1 <html devsite> 2 <head> 3 <title> Android 2016.</title> 4 <meta name="project_path" value="/_project.yaml" /> 5 <meta name="book_path" value="/_book.yaml" /> 6 </head> 7 <body> 8 <!-- 9 Copyright 2017 The Android Open Source Project 10 11 Licensed under the Apache License, Version 2.0 (the "License"); 12 you may not use this file except in compliance with the License. 13 You may obtain a copy of the License at 14 15 http://www.apache.org/licenses/LICENSE-2.0 16 17 Unless required by applicable law or agreed to in writing, software 18 distributed under the License is distributed on an "AS IS" BASIS, 19 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 20 See the License for the specific language governing permissions and 21 limitations under the License. 22 --> 23 24 25 26 <p><em> 7 2016. | 8 2016.</em></p> 27 <p> 28 Android. Google <a href="https://developers.google.com/android/nexus/images"> </a>. , , 6 2016 . , , <a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices"> </a>.</p> 29 <p> 30 20 2016 . Android Open Source Project (AOSP). 31 AOSP. 32 </p> 33 <p> 34 35 36 (, , 37 MMS).</p> 38 <p> 39 . <a href="#mitigations"> </a> , <a href="/security/enhancements/index.html"> </a> , <a href="https://developer.android.com/training/safetynet/index.html">SafetyNet</a>, Android.</p> 40 <p> 41 .</p> 42 <h2 id="announcements"></h2> 43 <ul> 44 <li> Pixel PixelXL <a href="#google-devices"> , Google</a> " Google" ( " Nexus"). 45 </li> 46 <li> , , Android. <a href="#common-questions-and-answers"> </a>. 47 <ul> 48 <li><strong>2016-11-01</strong>: , 2016-11-01 .</li> 49 <li><strong>2016-11-05</strong>: , 2016-11-01 2016-11-05, .</li> 50 <li><strong> </strong> 51 <p> , . 2016-12-01. 52 </p> 53 <ul> 54 <li><strong>2016-11-06</strong>: , 2016-11-05, CVE-2016-5195, 19 2016.</li> 55 </ul> 56 </li> 57 </ul> 58 </li> 59 <li> Google 5 2016.</li> 60 </ul> 61 62 <h2 id="security-vulnerability-summary"> </h2> 63 <p> 64 , (CVE) , , Google. <a href="/security/overview/updates-resources.html#severity"> </a> , , .</p> 65 <h3 id="2016-11-01-summary"> ( 2016-11-01)</h3> 66 <p> 67 1 2016 .</p> 68 <table> 69 <col width="55%"> 70 <col width="20%"> 71 <col width="13%"> 72 <col width="12%"> 73 <tr> 74 <th></th> 75 <th>CVE</th> 76 <th> </th> 77 <th> Google?</th> 78 </tr> 79 <tr> 80 <td> mediaserver</td> 81 <td>CVE-2016-6699</td> 82 <td></td> 83 <td></td> 84 </tr> 85 <tr> 86 <td> libzipfile</td> 87 <td>CVE-2016-6700</td> 88 <td></td> 89 <td>*</td> 90 </tr> 91 <tr> 92 <td> Skia</td> 93 <td>CVE-2016-6701</td> 94 <td></td> 95 <td></td> 96 </tr> 97 <tr> 98 <td> libjpeg</td> 99 <td>CVE-2016-6702</td> 100 <td></td> 101 <td>*</td> 102 </tr> 103 <tr> 104 <td> Android Runtime</td> 105 <td>CVE-2016-6703</td> 106 <td></td> 107 <td>*</td> 108 </tr> 109 <tr> 110 <td> mediaserver</td> 111 <td>CVE-2016-6704, CVE-2016-6705, CVE-2016-6706</td> 112 <td></td> 113 <td></td> 114 </tr> 115 <tr> 116 <td> System Server</td> 117 <td>CVE-2016-6707</td> 118 <td></td> 119 <td></td> 120 </tr> 121 <tr> 122 <td> System UI</td> 123 <td>CVE-2016-6708</td> 124 <td></td> 125 <td></td> 126 </tr> 127 <tr> 128 <td> Conscrypt</td> 129 <td>CVE-2016-6709</td> 130 <td></td> 131 <td></td> 132 </tr> 133 <tr> 134 <td> </td> 135 <td>CVE-2016-6710</td> 136 <td></td> 137 <td></td> 138 </tr> 139 <tr> 140 <td> Bluetooth</td> 141 <td>CVE-2014-9908</td> 142 <td></td> 143 <td>*</td> 144 </tr> 145 <tr> 146 <td> OpenJDK</td> 147 <td>CVE-2015-0410</td> 148 <td></td> 149 <td></td> 150 </tr> 151 <tr> 152 <td> mediaserver</td> 153 <td>CVE-2016-6711, CVE-2016-6712, CVE-2016-6713, CVE-2016-6714</td> 154 <td></td> 155 <td></td> 156 </tr> 157 <tr> 158 <td> Framework API</td> 159 <td>CVE-2016-6715</td> 160 <td></td> 161 <td></td> 162 </tr> 163 <tr> 164 <td> AOSP Launcher</td> 165 <td>CVE-2016-6716</td> 166 <td></td> 167 <td></td> 168 </tr> 169 <tr> 170 <td> mediaserver</td> 171 <td>CVE-2016-6717</td> 172 <td></td> 173 <td></td> 174 </tr> 175 <tr> 176 <td> </td> 177 <td>CVE-2016-6718</td> 178 <td></td> 179 <td></td> 180 </tr> 181 <tr> 182 <td> Bluetooth</td> 183 <td>CVE-2016-6719</td> 184 <td></td> 185 <td></td> 186 </tr> 187 <tr> 188 <td> mediaserver</td> 189 <td>CVE-2016-6720, CVE-2016-6721, CVE-2016-6722</td> 190 <td></td> 191 <td></td> 192 </tr> 193 <tr> 194 <td> -</td> 195 <td>CVE-2016-6723</td> 196 <td></td> 197 <td></td> 198 </tr> 199 <tr> 200 <td> </td> 201 <td>CVE-2016-6724</td> 202 <td></td> 203 <td></td> 204 </tr> 205 </table> 206 <p> 207 * Google Android7.0, .</p> 208 <h3 id="2016-11-05-summary"> ( 2016-11-05)</h3> 209 <p> 210 5 2016 , 2016-11-01, , .</p> 211 <table> 212 <col width="55%"> 213 <col width="20%"> 214 <col width="13%"> 215 <col width="12%"> 216 <tr> 217 <th></th> 218 <th>CVE</th> 219 <th> </th> 220 <th> Google?</th> 221 </tr> 222 <tr> 223 <td> Qualcomm</td> 224 <td>CVE-2016-6725</td> 225 <td></td> 226 <td></td> 227 </tr> 228 <tr> 229 <td> </td> 230 <td>CVE-2015-8961, CVE-2016-7910, CVE-2016-7911</td> 231 <td></td> 232 <td></td> 233 </tr> 234 <tr> 235 <td> SCSI- </td> 236 <td>CVE-2015-8962</td> 237 <td></td> 238 <td></td> 239 </tr> 240 <tr> 241 <td> </td> 242 <td>CVE-2016-7913</td> 243 <td></td> 244 <td></td> 245 </tr> 246 <tr> 247 <td> USB- </td> 248 <td>CVE-2016-7912</td> 249 <td></td> 250 <td></td> 251 </tr> 252 <tr> 253 <td> ION </td> 254 <td>CVE-2016-6728</td> 255 <td></td> 256 <td></td> 257 </tr> 258 <tr> 259 <td> Qualcomm</td> 260 <td>CVE-2016-6729</td> 261 <td></td> 262 <td></td> 263 </tr> 264 <tr> 265 <td> NVIDIA </td> 266 <td>CVE-2016-6730, CVE-2016-6731, CVE-2016-6732, CVE-2016-6733, CVE-2016-6734, CVE-2016-6735, CVE-2016-6736</td> 267 <td></td> 268 <td></td> 269 </tr> 270 <tr> 271 <td> </td> 272 <td>CVE-2016-6828</td> 273 <td></td> 274 <td></td> 275 </tr> 276 <tr> 277 <td> </td> 278 <td>CVE-2016-2184</td> 279 <td></td> 280 <td></td> 281 </tr> 282 <tr> 283 <td> ION </td> 284 <td>CVE-2016-6737</td> 285 <td></td> 286 <td></td> 287 </tr> 288 <tr> 289 <td> Qualcomm</td> 290 <td>CVE-2016-6726, CVE-2016-6727</td> 291 <td></td> 292 <td></td> 293 </tr> 294 <tr> 295 <td> Expat</td> 296 <td>CVE-2016-0718, CVE-2012-6702, CVE-2016-5300, CVE-2015-1283</td> 297 <td></td> 298 <td>*</td> 299 </tr> 300 <tr> 301 <td> Webview</td> 302 <td>CVE-2016-6754</td> 303 <td></td> 304 <td>*</td> 305 </tr> 306 <tr> 307 <td> Freetype</td> 308 <td>CVE-2014-9675</td> 309 <td></td> 310 <td>*</td> 311 </tr> 312 <tr> 313 <td> </td> 314 <td>CVE-2015-8963</td> 315 <td></td> 316 <td></td> 317 </tr> 318 <tr> 319 <td> </td> 320 <td>CVE-2016-6136</td> 321 <td></td> 322 <td></td> 323 </tr> 324 <tr> 325 <td> Qualcomm </td> 326 <td>CVE-2016-6738</td> 327 <td></td> 328 <td></td> 329 </tr> 330 <tr> 331 <td> Qualcomm </td> 332 <td>CVE-2016-6739, CVE-2016-6740, CVE-2016-6741</td> 333 <td></td> 334 <td></td> 335 </tr> 336 <tr> 337 <td> Qualcomm</td> 338 <td>CVE-2016-3904</td> 339 <td></td> 340 <td></td> 341 </tr> 342 <tr> 343 <td> Synaptics</td> 344 <td>CVE-2016-6742, CVE-2016-6744, CVE-2016-6745, CVE-2016-6743</td> 345 <td></td> 346 <td></td> 347 </tr> 348 <tr> 349 <td> </td> 350 <td>CVE-2015-8964, CVE-2016-7914, CVE-2016-7915, CVE-2016-7916</td> 351 <td></td> 352 <td></td> 353 </tr> 354 <tr> 355 <td> NVIDIA </td> 356 <td>CVE-2016-6746</td> 357 <td></td> 358 <td></td> 359 </tr> 360 <tr> 361 <td> mediaserver</td> 362 <td>CVE-2016-6747</td> 363 <td></td> 364 <td></td> 365 </tr> 366 <tr> 367 <td> </td> 368 <td>CVE-2016-6753, CVE-2016-7917</td> 369 <td></td> 370 <td></td> 371 </tr> 372 <tr> 373 <td> Qualcomm</td> 374 <td>CVE-2016-6748, CVE-2016-6749, CVE-2016-6750, CVE-2016-3906, CVE-2016-3907, CVE-2016-6698, CVE-2016-6751, CVE-2016-6752</td> 375 <td></td> 376 <td></td> 377 </tr> 378 </table> 379 <p> 380 * Google Android7.0, .</p> 381 <h3 id="2016-11-06-summary"> ( 2016-11-06)</h3> 382 <p> 383 6 2016 , 2016-11-01 2016-11-05, , .</p> 384 <table> 385 <col width="55%"> 386 <col width="20%"> 387 <col width="13%"> 388 <col width="12%"> 389 <tr> 390 <th></th> 391 <th>CVE</th> 392 <th> </th> 393 <th> Google?</th> 394 </tr> 395 <tr> 396 <td> </td> 397 <td>CVE-2016-5195</td> 398 <td></td> 399 <td></td> 400 </tr> 401 </table> 402 403 <h2 id="mitigations"> </h2> 404 <p> 405 , <a href="/security/enhancements/index.html"> </a> , SafetyNet, Android.</p> 406 <ul> 407 <li> Android, .</li> 408 <li>, Android, <a href="http://static.googleusercontent.com/media/source.android.com/ru//security/reports/Google_Android_Security_2015_Report_Final.pdf"> SafetyNet</a>. <a href="http://static.googleusercontent.com/media/source.android.com/ru//security/reports/Google_Android_Security_PHA_classifications.pdf"> </a>. <a href="http://www.android.com/gms"> Google</a>. , . Google Play , . , . , , 409 , 410 . , 411 .</li> 412 <li> Google Hangouts Messenger 413 , mediaserver, .</li> 414 </ul> 415 <h2 id="acknowledgements"></h2> 416 <p> 417 , :</p> 418 <ul> 419 <li> , Google Chrome: CVE-2016-6722</li> 420 <li> Google: CVE-2016-6703</li> 421 <li> (<a href="http://twitter.com/@r4y2_wa">@r4y2_wa</a>) <a href="http://weibo.com/ele7enxxh"> </a> <a href="http://www.pkav.net">PKAV</a>, Silence Information Technology: CVE-2016-6700, CVE-2016-6702</li> 422 <li>Askyshang , Tencent: CVE-2016-6713</li> 423 <li> Android: CVE-2016-6737</li> 424 <li><a href="mailto:kpatsak (a] unipi.gr"> </a> <a href="mailto:talepis (a] unipi.gr"> </a> : CVE-2016-6715</li> 425 <li>dragonltx Alibaba Mobile Security: CVE-2016-6714</li> 426 <li> Project Zero: CVE-2016-6707, CVE-2016-6717</li> 427 <li> (<a href="http://twitter.com/chengjia4574">@chengjia4574</a>) <a href="http://weibo.com/jfpan">pjf</a> IceSword Lab, 428 <a href="http://www.360.com">Qihoo 360 Technology Co. Ltd</a>.: CVE-2016-6725, CVE-2016-6738, CVE-2016-6740, CVE-2016-6741, CVE-2016-6742, CVE-2016-6744, CVE-2016-6745, CVE-2016-3906</li> 429 <li> () (<a href="http://twitter.com/oldfresher">@oldfresher</a>) Alpha Team, <a href="http://www.360.com">Qihoo 360 Technology Co. Ltd</a>.: CVE-2016-6754</li> 430 <li> (<a href="http://twitter.com/jianqiangzhao">@jianqiangzhao</a>) <a href="http://weibo.com/jfpan">pjf</a> IceSword Lab, 431 <a href="http://www.360.com">Qihoo 360 Technology Co. Ltd</a>.: CVE-2016-6739, CVE-2016-3904, CVE-2016-3907, CVE-2016-6698</li> 432 <li> Project Zero: CVE-2016-6706</li> 433 <li> Google: CVE-2016-6724</li> 434 <li> (<a href="https://github.com/michalbednarski">github.com/michalbednarski</a>): CVE-2016-6710</li> 435 <li> Android: CVE-2016-6743</li> 436 <li> (<a href="http://twitter.com/heisecode">@heisecode</a>) Trend Micro: CVE-2016-6721</li> 437 <li> () (<a href="http://twitter.com/flanker_hqd">@flanker_hqd</a>) () (<a href="http://twitter.com/dmxcsnsbh">@dmxcsnsbh</a>) KeenLab, Tencent: CVE-2016-6705</li> 438 <li> Google: CVE-2016-6708</li> 439 <li><a href="mailto:sbauer (a] plzdonthack.me"> </a> (<a href="http://twitter.com/ScottyBauer1">@ScottyBauer1</a>): CVE-2016-6751</li> 440 <li> (<a href="http://twitter.com/Black2Fan">@Black2Fan</a>) : CVE-2016-6716</li> 441 <li> (<a href="http://twitter.com/lingtongshen">@lingtongshen</a>) , Trend Micro: CVE-2016-6748, CVE-2016-6749, CVE-2016-6750, CVE-2016-6753</li> 442 <li> , , ; , -: CVE-2016-6728</li> 443 <li> (<a href="https://twitter.com/sunblate">@sunblate</a>) Alibaba Inc: CVE-2016-6712, CVE-2016-6699, CVE-2016-6711</li> 444 <li> (<a href="mailto:vancouverdou (a] gmail.com">vancouverdou (a] gmail.com</a>), (<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>) <a href="http://c0reteam.org">C0RE Team</a>: CVE-2016-6720</li> 445 <li> () (<a href="http://twitter.com/wish_wu">@wish_wu</a>) Trend Micro Inc.: CVE-2016-6704</li> 446 <li> <a href="https://wwws.nightwatchcybersecurity.com">Nightwatch Cybersecurity</a>: CVE-2016-6723</li> 447 <li><a href="mailto:computernik (a] gmail.com">- </a>, <a href="mailto:yaojun8558363 (a] gmail.com"> </a>, <a href="mailto:segfault5514 (a] gmail.com"> </a>, (<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>) <a href="http://c0reteam.org">C0RE Team</a>: CVE-2016-6730, CVE-2016-6732, CVE-2016-6734, CVE-2016-6736</li> 448 <li><a href="mailto:computernik (a] gmail.com">- </a>, <a href="mailto:yaojun8558363 (a] gmail.com"> </a>, <a href="mailto:wisedd (a] gmail.com"> </a>, (<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>) <a href="http://c0reteam.org">C0RE Team</a>: CVE-2016-6731, CVE-2016-6733, CVE-2016-6735, CVE-2016-6746</li> 449 </ul> 450 <p> 451 Android .</p> 452 453 <h2 id="2016-11-01-details"> ( 2016-11-01)</h2> 454 <p> 455 <a href="#2016-11-01-summary"> </a> : , CVE, , , Google AOSP ( ), . , , (, AOSP), .</p> 456 457 <h3 id="rce-in-mediaserver"> mediaserver</h3> 458 <p> 459 460 . - 461 mediaserver. 462 </p> 463 <table> 464 <col width="18%"> 465 <col width="18%"> 466 <col width="10%"> 467 <col width="19%"> 468 <col width="17%"> 469 <col width="17%"> 470 <tr> 471 <th>CVE</th> 472 <th></th> 473 <th> </th> 474 <th> Google</th> 475 <th> AOSP</th> 476 <th> </th> 477 </tr> 478 <tr> 479 <td>CVE-2016-6699</td> 480 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/3b1c9f692c4d4b7a683c2b358fc89e831a641b88"> 481 A-31373622</a></td> 482 <td></td> 483 <td></td> 484 <td>7.0</td> 485 <td>27 2016.</td> 486 </tr> 487 </table> 488 <h3 id="eop-in-libzipfile"> libzipfile</h3> 489 <p> 490 . , - . , . 491 </p> 492 <table> 493 <col width="18%"> 494 <col width="18%"> 495 <col width="10%"> 496 <col width="19%"> 497 <col width="17%"> 498 <col width="17%"> 499 <tr> 500 <th>CVE</th> 501 <th></th> 502 <th> </th> 503 <th> Google</th> 504 <th> AOSP</th> 505 <th> </th> 506 </tr> 507 <tr> 508 <td>CVE-2016-6700</td> 509 <td>A-30916186</td> 510 <td></td> 511 <td>*</td> 512 <td>4.4.4, 5.0.2, 5.1.1</td> 513 <td>17 2016.</td> 514 </tr> 515 </table> 516 <p> 517 * Google Android7.0, . 518 </p> 519 <h3 id="rce-in-skia"> Skia</h3> 520 <p> 521 . - . 522 </p> 523 <table> 524 <col width="18%"> 525 <col width="18%"> 526 <col width="10%"> 527 <col width="19%"> 528 <col width="17%"> 529 <col width="17%"> 530 <tr> 531 <th>CVE</th> 532 <th></th> 533 <th> </th> 534 <th> Google</th> 535 <th> AOSP</th> 536 <th> </th> 537 </tr> 538 <tr> 539 <td>CVE-2016-6701</td> 540 <td><a href="https://android.googlesource.com/platform/external/skia/+/aca73722873e908633ff27375f6f93a08cbb7dd3"> 541 A-30190637</a></td> 542 <td></td> 543 <td></td> 544 <td>7.0</td> 545 <td> Google</td> 546 </tr> 547 </table> 548 <h3 id="rce-in-libjpeg"> libjpeg</h3> 549 <p> 550 . - , . 551 </p> 552 <table> 553 <col width="18%"> 554 <col width="18%"> 555 <col width="10%"> 556 <col width="19%"> 557 <col width="17%"> 558 <col width="17%"> 559 <tr> 560 <th>CVE</th> 561 <th></th> 562 <th> </th> 563 <th> Google</th> 564 <th> AOSP</th> 565 <th> </th> 566 </tr> 567 <tr> 568 <td>CVE-2016-6702</td> 569 <td>A-30259087</td> 570 <td></td> 571 <td>*</td> 572 <td>4.4.4, 5.0.2, 5.1.1</td> 573 <td>19 2016.</td> 574 </tr> 575 </table> 576 <p> 577 * Google Android7.0, . 578 </p> 579 <h3 id="rce-in-android-runtime"> Android Runtime</h3> 580 <p> 581 . - , . 582 </p> 583 <table> 584 <col width="18%"> 585 <col width="18%"> 586 <col width="10%"> 587 <col width="19%"> 588 <col width="17%"> 589 <col width="17%"> 590 <tr> 591 <th>CVE</th> 592 <th></th> 593 <th> </th> 594 <th> Google</th> 595 <th> AOSP</th> 596 <th> </th> 597 </tr> 598 <tr> 599 <td>CVE-2016-6703</td> 600 <td>A-30765246</td> 601 <td></td> 602 <td>*</td> 603 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 604 <td> Google</td> 605 </tr> 606 </table> 607 <p> 608 * Google Android7.0, . 609 </p> 610 <h3 id="eop-in-mediaserver"> mediaserver</h3> 611 <p> 612 . , , . 613 </p> 614 <table> 615 <col width="18%"> 616 <col width="18%"> 617 <col width="10%"> 618 <col width="19%"> 619 <col width="17%"> 620 <col width="17%"> 621 <tr> 622 <th>CVE</th> 623 <th></th> 624 <th> </th> 625 <th> Google</th> 626 <th> AOSP</th> 627 <th> </th> 628 </tr> 629 <tr> 630 <td>CVE-2016-6704</td> 631 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/c6c446f9e022adf20064e65a17574804f8af8e7d">A-30229821</a> 632 [<a href="https://android.googlesource.com/platform/hardware/qcom/audio/+/9cb9810ecb63c8ff55ecf4bc77431dc5b0688b5f">2</a>] 633 [<a href="https://android.googlesource.com/platform/system/media/+/a6274f03b4dfe1c3a22af51e3a17ea56a314e747">3</a>] 634 </td> 635 <td></td> 636 <td></td> 637 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0</td> 638 <td>19 2016.</td> 639 </tr> 640 <tr> 641 <td>CVE-2016-6705</td> 642 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/3a03fa24d21f97e84e796ac5ef14b3f434c0e8f1">A-30907212</a> 643 [<a href="https://android.googlesource.com/platform/frameworks/av/+/bd04b47d38a89f1dada1c6da2ef4a3d235c166b8">2</a>] 644 </td> 645 <td></td> 646 <td></td> 647 <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0</td> 648 <td>16 2016.</td> 649 </tr> 650 <tr> 651 <td>CVE-2016-6706</td> 652 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/1d4feebdb85db46e138530f360d9ff2490e14353"> 653 A-31385713</a> 654 </td> 655 <td></td> 656 <td></td> 657 <td>7.0</td> 658 <td>8 2016.</td> 659 </tr> 660 </table> 661 <h3 id="eop-in-system-server"> System Server</h3> 662 <p> 663 . , , . 664 </p> 665 <table> 666 <col width="18%"> 667 <col width="18%"> 668 <col width="10%"> 669 <col width="19%"> 670 <col width="17%"> 671 <col width="17%"> 672 <tr> 673 <th>CVE</th> 674 <th></th> 675 <th> </th> 676 <th> Google</th> 677 <th> AOSP</th> 678 <th> </th> 679 </tr> 680 <tr> 681 <td>CVE-2016-6707</td> 682 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/16024ea7c4bae08c972cf6b3734029aad33e8870"> 683 A-31350622</a> 684 </td> 685 <td></td> 686 <td></td> 687 <td>6.0, 6.0.1, 7.0</td> 688 <td>7 2016.</td> 689 </tr> 690 </table> 691 <h3 id="eop-in-system-ui"> System UI</h3> 692 <p> 693 , , . , . 694 </p> 695 <table> 696 <col width="18%"> 697 <col width="18%"> 698 <col width="10%"> 699 <col width="19%"> 700 <col width="17%"> 701 <col width="17%"> 702 <tr> 703 <th>CVE</th> 704 <th></th> 705 <th> </th> 706 <th> Google</th> 707 <th> AOSP</th> 708 <th> </th> 709 </tr> 710 <tr> 711 <td>CVE-2016-6708</td> 712 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/c9c73fde339b4db496f2c1ff8c18df1e9db5a7c1"> 713 A-30693465</a> 714 </td> 715 <td></td> 716 <td></td> 717 <td>7.0</td> 718 <td> Google</td> 719 </tr> 720 </table> 721 <h3 id="id-in-conscrypt"> Conscrypt</h3> 722 <p> 723 , API . - . 724 </p> 725 <table> 726 <col width="18%"> 727 <col width="18%"> 728 <col width="10%"> 729 <col width="19%"> 730 <col width="17%"> 731 <col width="17%"> 732 <tr> 733 <th>CVE</th> 734 <th></th> 735 <th> </th> 736 <th> Google</th> 737 <th> AOSP</th> 738 <th> </th> 739 </tr> 740 <tr> 741 <td>CVE-2016-6709</td> 742 <td><a href="https://android.googlesource.com/platform/external/conscrypt/+/44ef9535b9afb123d150d8e0362e4bb50794dd41"> 743 A-31081987</a> 744 </td> 745 <td></td> 746 <td></td> 747 <td>6.0, 6.0.1, 7.0</td> 748 <td>9 2015.</td> 749 </tr> 750 </table> 751 <h3 id="id-in-download-manager"> </h3> 752 <p> 753 , . , . 754 </p> 755 <table> 756 <col width="18%"> 757 <col width="18%"> 758 <col width="10%"> 759 <col width="19%"> 760 <col width="17%"> 761 <col width="17%"> 762 <tr> 763 <th>CVE</th> 764 <th></th> 765 <th> </th> 766 <th> Google</th> 767 <th> AOSP</th> 768 <th> </th> 769 </tr> 770 <tr> 771 <td>CVE-2016-6710</td> 772 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/9fab683c9598d234dd8461335c276ed3e37c91e8">A-30537115</a> 773 [<a href="https://android.googlesource.com/platform/packages/providers/DownloadProvider/+/243e62949f7208d3b82eda3ee4ec22d3dbc1fb19">2</a>] 774 </td> 775 <td></td> 776 <td></td> 777 <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0</td> 778 <td>30 2016.</td> 779 </tr> 780 </table> 781 <h3 id="dos-in-bluetooth"> Bluetooth</h3> 782 <p> 783 Bluetooth . , . 784 </p> 785 <table> 786 <col width="18%"> 787 <col width="18%"> 788 <col width="10%"> 789 <col width="19%"> 790 <col width="17%"> 791 <col width="17%"> 792 <tr> 793 <th>CVE</th> 794 <th></th> 795 <th> </th> 796 <th> Google</th> 797 <th> AOSP</th> 798 <th> </th> 799 </tr> 800 <tr> 801 <td>CVE-2014-9908</td> 802 <td>A-28672558</td> 803 <td></td> 804 <td>*</td> 805 <td>4.4.4, 5.0.2, 5.1.1</td> 806 <td>5 2014.</td> 807 </tr> 808 </table> 809 <p> 810 * Google Android7.0, . 811 </p> 812 <h3 id="dos-in-openjdk"> OpenJDK</h3> 813 <p> 814 . , . 815 </p> 816 <table> 817 <col width="18%"> 818 <col width="18%"> 819 <col width="10%"> 820 <col width="19%"> 821 <col width="17%"> 822 <col width="17%"> 823 <tr> 824 <th>CVE</th> 825 <th></th> 826 <th> </th> 827 <th> Google</th> 828 <th> AOSP</th> 829 <th> </th> 830 </tr> 831 <tr> 832 <td>CVE-2015-0410</td> 833 <td><a href="https://android.googlesource.com/platform/libcore/+/21098574528bdf99dd50a74a60e161573e999108"> 834 A-30703445</a> 835 </td> 836 <td></td> 837 <td></td> 838 <td>7.0</td> 839 <td>16 2015.</td> 840 </tr> 841 </table> 842 <h3 id="dos-in-mediaserver"> mediaserver</h3> 843 <p> 844 . , . 845 </p> 846 <table> 847 <col width="18%"> 848 <col width="18%"> 849 <col width="10%"> 850 <col width="19%"> 851 <col width="17%"> 852 <col width="17%"> 853 <tr> 854 <th>CVE</th> 855 <th></th> 856 <th> </th> 857 <th> Google</th> 858 <th> AOSP</th> 859 <th> </th> 860 </tr> 861 <tr> 862 <td>CVE-2016-6711</td> 863 <td><a href="https://android.googlesource.com/platform/external/libvpx/+/063be1485e0099bc81ace3a08b0ec9186dcad693"> 864 A-30593765</a> 865 </td> 866 <td></td> 867 <td>*</td> 868 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 869 <td>1 2016.</td> 870 </tr> 871 <tr> 872 <td>CVE-2016-6712</td> 873 <td><a href="https://android.googlesource.com/platform/external/libvpx/+/fdb1b40e7bb147c07bda988c9501ad223795d12d"> 874 A-30593752</a> 875 </td> 876 <td></td> 877 <td>*</td> 878 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 879 <td>1 2016.</td> 880 </tr> 881 <tr> 882 <td>CVE-2016-6713</td> 883 <td><a href="https://android.googlesource.com/platform/external/libavc/+/8cafca0e8b1ed8125918e203118c5a4e612fd56c"> 884 A-30822755</a></td> 885 <td></td> 886 <td></td> 887 <td>6.0, 6.0.1, 7.0</td> 888 <td>11 2016.</td> 889 </tr> 890 <tr> 891 <td>CVE-2016-6714</td> 892 <td><a href="https://android.googlesource.com/platform/external/libavc/+/5bdb0a6b72782e505671a387bb5f83222d891d6a"> 893 A-31092462</a> 894 </td> 895 <td></td> 896 <td></td> 897 <td>6.0, 6.0.1, 7.0</td> 898 <td>22 2016.</td> 899 </tr> 900 </table> 901 <p> 902 * Google Android7.0, . 903 </p> 904 <h3 id="eop-in-framework-apis"> Framework API</h3> 905 <p> 906 , . , (, , ). 907 </p> 908 <table> 909 <col width="18%"> 910 <col width="18%"> 911 <col width="10%"> 912 <col width="19%"> 913 <col width="17%"> 914 <col width="17%"> 915 <tr> 916 <th>CVE</th> 917 <th></th> 918 <th> </th> 919 <th> Google</th> 920 <th> AOSP</th> 921 <th> </th> 922 </tr> 923 <tr> 924 <td>CVE-2016-6715</td> 925 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/3de09838fb0996bb4b420630800ad34e828fd1b6"> 926 A-29833954</a> 927 </td> 928 <td></td> 929 <td></td> 930 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0</td> 931 <td>28 2016.</td> 932 </tr> 933 </table> 934 <h3 id="eop-in-aosp-launcher"> AOSP Launcher</h3> 935 <p> 936 . , (, , ). 937 </p> 938 <table> 939 <col width="18%"> 940 <col width="18%"> 941 <col width="10%"> 942 <col width="19%"> 943 <col width="17%"> 944 <col width="17%"> 945 <tr> 946 <th>CVE</th> 947 <th></th> 948 <th> </th> 949 <th> Google</th> 950 <th> AOSP</th> 951 <th> </th> 952 </tr> 953 <tr> 954 <td>CVE-2016-6716</td> 955 <td><a href="https://android.googlesource.com/platform/packages/apps/Launcher3/+/e83fc11c982e67dd0181966f5f3a239ea6b14924"> 956 A-30778130</a> 957 </td> 958 <td></td> 959 <td></td> 960 <td>7.0</td> 961 <td>5 2016.</td> 962 </tr> 963 </table> 964 <h3 id="eop-in-mediaserver-1"> mediaserver</h3> 965 <p> 966 . , . 967 </p> 968 <table> 969 <col width="18%"> 970 <col width="18%"> 971 <col width="10%"> 972 <col width="19%"> 973 <col width="17%"> 974 <col width="17%"> 975 <tr> 976 <th>CVE</th> 977 <th></th> 978 <th> </th> 979 <th> Google</th> 980 <th> AOSP</th> 981 <th> </th> 982 </tr> 983 <tr> 984 <td>CVE-2016-6717</td> 985 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/45d9bbabbe7920bf4e0a68074b97d8260aef2e07"> 986 A-31350239</a> 987 </td> 988 <td></td> 989 <td></td> 990 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0</td> 991 <td>7 2016.</td> 992 </tr> 993 </table> 994 <h3 id="eop-in-account-manager-service"> </h3> 995 <p> 996 . , (, , ). 997 </p> 998 <table> 999 <col width="18%"> 1000 <col width="18%"> 1001 <col width="10%"> 1002 <col width="19%"> 1003 <col width="17%"> 1004 <col width="17%"> 1005 <tr> 1006 <th>CVE</th> 1007 <th></th> 1008 <th> </th> 1009 <th> Google</th> 1010 <th> AOSP</th> 1011 <th> </th> 1012 </tr> 1013 <tr> 1014 <td>CVE-2016-6718</td> 1015 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/fecfd550edeca422c0d9f32a9c0abe73398a1ff1"> 1016 A-30455516</a> 1017 </td> 1018 <td></td> 1019 <td></td> 1020 <td>7.0</td> 1021 <td> Google</td> 1022 </tr> 1023 </table> 1024 <h3 id="eop-in-bluetooth"> Bluetooth</h3> 1025 <p> 1026 Bluetooth . , (, , ). 1027 </p> 1028 <table> 1029 <col width="18%"> 1030 <col width="18%"> 1031 <col width="10%"> 1032 <col width="19%"> 1033 <col width="17%"> 1034 <col width="17%"> 1035 <tr> 1036 <th>CVE</th> 1037 <th></th> 1038 <th> </th> 1039 <th> Google</th> 1040 <th> AOSP</th> 1041 <th> </th> 1042 </tr> 1043 <tr> 1044 <td>CVE-2016-6719</td> 1045 <td><a href="https://android.googlesource.com/platform/packages/apps/Bluetooth/+/e1b6db10e913c09d0b695368336137f6aabee462">A-29043989</a> 1046 [<a href="https://android.googlesource.com/platform/frameworks/base/+/b1dc1757071ba46ee653d68f331486e86778b8e4">2</a>] 1047 </td> 1048 <td></td> 1049 <td></td> 1050 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0</td> 1051 <td> Google</td> 1052 </tr> 1053 </table> 1054 <h3 id="id-in-mediaserver"> mediaserver</h3> 1055 <p> 1056 1057 . - . 1058 </p> 1059 <table> 1060 <col width="18%"> 1061 <col width="18%"> 1062 <col width="10%"> 1063 <col width="19%"> 1064 <col width="17%"> 1065 <col width="17%"> 1066 <tr> 1067 <th>CVE</th> 1068 <th></th> 1069 <th> </th> 1070 <th> Google</th> 1071 <th> AOSP</th> 1072 <th> </th> 1073 </tr> 1074 <tr> 1075 <td>CVE-2016-6720</td> 1076 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/0f177948ae2640bfe4d70f8e4248e106406b3b0a">A-29422020</a> 1077 [<a href="https://android.googlesource.com/platform/frameworks/av/+/2c75e1c3b98e4e94f50c63e2b7694be5f948477c">2</a>] 1078 [<a href="https://android.googlesource.com/platform/frameworks/av/+/7c88b498fda1c2b608a9dd73960a2fd4d7b7e3f7">3</a>] 1079 [<a href="https://android.googlesource.com/platform/frameworks/av/+/640b04121d7cd2cac90e2f7c82b97fce05f074a5">4</a>]</td> 1080 <td></td> 1081 <td></td> 1082 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0</td> 1083 <td>15 2016.</td> 1084 </tr> 1085 <tr> 1086 <td>CVE-2016-6721</td> 1087 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/f6bf0102bdc1adff973e08d8ce9c869c4e2efade"> 1088 A-30875060</a></td> 1089 <td></td> 1090 <td></td> 1091 <td>6.0, 6.0.1, 7.0</td> 1092 <td>13 2016.</td> 1093 </tr> 1094 <tr> 1095 <td>CVE-2016-6722</td> 1096 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/89c03b3b9ff74a507a8b8334c50b08b334483556"> 1097 A-31091777</a></td> 1098 <td></td> 1099 <td></td> 1100 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0</td> 1101 <td>23 2016.</td> 1102 </tr> 1103 </table> 1104 <h3 id="dos-in-proxy-auto-config"> -</h3> 1105 <p> 1106 . , . 1107 </p> 1108 <table> 1109 <col width="18%"> 1110 <col width="18%"> 1111 <col width="10%"> 1112 <col width="19%"> 1113 <col width="17%"> 1114 <col width="17%"> 1115 <tr> 1116 <th>CVE</th> 1117 <th></th> 1118 <th> </th> 1119 <th> Google</th> 1120 <th> AOSP</th> 1121 <th> </th> 1122 </tr> 1123 <tr> 1124 <td>CVE-2016-6723</td> 1125 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/d5b0d0b1df2e1a7943a4bb2034fd21487edd0264">A-30100884</a> 1126 [<a href="https://android.googlesource.com/platform/frameworks/base/+/31f351160cdfd9dbe9919682ebe41bde3bcf91c6">2</a>] 1127 </td> 1128 <td></td> 1129 <td></td> 1130 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0</td> 1131 <td>11 2016.</td> 1132 </tr> 1133 </table> 1134 <h3 id="dos-in-input-manager-service"> </h3> 1135 <p> 1136 . , , . 1137 </p> 1138 <table> 1139 <col width="18%"> 1140 <col width="18%"> 1141 <col width="10%"> 1142 <col width="19%"> 1143 <col width="17%"> 1144 <col width="17%"> 1145 <tr> 1146 <th>CVE</th> 1147 <th></th> 1148 <th> </th> 1149 <th> Google</th> 1150 <th> AOSP</th> 1151 <th> </th> 1152 </tr> 1153 <tr> 1154 <td>CVE-2016-6724</td> 1155 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/7625010a2d22f8c3f1aeae2ef88dde37cbebd0bf"> 1156 A-30568284</a> 1157 </td> 1158 <td></td> 1159 <td></td> 1160 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0</td> 1161 <td> Google</td> 1162 </tr> 1163 </table> 1164 <h2 id="2016-11-05-details"> ( 2016-11-05)</h2> 1165 <p> 1166 1167 <a href="#2016-11-05-summary"> </a> : , CVE, , , Google AOSP ( ), . , , (, AOSP), . 1168 </p> 1169 <h3 id="rce-in-qualcomm-crypto-driver"> Qualcomm</h3> 1170 <p> 1171 . 1172 - . 1173 </p> 1174 <table> 1175 <col width="19%"> 1176 <col width="20%"> 1177 <col width="10%"> 1178 <col width="23%"> 1179 <col width="17%"> 1180 <tr> 1181 <th>CVE</th> 1182 <th></th> 1183 <th> </th> 1184 <th> Google</th> 1185 <th> </th> 1186 </tr> 1187 <tr> 1188 <td>CVE-2016-6725</td> 1189 <td>A-30515053<br> 1190 <a href="https://source.codeaurora.org/quic/la//kernel/msm-3.10/commit/?id=cc95d644ee8a043f2883d65dda20e16f95041de3">QC-CR#1050970</a></td> 1191 <td></td> 1192 <td>Nexus5X, Nexus6, Nexus6P, AndroidOne, Pixel, PixelXL</td> 1193 <td>25 2016.</td> 1194 </tr> 1195 </table> 1196 <h3 id="eop-in-kernel-file-system"> </h3> 1197 <p> 1198 . , - . , . 1199 </p> 1200 <table> 1201 <col width="19%"> 1202 <col width="20%"> 1203 <col width="10%"> 1204 <col width="23%"> 1205 <col width="17%"> 1206 <tr> 1207 <th>CVE</th> 1208 <th></th> 1209 <th> </th> 1210 <th> Google</th> 1211 <th> </th> 1212 </tr> 1213 <tr> 1214 <td>CVE-2015-8961</td> 1215 <td>A-30952474 1216 <br> 1217 <a href="https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6934da9238da947628be83635e365df41064b09b">Upstream 1218 kernel</a></td> 1219 <td></td> 1220 <td>Pixel, PixelXL</td> 1221 <td>18 2015.</td> 1222 </tr> 1223 <tr> 1224 <td>CVE-2016-7911</td> 1225 <td>A-30946378 1226 <br> 1227 <a href="https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=8ba8682107ee2ca3347354e018865d8e1967c5f4">Upstream 1228 kernel</a></td> 1229 <td></td> 1230 <td>Nexus5X, Nexus6, Nexus6P, Nexus9, AndroidOne, PixelC, Nexus Player, 1231 Pixel, PixelXL</td> 1232 <td>1 2016.</td> 1233 </tr> 1234 <tr> 1235 <td>CVE-2016-7910</td> 1236 <td>A-30942273 1237 <br> 1238 <a href="https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=77da160530dd1dc94f6ae15a981f24e5f0021e84">Upstream 1239 kernel</a></td> 1240 <td></td> 1241 <td>Nexus5X, Nexus6, Nexus6P, Nexus9, AndroidOne, PixelC, Nexus Player, 1242 Pixel, PixelXL</td> 1243 <td>29 2016.</td> 1244 </tr> 1245 </table> 1246 <h3 id="eop-in-kernel-scsi-driver"> SCSI- </h3> 1247 <p> 1248 . , - . , . 1249 </p> 1250 <table> 1251 <col width="19%"> 1252 <col width="20%"> 1253 <col width="10%"> 1254 <col width="23%"> 1255 <col width="17%"> 1256 <tr> 1257 <th>CVE</th> 1258 <th></th> 1259 <th> </th> 1260 <th> Google</th> 1261 <th> </th> 1262 </tr> 1263 <tr> 1264 <td>CVE-2015-8962</td> 1265 <td>A-30951599 1266 <br> 1267 <a href="https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f3951a3709ff50990bf3e188c27d346792103432">Upstream 1268 kernel</a></td> 1269 <td></td> 1270 <td>Pixel, PixelXL</td> 1271 <td>30 2015.</td> 1272 </tr> 1273 </table> 1274 <h3 id="eop-in-kernel-media-driver"> </h3> 1275 <p> 1276 . , - . , . 1277 </p> 1278 <table> 1279 <col width="19%"> 1280 <col width="20%"> 1281 <col width="10%"> 1282 <col width="23%"> 1283 <col width="17%"> 1284 <tr> 1285 <th>CVE</th> 1286 <th></th> 1287 <th> </th> 1288 <th> Google</th> 1289 <th> </th> 1290 </tr> 1291 <tr> 1292 <td>CVE-2016-7913</td> 1293 <td>A-30946097 1294 <br> 1295 <a href="https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=8dfbcc4351a0b6d2f2d77f367552f48ffefafe18">Upstream 1296 kernel</a></td> 1297 <td></td> 1298 <td>Nexus6P, AndroidOne, Nexus Player, Pixel, PixelXL</td> 1299 <td>28 2016.</td> 1300 </tr> 1301 </table> 1302 <h3 id="eop-in-kernel-usb-driver"> USB- </h3> 1303 <p> 1304 . , - . , . 1305 </p> 1306 <table> 1307 <col width="19%"> 1308 <col width="20%"> 1309 <col width="10%"> 1310 <col width="23%"> 1311 <col width="17%"> 1312 <tr> 1313 <th>CVE</th> 1314 <th></th> 1315 <th> </th> 1316 <th> Google</th> 1317 <th> </th> 1318 </tr> 1319 <tr> 1320 <td>CVE-2016-7912</td> 1321 <td>A-30950866 1322 <br> 1323 <a href="https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=38740a5b87d53ceb89eb2c970150f6e94e00373a">Upstream 1324 kernel</a></td> 1325 <td></td> 1326 <td>PixelC, Pixel, PixelXL</td> 1327 <td>14 2016.</td> 1328 </tr> 1329 </table> 1330 <h3 id="eop-in-kernel-ion-subsystem"> ION </h3> 1331 <p> 1332 . , - . , . 1333 </p> 1334 <table> 1335 <col width="19%"> 1336 <col width="20%"> 1337 <col width="10%"> 1338 <col width="23%"> 1339 <col width="17%"> 1340 <tr> 1341 <th>CVE</th> 1342 <th></th> 1343 <th> </th> 1344 <th> Google</th> 1345 <th> </th> 1346 </tr> 1347 <tr> 1348 <td>CVE-2016-6728</td> 1349 <td>A-30400942*</td> 1350 <td></td> 1351 <td>Nexus5, Nexus5X, Nexus6, Nexus6P, Nexus9, Nexus Player, PixelC, 1352 AndroidOne</td> 1353 <td>25 2016.</td> 1354 </tr> 1355 </table> 1356 <p> 1357 * . Google, <a href="https://developers.google.com/android/nexus/drivers"> </a>. 1358 </p> 1359 <h3 id="eop-in-qualcomm-bootloader"> Qualcomm</h3> 1360 <p> 1361 . , - . , . 1362 </p> 1363 <table> 1364 <col width="19%"> 1365 <col width="20%"> 1366 <col width="10%"> 1367 <col width="23%"> 1368 <col width="17%"> 1369 <tr> 1370 <th>CVE</th> 1371 <th></th> 1372 <th> </th> 1373 <th> Google</th> 1374 <th> </th> 1375 </tr> 1376 <tr> 1377 <td>CVE-2016-6729</td> 1378 <td>A-30977990* 1379 <br> 1380 QC-CR#977684</td> 1381 <td></td> 1382 <td>Nexus5X, Nexus6, Nexus6P, AndroidOne, Pixel, PixelXL</td> 1383 <td>25 2016.</td> 1384 </tr> 1385 </table> 1386 <p> 1387 * . Google, <a href="https://developers.google.com/android/nexus/drivers"> </a>. 1388 </p> 1389 <h3 id="eop-in-nvidia-gpu-driver"> NVIDIA </h3> 1390 <p> 1391 . , - . , . 1392 </p> 1393 <table> 1394 <col width="19%"> 1395 <col width="20%"> 1396 <col width="10%"> 1397 <col width="23%"> 1398 <col width="17%"> 1399 <tr> 1400 <th>CVE</th> 1401 <th></th> 1402 <th> </th> 1403 <th> Google</th> 1404 <th> </th> 1405 </tr> 1406 <tr> 1407 <td>CVE-2016-6730</td> 1408 <td>A-30904789*<br> 1409 N-CVE-2016-6730</td> 1410 <td></td> 1411 <td>Pixel</td> 1412 <td>16 2016.</td> 1413 </tr> 1414 <tr> 1415 <td>CVE-2016-6731</td> 1416 <td>A-30906023*<br> 1417 N-CVE-2016-6731</td> 1418 <td></td> 1419 <td>Pixel</td> 1420 <td>16 2016.</td> 1421 </tr> 1422 <tr> 1423 <td>CVE-2016-6732</td> 1424 <td>A-30906599*<br> 1425 N-CVE-2016-6732</td> 1426 <td></td> 1427 <td>Pixel</td> 1428 <td>16 2016.</td> 1429 </tr> 1430 <tr> 1431 <td>CVE-2016-6733</td> 1432 <td>A-30906694*<br> 1433 N-CVE-2016-6733</td> 1434 <td></td> 1435 <td>Pixel</td> 1436 <td>16 2016.</td> 1437 </tr> 1438 <tr> 1439 <td>CVE-2016-6734</td> 1440 <td>A-30907120*<br> 1441 N-CVE-2016-6734</td> 1442 <td></td> 1443 <td>Pixel</td> 1444 <td>16 2016.</td> 1445 </tr> 1446 <tr> 1447 <td>CVE-2016-6735</td> 1448 <td>A-30907701*<br> 1449 N-CVE-2016-6735</td> 1450 <td></td> 1451 <td>Pixel</td> 1452 <td>16 2016.</td> 1453 </tr> 1454 <tr> 1455 <td>CVE-2016-6736</td> 1456 <td>A-30953284*<br> 1457 N-CVE-2016-6736</td> 1458 <td></td> 1459 <td>Pixel</td> 1460 <td>18 2016.</td> 1461 </tr> 1462 </table> 1463 <p> 1464 * . Google, <a href="https://developers.google.com/android/nexus/drivers"> </a>. 1465 </p> 1466 <h3 id="eop-in-kernel-networking-subsystem"> </h3> 1467 <p> 1468 . , - . , . 1469 </p> 1470 <table> 1471 <col width="19%"> 1472 <col width="20%"> 1473 <col width="10%"> 1474 <col width="23%"> 1475 <col width="17%"> 1476 <tr> 1477 <th>CVE</th> 1478 <th></th> 1479 <th> </th> 1480 <th> Google</th> 1481 <th> </th> 1482 </tr> 1483 <tr> 1484 <td>CVE-2016-6828</td> 1485 <td>A-31183296 1486 <br> 1487 <a href="https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/include/net/tcp.h?id=bb1fceca22492109be12640d49f5ea5a544c6bb4">Upstream 1488 kernel</a></td> 1489 <td></td> 1490 <td>Nexus5X, Nexus6, Nexus6P, Nexus9, AndroidOne, PixelC, Nexus Player, 1491 Pixel, PixelXL</td> 1492 <td>18 2016.</td> 1493 </tr> 1494 </table> 1495 <h3 id="eop-in-kernel-sound-subsystem"> </h3> 1496 <p> 1497 . , - . , . 1498 </p> 1499 <table> 1500 <col width="19%"> 1501 <col width="20%"> 1502 <col width="10%"> 1503 <col width="23%"> 1504 <col width="17%"> 1505 <tr> 1506 <th>CVE</th> 1507 <th></th> 1508 <th> </th> 1509 <th> Google</th> 1510 <th> </th> 1511 </tr> 1512 <tr> 1513 <td>CVE-2016-2184</td> 1514 <td>A-30952477 1515 <br> 1516 <a href="https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=836b34a935abc91e13e63053d0a83b24dfb5ea78">Upstream 1517 kernel</a></td> 1518 <td></td> 1519 <td>Nexus5X, Nexus6, Nexus6P, Nexus9, AndroidOne, PixelC, Nexus Player, 1520 Pixel, PixelXL</td> 1521 <td>31 2016.</td> 1522 </tr> 1523 </table> 1524 <h3 id="eop-in-kernel-ion-subsystem-1"> ION </h3> 1525 <p> 1526 . , - . , . 1527 </p> 1528 <table> 1529 <col width="19%"> 1530 <col width="20%"> 1531 <col width="10%"> 1532 <col width="23%"> 1533 <col width="17%"> 1534 <tr> 1535 <th>CVE</th> 1536 <th></th> 1537 <th> </th> 1538 <th> Google</th> 1539 <th> </th> 1540 </tr> 1541 <tr> 1542 <td>CVE-2016-6737</td> 1543 <td>A-30928456*</td> 1544 <td></td> 1545 <td>Nexus5X, Nexus6, Nexus6P, AndroidOne, PixelC, Nexus Player, Pixel, 1546 PixelXL</td> 1547 <td> Google</td> 1548 </tr> 1549 </table> 1550 <p> 1551 * . Google, <a href="https://developers.google.com/android/nexus/drivers"> </a>. 1552 </p> 1553 <h3 id="vulnerabilities-in-qualcomm-components"> Qualcomm</h3> 1554 <p> 1555 , Qualcomm, Qualcomm AMSS 2016 80-NV606-17. 1556 </p> 1557 <table> 1558 <col width="19%"> 1559 <col width="20%"> 1560 <col width="10%"> 1561 <col width="23%"> 1562 <col width="17%"> 1563 <tr> 1564 <th>CVE</th> 1565 <th></th> 1566 <th> *</th> 1567 <th> Google</th> 1568 <th> </th> 1569 </tr> 1570 <tr> 1571 <td>CVE-2016-6727</td> 1572 <td>A-31092400**</td> 1573 <td></td> 1574 <td>AndroidOne</td> 1575 <td> Qualcomm</td> 1576 </tr> 1577 <tr> 1578 <td>CVE-2016-6726</td> 1579 <td>A-30775830**</td> 1580 <td></td> 1581 <td>Nexus6, AndroidOne</td> 1582 <td> Qualcomm</td> 1583 </tr> 1584 </table> 1585 <p>* Qualcomm.</p> 1586 <p> 1587 ** . Google, <a href="https://developers.google.com/android/nexus/drivers"> </a>. 1588 </p> 1589 <h3 id="rce-in-expat"> Expat</h3> 1590 <p> 1591 , Expat. 1592 . - , . 1593 </p> 1594 <table> 1595 <col width="18%"> 1596 <col width="18%"> 1597 <col width="10%"> 1598 <col width="19%"> 1599 <col width="17%"> 1600 <col width="17%"> 1601 <tr> 1602 <th>CVE</th> 1603 <th></th> 1604 <th> </th> 1605 <th> Google</th> 1606 <th> AOSP</th> 1607 <th> </th> 1608 </tr> 1609 1610 <tr> 1611 <td>CVE-2016-0718</td> 1612 <td><a href="https://android.googlesource.com/platform/external/expat/+/52ac633b73856ded34b33bd4adb4ab793bbbe963"> 1613 A-28698301</a></td> 1614 <td></td> 1615 <td>*</td> 1616 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 1617 <td>10 2016.</td> 1618 </tr> 1619 <tr> 1620 <td>CVE-2012-6702</td> 1621 <td><a href="https://android.googlesource.com/platform/external/expat/+/a11ff32280a863bff93df13ad643912ad9bf1302"> 1622 A-29149404</a></td> 1623 <td></td> 1624 <td>*</td> 1625 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 1626 <td>6 2016.</td> 1627 </tr> 1628 <tr> 1629 <td>CVE-2016-5300</td> 1630 <td><a href="https://android.googlesource.com/platform/external/expat/+/a11ff32280a863bff93df13ad643912ad9bf1302"> 1631 A-29149404</a></td> 1632 <td></td> 1633 <td>*</td> 1634 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 1635 <td>4 2016.</td> 1636 </tr> 1637 <tr> 1638 <td>CVE-2015-1283</td> 1639 <td><a href="https://android.googlesource.com/platform/external/expat/+/13b40c2040a17038b63a61e2b112c634da203d3b"> 1640 A-27818751</a></td> 1641 <td></td> 1642 <td>*</td> 1643 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 1644 <td>24 2015.</td> 1645 </tr> 1646 </table> 1647 1648 <p> 1649 * Google Android7.0, . 1650 </p> 1651 <h3 id="rce-in-webview"> Webview</h3> 1652 <p> 1653 . - . 1654 </p> 1655 <table> 1656 <col width="18%"> 1657 <col width="18%"> 1658 <col width="10%"> 1659 <col width="19%"> 1660 <col width="17%"> 1661 <col width="17%"> 1662 <tr> 1663 <th>CVE</th> 1664 <th></th> 1665 <th> </th> 1666 <th> Google</th> 1667 <th> AOSP</th> 1668 <th> </th> 1669 </tr> 1670 <tr> 1671 <td>CVE-2016-6754</td> 1672 <td>A-31217937</td> 1673 <td></td> 1674 <td>*</td> 1675 <td>5.0.2, 5.1.1, 6.0, 6.0.1</td> 1676 <td>23 2016.</td> 1677 </tr> 1678 </table> 1679 <p> 1680 * Google Android7.0, . 1681 </p> 1682 <h3 id="rce-in-freetype"> Freetype</h3> 1683 <p> 1684 , . - , . 1685 </p> 1686 <table> 1687 <col width="18%"> 1688 <col width="18%"> 1689 <col width="10%"> 1690 <col width="19%"> 1691 <col width="17%"> 1692 <col width="17%"> 1693 <tr> 1694 <th>CVE</th> 1695 <th></th> 1696 <th> </th> 1697 <th> Google</th> 1698 <th> AOSP</th> 1699 <th> </th> 1700 </tr> 1701 <tr> 1702 <td>CVE-2014-9675</td> 1703 <td><a href="https://android.googlesource.com/platform/external/freetype/+/f720f0dbcf012d6c984dbbefa0875ef9840458c6">A-24296662</a> 1704 [<a href="https://android.googlesource.com/platform/external/pdfium/+/96f965ff7411f1edba72140fd70740e63cabec71">2</a>] 1705 </td> 1706 <td></td> 1707 <td>*</td> 1708 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 1709 <td> Google</td> 1710 </tr> 1711 </table> 1712 <p> 1713 * Google Android7.0, . 1714 </p> 1715 <h3 id="eop-in-kernel-performance-subsystem"> </h3> 1716 <p> 1717 1718 . , . 1719 </p> 1720 <table> 1721 <col width="19%"> 1722 <col width="20%"> 1723 <col width="10%"> 1724 <col width="23%"> 1725 <col width="17%"> 1726 <tr> 1727 <th>CVE</th> 1728 <th></th> 1729 <th> </th> 1730 <th> Google</th> 1731 <th> </th> 1732 </tr> 1733 <tr> 1734 <td>CVE-2015-8963</td> 1735 <td>A-30952077 1736 <br> 1737 <a href="https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=12ca6ad2e3a896256f086497a7c7406a547ee373">Upstream 1738 kernel</a></td> 1739 <td></td> 1740 <td>Nexus5X, Nexus6, Nexus6P, Nexus9, AndroidOne, PixelC, Nexus Player, 1741 Pixel, PixelXL</td> 1742 <td>15 2015.</td> 1743 </tr> 1744 </table> 1745 <h3 id="eop-in-kernel-system-call-auditing-subsystem"> </h3> 1746 <p> 1747 . , . 1748 </p> 1749 <table> 1750 <col width="19%"> 1751 <col width="20%"> 1752 <col width="10%"> 1753 <col width="23%"> 1754 <col width="17%"> 1755 <tr> 1756 <th>CVE</th> 1757 <th></th> 1758 <th> </th> 1759 <th> Google</th> 1760 <th> </th> 1761 </tr> 1762 <tr> 1763 <td>CVE-2016-6136</td> 1764 <td>A-30956807 1765 <br> 1766 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=43761473c254b45883a64441dd0bc85a42f3645c">Upstream 1767 kernel</a></td> 1768 <td></td> 1769 <td>AndroidOne, PixelC, Nexus Player</td> 1770 <td>1 2016.</td> 1771 </tr> 1772 </table> 1773 <h3 id="eop-in-qualcomm-crypto-engine-driver"> Qualcomm </h3> 1774 <p> 1775 . , . 1776 </p> 1777 <table> 1778 <col width="19%"> 1779 <col width="20%"> 1780 <col width="10%"> 1781 <col width="23%"> 1782 <col width="17%"> 1783 <tr> 1784 <th>CVE</th> 1785 <th></th> 1786 <th> </th> 1787 <th> Google</th> 1788 <th> </th> 1789 </tr> 1790 <tr> 1791 <td>CVE-2016-6738</td> 1792 <td>A-30034511 1793 <br> 1794 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=a829c54236b455885c3e9c7c77ac528b62045e79">QC-CR#1050538</a></td> 1795 <td></td> 1796 <td>Nexus5X, Nexus6, Nexus6P, AndroidOne, Pixel, PixelXL</td> 1797 <td>7 2016.</td> 1798 </tr> 1799 </table> 1800 <h3 id="eop-in-qualcomm-camera-driver"> Qualcomm </h3> 1801 <p> 1802 . , . 1803 </p> 1804 <table> 1805 <col width="19%"> 1806 <col width="20%"> 1807 <col width="10%"> 1808 <col width="23%"> 1809 <col width="17%"> 1810 <tr> 1811 <th>CVE</th> 1812 <th></th> 1813 <th> </th> 1814 <th> Google</th> 1815 <th> </th> 1816 </tr> 1817 <tr> 1818 <td>CVE-2016-6739</td> 1819 <td>A-30074605*<br> 1820 QC-CR#1049826</td> 1821 <td></td> 1822 <td>Nexus5X, Nexus6P, Pixel, PixelXL</td> 1823 <td>11 2016.</td> 1824 </tr> 1825 <tr> 1826 <td>CVE-2016-6740</td> 1827 <td>A-30143904 1828 <br> 1829 <a href="https://source.codeaurora.org/quic/la//kernel/msm-3.10/commit/?id=ef78bd62f0c064ae4c827e158d828b2c110ebcdc">QC-CR#1056307</a></td> 1830 <td></td> 1831 <td>Nexus5X, Nexus6, Nexus6P, AndroidOne, Pixel, PixelXL</td> 1832 <td>12 2016.</td> 1833 </tr> 1834 <tr> 1835 <td>CVE-2016-6741</td> 1836 <td>A-30559423 1837 <br> 1838 <a href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?id=d291eebd8e43bba3229ae7ef9146a132894dc293">QC-CR#1060554</a></td> 1839 <td></td> 1840 <td>Nexus5X, Nexus6, Nexus6P, AndroidOne, Pixel, PixelXL</td> 1841 <td>28 2016.</td> 1842 </tr> 1843 </table> 1844 <p> 1845 * . Google, <a href="https://developers.google.com/android/nexus/drivers"> </a>. 1846 </p> 1847 <h3 id="eop-in-qualcomm-bus-driver"> Qualcomm</h3> 1848 <p> 1849 . , . 1850 </p> 1851 <table> 1852 <col width="19%"> 1853 <col width="20%"> 1854 <col width="10%"> 1855 <col width="23%"> 1856 <col width="17%"> 1857 <tr> 1858 <th>CVE</th> 1859 <th></th> 1860 <th> </th> 1861 <th> Google</th> 1862 <th> </th> 1863 </tr> 1864 <tr> 1865 <td>CVE-2016-3904</td> 1866 <td>A-30311977 1867 <br> 1868 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=069683407ca9a820d05c914b57c587bcd3f16a3a">QC-CR#1050455</a></td> 1869 <td></td> 1870 <td>Nexus5X, Nexus6P, Pixel, PixelXL</td> 1871 <td>22 2016.</td> 1872 </tr> 1873 </table> 1874 <h3 id="eop-in-synaptics-touchscreen-driver"> Synaptics</h3> 1875 <p> 1876 1877 . , . 1878 </p> 1879 <table> 1880 <col width="19%"> 1881 <col width="20%"> 1882 <col width="10%"> 1883 <col width="23%"> 1884 <col width="17%"> 1885 <tr> 1886 <th>CVE</th> 1887 <th></th> 1888 <th> </th> 1889 <th> Google</th> 1890 <th> </th> 1891 </tr> 1892 <tr> 1893 <td>CVE-2016-6742</td> 1894 <td>A-30799828*</td> 1895 <td></td> 1896 <td>Nexus5X, AndroidOne</td> 1897 <td>9 2016.</td> 1898 </tr> 1899 <tr> 1900 <td>CVE-2016-6744</td> 1901 <td>A-30970485*</td> 1902 <td></td> 1903 <td>Nexus5X</td> 1904 <td>19 2016.</td> 1905 </tr> 1906 <tr> 1907 <td>CVE-2016-6745</td> 1908 <td>A-31252388*</td> 1909 <td></td> 1910 <td>Nexus5X, Nexus6P, Nexus9, AndroidOne, Pixel, PixelXL</td> 1911 <td>1 2016.</td> 1912 </tr> 1913 <tr> 1914 <td>CVE-2016-6743</td> 1915 <td>A-30937462*</td> 1916 <td></td> 1917 <td>Nexus9, AndroidOne</td> 1918 <td> Google</td> 1919 </tr> 1920 </table> 1921 <p> 1922 * . Google, <a href="https://developers.google.com/android/nexus/drivers"> </a>. 1923 </p> 1924 <h3 id="id-in-kernel-components"> </h3> 1925 <p> 1926 . 1927 - . 1928 </p> 1929 <table> 1930 <col width="19%"> 1931 <col width="20%"> 1932 <col width="10%"> 1933 <col width="23%"> 1934 <col width="17%"> 1935 <tr> 1936 <th>CVE</th> 1937 <th></th> 1938 <th> </th> 1939 <th> Google</th> 1940 <th> </th> 1941 </tr> 1942 <tr> 1943 <td>CVE-2015-8964</td> 1944 <td>A-30951112 1945 <br> 1946 <a href="https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=dd42bf1197144ede075a9d4793123f7689e164bc">Upstream 1947 kernel</a></td> 1948 <td></td> 1949 <td>Nexus5X, Nexus6, Nexus6P, Nexus9, AndroidOne, PixelC, Nexus Player, 1950 Pixel, PixelXL</td> 1951 <td>27 2015.</td> 1952 </tr> 1953 <tr> 1954 <td>CVE-2016-7915</td> 1955 <td>A-30951261 1956 <br> 1957 <a href="https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=50220dead1650609206efe91f0cc116132d59b3f">Upstream 1958 kernel</a></td> 1959 <td></td> 1960 <td>Nexus5X, Nexus6, Nexus6P, Nexus9, AndroidOne, PixelC, Nexus Player, 1961 Pixel, PixelXL</td> 1962 <td>19 2016.</td> 1963 </tr> 1964 <tr> 1965 <td>CVE-2016-7914</td> 1966 <td>A-30513364 1967 <br> 1968 <a href="https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=8d4a2ec1e0b41b0cf9a0c5cd4511da7f8e4f3de2">Upstream 1969 kernel</a></td> 1970 <td></td> 1971 <td>PixelC, Pixel, PixelXL</td> 1972 <td>6 2016.</td> 1973 </tr> 1974 <tr> 1975 <td>CVE-2016-7916</td> 1976 <td>A-30951939 1977 <br> 1978 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8148a73c9901a8794a50f950083c00ccf97d43b3">Upstream 1979 kernel</a></td> 1980 <td></td> 1981 <td>Nexus5X, Nexus6, Nexus6P, Nexus9, AndroidOne, PixelC, Nexus Player, 1982 Pixel, PixelXL</td> 1983 <td>5 2016.</td> 1984 </tr> 1985 </table> 1986 <h3 id="id-in-nvidia-gpu-driver"> NVIDIA </h3> 1987 <p> 1988 . 1989 - . 1990 </p> 1991 <table> 1992 <col width="19%"> 1993 <col width="20%"> 1994 <col width="10%"> 1995 <col width="23%"> 1996 <col width="17%"> 1997 <tr> 1998 <th>CVE</th> 1999 <th></th> 2000 <th> </th> 2001 <th> Google</th> 2002 <th> </th> 2003 </tr> 2004 <tr> 2005 <td>CVE-2016-6746</td> 2006 <td>A-30955105*<br> 2007 N-CVE-2016-6746</td> 2008 <td></td> 2009 <td>Pixel</td> 2010 <td>18 2016.</td> 2011 </tr> 2012 </table> 2013 <p> 2014 * . Google, <a href="https://developers.google.com/android/nexus/drivers"> </a>. 2015 </p> 2016 <h3 id="dos-in-mediaserver-1"> mediaserver</h3> 2017 <p> 2018 2019 . 2020 , 2021 . 2022 </p> 2023 <table> 2024 <col width="19%"> 2025 <col width="20%"> 2026 <col width="10%"> 2027 <col width="23%"> 2028 <col width="17%"> 2029 <tr> 2030 <th>CVE</th> 2031 <th></th> 2032 <th> </th> 2033 <th> Google</th> 2034 <th> </th> 2035 </tr> 2036 <tr> 2037 <td>CVE-2016-6747</td> 2038 <td>A-31244612*<br> 2039 N-CVE-2016-6747</td> 2040 <td></td> 2041 <td>Nexus9</td> 2042 <td> Google</td> 2043 </tr> 2044 </table> 2045 <p> 2046 * . Google, <a href="https://developers.google.com/android/nexus/drivers"> </a>. 2047 </p> 2048 <h3 id="id-in-kernel-components-1"> </h3> 2049 <p> 2050 . , . 2051 </p> 2052 <table> 2053 <col width="19%"> 2054 <col width="20%"> 2055 <col width="10%"> 2056 <col width="23%"> 2057 <col width="17%"> 2058 <tr> 2059 <th>CVE</th> 2060 <th></th> 2061 <th> </th> 2062 <th> Google</th> 2063 <th> </th> 2064 </tr> 2065 <tr> 2066 <td>CVE-2016-7917</td> 2067 <td>A-30947055 2068 <br> 2069 <a href="https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c58d6c93680f28ac58984af61d0a7ebf4319c241">Upstream 2070 kernel</a></td> 2071 <td></td> 2072 <td>PixelC, Pixel, PixelXL</td> 2073 <td>2 2016.</td> 2074 </tr> 2075 <tr> 2076 <td>CVE-2016-6753</td> 2077 <td>A-30149174*</td> 2078 <td></td> 2079 <td>Nexus5X, Nexus6, Nexus6P, Nexus9, PixelC, Nexus Player, Pixel, PixelXL</td> 2080 <td>13 2016.</td> 2081 </tr> 2082 </table> 2083 <p> 2084 * . Google, <a href="https://developers.google.com/android/nexus/drivers"> </a>. 2085 </p> 2086 <h3 id="id-in-qualcomm-components"> Qualcomm</h3> 2087 <p> 2088 . 2089 , . 2090 </p> 2091 <table> 2092 <col width="19%"> 2093 <col width="20%"> 2094 <col width="10%"> 2095 <col width="23%"> 2096 <col width="17%"> 2097 <tr> 2098 <th>CVE</th> 2099 <th></th> 2100 <th> </th> 2101 <th> Google</th> 2102 <th> </th> 2103 </tr> 2104 <tr> 2105 <td>CVE-2016-6748</td> 2106 <td>A-30076504 2107 <br> 2108 <a href="https://source.codeaurora.org/quic/la//kernel/msm-3.10/commit/?id=be651d020b122a1ba9410d23ca4ebbe9f5598df6">QC-CR#987018</a></td> 2109 <td></td> 2110 <td>Nexus5X, Nexus6, Nexus6P, AndroidOne, Pixel, PixelXL</td> 2111 <td>12 2016.</td> 2112 </tr> 2113 <tr> 2114 <td>CVE-2016-6749</td> 2115 <td>A-30228438 2116 <br> 2117 <a href="https://source.codeaurora.org/quic/la//kernel/msm-3.10/commit/?id=f9185dc83b92e7d1ee341e32e8cf5ed00a7253a7">QC-CR#1052818</a></td> 2118 <td></td> 2119 <td>Nexus5X, Nexus6P, Pixel, PixelXL</td> 2120 <td>12 2016.</td> 2121 </tr> 2122 <tr> 2123 <td>CVE-2016-6750</td> 2124 <td>A-30312054 2125 <br> 2126 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=34bda711a1c7bc7f9fd7bea3a5be439ed00577e5">QC-CR#1052825</a></td> 2127 <td></td> 2128 <td>Nexus5X, Nexus6, Nexus6P, AndroidOne, Pixel, PixelXL</td> 2129 <td>21 2016.</td> 2130 </tr> 2131 <tr> 2132 <td>CVE-2016-3906</td> 2133 <td>A-30445973 2134 <br> 2135 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=b333d32745fec4fb1098ee1a03d4425f3c1b4c2e">QC-CR#1054344</a></td> 2136 <td></td> 2137 <td>Nexus5X, Nexus6P</td> 2138 <td>27 2016.</td> 2139 </tr> 2140 <tr> 2141 <td>CVE-2016-3907</td> 2142 <td>A-30593266 2143 <br> 2144 <a href="https://source.codeaurora.org/quic/la//kernel/msm-3.10/commit/?id=744330f4e5d70dce71c4c9e03c5b6a8b59bb0cda">QC-CR#1054352</a></td> 2145 <td></td> 2146 <td>Nexus5X, Nexus6P, Pixel, PixelXL</td> 2147 <td>2 2016.</td> 2148 </tr> 2149 <tr> 2150 <td>CVE-2016-6698</td> 2151 <td>A-30741851 2152 <br> 2153 <a href="https://source.codeaurora.org/quic/la//kernel/msm-3.10/commit/?id=de90beb76ad0b80da821c3b857dd30cd36319e61">QC-CR#1058826</a></td> 2154 <td></td> 2155 <td>Nexus5X, Nexus6P, AndroidOne, Pixel, PixelXL</td> 2156 <td>2 2016.</td> 2157 </tr> 2158 <tr> 2159 <td>CVE-2016-6751</td> 2160 <td>A-30902162*<br> 2161 QC-CR#1062271</td> 2162 <td></td> 2163 <td>Nexus5X, Nexus6, Nexus6P, AndroidOne, Pixel, PixelXL</td> 2164 <td>15 2016.</td> 2165 </tr> 2166 <tr> 2167 <td>CVE-2016-6752</td> 2168 <td>A-31498159 2169 <br> 2170 <a href="https://source.codeaurora.org/quic/la//kernel/msm-3.18/commit/?h=0de2c7600c8f1f0152a2f421c6593f931186400a">QC-CR#987051</a></td> 2171 <td></td> 2172 <td>Nexus5X, Nexus6, Nexus6P, AndroidOne, Pixel, PixelXL</td> 2173 <td> Google</td> 2174 </tr> 2175 </table> 2176 <p> 2177 * . Google, <a href="https://developers.google.com/android/nexus/drivers"> </a>. 2178 </p> 2179 2180 <h2 id="2016-11-06-details"> ( 2016-11-06)</h2> 2181 <p> 2182 <a href="#2016-11-06-summary"> </a> : , CVE, , , Google AOSP ( ), . , , (, AOSP), . 2183 </p> 2184 <h3 id="eop-in-kernel-memory-subsystem"> </h3> 2185 <p> 2186 . , - . , . 2187 </p> 2188 <p> 2189 <strong>.</strong> 6 2016 , , 2016-11-01 2016-11-05. 2190 </p> 2191 <table> 2192 <tr> 2193 <th>CVE</th> 2194 <th></th> 2195 <th> </th> 2196 <th> </th> 2197 <th> </th> 2198 </tr> 2199 <tr> 2200 <td>CVE-2016-5195</td> 2201 <td>A-32141528<br> 2202 <a href="https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=9691eac5593ff1e2f82391ad327f21d90322aec1">Upstream kernel</a> 2203 [<a href="https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=e45a502bdeae5a075257c4f061d1ff4ff0821354">2</a>]</td> 2204 <td></td> 2205 <td>3.10, 3.18</td> 2206 <td>12 2016.</td> 2207 </tr> 2208 </table> 2209 <h2 id="common-questions-and-answers"> </h2> 2210 <p> 2211 , 2212 . 2213 </p> 2214 <p> 2215 <strong>1. , , ?</strong> 2216 </p> 2217 <p> 2218 , 2219 , <a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices"> </a>. 2220 </p> 2221 <ul> 2222 <li> 1 2016 , 2016-11-01.</li> 2223 <li> 5 2016 , 2016-11-05.</li> 2224 <li> 6 2016 , 2016-11-06.</li> 2225 </ul> 2226 <p> 2227 , , : 2228 </p> 2229 <ul> 2230 <li>[ro.build.version.security_patch]:[2016-11-01];</li> 2231 <li>[ro.build.version.security_patch]:[2016-11-05];</li> 2232 <li>[ro.build.version.security_patch]:[2016-11-06].</li> 2233 </ul> 2234 <p> 2235 <strong>2. ?</strong> 2236 </p> 2237 <p> 2238 , , Android. Android . 2239 </p> 2240 <ul> 2241 <li> 1 2016 , , .</li> 2242 <li> 5 2016 , .</li> 2243 <li> 6 2016 , .</li> 2244 </ul> 2245 <p> 2246 . 2247 </p> 2248 <p id="google-devices"> 2249 <strong>3. , Google ?</strong> 2250 </p> 2251 <p> 2252 <a href="#2016-11-01-details">2016-11-01</a>, <a href="#2016-11-05-details">2016-11-05</a> <a href="#2016-11-06-details">2016-11-06</a> <em> Google</em>. , . 2253 </p> 2254 <ul> 2255 <li><strong> .</strong> <em></em> <a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices"> Google</a>: Nexus5, Nexus5X, Nexus6, Nexus6P, Nexus7 (2013), Nexus9, AndroidOne, Nexus Player, PixelC, Pixel Pixel XL.</li> 2256 <li><strong> .</strong> <em></em> , .</li> 2257 <li><strong>.</strong> Google.<em></em></li> 2258 </ul> 2259 <p> 2260 <strong>4. ""?</strong> 2261 </p> 2262 <p> 2263 <em></em>. 2264 , 2265 , : 2266 </p> 2267 <table> 2268 <tr> 2269 <th></th> 2270 <th></th> 2271 </tr> 2272 <tr> 2273 <td>A-</td> 2274 <td> Android</td> 2275 </tr> 2276 <tr> 2277 <td>QC-</td> 2278 <td> Qualcomm</td> 2279 </tr> 2280 <tr> 2281 <td>M-</td> 2282 <td> MediaTek</td> 2283 </tr> 2284 <tr> 2285 <td>N-</td> 2286 <td> NVIDIA</td> 2287 </tr> 2288 <tr> 2289 <td>B-</td> 2290 <td> Broadcom</td> 2291 </tr> 2292 </table> 2293 2294 <h2 id="revisions"></h2> 2295 <ul> 2296 <li>7 2016. .</li> 2297 <li>8 2016. AOSP CVE-2016-6709.</li> 2298 </ul> 2299 2300 </body> 2301 </html> 2302
