1139 <td>2016 3 10 </td> 1140 </tr> 1141 </table> 1142 1143 <h3 id="information-disclosure-vulnerability-in-mediaserver-2"> 1144 </h3> 1145 <p></p> 1146 1147 <table> 1148 <col width="19%"> 1149 <col width="16%"> 1150 <col width="10%"> 1151 <col width="19%"> 1152 <col width="18%"> 1153 <col width="16%"> 1154 <tr> 1155 <th>CVE</th> 1156 <th></th> 1157 <th></th> 1158 <th> Nexus </th> 1159 <th> AOSP </th> 1160 <th></th> 1161 </tr> 1162 <tr> 1163 <td>CVE-2016-3764</td> 1164 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/daef4327fe0c75b0a90bb8627458feec7a301e1f"> 1165 A-28377502</a> 1166 </td> 1167 <td></td> 1168 <td><a href="#all_nexus"> Nexus</a></td> 1169 <td>4.4.45.0.25.1.16.06.0.1</td> 1170 <td>2016 4 25 </td> 1171 </tr> 1172 <tr> 1173 <td>CVE-2016-3765</td> 1174 <td><a href="https://android.googlesource.com/platform/external/libmpeg2/+/d1c775d1d8d2ed117d1e026719b7f9f089716597"> 1175 A-28168413</a> 1176 </td> 1177 <td></td> 1178 <td><a href="#all_nexus"> Nexus</a></td> 1179 <td>6.06.0.1</td> 1180 <td>2016 4 8 </td> 1181 </tr> 1182 </table> 1183 1184 <h3 id="denial-of-service-vulnerability-in-mediaserver-2"> 1185 </h3> 1186 <p></p> 1187 1188 <table> 1189 <col width="19%"> 1190 <col width="16%"> 1191 <col width="10%"> 1192 <col width="19%"> 1193 <col width="18%"> 1194 <col width="16%"> 1195 <tr> 1196 <th>CVE</th> 1197 <th></th> 1198 <th></th> 1199 <th> Nexus </th> 1200 <th> AOSP </th> 1201 <th></th> 1202 </tr> 1203 <tr> 1204 <td>CVE-2016-3766</td> 1205 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/6fdee2a83432b3b150d6a34f231c4e2f7353c01e"> 1206 A-28471206</a> 1207 [<a href="https://android.googlesource.com/platform/frameworks/av/+/e7142a0703bc93f75e213e96ebc19000022afed9">2</a>] 1208 </td> 1209 <td></td> 1210 <td><a href="#all_nexus"> Nexus</a></td> 1211 <td>4.4.45.0.25.1.16.06.0.1</td> 1212 <td>2016 4 29 </td> 1213 </tr> 1214 </table> 1215 1216 <h2 id="2016-07-05_details"> 2016-07-05 </h2> 1217 <p><a href="2016-07-05_summary"> 2016-07-05 </a>CVE Nexus AOSP ID AOSP ID </p> 1218 1219 <h3 id="elevation-of-privilege-vulnerability-in-qualcomm-gpu-driver"> 1220 Qualcomm GPU </h3> 1221 <p>Qualcomm GPU </p> 1222 1223 <table> 1224 <col width="19%"> 1225 <col width="16%"> 1226 <col width="10%"> 1227 <col width="27%"> 1228 <col width="16%"> 1229 <tr> 1230 <th>CVE</th> 1231 <th></th> 1232 <th></th> 1233 <th> Nexus </th> 1234 <th></th> 1235 </tr> 1236 <tr> 1237 <td>CVE-2016-2503</td> 1238 <td>A-28084795* 1239 QC-CR1006067</td> 1240 <td></td> 1241 <td>Nexus 5XNexus 6P</td> 1242 <td>2016 4 5 </td> 1243 </tr> 1244 <tr> 1245 <td>CVE-2016-2067</td> 1246 <td>A-28305757 1247 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm-3.18/commit/?id=410cfa95f0a1cf58819cbfbd896f9aa45b004ac0"> 1248 QC-CR988993</a></td> 1249 <td></td> 1250 <td>Nexus 5XNexus 6Nexus 6P</td> 1251 <td>2016 4 20 </td> 1252 </tr> 1253 </table> 1254 <p>* <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus </p> 1255 1256 <h3 id="elevation-of-privilege-vulnerability-in-mediatek-wi-fi-driver"> 1257 MediaTek Wi-Fi </h3> 1258 <p>MediaTek Wi-Fi </p> 1259 1260 <table> 1261 <col width="19%"> 1262 <col width="20%"> 1263 <col width="10%"> 1264 <col width="23%"> 1265 <col width="16%"> 1266 <tr> 1267 <th>CVE</th> 1268 <th></th> 1269 <th></th> 1270 <th> Nexus </th> 1271 <th></th> 1272 </tr> 1273 <tr> 1274 <td>CVE-2016-3767</td> 1275 <td>A-28169363* 1276 <br>M-ALPS02689526</td> 1277 <td></td> 1278 <td>Android One</td> 1279 <td>2016 4 6 </td> 1280 </tr> 1281 </table> 1282 <p>* <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus </p> 1283 1284 <h3 id="elevation-of-privilege-vulnerability-in-qualcomm-performance-component"> 1285 Qualcomm </h3> 1286 <p>Qualcomm </p> 1287 1288 <table> 1289 <col width="19%"> 1290 <col width="16%"> 1291 <col width="10%"> 1292 <col width="27%"> 1293 <col width="16%"> 1294 <tr> 1295 <th>CVE</th> 1296 <th></th> 1297 <th></th> 1298 <th> Nexus </th> 1299 <th></th> 1300 </tr> 1301 <tr> 1302 <td>CVE-2016-3768</td> 1303 <td>A-28172137* 1304 QC-CR1010644</td> 1305 <td></td> 1306 <td>Nexus 5Nexus 6Nexus 5XNexus 6PNexus 72013</td> 1307 <td>2016 4 9 </td> 1308 </tr> 1309 </table> 1310 <p>* <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus </p> 1311 1312 <h3 id="elevation-of-privilege-vulnerability-in-nvidia-video-driver"> 1313 NVIDIA </h3> 1314 <p>NVIDIA </p> 1315 1316 <table> 1317 <col width="19%"> 1318 <col width="20%"> 1319 <col width="10%"> 1320 <col width="23%"> 1321 <col width="16%"> 1322 <tr> 1323 <th>CVE</th> 1324 <th></th> 1325 <th></th> 1326 <th> Nexus </th> 1327 <th></th> 1328 </tr> 1329 <tr> 1330 <td>CVE-2016-3769</td> 1331 <td>A-28376656*<br> 1332 N-CVE20163769</td> 1333 <td></td> 1334 <td>Nexus 9</td> 1335 <td>2016 4 18 </td> 1336 </tr> 1337 </table> 1338 <p>* <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus </p> 1339 1340 <h3 id="elevation-of-privilege-vulnerability-in-mediatek-drivers-device-specific"> 1341 MediaTek </h3> 1342 <p> MediaTek </p> 1343 1344 <table> 1345 <col width="19%"> 1346 <col width="20%"> 1347 <col width="10%"> 1348 <col width="23%"> 1349 <col width="16%"> 1350 <tr> 1351 <th>CVE</th> 1352 <th></th> 1353 <th></th> 1354 <th> Nexus </th> 1355 <th></th> 1356 </tr> 1357 <tr> 1358 <td>CVE-2016-3770</td> 1359 <td>A-28346752*<br> 1360 M-ALPS02703102</td> 1361 <td></td> 1362 <td>Android One</td> 1363 <td>2016 4 22 </td> 1364 </tr> 1365 <tr> 1366 <td>CVE-2016-3771</td> 1367 <td>A-29007611*<br> 1368 M-ALPS02703102</td> 1369 <td></td> 1370 <td>Android One</td> 1371 <td>2016 4 22 </td> 1372 </tr> 1373 <tr> 1374 <td>CVE-2016-3772</td> 1375 <td>A-29008188*<br> 1376 M-ALPS02703102</td> 1377 <td></td> 1378 <td>Android One</td> 1379 <td>2016 4 22 </td> 1380 </tr> 1381 <tr> 1382 <td>CVE-2016-3773</td> 1383 <td>A-29008363*<br> 1384 M-ALPS02703102</td> 1385 <td></td> 1386 <td>Android One</td> 1387 <td>2016 4 22 </td> 1388 </tr> 1389 <tr> 1390 <td>CVE-2016-3774</td> 1391 <td>A-29008609*<br> 1392 M-ALPS02703102</td> 1393 <td></td> 1394 <td>Android One</td> 1395 <td>2016 4 22 </td> 1396 </tr> 1397 </table> 1398 <p>* <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus </p> 1399 1400 <h3 id="elevation-of-privilege-vulnerability-in-kernel-file-system"> 1401 </h3> 1402 <p> </p> 1403 1404 <table> 1405 <col width="19%"> 1406 <col width="16%"> 1407 <col width="10%"> 1408 <col width="27%"> 1409 <col width="16%"> 1410 <tr> 1411 <th>CVE</th> 1412 <th></th> 1413 <th></th> 1414 <th> Nexus </th> 1415 <th></th> 1416 </tr> 1417 <tr> 1418 <td>CVE-2016-3775</td> 1419 <td>A-28588279*</td> 1420 <td></td> 1421 <td>Nexus 5XNexus 6Nexus 6PNexus PlayerPixel C</td> 1422 <td>2016 5 4 </td> 1423 </tr> 1424 </table> 1425 <p>* <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus </p> 1426 1427 <h3 id="elevation-of-privilege-vulnerability-in-usb-driver"> 1428 USB </h3> 1429 <p>USB </p> 1430 1431 <table> 1432 <col width="19%"> 1433 <col width="16%"> 1434 <col width="10%"> 1435 <col width="27%"> 1436 <col width="16%"> 1437 <tr> 1438 <th>CVE</th> 1439 <th></th> 1440 <th></th> 1441 <th> Nexus </th> 1442 <th></th> 1443 </tr> 1444 <tr> 1445 <td>CVE-2015-8816</td> 1446 <td>A-28712303*</td> 1447 <td></td> 1448 <td>Nexus 5XNexus 6Nexus 6PNexus 72013Nexus 9Nexus PlayerPixel C</td> 1449 <td>2016 5 4 </td> 1450 </tr> 1451 </table> 1452 <p>* <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus </p> 1453 1454 <h3 id="elevation-of-privilege-vulnerability-in-qualcomm-components"> 1455 Qualcomm </h3> 1456 <p>Qualcomm </p> 1457 <p> </p> 1458 1459 <table> 1460 <col width="19%"> 1461 <col width="20%"> 1462 <col width="10%"> 1463 <col width="23%"> 1464 <col width="16%"> 1465 <tr> 1466 <th>CVE</th> 1467 <th></th> 1468 <th>*</th> 1469 <th> Nexus </th> 1470 <th></th> 1471 </tr> 1472 <tr> 1473 <td>CVE-2014-9795</td> 1474 <td>A-28820720<br> 1475 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/lk/commit/?id=ce2a0ea1f14298abc83729f3a095adab43342342">QC-CR681957</a> 1476 [<a href="https://us.codeaurora.org/cgit/quic/la//kernel/lk/commit/?id=fc3b31f81a1c128c2bcc745564a075022cd72a2e">2</a>] 1477 </td> 1478 <td></td> 1479 <td>Nexus 5</td> 1480 <td>2014 8 8 </td> 1481 </tr> 1482 <tr> 1483 <td>CVE-2014-9794</td> 1484 <td>A-28821172<br> 1485 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/lk/commit/?id=f39085971c8c4e36cadbf8a72aabe6c7ff538ffa">QC-CR646385</a> 1486 </td> 1487 <td></td> 1488 <td>Nexus 72013</td> 1489 <td>2014 8 8 </td> 1490 </tr> 1491 <tr> 1492 <td>CVE-2015-8892</td> 1493 <td>A-28822807<br> 1494 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/lk/commit/?id=fae606b9dd92c021e2419369975264f24f60db23">QC-CR902998</a> 1495 </td> 1496 <td></td> 1497 <td>Nexus 5XNexus 6P</td> 1498 <td>2015 12 30 </td> 1499 </tr> 1500 <tr> 1501 <td>CVE-2014-9781</td> 1502 <td>A-28410333<br> 1503 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/drivers/video/?h=LA.BF.1.1.3_rb1.12&id=a2b5237ad265ec634489c8b296d870827b2a1b13&context=20&ignorews=0&dt=0">QC-CR556471</a> 1504 </td> 1505 <td></td> 1506 <td>Nexus 72013</td> 1507 <td>2014 2 6 </td> 1508 </tr> 1509 <tr> 1510 <td>CVE-2014-9786</td> 1511 <td>A-28557260<br> 1512 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/patch/?id=2fb303d9c6ca080f253b10ed9384293ca69ad32b">QC-CR545979</a></td> 1513 <td></td> 1514 <td>Nexus 5Nexus 72013</td> 1515 <td>2014 3 13 </td> 1516 </tr> 1517 <tr> 1518 <td>CVE-2014-9788</td> 1519 <td>A-28573112<br> 1520 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=73bfc22aa70cc0b7e6709381125a0a42aa72a4f2">QC-CR548872</a></td> 1521 <td></td> 1522 <td>Nexus 5</td> 1523 <td>2014 3 13 </td> 1524 </tr> 1525 <tr> 1526 <td>CVE-2014-9779</td> 1527 <td>A-28598347<br> 1528 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/arch/arm/mach-msm/qdsp6v2/msm_audio_ion.c?h=LA.BF.1.1.3_rb1.12&id=0b5f49b360afdebf8ef55df1e48ec141b3629621">QC-CR548679</a></td> 1529 <td></td> 1530 <td>Nexus 5</td> 1531 <td>2014 3 13 </td> 1532 </tr> 1533 <tr> 1534 <td>CVE-2014-9780</td> 1535 <td>A-28602014<br> 1536 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm-3.10/commit/?id=b5bb13e1f738f90df11e0c17f843c73999a84a54">QC-CR542222</a></td> 1537 <td></td> 1538 <td>Nexus 5Nexus 5XNexus 6P</td> 1539 <td>2014 3 13 </td> 1540 </tr> 1541 <tr> 1542 <td>CVE-2014-9789</td> 1543 <td>A-28749392<br> 1544 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=5720ed5c3a786e3ba0a2428ac45da5d7ec996b4e">QC-CR556425</a></td> 1545 <td></td> 1546 <td>Nexus 5</td> 1547 <td>2014 3 13 </td> 1548 </tr> 1549 <tr> 1550 <td>CVE-2014-9793</td> 1551 <td>A-28821253<br> 1552 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/lk/commit/?id=0dcccecc4a6a9a9b3314cb87b2be8b52df1b7a81">QC-CR580567</a></td> 1553 <td></td> 1554 <td>Nexus 72013</td> 1555 <td>2014 3 13 </td> 1556 </tr> 1557 <tr> 1558 <td>CVE-2014-9782</td> 1559 <td>A-28431531<br> 1560 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/patch/?id=2e57a46ab2ba7299d99d9cdc1382bd1e612963fb">QC-CR511349</a></td> 1561 <td></td> 1562 <td>Nexus 5Nexus 72013</td> 1563 <td>2014 3 31 </td> 1564 </tr> 1565 <tr> 1566 <td>CVE-2014-9783</td> 1567 <td>A-28441831<br> 1568 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=2b1050b49a9a5f7bb57006648d145e001a3eaa8b">QC-CR511382</a> 1569 [<a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=a7502f4f801bb95bff73617309835bb7a016cde5">2</a>]</td> 1570 <td></td> 1571 <td>Nexus 72013</td> 1572 <td>2014 3 31 </td> 1573 </tr> 1574 <tr> 1575 <td>CVE-2014-9785</td> 1576 <td>A-28469042<br> 1577 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=b4338420db61f029ca6713a89c41b3a5852b20ce">QC-CR545747</a></td> 1578 <td></td> 1579 <td>Nexus 72013</td> 1580 <td>2014 3 31 </td> 1581 </tr> 1582 <tr> 1583 <td>CVE-2014-9787</td> 1584 <td>A-28571496<br> 1585 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=528400ae4cba715f6c9ff4a2657dafd913f30b8b">QC-CR545764</a></td> 1586 <td></td> 1587 <td>Nexus 72013</td> 1588 <td>2014 3 31 </td> 1589 </tr> 1590 <tr> 1591 <td>CVE-2014-9784</td> 1592 <td>A-28442449<br> 1593 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=36503d639cedcc73880974ed92132247576e72ba">QC-CR585147</a></td> 1594 <td></td> 1595 <td>Nexus 5Nexus 72013</td> 1596 <td>2014 4 30 </td> 1597 </tr> 1598 <tr> 1599 <td>CVE-2014-9777</td> 1600 <td>A-28598501<br> 1601 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=17bfaf64ad503d2e6607d2d3e0956f25bf07eb43">QC-CR563654</a></td> 1602 <td></td> 1603 <td>Nexus 5Nexus 72013</td> 1604 <td>2014 4 30 </td> 1605 </tr> 1606 <tr> 1607 <td>CVE-2014-9778</td> 1608 <td>A-28598515<br> 1609 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=af85054aa6a1bcd38be2354921f2f80aef1440e5">QC-CR563694</a></td> 1610 <td></td> 1611 <td>Nexus 5Nexus 72013</td> 1612 <td>2014 4 30 </td> 1613 </tr> 1614 <tr> 1615 <td>CVE-2014-9790</td> 1616 <td>A-28769136<br> 1617 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?h=LA.BF.1.1.3_rb1.12&id=6ed921bda8cbb505e8654dfc1095185b0bccc38e">QC-CR545716</a> 1618 [<a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit?h=LA.BF.1.1.3_rb1.12&id=9bc30c0d1832f7dd5b6fa10d5e48a29025176569">2</a>]</td> 1619 <td></td> 1620 <td>Nexus 5Nexus 72013</td> 1621 <td>2014 4 30 </td> 1622 </tr> 1623 <tr> 1624 <td>CVE-2014-9792</td> 1625 <td>A-28769399<br> 1626 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=a3e3dd9fc0a2699ae053ffd3efb52cdc73ad94cd">QC-CR550606</a></td> 1627 <td></td> 1628 <td>Nexus 5</td> 1629 <td>2014 4 30 </td> 1630 </tr> 1631 <tr> 1632 <td>CVE-2014-9797</td> 1633 <td>A-28821090<br> 1634 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/lk/commit/?id=3312737f3e1ec84dd67ee0622c7dd031083f71a4">QC-CR674071</a></td> 1635 <td></td> 1636 <td>Nexus 5</td> 1637 <td>2014 7 3 </td> 1638 </tr> 1639 <tr> 1640 <td>CVE-2014-9791</td> 1641 <td>A-28803396<br> 1642 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?h=LA.BF.1.1.3_rb1.12&id=9aabfc9e7775abbbcf534cdecccc4f12ee423b27">QC-CR659364</a></td> 1643 <td></td> 1644 <td>Nexus 72013</td> 1645 <td>2014 8 29 </td> 1646 </tr> 1647 <tr> 1648 <td>CVE-2014-9796</td> 1649 <td>A-28820722<br> 1650 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/lk/commit/?id=2e21b3a57cac7fb876bcf43244d7cc3dc1f6030d">QC-CR684756</a></td> 1651 <td></td> 1652 <td>Nexus 5Nexus 72013</td> 1653 <td>2014 9 30 </td> 1654 </tr> 1655 <tr> 1656 <td>CVE-2014-9800</td> 1657 <td>A-28822150<br> 1658 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/lk/commit/?id=6390f200d966dc13cf61bb5abbe3110447ca82b5">QC-CR692478</a></td> 1659 <td></td> 1660 <td>Nexus 5Nexus 72013</td> 1661 <td>2014 10 31 </td> 1662 </tr> 1663 <tr> 1664 <td>CVE-2014-9799</td> 1665 <td>A-28821731<br> 1666 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/lk/commit/?id=c2119f1fba46f3b6e153aa018f15ee46fe6d5b76">QC-CR691916</a></td> 1667 <td></td> 1668 <td>Nexus 5Nexus 72013</td> 1669 <td>2014 10 31 </td> 1670 </tr> 1671 <tr> 1672 <td>CVE-2014-9801</td> 1673 <td>A-28822060<br> 1674 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/lk/commit/?id=cf8f5a105bafda906ccb7f149d1a5b8564ce20c0">QC-CR705078</a></td> 1675 <td></td> 1676 <td>Nexus 5</td> 1677 <td>2014 11 28 </td> 1678 </tr> 1679 <tr> 1680 <td>CVE-2014-9802</td> 1681 <td>A-28821965<br> 1682 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/lk/commit/?id=222e0ec9bc755bfeaa74f9a0052b7c709a4ad054">QC-CR705108</a></td> 1683 <td></td> 1684 <td>Nexus 5Nexus 72013</td> 1685 <td>2014 12 31 </td> 1686 </tr> 1687 <tr> 1688 <td>CVE-2015-8891</td> 1689 <td>A-28842418<br> 1690 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/lk/commit/?id=4f829bb52d0338c87bc6fbd0414b258f55cc7c62">QC-CR813930</a></td> 1691 <td></td> 1692 <td>Nexus 5Nexus 72013</td> 1693 <td>2015 5 29 </td> 1694 </tr> 1695 <tr> 1696 <td>CVE-2015-8888</td> 1697 <td>A-28822465<br> 1698 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/lk/commit/?id=1321f34f1ebcff61ad7e65e507cfd3e9028af19b">QC-CR813933</a></td> 1699 <td></td> 1700 <td>Nexus 5</td> 1701 <td>2015 6 30 </td> 1702 </tr> 1703 <tr> 1704 <td>CVE-2015-8889</td> 1705 <td>A-28822677<br> 1706 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/lk/commit/?id=fa774e023554427ee14d7a49181e9d4afbec035e">QC-CR804067</a></td> 1707 <td></td> 1708 <td>Nexus 6P</td> 1709 <td>2015 6 30 </td> 1710 </tr> 1711 <tr> 1712 <td>CVE-2015-8890</td> 1713 <td>A-28822878<br> 1714 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/lk/commit/?id=e22aca36da2bb6f5016f3c885eb8c8ff85c115e4">QC-CR823461</a></td> 1715 <td></td> 1716 <td>Nexus 5Nexus 72013</td> 1717 <td>2015 8 19 </td> 1718 </tr> 1719 </table> 1720 <p>* Qualcomm </p> 1721 1722 <h3 id="elevation-of-privilege-vulnerability-in-qualcomm-usb-driver"> 1723 Qualcomm USB </h3> 1724 <p>Qualcomm USB </p> 1725 1726 <table> 1727 <col width="19%"> 1728 <col width="16%"> 1729 <col width="10%"> 1730 <col width="27%"> 1731 <col width="16%"> 1732 <tr> 1733 <th>CVE</th> 1734 <th></th> 1735 <th></th> 1736 <th> Nexus </th> 1737 <th></th> 1738 </tr> 1739 <tr> 1740 <td>CVE-2016-2502</td> 1741 <td>A-27657963 1742 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm-3.10/commit/?id=0bc45d7712eabe315ce8299a49d16433c3801156">QC-CR997044</a></td> 1743 <td></td> 1744 <td>Nexus 5XNexus 6P</td> 1745 <td>2016 3 11 </td> 1746 </tr> 1747 </table> 1748 1749 <h3 id="elevation-of-privilege-vulnerability-in-qualcomm-wi-fi-driver"> 1750 Qualcomm Wi-Fi </h3> 1751 <p>Qualcomm Wi-Fi </p> 1752 1753 <table> 1754 <col width="19%"> 1755 <col width="16%"> 1756 <col width="10%"> 1757 <col width="27%"> 1758 <col width="16%"> 1759 <tr> 1760 <th>CVE</th> 1761 <th></th> 1762 <th></th> 1763 <th> Nexus </th> 1764 <th></th> 1765 </tr> 1766 <tr> 1767 <td>CVE-2016-3792</td> 1768 <td>A-27725204 1769 <a href="https://us.codeaurora.org/cgit/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=28d4f0c1f712bffb4aa5b47f06e97d5a9fa06d29">QC-CR561022</a></td> 1770 <td></td> 1771 <td>Nexus 72013</td> 1772 <td>2016 3 17 </td> 1773 </tr> 1774 </table> 1775 1776 <h3 id="elevation-of-privilege-vulnerability-in-qualcomm-camera-driver"> 1777 Qualcomm </h3> 1778 <p>Qualcomm </p> 1779 1780 <table> 1781 <col width="19%"> 1782 <col width="16%"> 1783 <col width="10%"> 1784 <col width="27%"> 1785 <col width="16%"> 1786 <tr> 1787 <th>CVE</th> 1788 <th></th> 1789 <th></th> 1790 <th> Nexus </th> 1791 <th></th> 1792 </tr> 1793 <tr> 1794 <td>CVE-2016-2501</td> 1795 <td>A-27890772* 1796 QC-CR1001092</td> 1797 <td></td> 1798 <td>Nexus 5XNexus 6Nexus 6PNexus 72013</td> 1799 <td>2016 3 27 </td> 1800 </tr> 1801 </table> 1802 <p>* <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus </p> 1803 1804 <h3 id="elevation-of-privilege-vulnerability-in-nvidia-camera-driver"> 1805 NVIDIA </h3> 1806 <p>NVIDIA </p> 1807 1808 <table> 1809 <col width="19%"> 1810 <col width="20%"> 1811 <col width="10%"> 1812 <col width="23%"> 1813 <col width="16%"> 1814 <tr> 1815 <th>CVE</th> 1816 <th></th> 1817 <th></th> 1818 <th> Nexus </th> 1819 <th></th> 1820 </tr> 1821 <tr> 1822 <td>CVE-2016-3793</td> 1823 <td>A-28026625*<br> 1824 N-CVE20163793</td> 1825 <td></td> 1826 <td>Nexus 9</td> 1827 <td>2016 4 5 </td> 1828 </tr> 1829 </table> 1830 <p>* <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus </p> 1831 1832 <h3 id="elevation-of-privilege-vulnerability-in-mediatek-power-driver"> 1833 MediaTek </h3> 1834 <p>MediaTek </p> 1835 1836 <table> 1837 <col width="19%"> 1838 <col width="20%"> 1839 <col width="10%"> 1840 <col width="23%"> 1841 <col width="16%"> 1842 <tr> 1843 <th>CVE</th> 1844 <th></th> 1845 <th></th> 1846 <th> Nexus </th> 1847 <th></th> 1848 </tr> 1849 <tr> 1850 <td>CVE-2016-3795</td> 1851 <td>A-28085222*<br> 1852 M-ALPS02677244</td> 1853 <td></td> 1854 <td>Android One</td> 1855 <td>2016 4 7 </td> 1856 </tr> 1857 <tr> 1858 <td>CVE-2016-3796</td> 1859 <td>A-29008443*<br> 1860 M-ALPS02677244</td> 1861 <td></td> 1862 <td>Android One</td> 1863 <td>2016 4 7 </td> 1864 </tr> 1865 </table> 1866 <p>* <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus </p> 1867 1868 <h3 id="elevation-of-privilege-vulnerability-in-qualcomm-wi-fi-driver-2"> 1869 Qualcomm Wi-Fi </h3> 1870 <p>Qualcomm Wi-Fi </p> 1871 1872 <table> 1873 <col width="19%"> 1874 <col width="16%"> 1875 <col width="10%"> 1876 <col width="27%"> 1877 <col width="16%"> 1878 <tr> 1879 <th>CVE</th> 1880 <th></th> 1881 <th></th> 1882 <th> Nexus </th> 1883 <th></th> 1884 </tr> 1885 <tr> 1886 <td>CVE-2016-3797</td> 1887 <td>A-28085680* 1888 QC-CR1001450</td> 1889 <td></td> 1890 <td>Nexus 5X</td> 1891 <td>2016 4 7 </td> 1892 </tr> 1893 </table> 1894 <p>* <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus </p> 1895 1896 <h3 id="elevation-of-privilege-vulnerability-in-mediatek-hardware-sensor-driver"> 1897 MediaTek </h3> 1898 <p>MediaTek </p> 1899 1900 <table> 1901 <col width="19%"> 1902 <col width="20%"> 1903 <col width="10%"> 1904 <col width="23%"> 1905 <col width="16%"> 1906 <tr> 1907 <th>CVE</th> 1908 <th></th> 1909 <th></th> 1910 <th> Nexus </th> 1911 <th></th> 1912 </tr> 1913 <tr> 1914 <td>CVE-2016-3798</td> 1915 <td>A-28174490*<br> 1916 M-ALPS02703105</td> 1917 <td></td> 1918 <td>Android One</td> 1919 <td>2016 4 11 </td> 1920 </tr> 1921 </table> 1922 <p>* <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus </p> 1923 1924 <h3 id="elevation-of-privilege-vulnerability-in-mediatek-video-driver"> 1925 MediaTek </h3> 1926 <p>MediaTek </p> 1927 1928 <table> 1929 <col width="19%"> 1930 <col width="20%"> 1931 <col width="10%"> 1932 <col width="23%"> 1933 <col width="16%"> 1934 <tr> 1935 <th>CVE</th> 1936 <th></th> 1937 <th></th> 1938 <th> Nexus </th> 1939 <th></th> 1940 </tr> 1941 <tr> 1942 <td>CVE-2016-3799</td> 1943 <td>A-28175025*<br> 1944 M-ALPS02693738</td> 1945 <td></td> 1946 <td>Android One</td> 1947 <td>2016 4 11 </td> 1948 </tr> 1949 <tr> 1950 <td>CVE-2016-3800</td> 1951 <td>A-28175027*<br> 1952 M-ALPS02693739</td> 1953 <td></td> 1954 <td>Android One</td> 1955 <td>2016 4 11 </td> 1956 </tr> 1957 </table> 1958 <p>* <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus </p> 1959 1960 <h3 id="elevation-of-privilege-vulnerability-in-mediatek-gps-driver"> 1961 MediaTek GPS </h3> 1962 <p>MediaTek GPS </p> 1963 1964 <table> 1965 <col width="19%"> 1966 <col width="20%"> 1967 <col width="10%"> 1968 <col width="23%"> 1969 <col width="16%"> 1970 <tr> 1971 <th>CVE</th> 1972 <th></th> 1973 <th></th> 1974 <th> Nexus </th> 1975 <th></th> 1976 </tr> 1977 <tr> 1978 <td>CVE-2016-3801</td> 1979 <td>A-28174914*<br> 1980 M-ALPS02688853</td> 1981 <td></td> 1982 <td>Android One</td> 1983 <td>2016 4 11 </td> 1984 </tr> 1985 </table> 1986 <p>* <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus </p> 1987 1988 <h3 id="elevation-of-privilege-vulnerability-in-kernel-file-system-2"> 1989 </h3> 1990 <p> </p> 1991 1992 <table> 1993 <col width="19%"> 1994 <col width="16%"> 1995 <col width="10%"> 1996 <col width="27%"> 1997 <col width="16%"> 1998 <tr> 1999 <th>CVE</th> 2000 <th></th> 2001 <th></th> 2002 <th> Nexus </th> 2003 <th></th> 2004 </tr> 2005 <tr> 2006 <td>CVE-2016-3802</td> 2007 <td>A-28271368*</td> 2008 <td></td> 2009 <td>Nexus 9</td> 2010 <td>2016 4 19 </td> 2011 </tr> 2012 <tr> 2013 <td>CVE-2016-3803</td> 2014 <td>A-28588434*</td> 2015 <td></td> 2016 <td>Nexus 5XNexus 6P</td> 2017 <td>2016 5 4 </td> 2018 </tr> 2019 </table> 2020 <p>* <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus </p> 2021 2022 <h3 id="elevation-of-privilege-vulnerability-in-mediatek-power-management-driver"> 2023 MediaTek </h3> 2024 <p>MediaTek </p> 2025 2026 <table> 2027 <col width="19%"> 2028 <col width="20%"> 2029 <col width="10%"> 2030 <col width="23%"> 2031 <col width="16%"> 2032 <tr> 2033 <th>CVE</th> 2034 <th></th> 2035 <th></th> 2036 <th> Nexus </th> 2037 <th></th> 2038 </tr> 2039 <tr> 2040 <td>CVE-2016-3804</td> 2041 <td>A-28332766*<br> 2042 M-ALPS02694410</td> 2043 <td></td> 2044 <td>Android One</td> 2045 <td>2016 4 20 </td> 2046 </tr> 2047 <tr> 2048 <td>CVE-2016-3805</td> 2049 <td>A-28333002*<br> 2050 M-ALPS02694412</td> 2051 <td></td> 2052 <td>Android One</td> 2053 <td>2016 4 21 </td> 2054 </tr> 2055 </table> 2056 <p>* <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus </p> 2057 2058 <h3 id="elevation-of-privilege-vulnerability-in-mediatek-display-driver"> 2059 MediaTek </h3> 2060 <p>MediaTek </p> 2061 2062 <table> 2063 <col width="19%"> 2064 <col width="20%"> 2065 <col width="10%"> 2066 <col width="23%"> 2067 <col width="16%"> 2068 <tr> 2069 <th>CVE</th> 2070 <th></th> 2071 <th></th> 2072 <th> Nexus </th> 2073 <th></th> 2074 </tr> 2075 <tr> 2076 <td>CVE-2016-3806</td> 2077 <td>A-28402341*<br> 2078 M-ALPS02715341</td> 2079 <td></td> 2080 <td>Android One</td> 2081 <td>2016 4 26 </td> 2082 </tr> 2083 </table> 2084 <p>* <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus </p> 2085 2086 <h3 id="elevation-of-privilege-vulnerability-in-serial-peripheral-interface-driver"> 2087 </h3> 2088 <p> </p> 2089 2090 <table> 2091 <col width="19%"> 2092 <col width="16%"> 2093 <col width="10%"> 2094 <col width="27%"> 2095 <col width="16%"> 2096 <tr> 2097 <th>CVE</th> 2098 <th></th> 2099 <th></th> 2100 <th> Nexus </th> 2101 <th></th> 2102 </tr> 2103 <tr> 2104 <td>CVE-2016-3807</td> 2105 <td>A-28402196*</td> 2106 <td></td> 2107 <td>Nexus 5XNexus 6P</td> 2108 <td>2016 4 26 </td> 2109 </tr> 2110 <tr> 2111 <td>CVE-2016-3808</td> 2112 <td>A-28430009*</td> 2113 <td></td> 2114 <td>Pixel C</td> 2115 <td>2016 4 26 </td> 2116 </tr> 2117 </table> 2118 <p>* <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus </p> 2119 2120 <h3 id="elevation-of-privilege-vulnerability-in-qualcomm-sound-driver"> 2121 Qualcomm </h3> 2122 <p>Qualcomm </p> 2123 2124 <table> 2125 <col width="19%"> 2126 <col width="16%"> 2127 <col width="10%"> 2128 <col width="27%"> 2129 <col width="16%"> 2130 <tr> 2131 <th>CVE</th> 2132 <th></th> 2133 <th></th> 2134 <th> Nexus </th> 2135 <th></th> 2136 </tr> 2137 <tr> 2138 <td>CVE-2016-2068</td> 2139 <td>A-28470967 2140 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?h=APSS.FSM.3.0&id=01ee86da5a0cd788f134e360e2be517ef52b6b00">QC-CR1006609</a></td> 2141 <td></td> 2142 <td>Nexus 5Nexus 5XNexus 6Nexus 6P</td> 2143 <td>2016 4 28 </td> 2144 </tr> 2145 </table> 2146 2147 <h3 id="elevation-of-privilege-vulnerability-in-kernel"> 2148 </h3> 2149 <p></p> 2150 2151 <table> 2152 <col width="19%"> 2153 <col width="20%"> 2154 <col width="10%"> 2155 <col width="23%"> 2156 <col width="16%"> 2157 <tr> 2158 <th>CVE</th> 2159 <th></th> 2160 <th></th> 2161 <th> Nexus </th> 2162 <th></th> 2163 </tr> 2164 <tr> 2165 <td>CVE-2014-9803</td> 2166 <td>A-28557020<br> 2167 <a href="https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/arch/arm64/include/asm/pgtable.h?h=linux-3.10.y&id=5a0fdfada3a2aa50d7b947a2e958bf00cbe0d830"> 2168 </a></td> 2169 <td></td> 2170 <td>Nexus 5XNexus 6P</td> 2171 <td>Google </td> 2172 </tr> 2173 </table> 2174 2175 <h3 id="information-disclosure-vulnerability-in-networking-component"> 2176 </h3> 2177 <p> </p> 2178 2179 <table> 2180 <col width="19%"> 2181 <col width="16%"> 2182 <col width="10%"> 2183 <col width="27%"> 2184 <col width="16%"> 2185 <tr> 2186 <th>CVE</th> 2187 <th></th> 2188 <th></th> 2189 <th> Nexus </th> 2190 <th></th> 2191 </tr> 2192 <tr> 2193 <td>CVE-2016-3809</td> 2194 <td>A-27532522*</td> 2195 <td></td> 2196 <td><a href="#all_nexus"> Nexus</a></td> 2197 <td>2016 3 5 </td> 2198 </tr> 2199 </table> 2200 <p>* <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus </p> 2201 2202 <h3 id="information-disclosure-vulnerability-in-mediatek-wi-fi-driver"> 2203 MediaTek Wi-Fi </h3> 2204 <p>MediaTek Wi-Fi </p> 2205 2206 <table> 2207 <col width="19%"> 2208 <col width="20%"> 2209 <col width="10%"> 2210 <col width="23%"> 2211 <col width="16%"> 2212 <tr> 2213 <th>CVE</th> 2214 <th></th> 2215 <th></th> 2216 <th> Nexus </th> 2217 <th></th> 2218 </tr> 2219 <tr> 2220 <td>CVE-2016-3810</td> 2221 <td>A-28175522*<br> 2222 M-ALPS02694389</td> 2223 <td></td> 2224 <td>Android One</td> 2225 <td>2016 4 12 </td> 2226 </tr> 2227 </table> 2228 <p>* <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus </p> 2229 2230 <h3 id="elevation-of-privilege-vulnerability-in-kernel-video-driver"> 2231 </h3> 2232 <p> </p> 2233 2234 <table> 2235 <col width="19%"> 2236 <col width="16%"> 2237 <col width="10%"> 2238 <col width="27%"> 2239 <col width="16%"> 2240 <tr> 2241 <th>CVE</th> 2242 <th></th> 2243 <th></th> 2244 <th> Nexus </th> 2245 <th></th> 2246 </tr> 2247 <tr> 2248 <td>CVE-2016-3811</td> 2249 <td>A-28447556*</td> 2250 <td></td> 2251 <td>Nexus 9</td> 2252 <td>Google </td> 2253 </tr> 2254 </table> 2255 <p>* <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus </p> 2256 2257 <h3 id="information-disclosure-vulnerability-in-mediatek-video-codec-driver"> 2258 MediaTek </h3> 2259 <p>MediaTek </p> 2260 2261 <table> 2262 <col width="19%"> 2263 <col width="20%"> 2264 <col width="10%"> 2265 <col width="23%"> 2266 <col width="16%"> 2267 <tr> 2268 <th>CVE</th> 2269 <th></th> 2270 <th></th> 2271 <th> Nexus </th> 2272 <th></th> 2273 </tr> 2274 <tr> 2275 <td>CVE-2016-3812</td> 2276 <td>A-28174833*<br> 2277 M-ALPS02688832</td> 2278 <td></td> 2279 <td>Android One</td> 2280 <td>2016 4 11 </td> 2281 </tr> 2282 </table> 2283 <p>* <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus </p> 2284 2285 <h3 id="information-disclosure-vulnerability-in-qualcomm-usb-driver"> 2286 Qualcomm USB </h3> 2287 <p>Qualcomm USB </p> 2288 2289 <table> 2290 <col width="19%"> 2291 <col width="16%"> 2292 <col width="10%"> 2293 <col width="27%"> 2294 <col width="16%"> 2295 <tr> 2296 <th>CVE</th> 2297 <th></th> 2298 <th></th> 2299 <th> Nexus </th> 2300 <th></th> 2301 </tr> 2302 <tr> 2303 <td>CVE-2016-3813</td> 2304 <td>A-28172322* 2305 QC-CR1010222</td> 2306 <td></td> 2307 <td>Nexus 5Nexus 5XNexus 6Nexus 6P</td> 2308 <td>2016 4 11 </td> 2309 </tr> 2310 </table> 2311 <p>* <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus </p> 2312 2313 <h3 id="information-disclosure-vulnerability-in-nvidia-camera-driver"> 2314 NVIDIA </h3> 2315 <p>NVIDIA </p> 2316 2317 <table> 2318 <col width="19%"> 2319 <col width="20%"> 2320 <col width="10%"> 2321 <col width="23%"> 2322 <col width="16%"> 2323 <tr> 2324 <th>CVE</th> 2325 <th></th> 2326 <th></th> 2327 <th> Nexus </th> 2328 <th></th> 2329 </tr> 2330 <tr> 2331 <td>CVE-2016-3814</td> 2332 <td>A-28193342*<br> 2333 N-CVE20163814</td> 2334 <td></td> 2335 <td>Nexus 9</td> 2336 <td>2016 4 14 </td> 2337 </tr> 2338 <tr> 2339 <td>CVE-2016-3815</td> 2340 <td>A-28522274*<br> 2341 N-CVE20163815</td> 2342 <td></td> 2343 <td>Nexus 9</td> 2344 <td>2016 5 1 </td> 2345 </tr> 2346 </table> 2347 <p>* <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus </p> 2348 2349 <h3 id="information-disclosure-vulnerability-in-mediatek-display-driver"> 2350 MediaTek </h3> 2351 <p>MediaTek </p> 2352 2353 <table> 2354 <col width="19%"> 2355 <col width="16%"> 2356 <col width="10%"> 2357 <col width="27%"> 2358 <col width="16%"> 2359 <tr> 2360 <th>CVE</th> 2361 <th></th> 2362 <th></th> 2363 <th> Nexus </th> 2364 <th></th> 2365 </tr> 2366 <tr> 2367 <td>CVE-2016-3816</td> 2368 <td>A-28402240*</td> 2369 <td></td> 2370 <td>Android One</td> 2371 <td>2016 4 26 </td> 2372 </tr> 2373 </table> 2374 <p>* <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus </p> 2375 2376 <h3 id="information-disclosure-vulnerability-in-kernel-teletype-driver"> 2377 </h3> 2378 <p> </p> 2379 2380 <table> 2381 <col width="19%"> 2382 <col width="20%"> 2383 <col width="10%"> 2384 <col width="23%"> 2385 <col width="16%"> 2386 <tr> 2387 <th>CVE</th> 2388 <th></th> 2389 <th></th> 2390 <th> Nexus </th> 2391 <th></th> 2392 </tr> 2393 <tr> 2394 <td>CVE-2016-0723</td> 2395 <td>A-28409131<br> 2396 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5c17c861a357e9458001f021a7afa7aab9937439"> </a></td> 2397 <td></td> 2398 <td>Nexus 5Nexus 5XNexus 6Nexus 6PNexus 72013Nexus 9Nexus PlayerPixel C</td> 2399 <td>2016 4 26 </td> 2400 </tr> 2401 </table> 2402 2403 <h3 id="denial-of-service-vulnerability-in-qualcomm-bootloader"> 2404 Qualcomm </h3> 2405 <p>Qualcomm </p> 2406 2407 <table> 2408 <col width="19%"> 2409 <col width="16%"> 2410 <col width="10%"> 2411 <col width="27%"> 2412 <col width="16%"> 2413 <tr> 2414 <th>CVE</th> 2415 <th></th> 2416 <th></th> 2417 <th> Nexus </th> 2418 <th></th> 2419 </tr> 2420 <tr> 2421 <td>CVE-2014-9798</td> 2422 <td>A-28821448 2423 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/lk/commit/?id=b05eed2491a098bf627ac485a5b43d2f4fae2484">QC-CR681965</a></td> 2424 <td></td> 2425 <td>Nexus 5</td> 2426 <td>2014 10 31 </td> 2427 </tr> 2428 <tr> 2429 <td>CVE-2015-8893</td> 2430 <td>A-28822690 2431 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/lk/commit/?id=800255e8bfcc31a02e89460460e3811f225e7a69">QC-CR822275</a></td> 2432 <td></td> 2433 <td>Nexus 5Nexus 72013</td> 2434 <td>2015 8 19 </td> 2435 </tr> 2436 </table> 2437 <h2 id="common-questions-and-answers"></h2> 2438 <p></p> 2439 2440 <p><strong>1. </strong></p> 2441 <p> 2016-07-01 2016-7-01 2016-07-05 2016-07-05 <a href="https://support.google.com/nexus/answer/4457705"></a> [ro.build.version.security_patch]:[2016-07-01] 2442 [ro.build.version.security_patch]:[2016-07-05] </p> 2443 2444 <p><strong>2. 2 </strong></p> 2445 <p> Android Android 2 Android </p> 2446 <p>2016 7 5 </p> 2447 <p>2016 7 1 2016 7 1 2016 7 5 </p> 2448 2449 <p id="all_nexus"><strong>3. Nexus </strong></p> 2450 <p><a href="#2016-07-01_details">2016-07-01</a> <a href="#2016-07-05_details">2016-07-05</a> Nexus Nexus </p> 2451 <ul> 2452 <li><strong> Nexus </strong>: Nexus Nexus Nexus<em></em> Nexus<a href="https://support.google.com/nexus/answer/4457705#nexus_devices"></a>Nexus 5Nexus 5XNexus 6Nexus 6PNexus 72013Nexus 9Android OneNexus PlayerPixel C</li> 2453 <li><strong> Nexus </strong>: Nexus Nexus Nexus <em></em></li> 2454 <li><strong> Nexus </strong>: Nexus Nexus <em></em></li> 2455 </ul> 2456 2457 <p><strong>4. </strong></p> 2458 <p><em></em></p> 2459 2460 <table> 2461 <tr> 2462 <th></th> 2463 <th></th> 2464 </tr> 2465 <tr> 2466 <td>A-</td> 2467 <td>Android ID</td> 2468 </tr> 2469 <tr> 2470 <td>QC-</td> 2471 <td>Qualcomm </td> 2472 </tr> 2473 <tr> 2474 <td>M-</td> 2475 <td>MediaTek </td> 2476 </tr> 2477 <tr> 2478 <td>N-</td> 2479 <td>NVIDIA </td> 2480 </tr> 2481 </table> 2482 2483 <h2 id="revisions"></h2> 2484 <ul> 2485 <li>2016 7 6 : </li> 2486 <li>2016 7 7 : 2487 <ul> 2488 <li>AOSP 2489 <li>CVE-2016-3794 CVE-2016-3814 2490 <li>CVE-2016-2501 CVE-2016-2502 2491 </li></li></li></ul> 2492 </li> 2493 <li>2016 7 11 : CVE-2016-3750 </li> 2494 <li>2016 7 14 : CVE-2016-2503 </li> 2495 </ul> 2496 2497 </body> 2498 </html> 2499
