1 <html devsite> 2 <head> 3 <title>Android 2016 8</title> 4 <meta name="project_path" value="/_project.yaml" /> 5 <meta name="book_path" value="/_book.yaml" /> 6 </head> 7 <body> 8 <!-- 9 Copyright 2017 The Android Open Source Project 10 11 Licensed under the Apache License, Version 2.0 (the "License"); 12 you may not use this file except in compliance with the License. 13 You may obtain a copy of the License at 14 15 http://www.apache.org/licenses/LICENSE-2.0 16 17 Unless required by applicable law or agreed to in writing, software 18 distributed under the License is distributed on an "AS IS" BASIS, 19 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 20 See the License for the specific language governing permissions and 21 limitations under the License. 22 --> 23 24 25 26 <p><em>2016 8 1 | 2016 8 2 </em></p> 27 <p> 28 Android Android 29 . 30 Nexus . 31 Nexus <a href="https://developers.google.com/android/nexus/images">Google </a> 32 . 2016 8 5 33 . 34 <a href="https://support.google.com/nexus/answer/4457705#nexus_devices"></a> . 35 </p> 36 <p> 37 2016 7 6 38 . , Android 39 (AOSP) . 40 AOSP . 41 </p> 42 <p> 43 44 , MMS 45 . 46 </p> 47 <p> 48 49 . SafetyNet Android 50 <a href="/security/enhancements/index.html">Android </a> 51 52 <a href="#mitigations">Android Google </a> . 53 </p> 54 <p> 55 . 56 </p> 57 <h2 id="announcements"></h2> 58 <ul> 59 <li> Android Android 60 61 . <a href="#common-questions-and-answers"> 62 </a> 63 . 64 <ul> 65 <li><strong>2016-08-01</strong>: . 66 2016-08-01 67 .</li> 68 <li><strong>2016-08-05</strong>: . 69 2016-08-01 2016-08-05 70 .</li> 71 </ul> 72 </li> 73 <li> Nexus 2016 8 5 OTA 74 .</li> 75 </ul> 76 77 <h2 id="security-vulnerability-summary"> </h2> 78 <p> 79 , ID(CVE), 80 Nexus 81 . <a href="/security/overview/updates-resources.html#severity"> 82 </a> 83 84 . 85 </p> 86 87 <h3 id="2016-08-01-security-patch-level-vulnerability-summary">2016-08-01 </h3> 88 <p> 89 2016 8 1 . 90 </p> 91 <table> 92 <col width="55%"> 93 <col width="20%"> 94 <col width="13%"> 95 <col width="12%"> 96 <tr> 97 <th></th> 98 <th>CVE</th> 99 <th></th> 100 <th>Nexus </th> 101 </tr> 102 <tr> 103 <td> </td> 104 <td>CVE-2016-3819, CVE-2016-3820, CVE-2016-3821</td> 105 <td></td> 106 <td></td> 107 </tr> 108 <tr> 109 <td>libjhead </td> 110 <td>CVE-2016-3822</td> 111 <td></td> 112 <td></td> 113 </tr> 114 <tr> 115 <td> </td> 116 <td>CVE-2016-3823, CVE-2016-3824, CVE-2016-3825, CVE-2016-3826</td> 117 <td></td> 118 <td></td> 119 </tr> 120 <tr> 121 <td> (DoS) </td> 122 <td>CVE-2016-3827, CVE-2016-3828, CVE-2016-3829, CVE-2016-3830</td> 123 <td></td> 124 <td></td> 125 </tr> 126 <tr> 127 <td> (DoS) </td> 128 <td>CVE-2016-3831</td> 129 <td></td> 130 <td></td> 131 </tr> 132 <tr> 133 <td> API </td> 134 <td>CVE-2016-3832</td> 135 <td></td> 136 <td></td> 137 </tr> 138 <tr> 139 <td>Shell </td> 140 <td>CVE-2016-3833</td> 141 <td></td> 142 <td></td> 143 </tr> 144 <tr> 145 <td>OpenSSL </td> 146 <td>CVE-2016-2842</td> 147 <td></td> 148 <td>*</td> 149 </tr> 150 <tr> 151 <td> API </td> 152 <td>CVE-2016-3834</td> 153 <td></td> 154 <td></td> 155 </tr> 156 <tr> 157 <td> </td> 158 <td>CVE-2016-3835</td> 159 <td></td> 160 <td></td> 161 </tr> 162 <tr> 163 <td>SurfaceFlinger </td> 164 <td>CVE-2016-3836</td> 165 <td></td> 166 <td></td> 167 </tr> 168 <tr> 169 <td>Wi-Fi </td> 170 <td>CVE-2016-3837</td> 171 <td></td> 172 <td></td> 173 </tr> 174 <tr> 175 <td> UI (Dos) </td> 176 <td>CVE-2016-3838</td> 177 <td></td> 178 <td></td> 179 </tr> 180 <tr> 181 <td> (DoS) </td> 182 <td>CVE-2016-3839</td> 183 <td></td> 184 <td></td> 185 </tr> 186 </table> 187 <p>* Nexus 188 .</p> 189 190 <h3 id="2016-08-05-security-patch-level-vulnerability-summary">2016-08-05 </h3> 191 <p> 192 2016-08-01 2016 8 5 193 . 194 </p> 195 <table> 196 <col width="55%"> 197 <col width="20%"> 198 <col width="13%"> 199 <col width="12%"> 200 <tr> 201 <th></th> 202 <th>CVE</th> 203 <th></th> 204 <th>Nexus </th> 205 </tr> 206 <tr> 207 <td>Qualcomm Wi-Fi </td> 208 <td>CVE-2014-9902</td> 209 <td></td> 210 <td></td> 211 </tr> 212 <tr> 213 <td>Conscrypt </td> 214 <td>CVE-2016-3840</td> 215 <td></td> 216 <td></td> 217 </tr> 218 <tr> 219 <td>Qualcomm </td> 220 <td>CVE-2014-9863, CVE-2014-9864, CVE-2014-9865, CVE-2014-9866, 221 CVE-2014-9867, CVE-2014-9868, CVE-2014-9869, CVE-2014-9870, 222 CVE-2014-9871, CVE-2014-9872, CVE-2014-9873, CVE-2014-9874, 223 CVE-2014-9875, CVE-2014-9876, CVE-2014-9877, CVE-2014-9878, 224 CVE-2014-9879, CVE-2014-9880, CVE-2014-9881, CVE-2014-9882, 225 CVE-2014-9883, CVE-2014-9884, CVE-2014-9885, CVE-2014-9886, 226 CVE-2014-9887, CVE-2014-9888, CVE-2014-9889, CVE-2014-9890, 227 CVE-2014-9891, CVE-2015-8937, CVE-2015-8938, CVE-2015-8939, 228 CVE-2015-8940, CVE-2015-8941, CVE-2015-8942, CVE-2015-8943</td> 229 <td></td> 230 <td></td> 231 </tr> 232 <tr> 233 <td> </td> 234 <td>CVE-2015-2686, CVE-2016-3841</td> 235 <td></td> 236 <td></td> 237 </tr> 238 <tr> 239 <td>Qualcomm GPU </td> 240 <td>CVE-2016-2504, CVE-2016-3842</td> 241 <td></td> 242 <td></td> 243 </tr> 244 <tr> 245 <td>Qualcomm </td> 246 <td>CVE-2016-3843</td> 247 <td></td> 248 <td></td> 249 </tr> 250 <tr> 251 <td> </td> 252 <td>CVE-2016-3857</td> 253 <td></td> 254 <td></td> 255 </tr> 256 <tr> 257 <td> </td> 258 <td>CVE-2015-1593, CVE-2016-3672</td> 259 <td></td> 260 <td></td> 261 </tr> 262 <tr> 263 <td> </td> 264 <td>CVE-2016-2544, CVE-2016-2546, CVE-2014-9904</td> 265 <td></td> 266 <td></td> 267 </tr> 268 <tr> 269 <td> </td> 270 <td>CVE-2012-6701</td> 271 <td></td> 272 <td></td> 273 </tr> 274 <tr> 275 <td> </td> 276 <td>CVE-2016-3844</td> 277 <td></td> 278 <td></td> 279 </tr> 280 <tr> 281 <td> </td> 282 <td>CVE-2016-3845</td> 283 <td></td> 284 <td></td> 285 </tr> 286 <tr> 287 <td> </td> 288 <td>CVE-2016-3846</td> 289 <td></td> 290 <td></td> 291 </tr> 292 <tr> 293 <td>NVIDIA </td> 294 <td>CVE-2016-3847, CVE-2016-3848</td> 295 <td></td> 296 <td></td> 297 </tr> 298 <tr> 299 <td>ION </td> 300 <td>CVE-2016-3849</td> 301 <td></td> 302 <td></td> 303 </tr> 304 <tr> 305 <td>Qualcomm </td> 306 <td>CVE-2016-3850</td> 307 <td></td> 308 <td></td> 309 </tr> 310 <tr> 311 <td> </td> 312 <td>CVE-2016-3843</td> 313 <td></td> 314 <td></td> 315 </tr> 316 <tr> 317 <td>LG </td> 318 <td>CVE-2016-3851</td> 319 <td></td> 320 <td></td> 321 </tr> 322 <tr> 323 <td>Qualcomm </td> 324 <td>CVE-2014-9892, CVE-2014-9893 CVE-2014-9894, CVE-2014-9895 CVE-2014-9896, 325 CVE-2014-9897 CVE-2014-9898, CVE-2014-9899 CVE-2014-9900, CVE-2015-8944</td> 326 <td></td> 327 <td></td> 328 </tr> 329 <tr> 330 <td> </td> 331 <td>CVE-2014-9903</td> 332 <td></td> 333 <td></td> 334 </tr> 335 <tr> 336 <td>MediaTek Wi-Fi </td> 337 <td>CVE-2016-3852</td> 338 <td></td> 339 <td></td> 340 </tr> 341 <tr> 342 <td>USB </td> 343 <td>CVE-2016-4482</td> 344 <td></td> 345 <td></td> 346 </tr> 347 <tr> 348 <td>Qualcomm (DoS) </td> 349 <td>CVE-2014-9901</td> 350 <td></td> 351 <td></td> 352 </tr> 353 <tr> 354 <td>Google Play </td> 355 <td>CVE-2016-3853</td> 356 <td></td> 357 <td></td> 358 </tr> 359 <tr> 360 <td> API </td> 361 <td>CVE-2016-2497</td> 362 <td></td> 363 <td></td> 364 </tr> 365 <tr> 366 <td> </td> 367 <td>CVE-2016-4578</td> 368 <td></td> 369 <td></td> 370 </tr> 371 <tr> 372 <td> </td> 373 <td>CVE-2016-4569, CVE-2016-4578</td> 374 <td></td> 375 <td></td> 376 </tr> 377 <tr> 378 <td>Qualcomm </td> 379 <td>CVE-2016-3854, CVE-2016-3855, CVE-2016-2060</td> 380 <td></td> 381 <td></td> 382 </tr> 383 </table> 384 <h2 id="mitigations">Android Google </h2> 385 <p> 386 SafetyNet <a href="/security/enhancements/index.html">Android </a> 387 . 388 Android 389 . 390 </p> 391 <ul> 392 <li>Android Android 393 . Android 394 .</li> 395 <li>Android <a href="http://static.googleusercontent.com/media/source.android.com/en//security/reports/Google_Android_Security_PHA_classifications.pdf"> </a> 396 <a href="http://static.googleusercontent.com/media/source.android.com/en//security/reports/Google_Android_Security_2015_Report_Final.pdf"> SafetyNet</a> 397 . <a href="http://www.android.com/gms">Google </a> 398 399 Google Play . Google Play 400 401 402 . 403 404 . 405 .</li> 406 <li> Google 407 .</li> 408 </ul> 409 <h2 id="acknowledgements"></h2> 410 <p> 411 . 412 </p> 413 <ul> 414 <li>Google Chrome Abhishek Arya, Oliver Chang, Martin Barbella: 415 CVE-2016-3821, CVE-2016-3837</li> 416 <li>Check Point Software Technologies Ltd. Adam Donenfeld : 417 CVE-2016-2504</li> 418 <li><a href="http://c0reteam.org">C0RE</a> Chiachih Wu(<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>), 419 Mingjian Zhou(<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>), 420 Xuxian Jiang: CVE-2016-3844</li> 421 <li><a href="http://c0reteam.org">C0RE </a> Chiachih Wu(<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>), 422 Yuan-Tsung Lo(<a href="mailto:computernik (a] gmail.com">computernik (a] gmail.com)</a>, Xuxian Jiang 423 : CVE-2016-3857</li> 424 <li>Google David Benjamin, Kenny Root: CVE-2016-3840</li> 425 <li><a href="http://jaq.alibaba.com">Alibaba </a> Dawei Peng(<a href="http://weibo.com/u/5622360291">Vinc3nt4H</a>): CVE-2016-3822</li> 426 <li>Tencent KeenLab(<a href="https://twitter.com/keen_lab">@keen_lab</a>) Di Shen(<a href="https://twitter.com/returnsme">@returnsme</a>): CVE-2016-3842</li> 427 <li>Google Dianne Hackborn: CVE-2016-2497</li> 428 <li>Google Dynamic Tools Dmitry Vyukov : CVE-2016-3841</li> 429 <li><a href="http://www.360.com">Qihoo 360 Technology Co. Ltd</a> IceSword Lab Gengjia Chen(<a href="https://twitter.com/chengjia4574">@chengjia4574</a>), 430 pjf (<a href="http://weibo.com/jfpan">weibo.com/jfpan</a>): CVE-2016-3852</li> 431 <li><a href="http://www.360.com">Qihoo 360 Technology Co. Ltd</a>. Alpha Guang Gong ()(<a href="https://twitter.com/oldfresher">@oldfresher</a>) 432 : CVE-2016-3834</li> 433 <li>Fortinet's FortiGuard Labs Kai Lu(<a href="https://twitter.com/K3vinLuSec">@K3vinLuSec</a>) 434 : CVE-2016-3820</li> 435 <li>Kandala Shivaram reddy, DS, Uppi: CVE-2016-3826</li> 436 <li><a href="http://c0reteam.org">C0RE </a> Mingjian Zhou(<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>), Chiachih Wu (<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>), Xuxian Jiang: CVE-2016-3823, CVE-2016-3835, 437 CVE-2016-3824, CVE-2016-3825</li> 438 <li>Tesla Motors Nathan Crandall(<a href="https://twitter.com/natecray">@natecray</a>) 439 : CVE-2016-3847, CVE-2016-3848</li> 440 <li>Alibaba Mobile Security Group Peng Xiao, Chengming Yang, Ning You, Chao Yang, Yang song: CVE-2016-3845</li> 441 <li>Trend Micro Peter Pi(<a href="https://twitter.com/heisecode">@heisecode</a>): 442 CVE-2016-3849</li> 443 <li><a href="http://www.wooyun.org/">WooYun TangLab</a> Qianwei Hu(<a href="mailto:rayxcp (a] gmail.com">rayxcp (a] gmail.com</a>): CVE-2016-3846</li> 444 <li>Tencent KeenLab(<a href="https://twitter.com/keen_lab">@keen_lab</a>) 445 Qidan He(<a href="https://twitter.com/flanker_hqd">@flanker_hqd</a>): 446 CVE-2016-3832</li> 447 <li>Google Sharvil Nanavati: CVE-2016-3839</li> 448 <li><a href="http://www.isti.tu-berlin.de/security_in_telecommunications">Security in Telecommunications</a> 449 Shinjo Park(<a href="https://twitter.com/ad_ili_rai">@ad_ili_rai</a>) 450 Altaf Shaik : CVE-2016-3831</li> 451 <li>Tom Rootjunky: CVE-2016-3853</li> 452 <li>Vasily Vasiliev: CVE-2016-3819</li> 453 <li>Alibaba Inc Weichao Sun(<a href="https://twitter.com/sunblate">@sunblate</a>) 454 : CVE-2016-3827, CVE-2016-3828, CVE-2016-3829</li> 455 <li><a href="http://blog.trendmicro.com/trendlabs-security-intelligence/author/wishwu/">Trend Micro Inc</a> Wish Wu(<a href="http://weibo.com/wishlinux"></a>) 456 (<a href="https://twitter.com/wish_wu">@wish_wu</a>): CVE-2016-3843</li> 457 <li>Tencent's Xuanwu LAB Yongke Wang 458 (<a href="https://twitter.com/rudykewang">@Rudykewang</a>): CVE-2016-3836</li> 459 </ul> 460 <p> 461 CVE-2016-3843 462 Copperhead Security Daniel Micay Google Jeff Vander Stoep, Yabin Cui . 463 Grsecurity Brad Spengler . 464 </p> 465 <h2 id="2016-08-01-security-patch-level-security-vulnerability-details"> 466 2016-08-01 </h2> 467 <p> 468 <a href="#2016-08-01-security-patch-level-vulnerability-summary">2016-08-01 469 </a> 470 . , 471 CVE, , , Nexus , 472 AOSP ( ), . 473 AOSP ID 474 . 475 ID . 476 </p> 477 478 <h3 id="remote-code-execution-vulnerability-in-mediaserver"> 479 </h3> 480 <p> 481 482 483 . 484 . 485 486 . 487 </p> 488 <p> 489 , 490 , MMS 491 . 492 </p> 493 <table> 494 <col width="18%"> 495 <col width="18%"> 496 <col width="10%"> 497 <col width="19%"> 498 <col width="17%"> 499 <col width="17%"> 500 <tr> 501 <th>CVE</th> 502 <th></th> 503 <th></th> 504 <th> Nexus </th> 505 <th> AOSP </th> 506 <th> </th> 507 </tr> 508 <tr> 509 <td>CVE-2016-3819</td> 510 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/590d1729883f700ab905cdc9ad850f3ddd7e1f56"> 511 A-28533562</a></td> 512 <td></td> 513 <td> Nexus</td> 514 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 515 <td>2016 5 2</td> 516 </tr> 517 <tr> 518 <td>CVE-2016-3820</td> 519 <td><a href="https://android.googlesource.com/platform/external/libavc/+/a78887bcffbc2995cf9ed72e0697acf560875e9e"> 520 A-28673410</a></td> 521 <td></td> 522 <td> Nexus</td> 523 <td>6.0, 6.0.1</td> 524 <td>2016 5 6</td> 525 </tr> 526 <tr> 527 <td>CVE-2016-3821</td> 528 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/42a25c46b844518ff0d0b920c20c519e1417be69"> 529 A-28166152</a></td> 530 <td></td> 531 <td> Nexus</td> 532 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 533 <td>Google </td> 534 </tr> 535 </table> 536 537 <h3 id="remote-code-execution-vulnerability-in-libjhead"> 538 libjhead </h3> 539 <p> 540 libjhead 541 542 . 543 . 544 </p> 545 <table> 546 <col width="18%"> 547 <col width="18%"> 548 <col width="10%"> 549 <col width="19%"> 550 <col width="17%"> 551 <col width="17%"> 552 <tr> 553 <th>CVE</th> 554 <th></th> 555 <th></th> 556 <th> Nexus </th> 557 <th> AOSP </th> 558 <th> </th> 559 </tr> 560 <tr> 561 <td>CVE-2016-3822</td> 562 <td><a href="https://android.googlesource.com/platform/external/jhead/+/bae671597d47b9e5955c4cb742e468cebfd7ca6b"> 563 A-28868315</a></td> 564 <td></td> 565 <td> Nexus</td> 566 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 567 <td>Google </td> 568 </tr> 569 </table> 570 571 <h3 id="elevation-of-privilege-vulnerability-in-mediaserver"> 572 </h3> 573 <p> 574 575 576 . 577 578 . 579 </p> 580 <table> 581 <col width="18%"> 582 <col width="18%"> 583 <col width="10%"> 584 <col width="19%"> 585 <col width="17%"> 586 <col width="17%"> 587 <tr> 588 <th>CVE</th> 589 <th></th> 590 <th></th> 591 <th> Nexus </th> 592 <th> AOSP </th> 593 <th> </th> 594 </tr> 595 <tr> 596 <td>CVE-2016-3823</td> 597 <td><a href="https://android.googlesource.com/platform/hardware/qcom/media/+/7558d03e6498e970b761aa44fff6b2c659202d95"> 598 A-28815329</a></td> 599 <td></td> 600 <td> Nexus</td> 601 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 602 <td>2016 5 17</td> 603 </tr> 604 <tr> 605 <td>CVE-2016-3824</td> 606 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/b351eabb428c7ca85a34513c64601f437923d576"> 607 A-28816827</a></td> 608 <td></td> 609 <td> Nexus</td> 610 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 611 <td>2016 5 17</td> 612 </tr> 613 <tr> 614 <td>CVE-2016-3825</td> 615 <td><a href="https://android.googlesource.com/platform/hardware/qcom/media/+/d575ecf607056d8e3328ef2eb56c52e98f81e87d"> 616 A-28816964</a></td> 617 <td></td> 618 <td> Nexus</td> 619 <td>5.0.2, 5.1.1, 6.0, 6.0.1</td> 620 <td>2016 5 17</td> 621 </tr> 622 <tr> 623 <td>CVE-2016-3826</td> 624 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/9cd8c3289c91254b3955bd7347cf605d6fa032c6"> 625 A-29251553</a></td> 626 <td></td> 627 <td> Nexus</td> 628 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 629 <td>2016 6 9</td> 630 </tr> 631 </table> 632 633 <h3 id="denial-of-service-vulnerability-in-mediaserver"> 634 (DoS) </h3> 635 <p> 636 637 . 638 . 639 </p> 640 <table> 641 <col width="18%"> 642 <col width="18%"> 643 <col width="10%"> 644 <col width="19%"> 645 <col width="17%"> 646 <col width="17%"> 647 <tr> 648 <th>CVE</th> 649 <th></th> 650 <th></th> 651 <th> Nexus </th> 652 <th> AOSP </th> 653 <th> </th> 654 </tr> 655 <tr> 656 <td>CVE-2016-3827</td> 657 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/a4567c66f4764442c6cb7b5c1858810194480fb5"> 658 A-28816956</a></td> 659 <td></td> 660 <td> Nexus</td> 661 <td>6.0.1</td> 662 <td>2016 5 16</td> 663 </tr> 664 <tr> 665 <td>CVE-2016-3828</td> 666 <td><a href="https://android.googlesource.com/platform/external/libavc/+/7554755536019e439433c515eeb44e701fb3bfb2"> 667 A-28835995</a></td> 668 <td></td> 669 <td> Nexus</td> 670 <td>6.0, 6.0.1</td> 671 <td>2016 5 17</td> 672 </tr> 673 <tr> 674 <td>CVE-2016-3829</td> 675 <td><a href="https://android.googlesource.com/platform/external/libavc/+/326fe991a4b7971e8aeaf4ac775491dd8abd85bb"> 676 A-29023649</a></td> 677 <td></td> 678 <td> Nexus</td> 679 <td>6.0, 6.0.1</td> 680 <td>2016 5 27</td> 681 </tr> 682 <tr> 683 <td>CVE-2016-3830</td> 684 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/8e438e153f661e9df8db0ac41d587e940352df06"> 685 A-29153599</a></td> 686 <td></td> 687 <td> Nexus</td> 688 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 689 <td>Google </td> 690 </tr> 691 </table> 692 693 <h3 id="denial-of-service-vulnerability-in-system-clock"> 694 (DoS) </h3> 695 <p> 696 697 . 698 . 699 </p> 700 <table> 701 <col width="18%"> 702 <col width="18%"> 703 <col width="10%"> 704 <col width="19%"> 705 <col width="17%"> 706 <col width="17%"> 707 <tr> 708 <th>CVE</th> 709 <th></th> 710 <th></th> 711 <th> Nexus </th> 712 <th> AOSP </th> 713 <th> </th> 714 </tr> 715 <tr> 716 <td>CVE-2016-3831</td> 717 <td><a href="https://android.googlesource.com/platform/frameworks/opt/telephony/+/f47bc301ccbc5e6d8110afab5a1e9bac1d4ef058"> 718 A-29083635</a></td> 719 <td></td> 720 <td> Nexus</td> 721 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 722 <td>2016 5 31</td> 723 </tr> 724 </table> 725 726 <h3 id="elevation-of-privilege-vulnerability-in-framework-apis"> 727 API </h3> 728 <p> 729 API 730 731 . 732 . 733 </p> 734 <table> 735 <col width="18%"> 736 <col width="17%"> 737 <col width="10%"> 738 <col width="19%"> 739 <col width="18%"> 740 <col width="17%"> 741 <tr> 742 <th>CVE</th> 743 <th></th> 744 <th></th> 745 <th> Nexus </th> 746 <th> AOSP </th> 747 <th> </th> 748 </tr> 749 <tr> 750 <td>CVE-2016-3832</td> 751 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/e7cf91a198de995c7440b3b64352effd2e309906"> 752 A-28795098</a></td> 753 <td></td> 754 <td> Nexus</td> 755 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 756 <td>2016 5 15</td> 757 </tr> 758 </table> 759 760 <h3 id="elevation-of-privilege-vulnerability-in-shell"> 761 Shell </h3> 762 <p> 763 Shell 764 . 765 . 766 </p> 767 <table> 768 <col width="18%"> 769 <col width="17%"> 770 <col width="10%"> 771 <col width="19%"> 772 <col width="17%"> 773 <col width="18%"> 774 <tr> 775 <th>CVE</th> 776 <th></th> 777 <th></th> 778 <th> Nexus </th> 779 <th> AOSP </th> 780 <th> </th> 781 </tr> 782 <tr> 783 <td>CVE-2016-3833</td> 784 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/01875b0274e74f97edf6b0d5c92de822e0555d03"> 785 A-29189712</a> 786 [<a href="https://android.googlesource.com/platform/frameworks/base/+/4e4743a354e26467318b437892a9980eb9b8328a">2</a>]</td> 787 <td></td> 788 <td> Nexus</td> 789 <td>5.0.2, 5.1.1, 6.0, 6.0.1</td> 790 <td>Google </td> 791 </tr> 792 </table> 793 794 <h3 id="information-disclosure-vulnerability-in-openssl"> 795 OpenSSL </h3> 796 <p> 797 OpenSSL 798 . 799 800 . 801 </p> 802 <table> 803 <col width="18%"> 804 <col width="18%"> 805 <col width="10%"> 806 <col width="19%"> 807 <col width="17%"> 808 <col width="17%"> 809 <tr> 810 <th>CVE</th> 811 <th></th> 812 <th></th> 813 <th> Nexus </th> 814 <th> AOSP </th> 815 <th> </th> 816 </tr> 817 <tr> 818 <td>CVE-2016-2842</td> 819 <td>A-29060514</td> 820 <td>*</td> 821 <td> Nexus</td> 822 <td>4.4.4, 5.0.2, 5.1.1</td> 823 <td>2016 3 29</td> 824 </tr> 825 </table> 826 <p>* Nexus 827 .</p> 828 829 <h3 id="information-disclosure-vulnerability-in-camera-apis"> 830 API </h3> 831 <p> 832 API 833 . 834 835 . 836 </p> 837 <table> 838 <col width="18%"> 839 <col width="17%"> 840 <col width="10%"> 841 <col width="19%"> 842 <col width="18%"> 843 <col width="17%"> 844 <tr> 845 <th>CVE</th> 846 <th></th> 847 <th></th> 848 <th> Nexus </th> 849 <th> AOSP </th> 850 <th> </th> 851 </tr> 852 <tr> 853 <td>CVE-2016-3834</td> 854 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/1f24c730ab6ca5aff1e3137b340b8aeaeda4bdbc"> 855 A-28466701</a></td> 856 <td></td> 857 <td> Nexus</td> 858 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 859 <td>2016 4 28</td> 860 </tr> 861 </table> 862 863 <h3 id="information-disclosure-vulnerability-in-mediaserver"> 864 </h3> 865 <p> 866 867 . 868 869 . 870 </p> 871 <table> 872 <col width="18%"> 873 <col width="17%"> 874 <col width="10%"> 875 <col width="19%"> 876 <col width="18%"> 877 <col width="17%"> 878 <tr> 879 <th>CVE</th> 880 <th></th> 881 <th></th> 882 <th> Nexus </th> 883 <th> AOSP </th> 884 <th> </th> 885 </tr> 886 <tr> 887 <td>CVE-2016-3835</td> 888 <td><a href="https://android.googlesource.com/platform/hardware/qcom/media/+/7558d03e6498e970b761aa44fff6b2c659202d95"> 889 A-28920116</a></td> 890 <td></td> 891 <td> Nexus</td> 892 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 893 <td>2016 5 23</td> 894 </tr> 895 </table> 896 897 <h3 id="information-disclosure-vulnerability-in-surfaceflinger"> 898 SurfaceFlinger </h3> 899 <p> 900 SurfaceFlinger 901 . 902 . 903 </p> 904 <table> 905 <col width="18%"> 906 <col width="18%"> 907 <col width="10%"> 908 <col width="19%"> 909 <col width="17%"> 910 <col width="17%"> 911 <tr> 912 <th>CVE</th> 913 <th></th> 914 <th></th> 915 <th> Nexus </th> 916 <th> AOSP </th> 917 <th> </th> 918 </tr> 919 <tr> 920 <td>CVE-2016-3836</td> 921 <td><a href="https://android.googlesource.com/platform/frameworks/native/+/3bcf0caa8cca9143443814b36676b3bae33a4368"> 922 A-28592402</a></td> 923 <td></td> 924 <td> Nexus</td> 925 <td>5.0.2, 5.1.1, 6.0, 6.0.1</td> 926 <td>2016 5 4</td> 927 </tr> 928 </table> 929 930 <h3 id="information-disclosure-vulnerability-in-wi-fi"> 931 Wi-Fi </h3> 932 <p> 933 Wi-Fi 934 . 935 . 936 </p> 937 <table> 938 <col width="18%"> 939 <col width="18%"> 940 <col width="10%"> 941 <col width="19%"> 942 <col width="17%"> 943 <col width="17%"> 944 <tr> 945 <th>CVE</th> 946 <th></th> 947 <th></th> 948 <th> Nexus </th> 949 <th> AOSP </th> 950 <th> </th> 951 </tr> 952 <tr> 953 <td>CVE-2016-3837</td> 954 <td><a href="https://android.googlesource.com/platform/frameworks/opt/net/wifi/+/a209ff12ba9617c10550678ff93d01fb72a33399"> 955 A-28164077</a></td> 956 <td></td> 957 <td> Nexus</td> 958 <td>5.0.2, 5.1.1, 6.0, 6.0.1</td> 959 <td>Google </td> 960 </tr> 961 </table> 962 963 <h3 id="denial-of-service-vulnerability-in-system-ui"> 964 UI (Dos) </h3> 965 <p> 966 UI 967 119 . 968 969 . 970 </p> 971 <table> 972 <col width="18%"> 973 <col width="18%"> 974 <col width="10%"> 975 <col width="19%"> 976 <col width="17%"> 977 <col width="17%"> 978 <tr> 979 <th>CVE</th> 980 <th></th> 981 <th></th> 982 <th> Nexus </th> 983 <th> AOSP </th> 984 <th> </th> 985 </tr> 986 <tr> 987 <td>CVE-2016-3838</td> 988 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/468651c86a8adb7aa56c708d2348e99022088af3"> 989 A-28761672</a></td> 990 <td></td> 991 <td> Nexus</td> 992 <td>6.0, 6.0.1</td> 993 <td>Google </td> 994 </tr> 995 </table> 996 997 <h3 id="denial-of-service-vulnerability-in-bluetooth"> 998 (DoS) </h3> 999 <p> 1000 1001 119 . 1002 1003 . 1004 </p> 1005 <table> 1006 <col width="18%"> 1007 <col width="17%"> 1008 <col width="10%"> 1009 <col width="19%"> 1010 <col width="18%"> 1011 <col width="17%"> 1012 <tr> 1013 <th>CVE</th> 1014 <th></th> 1015 <th></th> 1016 <th> Nexus </th> 1017 <th> AOSP </th> 1018 <th> </th> 1019 </tr> 1020 <tr> 1021 <td>CVE-2016-3839</td> 1022 <td><a href="https://android.googlesource.com/platform/system/bt/+/472271b153c5dc53c28beac55480a8d8434b2d5c"> 1023 A-28885210</a></td> 1024 <td></td> 1025 <td> Nexus</td> 1026 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 1027 <td>Google </td> 1028 </tr> 1029 </table> 1030 <h2 id="2016-08-05-security-patch-level-vulnerability-details"> 1031 2016-08-05 </h2> 1032 <p> 1033 <a href="#2016-08-05 ">2016-08-05 1034 </a> 1035 . , 1036 CVE, , , Nexus , 1037 AOSP ( ), . 1038 AOSP ID 1039 . 1040 ID . 1041 </p> 1042 1043 <h3 id="remote-code-execution-vulnerability-in-qualcomm-wi-fi-driver"> 1044 Qualcomm Wi-Fi </h3> 1045 <p> 1046 Qualcomm Wi-Fi 1047 . 1048 1049 1050 . 1051 </p> 1052 <table> 1053 <col width="19%"> 1054 <col width="20%"> 1055 <col width="10%"> 1056 <col width="23%"> 1057 <col width="17%"> 1058 <tr> 1059 <th>CVE</th> 1060 <th></th> 1061 <th></th> 1062 <th> Nexus </th> 1063 <th> </th> 1064 </tr> 1065 <tr> 1066 <td>CVE-2014-9902</td> 1067 <td>A-28668638 1068 <p> 1069 <a href="https://us.codeaurora.org/cgit/quic/la//platform/vendor/qcom-opensource/wlan/prima/commit/?id=3b1c44a3a7129dc25abe2c23543f6f66c59e8f50"> 1070 QC-CR#553937</a><br> 1071 <a href="https://us.codeaurora.org/cgit/quic/la//platform/vendor/qcom-opensource/wlan/prima/commit/?id=3b1c44a3a7129dc25abe2c23543f6f66c59e8f50"> 1072 QC-CR#553941</a> 1073 </p> 1074 </td> 1075 <td></td> 1076 <td>Nexus 7(2013)</td> 1077 <td>2014 3 31</td> 1078 </tr> 1079 </table> 1080 1081 <h3 id="remote-code-execution-vulnerability-in-conscrypt">Conscrypt 1082 </h3> 1083 <p> 1084 Conscrypt 1085 . 1086 . 1087 </p> 1088 <table> 1089 <col width="18%"> 1090 <col width="18%"> 1091 <col width="10%"> 1092 <col width="19%"> 1093 <col width="17%"> 1094 <col width="17%"> 1095 <tr> 1096 <th>CVE</th> 1097 <th></th> 1098 <th></th> 1099 <th> Nexus </th> 1100 <th> AOSP </th> 1101 <th> </th> 1102 </tr> 1103 <tr> 1104 <td>CVE-2016-3840</td> 1105 <td><a href="https://android.googlesource.com/platform/external/conscrypt/+/5af5e93463f4333187e7e35f3bd2b846654aa214"> 1106 A-28751153</a></td> 1107 <td></td> 1108 <td> Nexus</td> 1109 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 1110 <td>Google </td> 1111 </tr> 1112 </table> 1113 1114 <h3 id="elevation-of-privilege-vulnerability-in-qualcomm-components"> 1115 Qualcomm </h3> 1116 <p> 1117 , , , , 1118 Qualcomm 1119 . 1120 </p> 1121 <p> 1122 1123 1124 , 1125 . 1126 </p> 1127 <table> 1128 <col width="19%"> 1129 <col width="20%"> 1130 <col width="10%"> 1131 <col width="23%"> 1132 <col width="17%"> 1133 <tr> 1134 <th>CVE</th> 1135 <th></th> 1136 <th></th> 1137 <th> Nexus </th> 1138 <th> </th> 1139 </tr> 1140 <tr> 1141 <td>CVE-2014-9863</td> 1142 <td>A-28768146 1143 <p> 1144 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=75eac48a48562f819f50eeff8369b296d89102d7"> 1145 QC-CR#549470</a> 1146 </p> 1147 </td> 1148 <td></td> 1149 <td>Nexus 5, Nexus 7(2013)</td> 1150 <td>2014 4 30</td> 1151 </tr> 1152 <tr> 1153 <td>CVE-2014-9864</td> 1154 <td>A-28747998 1155 <p> 1156 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=a1124defc680055e2f2a8c8e3da4a94ca2ec842e"> 1157 QC-CR#561841</a> 1158 </p></td> 1159 <td></td> 1160 <td>Nexus 5, Nexus 7(2013)</td> 1161 <td>2014 3 27</td> 1162 </tr> 1163 <tr> 1164 <td>CVE-2014-9865</td> 1165 <td>A-28748271 1166 <p> 1167 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=e65a876a155de945e306f2726f3a557415e6044e"> 1168 QC-CR#550013</a> 1169 </p> 1170 </td> 1171 <td></td> 1172 <td>Nexus 5, Nexus 7(2013)</td> 1173 <td>2014 3 27</td> 1174 </tr> 1175 <tr> 1176 <td>CVE-2014-9866</td> 1177 <td>A-28747684 1178 <p> 1179 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=8e6daae70422ad35146a87700e6634a747d1ff5d"> 1180 QC-CR#511358</a> 1181 </p> 1182 </td> 1183 <td></td> 1184 <td>Nexus 5, Nexus 7(2013)</td> 1185 <td>2014 3 31</td> 1186 </tr> 1187 <tr> 1188 <td>CVE-2014-9867</td> 1189 <td>A-28749629 1190 <p> 1191 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=322c518689a7f820165ca4c5d6b750b02ac34665"> 1192 QC-CR#514702</a> 1193 </p> 1194 </td> 1195 <td></td> 1196 <td>Nexus 5, Nexus 7(2013)</td> 1197 <td>2014 3 31</td> 1198 </tr> 1199 <tr> 1200 <td>CVE-2014-9868</td> 1201 <td>A-28749721 1202 <p> 1203 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=1f274b74c00187ba1c379971503f51944148b22f"> 1204 QC-CR#511976</a> 1205 </p> 1206 </td> 1207 <td></td> 1208 <td>Nexus 5, Nexus 7(2013)</td> 1209 <td>2014 3 31</td> 1210 </tr> 1211 <tr> 1212 <td>CVE-2014-9869</td> 1213 <td>A-28749728 1214 <p> 1215 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=8d1f7531ff379befc129a6447642061e87562bca"> 1216 QC-CR#514711</a> 1217 [<a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=7a26934e4196b4aa61944081989189d59b108768">2</a>] 1218 </p> 1219 </td> 1220 <td></td> 1221 <td>Nexus 5, Nexus 7(2013)</td> 1222 <td>2014 3 31</td> 1223 </tr> 1224 <tr> 1225 <td>CVE-2014-9870</td> 1226 <td>A-28749743 1227 <p> 1228 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm/commit/?id=4f57652fcd2dce7741f1ac6dc0417e2f265cd1de"> 1229 QC-CR#561044</a> 1230 </p> 1231 </td> 1232 <td></td> 1233 <td>Nexus 5, Nexus 7(2013)</td> 1234 <td>2014 3 31</td> 1235 </tr> 1236 <tr> 1237 <td>CVE-2014-9871</td> 1238 <td>A-28749803 1239 <p> 1240 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=f615e40c706708f74cd826d5b19c63025f54c041"> 1241 QC-CR#514717</a> 1242 </p> 1243 </td> 1244 <td></td> 1245 <td>Nexus 5, Nexus 7(2013)</td> 1246 <td>2014 3 31</td> 1247 </tr> 1248 <tr> 1249 <td>CVE-2014-9872</td> 1250 <td>A-28750155 1251 <p> 1252 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=fc787ebd71fa231cc7dd2a0d5f2208da0527096a"> 1253 QC-CR#590721</a> 1254 </p> 1255 </td> 1256 <td></td> 1257 <td>Nexus 5</td> 1258 <td>2014 3 31</td> 1259 </tr> 1260 <tr> 1261 <td>CVE-2014-9873</td> 1262 <td>A-28750726 1263 <p> 1264 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm/commit/?id=ef29ae1d40536fef7fb95e4d5bb5b6b57bdf9420"> 1265 QC-CR#556860</a> 1266 </p> 1267 </td> 1268 <td></td> 1269 <td>Nexus 5, Nexus 7(2013)</td> 1270 <td>2014 3 31</td> 1271 </tr> 1272 <tr> 1273 <td>CVE-2014-9874</td> 1274 <td>A-28751152 1275 <p> 1276 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm/commit/?id=56ff68b1f93eaf22e5e0284648fd862dc08c9236"> 1277 QC-CR#563086</a> 1278 </p> 1279 </td> 1280 <td></td> 1281 <td>Nexus 5, Nexus 5X, Nexus 6P, Nexus 7(2013) </td> 1282 <td>2014 3 31</td> 1283 </tr> 1284 <tr> 1285 <td>CVE-2014-9875</td> 1286 <td>A-28767589 1287 <p> 1288 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=b77c694b88a994d077316c157168c710696f8805"> 1289 QC-CR#483310</a> 1290 </p> 1291 </td> 1292 <td></td> 1293 <td>Nexus 7(2013)</td> 1294 <td>2014 4 30</td> 1295 </tr> 1296 <tr> 1297 <td>CVE-2014-9876</td> 1298 <td>A-28767796 1299 <p> 1300 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=7efd393ca08ac74b2e3d2639b0ad77da139e9139"> 1301 QC-CR#483408</a> 1302 </p> 1303 </td> 1304 <td></td> 1305 <td>Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, Nexus 7(2013)</td> 1306 <td>2014 4 30</td> 1307 </tr> 1308 <tr> 1309 <td>CVE-2014-9877</td> 1310 <td>A-28768281 1311 <p> 1312 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=f0c0112a6189747a3f24f20210157f9974477e03"> 1313 QC-CR#547231</a> 1314 </p> 1315 </td> 1316 <td></td> 1317 <td>Nexus 5, Nexus 7(2013)</td> 1318 <td>2014 4 30</td> 1319 </tr> 1320 <tr> 1321 <td>CVE-2014-9878</td> 1322 <td>A-28769208 1323 <p> 1324 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=96a62c1de93a44e6ca69514411baf4b3d67f6dee"> 1325 QC-CR#547479</a> 1326 </p> 1327 </td> 1328 <td></td> 1329 <td>Nexus 5</td> 1330 <td>2014 4 30</td> 1331 </tr> 1332 <tr> 1333 <td>CVE-2014-9879</td> 1334 <td>A-28769221 1335 <p> 1336 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=ecc8116e1befb3a764109f47ba0389434ddabbe4"> 1337 QC-CR#524490</a> 1338 </p> 1339 </td> 1340 <td></td> 1341 <td>Nexus 5</td> 1342 <td>2014 4 30</td> 1343 </tr> 1344 <tr> 1345 <td>CVE-2014-9880</td> 1346 <td>A-28769352 1347 <p> 1348 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=f2a3f5e63e15e97a66e8f5a300457378bcb89d9c"> 1349 QC-CR#556356</a> 1350 </p> 1351 </td> 1352 <td></td> 1353 <td>Nexus 7(2013)</td> 1354 <td>2014 4 30</td> 1355 </tr> 1356 <tr> 1357 <td>CVE-2014-9881</td> 1358 <td>A-28769368 1359 <p> 1360 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=ba3f404a10b3bb7e9c20440837df3cd35c5d0c4b"> 1361 QC-CR#539008</a> 1362 </p> 1363 </td> 1364 <td></td> 1365 <td>Nexus 7(2013)</td> 1366 <td>2014 4 30</td> 1367 </tr> 1368 <tr> 1369 <td>CVE-2014-9882</td> 1370 <td>A-28769546 1371 <p> 1372 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=3a4ebaac557a9e3fbcbab4561650abac8298a4d9"> 1373 QC-CR#552329</a> 1374 [<a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=0f6afe815b1b3f920f3502be654c848bdfe5ef38">2</a>]</p> 1375 </td> 1376 <td></td> 1377 <td>Nexus 7(2013)</td> 1378 <td>2014 4 30</td> 1379 </tr> 1380 <tr> 1381 <td>CVE-2014-9883</td> 1382 <td>A-28769912 1383 <p> 1384 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=cbf79a67348e48557c0d0bb9bc58391b3f84bc46"> 1385 QC-CR#565160</a> 1386 </p> 1387 </td> 1388 <td></td> 1389 <td>Nexus 5, Nexus 7(2013)</td> 1390 <td>2014 4 30</td> 1391 </tr> 1392 <tr> 1393 <td>CVE-2014-9884</td> 1394 <td>A-28769920 1395 <p> 1396 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=f4948193c46f75e16d4382c4472485ab12b7bd17"> 1397 QC-CR#580740</a> 1398 </p> 1399 </td> 1400 <td></td> 1401 <td>Nexus 5, Nexus 7(2013)</td> 1402 <td>2014 4 30</td> 1403 </tr> 1404 <tr> 1405 <td>CVE-2014-9885</td> 1406 <td>A-28769959 1407 <p> 1408 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=a1d5a4cbd5aa8656bc23b40c7cc43941e10f89c3"> 1409 QC-CR#562261</a> 1410 </p> 1411 </td> 1412 <td></td> 1413 <td>Nexus 5</td> 1414 <td>2014 4 30</td> 1415 </tr> 1416 <tr> 1417 <td>CVE-2014-9886</td> 1418 <td>A-28815575 1419 <p> 1420 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=80be0e249c906704085d13d4ae446f73913fc225"> 1421 QC-CR#555030</a> 1422 </p> 1423 </td> 1424 <td></td> 1425 <td>Nexus 5, Nexus 7(2013)</td> 1426 <td>2014 4 30</td> 1427 </tr> 1428 <tr> 1429 <td>CVE-2014-9887</td> 1430 <td>A-28804057 1431 <p> 1432 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm-3.10/commit/?id=b1bc773cf61265e0e3871b2e52bd6b3270ffc6c3"> 1433 QC-CR#636633</a> 1434 </p> 1435 </td> 1436 <td></td> 1437 <td>Nexus 5, Nexus 7(2013)</td> 1438 <td>2014 7 3</td> 1439 </tr> 1440 <tr> 1441 <td>CVE-2014-9888</td> 1442 <td>A-28803642 1443 <p> 1444 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=f044936caab337a4384fbfe64a4cbae33c7e22a1"> 1445 QC-CR#642735</a> 1446 </p> 1447 </td> 1448 <td></td> 1449 <td>Nexus 5, Nexus 7(2013)</td> 1450 <td>2014 8 29</td> 1451 </tr> 1452 <tr> 1453 <td>CVE-2014-9889</td> 1454 <td>A-28803645 1455 <p> 1456 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit?id=f4e2f2d4ef58c88340774099dff3324ec8baa24a"> 1457 QC-CR#674712</a> 1458 </p></td> 1459 <td></td> 1460 <td>Nexus 5</td> 1461 <td>2014 10 31</td> 1462 </tr> 1463 <tr> 1464 <td>CVE-2015-8937</td> 1465 <td>A-28803962 1466 <p> 1467 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm-3.10/commit/?id=c66202b9288cc4ab1c38f7c928fa1005c285c170"> 1468 QC-CR#770548</a> 1469 </p> 1470 </td> 1471 <td></td> 1472 <td>Nexus 5, Nexus 6, Nexus 7(2013)</td> 1473 <td>2015 3 31</td> 1474 </tr> 1475 <tr> 1476 <td>CVE-2015-8938</td> 1477 <td>A-28804030 1478 <p> 1479 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm-3.10/commit/?id=51c39420e3a49d1a7f05a77c64369b7623088238"> 1480 QC-CR#766022</a></p></td> 1481 <td></td> 1482 <td>Nexus 6</td> 1483 <td>2015 3 31</td> 1484 </tr> 1485 <tr> 1486 <td>CVE-2015-8939</td> 1487 <td>A-28398884 1488 <p> 1489 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=884cff808385788fa620833c7e2160a4b98a21da"> 1490 QC-CR#779021</a></p></td> 1491 <td></td> 1492 <td>Nexus 7(2013)</td> 1493 <td>2015 4 30</td> 1494 </tr> 1495 <tr> 1496 <td>CVE-2015-8940</td> 1497 <td>A-28813987 1498 <p> 1499 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm-3.10/commit/?id=e13ebd727d161db7003be6756e61283dce85fa3b"> 1500 QC-CR#792367</a></p></td> 1501 <td></td> 1502 <td>Nexus 6</td> 1503 <td>2015 4 30</td> 1504 </tr> 1505 <tr> 1506 <td>CVE-2015-8941</td> 1507 <td>A-28814502 1508 <p> 1509 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm-3.10/commit/?id=d4d4d1dd626b21e68e78395bab3382c1eb04877f"> 1510 QC-CR#792473</a></p></td> 1511 <td></td> 1512 <td>Nexus 6, Nexus 7(2013)</td> 1513 <td>2015 5 29</td> 1514 </tr> 1515 <tr> 1516 <td>CVE-2015-8942</td> 1517 <td>A-28814652 1518 <p> 1519 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm-3.10/commit/?id=9ec380c06bbd79493828fcc3c876d8a53fd3369f"> 1520 QC-CR#803246</a></p></td> 1521 <td></td> 1522 <td>Nexus 6</td> 1523 <td>2015 6 30</td> 1524 </tr> 1525 <tr> 1526 <td>CVE-2015-8943</td> 1527 <td>A-28815158 1528 <p> 1529 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm/commit/?id=ad376e4053b87bd58f62f45b6df2c5544bc21aee"> 1530 QC-CR#794217</a></p> 1531 <p> 1532 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm/commit/?id=ad376e4053b87bd58f62f45b6df2c5544bc21aee"> 1533 QC-CR#836226</a></p></td> 1534 <td></td> 1535 <td>Nexus 5</td> 1536 <td>2015 9 11</td> 1537 </tr> 1538 <tr> 1539 <td>CVE-2014-9891</td> 1540 <td>A-28749283 1541 <p> 1542 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=c10f03f191307f7114af89933f2d91b830150094"> 1543 QC-CR#550061</a></p></td> 1544 <td></td> 1545 <td>Nexus 5</td> 1546 <td>2014 3 13</td> 1547 </tr> 1548 <tr> 1549 <td>CVE-2014-9890</td> 1550 <td>A-28770207 1551 <p> 1552 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm-3.10/commit/?id=14e0c8614d2715589583d8a95e33c422d110eb6f"> 1553 QC-CR#529177</a></p></td> 1554 <td></td> 1555 <td>Nexus 5, Nexus 7(2013)</td> 1556 <td>2014 6 2</td> 1557 </tr> 1558 </table> 1559 1560 <h3 id="elevation-of-privilege-vulnerability-in-kernel-networking-component"> 1561 </h3> 1562 <p> 1563 1564 1565 . 1566 , 1567 . 1568 </p> 1569 <table> 1570 <col width="19%"> 1571 <col width="20%"> 1572 <col width="10%"> 1573 <col width="23%"> 1574 <col width="17%"> 1575 <tr> 1576 <th>CVE</th> 1577 <th></th> 1578 <th></th> 1579 <th> Nexus </th> 1580 <th> </th> 1581 </tr> 1582 <tr> 1583 <td>CVE-2015-2686</td> 1584 <td>A-28759139 1585 <p> 1586 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4de930efc23b92ddf88ce91c405ee645fe6e27ea"> 1587 </a></p></td> 1588 <td></td> 1589 <td> Nexus</td> 1590 <td>2015 3 23</td> 1591 </tr> 1592 <tr> 1593 <td>CVE-2016-3841</td> 1594 <td>A-28746669 1595 <p> 1596 <a href="https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=45f6fad84cc305103b28d73482b344d7f5b76f39"> 1597 </a></p></td> 1598 <td></td> 1599 <td> Nexus</td> 1600 <td>2015 12 3</td> 1601 </tr> 1602 </table> 1603 1604 <h3 id="elevation-of-privilege-vulnerability-in-qualcomm-gpu-driver"> 1605 Qualcomm GPU </h3> 1606 <p> 1607 Qualcomm GPU 1608 1609 . 1610 , 1611 . 1612 </p> 1613 <table> 1614 <col width="19%"> 1615 <col width="20%"> 1616 <col width="10%"> 1617 <col width="23%"> 1618 <col width="17%"> 1619 <tr> 1620 <th>CVE</th> 1621 <th></th> 1622 <th></th> 1623 <th> Nexus </th> 1624 <th> </th> 1625 </tr> 1626 <tr> 1627 <td>CVE-2016-2504</td> 1628 <td>A-28026365 1629 <p>QC-CR#1002974</p></td> 1630 <td></td> 1631 <td>Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, Nexus 7(2013)</td> 1632 <td>2016 4 5</td> 1633 </tr> 1634 <tr> 1635 <td>CVE-2016-3842</td> 1636 <td>A-28377352 1637 <p> 1638 QC-CR#1002974</p></td> 1639 <td></td> 1640 <td>Nexus 5X, Nexus 6, Nexus 6P</td> 1641 <td>2016 4 25</td> 1642 </tr> 1643 </table> 1644 <p> 1645 * . 1646 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1647 . 1648 </p> 1649 1650 1651 <h3 id="elevation-of-privilege-vulnerability-in-qualcomm-performance-component"> 1652 Qualcomm </h3> 1653 <p> 1654 Qualcomm 1655 1656 . 1657 , 1658 . 1659 </p> 1660 <p class="note"> 1661 <strong>:</strong> A-29119870 1662 . 1663 </p> 1664 <table> 1665 <col width="19%"> 1666 <col width="20%"> 1667 <col width="10%"> 1668 <col width="23%"> 1669 <col width="17%"> 1670 <tr> 1671 <th>CVE</th> 1672 <th></th> 1673 <th></th> 1674 <th> Nexus </th> 1675 <th> </th> 1676 </tr> 1677 <tr> 1678 <td>CVE-2016-3843</td> 1679 <td>A-28086229* 1680 <p> 1681 QC-CR#1011071</p></td> 1682 <td></td> 1683 <td>Nexus 5X, Nexus 6P</td> 1684 <td>2016 4 7</td> 1685 </tr> 1686 </table> 1687 <p> 1688 * . 1689 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1690 . 1691 </p> 1692 1693 <h3 id="elevation-of-privilege-vulnerability-in-kernel"> 1694 </h3> 1695 <p> 1696 1697 1698 . 1699 , 1700 . 1701 </p> 1702 <table> 1703 <col width="19%"> 1704 <col width="20%"> 1705 <col width="10%"> 1706 <col width="23%"> 1707 <col width="17%"> 1708 <tr> 1709 <th>CVE</th> 1710 <th></th> 1711 <th></th> 1712 <th> Nexus </th> 1713 <th> </th> 1714 </tr> 1715 <tr> 1716 <td>CVE-2016-3857</td> 1717 <td>A-28522518*</td> 1718 <td></td> 1719 <td>Nexus 7(2013)</td> 1720 <td>2016 5 2</td> 1721 </tr> 1722 </table> 1723 <p> 1724 * . 1725 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1726 . 1727 </p> 1728 1729 <h3 id="elevation-of-privilege-vulnerability-in-kernel-memory-system"> 1730 </h3> 1731 <p> 1732 1733 1734 . 1735 . 1736 </p> 1737 <table> 1738 <col width="19%"> 1739 <col width="20%"> 1740 <col width="10%"> 1741 <col width="23%"> 1742 <col width="17%"> 1743 <tr> 1744 <th>CVE</th> 1745 <th></th> 1746 <th></th> 1747 <th> Nexus </th> 1748 <th> </th> 1749 </tr> 1750 <tr> 1751 <td>CVE-2015-1593</td> 1752 <td>A-29577822 1753 <p> 1754 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4e7c22d447bb6d7e37bfe39ff658486ae78e8d77"> 1755 </a></p></td> 1756 <td></td> 1757 <td>Nexus Player</td> 1758 <td>2015 2 13</td> 1759 </tr> 1760 <tr> 1761 <td>CVE-2016-3672</td> 1762 <td>A-28763575 1763 <p> 1764 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8b8addf891de8a00e4d39fc32f93f7c5eb8feceb"> 1765 </a></p></td> 1766 <td></td> 1767 <td>Nexus Player</td> 1768 <td>2016 3 25</td> 1769 </tr> 1770 </table> 1771 1772 <h3 id="elevation-of-privilege-vulnerability-in-kernel-sound-component"> 1773 </h3> 1774 <p> 1775 1776 1777 . 1778 . 1779 </p> 1780 <table> 1781 <col width="19%"> 1782 <col width="20%"> 1783 <col width="10%"> 1784 <col width="23%"> 1785 <col width="17%"> 1786 <tr> 1787 <th>CVE</th> 1788 <th></th> 1789 <th></th> 1790 <th> Nexus </th> 1791 <th> </th> 1792 </tr> 1793 <tr> 1794 <td>CVE-2016-2544</td> 1795 <td>A-28695438 1796 <p> 1797 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3567eb6af614dac436c4b16a8d426f9faed639b3"> 1798 </a></p></td> 1799 <td></td> 1800 <td> Nexus</td> 1801 <td>2016 1 19</td> 1802 </tr> 1803 <tr> 1804 <td>CVE-2016-2546</td> 1805 <td>A-28694392 1806 <p> 1807 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=af368027a49a751d6ff4ee9e3f9961f35bb4fede"> 1808 </a></p></td> 1809 <td></td> 1810 <td>Pixel C</td> 1811 <td>2016 1 19</td> 1812 </tr> 1813 <tr> 1814 <td>CVE-2014-9904</td> 1815 <td>A-28592007 1816 <p> 1817 <a href="https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6217e5ede23285ddfee10d2e4ba0cc2d4c046205"> 1818 </a></p></td> 1819 <td></td> 1820 <td>Nexus 5X, Nexus 6, Nexus 6P, Nexus 9, Nexus Player</td> 1821 <td>2016 5 4</td> 1822 </tr> 1823 </table> 1824 1825 <h3 id="elevation-of-privilege-vulnerability-in-kernel-file-system"> 1826 </h3> 1827 <p> 1828 1829 1830 . 1831 . 1832 </p> 1833 <table> 1834 <col width="19%"> 1835 <col width="20%"> 1836 <col width="10%"> 1837 <col width="23%"> 1838 <col width="17%"> 1839 <tr> 1840 <th>CVE</th> 1841 <th></th> 1842 <th></th> 1843 <th> Nexus </th> 1844 <th> </th> 1845 </tr> 1846 <tr> 1847 <td>CVE-2012-6701</td> 1848 <td>A-28939037 1849 <p> 1850 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a70b52ec1aaeaf60f4739edb1b422827cb6f3893"> 1851 </a></p></td> 1852 <td></td> 1853 <td>Nexus 5, Nexus 7(2013)</td> 1854 <td>2016 3 2</td> 1855 </tr> 1856 </table> 1857 1858 <h3 id="elevation-of-privilege-vulnerability-in-mediaserver"> 1859 </h3> 1860 <p> 1861 1862 1863 . 1864 . 1865 </p> 1866 <table> 1867 <col width="19%"> 1868 <col width="20%"> 1869 <col width="10%"> 1870 <col width="23%"> 1871 <col width="17%"> 1872 <tr> 1873 <th>CVE</th> 1874 <th></th> 1875 <th></th> 1876 <th> Nexus </th> 1877 <th> </th> 1878 </tr> 1879 <tr> 1880 <td>CVE-2016-3844</td> 1881 <td>A-28299517* 1882 <p> 1883 N-CVE-2016-3844</p></td> 1884 <td></td> 1885 <td>Nexus 9, Pixel C</td> 1886 <td>2016 4 19</td> 1887 </tr> 1888 </table> 1889 <p> 1890 * . 1891 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1892 . 1893 </p> 1894 1895 <h3> </h3> 1896 <p> 1897 1898 1899 . 1900 . 1901 </p> 1902 <table> 1903 <col width="19%"> 1904 <col width="20%"> 1905 <col width="10%"> 1906 <col width="23%"> 1907 <col width="17%"> 1908 <tr> 1909 <th>CVE</th> 1910 <th></th> 1911 <th></th> 1912 <th> Nexus </th> 1913 <th> </th> 1914 </tr> 1915 <tr> 1916 <td>CVE-2016-3845</td> 1917 <td>A-28399876*</td> 1918 <td></td> 1919 <td>Nexus 5</td> 1920 <td>2016 4 20</td> 1921 </tr> 1922 </table> 1923 <p> 1924 * . 1925 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1926 . 1927 </p> 1928 1929 <h3 id="elevation-of-privilege-vulnerability-in-serial-peripheral-interface-driver"> 1930 </h3> 1931 <p> 1932 1933 1934 . 1935 . 1936 </p> 1937 <table> 1938 <col width="19%"> 1939 <col width="20%"> 1940 <col width="10%"> 1941 <col width="23%"> 1942 <col width="17%"> 1943 <tr> 1944 <th>CVE</th> 1945 <th></th> 1946 <th></th> 1947 <th> Nexus </th> 1948 <th> </th> 1949 </tr> 1950 <tr> 1951 <td>CVE-2016-3846</td> 1952 <td>A-28817378*</td> 1953 <td></td> 1954 <td>Nexus 5X, Nexus 6P</td> 1955 <td>2016 5 17</td> 1956 </tr> 1957 </table> 1958 <p> 1959 * . 1960 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1961 . 1962 </p> 1963 1964 <h3 id="elevation-of-privilege-vulnerability-in-nvidia-media-driver"> 1965 NVIDIA </h3> 1966 <p> 1967 NVIDIA 1968 1969 . 1970 . 1971 </p> 1972 <table> 1973 <col width="19%"> 1974 <col width="20%"> 1975 <col width="10%"> 1976 <col width="23%"> 1977 <col width="17%"> 1978 <tr> 1979 <th>CVE</th> 1980 <th></th> 1981 <th></th> 1982 <th> Nexus </th> 1983 <th> </th> 1984 </tr> 1985 <tr> 1986 <td>CVE-2016-3847</td> 1987 <td>A-28871433* 1988 <p> 1989 N-CVE-2016-3847</p></td> 1990 <td></td> 1991 <td>Nexus 9</td> 1992 <td>2016 5 19</td> 1993 </tr> 1994 <tr> 1995 <td>CVE-2016-3848</td> 1996 <td>A-28919417* 1997 <p> 1998 N-CVE-2016-3848</p></td> 1999 <td></td> 2000 <td>Nexus 9</td> 2001 <td>2016 5 19</td> 2002 </tr> 2003 </table> 2004 <p> 2005 * . 2006 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 2007 . 2008 </p> 2009 2010 <h3 id="elevation-of-privilege-vulnerability-in-ion-driver"> 2011 ION </h3> 2012 <p> 2013 ION 2014 2015 . 2016 . 2017 </p> 2018 <table> 2019 <col width="19%"> 2020 <col width="20%"> 2021 <col width="10%"> 2022 <col width="23%"> 2023 <col width="17%"> 2024 <tr> 2025 <th>CVE</th> 2026 <th></th> 2027 <th></th> 2028 <th> Nexus </th> 2029 <th> </th> 2030 </tr> 2031 <tr> 2032 <td>CVE-2016-3849</td> 2033 <td>A-28939740</td> 2034 <td></td> 2035 <td>Pixel C</td> 2036 <td>2016 5 24</td> 2037 </tr> 2038 </table> 2039 <p> 2040 * . 2041 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 2042 . 2043 </p> 2044 2045 <h3 id="elevation-of-privilege-vulnerability-in-qualcomm-bootloader">Qualcomm </h3> 2046 <p> 2047 Qualcomm 2048 2049 . 2050 . 2051 </p> 2052 <table> 2053 <col width="19%"> 2054 <col width="20%"> 2055 <col width="10%"> 2056 <col width="26%"> 2057 <col width="17%"> 2058 <tr> 2059 <th>CVE</th> 2060 <th></th> 2061 <th></th> 2062 <th> Nexus </th> 2063 <th> </th> 2064 </tr> 2065 <tr> 2066 <td>CVE-2016-3850</td> 2067 <td>A-27917291 2068 <p> 2069 <a href="https://source.codeaurora.org/quic/la/kernel/lk/commit/?id=030371d45a9dcda4d0cc3c76647e753a1cc1b782"> 2070 QC-CR#945164</a></p></td> 2071 <td></td> 2072 <td>Nexus 5, Nexus 5X, Nexus 6P, Nexus 7(2013) </td> 2073 <td>2016 3 28</td> 2074 </tr> 2075 </table> 2076 2077 <h3 id="elevation-of-privilege-vulnerability-in-kernel-performance"> 2078 </h3> 2079 <p> 2080 2081 . 2082 . 2083 </p> 2084 <p class="note"> 2085 <strong>:</strong> CVE-2016-3843(A-28086229) 2086 . 2087 </p> 2088 <table> 2089 <col width="18%"> 2090 <col width="18%"> 2091 <col width="10%"> 2092 <col width="19%"> 2093 <col width="17%"> 2094 <col width="17%"> 2095 <tr> 2096 <th>CVE</th> 2097 <th></th> 2098 <th></th> 2099 <th> Nexus </th> 2100 <th> AOSP </th> 2101 <th> </th> 2102 </tr> 2103 <tr> 2104 <td>CVE-2016-3843</td> 2105 <td>A-29119870*</td> 2106 <td></td> 2107 <td> Nexus</td> 2108 <td>6.0, 6.1</td> 2109 <td>Google </td> 2110 </tr> 2111 </table> 2112 <p> 2113 * . 2114 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 2115 . 2116 </p> 2117 2118 <h3 id="elevation-of-privilege-vulnerability-in-lg-electronics-bootloader"> 2119 LG </h3> 2120 <p> 2121 LG 2122 2123 . 2124 2125 2126 . 2127 </p> 2128 <table> 2129 <col width="19%"> 2130 <col width="20%"> 2131 <col width="10%"> 2132 <col width="23%"> 2133 <col width="17%"> 2134 <tr> 2135 <th>CVE</th> 2136 <th></th> 2137 <th></th> 2138 <th> Nexus </th> 2139 <th> </th> 2140 </tr> 2141 <tr> 2142 <td>CVE-2016-3851</td> 2143 <td>A-29189941*</td> 2144 <td></td> 2145 <td>Nexus 5X</td> 2146 <td>Google </td> 2147 </tr> 2148 </table> 2149 <p> 2150 * . 2151 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 2152 . 2153 </p> 2154 2155 <h3 id="information-disclosure-vulnerability-in-qualcomm-components"> 2156 Qualcomm </h3> 2157 <p> 2158 , , , , 2159 Qualcomm 2160 . 2161 </p> 2162 <p> 2163 2164 2165 . 2166 </p> 2167 <table> 2168 <col width="19%"> 2169 <col width="20%"> 2170 <col width="10%"> 2171 <col width="23%"> 2172 <col width="17%"> 2173 <tr> 2174 <th>CVE</th> 2175 <th></th> 2176 <th></th> 2177 <th> Nexus </th> 2178 <th> </th> 2179 </tr> 2180 <tr> 2181 <td>CVE-2014-9892</td> 2182 <td>A-28770164 2183 <p> 2184 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm-3.10/commit/?id=591b1f455c32206704cbcf426bb30911c260c33e"> 2185 QC-CR#568717</a></p></td> 2186 <td></td> 2187 <td>Nexus 5, Nexus 7(2013)</td> 2188 <td>2014 6 2</td> 2189 </tr> 2190 <tr> 2191 <td>CVE-2015-8944</td> 2192 <td>A-28814213 2193 <p> 2194 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm-3.10/commit/?id=e758417e7c31b975c862aa55d0ceef28f3cc9104"> 2195 QC-CR#786116</a></p></td> 2196 <td></td> 2197 <td>Nexus 6, Nexus 7(2013)</td> 2198 <td>2015 4 30</td> 2199 </tr> 2200 <tr> 2201 <td>CVE-2014-9893</td> 2202 <td>A-28747914 2203 <p> 2204 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=bfc6eee5e30a0c20bc37495233506f4f0cc4991d"> 2205 QC-CR#542223</a></p></td> 2206 <td></td> 2207 <td>Nexus 5</td> 2208 <td>2014 3 27</td> 2209 </tr> 2210 <tr> 2211 <td>CVE-2014-9894</td> 2212 <td>A-28749708 2213 <p> 2214 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=83214431cd02674c70402b160b16b7427e28737f"> 2215 QC-CR#545736</a></p></td> 2216 <td></td> 2217 <td>Nexus 7(2013)</td> 2218 <td>2014 3 31</td> 2219 </tr> 2220 <tr> 2221 <td>CVE-2014-9895</td> 2222 <td>A-28750150 2223 <p> 2224 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm/commit/?id=cc4b26575602e492efd986e9a6ffc4278cee53b5"> 2225 QC-CR#570757</a></p></td> 2226 <td></td> 2227 <td>Nexus 5, Nexus 7(2013)</td> 2228 <td>2014 3 31</td> 2229 </tr> 2230 <tr> 2231 <td>CVE-2014-9896</td> 2232 <td>A-28767593 2233 <p> 2234 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=89f2bcf1ac860b0b380e579e9a8764013f263a7d"> 2235 QC-CR#551795</a></p></td> 2236 <td></td> 2237 <td>Nexus 5, Nexus 7(2013)</td> 2238 <td>2014 4 30</td> 2239 </tr> 2240 <tr> 2241 <td>CVE-2014-9897</td> 2242 <td>A-28769856 2243 <p> 2244 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=46135d80765cb70a914f02a6e7b6abe64679ec86"> 2245 QC-CR#563752</a></p></td> 2246 <td></td> 2247 <td>Nexus 5</td> 2248 <td>2014 4 30</td> 2249 </tr> 2250 <tr> 2251 <td>CVE-2014-9898</td> 2252 <td>A-28814690 2253 <p> 2254 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=80be0e249c906704085d13d4ae446f73913fc225"> 2255 QC-CR#554575</a></p></td> 2256 <td></td> 2257 <td>Nexus 5, Nexus 7(2013)</td> 2258 <td>2014 4 30</td> 2259 </tr> 2260 <tr> 2261 <td>CVE-2014-9899</td> 2262 <td>A-28803909 2263 <p> 2264 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm-3.10/commit/?id=8756624acb1e090b45baf07b2a8d0ebde114000e"> 2265 QC-CR#547910</a></p></td> 2266 <td></td> 2267 <td>Nexus 5</td> 2268 <td>2014 7 3</td> 2269 </tr> 2270 <tr> 2271 <td>CVE-2014-9900</td> 2272 <td>A-28803952 2273 <p> 2274 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm-3.10/commit/?id=63c317dbee97983004dffdd9f742a20d17150071"> 2275 QC-CR#570754</a></p></td> 2276 <td></td> 2277 <td>Nexus 5, Nexus 7(2013)</td> 2278 <td>2014 8 8</td> 2279 </tr> 2280 </table> 2281 2282 <h3 id="information-disclosure-vulnerability-in-kernel-scheduler"> 2283 </h3> 2284 <p> 2285 2286 . 2287 2288 . 2289 </p> 2290 <table> 2291 <col width="19%"> 2292 <col width="20%"> 2293 <col width="10%"> 2294 <col width="23%"> 2295 <col width="17%"> 2296 <tr> 2297 <th>CVE</th> 2298 <th></th> 2299 <th></th> 2300 <th> Nexus </th> 2301 <th> </th> 2302 </tr> 2303 <tr> 2304 <td>CVE-2014-9903</td> 2305 <td>A-28731691 2306 <p> 2307 <a href="https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4efbc454ba68def5ef285b26ebfcfdb605b52755"> 2308 </a></p></td> 2309 <td></td> 2310 <td>Nexus 5X, Nexus 6P</td> 2311 <td>2014 2 21</td> 2312 </tr> 2313 </table> 2314 2315 <h3 id="information-disclosure-vulnerability-in-mediatek-wi-fi-driver-device-specific"> 2316 MediaTek Wi-Fi ( )</h3> 2317 <p> 2318 MediaTek Wi-Fi 2319 2320 . 2321 . 2322 </p> 2323 <table> 2324 <col width="19%"> 2325 <col width="20%"> 2326 <col width="10%"> 2327 <col width="23%"> 2328 <col width="17%"> 2329 <tr> 2330 <th>CVE</th> 2331 <th></th> 2332 <th></th> 2333 <th> Nexus </th> 2334 <th> </th> 2335 </tr> 2336 <tr> 2337 <td>CVE-2016-3852</td> 2338 <td>A-29141147* 2339 <p> 2340 M-ALPS02751738</p></td> 2341 <td></td> 2342 <td>Android One</td> 2343 <td>2016 4 12</td> 2344 </tr> 2345 </table> 2346 <p> 2347 * . 2348 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 2349 . 2350 </p> 2351 2352 <h3 id="information-disclosure-vulnerability-in-usb-driver">USB </h3> 2353 <p> 2354 USB 2355 . 2356 2357 . 2358 </p> 2359 <table> 2360 <col width="19%"> 2361 <col width="20%"> 2362 <col width="10%"> 2363 <col width="23%"> 2364 <col width="17%"> 2365 <tr> 2366 <th>CVE</th> 2367 <th></th> 2368 <th></th> 2369 <th> Nexus </th> 2370 <th> </th> 2371 </tr> 2372 <tr> 2373 <td>CVE-2016-4482</td> 2374 <td>A-28619695 2375 <p> 2376 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=681fef8380eb818c0b845fca5d2ab1dcbab114ee"> 2377 </a></p></td> 2378 <td></td> 2379 <td> Nexus</td> 2380 <td>2016 5 3</td> 2381 </tr> 2382 </table> 2383 2384 <h3 id="denial-of-service-vulnerability-in-qualcomm-components"> 2385 Qualcomm (DoS) </h3> 2386 <p> 2387 Wi-Fi Qualcomm 2388 . 2389 </p> 2390 <p> 2391 2392 2393 . 2394 </p> 2395 <table> 2396 <col width="19%"> 2397 <col width="20%"> 2398 <col width="10%"> 2399 <col width="23%"> 2400 <col width="17%"> 2401 <tr> 2402 <th>CVE</th> 2403 <th></th> 2404 <th></th> 2405 <th> Nexus </th> 2406 <th> </th> 2407 </tr> 2408 <tr> 2409 <td>CVE-2014-9901</td> 2410 <td>A-28670333 2411 <p> 2412 <a href="https://us.codeaurora.org/cgit/quic/la//platform/vendor/qcom-opensource/wlan/prima/commit/?id=637f0f7931dd7265ac1c250dc2884d6389c66bde"> 2413 QC-CR#548711</a></p></td> 2414 <td></td> 2415 <td>Nexus 7(2013)</td> 2416 <td>2014 3 31</td> 2417 </tr> 2418 </table> 2419 2420 <h3 id="elevation-of-privilege-vulnerability-in-google-play-services"> 2421 Google Play </h3> 2422 <p> 2423 Google Play 2424 . 2425 2426 . 2427 </p> 2428 <table> 2429 <col width="18%"> 2430 <col width="18%"> 2431 <col width="10%"> 2432 <col width="19%"> 2433 <col width="17%"> 2434 <col width="17%"> 2435 <tr> 2436 <th>CVE</th> 2437 <th></th> 2438 <th></th> 2439 <th> Nexus </th> 2440 <th> AOSP </th> 2441 <th> </th> 2442 </tr> 2443 <tr> 2444 <td>CVE-2016-3853</td> 2445 <td>A-26803208*</td> 2446 <td></td> 2447 <td> Nexus</td> 2448 <td></td> 2449 <td>2016 5 4</td> 2450 </tr> 2451 </table> 2452 <p> 2453 * . 2454 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 2455 . 2456 </p> 2457 2458 <h3 id="elevation-of-privilege-vulnerability-in-framework-apis-2"> 2459 API </h3> 2460 <p> 2461 API 2462 2463 . 2464 2465 . 2466 </p> 2467 <table> 2468 <col width="18%"> 2469 <col width="17%"> 2470 <col width="10%"> 2471 <col width="19%"> 2472 <col width="18%"> 2473 <col width="17%"> 2474 <tr> 2475 <th>CVE</th> 2476 <th></th> 2477 <th></th> 2478 <th> Nexus </th> 2479 <th> AOSP </th> 2480 <th> </th> 2481 </tr> 2482 <tr> 2483 <td>CVE-2016-2497</td> 2484 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/a75537b496e9df71c74c1d045ba5569631a16298"> 2485 A-27450489</a></td> 2486 <td></td> 2487 <td> Nexus</td> 2488 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 2489 <td>Google </td> 2490 </tr> 2491 </table> 2492 2493 <h3 id="information-disclosure-vulnerability-in-kernel-networking-component"> 2494 </h3> 2495 <p> 2496 2497 . 2498 . 2499 </p> 2500 <table> 2501 <col width="19%"> 2502 <col width="20%"> 2503 <col width="10%"> 2504 <col width="23%"> 2505 <col width="17%"> 2506 <tr> 2507 <th>CVE</th> 2508 <th></th> 2509 <th></th> 2510 <th> Nexus </th> 2511 <th> </th> 2512 </tr> 2513 <tr> 2514 <td>CVE-2016-4578</td> 2515 <td>A-28620102 2516 <p> 2517 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5f8e44741f9f216e33736ea4ec65ca9ac03036e6"> 2518 </a></p></td> 2519 <td></td> 2520 <td> Nexus</td> 2521 <td>2016 5 3</td> 2522 </tr> 2523 </table> 2524 2525 <h3 id="information-disclosure-vulnerability-in-kernel-sound-component"> 2526 </h3> 2527 <p> 2528 2529 . 2530 . 2531 </p> 2532 <table> 2533 <col width="19%"> 2534 <col width="20%"> 2535 <col width="10%"> 2536 <col width="23%"> 2537 <col width="17%"> 2538 <tr> 2539 <th>CVE</th> 2540 <th></th> 2541 <th></th> 2542 <th> Nexus </th> 2543 <th> </th> 2544 </tr> 2545 <tr> 2546 <td>CVE-2016-4569</td> 2547 <td>A-28980557 2548 <p> 2549 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cec8f96e49d9be372fdb0c3836dcf31ec71e457e"> 2550 </a></p></td> 2551 <td></td> 2552 <td> Nexus</td> 2553 <td>2016 5 9</td> 2554 </tr> 2555 <tr> 2556 <td>CVE-2016-4578</td> 2557 <td>A-28980217 2558 <p> 2559 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e4ec8cc8039a7063e24204299b462bd1383184a5"> 2560 </a> 2561 [<a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9a47e9cff994f37f7f0dbd9ae23740d0f64f9fe6">2</a>]</p></td> 2562 <td></td> 2563 <td> Nexus</td> 2564 <td>2016 5 11</td> 2565 </tr> 2566 </table> 2567 2568 <h3 id="vulnerabilities-in-qualcomm-components"> 2569 Qualcomm </h3> 2570 <p> 2571 , , , , 2572 Qualcomm 2573 . 2574 </p> 2575 <table> 2576 <col width="19%"> 2577 <col width="20%"> 2578 <col width="10%"> 2579 <col width="23%"> 2580 <col width="17%"> 2581 <tr> 2582 <th>CVE</th> 2583 <th></th> 2584 <th></th> 2585 <th> Nexus </th> 2586 <th> </th> 2587 </tr> 2588 <tr> 2589 <td>CVE-2016-3854</td> 2590 <td><a href="https://source.codeaurora.org/quic/la/kernel/msm/commit/?h=LA.AF.1.2.1_rb1.5&id=cc96def76dfd18fba88575065b29f2ae9191fafa"> 2591 QC-CR#897326</a></td> 2592 <td></td> 2593 <td></td> 2594 <td>2016 2</td> 2595 </tr> 2596 <tr> 2597 <td>CVE-2016-3855</td> 2598 <td><a href="https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=ab3f46119ca10de87a11fe966b0723c48f27acd4"> 2599 QC-CR#990824</a></td> 2600 <td></td> 2601 <td></td> 2602 <td>2016 5</td> 2603 </tr> 2604 <tr> 2605 <td>CVE-2016-2060</td> 2606 <td><a href="https://source.codeaurora.org/quic/la/platform/system/netd/commit/?id=e9925f5acb4401588e23ea8a27c3e318f71b5cf8"> 2607 QC-CR#959631</a> 2608 <td></td> 2609 <td></td> 2610 <td>2016 4</td> 2611 </tr> 2612 </table> 2613 <h2 id="common-questions-and-answers"> </h2> 2614 <p> 2615 . 2616 </p> 2617 <p> 2618 <strong>1. ? 2619 </strong> 2620 </p> 2621 <p> 2622 2016-08-01 2016-08-01 2623 . 2016-08-05 2016-08-05 2624 . 2625 <a href="https://support.google.com/nexus/answer/4457705"></a> . 2626 . 2627 [ro.build.version.security_patch]:[2016-08-01] 2628 [ro.build.version.security_patch]:[2016-08-05] 2629 </p> 2630 <p> 2631 <strong>2. ?</strong> 2632 </p> 2633 <p> 2634 Android Android 2635 2636 . Android 2637 2638 . 2639 </p> 2640 <p> 2641 2016 8 5 2642 . 2643 </p> 2644 <p> 2645 2016 8 1 2646 2647 . 2016 8 1 2648 2016 8 5 2649 . 2650 </p> 2651 <p> 2652 3<strong>. Nexus ?</strong> 2653 </p> 2654 <p> 2655 <a href="#2016-08-01-security-patch-level-security-vulnerability-details">2016-08-01</a> 2656 <a href="#2016-08-05-security-patch-level-vulnerability-details">2016-08-05</a> 2657 Nexus 2658 ' Nexus ' . 2659 . 2660 </p> 2661 <ul> 2662 <li><strong> Nexus </strong>: Nexus 2663 <em> Nexus </em> ' Nexus' . 2664 ' Nexus' 2665 <a href="https://support.google.com/nexus/answer/4457705#nexus_devices"> </a> 2666 . Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, Nexus 7(2013), Nexus 9, 2667 Android One, Nexus Player, Pixel C</li> 2668 <li><strong> Nexus </strong>: Nexus 2669 , Nexus 2670 <em> Nexus </em> .</li> 2671 <li><strong>Nexus </strong>: Nexus 2672 <em> Nexus </em> '' . 2673 </li> 2674 </ul> 2675 <p> 2676 <strong>4. ?</strong> 2677 </p> 2678 <p> 2679 <em></em> 2680 . 2681 . 2682 </p> 2683 <table> 2684 <tr> 2685 <th></th> 2686 <th> </th> 2687 </tr> 2688 <tr> 2689 <td>A-</td> 2690 <td>Android ID</td> 2691 </tr> 2692 <tr> 2693 <td>QC-</td> 2694 <td>Qualcomm </td> 2695 </tr> 2696 <tr> 2697 <td>M-</td> 2698 <td>MediaTek </td> 2699 </tr> 2700 <tr> 2701 <td>N-</td> 2702 <td>NVIDIA </td> 2703 </tr> 2704 </table> 2705 <h2 id="revisions"></h2> 2706 2707 <ul> 2708 <li>2016 8 1: </li> 2709 <li>2016 8 2: AOSP </li> 2710 </ul> 2711 2712 </body> 2713 </html> 2714
