1 <html devsite> 2 <head> 3 <title> Android 2016.</title> 4 <meta name="project_path" value="/_project.yaml" /> 5 <meta name="book_path" value="/_book.yaml" /> 6 </head> 7 <body> 8 <!-- 9 Copyright 2017 The Android Open Source Project 10 11 Licensed under the Apache License, Version 2.0 (the "License"); 12 you may not use this file except in compliance with the License. 13 You may obtain a copy of the License at 14 15 http://www.apache.org/licenses/LICENSE-2.0 16 17 Unless required by applicable law or agreed to in writing, software 18 distributed under the License is distributed on an "AS IS" BASIS, 19 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 20 See the License for the specific language governing permissions and 21 limitations under the License. 22 --> 23 24 25 26 <p><em> 1 2016. | 2 2016.</em></p> 27 <p> 28 29 Android. 30 Nexus 31 Nexus <a href="https://developers.google.com/android/nexus/images"> </a>. , 32 , 5 2016 33 . , , 34 <a href="https://support.google.com/nexus/answer/4457705#nexus_devices"> </a>. 35 </p> 36 <p> 37 6 2016 . 38 Android Open Source Project (AOSP). 39 AOSP. 40 </p> 41 <p> 42 43 44 (, , 45 MMS). 46 </p> 47 <p> 48 . <a href="#mitigations"> </a> 49 , <a href="/security/enhancements/index.html"> </a> , 50 SafetyNet, Android. 51 </p> 52 <p> 53 . 54 </p> 55 <h2 id="announcements"></h2> 56 <ul> 57 <li> , 58 59 , Android. 60 61 <a href="#common-questions-and-answers"> </a>. 62 <ul> 63 <li><strong>2016-08-01</strong>: , 64 2016-08-01 .</li> 65 <li><strong>2016-08-05</strong>: , 66 2016-08-01 2016-08-05, .</li> 67 </ul> 68 </li> 69 <li> Nexus 70 5 2016.</li> 71 </ul> 72 73 <h2 id="security-vulnerability-summary"> </h2> 74 <p> 75 , (CVE) 76 , , Nexus. 77 <a href="/security/overview/updates-resources.html#severity"> </a> , 78 , 79 . 80 </p> 81 82 <h3 id="2016-08-01-security-patch-level-vulnerability-summary"> ( 2016-08-01)</h3> 83 <p> 84 1 2016 . 85 </p> 86 <table> 87 <col width="55%"> 88 <col width="20%"> 89 <col width="13%"> 90 <col width="12%"> 91 <tr> 92 <th></th> 93 <th>CVE</th> 94 <th> </th> 95 <th> Nexus?</th> 96 </tr> 97 <tr> 98 <td> mediaserver</td> 99 <td>CVE-2016-3819, CVE-2016-3820, CVE-2016-3821</td> 100 <td></td> 101 <td></td> 102 </tr> 103 <tr> 104 <td> libjhead</td> 105 <td>CVE-2016-3822</td> 106 <td></td> 107 <td></td> 108 </tr> 109 <tr> 110 <td> mediaserver</td> 111 <td>CVE-2016-3823, CVE-2016-3824, CVE-2016-3825, CVE-2016-3826</td> 112 <td></td> 113 <td></td> 114 </tr> 115 <tr> 116 <td> mediaserver</td> 117 <td>CVE-2016-3827, CVE-2016-3828, CVE-2016-3829, CVE-2016-3830</td> 118 <td></td> 119 <td></td> 120 </tr> 121 <tr> 122 <td> </td> 123 <td>CVE-2016-3831</td> 124 <td></td> 125 <td></td> 126 </tr> 127 <tr> 128 <td> Framework API</td> 129 <td>CVE-2016-3832</td> 130 <td></td> 131 <td></td> 132 </tr> 133 <tr> 134 <td> </td> 135 <td>CVE-2016-3833</td> 136 <td></td> 137 <td></td> 138 </tr> 139 <tr> 140 <td> OpenSSL</td> 141 <td>CVE-2016-2842</td> 142 <td></td> 143 <td>*</td> 144 </tr> 145 <tr> 146 <td> API </td> 147 <td>CVE-2016-3834</td> 148 <td></td> 149 <td></td> 150 </tr> 151 <tr> 152 <td> mediaserver</td> 153 <td>CVE-2016-3835</td> 154 <td></td> 155 <td></td> 156 </tr> 157 <tr> 158 <td> SurfaceFlinger</td> 159 <td>CVE-2016-3836</td> 160 <td></td> 161 <td></td> 162 </tr> 163 <tr> 164 <td> Wi-Fi</td> 165 <td>CVE-2016-3837</td> 166 <td></td> 167 <td></td> 168 </tr> 169 <tr> 170 <td> </td> 171 <td>CVE-2016-3838</td> 172 <td></td> 173 <td></td> 174 </tr> 175 <tr> 176 <td> Bluetooth</td> 177 <td>CVE-2016-3839</td> 178 <td></td> 179 <td></td> 180 </tr> 181 </table> 182 <p>* Nexus, 183 .</p> 184 185 <h3 id="2016-08-05-security-patch-level-vulnerability-summary"> ( 2016-08-05)</h3> 186 <p> 187 5 2016 , 188 2016-08-01, , . 189 </p> 190 <table> 191 <col width="55%"> 192 <col width="20%"> 193 <col width="13%"> 194 <col width="12%"> 195 <tr> 196 <th></th> 197 <th>CVE</th> 198 <th> </th> 199 <th> Nexus?</th> 200 </tr> 201 <tr> 202 <td> Wi-Fi- Qualcomm</td> 203 <td>CVE-2014-9902</td> 204 <td></td> 205 <td></td> 206 </tr> 207 <tr> 208 <td> Conscrypt</td> 209 <td>CVE-2016-3840</td> 210 <td></td> 211 <td></td> 212 </tr> 213 <tr> 214 <td> Qualcomm</td> 215 <td>CVE-2014-9863, CVE-2014-9864, CVE-2014-9865, CVE-2014-9866, 216 CVE-2014-9867, CVE-2014-9868, CVE-2014-9869, CVE-2014-9870, 217 CVE-2014-9871, CVE-2014-9872, CVE-2014-9873, CVE-2014-9874, 218 CVE-2014-9875, CVE-2014-9876, CVE-2014-9877, CVE-2014-9878, 219 CVE-2014-9879, CVE-2014-9880, CVE-2014-9881, CVE-2014-9882, 220 CVE-2014-9883, CVE-2014-9884, CVE-2014-9885, CVE-2014-9886, 221 CVE-2014-9887, CVE-2014-9888, CVE-2014-9889, CVE-2014-9890, 222 CVE-2014-9891, CVE-2015-8937, CVE-2015-8938, CVE-2015-8939, 223 CVE-2015-8940, CVE-2015-8941, CVE-2015-8942, CVE-2015-8943</td> 224 <td></td> 225 <td></td> 226 </tr> 227 <tr> 228 <td> </td> 229 <td>CVE-2015-2686, CVE-2016-3841</td> 230 <td></td> 231 <td></td> 232 </tr> 233 <tr> 234 <td> Qualcomm </td> 235 <td>CVE-2016-2504, CVE-2016-3842</td> 236 <td></td> 237 <td></td> 238 </tr> 239 <tr> 240 <td> Qualcomm</td> 241 <td>CVE-2016-3843</td> 242 <td></td> 243 <td></td> 244 </tr> 245 <tr> 246 <td> </td> 247 <td>CVE-2016-3857</td> 248 <td></td> 249 <td></td> 250 </tr> 251 <tr> 252 <td> </td> 253 <td>CVE-2015-1593, CVE-2016-3672</td> 254 <td></td> 255 <td></td> 256 </tr> 257 <tr> 258 <td> </td> 259 <td>CVE-2016-2544, CVE-2016-2546, CVE-2014-9904</td> 260 <td></td> 261 <td></td> 262 </tr> 263 <tr> 264 <td> </td> 265 <td>CVE-2012-6701</td> 266 <td></td> 267 <td></td> 268 </tr> 269 <tr> 270 <td> mediaserver</td> 271 <td>CVE-2016-3844</td> 272 <td></td> 273 <td></td> 274 </tr> 275 <tr> 276 <td> </td> 277 <td>CVE-2016-3845</td> 278 <td></td> 279 <td></td> 280 </tr> 281 <tr> 282 <td> SPI</td> 283 <td>CVE-2016-3846</td> 284 <td></td> 285 <td></td> 286 </tr> 287 <tr> 288 <td> NVIDIA</td> 289 <td>CVE-2016-3847, CVE-2016-3848</td> 290 <td></td> 291 <td></td> 292 </tr> 293 <tr> 294 <td> ION</td> 295 <td>CVE-2016-3849</td> 296 <td></td> 297 <td></td> 298 </tr> 299 <tr> 300 <td> Qualcomm</td> 301 <td>CVE-2016-3850</td> 302 <td></td> 303 <td></td> 304 </tr> 305 <tr> 306 <td> </td> 307 <td>CVE-2016-3843</td> 308 <td></td> 309 <td></td> 310 </tr> 311 <tr> 312 <td> LG Electronics</td> 313 <td>CVE-2016-3851</td> 314 <td></td> 315 <td></td> 316 </tr> 317 <tr> 318 <td> Qualcomm</td> 319 <td>CVE-2014-9892, CVE-2014-9893, CVE-2014-9894, CVE-2014-9895, CVE-2014-9896, 320 CVE-2014-9897, CVE-2014-9898, CVE-2014-9899, CVE-2014-9900, CVE-2015-8944</td> 321 <td></td> 322 <td></td> 323 </tr> 324 <tr> 325 <td> </td> 326 <td>CVE-2014-9903</td> 327 <td></td> 328 <td></td> 329 </tr> 330 <tr> 331 <td> Wi-Fi- MediaTek</td> 332 <td>CVE-2016-3852</td> 333 <td></td> 334 <td></td> 335 </tr> 336 <tr> 337 <td> USB-</td> 338 <td>CVE-2016-4482</td> 339 <td></td> 340 <td></td> 341 </tr> 342 <tr> 343 <td> Qualcomm</td> 344 <td>CVE-2014-9901</td> 345 <td></td> 346 <td></td> 347 </tr> 348 <tr> 349 <td> Google Play</td> 350 <td>CVE-2016-3853</td> 351 <td></td> 352 <td></td> 353 </tr> 354 <tr> 355 <td> Framework API</td> 356 <td>CVE-2016-2497</td> 357 <td></td> 358 <td></td> 359 </tr> 360 <tr> 361 <td> </td> 362 <td>CVE-2016-4578</td> 363 <td></td> 364 <td></td> 365 </tr> 366 <tr> 367 <td> </td> 368 <td>CVE-2016-4569, CVE-2016-4578</td> 369 <td></td> 370 <td></td> 371 </tr> 372 <tr> 373 <td> Qualcomm</td> 374 <td>CVE-2016-3854, CVE-2016-3855, CVE-2016-2060</td> 375 <td></td> 376 <td></td> 377 </tr> 378 </table> 379 <h2 id="mitigations"> </h2> 380 <p> 381 , <a href="/security/enhancements/index.html"> </a> 382 , SafetyNet, 383 Android. 384 </p> 385 <ul> 386 <li> 387 Android, 388 .</li> 389 <li>, Android, 390 <a href="http://static.googleusercontent.com/media/source.android.com/ru//security/reports/Google_Android_Security_2015_Report_Final.pdf"> SafetyNet</a>. 391 <a href="http://static.googleusercontent.com/media/source.android.com/ru//security/reports/Google_Android_Security_PHA_classifications.pdf"> 392 </a>. <a href="http://www.android.com/gms"> Google</a>. , 393 . 394 Google Play , 395 . 396 , . 397 , , 398 , 399 . , 400 .</li> 401 <li> Google Hangouts Messenger 402 , mediaserver, .</li> 403 </ul> 404 <h2 id="acknowledgements"></h2> 405 <p> 406 , : 407 </p> 408 <ul> 409 <li> , 410 Google Chrome: CVE-2016-3821, CVE-2016-3837</li> 411 <li> Check Point Software Technologies Ltd.: CVE-2016-2504</li> 412 <li> (<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>), 413 (<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>) 414 <a href="http://c0reteam.org">C0RE Team</a>: CVE-2016-3844</li> 415 <li> (<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>), 416 - (<a href="mailto:computernik (a] gmail.com">computernik (a] gmail.com</a>) 417 <a href="http://c0reteam.org">C0RE Team</a>: CVE-2016-3857</li> 418 <li> Google: CVE-2016-3840</li> 419 <li> (<a href="http://weibo.com/u/5622360291">Vinc3nt4H</a>) <a href="http://jaq.alibaba.com">Alibaba Mobile Security Team</a>: CVE-2016-3822</li> 420 <li> (<a href="https://twitter.com/returnsme">@returnsme</a>) KeenLab 421 (<a href="https://twitter.com/keen_lab">@keen_lab</a>), Tencent: CVE-2016-3842</li> 422 <li> Google: CVE-2016-2497</li> 423 <li> Google Dynamic Tools: CVE-2016-3841</li> 424 <li> (<a href="https://twitter.com/chengjia4574">@chengjia4574</a>) 425 pjf (<a href="http://weibo.com/jfpan">weibo.com/jfpan</a>) IceSword Lab, <a href="http://www.360.com">Qihoo 360 426 Technology Co. Ltd</a>.: CVE-2016-3852</li> 427 <li> () (<a href="https://twitter.com/oldfresher">@oldfresher</a>) 428 Alpha Team, <a href="http://www.360.com">Qihoo 360 Technology Co. Ltd</a>.: 429 CVE-2016-3834</li> 430 <li> (<a href="https://twitter.com/K3vinLuSec">@K3vinLuSec</a>) 431 Fortinet's FortiGuard Labs: CVE-2016-3820</li> 432 <li> (), DS Uppi: CVE-2016-3826</li> 433 <li> (<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>), (<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>) 434 <a href="http://c0reteam.org">C0RE Team</a>: CVE-2016-3823, CVE-2016-3835, 435 CVE-2016-3824, CVE-2016-3825</li> 436 <li> (<a href="https://twitter.com/natecray">@natecray</a>) 437 Tesla Motors Product Security Team: CVE-2016-3847, CVE-2016-3848</li> 438 <li> , , , Alibaba 439 Mobile Security Group: CVE-2016-3845</li> 440 <li> (<a href="https://twitter.com/heisecode">@heisecode</a>) Trend 441 Micro: CVE-2016-3849</li> 442 <li> (<a href="mailto:rayxcp (a] gmail.com">rayxcp (a] gmail.com</a>) <a href="http://www.wooyun.org/">WooYun TangLab</a>: CVE-2016-3846</li> 443 <li> (<a href="https://twitter.com/flanker_hqd">@Flanker_hqd</a>) 444 KeenLab (<a href="https://twitter.com/keen_lab">@keen_lab</a>), Tencent: 445 CVE-2016-3832</li> 446 <li> Google: CVE-2016-3839</li> 447 <li> (<a href="https://twitter.com/ad_ili_rai">@ad_ili_rai</a>) 448 <a href="http://www.isti.tu-berlin.de/security_in_telecommunications">Security in 449 Telecommunications</a>: CVE-2016-3831</li> 450 <li>Tom Rootjunky: CVE-2016-3853</li> 451 <li> : CVE-2016-3819</li> 452 <li> (<a href="https://twitter.com/sunblate">@sunblate</a>) 453 Alibaba Inc.: CVE-2016-3827, CVE-2016-3828, CVE-2016-3829</li> 454 <li> (<a href="http://weibo.com/wishlinux"></a>) (<a href="https://twitter.com/wish_wu">@wish_wu</a>) <a href="http://blog.trendmicro.com/trendlabs-security-intelligence/author/wishwu/">Trend 455 Micro Inc</a>.: CVE-2016-3843</li> 456 <li> (<a href="https://twitter.com/rudykewang">@Rudykewang</a>) 457 Xuanwu LAB, Tencent: CVE-2016-3836</li> 458 </ul> 459 <p> 460 Copperhead Security, 461 Google , 462 , CVE-2016-3843. 463 Grsecurity. 464 </p> 465 <h2 id="2016-08-01-security-patch-level-security-vulnerability-details"> 466 ( 2016-08-01)</h2> 467 <p> 468 469 <a href="#2016-08-01-security-patch-level-vulnerability-summary"> </a> : , 470 CVE, , , 471 Nexus AOSP ( ), 472 . , 473 , (, AOSP), 474 . 475 </p> 476 477 <h3 id="remote-code-execution-vulnerability-in-mediaserver"> 478 mediaserver</h3> 479 <p> 480 481 . - 482 mediaserver. 483 - , , 484 . 485 </p> 486 <p> 487 . 488 , MMS- 489 , . 490 </p> 491 <table> 492 <col width="18%"> 493 <col width="18%"> 494 <col width="10%"> 495 <col width="19%"> 496 <col width="17%"> 497 <col width="17%"> 498 <tr> 499 <th>CVE</th> 500 <th></th> 501 <th> </th> 502 <th> Nexus</th> 503 <th> AOSP</th> 504 <th> </th> 505 </tr> 506 <tr> 507 <td>CVE-2016-3819</td> 508 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/590d1729883f700ab905cdc9ad850f3ddd7e1f56"> 509 A-28533562</a></td> 510 <td></td> 511 <td> </td> 512 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 513 <td>2 2016.</td> 514 </tr> 515 <tr> 516 <td>CVE-2016-3820</td> 517 <td><a href="https://android.googlesource.com/platform/external/libavc/+/a78887bcffbc2995cf9ed72e0697acf560875e9e"> 518 A-28673410</a></td> 519 <td></td> 520 <td> </td> 521 <td>6.0, 6.0.1</td> 522 <td>6 2016.</td> 523 </tr> 524 <tr> 525 <td>CVE-2016-3821</td> 526 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/42a25c46b844518ff0d0b920c20c519e1417be69"> 527 A-28166152</a></td> 528 <td></td> 529 <td> </td> 530 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 531 <td> Google</td> 532 </tr> 533 </table> 534 535 <h3 id="remote-code-execution-vulnerability-in-libjhead"> 536 libjhead</h3> 537 <p> 538 . - , . 539 </p> 540 <table> 541 <col width="18%"> 542 <col width="18%"> 543 <col width="10%"> 544 <col width="19%"> 545 <col width="17%"> 546 <col width="17%"> 547 <tr> 548 <th>CVE</th> 549 <th></th> 550 <th> </th> 551 <th> Nexus</th> 552 <th> AOSP</th> 553 <th> </th> 554 </tr> 555 <tr> 556 <td>CVE-2016-3822</td> 557 <td><a href="https://android.googlesource.com/platform/external/jhead/+/bae671597d47b9e5955c4cb742e468cebfd7ca6b"> 558 A-28868315</a></td> 559 <td></td> 560 <td> </td> 561 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 562 <td> Google</td> 563 </tr> 564 </table> 565 566 <h3 id="elevation-of-privilege-vulnerability-in-mediaserver"> 567 mediaserver</h3> 568 <p> 569 570 . 571 , , 572 . 573 </p> 574 <table> 575 <col width="18%"> 576 <col width="18%"> 577 <col width="10%"> 578 <col width="19%"> 579 <col width="17%"> 580 <col width="17%"> 581 <tr> 582 <th>CVE</th> 583 <th></th> 584 <th> </th> 585 <th> Nexus</th> 586 <th> AOSP</th> 587 <th> </th> 588 </tr> 589 <tr> 590 <td>CVE-2016-3823</td> 591 <td><a href="https://android.googlesource.com/platform/hardware/qcom/media/+/7558d03e6498e970b761aa44fff6b2c659202d95"> 592 A-28815329</a></td> 593 <td></td> 594 <td> </td> 595 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 596 <td>17 2016.</td> 597 </tr> 598 <tr> 599 <td>CVE-2016-3824</td> 600 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/b351eabb428c7ca85a34513c64601f437923d576"> 601 A-28816827</a></td> 602 <td></td> 603 <td> </td> 604 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 605 <td>17 2016.</td> 606 </tr> 607 <tr> 608 <td>CVE-2016-3825</td> 609 <td><a href="https://android.googlesource.com/platform/hardware/qcom/media/+/d575ecf607056d8e3328ef2eb56c52e98f81e87d"> 610 A-28816964</a></td> 611 <td></td> 612 <td> </td> 613 <td>5.0.2, 5.1.1, 6.0, 6.0.1</td> 614 <td>17 2016.</td> 615 </tr> 616 <tr> 617 <td>CVE-2016-3826</td> 618 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/9cd8c3289c91254b3955bd7347cf605d6fa032c6"> 619 A-29251553</a></td> 620 <td></td> 621 <td> </td> 622 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 623 <td>9 2016.</td> 624 </tr> 625 </table> 626 627 <h3 id="denial-of-service-vulnerability-in-mediaserver"> 628 mediaserver</h3> 629 <p> 630 631 . 632 , 633 . 634 </p> 635 <table> 636 <col width="18%"> 637 <col width="18%"> 638 <col width="10%"> 639 <col width="19%"> 640 <col width="17%"> 641 <col width="17%"> 642 <tr> 643 <th>CVE</th> 644 <th></th> 645 <th> </th> 646 <th> Nexus</th> 647 <th> AOSP</th> 648 <th> </th> 649 </tr> 650 <tr> 651 <td>CVE-2016-3827</td> 652 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/a4567c66f4764442c6cb7b5c1858810194480fb5"> 653 A-28816956</a></td> 654 <td></td> 655 <td> </td> 656 <td>6.0.1</td> 657 <td>16 2016.</td> 658 </tr> 659 <tr> 660 <td>CVE-2016-3828</td> 661 <td><a href="https://android.googlesource.com/platform/external/libavc/+/7554755536019e439433c515eeb44e701fb3bfb2"> 662 A-28835995</a></td> 663 <td></td> 664 <td> </td> 665 <td>6.0, 6.0.1</td> 666 <td>17 2016.</td> 667 </tr> 668 <tr> 669 <td>CVE-2016-3829</td> 670 <td><a href="https://android.googlesource.com/platform/external/libavc/+/326fe991a4b7971e8aeaf4ac775491dd8abd85bb"> 671 A-29023649</a></td> 672 <td></td> 673 <td> </td> 674 <td>6.0, 6.0.1</td> 675 <td>27 2016.</td> 676 </tr> 677 <tr> 678 <td>CVE-2016-3830</td> 679 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/8e438e153f661e9df8db0ac41d587e940352df06"> 680 A-29153599</a></td> 681 <td></td> 682 <td> </td> 683 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 684 <td> Google</td> 685 </tr> 686 </table> 687 688 <h3 id="denial-of-service-vulnerability-in-system-clock"> 689 </h3> 690 <p> 691 . 692 , 693 . 694 </p> 695 <table> 696 <col width="18%"> 697 <col width="18%"> 698 <col width="10%"> 699 <col width="19%"> 700 <col width="17%"> 701 <col width="17%"> 702 <tr> 703 <th>CVE</th> 704 <th></th> 705 <th> </th> 706 <th> Nexus</th> 707 <th> AOSP</th> 708 <th> </th> 709 </tr> 710 <tr> 711 <td>CVE-2016-3831</td> 712 <td><a href="https://android.googlesource.com/platform/frameworks/opt/telephony/+/f47bc301ccbc5e6d8110afab5a1e9bac1d4ef058"> 713 A-29083635</a></td> 714 <td></td> 715 <td> </td> 716 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 717 <td>31 2016.</td> 718 </tr> 719 </table> 720 721 <h3 id="elevation-of-privilege-vulnerability-in-framework-apis"> 722 Framework API</h3> 723 <p> 724 , 725 . , . 726 </p> 727 <table> 728 <col width="18%"> 729 <col width="17%"> 730 <col width="10%"> 731 <col width="19%"> 732 <col width="18%"> 733 <col width="17%"> 734 <tr> 735 <th>CVE</th> 736 <th></th> 737 <th> </th> 738 <th> Nexus</th> 739 <th> AOSP</th> 740 <th> </th> 741 </tr> 742 <tr> 743 <td>CVE-2016-3832</td> 744 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/e7cf91a198de995c7440b3b64352effd2e309906"> 745 A-28795098</a></td> 746 <td></td> 747 <td> </td> 748 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 749 <td>15 2016.</td> 750 </tr> 751 </table> 752 753 <h3 id="elevation-of-privilege-vulnerability-in-shell"> 754 </h3> 755 <p> 756 757 (, ). - . 758 </p> 759 <table> 760 <col width="18%"> 761 <col width="17%"> 762 <col width="10%"> 763 <col width="19%"> 764 <col width="17%"> 765 <col width="18%"> 766 <tr> 767 <th>CVE</th> 768 <th></th> 769 <th> </th> 770 <th> Nexus</th> 771 <th> AOSP</th> 772 <th> </th> 773 </tr> 774 <tr> 775 <td>CVE-2016-3833</td> 776 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/01875b0274e74f97edf6b0d5c92de822e0555d03"> 777 A-29189712</a> 778 [<a href="https://android.googlesource.com/platform/frameworks/base/+/4e4743a354e26467318b437892a9980eb9b8328a">2</a>]</td> 779 <td></td> 780 <td> </td> 781 <td>5.0.2, 5.1.1, 6.0, 6.0.1</td> 782 <td> Google</td> 783 </tr> 784 </table> 785 786 <h3 id="information-disclosure-vulnerability-in-openssl"> 787 OpenSSL</h3> 788 <p> 789 790 . - . 791 </p> 792 <table> 793 <col width="18%"> 794 <col width="18%"> 795 <col width="10%"> 796 <col width="19%"> 797 <col width="17%"> 798 <col width="17%"> 799 <tr> 800 <th>CVE</th> 801 <th></th> 802 <th> </th> 803 <th> Nexus</th> 804 <th> AOSP</th> 805 <th> </th> 806 </tr> 807 <tr> 808 <td>CVE-2016-2842</td> 809 <td>A-29060514</td> 810 <td>*</td> 811 <td> </td> 812 <td>4.4.4, 5.0.2, 5.1.1</td> 813 <td>29 2016.</td> 814 </tr> 815 </table> 816 <p>* Nexus, 817 .</p> 818 819 <h3 id="information-disclosure-vulnerability-in-camera-apis"> 820 API </h3> 821 <p> 822 . - . 823 </p> 824 <table> 825 <col width="18%"> 826 <col width="17%"> 827 <col width="10%"> 828 <col width="19%"> 829 <col width="18%"> 830 <col width="17%"> 831 <tr> 832 <th>CVE</th> 833 <th></th> 834 <th> </th> 835 <th> Nexus</th> 836 <th> AOSP</th> 837 <th> </th> 838 </tr> 839 <tr> 840 <td>CVE-2016-3834</td> 841 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/1f24c730ab6ca5aff1e3137b340b8aeaeda4bdbc"> 842 A-28466701</a></td> 843 <td></td> 844 <td> </td> 845 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 846 <td>28 2016.</td> 847 </tr> 848 </table> 849 850 <h3 id="information-disclosure-vulnerability-in-mediaserver"> 851 mediaserver</h3> 852 <p> 853 854 . - . 855 </p> 856 <table> 857 <col width="18%"> 858 <col width="17%"> 859 <col width="10%"> 860 <col width="19%"> 861 <col width="18%"> 862 <col width="17%"> 863 <tr> 864 <th>CVE</th> 865 <th></th> 866 <th> </th> 867 <th> Nexus</th> 868 <th> AOSP</th> 869 <th> </th> 870 </tr> 871 <tr> 872 <td>CVE-2016-3835</td> 873 <td><a href="https://android.googlesource.com/platform/hardware/qcom/media/+/7558d03e6498e970b761aa44fff6b2c659202d95"> 874 A-28920116</a></td> 875 <td></td> 876 <td> </td> 877 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 878 <td>23 2016.</td> 879 </tr> 880 </table> 881 882 <h3 id="information-disclosure-vulnerability-in-surfaceflinger"> 883 SurfaceFlinger</h3> 884 <p> 885 886 . - . 887 </p> 888 <table> 889 <col width="18%"> 890 <col width="18%"> 891 <col width="10%"> 892 <col width="19%"> 893 <col width="17%"> 894 <col width="17%"> 895 <tr> 896 <th>CVE</th> 897 <th></th> 898 <th> </th> 899 <th> Nexus</th> 900 <th> AOSP</th> 901 <th> </th> 902 </tr> 903 <tr> 904 <td>CVE-2016-3836</td> 905 <td><a href="https://android.googlesource.com/platform/frameworks/native/+/3bcf0caa8cca9143443814b36676b3bae33a4368"> 906 A-28592402</a></td> 907 <td></td> 908 <td> </td> 909 <td>5.0.2, 5.1.1, 6.0, 6.0.1</td> 910 <td>4 2016.</td> 911 </tr> 912 </table> 913 914 <h3 id="information-disclosure-vulnerability-in-wi-fi"> 915 Wi-Fi</h3> 916 <p> 917 918 . - . 919 </p> 920 <table> 921 <col width="18%"> 922 <col width="18%"> 923 <col width="10%"> 924 <col width="19%"> 925 <col width="17%"> 926 <col width="17%"> 927 <tr> 928 <th>CVE</th> 929 <th></th> 930 <th> </th> 931 <th> Nexus</th> 932 <th> AOSP</th> 933 <th> </th> 934 </tr> 935 <tr> 936 <td>CVE-2016-3837</td> 937 <td><a href="https://android.googlesource.com/platform/frameworks/opt/net/wifi/+/a209ff12ba9617c10550678ff93d01fb72a33399"> 938 A-28164077</a></td> 939 <td></td> 940 <td> </td> 941 <td>5.0.2, 5.1.1, 6.0, 6.0.1</td> 942 <td> Google</td> 943 </tr> 944 </table> 945 946 <h3 id="denial-of-service-vulnerability-in-system-ui"> 947 </h3> 948 <p> 949 950 911 . , 951 . 952 </p> 953 <table> 954 <col width="18%"> 955 <col width="18%"> 956 <col width="10%"> 957 <col width="19%"> 958 <col width="17%"> 959 <col width="17%"> 960 <tr> 961 <th>CVE</th> 962 <th></th> 963 <th> </th> 964 <th> Nexus</th> 965 <th> AOSP</th> 966 <th> </th> 967 </tr> 968 <tr> 969 <td>CVE-2016-3838</td> 970 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/468651c86a8adb7aa56c708d2348e99022088af3"> 971 A-28761672</a></td> 972 <td></td> 973 <td> </td> 974 <td>6.0, 6.0.1</td> 975 <td> Google</td> 976 </tr> 977 </table> 978 979 <h3 id="denial-of-service-vulnerability-in-bluetooth"> 980 Bluetooth</h3> 981 <p> 982 983 911 Bluetooth. 984 , 985 . 986 </p> 987 <table> 988 <col width="18%"> 989 <col width="17%"> 990 <col width="10%"> 991 <col width="19%"> 992 <col width="18%"> 993 <col width="17%"> 994 <tr> 995 <th>CVE</th> 996 <th></th> 997 <th> </th> 998 <th> Nexus</th> 999 <th> AOSP</th> 1000 <th> </th> 1001 </tr> 1002 <tr> 1003 <td>CVE-2016-3839</td> 1004 <td><a href="https://android.googlesource.com/platform/system/bt/+/472271b153c5dc53c28beac55480a8d8434b2d5c"> 1005 A-28885210</a></td> 1006 <td></td> 1007 <td> </td> 1008 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 1009 <td> Google</td> 1010 </tr> 1011 </table> 1012 <h2 id="2016-08-05-security-patch-level-vulnerability-details"> 1013 ( 2016-08-05)</h2> 1014 <p> 1015 1016 <a href="#2016-08-05-security-patch-level-vulnerability-summary"> </a> : , 1017 CVE, , , 1018 Nexus AOSP ( ), 1019 . , 1020 , (, AOSP), 1021 . 1022 </p> 1023 1024 <h3 id="remote-code-execution-vulnerability-in-qualcomm-wi-fi-driver"> 1025 Wi-Fi- Qualcomm</h3> 1026 <p> 1027 1028 . 1029 , 1030 - . 1031 </p> 1032 <table> 1033 <col width="19%"> 1034 <col width="20%"> 1035 <col width="10%"> 1036 <col width="23%"> 1037 <col width="17%"> 1038 <tr> 1039 <th>CVE</th> 1040 <th></th> 1041 <th> </th> 1042 <th> Nexus</th> 1043 <th> </th> 1044 </tr> 1045 <tr> 1046 <td>CVE-2014-9902</td> 1047 <td>A-28668638 1048 <p> 1049 <a href="https://us.codeaurora.org/cgit/quic/la//platform/vendor/qcom-opensource/wlan/prima/commit/?id=3b1c44a3a7129dc25abe2c23543f6f66c59e8f50"> 1050 QC-CR#553937</a><br> 1051 <a href="https://us.codeaurora.org/cgit/quic/la//platform/vendor/qcom-opensource/wlan/prima/commit/?id=3b1c44a3a7129dc25abe2c23543f6f66c59e8f50"> 1052 QC-CR#553941</a> 1053 </p> 1054 </td> 1055 <td></td> 1056 <td>Nexus7 (2013)</td> 1057 <td>31 2014.</td> 1058 </tr> 1059 </table> 1060 1061 <h3 id="remote-code-execution-vulnerability-in-conscrypt"> Conscrypt</h3> 1062 <p> 1063 1064 . 1065 - 1066 . 1067 </p> 1068 <table> 1069 <col width="18%"> 1070 <col width="18%"> 1071 <col width="10%"> 1072 <col width="19%"> 1073 <col width="17%"> 1074 <col width="17%"> 1075 <tr> 1076 <th>CVE</th> 1077 <th></th> 1078 <th> </th> 1079 <th> Nexus</th> 1080 <th> AOSP</th> 1081 <th> </th> 1082 </tr> 1083 <tr> 1084 <td>CVE-2016-3840</td> 1085 <td><a href="https://android.googlesource.com/platform/external/conscrypt/+/5af5e93463f4333187e7e35f3bd2b846654aa214"> 1086 A-28751153</a></td> 1087 <td></td> 1088 <td> </td> 1089 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 1090 <td> Google</td> 1091 </tr> 1092 </table> 1093 1094 <h3 id="elevation-of-privilege-vulnerability-in-qualcomm-components"> 1095 Qualcomm</h3> 1096 <p> 1097 , 1098 Qualcomm, , , 1099 , , . 1100 </p> 1101 <p> 1102 , 1103 - . , 1104 . 1105 </p> 1106 <table> 1107 <col width="19%"> 1108 <col width="20%"> 1109 <col width="10%"> 1110 <col width="23%"> 1111 <col width="17%"> 1112 <tr> 1113 <th>CVE</th> 1114 <th></th> 1115 <th> </th> 1116 <th> Nexus</th> 1117 <th> </th> 1118 </tr> 1119 <tr> 1120 <td>CVE-2014-9863</td> 1121 <td>A-28768146 1122 <p> 1123 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=75eac48a48562f819f50eeff8369b296d89102d7"> 1124 QC-CR#549470</a> 1125 </p> 1126 </td> 1127 <td></td> 1128 <td>Nexus5, Nexus7 (2013)</td> 1129 <td>30 2014.</td> 1130 </tr> 1131 <tr> 1132 <td>CVE-2014-9864</td> 1133 <td>A-28747998 1134 <p> 1135 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=a1124defc680055e2f2a8c8e3da4a94ca2ec842e"> 1136 QC-CR#561841</a> 1137 </p></td> 1138 <td></td> 1139 <td>Nexus5, Nexus7 (2013)</td> 1140 <td>27 2014.</td> 1141 </tr> 1142 <tr> 1143 <td>CVE-2014-9865</td> 1144 <td>A-28748271 1145 <p> 1146 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=e65a876a155de945e306f2726f3a557415e6044e"> 1147 QC-CR#550013</a> 1148 </p> 1149 </td> 1150 <td></td> 1151 <td>Nexus5, Nexus7 (2013)</td> 1152 <td>27 2014.</td> 1153 </tr> 1154 <tr> 1155 <td>CVE-2014-9866</td> 1156 <td>A-28747684 1157 <p> 1158 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=8e6daae70422ad35146a87700e6634a747d1ff5d"> 1159 QC-CR#511358</a> 1160 </p> 1161 </td> 1162 <td></td> 1163 <td>Nexus5, Nexus7 (2013)</td> 1164 <td>31 2014.</td> 1165 </tr> 1166 <tr> 1167 <td>CVE-2014-9867</td> 1168 <td>A-28749629 1169 <p> 1170 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=322c518689a7f820165ca4c5d6b750b02ac34665"> 1171 QC-CR#514702</a> 1172 </p> 1173 </td> 1174 <td></td> 1175 <td>Nexus5, Nexus7 (2013)</td> 1176 <td>31 2014.</td> 1177 </tr> 1178 <tr> 1179 <td>CVE-2014-9868</td> 1180 <td>A-28749721 1181 <p> 1182 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=1f274b74c00187ba1c379971503f51944148b22f"> 1183 QC-CR#511976</a> 1184 </p> 1185 </td> 1186 <td></td> 1187 <td>Nexus5, Nexus7 (2013)</td> 1188 <td>31 2014.</td> 1189 </tr> 1190 <tr> 1191 <td>CVE-2014-9869</td> 1192 <td>A-28749728 1193 <p> 1194 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=8d1f7531ff379befc129a6447642061e87562bca"> 1195 QC-CR#514711</a> 1196 [<a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=7a26934e4196b4aa61944081989189d59b108768">2</a>] 1197 </p> 1198 </td> 1199 <td></td> 1200 <td>Nexus5, Nexus7 (2013)</td> 1201 <td>31 2014.</td> 1202 </tr> 1203 <tr> 1204 <td>CVE-2014-9870</td> 1205 <td>A-28749743 1206 <p> 1207 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm/commit/?id=4f57652fcd2dce7741f1ac6dc0417e2f265cd1de"> 1208 QC-CR#561044</a> 1209 </p> 1210 </td> 1211 <td></td> 1212 <td>Nexus5, Nexus7 (2013)</td> 1213 <td>31 2014.</td> 1214 </tr> 1215 <tr> 1216 <td>CVE-2014-9871</td> 1217 <td>A-28749803 1218 <p> 1219 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=f615e40c706708f74cd826d5b19c63025f54c041"> 1220 QC-CR#514717</a> 1221 </p> 1222 </td> 1223 <td></td> 1224 <td>Nexus5, Nexus7 (2013)</td> 1225 <td>31 2014.</td> 1226 </tr> 1227 <tr> 1228 <td>CVE-2014-9872</td> 1229 <td>A-28750155 1230 <p> 1231 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=fc787ebd71fa231cc7dd2a0d5f2208da0527096a"> 1232 QC-CR#590721</a> 1233 </p> 1234 </td> 1235 <td></td> 1236 <td>Nexus5</td> 1237 <td>31 2014.</td> 1238 </tr> 1239 <tr> 1240 <td>CVE-2014-9873</td> 1241 <td>A-28750726 1242 <p> 1243 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm/commit/?id=ef29ae1d40536fef7fb95e4d5bb5b6b57bdf9420"> 1244 QC-CR#556860</a> 1245 </p> 1246 </td> 1247 <td></td> 1248 <td>Nexus5, Nexus7 (2013)</td> 1249 <td>31 2014.</td> 1250 </tr> 1251 <tr> 1252 <td>CVE-2014-9874</td> 1253 <td>A-28751152 1254 <p> 1255 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm/commit/?id=56ff68b1f93eaf22e5e0284648fd862dc08c9236"> 1256 QC-CR#563086</a> 1257 </p> 1258 </td> 1259 <td></td> 1260 <td>Nexus5, Nexus5X, Nexus6P, Nexus7 (2013)</td> 1261 <td>31 2014.</td> 1262 </tr> 1263 <tr> 1264 <td>CVE-2014-9875</td> 1265 <td>A-28767589 1266 <p> 1267 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=b77c694b88a994d077316c157168c710696f8805"> 1268 QC-CR#483310</a> 1269 </p> 1270 </td> 1271 <td></td> 1272 <td>Nexus7 (2013)</td> 1273 <td>30 2014.</td> 1274 </tr> 1275 <tr> 1276 <td>CVE-2014-9876</td> 1277 <td>A-28767796 1278 <p> 1279 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=7efd393ca08ac74b2e3d2639b0ad77da139e9139"> 1280 QC-CR#483408</a> 1281 </p> 1282 </td> 1283 <td></td> 1284 <td>Nexus5, Nexus5X, Nexus6, Nexus6P, Nexus7 (2013)</td> 1285 <td>30 2014.</td> 1286 </tr> 1287 <tr> 1288 <td>CVE-2014-9877</td> 1289 <td>A-28768281 1290 <p> 1291 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=f0c0112a6189747a3f24f20210157f9974477e03"> 1292 QC-CR#547231</a> 1293 </p> 1294 </td> 1295 <td></td> 1296 <td>Nexus5, Nexus7 (2013)</td> 1297 <td>30 2014.</td> 1298 </tr> 1299 <tr> 1300 <td>CVE-2014-9878</td> 1301 <td>A-28769208 1302 <p> 1303 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=96a62c1de93a44e6ca69514411baf4b3d67f6dee"> 1304 QC-CR#547479</a> 1305 </p> 1306 </td> 1307 <td></td> 1308 <td>Nexus5</td> 1309 <td>30 2014.</td> 1310 </tr> 1311 <tr> 1312 <td>CVE-2014-9879</td> 1313 <td>A-28769221 1314 <p> 1315 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=ecc8116e1befb3a764109f47ba0389434ddabbe4"> 1316 QC-CR#524490</a> 1317 </p> 1318 </td> 1319 <td></td> 1320 <td>Nexus5</td> 1321 <td>30 2014.</td> 1322 </tr> 1323 <tr> 1324 <td>CVE-2014-9880</td> 1325 <td>A-28769352 1326 <p> 1327 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=f2a3f5e63e15e97a66e8f5a300457378bcb89d9c"> 1328 QC-CR#556356</a> 1329 </p> 1330 </td> 1331 <td></td> 1332 <td>Nexus7 (2013)</td> 1333 <td>30 2014.</td> 1334 </tr> 1335 <tr> 1336 <td>CVE-2014-9881</td> 1337 <td>A-28769368 1338 <p> 1339 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=ba3f404a10b3bb7e9c20440837df3cd35c5d0c4b"> 1340 QC-CR#539008</a> 1341 </p> 1342 </td> 1343 <td></td> 1344 <td>Nexus7 (2013)</td> 1345 <td>30 2014.</td> 1346 </tr> 1347 <tr> 1348 <td>CVE-2014-9882</td> 1349 <td>A-28769546 1350 <p> 1351 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=3a4ebaac557a9e3fbcbab4561650abac8298a4d9"> 1352 QC-CR#552329</a> 1353 [<a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=0f6afe815b1b3f920f3502be654c848bdfe5ef38">2</a>]</p> 1354 </td> 1355 <td></td> 1356 <td>Nexus7 (2013)</td> 1357 <td>30 2014.</td> 1358 </tr> 1359 <tr> 1360 <td>CVE-2014-9883</td> 1361 <td>A-28769912 1362 <p> 1363 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=cbf79a67348e48557c0d0bb9bc58391b3f84bc46"> 1364 QC-CR#565160</a> 1365 </p> 1366 </td> 1367 <td></td> 1368 <td>Nexus5, Nexus7 (2013)</td> 1369 <td>30 2014.</td> 1370 </tr> 1371 <tr> 1372 <td>CVE-2014-9884</td> 1373 <td>A-28769920 1374 <p> 1375 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=f4948193c46f75e16d4382c4472485ab12b7bd17"> 1376 QC-CR#580740</a> 1377 </p> 1378 </td> 1379 <td></td> 1380 <td>Nexus5, Nexus7 (2013)</td> 1381 <td>30 2014.</td> 1382 </tr> 1383 <tr> 1384 <td>CVE-2014-9885</td> 1385 <td>A-28769959 1386 <p> 1387 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=a1d5a4cbd5aa8656bc23b40c7cc43941e10f89c3"> 1388 QC-CR#562261</a> 1389 </p> 1390 </td> 1391 <td></td> 1392 <td>Nexus5</td> 1393 <td>30 2014.</td> 1394 </tr> 1395 <tr> 1396 <td>CVE-2014-9886</td> 1397 <td>A-28815575 1398 <p> 1399 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=80be0e249c906704085d13d4ae446f73913fc225"> 1400 QC-CR#555030</a> 1401 </p> 1402 </td> 1403 <td></td> 1404 <td>Nexus5, Nexus7 (2013)</td> 1405 <td>30 2014.</td> 1406 </tr> 1407 <tr> 1408 <td>CVE-2014-9887</td> 1409 <td>A-28804057 1410 <p> 1411 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm-3.10/commit/?id=b1bc773cf61265e0e3871b2e52bd6b3270ffc6c3"> 1412 QC-CR#636633</a> 1413 </p> 1414 </td> 1415 <td></td> 1416 <td>Nexus5, Nexus7 (2013)</td> 1417 <td>3 2014.</td> 1418 </tr> 1419 <tr> 1420 <td>CVE-2014-9888</td> 1421 <td>A-28803642 1422 <p> 1423 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=f044936caab337a4384fbfe64a4cbae33c7e22a1"> 1424 QC-CR#642735</a> 1425 </p> 1426 </td> 1427 <td></td> 1428 <td>Nexus5, Nexus7 (2013)</td> 1429 <td>29 2014.</td> 1430 </tr> 1431 <tr> 1432 <td>CVE-2014-9889</td> 1433 <td>A-28803645 1434 <p> 1435 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit?id=f4e2f2d4ef58c88340774099dff3324ec8baa24a"> 1436 QC-CR#674712</a> 1437 </p></td> 1438 <td></td> 1439 <td>Nexus5</td> 1440 <td>31 2014.</td> 1441 </tr> 1442 <tr> 1443 <td>CVE-2015-8937</td> 1444 <td>A-28803962 1445 <p> 1446 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm-3.10/commit/?id=c66202b9288cc4ab1c38f7c928fa1005c285c170"> 1447 QC-CR#770548</a> 1448 </p> 1449 </td> 1450 <td></td> 1451 <td>Nexus5, Nexus6, Nexus7 (2013)</td> 1452 <td>31 2015.</td> 1453 </tr> 1454 <tr> 1455 <td>CVE-2015-8938</td> 1456 <td>A-28804030 1457 <p> 1458 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm-3.10/commit/?id=51c39420e3a49d1a7f05a77c64369b7623088238"> 1459 QC-CR#766022</a></p></td> 1460 <td></td> 1461 <td>Nexus6</td> 1462 <td>31 2015.</td> 1463 </tr> 1464 <tr> 1465 <td>CVE-2015-8939</td> 1466 <td>A-28398884 1467 <p> 1468 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=884cff808385788fa620833c7e2160a4b98a21da"> 1469 QC-CR#779021</a></p></td> 1470 <td></td> 1471 <td>Nexus7 (2013)</td> 1472 <td>30 2015.</td> 1473 </tr> 1474 <tr> 1475 <td>CVE-2015-8940</td> 1476 <td>A-28813987 1477 <p> 1478 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm-3.10/commit/?id=e13ebd727d161db7003be6756e61283dce85fa3b"> 1479 QC-CR#792367</a></p></td> 1480 <td></td> 1481 <td>Nexus6</td> 1482 <td>30 2015.</td> 1483 </tr> 1484 <tr> 1485 <td>CVE-2015-8941</td> 1486 <td>A-28814502 1487 <p> 1488 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm-3.10/commit/?id=d4d4d1dd626b21e68e78395bab3382c1eb04877f"> 1489 QC-CR#792473</a></p></td> 1490 <td></td> 1491 <td>Nexus6, Nexus7 (2013)</td> 1492 <td>29 2015.</td> 1493 </tr> 1494 <tr> 1495 <td>CVE-2015-8942</td> 1496 <td>A-28814652 1497 <p> 1498 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm-3.10/commit/?id=9ec380c06bbd79493828fcc3c876d8a53fd3369f"> 1499 QC-CR#803246</a></p></td> 1500 <td></td> 1501 <td>Nexus6</td> 1502 <td>30 2015.</td> 1503 </tr> 1504 <tr> 1505 <td>CVE-2015-8943</td> 1506 <td>A-28815158 1507 <p> 1508 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm/commit/?id=ad376e4053b87bd58f62f45b6df2c5544bc21aee"> 1509 QC-CR#794217</a></p> 1510 <p> 1511 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm/commit/?id=ad376e4053b87bd58f62f45b6df2c5544bc21aee"> 1512 QC-CR#836226</a></p></td> 1513 <td></td> 1514 <td>Nexus5</td> 1515 <td>11 2015.</td> 1516 </tr> 1517 <tr> 1518 <td>CVE-2014-9891</td> 1519 <td>A-28749283 1520 <p> 1521 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=c10f03f191307f7114af89933f2d91b830150094"> 1522 QC-CR#550061</a></p></td> 1523 <td></td> 1524 <td>Nexus5</td> 1525 <td>13 2014.</td> 1526 </tr> 1527 <tr> 1528 <td>CVE-2014-9890</td> 1529 <td>A-28770207 1530 <p> 1531 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm-3.10/commit/?id=14e0c8614d2715589583d8a95e33c422d110eb6f"> 1532 QC-CR#529177</a></p></td> 1533 <td></td> 1534 <td>Nexus5, Nexus7 (2013)</td> 1535 <td>2 2014.</td> 1536 </tr> 1537 </table> 1538 1539 <h3 id="elevation-of-privilege-vulnerability-in-kernel-networking-component"> 1540 </h3> 1541 <p> 1542 1543 . , 1544 - . , 1545 . 1546 </p> 1547 <table> 1548 <col width="19%"> 1549 <col width="20%"> 1550 <col width="10%"> 1551 <col width="23%"> 1552 <col width="17%"> 1553 <tr> 1554 <th>CVE</th> 1555 <th></th> 1556 <th> </th> 1557 <th> Nexus</th> 1558 <th> </th> 1559 </tr> 1560 <tr> 1561 <td>CVE-2015-2686</td> 1562 <td>A-28759139 1563 <p> 1564 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4de930efc23b92ddf88ce91c405ee645fe6e27ea"> 1565 Upstream kernel</a></p></td> 1566 <td></td> 1567 <td> </td> 1568 <td>23 2015.</td> 1569 </tr> 1570 <tr> 1571 <td>CVE-2016-3841</td> 1572 <td>A-28746669 1573 <p> 1574 <a href="https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=45f6fad84cc305103b28d73482b344d7f5b76f39"> 1575 Upstream kernel</a></p></td> 1576 <td></td> 1577 <td> </td> 1578 <td>3 2015.</td> 1579 </tr> 1580 </table> 1581 1582 <h3 id="elevation-of-privilege-vulnerability-in-qualcomm-gpu-driver"> 1583 Qualcomm </h3> 1584 <p> 1585 1586 . , 1587 - . , 1588 . 1589 </p> 1590 <table> 1591 <col width="19%"> 1592 <col width="20%"> 1593 <col width="10%"> 1594 <col width="23%"> 1595 <col width="17%"> 1596 <tr> 1597 <th>CVE</th> 1598 <th></th> 1599 <th> </th> 1600 <th> Nexus</th> 1601 <th> </th> 1602 </tr> 1603 <tr> 1604 <td>CVE-2016-2504</td> 1605 <td>A-28026365 1606 <p>QC-CR#1002974</p></td> 1607 <td></td> 1608 <td>Nexus5, Nexus5X, Nexus6, Nexus6P, Nexus7 (2013)</td> 1609 <td>5 2016.</td> 1610 </tr> 1611 <tr> 1612 <td>CVE-2016-3842</td> 1613 <td>A-28377352 1614 <p> 1615 QC-CR#1002974</p></td> 1616 <td></td> 1617 <td>Nexus5X, Nexus6, Nexus6P</td> 1618 <td>25 2016.</td> 1619 </tr> 1620 </table> 1621 <p> 1622 * . 1623 Nexus, <a href="https://developers.google.com/android/nexus/drivers"> </a>. 1624 </p> 1625 1626 1627 <h3 id="elevation-of-privilege-vulnerability-in-qualcomm-performance-component"> 1628 Qualcomm</h3> 1629 <p> 1630 1631 . , 1632 - . , 1633 . 1634 </p> 1635 <p class="note"> 1636 <strong>.</strong> 1637 A-29119870, . 1638 </p> 1639 <table> 1640 <col width="19%"> 1641 <col width="20%"> 1642 <col width="10%"> 1643 <col width="23%"> 1644 <col width="17%"> 1645 <tr> 1646 <th>CVE</th> 1647 <th></th> 1648 <th> </th> 1649 <th> Nexus</th> 1650 <th> </th> 1651 </tr> 1652 <tr> 1653 <td>CVE-2016-3843</td> 1654 <td>A-28086229* 1655 <p> 1656 QC-CR#1011071</p></td> 1657 <td></td> 1658 <td>Nexus5X, Nexus6P</td> 1659 <td>7 2016.</td> 1660 </tr> 1661 </table> 1662 <p> 1663 * . 1664 Nexus, <a href="https://developers.google.com/android/nexus/drivers"> </a>. 1665 </p> 1666 1667 <h3 id="elevation-of-privilege-vulnerability-in-kernel"> 1668 </h3> 1669 <p> 1670 1671 . , 1672 - . , 1673 . 1674 </p> 1675 <table> 1676 <col width="19%"> 1677 <col width="20%"> 1678 <col width="10%"> 1679 <col width="23%"> 1680 <col width="17%"> 1681 <tr> 1682 <th>CVE</th> 1683 <th></th> 1684 <th> </th> 1685 <th> Nexus</th> 1686 <th> </th> 1687 </tr> 1688 <tr> 1689 <td>CVE-2016-3857</td> 1690 <td>A-28522518*</td> 1691 <td></td> 1692 <td>Nexus7 (2013)</td> 1693 <td>2 2016.</td> 1694 </tr> 1695 </table> 1696 <p> 1697 * . 1698 Nexus, <a href="https://developers.google.com/android/nexus/drivers"> </a>. 1699 </p> 1700 1701 <h3 id="elevation-of-privilege-vulnerability-in-kernel-memory-system"> 1702 </h3> 1703 <p> 1704 1705 . , 1706 . 1707 </p> 1708 <table> 1709 <col width="19%"> 1710 <col width="20%"> 1711 <col width="10%"> 1712 <col width="23%"> 1713 <col width="17%"> 1714 <tr> 1715 <th>CVE</th> 1716 <th></th> 1717 <th> </th> 1718 <th> Nexus</th> 1719 <th> </th> 1720 </tr> 1721 <tr> 1722 <td>CVE-2015-1593</td> 1723 <td>A-29577822 1724 <p> 1725 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4e7c22d447bb6d7e37bfe39ff658486ae78e8d77"> 1726 Upstream kernel</a></p></td> 1727 <td></td> 1728 <td>NexusPlayer</td> 1729 <td>13 2015.</td> 1730 </tr> 1731 <tr> 1732 <td>CVE-2016-3672</td> 1733 <td>A-28763575 1734 <p> 1735 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8b8addf891de8a00e4d39fc32f93f7c5eb8feceb"> 1736 Upstream kernel</a></p></td> 1737 <td></td> 1738 <td>NexusPlayer</td> 1739 <td>25 2016.</td> 1740 </tr> 1741 </table> 1742 1743 <h3 id="elevation-of-privilege-vulnerability-in-kernel-sound-component"> 1744 </h3> 1745 <p> 1746 1747 . , 1748 . 1749 </p> 1750 <table> 1751 <col width="19%"> 1752 <col width="20%"> 1753 <col width="10%"> 1754 <col width="23%"> 1755 <col width="17%"> 1756 <tr> 1757 <th>CVE</th> 1758 <th></th> 1759 <th> </th> 1760 <th> Nexus</th> 1761 <th> </th> 1762 </tr> 1763 <tr> 1764 <td>CVE-2016-2544</td> 1765 <td>A-28695438 1766 <p> 1767 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3567eb6af614dac436c4b16a8d426f9faed639b3"> 1768 Upstream kernel</a></p></td> 1769 <td></td> 1770 <td> </td> 1771 <td>19 2016.</td> 1772 </tr> 1773 <tr> 1774 <td>CVE-2016-2546</td> 1775 <td>A-28694392 1776 <p> 1777 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=af368027a49a751d6ff4ee9e3f9961f35bb4fede"> 1778 Upstream kernel</a></p></td> 1779 <td></td> 1780 <td>Pixel</td> 1781 <td>19 2016.</td> 1782 </tr> 1783 <tr> 1784 <td>CVE-2014-9904</td> 1785 <td>A-28592007 1786 <p> 1787 <a href="https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6217e5ede23285ddfee10d2e4ba0cc2d4c046205"> 1788 Upstream kernel</a></p></td> 1789 <td></td> 1790 <td>Nexus5X, Nexus6, Nexus6P, Nexus9, NexusPlayer</td> 1791 <td>4 2016.</td> 1792 </tr> 1793 </table> 1794 1795 <h3 id="elevation-of-privilege-vulnerability-in-kernel-file-system"> 1796 </h3> 1797 <p> 1798 1799 . , 1800 . 1801 </p> 1802 <table> 1803 <col width="19%"> 1804 <col width="20%"> 1805 <col width="10%"> 1806 <col width="23%"> 1807 <col width="17%"> 1808 <tr> 1809 <th>CVE</th> 1810 <th></th> 1811 <th> </th> 1812 <th> Nexus</th> 1813 <th> </th> 1814 </tr> 1815 <tr> 1816 <td>CVE-2012-6701</td> 1817 <td>A-28939037 1818 <p> 1819 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a70b52ec1aaeaf60f4739edb1b422827cb6f3893"> 1820 Upstream kernel</a></p></td> 1821 <td></td> 1822 <td>Nexus5, Nexus7 (2013)</td> 1823 <td>2 2016.</td> 1824 </tr> 1825 </table> 1826 1827 <h3 id="elevation-of-privilege-vulnerability-in-mediaserver"> 1828 mediaserver</h3> 1829 <p> 1830 1831 . 1832 , , 1833 . 1834 </p> 1835 <table> 1836 <col width="19%"> 1837 <col width="20%"> 1838 <col width="10%"> 1839 <col width="23%"> 1840 <col width="17%"> 1841 <tr> 1842 <th>CVE</th> 1843 <th></th> 1844 <th> </th> 1845 <th> Nexus</th> 1846 <th> </th> 1847 </tr> 1848 <tr> 1849 <td>CVE-2016-3844</td> 1850 <td>A-28299517* 1851 <p> 1852 N-CVE-2016-3844</p></td> 1853 <td></td> 1854 <td>Nexus9, PixelC</td> 1855 <td>19 2016.</td> 1856 </tr> 1857 </table> 1858 <p> 1859 * . 1860 Nexus, <a href="https://developers.google.com/android/nexus/drivers"> </a>. 1861 </p> 1862 1863 <h3> </h3> 1864 <p> 1865 1866 . , 1867 . 1868 </p> 1869 <table> 1870 <col width="19%"> 1871 <col width="20%"> 1872 <col width="10%"> 1873 <col width="23%"> 1874 <col width="17%"> 1875 <tr> 1876 <th>CVE</th> 1877 <th></th> 1878 <th> </th> 1879 <th> Nexus</th> 1880 <th> </th> 1881 </tr> 1882 <tr> 1883 <td>CVE-2016-3845</td> 1884 <td>A-28399876*</td> 1885 <td></td> 1886 <td>Nexus5</td> 1887 <td>20 2016.</td> 1888 </tr> 1889 </table> 1890 <p> 1891 * . 1892 Nexus, <a href="https://developers.google.com/android/nexus/drivers"> </a>. 1893 </p> 1894 1895 <h3 id="elevation-of-privilege-vulnerability-in-serial-peripheral-interface-driver"> 1896 SPI</h3> 1897 <p> 1898 1899 . , 1900 . 1901 </p> 1902 <table> 1903 <col width="19%"> 1904 <col width="20%"> 1905 <col width="10%"> 1906 <col width="23%"> 1907 <col width="17%"> 1908 <tr> 1909 <th>CVE</th> 1910 <th></th> 1911 <th> </th> 1912 <th> Nexus</th> 1913 <th> </th> 1914 </tr> 1915 <tr> 1916 <td>CVE-2016-3846</td> 1917 <td>A-28817378*</td> 1918 <td></td> 1919 <td>Nexus5X, Nexus6P</td> 1920 <td>17 2016.</td> 1921 </tr> 1922 </table> 1923 <p> 1924 * . 1925 Nexus, <a href="https://developers.google.com/android/nexus/drivers"> </a>. 1926 </p> 1927 1928 <h3 id="elevation-of-privilege-vulnerability-in-nvidia-media-driver"> 1929 NVIDIA</h3> 1930 <p> 1931 1932 . , 1933 . 1934 </p> 1935 <table> 1936 <col width="19%"> 1937 <col width="20%"> 1938 <col width="10%"> 1939 <col width="23%"> 1940 <col width="17%"> 1941 <tr> 1942 <th>CVE</th> 1943 <th></th> 1944 <th> </th> 1945 <th> Nexus</th> 1946 <th> </th> 1947 </tr> 1948 <tr> 1949 <td>CVE-2016-3847</td> 1950 <td>A-28871433* 1951 <p> 1952 N-CVE-2016-3847</p></td> 1953 <td></td> 1954 <td>Nexus9</td> 1955 <td>19 2016.</td> 1956 </tr> 1957 <tr> 1958 <td>CVE-2016-3848</td> 1959 <td>A-28919417* 1960 <p> 1961 N-CVE-2016-3848</p></td> 1962 <td></td> 1963 <td>Nexus9</td> 1964 <td>19 2016.</td> 1965 </tr> 1966 </table> 1967 <p> 1968 * . 1969 Nexus, <a href="https://developers.google.com/android/nexus/drivers"> </a>. 1970 </p> 1971 1972 <h3 id="elevation-of-privilege-vulnerability-in-ion-driver"> 1973 ION</h3> 1974 <p> 1975 1976 . , 1977 . 1978 </p> 1979 <table> 1980 <col width="19%"> 1981 <col width="20%"> 1982 <col width="10%"> 1983 <col width="23%"> 1984 <col width="17%"> 1985 <tr> 1986 <th>CVE</th> 1987 <th></th> 1988 <th> </th> 1989 <th> Nexus</th> 1990 <th> </th> 1991 </tr> 1992 <tr> 1993 <td>CVE-2016-3849</td> 1994 <td>A-28939740</td> 1995 <td></td> 1996 <td>Pixel</td> 1997 <td>24 2016.</td> 1998 </tr> 1999 </table> 2000 <p> 2001 * . 2002 Nexus, <a href="https://developers.google.com/android/nexus/drivers"> </a>. 2003 </p> 2004 2005 <h3 id="elevation-of-privilege-vulnerability-in-qualcomm-bootloader"> Qualcomm</h3> 2006 <p> 2007 2008 . , 2009 . 2010 </p> 2011 <table> 2012 <col width="19%"> 2013 <col width="20%"> 2014 <col width="10%"> 2015 <col width="26%"> 2016 <col width="17%"> 2017 <tr> 2018 <th>CVE</th> 2019 <th></th> 2020 <th> </th> 2021 <th> Nexus</th> 2022 <th> </th> 2023 </tr> 2024 <tr> 2025 <td>CVE-2016-3850</td> 2026 <td>A-27917291 2027 <p> 2028 <a href="https://source.codeaurora.org/quic/la/kernel/lk/commit/?id=030371d45a9dcda4d0cc3c76647e753a1cc1b782"> 2029 QC-CR#945164</a></p></td> 2030 <td></td> 2031 <td>Nexus5, Nexus5X, Nexus6P, Nexus7 (2013)</td> 2032 <td>28 2016.</td> 2033 </tr> 2034 </table> 2035 2036 <h3 id="elevation-of-privilege-vulnerability-in-kernel-performance"> 2037 </h3> 2038 <p> 2039 2040 . , 2041 . 2042 </p> 2043 <p class="note"> 2044 <strong>.</strong> , 2045 , CVE-2016-3843 (A-28086229). 2046 </p> 2047 <table> 2048 <col width="18%"> 2049 <col width="18%"> 2050 <col width="10%"> 2051 <col width="19%"> 2052 <col width="17%"> 2053 <col width="17%"> 2054 <tr> 2055 <th>CVE</th> 2056 <th></th> 2057 <th> </th> 2058 <th> Nexus</th> 2059 <th> AOSP</th> 2060 <th> </th> 2061 </tr> 2062 <tr> 2063 <td>CVE-2016-3843</td> 2064 <td>A-29119870*</td> 2065 <td></td> 2066 <td> </td> 2067 <td>6.0, 6.1</td> 2068 <td> Google</td> 2069 </tr> 2070 </table> 2071 <p> 2072 * . 2073 Nexus, <a href="https://developers.google.com/android/nexus/drivers"> </a>. 2074 </p> 2075 2076 <h3 id="elevation-of-privilege-vulnerability-in-lg-electronics-bootloader"> 2077 LG Electronics</h3> 2078 <p> 2079 2080 . 2081 , 2082 . 2083 </p> 2084 <table> 2085 <col width="19%"> 2086 <col width="20%"> 2087 <col width="10%"> 2088 <col width="23%"> 2089 <col width="17%"> 2090 <tr> 2091 <th>CVE</th> 2092 <th></th> 2093 <th> </th> 2094 <th> Nexus</th> 2095 <th> </th> 2096 </tr> 2097 <tr> 2098 <td>CVE-2016-3851</td> 2099 <td>A-29189941*</td> 2100 <td></td> 2101 <td>Nexus5X</td> 2102 <td> Google</td> 2103 </tr> 2104 </table> 2105 <p> 2106 * . 2107 Nexus, <a href="https://developers.google.com/android/nexus/drivers"> </a>. 2108 </p> 2109 2110 <h3 id="information-disclosure-vulnerability-in-qualcomm-components"> 2111 Qualcomm</h3> 2112 <p> 2113 , 2114 Qualcomm, , , 2115 , , , , . 2116 </p> 2117 <p> 2118 , 2119 2120 . 2121 </p> 2122 <table> 2123 <col width="19%"> 2124 <col width="20%"> 2125 <col width="10%"> 2126 <col width="23%"> 2127 <col width="17%"> 2128 <tr> 2129 <th>CVE</th> 2130 <th></th> 2131 <th> </th> 2132 <th> Nexus</th> 2133 <th> </th> 2134 </tr> 2135 <tr> 2136 <td>CVE-2014-9892</td> 2137 <td>A-28770164 2138 <p> 2139 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm-3.10/commit/?id=591b1f455c32206704cbcf426bb30911c260c33e"> 2140 QC-CR#568717</a></p></td> 2141 <td></td> 2142 <td>Nexus5, Nexus7 (2013)</td> 2143 <td>2 2014.</td> 2144 </tr> 2145 <tr> 2146 <td>CVE-2015-8944</td> 2147 <td>A-28814213 2148 <p> 2149 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm-3.10/commit/?id=e758417e7c31b975c862aa55d0ceef28f3cc9104"> 2150 QC-CR#786116</a></p></td> 2151 <td></td> 2152 <td>Nexus6, Nexus7 (2013)</td> 2153 <td>30 2015.</td> 2154 </tr> 2155 <tr> 2156 <td>CVE-2014-9893</td> 2157 <td>A-28747914 2158 <p> 2159 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=bfc6eee5e30a0c20bc37495233506f4f0cc4991d"> 2160 QC-CR#542223</a></p></td> 2161 <td></td> 2162 <td>Nexus5</td> 2163 <td>27 2014.</td> 2164 </tr> 2165 <tr> 2166 <td>CVE-2014-9894</td> 2167 <td>A-28749708 2168 <p> 2169 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=83214431cd02674c70402b160b16b7427e28737f"> 2170 QC-CR#545736</a></p></td> 2171 <td></td> 2172 <td>Nexus7 (2013)</td> 2173 <td>31 2014.</td> 2174 </tr> 2175 <tr> 2176 <td>CVE-2014-9895</td> 2177 <td>A-28750150 2178 <p> 2179 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm/commit/?id=cc4b26575602e492efd986e9a6ffc4278cee53b5"> 2180 QC-CR#570757</a></p></td> 2181 <td></td> 2182 <td>Nexus5, Nexus7 (2013)</td> 2183 <td>31 2014.</td> 2184 </tr> 2185 <tr> 2186 <td>CVE-2014-9896</td> 2187 <td>A-28767593 2188 <p> 2189 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=89f2bcf1ac860b0b380e579e9a8764013f263a7d"> 2190 QC-CR#551795</a></p></td> 2191 <td></td> 2192 <td>Nexus5, Nexus7 (2013)</td> 2193 <td>30 2014.</td> 2194 </tr> 2195 <tr> 2196 <td>CVE-2014-9897</td> 2197 <td>A-28769856 2198 <p> 2199 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=46135d80765cb70a914f02a6e7b6abe64679ec86"> 2200 QC-CR#563752</a></p></td> 2201 <td></td> 2202 <td>Nexus5</td> 2203 <td>30 2014.</td> 2204 </tr> 2205 <tr> 2206 <td>CVE-2014-9898</td> 2207 <td>A-28814690 2208 <p> 2209 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=80be0e249c906704085d13d4ae446f73913fc225"> 2210 QC-CR#554575</a></p></td> 2211 <td></td> 2212 <td>Nexus5, Nexus7 (2013)</td> 2213 <td>30 2014.</td> 2214 </tr> 2215 <tr> 2216 <td>CVE-2014-9899</td> 2217 <td>A-28803909 2218 <p> 2219 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm-3.10/commit/?id=8756624acb1e090b45baf07b2a8d0ebde114000e"> 2220 QC-CR#547910</a></p></td> 2221 <td></td> 2222 <td>Nexus5</td> 2223 <td>3 2014.</td> 2224 </tr> 2225 <tr> 2226 <td>CVE-2014-9900</td> 2227 <td>A-28803952 2228 <p> 2229 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm-3.10/commit/?id=63c317dbee97983004dffdd9f742a20d17150071"> 2230 QC-CR#570754</a></p></td> 2231 <td></td> 2232 <td>Nexus5, Nexus7 (2013)</td> 2233 <td>8 2014.</td> 2234 </tr> 2235 </table> 2236 2237 <h3 id="information-disclosure-vulnerability-in-kernel-scheduler"> 2238 </h3> 2239 <p> 2240 2241 . 2242 - 2243 . 2244 </p> 2245 <table> 2246 <col width="19%"> 2247 <col width="20%"> 2248 <col width="10%"> 2249 <col width="23%"> 2250 <col width="17%"> 2251 <tr> 2252 <th>CVE</th> 2253 <th></th> 2254 <th> </th> 2255 <th> Nexus</th> 2256 <th> </th> 2257 </tr> 2258 <tr> 2259 <td>CVE-2014-9903</td> 2260 <td>A-28731691 2261 <p> 2262 <a href="https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4efbc454ba68def5ef285b26ebfcfdb605b52755"> 2263 Upstream kernel</a></p></td> 2264 <td></td> 2265 <td>Nexus5X, Nexus6P</td> 2266 <td>21 2014.</td> 2267 </tr> 2268 </table> 2269 2270 <h3 id="information-disclosure-vulnerability-in-mediatek-wi-fi-driver-device-specific"> 2271 Wi-Fi- MediaTek ( )</h3> 2272 <p> 2273 2274 . - 2275 . 2276 </p> 2277 <table> 2278 <col width="19%"> 2279 <col width="20%"> 2280 <col width="10%"> 2281 <col width="23%"> 2282 <col width="17%"> 2283 <tr> 2284 <th>CVE</th> 2285 <th></th> 2286 <th> </th> 2287 <th> Nexus</th> 2288 <th> </th> 2289 </tr> 2290 <tr> 2291 <td>CVE-2016-3852</td> 2292 <td>A-29141147* 2293 <p> 2294 M-ALPS02751738</p></td> 2295 <td></td> 2296 <td>AndroidOne</td> 2297 <td>12 2016.</td> 2298 </tr> 2299 </table> 2300 <p> 2301 * . 2302 Nexus, <a href="https://developers.google.com/android/nexus/drivers"> </a>. 2303 </p> 2304 2305 <h3 id="information-disclosure-vulnerability-in-usb-driver"> USB-</h3> 2306 <p> 2307 2308 . - 2309 . 2310 </p> 2311 <table> 2312 <col width="19%"> 2313 <col width="20%"> 2314 <col width="10%"> 2315 <col width="23%"> 2316 <col width="17%"> 2317 <tr> 2318 <th>CVE</th> 2319 <th></th> 2320 <th> </th> 2321 <th> Nexus</th> 2322 <th> </th> 2323 </tr> 2324 <tr> 2325 <td>CVE-2016-4482</td> 2326 <td>A-28619695 2327 <p> 2328 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=681fef8380eb818c0b845fca5d2ab1dcbab114ee"> 2329 Upstream kernel</a></p></td> 2330 <td></td> 2331 <td> </td> 2332 <td>3 2016.</td> 2333 </tr> 2334 </table> 2335 2336 <h3 id="denial-of-service-vulnerability-in-qualcomm-components"> 2337 Qualcomm</h3> 2338 <p> 2339 , 2340 Qualcomm, , , Wi-Fi-. 2341 </p> 2342 <p> 2343 , 2344 2345 </p> 2346 <table> 2347 <col width="19%"> 2348 <col width="20%"> 2349 <col width="10%"> 2350 <col width="23%"> 2351 <col width="17%"> 2352 <tr> 2353 <th>CVE</th> 2354 <th></th> 2355 <th> </th> 2356 <th> Nexus</th> 2357 <th> </th> 2358 </tr> 2359 <tr> 2360 <td>CVE-2014-9901</td> 2361 <td>A-28670333 2362 <p> 2363 <a href="https://us.codeaurora.org/cgit/quic/la//platform/vendor/qcom-opensource/wlan/prima/commit/?id=637f0f7931dd7265ac1c250dc2884d6389c66bde"> 2364 QC-CR#548711</a></p></td> 2365 <td></td> 2366 <td>Nexus7 (2013)</td> 2367 <td>31 2014.</td> 2368 </tr> 2369 </table> 2370 2371 <h3 id="elevation-of-privilege-vulnerability-in-google-play-services"> 2372 Google Play</h3> 2373 <p> 2374 , , 2375 . 2376 , 2377 . 2378 </p> 2379 <table> 2380 <col width="18%"> 2381 <col width="18%"> 2382 <col width="10%"> 2383 <col width="19%"> 2384 <col width="17%"> 2385 <col width="17%"> 2386 <tr> 2387 <th>CVE</th> 2388 <th></th> 2389 <th> </th> 2390 <th> Nexus</th> 2391 <th> AOSP</th> 2392 <th> </th> 2393 </tr> 2394 <tr> 2395 <td>CVE-2016-3853</td> 2396 <td>A-26803208*</td> 2397 <td></td> 2398 <td> </td> 2399 <td></td> 2400 <td>4 2016.</td> 2401 </tr> 2402 </table> 2403 <p> 2404 * . 2405 Nexus, <a href="https://developers.google.com/android/nexus/drivers"> </a>. 2406 </p> 2407 2408 <h3 id="elevation-of-privilege-vulnerability-in-framework-apis-2"> 2409 Framework API</h3> 2410 <p> 2411 2412 , . 2413 , 2414 . 2415 </p> 2416 <table> 2417 <col width="18%"> 2418 <col width="17%"> 2419 <col width="10%"> 2420 <col width="19%"> 2421 <col width="18%"> 2422 <col width="17%"> 2423 <tr> 2424 <th>CVE</th> 2425 <th></th> 2426 <th> </th> 2427 <th> Nexus</th> 2428 <th> AOSP</th> 2429 <th> </th> 2430 </tr> 2431 <tr> 2432 <td>CVE-2016-2497</td> 2433 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/a75537b496e9df71c74c1d045ba5569631a16298"> 2434 A-27450489</a></td> 2435 <td></td> 2436 <td> </td> 2437 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 2438 <td> Google</td> 2439 </tr> 2440 </table> 2441 2442 <h3 id="information-disclosure-vulnerability-in-kernel-networking-component"> 2443 </h3> 2444 <p> 2445 2446 . 2447 , 2448 . 2449 </p> 2450 <table> 2451 <col width="19%"> 2452 <col width="20%"> 2453 <col width="10%"> 2454 <col width="23%"> 2455 <col width="17%"> 2456 <tr> 2457 <th>CVE</th> 2458 <th></th> 2459 <th> </th> 2460 <th> Nexus</th> 2461 <th> </th> 2462 </tr> 2463 <tr> 2464 <td>CVE-2016-4578</td> 2465 <td>A-28620102 2466 <p> 2467 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5f8e44741f9f216e33736ea4ec65ca9ac03036e6"> 2468 Upstream kernel</a></p></td> 2469 <td></td> 2470 <td> </td> 2471 <td>3 2016.</td> 2472 </tr> 2473 </table> 2474 2475 <h3 id="information-disclosure-vulnerability-in-kernel-sound-component"> 2476 </h3> 2477 <p> 2478 2479 . 2480 , 2481 . 2482 </p> 2483 <table> 2484 <col width="19%"> 2485 <col width="20%"> 2486 <col width="10%"> 2487 <col width="23%"> 2488 <col width="17%"> 2489 <tr> 2490 <th>CVE</th> 2491 <th></th> 2492 <th> </th> 2493 <th> Nexus</th> 2494 <th> </th> 2495 </tr> 2496 <tr> 2497 <td>CVE-2016-4569</td> 2498 <td>A-28980557 2499 <p> 2500 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cec8f96e49d9be372fdb0c3836dcf31ec71e457e"> 2501 Upstream kernel</a></p></td> 2502 <td></td> 2503 <td> </td> 2504 <td>9 2016.</td> 2505 </tr> 2506 <tr> 2507 <td>CVE-2016-4578</td> 2508 <td>A-28980217 2509 <p> 2510 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e4ec8cc8039a7063e24204299b462bd1383184a5"> 2511 Upstream kernel</a> 2512 [<a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9a47e9cff994f37f7f0dbd9ae23740d0f64f9fe6">2</a>]</p></td> 2513 <td></td> 2514 <td> </td> 2515 <td>11 2016.</td> 2516 </tr> 2517 </table> 2518 2519 <h3 id="vulnerabilities-in-qualcomm-components"> 2520 Qualcomm</h3> 2521 <p> 2522 , 2523 Qualcomm, , , , 2524 , , , . 2525 </p> 2526 <table> 2527 <col width="19%"> 2528 <col width="20%"> 2529 <col width="10%"> 2530 <col width="23%"> 2531 <col width="17%"> 2532 <tr> 2533 <th>CVE</th> 2534 <th></th> 2535 <th> </th> 2536 <th> Nexus</th> 2537 <th> </th> 2538 </tr> 2539 <tr> 2540 <td>CVE-2016-3854</td> 2541 <td><a href="https://source.codeaurora.org/quic/la/kernel/msm/commit/?h=LA.AF.1.2.1_rb1.5&id=cc96def76dfd18fba88575065b29f2ae9191fafa"> 2542 QC-CR#897326</a></td> 2543 <td></td> 2544 <td></td> 2545 <td> 2016.</td> 2546 </tr> 2547 <tr> 2548 <td>CVE-2016-3855</td> 2549 <td><a href="https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=ab3f46119ca10de87a11fe966b0723c48f27acd4"> 2550 QC-CR#990824</a></td> 2551 <td></td> 2552 <td></td> 2553 <td> 2016.</td> 2554 </tr> 2555 <tr> 2556 <td>CVE-2016-2060</td> 2557 <td><a href="https://source.codeaurora.org/quic/la/platform/system/netd/commit/?id=e9925f5acb4401588e23ea8a27c3e318f71b5cf8"> 2558 QC-CR#959631</a> 2559 <td></td> 2560 <td></td> 2561 <td> 2016.</td> 2562 </tr> 2563 </table> 2564 <h2 id="common-questions-and-answers"> </h2> 2565 <p> 2566 , 2567 . 2568 </p> 2569 <p> 2570 <strong>1. , , ? 2571 </strong> 2572 </p> 2573 <p> 2574 1 2016 , 2575 2016-08-01. 5 2016 2576 , 2016-08-05. , 2577 , 2578 <a href="https://support.google.com/nexus/answer/4457705"> </a>. 2579 , , 2580 2581 [ro.build.version.security_patch]:[2016-08-01] 2582 [ro.build.version.security_patch]:[2016-08-05]. 2583 </p> 2584 <p> 2585 <strong>2. ?</strong> 2586 </p> 2587 <p> 2588 , 2589 , 2590 Android. Android 2591 2592 . 2593 </p> 2594 <p> 2595 5 2016 2596 , 2597 . 2598 </p> 2599 <p> 2600 1 2016 2601 , 2602 , . , 2603 , 2604 5 2016. 2605 </p> 2606 <p> 2607 3<strong>. , Nexus ?</strong> 2608 </p> 2609 <p> 2610 <a href="#2016-08-01-security-patch-level-security-vulnerability-details">2016-08-01</a> 2611 <a href="#2016-08-05-security-patch-level-vulnerability-details">2016-08-05</a> " Nexus". 2612 , 2613 . 2614 </p> 2615 <ul> 2616 <li><strong> .</strong> <em></em> 2617 2618 <a href="https://support.google.com/nexus/answer/4457705#nexus_devices"> Nexus</a>: Nexus5, Nexus5X, Nexus6, 2619 Nexus6P, Nexus7 (2013), Nexus9, AndroidOne, Nexus Player 2620 PixelC.</li> 2621 <li><strong> .</strong> <em></em> , .</li> 2622 <li><strong>.</strong> Nexus.<em></em> 2623 </li> 2624 </ul> 2625 <p> 2626 <strong>4. ""?</strong> 2627 </p> 2628 <p> 2629 <em></em>. 2630 , 2631 , : 2632 </p> 2633 <table> 2634 <tr> 2635 <th></th> 2636 <th></th> 2637 </tr> 2638 <tr> 2639 <td>A-</td> 2640 <td> Android</td> 2641 </tr> 2642 <tr> 2643 <td>QC-</td> 2644 <td> Qualcomm</td> 2645 </tr> 2646 <tr> 2647 <td>M-</td> 2648 <td> MediaTek</td> 2649 </tr> 2650 <tr> 2651 <td>N-</td> 2652 <td> NVIDIA</td> 2653 </tr> 2654 </table> 2655 <h2 id="revisions"></h2> 2656 2657 <ul> 2658 <li>1 2016. .</li> 2659 <li>2 2016. AOSP.</li> 2660 </ul> 2661 2662 </body> 2663 </html> 2664
