1 <html devsite> 2 <head> 3 <title>Android - 2016 8 </title> 4 <meta name="project_path" value="/_project.yaml" /> 5 <meta name="book_path" value="/_book.yaml" /> 6 </head> 7 <body> 8 <!-- 9 Copyright 2017 The Android Open Source Project 10 11 Licensed under the Apache License, Version 2.0 (the "License"); 12 you may not use this file except in compliance with the License. 13 You may obtain a copy of the License at 14 15 http://www.apache.org/licenses/LICENSE-2.0 16 17 Unless required by applicable law or agreed to in writing, software 18 distributed under the License is distributed on an "AS IS" BASIS, 19 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 20 See the License for the specific language governing permissions and 21 limitations under the License. 22 --> 23 24 25 26 <p><em>2016 8 1 | 2016 8 2 </em></p> 27 <p> 28 Android Android Nexus OTANexus <a href="https://developers.google.com/android/nexus/images">Google </a>2016 8 5 <a href="https://support.google.com/nexus/answer/4457705#nexus_devices"></a> 29 </p> 30 <p> 31 2016 7 6 Android AOSP AOSP 32 </p> 33 <p> 34 MMS 35 </p> 36 <p> 37 <a href="/security/enhancements/index.html">Android </a> SafetyNet <a href="#mitigations">Android Google </a>Android 38 </p> 39 <p> 40 41 </p> 42 <h2 id="announcements"></h2> 43 <ul> 44 <li>2 Android Android <a href="#common-questions-and-answers"></a> 45 <ul> 46 <li><strong>2016-08-01</strong>: 2016-08-01 </li> 47 <li><strong>2016-08-05</strong>: 2016-08-01 2016-08-05 </li> 48 </ul> 49 </li> 50 <li> Nexus 2016 8 5 1 OTA </li> 51 </ul> 52 53 <h2 id="security-vulnerability-summary"></h2> 54 <p> 55 CVENexus <a href="/security/overview/updates-resources.html#severity"></a> 56 </p> 57 58 <h3 id="2016-08-01-security-patch-level-vulnerability-summary"> 2016-08-01 </h3> 59 <p> 60 2016-08-01 61 </p> 62 <table> 63 <col width="55%"> 64 <col width="20%"> 65 <col width="13%"> 66 <col width="12%"> 67 <tr> 68 <th></th> 69 <th>CVE</th> 70 <th></th> 71 <th>Nexus </th> 72 </tr> 73 <tr> 74 <td></td> 75 <td>CVE-2016-3819CVE-2016-3820CVE-2016-3821</td> 76 <td></td> 77 <td></td> 78 </tr> 79 <tr> 80 <td>libjhead </td> 81 <td>CVE-2016-3822</td> 82 <td></td> 83 <td></td> 84 </tr> 85 <tr> 86 <td></td> 87 <td>CVE-2016-3823CVE-2016-3824CVE-2016-3825CVE-2016-3826</td> 88 <td></td> 89 <td></td> 90 </tr> 91 <tr> 92 <td></td> 93 <td>CVE-2016-3827CVE-2016-3828CVE-2016-3829CVE-2016-3830</td> 94 <td></td> 95 <td></td> 96 </tr> 97 <tr> 98 <td> </td> 99 <td>CVE-2016-3831</td> 100 <td></td> 101 <td></td> 102 </tr> 103 <tr> 104 <td> API </td> 105 <td>CVE-2016-3832</td> 106 <td></td> 107 <td></td> 108 </tr> 109 <tr> 110 <td></td> 111 <td>CVE-2016-3833</td> 112 <td></td> 113 <td></td> 114 </tr> 115 <tr> 116 <td>OpenSSL </td> 117 <td>CVE-2016-2842</td> 118 <td></td> 119 <td>*</td> 120 </tr> 121 <tr> 122 <td> API </td> 123 <td>CVE-2016-3834</td> 124 <td></td> 125 <td></td> 126 </tr> 127 <tr> 128 <td></td> 129 <td>CVE-2016-3835</td> 130 <td></td> 131 <td></td> 132 </tr> 133 <tr> 134 <td>SurfaceFlinger </td> 135 <td>CVE-2016-3836</td> 136 <td></td> 137 <td></td> 138 </tr> 139 <tr> 140 <td>Wi-Fi </td> 141 <td>CVE-2016-3837</td> 142 <td></td> 143 <td></td> 144 </tr> 145 <tr> 146 <td> UI </td> 147 <td>CVE-2016-3838</td> 148 <td></td> 149 <td></td> 150 </tr> 151 <tr> 152 <td>Bluetooth </td> 153 <td>CVE-2016-3839</td> 154 <td></td> 155 <td></td> 156 </tr> 157 </table> 158 <p>* Nexus </p> 159 160 <h3 id="2016-08-05-security-patch-level-vulnerability-summary"> 2016-08-05 </h3> 161 <p> 162 2016-08-05 2016-08-01 163 </p> 164 <table> 165 <col width="55%"> 166 <col width="20%"> 167 <col width="13%"> 168 <col width="12%"> 169 <tr> 170 <th></th> 171 <th>CVE</th> 172 <th></th> 173 <th>Nexus </th> 174 </tr> 175 <tr> 176 <td>Qualcomm Wi-Fi </td> 177 <td>CVE-2014-9902</td> 178 <td></td> 179 <td></td> 180 </tr> 181 <tr> 182 <td>Conscrypt </td> 183 <td>CVE-2016-3840</td> 184 <td></td> 185 <td></td> 186 </tr> 187 <tr> 188 <td>Qualcomm </td> 189 <td>CVE-2014-9863CVE-2014-9864CVE-2014-9865CVE-2014-9866 190 CVE-2014-9867CVE-2014-9868CVE-2014-9869CVE-2014-9870 191 CVE-2014-9871CVE-2014-9872CVE-2014-9873CVE-2014-9874 192 CVE-2014-9875CVE-2014-9876CVE-2014-9877CVE-2014-9878 193 CVE-2014-9879CVE-2014-9880CVE-2014-9881CVE-2014-9882 194 CVE-2014-9883CVE-2014-9884CVE-2014-9885CVE-2014-9886 195 CVE-2014-9887CVE-2014-9888CVE-2014-9889CVE-2014-9890 196 CVE-2014-9891CVE-2015-8937CVE-2015-8938CVE-2015-8939 197 CVE-2015-8940CVE-2015-8941CVE-2015-8942CVE-2015-8943</td> 198 <td></td> 199 <td></td> 200 </tr> 201 <tr> 202 <td> </td> 203 <td>CVE-2015-2686CVE-2016-3841</td> 204 <td></td> 205 <td></td> 206 </tr> 207 <tr> 208 <td>Qualcomm GPU </td> 209 <td>CVE-2016-2504CVE-2016-3842</td> 210 <td></td> 211 <td></td> 212 </tr> 213 <tr> 214 <td>Qualcomm </td> 215 <td>CVE-2016-3843</td> 216 <td></td> 217 <td></td> 218 </tr> 219 <tr> 220 <td></td> 221 <td>CVE-2016-3857</td> 222 <td></td> 223 <td></td> 224 </tr> 225 <tr> 226 <td> </td> 227 <td>CVE-2015-1593CVE-2016-3672</td> 228 <td></td> 229 <td></td> 230 </tr> 231 <tr> 232 <td> </td> 233 <td>CVE-2016-2544CVE-2016-2546CVE-2014-9904</td> 234 <td></td> 235 <td></td> 236 </tr> 237 <tr> 238 <td> </td> 239 <td>CVE-2012-6701</td> 240 <td></td> 241 <td></td> 242 </tr> 243 <tr> 244 <td></td> 245 <td>CVE-2016-3844</td> 246 <td></td> 247 <td></td> 248 </tr> 249 <tr> 250 <td> </td> 251 <td>CVE-2016-3845</td> 252 <td></td> 253 <td></td> 254 </tr> 255 <tr> 256 <td> </td> 257 <td>CVE-2016-3846</td> 258 <td></td> 259 <td></td> 260 </tr> 261 <tr> 262 <td>NVIDIA </td> 263 <td>CVE-2016-3847CVE-2016-3848</td> 264 <td></td> 265 <td></td> 266 </tr> 267 <tr> 268 <td>ION </td> 269 <td>CVE-2016-3849</td> 270 <td></td> 271 <td></td> 272 </tr> 273 <tr> 274 <td>Qualcomm </td> 275 <td>CVE-2016-3850</td> 276 <td></td> 277 <td></td> 278 </tr> 279 <tr> 280 <td> </td> 281 <td>CVE-2016-3843</td> 282 <td></td> 283 <td></td> 284 </tr> 285 <tr> 286 <td>LG Electronics </td> 287 <td>CVE-2016-3851</td> 288 <td></td> 289 <td></td> 290 </tr> 291 <tr> 292 <td>Qualcomm </td> 293 <td>CVE-2014-9892CVE-2014-9893 CVE-2014-9894CVE-2014-9895 CVE-2014-9896 294 CVE-2014-9897 CVE-2014-9898CVE-2014-9899 CVE-2014-9900CVE-2015-8944</td> 295 <td></td> 296 <td></td> 297 </tr> 298 <tr> 299 <td> </td> 300 <td>CVE-2014-9903</td> 301 <td></td> 302 <td></td> 303 </tr> 304 <tr> 305 <td>MediaTek Wi-Fi </td> 306 <td>CVE-2016-3852</td> 307 <td></td> 308 <td></td> 309 </tr> 310 <tr> 311 <td>USB </td> 312 <td>CVE-2016-4482</td> 313 <td></td> 314 <td></td> 315 </tr> 316 <tr> 317 <td>Qualcomm </td> 318 <td>CVE-2014-9901</td> 319 <td></td> 320 <td></td> 321 </tr> 322 <tr> 323 <td>Google Play </td> 324 <td>CVE-2016-3853</td> 325 <td></td> 326 <td></td> 327 </tr> 328 <tr> 329 <td> API </td> 330 <td>CVE-2016-2497</td> 331 <td></td> 332 <td></td> 333 </tr> 334 <tr> 335 <td> </td> 336 <td>CVE-2016-4578</td> 337 <td></td> 338 <td></td> 339 </tr> 340 <tr> 341 <td> </td> 342 <td>CVE-2016-4569CVE-2016-4578</td> 343 <td></td> 344 <td></td> 345 </tr> 346 <tr> 347 <td>Qualcomm </td> 348 <td>CVE-2016-3854CVE-2016-3855CVE-2016-2060</td> 349 <td></td> 350 <td></td> 351 </tr> 352 </table> 353 <h2 id="mitigations">Android Google </h2> 354 <p> 355 <a href="/security/enhancements/index.html">Android </a> SafetyNet Android 356 </p> 357 <ul> 358 <li>Android Android Google Android </li> 359 <li>Android <a href="http://static.googleusercontent.com/media/source.android.com/en//security/reports/Google_Android_Security_2015_Report_Final.pdf"> SafetyNet</a> <a href="http://static.googleusercontent.com/media/source.android.com/en//security/reports/Google_Android_Security_PHA_classifications.pdf"></a><a href="http://www.android.com/gms">Google </a>Google Play Google Play </li> 360 <li>Google </li> 361 </ul> 362 <h2 id="acknowledgements"></h2> 363 <p> 364 365 </p> 366 <ul> 367 <li>Google Chrome Abhishek AryaOliver ChangMartin Barbella: CVE-2016-3821CVE-2016-3837</li> 368 <li>Check Point Software Technologies Ltd. Adam Donenfeld : CVE-2016-2504</li> 369 <li><a href="http://c0reteam.org">C0RE Team</a> Chiachih Wu<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>Mingjian Zhou<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>Xuxian Jiang: CVE-2016-3844</li> 370 <li><a href="http://c0reteam.org">C0RE Team</a> Chiachih Wu<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>Yuan-Tsung Lo<a href="mailto:computernik (a] gmail.com">computernik (a] gmail.com</a>Xuxian Jiang: CVE-2016-3857</li> 371 <li>Google David BenjaminKenny Root: CVE-2016-3840</li> 372 <li><a href="http://jaq.alibaba.com">Alibaba Mobile Security Team</a> Dawei Peng<a href="http://weibo.com/u/5622360291">Vinc3nt4H</a>: CVE-2016-3822</li> 373 <li>Tencent KeenLab<a href="https://twitter.com/keen_lab">@keen_lab</a> Di Shen<a href="https://twitter.com/returnsme">@returnsme</a>: CVE-2016-3842</li> 374 <li>Google Dianne Hackborn: CVE-2016-2497</li> 375 <li>Google Dynamic Tools Dmitry Vyukov: CVE-2016-3841</li> 376 <li><a href="http://www.360.com">Qihoo 360Technology Co. Ltd.</a> IceSword Lab Gengjia Chen<a href="https://twitter.com/chengjia4574">@chengjia4574</a>pjf<a href="http://weibo.com/jfpan">weibo.com/jfpan</a>: CVE-2016-2492</li> 377 <li><a href="http://www.360.com">Qihoo 360 Technology Co. Ltd</a>. Alpha Team Guang Gong<a href="https://twitter.com/oldfresher">@oldfresher</a>: CVE-2016-3834</li> 378 <li>Fortinet FortiGuard Labs Kai Lu<a href="https://twitter.com/K3vinLuSec">@K3vinLuSec</a>: CVE-2016-3820</li> 379 <li>Kandala Shivaram reddyDSUppi: CVE-2016-3826</li> 380 <li><a href="https://twitter.com/Mingjian_Zhou">C0RE Team</a> Mingjian Zhou<a href="https://twitter.com/chiachih_wu">@Mingjian_Zhou</a>Chiachih Wu<a href="http://c0reteam.org">@chiachih_wu</a>Xuxian Jiang: CVE-2016-3823CVE-2016-3835CVE-2016-3824CVE-2016-3825</li> 381 <li>Tesla Motors Product Security Team Nathan Crandall<a href="https://twitter.com/natecray">@natecray</a>: CVE-2016-3847CVE-2016-3848</li> 382 <li>Alibaba Mobile Security Group Peng XiaoChengming YangNing YouChao YangYang song: CVE-2016-3845</li> 383 <li>Trend Micro Peter Pi<a href="https://twitter.com/heisecode">@heisecode</a>: CVE-2016-3849</li> 384 <li><a href="http://www.wooyun.org/">WooYun TangLab</a> Qianwei Hu<a href="mailto:rayxcp (a] gmail.com">rayxcp (a] gmail.com</a>: CVE-2016-3846</li> 385 <li>Tencent KeenLab<a href="https://twitter.com/keen_lab">@keen_lab</a> Qidan He<a href="https://twitter.com/flanker_hqd">@flanker_hqd</a>: CVE-2016-3832</li> 386 <li>Google Sharvil Nanavati: CVE-2016-3839</li> 387 <li><a href="http://www.isti.tu-berlin.de/security_in_telecommunications">Security in Telecommunications</a> Shinjo Park<a href="https://twitter.com/ad_ili_rai">@ad_ili_rai</a>Altaf Shaik: CVE-2016-3831</li> 388 <li>Tom Rootjunky: CVE-2016-3853</li> 389 <li>Vasily Vasiliev: CVE-2016-3819</li> 390 <li>Alibaba Inc. Weichao Sun<a href="https://twitter.com/sunblate">@sunblate</a>: CVE-2016-3827CVE-2016-3828CVE-2016-3829</li> 391 <li><a href="http://blog.trendmicro.com/trendlabs-security-intelligence/author/wishwu/">Trend Micro Inc</a>. Wish Wu<a href="http://weibo.com/wishlinux"></a><a href="https://twitter.com/wish_wu">@wish_wu</a>: CVE-2016-3843</li> 392 <li>Tencent Xuanwu LAB Yongke Wang<a href="https://twitter.com/rudykewang">@Rudykewang</a>: CVE-2016-3836</li> 393 </ul> 394 <p> 395 CVE-2016-3843 Copperhead Security Daniel MicayGoogle Jeff Vander Stoep Yabin Cui Grsecurity Brad Spengler 396 </p> 397 <h2 id="2016-08-01-security-patch-level-security-vulnerability-details"> 398 2016-08-01 </h2> 399 <p> 400 <a href="#2016-08-01-security-patch-level-vulnerability-summary"> 2016-08-01 </a>CVE Nexus AOSP AOSP ID ID 401 </p> 402 403 <h3 id="remote-code-execution-vulnerability-in-mediaserver"> 404 </h3> 405 <p> 406 407 </p> 408 <p> 409 MMS 410 </p> 411 <table> 412 <col width="18%"> 413 <col width="18%"> 414 <col width="10%"> 415 <col width="19%"> 416 <col width="17%"> 417 <col width="17%"> 418 <tr> 419 <th>CVE</th> 420 <th></th> 421 <th></th> 422 <th> Nexus </th> 423 <th> AOSP </th> 424 <th></th> 425 </tr> 426 <tr> 427 <td>CVE-2016-3819</td> 428 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/590d1729883f700ab905cdc9ad850f3ddd7e1f56"> 429 A-28533562</a></td> 430 <td></td> 431 <td> Nexus</td> 432 <td>4.4.45.0.25.1.16.06.0.1</td> 433 <td>2016 5 2 </td> 434 </tr> 435 <tr> 436 <td>CVE-2016-3820</td> 437 <td><a href="https://android.googlesource.com/platform/external/libavc/+/a78887bcffbc2995cf9ed72e0697acf560875e9e"> 438 A-28673410</a></td> 439 <td></td> 440 <td> Nexus</td> 441 <td>6.06.0.1</td> 442 <td>2016 5 6 </td> 443 </tr> 444 <tr> 445 <td>CVE-2016-3821</td> 446 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/42a25c46b844518ff0d0b920c20c519e1417be69"> 447 A-28166152</a></td> 448 <td></td> 449 <td> Nexus</td> 450 <td>4.4.45.0.25.1.16.06.0.1</td> 451 <td>Google </td> 452 </tr> 453 </table> 454 455 <h3 id="remote-code-execution-vulnerability-in-libjhead"> 456 libjhead </h3> 457 <p> 458 libjhead 459 </p> 460 <table> 461 <col width="18%"> 462 <col width="18%"> 463 <col width="10%"> 464 <col width="19%"> 465 <col width="17%"> 466 <col width="17%"> 467 <tr> 468 <th>CVE</th> 469 <th></th> 470 <th></th> 471 <th> Nexus </th> 472 <th> AOSP </th> 473 <th></th> 474 </tr> 475 <tr> 476 <td>CVE-2016-3822</td> 477 <td><a href="https://android.googlesource.com/platform/external/jhead/+/bae671597d47b9e5955c4cb742e468cebfd7ca6b"> 478 A-28868315</a></td> 479 <td></td> 480 <td> Nexus</td> 481 <td>4.4.45.0.25.1.16.06.0.1</td> 482 <td>Google </td> 483 </tr> 484 </table> 485 486 <h3 id="elevation-of-privilege-vulnerability-in-mediaserver"> 487 </h3> 488 <p> 489 490 </p> 491 <table> 492 <col width="18%"> 493 <col width="18%"> 494 <col width="10%"> 495 <col width="19%"> 496 <col width="17%"> 497 <col width="17%"> 498 <tr> 499 <th>CVE</th> 500 <th></th> 501 <th></th> 502 <th> Nexus </th> 503 <th> AOSP </th> 504 <th></th> 505 </tr> 506 <tr> 507 <td>CVE-2016-3823</td> 508 <td><a href="https://android.googlesource.com/platform/hardware/qcom/media/+/7558d03e6498e970b761aa44fff6b2c659202d95"> 509 A-28815329</a></td> 510 <td></td> 511 <td> Nexus</td> 512 <td>4.4.45.0.25.1.16.06.0.1</td> 513 <td>2016 5 17 </td> 514 </tr> 515 <tr> 516 <td>CVE-2016-3824</td> 517 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/b351eabb428c7ca85a34513c64601f437923d576"> 518 A-28816827</a></td> 519 <td></td> 520 <td> Nexus</td> 521 <td>4.4.45.0.25.1.16.06.0.1</td> 522 <td>2016 5 17 </td> 523 </tr> 524 <tr> 525 <td>CVE-2016-3825</td> 526 <td><a href="https://android.googlesource.com/platform/hardware/qcom/media/+/d575ecf607056d8e3328ef2eb56c52e98f81e87d"> 527 A-28816964</a></td> 528 <td></td> 529 <td> Nexus</td> 530 <td>5.0.25.1.16.06.0.1</td> 531 <td>2016 5 17 </td> 532 </tr> 533 <tr> 534 <td>CVE-2016-3826</td> 535 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/9cd8c3289c91254b3955bd7347cf605d6fa032c6"> 536 A-29251553</a></td> 537 <td></td> 538 <td> Nexus</td> 539 <td>4.4.45.0.25.1.16.06.0.1</td> 540 <td>2016 6 9 </td> 541 </tr> 542 </table> 543 544 <h3 id="denial-of-service-vulnerability-in-mediaserver"> 545 </h3> 546 <p> 547 548 </p> 549 <table> 550 <col width="18%"> 551 <col width="18%"> 552 <col width="10%"> 553 <col width="19%"> 554 <col width="17%"> 555 <col width="17%"> 556 <tr> 557 <th>CVE</th> 558 <th></th> 559 <th></th> 560 <th> Nexus </th> 561 <th> AOSP </th> 562 <th></th> 563 </tr> 564 <tr> 565 <td>CVE-2016-3827</td> 566 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/a4567c66f4764442c6cb7b5c1858810194480fb5"> 567 A-28816956</a></td> 568 <td></td> 569 <td> Nexus</td> 570 <td>6.0.1</td> 571 <td>2016 5 16 </td> 572 </tr> 573 <tr> 574 <td>CVE-2016-3828</td> 575 <td><a href="https://android.googlesource.com/platform/external/libavc/+/7554755536019e439433c515eeb44e701fb3bfb2"> 576 A-28835995</a></td> 577 <td></td> 578 <td> Nexus</td> 579 <td>6.06.0.1</td> 580 <td>2016 5 17 </td> 581 </tr> 582 <tr> 583 <td>CVE-2016-3829</td> 584 <td><a href="https://android.googlesource.com/platform/external/libavc/+/326fe991a4b7971e8aeaf4ac775491dd8abd85bb"> 585 A-29023649</a></td> 586 <td></td> 587 <td> Nexus</td> 588 <td>6.06.0.1</td> 589 <td>2016 5 27 </td> 590 </tr> 591 <tr> 592 <td>CVE-2016-3830</td> 593 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/8e438e153f661e9df8db0ac41d587e940352df06"> 594 A-29153599</a></td> 595 <td></td> 596 <td> Nexus</td> 597 <td>4.4.45.0.25.1.16.06.0.1</td> 598 <td>Google </td> 599 </tr> 600 </table> 601 602 <h3 id="denial-of-service-vulnerability-in-system-clock"> 603 </h3> 604 <p> 605 606 </p> 607 <table> 608 <col width="18%"> 609 <col width="18%"> 610 <col width="10%"> 611 <col width="19%"> 612 <col width="17%"> 613 <col width="17%"> 614 <tr> 615 <th>CVE</th> 616 <th></th> 617 <th></th> 618 <th> Nexus </th> 619 <th> AOSP </th> 620 <th></th> 621 </tr> 622 <tr> 623 <td>CVE-2016-3831</td> 624 <td><a href="https://android.googlesource.com/platform/frameworks/opt/telephony/+/f47bc301ccbc5e6d8110afab5a1e9bac1d4ef058"> 625 A-29083635</a></td> 626 <td></td> 627 <td> Nexus</td> 628 <td>4.4.45.0.25.1.16.06.0.1</td> 629 <td>2016 5 31 </td> 630 </tr> 631 </table> 632 633 <h3 id="elevation-of-privilege-vulnerability-in-framework-apis"> 634 API </h3> 635 <p> 636 API 637 </p> 638 <table> 639 <col width="18%"> 640 <col width="17%"> 641 <col width="10%"> 642 <col width="19%"> 643 <col width="18%"> 644 <col width="17%"> 645 <tr> 646 <th>CVE</th> 647 <th></th> 648 <th></th> 649 <th> Nexus </th> 650 <th> AOSP </th> 651 <th></th> 652 </tr> 653 <tr> 654 <td>CVE-2016-3832</td> 655 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/e7cf91a198de995c7440b3b64352effd2e309906"> 656 A-28795098</a></td> 657 <td></td> 658 <td> Nexus</td> 659 <td>4.4.45.0.25.1.16.06.0.1</td> 660 <td>2016 5 15 </td> 661 </tr> 662 </table> 663 664 <h3 id="elevation-of-privilege-vulnerability-in-shell"> 665 </h3> 666 <p> 667 668 </p> 669 <table> 670 <col width="18%"> 671 <col width="17%"> 672 <col width="10%"> 673 <col width="19%"> 674 <col width="17%"> 675 <col width="18%"> 676 <tr> 677 <th>CVE</th> 678 <th></th> 679 <th></th> 680 <th> Nexus </th> 681 <th> AOSP </th> 682 <th></th> 683 </tr> 684 <tr> 685 <td>CVE-2016-3833</td> 686 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/01875b0274e74f97edf6b0d5c92de822e0555d03"> 687 A-29189712</a> 688 [<a href="https://android.googlesource.com/platform/frameworks/base/+/4e4743a354e26467318b437892a9980eb9b8328a">2</a>]</td> 689 <td></td> 690 <td> Nexus</td> 691 <td>5.0.25.1.16.06.0.1</td> 692 <td>Google </td> 693 </tr> 694 </table> 695 696 <h3 id="information-disclosure-vulnerability-in-openssl"> 697 OpenSSL </h3> 698 <p> 699 OpenSSL 700 </p> 701 <table> 702 <col width="18%"> 703 <col width="18%"> 704 <col width="10%"> 705 <col width="19%"> 706 <col width="17%"> 707 <col width="17%"> 708 <tr> 709 <th>CVE</th> 710 <th></th> 711 <th></th> 712 <th> Nexus </th> 713 <th> AOSP </th> 714 <th></th> 715 </tr> 716 <tr> 717 <td>CVE-2016-2842</td> 718 <td>A-29060514</td> 719 <td>*</td> 720 <td> Nexus</td> 721 <td>4.4.45.0.25.1.1</td> 722 <td>2016 3 29 </td> 723 </tr> 724 </table> 725 <p>* Nexus </p> 726 727 <h3 id="information-disclosure-vulnerability-in-camera-apis"> 728 API </h3> 729 <p> 730 API 731 </p> 732 <table> 733 <col width="18%"> 734 <col width="17%"> 735 <col width="10%"> 736 <col width="19%"> 737 <col width="18%"> 738 <col width="17%"> 739 <tr> 740 <th>CVE</th> 741 <th></th> 742 <th></th> 743 <th> Nexus </th> 744 <th> AOSP </th> 745 <th></th> 746 </tr> 747 <tr> 748 <td>CVE-2016-3834</td> 749 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/1f24c730ab6ca5aff1e3137b340b8aeaeda4bdbc"> 750 A-28466701</a></td> 751 <td></td> 752 <td> Nexus</td> 753 <td>4.4.45.0.25.1.16.06.0.1</td> 754 <td>2016 4 28 </td> 755 </tr> 756 </table> 757 758 <h3 id="information-disclosure-vulnerability-in-mediaserver"> 759 </h3> 760 <p> 761 762 </p> 763 <table> 764 <col width="18%"> 765 <col width="17%"> 766 <col width="10%"> 767 <col width="19%"> 768 <col width="18%"> 769 <col width="17%"> 770 <tr> 771 <th>CVE</th> 772 <th></th> 773 <th></th> 774 <th> Nexus </th> 775 <th> AOSP </th> 776 <th></th> 777 </tr> 778 <tr> 779 <td>CVE-2016-3835</td> 780 <td><a href="https://android.googlesource.com/platform/hardware/qcom/media/+/7558d03e6498e970b761aa44fff6b2c659202d95"> 781 A-28920116</a></td> 782 <td></td> 783 <td> Nexus</td> 784 <td>4.4.45.0.25.1.16.06.0.1</td> 785 <td>2016 5 23 </td> 786 </tr> 787 </table> 788 789 <h3 id="information-disclosure-vulnerability-in-surfaceflinger"> 790 SurfaceFlinger </h3> 791 <p> 792 SurfaceFlinger 793 </p> 794 <table> 795 <col width="18%"> 796 <col width="18%"> 797 <col width="10%"> 798 <col width="19%"> 799 <col width="17%"> 800 <col width="17%"> 801 <tr> 802 <th>CVE</th> 803 <th></th> 804 <th></th> 805 <th> Nexus </th> 806 <th> AOSP </th> 807 <th></th> 808 </tr> 809 <tr> 810 <td>CVE-2016-3836</td> 811 <td><a href="https://android.googlesource.com/platform/frameworks/native/+/3bcf0caa8cca9143443814b36676b3bae33a4368"> 812 A-28592402</a></td> 813 <td></td> 814 <td> Nexus</td> 815 <td>5.0.25.1.16.06.0.1</td> 816 <td>2016 5 4 </td> 817 </tr> 818 </table> 819 820 <h3 id="information-disclosure-vulnerability-in-wi-fi"> 821 Wi-Fi </h3> 822 <p> 823 Wi-Fi 824 </p> 825 <table> 826 <col width="18%"> 827 <col width="18%"> 828 <col width="10%"> 829 <col width="19%"> 830 <col width="17%"> 831 <col width="17%"> 832 <tr> 833 <th>CVE</th> 834 <th></th> 835 <th></th> 836 <th> Nexus </th> 837 <th> AOSP </th> 838 <th></th> 839 </tr> 840 <tr> 841 <td>CVE-2016-3837</td> 842 <td><a href="https://android.googlesource.com/platform/frameworks/opt/net/wifi/+/a209ff12ba9617c10550678ff93d01fb72a33399"> 843 A-28164077</a></td> 844 <td></td> 845 <td> Nexus</td> 846 <td>5.0.25.1.16.06.0.1</td> 847 <td>Google </td> 848 </tr> 849 </table> 850 851 <h3 id="denial-of-service-vulnerability-in-system-ui"> 852 UI </h3> 853 <p> 854 UI 911 855 </p> 856 <table> 857 <col width="18%"> 858 <col width="18%"> 859 <col width="10%"> 860 <col width="19%"> 861 <col width="17%"> 862 <col width="17%"> 863 <tr> 864 <th>CVE</th> 865 <th></th> 866 <th></th> 867 <th> Nexus </th> 868 <th> AOSP </th> 869 <th></th> 870 </tr> 871 <tr> 872 <td>CVE-2016-3838</td> 873 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/468651c86a8adb7aa56c708d2348e99022088af3"> 874 A-28761672</a></td> 875 <td></td> 876 <td> Nexus</td> 877 <td>6.06.0.1</td> 878 <td>Google </td> 879 </tr> 880 </table> 881 882 <h3 id="denial-of-service-vulnerability-in-bluetooth"> 883 Bluetooth </h3> 884 <p> 885 Bluetooth Bluetooth 911 886 </p> 887 <table> 888 <col width="18%"> 889 <col width="17%"> 890 <col width="10%"> 891 <col width="19%"> 892 <col width="18%"> 893 <col width="17%"> 894 <tr> 895 <th>CVE</th> 896 <th></th> 897 <th></th> 898 <th> Nexus </th> 899 <th> AOSP </th> 900 <th></th> 901 </tr> 902 <tr> 903 <td>CVE-2016-3839</td> 904 <td><a href="https://android.googlesource.com/platform/system/bt/+/472271b153c5dc53c28beac55480a8d8434b2d5c"> 905 A-28885210</a></td> 906 <td></td> 907 <td> Nexus</td> 908 <td>4.4.45.0.25.1.16.06.0.1</td> 909 <td>Google </td> 910 </tr> 911 </table> 912 <h2 id="2016-08-05-security-patch-level-vulnerability-details"> 913 2016-08-05 </h2> 914 <p> 915 <a href="#2016-08-05-security-patch-level-vulnerability-summary"> 2016-08-05 </a>CVE Nexus AOSP AOSP ID ID 916 </p> 917 918 <h3 id="remote-code-execution-vulnerability-in-qualcomm-wi-fi-driver"> 919 Qualcomm Wi-Fi </h3> 920 <p> 921 Qualcomm Wi-Fi 922 </p> 923 <table> 924 <col width="19%"> 925 <col width="20%"> 926 <col width="10%"> 927 <col width="23%"> 928 <col width="17%"> 929 <tr> 930 <th>CVE</th> 931 <th></th> 932 <th></th> 933 <th> Nexus </th> 934 <th></th> 935 </tr> 936 <tr> 937 <td>CVE-2014-9902</td> 938 <td>A-28668638 939 <p> 940 <a href="https://us.codeaurora.org/cgit/quic/la//platform/vendor/qcom-opensource/wlan/prima/commit/?id=3b1c44a3a7129dc25abe2c23543f6f66c59e8f50"> 941 QC-CR#553937</a><br> 942 <a href="https://us.codeaurora.org/cgit/quic/la//platform/vendor/qcom-opensource/wlan/prima/commit/?id=3b1c44a3a7129dc25abe2c23543f6f66c59e8f50"> 943 QC-CR#553941</a> 944 </p> 945 </td> 946 <td></td> 947 <td>Nexus 72013</td> 948 <td>2014 3 31 </td> 949 </tr> 950 </table> 951 952 <h3 id="remote-code-execution-vulnerability-in-conscrypt">Conscrypt </h3> 953 <p> 954 Conscrypt 955 956 </p> 957 <table> 958 <col width="18%"> 959 <col width="18%"> 960 <col width="10%"> 961 <col width="19%"> 962 <col width="17%"> 963 <col width="17%"> 964 <tr> 965 <th>CVE</th> 966 <th></th> 967 <th></th> 968 <th> Nexus </th> 969 <th> AOSP </th> 970 <th></th> 971 </tr> 972 <tr> 973 <td>CVE-2016-3840</td> 974 <td><a href="https://android.googlesource.com/platform/external/conscrypt/+/5af5e93463f4333187e7e35f3bd2b846654aa214"> 975 A-28751153</a></td> 976 <td></td> 977 <td> Nexus</td> 978 <td>4.4.45.0.25.1.16.06.0.1</td> 979 <td>Google </td> 980 </tr> 981 </table> 982 983 <h3 id="elevation-of-privilege-vulnerability-in-qualcomm-components"> 984 Qualcomm </h3> 985 <p> 986 Qualcomm 987 </p> 988 <p> 989 990 </p> 991 <table> 992 <col width="19%"> 993 <col width="20%"> 994 <col width="10%"> 995 <col width="23%"> 996 <col width="17%"> 997 <tr> 998 <th>CVE</th> 999 <th></th> 1000 <th></th> 1001 <th> Nexus </th> 1002 <th></th> 1003 </tr> 1004 <tr> 1005 <td>CVE-2014-9863</td> 1006 <td>A-28768146 1007 <p> 1008 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=75eac48a48562f819f50eeff8369b296d89102d7"> 1009 QC-CR#549470</a> 1010 </p> 1011 </td> 1012 <td></td> 1013 <td>Nexus 5Nexus 72013</td> 1014 <td>2014 4 30 </td> 1015 </tr> 1016 <tr> 1017 <td>CVE-2014-9864</td> 1018 <td>A-28747998 1019 <p> 1020 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=a1124defc680055e2f2a8c8e3da4a94ca2ec842e"> 1021 QC-CR#561841</a> 1022 </p></td> 1023 <td></td> 1024 <td>Nexus 5Nexus 72013</td> 1025 <td>2014 3 27 </td> 1026 </tr> 1027 <tr> 1028 <td>CVE-2014-9865</td> 1029 <td>A-28748271 1030 <p> 1031 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=e65a876a155de945e306f2726f3a557415e6044e"> 1032 QC-CR#550013</a> 1033 </p> 1034 </td> 1035 <td></td> 1036 <td>Nexus 5Nexus 72013</td> 1037 <td>2014 3 27 </td> 1038 </tr> 1039 <tr> 1040 <td>CVE-2014-9866</td> 1041 <td>A-28747684 1042 <p> 1043 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=8e6daae70422ad35146a87700e6634a747d1ff5d"> 1044 QC-CR#511358</a> 1045 </p> 1046 </td> 1047 <td></td> 1048 <td>Nexus 5Nexus 72013</td> 1049 <td>2014 3 31 </td> 1050 </tr> 1051 <tr> 1052 <td>CVE-2014-9867</td> 1053 <td>A-28749629 1054 <p> 1055 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=322c518689a7f820165ca4c5d6b750b02ac34665"> 1056 QC-CR#514702</a> 1057 </p> 1058 </td> 1059 <td></td> 1060 <td>Nexus 5Nexus 72013</td> 1061 <td>2014 3 31 </td> 1062 </tr> 1063 <tr> 1064 <td>CVE-2014-9868</td> 1065 <td>A-28749721 1066 <p> 1067 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=1f274b74c00187ba1c379971503f51944148b22f"> 1068 QC-CR#511976</a> 1069 </p> 1070 </td> 1071 <td></td> 1072 <td>Nexus 5Nexus 72013</td> 1073 <td>2014 3 31 </td> 1074 </tr> 1075 <tr> 1076 <td>CVE-2014-9869</td> 1077 <td>A-28749728 1078 <p> 1079 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=8d1f7531ff379befc129a6447642061e87562bca"> 1080 QC-CR#514711</a> 1081 [<a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=7a26934e4196b4aa61944081989189d59b108768">2</a>] 1082 </p> 1083 </td> 1084 <td></td> 1085 <td>Nexus 5Nexus 72013</td> 1086 <td>2014 3 31 </td> 1087 </tr> 1088 <tr> 1089 <td>CVE-2014-9870</td> 1090 <td>A-28749743 1091 <p> 1092 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm/commit/?id=4f57652fcd2dce7741f1ac6dc0417e2f265cd1de"> 1093 QC-CR#561044</a> 1094 </p> 1095 </td> 1096 <td></td> 1097 <td>Nexus 5Nexus 72013</td> 1098 <td>2014 3 31 </td> 1099 </tr> 1100 <tr> 1101 <td>CVE-2014-9871</td> 1102 <td>A-28749803 1103 <p> 1104 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=f615e40c706708f74cd826d5b19c63025f54c041"> 1105 QC-CR#514717</a> 1106 </p> 1107 </td> 1108 <td></td> 1109 <td>Nexus 5Nexus 72013</td> 1110 <td>2014 3 31 </td> 1111 </tr> 1112 <tr> 1113 <td>CVE-2014-9872</td> 1114 <td>A-28750155 1115 <p> 1116 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=fc787ebd71fa231cc7dd2a0d5f2208da0527096a"> 1117 QC-CR#590721</a> 1118 </p> 1119 </td> 1120 <td></td> 1121 <td>Nexus 5</td> 1122 <td>2014 3 31 </td> 1123 </tr> 1124 <tr> 1125 <td>CVE-2014-9873</td> 1126 <td>A-28750726 1127 <p> 1128 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm/commit/?id=ef29ae1d40536fef7fb95e4d5bb5b6b57bdf9420"> 1129 QC-CR#556860</a> 1130 </p> 1131 </td> 1132 <td></td> 1133 <td>Nexus 5Nexus 72013</td> 1134 <td>2014 3 31 </td> 1135 </tr> 1136 <tr> 1137 <td>CVE-2014-9874</td> 1138 <td>A-28751152 1139 <p> 1140 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm/commit/?id=56ff68b1f93eaf22e5e0284648fd862dc08c9236"> 1141 QC-CR#563086</a> 1142 </p> 1143 </td> 1144 <td></td> 1145 <td>Nexus 5Nexus 5XNexus 6PNexus 72013</td> 1146 <td>2014 3 31 </td> 1147 </tr> 1148 <tr> 1149 <td>CVE-2014-9875</td> 1150 <td>A-28767589 1151 <p> 1152 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=b77c694b88a994d077316c157168c710696f8805"> 1153 QC-CR#483310</a> 1154 </p> 1155 </td> 1156 <td></td> 1157 <td>Nexus 72013</td> 1158 <td>2014 4 30 </td> 1159 </tr> 1160 <tr> 1161 <td>CVE-2014-9876</td> 1162 <td>A-28767796 1163 <p> 1164 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=7efd393ca08ac74b2e3d2639b0ad77da139e9139"> 1165 QC-CR#483408</a> 1166 </p> 1167 </td> 1168 <td></td> 1169 <td>Nexus 5Nexus 5XNexus 6Nexus 6PNexus 72013</td> 1170 <td>2014 4 30 </td> 1171 </tr> 1172 <tr> 1173 <td>CVE-2014-9877</td> 1174 <td>A-28768281 1175 <p> 1176 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=f0c0112a6189747a3f24f20210157f9974477e03"> 1177 QC-CR#547231</a> 1178 </p> 1179 </td> 1180 <td></td> 1181 <td>Nexus 5Nexus 72013</td> 1182 <td>2014 4 30 </td> 1183 </tr> 1184 <tr> 1185 <td>CVE-2014-9878</td> 1186 <td>A-28769208 1187 <p> 1188 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=96a62c1de93a44e6ca69514411baf4b3d67f6dee"> 1189 QC-CR#547479</a> 1190 </p> 1191 </td> 1192 <td></td> 1193 <td>Nexus 5</td> 1194 <td>2014 4 30 </td> 1195 </tr> 1196 <tr> 1197 <td>CVE-2014-9879</td> 1198 <td>A-28769221 1199 <p> 1200 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=ecc8116e1befb3a764109f47ba0389434ddabbe4"> 1201 QC-CR#524490</a> 1202 </p> 1203 </td> 1204 <td></td> 1205 <td>Nexus 5</td> 1206 <td>2014 4 30 </td> 1207 </tr> 1208 <tr> 1209 <td>CVE-2014-9880</td> 1210 <td>A-28769352 1211 <p> 1212 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=f2a3f5e63e15e97a66e8f5a300457378bcb89d9c"> 1213 QC-CR#556356</a> 1214 </p> 1215 </td> 1216 <td></td> 1217 <td>Nexus 72013</td> 1218 <td>2014 4 30 </td> 1219 </tr> 1220 <tr> 1221 <td>CVE-2014-9881</td> 1222 <td>A-28769368 1223 <p> 1224 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=ba3f404a10b3bb7e9c20440837df3cd35c5d0c4b"> 1225 QC-CR#539008</a> 1226 </p> 1227 </td> 1228 <td></td> 1229 <td>Nexus 72013</td> 1230 <td>2014 4 30 </td> 1231 </tr> 1232 <tr> 1233 <td>CVE-2014-9882</td> 1234 <td>A-28769546 1235 <p> 1236 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=3a4ebaac557a9e3fbcbab4561650abac8298a4d9"> 1237 QC-CR#552329</a> 1238 [<a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=0f6afe815b1b3f920f3502be654c848bdfe5ef38">2</a>]</p> 1239 </td> 1240 <td></td> 1241 <td>Nexus 72013</td> 1242 <td>2014 4 30 </td> 1243 </tr> 1244 <tr> 1245 <td>CVE-2014-9883</td> 1246 <td>A-28769912 1247 <p> 1248 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=cbf79a67348e48557c0d0bb9bc58391b3f84bc46"> 1249 QC-CR#565160</a> 1250 </p> 1251 </td> 1252 <td></td> 1253 <td>Nexus 5Nexus 72013</td> 1254 <td>2014 4 30 </td> 1255 </tr> 1256 <tr> 1257 <td>CVE-2014-9884</td> 1258 <td>A-28769920 1259 <p> 1260 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=f4948193c46f75e16d4382c4472485ab12b7bd17"> 1261 QC-CR#580740</a> 1262 </p> 1263 </td> 1264 <td></td> 1265 <td>Nexus 5Nexus 72013</td> 1266 <td>2014 4 30 </td> 1267 </tr> 1268 <tr> 1269 <td>CVE-2014-9885</td> 1270 <td>A-28769959 1271 <p> 1272 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=a1d5a4cbd5aa8656bc23b40c7cc43941e10f89c3"> 1273 QC-CR#562261</a> 1274 </p> 1275 </td> 1276 <td></td> 1277 <td>Nexus 5</td> 1278 <td>2014 4 30 </td> 1279 </tr> 1280 <tr> 1281 <td>CVE-2014-9886</td> 1282 <td>A-28815575 1283 <p> 1284 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=80be0e249c906704085d13d4ae446f73913fc225"> 1285 QC-CR#555030</a> 1286 </p> 1287 </td> 1288 <td></td> 1289 <td>Nexus 5Nexus 72013</td> 1290 <td>2014 4 30 </td> 1291 </tr> 1292 <tr> 1293 <td>CVE-2014-9887</td> 1294 <td>A-28804057 1295 <p> 1296 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm-3.10/commit/?id=b1bc773cf61265e0e3871b2e52bd6b3270ffc6c3"> 1297 QC-CR#636633</a> 1298 </p> 1299 </td> 1300 <td></td> 1301 <td>Nexus 5Nexus 72013</td> 1302 <td>2014 7 3 </td> 1303 </tr> 1304 <tr> 1305 <td>CVE-2014-9888</td> 1306 <td>A-28803642 1307 <p> 1308 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=f044936caab337a4384fbfe64a4cbae33c7e22a1"> 1309 QC-CR#642735</a> 1310 </p> 1311 </td> 1312 <td></td> 1313 <td>Nexus 5Nexus 72013</td> 1314 <td>2014 8 29 </td> 1315 </tr> 1316 <tr> 1317 <td>CVE-2014-9889</td> 1318 <td>A-28803645 1319 <p> 1320 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit?id=f4e2f2d4ef58c88340774099dff3324ec8baa24a"> 1321 QC-CR#674712</a> 1322 </p></td> 1323 <td></td> 1324 <td>Nexus 5</td> 1325 <td>2014 10 31 </td> 1326 </tr> 1327 <tr> 1328 <td>CVE-2015-8937</td> 1329 <td>A-28803962 1330 <p> 1331 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm-3.10/commit/?id=c66202b9288cc4ab1c38f7c928fa1005c285c170"> 1332 QC-CR#770548</a> 1333 </p> 1334 </td> 1335 <td></td> 1336 <td>Nexus 5Nexus 6Nexus 72013</td> 1337 <td>2015 5 31 </td> 1338 </tr> 1339 <tr> 1340 <td>CVE-2015-8938</td> 1341 <td>A-28804030 1342 <p> 1343 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm-3.10/commit/?id=51c39420e3a49d1a7f05a77c64369b7623088238"> 1344 QC-CR#766022</a></p></td> 1345 <td></td> 1346 <td>Nexus 6</td> 1347 <td>2015 5 31 </td> 1348 </tr> 1349 <tr> 1350 <td>CVE-2015-8939</td> 1351 <td>A-28398884 1352 <p> 1353 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=884cff808385788fa620833c7e2160a4b98a21da"> 1354 QC-CR#779021</a></p></td> 1355 <td></td> 1356 <td>Nexus 72013</td> 1357 <td>2015 4 30 </td> 1358 </tr> 1359 <tr> 1360 <td>CVE-2015-8940</td> 1361 <td>A-28813987 1362 <p> 1363 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm-3.10/commit/?id=e13ebd727d161db7003be6756e61283dce85fa3b"> 1364 QC-CR#792367</a></p></td> 1365 <td></td> 1366 <td>Nexus 6</td> 1367 <td>2015 4 30 </td> 1368 </tr> 1369 <tr> 1370 <td>CVE-2015-8941</td> 1371 <td>A-28814502 1372 <p> 1373 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm-3.10/commit/?id=d4d4d1dd626b21e68e78395bab3382c1eb04877f"> 1374 QC-CR#792473</a></p></td> 1375 <td></td> 1376 <td>Nexus 6Nexus 72013</td> 1377 <td>2015 5 29 </td> 1378 </tr> 1379 <tr> 1380 <td>CVE-2015-8942</td> 1381 <td>A-28814652 1382 <p> 1383 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm-3.10/commit/?id=9ec380c06bbd79493828fcc3c876d8a53fd3369f"> 1384 QC-CR#803246</a></p></td> 1385 <td></td> 1386 <td>Nexus 6</td> 1387 <td>2015 6 30 </td> 1388 </tr> 1389 <tr> 1390 <td>CVE-2015-8943</td> 1391 <td>A-28815158 1392 <p> 1393 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm/commit/?id=ad376e4053b87bd58f62f45b6df2c5544bc21aee"> 1394 QC-CR#794217</a></p> 1395 <p> 1396 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm/commit/?id=ad376e4053b87bd58f62f45b6df2c5544bc21aee"> 1397 QC-CR#836226</a></p></td> 1398 <td></td> 1399 <td>Nexus 5</td> 1400 <td>2015 9 11 </td> 1401 </tr> 1402 <tr> 1403 <td>CVE-2014-9891</td> 1404 <td>A-28749283 1405 <p> 1406 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=c10f03f191307f7114af89933f2d91b830150094"> 1407 QC-CR#550061</a></p></td> 1408 <td></td> 1409 <td>Nexus 5</td> 1410 <td>2014 3 13 </td> 1411 </tr> 1412 <tr> 1413 <td>CVE-2014-9890</td> 1414 <td>A-28770207 1415 <p> 1416 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm-3.10/commit/?id=14e0c8614d2715589583d8a95e33c422d110eb6f"> 1417 QC-CR#529177</a></p></td> 1418 <td></td> 1419 <td>Nexus 5Nexus 72013</td> 1420 <td>2014 6 2 </td> 1421 </tr> 1422 </table> 1423 1424 <h3 id="elevation-of-privilege-vulnerability-in-kernel-networking-component"> 1425 </h3> 1426 <p> 1427 1428 </p> 1429 <table> 1430 <col width="19%"> 1431 <col width="20%"> 1432 <col width="10%"> 1433 <col width="23%"> 1434 <col width="17%"> 1435 <tr> 1436 <th>CVE</th> 1437 <th></th> 1438 <th></th> 1439 <th> Nexus </th> 1440 <th></th> 1441 </tr> 1442 <tr> 1443 <td>CVE-2015-2686</td> 1444 <td>A-28759139 1445 <p> 1446 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4de930efc23b92ddf88ce91c405ee645fe6e27ea"> 1447 </a></p></td> 1448 <td></td> 1449 <td> Nexus</td> 1450 <td>2015 5 23 </td> 1451 </tr> 1452 <tr> 1453 <td>CVE-2016-3841</td> 1454 <td>A-28746669 1455 <p> 1456 <a href="https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=45f6fad84cc305103b28d73482b344d7f5b76f39"> 1457 </a></p></td> 1458 <td></td> 1459 <td> Nexus</td> 1460 <td>2015 12 3 </td> 1461 </tr> 1462 </table> 1463 1464 <h3 id="elevation-of-privilege-vulnerability-in-qualcomm-gpu-driver"> 1465 Qualcomm GPU </h3> 1466 <p> 1467 Qualcomm GPU 1468 </p> 1469 <table> 1470 <col width="19%"> 1471 <col width="20%"> 1472 <col width="10%"> 1473 <col width="23%"> 1474 <col width="17%"> 1475 <tr> 1476 <th>CVE</th> 1477 <th></th> 1478 <th></th> 1479 <th> Nexus </th> 1480 <th></th> 1481 </tr> 1482 <tr> 1483 <td>CVE-2016-2504</td> 1484 <td>A-28026365 1485 <p>QC-CR#1002974</p></td> 1486 <td></td> 1487 <td>Nexus 5Nexus 5XNexus 6Nexus 6PNexus 72013</td> 1488 <td>2016 4 5 </td> 1489 </tr> 1490 <tr> 1491 <td>CVE-2016-3842</td> 1492 <td>A-28377352 1493 <p> 1494 QC-CR#1002974</p></td> 1495 <td></td> 1496 <td>Nexus 5XNexus 6Nexus 6P</td> 1497 <td>2016 4 25 </td> 1498 </tr> 1499 </table> 1500 <p> 1501 * <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1502 </p> 1503 1504 1505 <h3 id="elevation-of-privilege-vulnerability-in-qualcomm-performance-component"> 1506 Qualcomm </h3> 1507 <p> 1508 Qualcomm 1509 </p> 1510 <p class="note"> 1511 <strong>:</strong> A-29119870 1512 </p> 1513 <table> 1514 <col width="19%"> 1515 <col width="20%"> 1516 <col width="10%"> 1517 <col width="23%"> 1518 <col width="17%"> 1519 <tr> 1520 <th>CVE</th> 1521 <th></th> 1522 <th></th> 1523 <th> Nexus </th> 1524 <th></th> 1525 </tr> 1526 <tr> 1527 <td>CVE-2016-3843</td> 1528 <td>A-28086229* 1529 <p> 1530 QC-CR#1011071</p></td> 1531 <td></td> 1532 <td>Nexus 5XNexus 6P</td> 1533 <td>2016 4 7 </td> 1534 </tr> 1535 </table> 1536 <p> 1537 * <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1538 </p> 1539 1540 <h3 id="elevation-of-privilege-vulnerability-in-kernel"> 1541 </h3> 1542 <p> 1543 1544 </p> 1545 <table> 1546 <col width="19%"> 1547 <col width="20%"> 1548 <col width="10%"> 1549 <col width="23%"> 1550 <col width="17%"> 1551 <tr> 1552 <th>CVE</th> 1553 <th></th> 1554 <th></th> 1555 <th> Nexus </th> 1556 <th></th> 1557 </tr> 1558 <tr> 1559 <td>CVE-2016-3857</td> 1560 <td>A-28522518*</td> 1561 <td></td> 1562 <td>Nexus 72013</td> 1563 <td>2016 5 2 </td> 1564 </tr> 1565 </table> 1566 <p> 1567 * <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1568 </p> 1569 1570 <h3 id="elevation-of-privilege-vulnerability-in-kernel-memory-system"> 1571 </h3> 1572 <p> 1573 1574 </p> 1575 <table> 1576 <col width="19%"> 1577 <col width="20%"> 1578 <col width="10%"> 1579 <col width="23%"> 1580 <col width="17%"> 1581 <tr> 1582 <th>CVE</th> 1583 <th></th> 1584 <th></th> 1585 <th> Nexus </th> 1586 <th></th> 1587 </tr> 1588 <tr> 1589 <td>CVE-2015-1593</td> 1590 <td>A-29577822 1591 <p> 1592 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4e7c22d447bb6d7e37bfe39ff658486ae78e8d77"> 1593 </a></p></td> 1594 <td></td> 1595 <td>Nexus Player</td> 1596 <td>2015 2 13 </td> 1597 </tr> 1598 <tr> 1599 <td>CVE-2016-3672</td> 1600 <td>A-28763575 1601 <p> 1602 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8b8addf891de8a00e4d39fc32f93f7c5eb8feceb"> 1603 </a></p></td> 1604 <td></td> 1605 <td>Nexus Player</td> 1606 <td>2016 3 25 </td> 1607 </tr> 1608 </table> 1609 1610 <h3 id="elevation-of-privilege-vulnerability-in-kernel-sound-component"> 1611 </h3> 1612 <p> 1613 1614 </p> 1615 <table> 1616 <col width="19%"> 1617 <col width="20%"> 1618 <col width="10%"> 1619 <col width="23%"> 1620 <col width="17%"> 1621 <tr> 1622 <th>CVE</th> 1623 <th></th> 1624 <th></th> 1625 <th> Nexus </th> 1626 <th></th> 1627 </tr> 1628 <tr> 1629 <td>CVE-2016-2544</td> 1630 <td>A-28695438 1631 <p> 1632 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3567eb6af614dac436c4b16a8d426f9faed639b3"> 1633 </a></p></td> 1634 <td></td> 1635 <td> Nexus</td> 1636 <td>2016 1 19 </td> 1637 </tr> 1638 <tr> 1639 <td>CVE-2016-2546</td> 1640 <td>A-28694392 1641 <p> 1642 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=af368027a49a751d6ff4ee9e3f9961f35bb4fede"> 1643 </a></p></td> 1644 <td></td> 1645 <td>Pixel C</td> 1646 <td>2016 1 19 </td> 1647 </tr> 1648 <tr> 1649 <td>CVE-2014-9904</td> 1650 <td>A-28592007 1651 <p> 1652 <a href="https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6217e5ede23285ddfee10d2e4ba0cc2d4c046205"> 1653 </a></p></td> 1654 <td></td> 1655 <td>Nexus 5XNexus 6Nexus 6PNexus 9Nexus Player</td> 1656 <td>2016 5 4 </td> 1657 </tr> 1658 </table> 1659 1660 <h3 id="elevation-of-privilege-vulnerability-in-kernel-file-system"> 1661 </h3> 1662 <p> 1663 1664 </p> 1665 <table> 1666 <col width="19%"> 1667 <col width="20%"> 1668 <col width="10%"> 1669 <col width="23%"> 1670 <col width="17%"> 1671 <tr> 1672 <th>CVE</th> 1673 <th></th> 1674 <th></th> 1675 <th> Nexus </th> 1676 <th></th> 1677 </tr> 1678 <tr> 1679 <td>CVE-2012-6701</td> 1680 <td>A-28939037 1681 <p> 1682 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a70b52ec1aaeaf60f4739edb1b422827cb6f3893"> 1683 </a></p></td> 1684 <td></td> 1685 <td>Nexus 5Nexus 72013</td> 1686 <td>2016 3 2 </td> 1687 </tr> 1688 </table> 1689 1690 <h3 id="elevation-of-privilege-vulnerability-in-mediaserver"> 1691 </h3> 1692 <p> 1693 1694 </p> 1695 <table> 1696 <col width="19%"> 1697 <col width="20%"> 1698 <col width="10%"> 1699 <col width="23%"> 1700 <col width="17%"> 1701 <tr> 1702 <th>CVE</th> 1703 <th></th> 1704 <th></th> 1705 <th> Nexus </th> 1706 <th></th> 1707 </tr> 1708 <tr> 1709 <td>CVE-2016-3844</td> 1710 <td>A-28299517* 1711 <p> 1712 N-CVE-2016-3844</p></td> 1713 <td></td> 1714 <td>Nexus 9Pixel C</td> 1715 <td>2016 4 19 </td> 1716 </tr> 1717 </table> 1718 <p> 1719 * <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1720 </p> 1721 1722 <h3> </h3> 1723 <p> 1724 1725 </p> 1726 <table> 1727 <col width="19%"> 1728 <col width="20%"> 1729 <col width="10%"> 1730 <col width="23%"> 1731 <col width="17%"> 1732 <tr> 1733 <th>CVE</th> 1734 <th></th> 1735 <th></th> 1736 <th> Nexus </th> 1737 <th></th> 1738 </tr> 1739 <tr> 1740 <td>CVE-2016-3845</td> 1741 <td>A-28399876*</td> 1742 <td></td> 1743 <td>Nexus 5</td> 1744 <td>2016 4 20 </td> 1745 </tr> 1746 </table> 1747 <p> 1748 * <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1749 </p> 1750 1751 <h3 id="elevation-of-privilege-vulnerability-in-serial-peripheral-interface-driver"> 1752 </h3> 1753 <p> 1754 1755 </p> 1756 <table> 1757 <col width="19%"> 1758 <col width="20%"> 1759 <col width="10%"> 1760 <col width="23%"> 1761 <col width="17%"> 1762 <tr> 1763 <th>CVE</th> 1764 <th></th> 1765 <th></th> 1766 <th> Nexus </th> 1767 <th></th> 1768 </tr> 1769 <tr> 1770 <td>CVE-2016-3846</td> 1771 <td>A-28817378*</td> 1772 <td></td> 1773 <td>Nexus 5XNexus 6P</td> 1774 <td>2016 5 17 </td> 1775 </tr> 1776 </table> 1777 <p> 1778 * <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1779 </p> 1780 1781 <h3 id="elevation-of-privilege-vulnerability-in-nvidia-media-driver"> 1782 NVIDIA </h3> 1783 <p> 1784 NVIDIA 1785 </p> 1786 <table> 1787 <col width="19%"> 1788 <col width="20%"> 1789 <col width="10%"> 1790 <col width="23%"> 1791 <col width="17%"> 1792 <tr> 1793 <th>CVE</th> 1794 <th></th> 1795 <th></th> 1796 <th> Nexus </th> 1797 <th></th> 1798 </tr> 1799 <tr> 1800 <td>CVE-2016-3847</td> 1801 <td>A-28871433* 1802 <p> 1803 N-CVE-2016-3847</p></td> 1804 <td></td> 1805 <td>Nexus 9</td> 1806 <td>2016 5 19 </td> 1807 </tr> 1808 <tr> 1809 <td>CVE-2016-3848</td> 1810 <td>A-28919417* 1811 <p> 1812 N-CVE-2016-3848</p></td> 1813 <td></td> 1814 <td>Nexus 9</td> 1815 <td>2016 5 19 </td> 1816 </tr> 1817 </table> 1818 <p> 1819 * <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1820 </p> 1821 1822 <h3 id="elevation-of-privilege-vulnerability-in-ion-driver"> 1823 ION </h3> 1824 <p> 1825 ION 1826 </p> 1827 <table> 1828 <col width="19%"> 1829 <col width="20%"> 1830 <col width="10%"> 1831 <col width="23%"> 1832 <col width="17%"> 1833 <tr> 1834 <th>CVE</th> 1835 <th></th> 1836 <th></th> 1837 <th> Nexus </th> 1838 <th></th> 1839 </tr> 1840 <tr> 1841 <td>CVE-2016-3849</td> 1842 <td>A-28939740</td> 1843 <td></td> 1844 <td>Pixel C</td> 1845 <td>2016 5 24 </td> 1846 </tr> 1847 </table> 1848 <p> 1849 * <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1850 </p> 1851 1852 <h3 id="elevation-of-privilege-vulnerability-in-qualcomm-bootloader">Qualcomm </h3> 1853 <p> 1854 Qualcomm 1855 </p> 1856 <table> 1857 <col width="19%"> 1858 <col width="20%"> 1859 <col width="10%"> 1860 <col width="26%"> 1861 <col width="17%"> 1862 <tr> 1863 <th>CVE</th> 1864 <th></th> 1865 <th></th> 1866 <th> Nexus </th> 1867 <th></th> 1868 </tr> 1869 <tr> 1870 <td>CVE-2016-3850</td> 1871 <td>A-27917291 1872 <p> 1873 <a href="https://source.codeaurora.org/quic/la/kernel/lk/commit/?id=030371d45a9dcda4d0cc3c76647e753a1cc1b782"> 1874 QC-CR#945164</a></p></td> 1875 <td></td> 1876 <td>Nexus 5Nexus 5XNexus 6PNexus 72013</td> 1877 <td>2016 3 28 </td> 1878 </tr> 1879 </table> 1880 1881 <h3 id="elevation-of-privilege-vulnerability-in-kernel-performance"> 1882 </h3> 1883 <p> 1884 1885 </p> 1886 <p class="note"> 1887 <strong>:</strong> CVE-2016-3843A-28086229 1888 </p> 1889 <table> 1890 <col width="18%"> 1891 <col width="18%"> 1892 <col width="10%"> 1893 <col width="19%"> 1894 <col width="17%"> 1895 <col width="17%"> 1896 <tr> 1897 <th>CVE</th> 1898 <th></th> 1899 <th></th> 1900 <th> Nexus </th> 1901 <th> AOSP </th> 1902 <th></th> 1903 </tr> 1904 <tr> 1905 <td>CVE-2016-3843</td> 1906 <td>A-29119870*</td> 1907 <td></td> 1908 <td> Nexus</td> 1909 <td>6.06.1</td> 1910 <td>Google </td> 1911 </tr> 1912 </table> 1913 <p> 1914 * <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1915 </p> 1916 1917 <h3 id="elevation-of-privilege-vulnerability-in-lg-electronics-bootloader"> 1918 LG Electronics </h3> 1919 <p> 1920 LG Electronics 1921 1922 </p> 1923 <table> 1924 <col width="19%"> 1925 <col width="20%"> 1926 <col width="10%"> 1927 <col width="23%"> 1928 <col width="17%"> 1929 <tr> 1930 <th>CVE</th> 1931 <th></th> 1932 <th></th> 1933 <th> Nexus </th> 1934 <th></th> 1935 </tr> 1936 <tr> 1937 <td>CVE-2016-3851</td> 1938 <td>A-29189941*</td> 1939 <td></td> 1940 <td>Nexus 5X</td> 1941 <td>Google </td> 1942 </tr> 1943 </table> 1944 <p> 1945 * <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1946 </p> 1947 1948 <h3 id="information-disclosure-vulnerability-in-qualcomm-components"> 1949 Qualcomm </h3> 1950 <p> 1951 Qualcomm 1952 </p> 1953 <p> 1954 1955 </p> 1956 <table> 1957 <col width="19%"> 1958 <col width="20%"> 1959 <col width="10%"> 1960 <col width="23%"> 1961 <col width="17%"> 1962 <tr> 1963 <th>CVE</th> 1964 <th></th> 1965 <th></th> 1966 <th> Nexus </th> 1967 <th></th> 1968 </tr> 1969 <tr> 1970 <td>CVE-2014-9892</td> 1971 <td>A-28770164 1972 <p> 1973 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm-3.10/commit/?id=591b1f455c32206704cbcf426bb30911c260c33e"> 1974 QC-CR#568717</a></p></td> 1975 <td></td> 1976 <td>Nexus 5Nexus 72013</td> 1977 <td>2014 6 2 </td> 1978 </tr> 1979 <tr> 1980 <td>CVE-2015-8944</td> 1981 <td>A-28814213 1982 <p> 1983 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm-3.10/commit/?id=e758417e7c31b975c862aa55d0ceef28f3cc9104"> 1984 QC-CR#786116</a></p></td> 1985 <td></td> 1986 <td>Nexus 6Nexus 72013</td> 1987 <td>2015 4 30 </td> 1988 </tr> 1989 <tr> 1990 <td>CVE-2014-9893</td> 1991 <td>A-28747914 1992 <p> 1993 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=bfc6eee5e30a0c20bc37495233506f4f0cc4991d"> 1994 QC-CR#542223</a></p></td> 1995 <td></td> 1996 <td>Nexus 5</td> 1997 <td>2014 3 27 </td> 1998 </tr> 1999 <tr> 2000 <td>CVE-2014-9894</td> 2001 <td>A-28749708 2002 <p> 2003 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=83214431cd02674c70402b160b16b7427e28737f"> 2004 QC-CR#545736</a></p></td> 2005 <td></td> 2006 <td>Nexus 72013</td> 2007 <td>2014 3 31 </td> 2008 </tr> 2009 <tr> 2010 <td>CVE-2014-9895</td> 2011 <td>A-28750150 2012 <p> 2013 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm/commit/?id=cc4b26575602e492efd986e9a6ffc4278cee53b5"> 2014 QC-CR#570757</a></p></td> 2015 <td></td> 2016 <td>Nexus 5Nexus 72013</td> 2017 <td>2014 3 31 </td> 2018 </tr> 2019 <tr> 2020 <td>CVE-2014-9896</td> 2021 <td>A-28767593 2022 <p> 2023 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=89f2bcf1ac860b0b380e579e9a8764013f263a7d"> 2024 QC-CR#551795</a></p></td> 2025 <td></td> 2026 <td>Nexus 5Nexus 72013</td> 2027 <td>2014 4 30 </td> 2028 </tr> 2029 <tr> 2030 <td>CVE-2014-9897</td> 2031 <td>A-28769856 2032 <p> 2033 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=46135d80765cb70a914f02a6e7b6abe64679ec86"> 2034 QC-CR#563752</a></p></td> 2035 <td></td> 2036 <td>Nexus 5</td> 2037 <td>2014 4 30 </td> 2038 </tr> 2039 <tr> 2040 <td>CVE-2014-9898</td> 2041 <td>A-28814690 2042 <p> 2043 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=80be0e249c906704085d13d4ae446f73913fc225"> 2044 QC-CR#554575</a></p></td> 2045 <td></td> 2046 <td>Nexus 5Nexus 72013</td> 2047 <td>2014 4 30 </td> 2048 </tr> 2049 <tr> 2050 <td>CVE-2014-9899</td> 2051 <td>A-28803909 2052 <p> 2053 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm-3.10/commit/?id=8756624acb1e090b45baf07b2a8d0ebde114000e"> 2054 QC-CR#547910</a></p></td> 2055 <td></td> 2056 <td>Nexus 5</td> 2057 <td>2014 7 3 </td> 2058 </tr> 2059 <tr> 2060 <td>CVE-2014-9900</td> 2061 <td>A-28803952 2062 <p> 2063 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm-3.10/commit/?id=63c317dbee97983004dffdd9f742a20d17150071"> 2064 QC-CR#570754</a></p></td> 2065 <td></td> 2066 <td>Nexus 5Nexus 72013</td> 2067 <td>2014 8 8 </td> 2068 </tr> 2069 </table> 2070 2071 <h3 id="information-disclosure-vulnerability-in-kernel-scheduler"> 2072 </h3> 2073 <p> 2074 2075 2076 </p> 2077 <table> 2078 <col width="19%"> 2079 <col width="20%"> 2080 <col width="10%"> 2081 <col width="23%"> 2082 <col width="17%"> 2083 <tr> 2084 <th>CVE</th> 2085 <th></th> 2086 <th></th> 2087 <th> Nexus </th> 2088 <th></th> 2089 </tr> 2090 <tr> 2091 <td>CVE-2014-9903</td> 2092 <td>A-28731691 2093 <p> 2094 <a href="https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4efbc454ba68def5ef285b26ebfcfdb605b52755"> 2095 </a></p></td> 2096 <td></td> 2097 <td>Nexus 5XNexus 6P</td> 2098 <td>2014 2 21 </td> 2099 </tr> 2100 </table> 2101 2102 <h3 id="information-disclosure-vulnerability-in-mediatek-wi-fi-driver-device-specific"> 2103 MediaTek Wi-Fi </h3> 2104 <p> 2105 MediaTek Wi-Fi 2106 </p> 2107 <table> 2108 <col width="19%"> 2109 <col width="20%"> 2110 <col width="10%"> 2111 <col width="23%"> 2112 <col width="17%"> 2113 <tr> 2114 <th>CVE</th> 2115 <th></th> 2116 <th></th> 2117 <th> Nexus </th> 2118 <th></th> 2119 </tr> 2120 <tr> 2121 <td>CVE-2016-3852</td> 2122 <td>A-29141147* 2123 <p> 2124 M-ALPS02751738</p></td> 2125 <td></td> 2126 <td>Android One</td> 2127 <td>2016 4 12 </td> 2128 </tr> 2129 </table> 2130 <p> 2131 * <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 2132 </p> 2133 2134 <h3 id="information-disclosure-vulnerability-in-usb-driver">USB </h3> 2135 <p> 2136 USB 2137 </p> 2138 <table> 2139 <col width="19%"> 2140 <col width="20%"> 2141 <col width="10%"> 2142 <col width="23%"> 2143 <col width="17%"> 2144 <tr> 2145 <th>CVE</th> 2146 <th></th> 2147 <th></th> 2148 <th> Nexus </th> 2149 <th></th> 2150 </tr> 2151 <tr> 2152 <td>CVE-2016-4482</td> 2153 <td>A-28619695 2154 <p> 2155 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=681fef8380eb818c0b845fca5d2ab1dcbab114ee"> 2156 </a></p></td> 2157 <td></td> 2158 <td> Nexus</td> 2159 <td>2016 5 3 </td> 2160 </tr> 2161 </table> 2162 2163 <h3 id="denial-of-service-vulnerability-in-qualcomm-components"> 2164 Qualcomm </h3> 2165 <p> 2166 Qualcomm Wi-Fi 2167 </p> 2168 <p> 2169 2170 </p> 2171 <table> 2172 <col width="19%"> 2173 <col width="20%"> 2174 <col width="10%"> 2175 <col width="23%"> 2176 <col width="17%"> 2177 <tr> 2178 <th>CVE</th> 2179 <th></th> 2180 <th></th> 2181 <th> Nexus </th> 2182 <th></th> 2183 </tr> 2184 <tr> 2185 <td>CVE-2014-9901</td> 2186 <td>A-28670333 2187 <p> 2188 <a href="https://us.codeaurora.org/cgit/quic/la//platform/vendor/qcom-opensource/wlan/prima/commit/?id=637f0f7931dd7265ac1c250dc2884d6389c66bde"> 2189 QC-CR#548711</a></p></td> 2190 <td></td> 2191 <td>Nexus 72013</td> 2192 <td>2014 3 31 </td> 2193 </tr> 2194 </table> 2195 2196 <h3 id="elevation-of-privilege-vulnerability-in-google-play-services"> 2197 Google Play </h3> 2198 <p> 2199 Google Play 2200 </p> 2201 <table> 2202 <col width="18%"> 2203 <col width="18%"> 2204 <col width="10%"> 2205 <col width="19%"> 2206 <col width="17%"> 2207 <col width="17%"> 2208 <tr> 2209 <th>CVE</th> 2210 <th></th> 2211 <th></th> 2212 <th> Nexus </th> 2213 <th> AOSP </th> 2214 <th></th> 2215 </tr> 2216 <tr> 2217 <td>CVE-2016-3853</td> 2218 <td>A-26803208*</td> 2219 <td></td> 2220 <td> Nexus</td> 2221 <td></td> 2222 <td>2016 5 4 </td> 2223 </tr> 2224 </table> 2225 <p> 2226 * <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 2227 </p> 2228 2229 <h3 id="elevation-of-privilege-vulnerability-in-framework-apis-2"> 2230 API </h3> 2231 <p> 2232 API 2233 </p> 2234 <table> 2235 <col width="18%"> 2236 <col width="17%"> 2237 <col width="10%"> 2238 <col width="19%"> 2239 <col width="18%"> 2240 <col width="17%"> 2241 <tr> 2242 <th>CVE</th> 2243 <th></th> 2244 <th></th> 2245 <th> Nexus </th> 2246 <th> AOSP </th> 2247 <th></th> 2248 </tr> 2249 <tr> 2250 <td>CVE-2016-2497</td> 2251 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/a75537b496e9df71c74c1d045ba5569631a16298"> 2252 A-27450489</a></td> 2253 <td></td> 2254 <td> Nexus</td> 2255 <td>4.4.45.0.25.1.16.06.0.1</td> 2256 <td>Google </td> 2257 </tr> 2258 </table> 2259 2260 <h3 id="information-disclosure-vulnerability-in-kernel-networking-component"> 2261 </h3> 2262 <p> 2263 2264 </p> 2265 <table> 2266 <col width="19%"> 2267 <col width="20%"> 2268 <col width="10%"> 2269 <col width="23%"> 2270 <col width="17%"> 2271 <tr> 2272 <th>CVE</th> 2273 <th></th> 2274 <th></th> 2275 <th> Nexus </th> 2276 <th></th> 2277 </tr> 2278 <tr> 2279 <td>CVE-2016-4578</td> 2280 <td>A-28620102 2281 <p> 2282 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5f8e44741f9f216e33736ea4ec65ca9ac03036e6"> 2283 </a></p></td> 2284 <td></td> 2285 <td> Nexus</td> 2286 <td>2016 5 3 </td> 2287 </tr> 2288 </table> 2289 2290 <h3 id="information-disclosure-vulnerability-in-kernel-sound-component"> 2291 </h3> 2292 <p> 2293 2294 </p> 2295 <table> 2296 <col width="19%"> 2297 <col width="20%"> 2298 <col width="10%"> 2299 <col width="23%"> 2300 <col width="17%"> 2301 <tr> 2302 <th>CVE</th> 2303 <th></th> 2304 <th></th> 2305 <th> Nexus </th> 2306 <th></th> 2307 </tr> 2308 <tr> 2309 <td>CVE-2016-4569</td> 2310 <td>A-28980557 2311 <p> 2312 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cec8f96e49d9be372fdb0c3836dcf31ec71e457e"> 2313 </a></p></td> 2314 <td></td> 2315 <td> Nexus</td> 2316 <td>2016 5 9 </td> 2317 </tr> 2318 <tr> 2319 <td>CVE-2016-4578</td> 2320 <td>A-28980217 2321 <p> 2322 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e4ec8cc8039a7063e24204299b462bd1383184a5"> 2323 </a> 2324 [<a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9a47e9cff994f37f7f0dbd9ae23740d0f64f9fe6">2</a>]</p></td> 2325 <td></td> 2326 <td> Nexus</td> 2327 <td>2016 5 11 </td> 2328 </tr> 2329 </table> 2330 2331 <h3 id="vulnerabilities-in-qualcomm-components"> 2332 Qualcomm </h3> 2333 <p> 2334 Qualcomm 2335 </p> 2336 <table> 2337 <col width="19%"> 2338 <col width="20%"> 2339 <col width="10%"> 2340 <col width="23%"> 2341 <col width="17%"> 2342 <tr> 2343 <th>CVE</th> 2344 <th></th> 2345 <th></th> 2346 <th> Nexus </th> 2347 <th></th> 2348 </tr> 2349 <tr> 2350 <td>CVE-2016-3854</td> 2351 <td><a href="https://source.codeaurora.org/quic/la/kernel/msm/commit/?h=LA.AF.1.2.1_rb1.5&id=cc96def76dfd18fba88575065b29f2ae9191fafa"> 2352 QC-CR#897326</a></td> 2353 <td></td> 2354 <td></td> 2355 <td>2016 2 </td> 2356 </tr> 2357 <tr> 2358 <td>CVE-2016-3855</td> 2359 <td><a href="https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=ab3f46119ca10de87a11fe966b0723c48f27acd4"> 2360 QC-CR#990824</a></td> 2361 <td></td> 2362 <td></td> 2363 <td>2016 5 </td> 2364 </tr> 2365 <tr> 2366 <td>CVE-2016-2060</td> 2367 <td><a href="https://source.codeaurora.org/quic/la/platform/system/netd/commit/?id=e9925f5acb4401588e23ea8a27c3e318f71b5cf8"> 2368 QC-CR#959631</a> 2369 <td></td> 2370 <td></td> 2371 <td>2016 4 </td> 2372 </tr> 2373 </table> 2374 <h2 id="common-questions-and-answers"></h2> 2375 <p> 2376 2377 </p> 2378 <p> 2379 <strong>1. 2380 </strong> 2381 </p> 2382 <p> 2383 2016-08-01 2016-08-01 2016-08-05 2016-08-05 <a href="https://support.google.com/nexus/answer/4457705"></a> [ro.build.version.security_patch]:[2016-08-01] [ro.build.version.security_patch]:[2016-08-05] 2384 </p> 2385 <p> 2386 <strong>2. 2 </strong> 2387 </p> 2388 <p> 2389 Android Android 2 Android 2390 </p> 2391 <p> 2392 2016 8 5 2393 </p> 2394 <p> 2395 2016 8 1 2016 8 1 2016 8 5 2396 </p> 2397 <p> 2398 3<strong>. Nexus </strong> 2399 </p> 2400 <p> 2401 <a href="#2016-08-01-security-patch-level-security-vulnerability-details">2016-08-01</a> <a href="#2016-08-05-security-patch-level-vulnerability-details">2016-08-05</a> Nexus Nexus 2402 </p> 2403 <ul> 2404 <li><strong> Nexus </strong>: Nexus Nexus Nexus<em></em> Nexus<a href="https://support.google.com/nexus/answer/4457705#nexus_devices"></a>Nexus 5Nexus 5XNexus 6Nexus 6PNexus 72013Nexus 9Android OneNexus PlayerPixel C</li> 2405 <li><strong> Nexus </strong>: Nexus Nexus Nexus <em></em></li> 2406 <li><strong> Nexus </strong>: Nexus Nexus <em></em> 2407 </li> 2408 </ul> 2409 <p> 2410 <strong>4. </strong> 2411 </p> 2412 <p> 2413 <em></em> 2414 </p> 2415 <table> 2416 <tr> 2417 <th></th> 2418 <th></th> 2419 </tr> 2420 <tr> 2421 <td>A-</td> 2422 <td>Android ID</td> 2423 </tr> 2424 <tr> 2425 <td>QC-</td> 2426 <td>Qualcomm </td> 2427 </tr> 2428 <tr> 2429 <td>M-</td> 2430 <td>MediaTek </td> 2431 </tr> 2432 <tr> 2433 <td>N-</td> 2434 <td>NVIDIA </td> 2435 </tr> 2436 </table> 2437 <h2 id="revisions"></h2> 2438 2439 <ul> 2440 <li>2016 8 1 : </li> 2441 <li>2016 8 2 : AOSP </li> 2442 </ul> 2443 2444 </body> 2445 </html> 2446
