1 <html devsite> 2 <head> 3 <title> Android 2016.</title> 4 <meta name="project_path" value="/_project.yaml" /> 5 <meta name="book_path" value="/_book.yaml" /> 6 </head> 7 <body> 8 <!-- 9 Copyright 2017 The Android Open Source Project 10 11 Licensed under the Apache License, Version 2.0 (the "License"); 12 you may not use this file except in compliance with the License. 13 You may obtain a copy of the License at 14 15 http://www.apache.org/licenses/LICENSE-2.0 16 17 Unless required by applicable law or agreed to in writing, software 18 distributed under the License is distributed on an "AS IS" BASIS, 19 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 20 See the License for the specific language governing permissions and 21 limitations under the License. 22 --> 23 24 25 26 <p><em> 5 2016. | 7 2016.</em></p> 27 <p> 28 Android. Google <a href="https://developers.google.com/android/nexus/images"> </a>. , , 5 2016 . , 29 , <a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices"> </a>. 30 </p> 31 <p> 32 7 2016 . Android Open Source Project (AOSP). 33 AOSP. 34 </p> 35 <p> 36 , - . , . 37 </p> 38 <p> 39 . <a href="#mitigations"> </a> , <a href="/security/enhancements/index.html"> </a> , <a href="https://developer.android.com/training/safetynet/index.html">SafetyNet</a>, Android. 40 </p> 41 <p> 42 . 43 </p> 44 <h2 id="announcements"></h2> 45 <ul> 46 <li> , , Android. 47 <a href="#common-questions-and-answers"> </a>. 48 <ul> 49 <li><strong>2016-12-01</strong>: , 2016-12-01 .</li> 50 <li><strong>2016-12-05</strong>: , 2016-12-01 2016-12-05, .</li> 51 </ul> 52 </li> 53 <li> Google 5 2016.</li> 54 </ul> 55 <h2 id="security-vulnerability-summary"> </h2> 56 <p> 57 , (CVE) , , Google. <a href="/security/overview/updates-resources.html#severity"> </a> , , . 58 </p> 59 <h3 id="2016-12-01-summary"> ( 2016-12-01)</h3> 60 <p> 61 1 2016 . 62 </p> 63 <table> 64 <col width="55%"> 65 <col width="20%"> 66 <col width="13%"> 67 <col width="12%"> 68 <tr> 69 <th></th> 70 <th>CVE</th> 71 <th> </th> 72 <th> Google?</th> 73 </tr> 74 <tr> 75 <td> CURL/LIBCURL</td> 76 <td>CVE-2016-5419, CVE-2016-5420, CVE-2016-5421</td> 77 <td></td> 78 <td></td> 79 </tr> 80 <tr> 81 <td> libziparchive</td> 82 <td>CVE-2016-6762</td> 83 <td></td> 84 <td></td> 85 </tr> 86 <tr> 87 <td> </td> 88 <td>CVE-2016-6763</td> 89 <td></td> 90 <td></td> 91 </tr> 92 <tr> 93 <td> mediaserver</td> 94 <td>CVE-2016-6766, CVE-2016-6765, CVE-2016-6764, CVE-2016-6767</td> 95 <td></td> 96 <td></td> 97 </tr> 98 <tr> 99 <td> Framesequence</td> 100 <td>CVE-2016-6768</td> 101 <td></td> 102 <td></td> 103 </tr> 104 <tr> 105 <td> Smart Lock</td> 106 <td>CVE-2016-6769</td> 107 <td></td> 108 <td>*</td> 109 </tr> 110 <tr> 111 <td> Framework API</td> 112 <td>CVE-2016-6770</td> 113 <td></td> 114 <td></td> 115 </tr> 116 <tr> 117 <td> </td> 118 <td>CVE-2016-6771</td> 119 <td></td> 120 <td></td> 121 </tr> 122 <tr> 123 <td> Wi-Fi</td> 124 <td>CVE-2016-6772</td> 125 <td></td> 126 <td></td> 127 </tr> 128 <tr> 129 <td> mediaserver</td> 130 <td>CVE-2016-6773</td> 131 <td></td> 132 <td></td> 133 </tr> 134 <tr> 135 <td> Package Manager</td> 136 <td>CVE-2016-6774</td> 137 <td></td> 138 <td></td> 139 </tr> 140 </table> 141 <p> 142 * Google Android7.0, . 143 </p> 144 <h3 id="2016-12-05-summary"> ( 2016-12-05)</h3> 145 <p> 146 5 2016 , 2016-12-01, , . 147 </p> 148 <table> 149 <col width="55%"> 150 <col width="20%"> 151 <col width="13%"> 152 <col width="12%"> 153 <tr> 154 <th></th> 155 <th>CVE</th> 156 <th> </th> 157 <th> Google?</th> 158 </tr> 159 <tr> 160 <td> </td> 161 <td>CVE-2016-4794, CVE-2016-5195</td> 162 <td></td> 163 <td></td> 164 </tr> 165 <tr> 166 <td> NVIDIA </td> 167 <td>CVE-2016-6775, CVE-2016-6776, CVE-2016-6777</td> 168 <td></td> 169 <td></td> 170 </tr> 171 <tr> 172 <td> </td> 173 <td>CVE-2015-8966</td> 174 <td></td> 175 <td>*</td> 176 </tr> 177 <tr> 178 <td> NVIDIA</td> 179 <td>CVE-2016-6915, CVE-2016-6916, CVE-2016-6917</td> 180 <td></td> 181 <td></td> 182 </tr> 183 <tr> 184 <td> ION </td> 185 <td>CVE-2016-9120</td> 186 <td></td> 187 <td></td> 188 </tr> 189 <tr> 190 <td> Qualcomm</td> 191 <td>CVE-2016-8411</td> 192 <td></td> 193 <td></td> 194 </tr> 195 <tr> 196 <td> </td> 197 <td>CVE-2014-4014</td> 198 <td></td> 199 <td></td> 200 </tr> 201 <tr> 202 <td> </td> 203 <td>CVE-2015-8967</td> 204 <td></td> 205 <td></td> 206 </tr> 207 <tr> 208 <td> HTC</td> 209 <td>CVE-2016-6778, CVE-2016-6779, CVE-2016-6780</td> 210 <td></td> 211 <td></td> 212 </tr> 213 <tr> 214 <td> MediaTek</td> 215 <td>CVE-2016-6492, CVE-2016-6781, CVE-2016-6782, CVE-2016-6783, CVE-2016-6784, CVE-2016-6785</td> 216 <td></td> 217 <td>*</td> 218 </tr> 219 <tr> 220 <td> Qualcomm</td> 221 <td>CVE-2016-6761, CVE-2016-6760, CVE-2016-6759, CVE-2016-6758</td> 222 <td></td> 223 <td></td> 224 </tr> 225 <tr> 226 <td> Qualcomm </td> 227 <td>CVE-2016-6755</td> 228 <td></td> 229 <td></td> 230 </tr> 231 <tr> 232 <td> </td> 233 <td>CVE-2016-6786, CVE-2016-6787</td> 234 <td></td> 235 <td></td> 236 </tr> 237 <tr> 238 <td> I2C MediaTek</td> 239 <td>CVE-2016-6788</td> 240 <td></td> 241 <td>*</td> 242 </tr> 243 <tr> 244 <td> libomx NVIDIA</td> 245 <td>CVE-2016-6789, CVE-2016-6790</td> 246 <td></td> 247 <td></td> 248 </tr> 249 <tr> 250 <td> Qualcomm</td> 251 <td>CVE-2016-6791, CVE-2016-8391, CVE-2016-8392</td> 252 <td></td> 253 <td></td> 254 </tr> 255 <tr> 256 <td> </td> 257 <td>CVE-2015-7872</td> 258 <td></td> 259 <td></td> 260 </tr> 261 <tr> 262 <td> Synaptics</td> 263 <td>CVE-2016-8393, CVE-2016-8394</td> 264 <td></td> 265 <td></td> 266 </tr> 267 <tr> 268 <td> Wi-Fi- Broadcom</td> 269 <td>CVE-2014-9909, CVE-2014-9910</td> 270 <td></td> 271 <td>*</td> 272 </tr> 273 <tr> 274 <td> MediaTek</td> 275 <td>CVE-2016-8396</td> 276 <td></td> 277 <td>*</td> 278 </tr> 279 <tr> 280 <td> NVIDIA</td> 281 <td>CVE-2016-8397</td> 282 <td></td> 283 <td></td> 284 </tr> 285 <tr> 286 <td> GPS</td> 287 <td>CVE-2016-5341</td> 288 <td></td> 289 <td></td> 290 </tr> 291 <tr> 292 <td> NVIDIA </td> 293 <td>CVE-2016-8395</td> 294 <td></td> 295 <td></td> 296 </tr> 297 <tr> 298 <td> </td> 299 <td>CVE-2016-8399</td> 300 <td></td> 301 <td></td> 302 </tr> 303 <tr> 304 <td> Qualcomm</td> 305 <td>CVE-2016-6756, CVE-2016-6757</td> 306 <td></td> 307 <td></td> 308 </tr> 309 <tr> 310 <td> librm NVIDIA</td> 311 <td>CVE-2016-8400</td> 312 <td></td> 313 <td></td> 314 </tr> 315 <tr> 316 <td> </td> 317 <td>CVE-2016-8401, CVE-2016-8402, CVE-2016-8403, CVE-2016-8404, CVE-2016-8405, CVE-2016-8406, CVE-2016-8407</td> 318 <td></td> 319 <td></td> 320 </tr> 321 <tr> 322 <td> NVIDIA</td> 323 <td>CVE-2016-8408, CVE-2016-8409</td> 324 <td></td> 325 <td></td> 326 </tr> 327 <tr> 328 <td> Qualcomm</td> 329 <td>CVE-2016-8410</td> 330 <td></td> 331 <td></td> 332 </tr> 333 </table> 334 <p> 335 * Google Android7.0, . 336 </p> 337 <h2 id="mitigations"> </h2> 338 <p> 339 , <a href="/security/enhancements/index.html"> </a> 340 , SafetyNet, 341 Android. 342 </p> 343 <ul> 344 <li> 345 Android, 346 .</li> 347 <li>, Android, <a href="http://static.googleusercontent.com/media/source.android.com/ru//security/reports/Google_Android_Security_2015_Report_Final.pdf"> SafetyNet</a>. <a href="http://static.googleusercontent.com/media/source.android.com/ru//security/reports/Google_Android_Security_PHA_classifications.pdf"> </a>. <a href="http://www.android.com/gms"> Google</a>. , . Google Play , 348 . , . , , 349 , 350 . , 351 .</li> 352 <li> Google Hangouts Messenger 353 , mediaserver, .</li> 354 </ul> 355 356 <h2 id="acknowledgements"></h2> 357 <p> 358 , : 359 </p> 360 361 <ul> 362 <li> , , , , , , Alibaba Mobile Security Group: CVE-2016-6783, CVE-2016-6784, CVE-2016-6785</li> 363 <li><a href="mailto:zc1991 (a] mail.ustc.edu.cn"> </a>, (<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>), (<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>) <a href="http://c0reteam.org">C0RE Team</a>: CVE-2016-6789, CVE-2016-6790</li> 364 <li> : CVE-2016-6769</li> 365 <li> Google: CVE-2016-6767</li> 366 <li> (<a href="https://twitter.com/returnsme">@returnsme</a>) KeenLab (<a href="https://twitter.com/keen_lab">@keen_lab</a>), Tencent: CVE-2016-6776, CVE-2016-6787</li> 367 <li> (<a href="https://twitter.com/heeeeen4x">@heeeeen4x</a>) <a href="http://www.ms509.com">MS509Team</a>: CVE-2016-6763</li> 368 <li> (<a href="https://twitter.com/chengjia4574">@chengjia4574</a>), <a href="http://weibo.com/jfpan">pjf</a> IceSword Lab, Qihoo 360 Technology Co. Ltd.: CVE-2016-6779, CVE-2016-6778, CVE-2016-8401, CVE-2016-8402, CVE-2016-8403, CVE-2016-8409, CVE-2016-8408, CVE-2016-8404</li> 369 <li> (<a href="https://twitter.com/jianqiangzhao">@jianqiangzhao</a>) <a href="http://weibo.com/jfpan">pjf</a> IceSword Lab, Qihoo 360 Technology Co. Ltd: CVE-2016-6788, CVE-2016-6781, CVE-2016-6782, CVE-2016-8396</li> 370 <li><a href="mailto:zlbzlb815 (a] 163.com"> </a>, <a href="mailto:segfault5514 (a] gmail.com"> </a>, <a href="mailto:computernik (a] gmail.com">- </a>, (<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>) <a href="http://c0reteam.org">C0RE Team</a>: CVE-2016-6791, CVE-2016-8391, CVE-2016-8392</li> 371 <li> Project Zero: CVE-2016-6772</li> 372 <li><a href="https://github.com/michalbednarski"> </a>: CVE-2016-6770, CVE-2016-6774</li> 373 <li> (<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>), <a href="mailto:zc1991 (a] mail.ustc.edu.cn"> </a>, (<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>) <a href="http://c0reteam.org">C0RE Team</a>: CVE-2016-6761, CVE-2016-6759, CVE-2016-8400</li> 374 <li> (<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>), (<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>) <a href="http://c0reteam.org">C0RE Team</a>: CVE-2016-6760</li> 375 <li> (<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>), <a href="mailto:arnow117 (a] gmail.com"> </a>, (<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>) <a href="http://c0reteam.org">C0RE Team</a>: CVE-2016-6759</li> 376 <li> (<a href="https://twitter.com/natecray">@natecray</a>) Tesla Motors Product Security Team: CVE-2016-6915, CVE-2016-6916, CVE-2016-6917</li> 377 <li>Nightwatch Cybersecurity Research (<a href="https://twitter.com/nightwatchcyber">@nightwatchcyber</a>): CVE-2016-5341</li> 378 <li> (), (), () Baidu X-Lab: CVE-2016-6755, CVE-2016-6756</li> 379 <li> (<a href="https://twitter.com/heisecode">@heisecode</a>) Trend Micro: CVE-2016-8397, CVE-2016-8405, CVE-2016-8406, CVE-2016-8407</li> 380 <li> () (<a href="https://twitter.com/flanker_hqd">@flanker_hqd</a>) KeenLab, Tencent (): CVE-2016-8399, CVE-2016-8395</li> 381 <li> () (<a href="https://twitter.com/flanker_hqd">@flanker_hqd</a>) (<a href="https://twitter.com/marcograss">@marcograss</a>) KeenLab, Tencent (): CVE-2016-6768</li> 382 <li> : CVE-2016-5341</li> 383 <li> IBM X-Force Research: CVE-2016-8393, CVE-2016-8394</li> 384 <li> (<a href="https://twitter.com/lingtongshen">@lingtongshen</a>) Mobile Threat Research Team, Trend Micro Inc.: CVE-2016-6757</li> 385 <li> (<a href="https://twitter.com/sunblate">@sunblate</a>) Alibaba Inc.: CVE-2016-6773</li> 386 <li><a href="mailto:vancouverdou (a] gmail.com"> </a>, <a href="mailto:zc1991 (a] mail.ustc.edu.cn"> </a>, (<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>) <a href="http://c0reteam.org">C0RE Team</a>: CVE-2016-6765</li> 387 <li> (<a href="https://twitter.com/wish_wu">@wish_wu</a>) (<a href="http://weibo.com/wishlinux"></a>) <a href="http://blog.trendmicro.com/trendlabs-security-intelligence/category/mobile/">Mobile Threat Response Team</a>, <a href="http://www.trendmicro.com">Trend Micro Inc.</a>: CVE-2016-6704</li> 388 <li><a href="mailto:computernik (a] gmail.com">- </a>, <a href="mailto:segfault5514 (a] gmail.com"> </a>, (<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>) <a href="http://c0reteam.org">C0RE Team</a>: CVE-2016-6786, CVE-2016-6780, CVE-2016-6775</li> 389 <li><a href="mailto:computernik (a] gmail.com">- </a>, <a href="mailto:wisedd (a] gmail.com"> </a>, (<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>) <a href="http://c0reteam.org">C0RE Team</a>: CVE-2016-6777</li> 390 <li> Tencent: CVE-2016-6771</li> 391 <li> () Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd.: CVE-2016-6764, CVE-2016-6766</li> 392 <li><a href="http://weibo.com/ele7enxxh"> </a> Chengdu Security Response Center, Qihoo 360 Technology Co. Ltd.: CVE-2016-6762</li> 393 </ul> 394 <p> 395 (<a href="https://twitter.com/idhyt3r">@idhyt3r</a>) Bottle Tech, () (<a href="https://twitter.com/ThomasKing2014">@ThomasKing2014</a>) Google . 396 </p> 397 398 <h2 id="2016-12-01-details"> ( 2016-12-01)</h2> 399 <p> 400 <a href="#2016-12-01-summary"> </a> : , CVE, , , Google AOSP ( ), . , , (, AOSP), .</p> 401 402 403 <h3 id="rce-in-curl-libcurl"> CURL/LIBCURL</h3> 404 <p> 405 , CURL LIBCURL. . , . 406 </p> 407 408 <table> 409 <col width="18%"> 410 <col width="18%"> 411 <col width="10%"> 412 <col width="19%"> 413 <col width="17%"> 414 <col width="17%"> 415 <tr> 416 <th>CVE</th> 417 <th></th> 418 <th> </th> 419 <th> Google</th> 420 <th> AOSP</th> 421 <th> </th> 422 </tr> 423 <tr> 424 <td>CVE-2016-5419</td> 425 <td>A-31271247</td> 426 <td></td> 427 <td></td> 428 <td>7.0</td> 429 <td>3 2016.</td> 430 </tr> 431 <tr> 432 <td>CVE-2016-5420</td> 433 <td>A-31271247</td> 434 <td></td> 435 <td></td> 436 <td>7.0</td> 437 <td>3 2016.</td> 438 </tr> 439 <tr> 440 <td>CVE-2016-5421</td> 441 <td>A-31271247</td> 442 <td></td> 443 <td></td> 444 <td>7.0</td> 445 <td>3 2016.</td> 446 </tr> 447 </table> 448 449 450 <h3 id="eop-in-libziparchive"> libziparchive</h3> 451 <p> 452 . , , . 453 </p> 454 455 <table> 456 <col width="18%"> 457 <col width="18%"> 458 <col width="10%"> 459 <col width="19%"> 460 <col width="17%"> 461 <col width="17%"> 462 <tr> 463 <th>CVE</th> 464 <th></th> 465 <th> </th> 466 <th> Google</th> 467 <th> AOSP</th> 468 <th> </th> 469 </tr> 470 <tr> 471 <td>CVE-2016-6762</td> 472 <td><a href="https://android.googlesource.com/platform/system/core/+/1ee4892e66ba314131b7ecf17e98bb1762c4b84c">A-31251826</a> 473 [<a href="https://android.googlesource.com/platform/bionic/+/3656958a16590d07d1e25587734e000beb437740">2</a>] 474 </td> 475 <td></td> 476 <td></td> 477 <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0</td> 478 <td>28 2016.</td> 479 </tr> 480 </table> 481 482 483 <h3 id="dos-in-telephony"> </h3> 484 <p> 485 . 486 , . 487 </p> 488 489 <table> 490 <col width="18%"> 491 <col width="18%"> 492 <col width="10%"> 493 <col width="19%"> 494 <col width="17%"> 495 <col width="17%"> 496 <tr> 497 <th>CVE</th> 498 <th></th> 499 <th> </th> 500 <th> Google</th> 501 <th> AOSP</th> 502 <th> </th> 503 </tr> 504 <tr> 505 <td>CVE-2016-6763</td> 506 <td><a href="https://android.googlesource.com/platform/packages/services/Telephony/+/1294620627b1e9afdf4bd0ad51c25ed3daf80d84"> 507 A-31530456</a></td> 508 <td></td> 509 <td></td> 510 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0</td> 511 <td>12 2016.</td> 512 </tr> 513 </table> 514 515 516 <h3 id="dos-in-mediaserver"> mediaserver</h3> 517 <p> 518 . , . 519 </p> 520 521 <table> 522 <col width="18%"> 523 <col width="18%"> 524 <col width="10%"> 525 <col width="19%"> 526 <col width="17%"> 527 <col width="17%"> 528 <tr> 529 <th>CVE</th> 530 <th></th> 531 <th> </th> 532 <th> Google</th> 533 <th> AOSP</th> 534 <th> </th> 535 </tr> 536 <tr> 537 <td>CVE-2016-6766 </td> 538 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/0d13824315b0491d44e9c6eb5db06489ab0fcc20"> 539 A-31318219</a></td> 540 <td></td> 541 <td></td> 542 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0</td> 543 <td>5 2016.</td> 544 </tr> 545 <tr> 546 <td>CVE-2016-6765</td> 547 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/fd9cc97d4dfe2a2fbce2c0f1704d7a27ce7cbc44"> 548 A-31449945</a></td> 549 <td></td> 550 <td></td> 551 <td>4.4.4, 5.0.2, 5.1.1, 7.0</td> 552 <td>13 2016.</td> 553 </tr> 554 <tr> 555 <td>CVE-2016-6764</td> 556 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/0d13824315b0491d44e9c6eb5db06489ab0fcc20"> 557 A-31681434</a></td> 558 <td></td> 559 <td></td> 560 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0</td> 561 <td>22 2016.</td> 562 </tr> 563 <tr> 564 <td>CVE-2016-6767</td> 565 <td>A-31833604</td> 566 <td></td> 567 <td>*</td> 568 <td>4.4.4</td> 569 <td> Google</td> 570 </tr> 571 </table> 572 573 <p> 574 * Google Android7.0, . 575 </p> 576 577 578 <h3 id="rce-in-framesequence-library"> Framesequence</h3> 579 <p> 580 . - , . 581 </p> 582 583 <table> 584 <col width="18%"> 585 <col width="18%"> 586 <col width="10%"> 587 <col width="19%"> 588 <col width="17%"> 589 <col width="17%"> 590 <tr> 591 <th>CVE</th> 592 <th></th> 593 <th> </th> 594 <th> Google</th> 595 <th> AOSP</th> 596 <th> </th> 597 </tr> 598 <tr> 599 <td>CVE-2016-6768</td> 600 <td><a href="https://android.googlesource.com/platform/frameworks/ex/+/0ada9456d0270cb0e357a43d9187a6418d770760"> 601 A-31631842</a></td> 602 <td></td> 603 <td></td> 604 <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0</td> 605 <td>19 2016.</td> 606 </tr> 607 </table> 608 609 610 <h3 id="eop-in-smart-lock"> Smart Lock</h3> 611 <p> 612 , , Smart Lock PIN-. , , Smart Lock , . 613 </p> 614 615 <table> 616 <col width="18%"> 617 <col width="18%"> 618 <col width="10%"> 619 <col width="19%"> 620 <col width="17%"> 621 <col width="17%"> 622 <tr> 623 <th>CVE</th> 624 <th></th> 625 <th> </th> 626 <th> Google</th> 627 <th> AOSP</th> 628 <th> </th> 629 </tr> 630 <tr> 631 <td>CVE-2016-6769</td> 632 <td>A-29055171</td> 633 <td></td> 634 <td>*</td> 635 <td>5.0.2, 5.1.1, 6.0, 6.0.1</td> 636 <td>27 2016.</td> 637 </tr> 638 </table> 639 <p> 640 * Google Android7.0, . 641 </p> 642 643 644 <h3 id="eop-in-framework-apis"> Framework API</h3> 645 <p> 646 . 647 , . 648 </p> 649 650 <table> 651 <col width="18%"> 652 <col width="18%"> 653 <col width="10%"> 654 <col width="19%"> 655 <col width="17%"> 656 <col width="17%"> 657 <tr> 658 <th>CVE</th> 659 <th></th> 660 <th> </th> 661 <th> Google</th> 662 <th> AOSP</th> 663 <th> </th> 664 </tr> 665 <tr> 666 <td>CVE-2016-6770</td> 667 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/2c61c57ac53cbb270b4e76b9d04465f8a3f6eadc"> 668 A-30202228</a></td> 669 <td></td> 670 <td></td> 671 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0</td> 672 <td>16 2016.</td> 673 </tr> 674 </table> 675 676 677 <h3 id="eop-in-telephony"> </h3> 678 <p> 679 . , . 680 </p> 681 682 <table> 683 <col width="18%"> 684 <col width="18%"> 685 <col width="10%"> 686 <col width="19%"> 687 <col width="17%"> 688 <col width="17%"> 689 <tr> 690 <th>CVE</th> 691 <th></th> 692 <th> </th> 693 <th> Google</th> 694 <th> AOSP</th> 695 <th> </th> 696 </tr> 697 <tr> 698 <td>CVE-2016-6771</td> 699 <td><a href="https://android.googlesource.com/platform/packages/services/Telephony/+/a39ff9526aee6f2ea4f6e02412db7b33d486fd7d"> 700 A-31566390</a></td> 701 <td></td> 702 <td></td> 703 <td>6.0, 6.0.1, 7.0</td> 704 <td>17 2016.</td> 705 </tr> 706 </table> 707 708 709 <h3 id="eop-in-wi-fi"> Wi-Fi</h3> 710 <p> 711 . , . 712 </p> 713 714 <table> 715 <col width="18%"> 716 <col width="18%"> 717 <col width="10%"> 718 <col width="19%"> 719 <col width="17%"> 720 <col width="17%"> 721 <tr> 722 <th>CVE</th> 723 <th></th> 724 <th> </th> 725 <th> Google</th> 726 <th> AOSP</th> 727 <th> </th> 728 </tr> 729 <tr> 730 <td>CVE-2016-6772</td> 731 <td><a href="https://android.googlesource.com/platform/frameworks/opt/net/wifi/+/a5a18239096f6faee80f15f3fff39c3311898484">A-31856351</a> 732 [<a href="https://android.googlesource.com/platform/frameworks/opt/net/wifi/+/29a2baf3195256bab6a0a4a2d07b7f2efa46b614">2</a>]</td> 733 <td></td> 734 <td></td> 735 <td>5.0.2, 5.1.1, 6.0, 6.0.1, 7.0</td> 736 <td>30 2016.</td> 737 </tr> 738 </table> 739 740 741 <h3 id="id-in-mediaserver"> mediaserver</h3> 742 <p> 743 . - . 744 </p> 745 746 <table> 747 <col width="18%"> 748 <col width="18%"> 749 <col width="10%"> 750 <col width="19%"> 751 <col width="17%"> 752 <col width="17%"> 753 <tr> 754 <th>CVE</th> 755 <th></th> 756 <th> </th> 757 <th> Google</th> 758 <th> AOSP</th> 759 <th> </th> 760 </tr> 761 <tr> 762 <td>CVE-2016-6773</td> 763 <td><a href="https://android.googlesource.com/platform/external/libavc/+/026745ef046e646b8d04f4f57d8320042f6b29b0">A-30481714</a> 764 [<a href="https://android.googlesource.com/platform/external/libavc/+/6676aeb4195e7c7379915c0972f3d209410f0641">2</a>]</td> 765 <td></td> 766 <td></td> 767 <td>6.0, 6.0.1, 7.0</td> 768 <td>27 2016.</td> 769 </tr> 770 </table> 771 772 773 <h3 id="id-in-package-manager"> Package Manager</h3> 774 <p> 775 , . , . 776 </p> 777 778 <table> 779 <col width="18%"> 780 <col width="18%"> 781 <col width="10%"> 782 <col width="19%"> 783 <col width="17%"> 784 <col width="17%"> 785 <tr> 786 <th>CVE</th> 787 <th></th> 788 <th> </th> 789 <th> Google</th> 790 <th> AOSP</th> 791 <th> </th> 792 </tr> 793 <tr> 794 <td>CVE-2016-6774</td> 795 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/e2d4f5fc313ecb4ba587b20fff6d346f8cd51775"> 796 A-31251489</a></td> 797 <td></td> 798 <td></td> 799 <td>7.0</td> 800 <td>29 2016.</td> 801 </tr> 802 </table> 803 804 805 <h2 id="2016-12-05-details"> ( 2016-12-05)</h2> 806 <p> 807 <a href="#2016-12-05-summary"> </a> : , CVE, , , Google AOSP ( ), . , , (, AOSP), .</p> 808 809 <h3 id="eop-in-kernel-memory-subsystem"> </h3> 810 <p> 811 . , - . , . 812 </p> 813 814 <table> 815 <col width="19%"> 816 <col width="20%"> 817 <col width="10%"> 818 <col width="23%"> 819 <col width="17%"> 820 <tr> 821 <th>CVE</th> 822 <th></th> 823 <th> </th> 824 <th> Google</th> 825 <th> </th> 826 </tr> 827 <tr> 828 <td>CVE-2016-4794</td> 829 <td>A-31596597<br> 830 <a href="http://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=6710e594f71ccaad8101bc64321152af7cd9ea28">Upstream kernel</a> 831 [<a href="http://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=4f996e234dad488e5d9ba0858bc1bae12eff82c3">2</a>]</td> 832 <td></td> 833 <td>PixelC, Pixel, PixelXL</td> 834 <td>17 2016.</td> 835 </tr> 836 <tr> 837 <td>CVE-2016-5195</td> 838 <td>A-32141528<br> 839 <a href="https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=9691eac5593ff1e2f82391ad327f21d90322aec1">Upstream kernel</a> 840 [<a href="https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=e45a502bdeae5a075257c4f061d1ff4ff0821354">2</a>]</td> 841 <td></td> 842 <td>Nexus5X, Nexus6, Nexus6P, Nexus9, AndroidOne, PixelC, Nexus Player, Pixel, PixelXL</td> 843 <td>12 2016.</td> 844 </tr> 845 </table> 846 847 848 <h3 id="eop-in-nvidia-gpu-driver"> NVIDIA </h3> 849 <p> 850 . , - . , . 851 </p> 852 853 <table> 854 <col width="19%"> 855 <col width="20%"> 856 <col width="10%"> 857 <col width="23%"> 858 <col width="17%"> 859 <tr> 860 <th>CVE</th> 861 <th></th> 862 <th> </th> 863 <th> Google</th> 864 <th> </th> 865 </tr> 866 <tr> 867 <td>CVE-2016-6775</td> 868 <td>A-31222873*<br>N-CVE-2016-6775</td> 869 <td></td> 870 <td>Nexus9</td> 871 <td>25 2016.</td> 872 </tr> 873 <tr> 874 <td>CVE-2016-6776</td> 875 <td>A-31680980*<br>N-CVE-2016-6776</td> 876 <td></td> 877 <td>Nexus9</td> 878 <td>22 2016.</td> 879 </tr> 880 <tr> 881 <td>CVE-2016-6777</td> 882 <td>A-31910462*<br>N-CVE-2016-6777</td> 883 <td></td> 884 <td>Nexus9</td> 885 <td>3 2016.</td> 886 </tr> 887 </table> 888 <p> 889 * . Google, <a href="https://developers.google.com/android/nexus/drivers"> </a>. 890 </p> 891 892 <h3 id="eop-in-kernel"> </h3> 893 <p> 894 895 . , - . , . 896 </p> 897 898 <table> 899 <col width="19%"> 900 <col width="20%"> 901 <col width="10%"> 902 <col width="23%"> 903 <col width="17%"> 904 <tr> 905 <th>CVE</th> 906 <th></th> 907 <th> </th> 908 <th> Google</th> 909 <th> </th> 910 </tr> 911 <tr> 912 <td>CVE-2015-8966</td> 913 <td>A-31435731<br> 914 <a href="https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=76cc404bfdc0d419c720de4daaf2584542734f42"> 915 Upstream kernel</a></td> 916 <td></td> 917 <td>*</td> 918 <td>10 2016.</td> 919 </tr> 920 </table> 921 <p> 922 * Google Android7.0, . 923 </p> 924 925 926 <h3 id="eop-in-nvidia-video-driver"> NVIDIA</h3> 927 <p> 928 . , - . , . 929 </p> 930 931 <table> 932 <col width="19%"> 933 <col width="20%"> 934 <col width="10%"> 935 <col width="23%"> 936 <col width="17%"> 937 <tr> 938 <th>CVE</th> 939 <th></th> 940 <th> </th> 941 <th> Google</th> 942 <th> </th> 943 </tr> 944 <tr> 945 <td>CVE-2016-6915</td> 946 <td>A-31471161* 947 <br>N-CVE-2016-6915</td> 948 <td></td> 949 <td>Nexus9</td> 950 <td>13 2016.</td> 951 </tr> 952 <tr> 953 <td>CVE-2016-6916</td> 954 <td>A-32072350* 955 <br>N-CVE-2016-6916</td> 956 <td></td> 957 <td>Nexus9, PixelC</td> 958 <td>13 2016.</td> 959 </tr> 960 <tr> 961 <td>CVE-2016-6917</td> 962 <td>A-32072253* 963 <br>N-CVE-2016-6917</td> 964 <td></td> 965 <td>Nexus9</td> 966 <td>13 2016.</td> 967 </tr> 968 </table> 969 <p> 970 * . Google, <a href="https://developers.google.com/android/nexus/drivers"> </a>. 971 </p> 972 973 <h3 id="eop-in-kernel-ion-driver"> ION </h3> 974 <p> 975 . , - . , . 976 </p> 977 978 <table> 979 <col width="19%"> 980 <col width="20%"> 981 <col width="10%"> 982 <col width="23%"> 983 <col width="17%"> 984 <tr> 985 <th>CVE</th> 986 <th></th> 987 <th> </th> 988 <th> Google</th> 989 <th> </th> 990 </tr> 991 <tr> 992 <td>CVE-2016-9120</td> 993 <td>A-31568617<br> 994 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9590232bb4f4cc824f3425a6e1349afbe6d6d2b7"> 995 Upstream kernel</a></td> 996 <td></td> 997 <td>Nexus5X, Nexus6, Nexus6P, AndroidOne, PixelC, Nexus Player</td> 998 <td>16 2016.</td> 999 </tr> 1000 </table> 1001 1002 <h3> Qualcomm</h3> 1003 <p> 1004 Qualcomm Qualcomm AMSS 2015 . 1005 </p> 1006 <table> 1007 <col width="19%"> 1008 <col width="20%"> 1009 <col width="10%"> 1010 <col width="23%"> 1011 <col width="17%"> 1012 <tr> 1013 <th>CVE</th> 1014 <th></th> 1015 <th> *</th> 1016 <th> Google</th> 1017 <th> </th> 1018 </tr> 1019 <tr> 1020 <td>CVE-2016-8411</td> 1021 <td>A-31805216**</td> 1022 <td></td> 1023 <td>Nexus6, Nexus6P, AndroidOne</td> 1024 <td> Qualcomm</td> 1025 </tr> 1026 </table> 1027 <p>* Qualcomm.</p> 1028 <p>** . Google, <a href="https://developers.google.com/android/nexus/drivers"> </a>. 1029 </p> 1030 1031 <h3 id="eop-in-kernel-file-system"> </h3> 1032 <p> 1033 , . , , . 1034 </p> 1035 1036 <table> 1037 <col width="19%"> 1038 <col width="20%"> 1039 <col width="10%"> 1040 <col width="23%"> 1041 <col width="17%"> 1042 <tr> 1043 <th>CVE</th> 1044 <th></th> 1045 <th> </th> 1046 <th> Google</th> 1047 <th> </th> 1048 </tr> 1049 <tr> 1050 <td>CVE-2014-4014</td> 1051 <td>A-31252187<br> 1052 <a href="https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=23adbe12ef7d3d4195e80800ab36b37bee28cd03"> 1053 Upstream kernel</a></td> 1054 <td></td> 1055 <td>Nexus6, Nexus Player</td> 1056 <td>10 2014.</td> 1057 </tr> 1058 </table> 1059 1060 1061 <h3 id="eop-in-kernel-2"> </h3> 1062 <p> 1063 . , . 1064 </p> 1065 1066 <table> 1067 <col width="19%"> 1068 <col width="20%"> 1069 <col width="10%"> 1070 <col width="23%"> 1071 <col width="17%"> 1072 <tr> 1073 <th>CVE</th> 1074 <th></th> 1075 <th> </th> 1076 <th> Google</th> 1077 <th> </th> 1078 </tr> 1079 <tr> 1080 <td>CVE-2015-8967</td> 1081 <td>A-31703084<br> 1082 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c623b33b4e9599c6ac5076f7db7369eb9869aa04"> 1083 Upstream kernel</a></td> 1084 <td></td> 1085 <td>Nexus5X, Nexus6P, Nexus9, PixelC, Pixel, PixelXL</td> 1086 <td>8 2015.</td> 1087 </tr> 1088 </table> 1089 1090 1091 <h3 id="eop-in-htc-sound-codec-driver"> HTC</h3> 1092 <p> 1093 . , . 1094 </p> 1095 1096 <table> 1097 <col width="19%"> 1098 <col width="20%"> 1099 <col width="10%"> 1100 <col width="23%"> 1101 <col width="17%"> 1102 <tr> 1103 <th>CVE</th> 1104 <th></th> 1105 <th> </th> 1106 <th> Google</th> 1107 <th> </th> 1108 </tr> 1109 <tr> 1110 <td>CVE-2016-6778</td> 1111 <td>A-31384646*</td> 1112 <td></td> 1113 <td>Nexus9</td> 1114 <td>25 2016.</td> 1115 </tr> 1116 <tr> 1117 <td>CVE-2016-6779</td> 1118 <td>A-31386004*</td> 1119 <td></td> 1120 <td>Nexus9</td> 1121 <td>25 2016.</td> 1122 </tr> 1123 <tr> 1124 <td>CVE-2016-6780</td> 1125 <td>A-31251496*</td> 1126 <td></td> 1127 <td>Nexus9</td> 1128 <td>30 2016.</td> 1129 </tr> 1130 </table> 1131 <p> 1132 * . Google, <a href="https://developers.google.com/android/nexus/drivers"> </a>. 1133 </p> 1134 1135 <h3 id="eop-in-mediatek-driver"> MediaTek</h3> 1136 <p> 1137 . , . 1138 </p> 1139 1140 <table> 1141 <col width="19%"> 1142 <col width="20%"> 1143 <col width="10%"> 1144 <col width="23%"> 1145 <col width="17%"> 1146 <tr> 1147 <th>CVE</th> 1148 <th></th> 1149 <th> </th> 1150 <th> Google</th> 1151 <th> </th> 1152 </tr> 1153 <tr> 1154 <td>CVE-2016-6492</td> 1155 <td>A-28175122<br>MT-ALPS02696413</td> 1156 <td></td> 1157 <td>*</td> 1158 <td>11 2016.</td> 1159 </tr> 1160 <tr> 1161 <td>CVE-2016-6781</td> 1162 <td>A-31095175<br>MT-ALPS02943455</td> 1163 <td></td> 1164 <td>*</td> 1165 <td>22 2016.</td> 1166 </tr> 1167 <tr> 1168 <td>CVE-2016-6782</td> 1169 <td>A-31224389<br>MT-ALPS02943506</td> 1170 <td></td> 1171 <td>*</td> 1172 <td>24 2016.</td> 1173 </tr> 1174 <tr> 1175 <td>CVE-2016-6783</td> 1176 <td>A-31350044<br>MT-ALPS02943437</td> 1177 <td></td> 1178 <td>*</td> 1179 <td>6 2016.</td> 1180 </tr> 1181 <tr> 1182 <td>CVE-2016-6784</td> 1183 <td>A-31350755<br>MT-ALPS02961424</td> 1184 <td></td> 1185 <td>*</td> 1186 <td>6 2016.</td> 1187 </tr> 1188 <tr> 1189 <td>CVE-2016-6785</td> 1190 <td>A-31748056<br>MT-ALPS02961400</td> 1191 <td></td> 1192 <td>*</td> 1193 <td>25 2016.</td> 1194 </tr> 1195 </table> 1196 <p> 1197 * Google Android7.0, . 1198 </p> 1199 1200 1201 <h3 id="eop-in-qualcomm-media-codecs"> Qualcomm</h3> 1202 <p> 1203 . , , . 1204 </p> 1205 1206 <table> 1207 <col width="19%"> 1208 <col width="20%"> 1209 <col width="10%"> 1210 <col width="23%"> 1211 <col width="17%"> 1212 <tr> 1213 <th>CVE</th> 1214 <th></th> 1215 <th> </th> 1216 <th> Google</th> 1217 <th> </th> 1218 </tr> 1219 <tr> 1220 <td>CVE-2016-6761</td> 1221 <td>A-29421682* 1222 <br>QC-CR#1055792</td> 1223 <td></td> 1224 <td>Nexus5X, Nexus6, Nexus6P, Nexus9, AndroidOne, Nexus Player, Pixel, PixelXL</td> 1225 <td>16 2016.</td> 1226 </tr> 1227 <tr> 1228 <td>CVE-2016-6760</td> 1229 <td>A-29617572* 1230 <br>QC-CR#1055783</td> 1231 <td></td> 1232 <td>Nexus5X, Nexus6, Nexus6P, Nexus9, AndroidOne, Nexus Player, Pixel, PixelXL</td> 1233 <td>23 2016.</td> 1234 </tr> 1235 <tr> 1236 <td>CVE-2016-6759</td> 1237 <td>A-29982686* 1238 <br>QC-CR#1055766</td> 1239 <td></td> 1240 <td>Nexus5X, Nexus6, Nexus6P, Nexus9, AndroidOne, Nexus Player, Pixel, PixelXL</td> 1241 <td>4 2016.</td> 1242 </tr> 1243 <tr> 1244 <td>CVE-2016-6758</td> 1245 <td>A-30148882* 1246 <br>QC-CR#1071731</td> 1247 <td></td> 1248 <td>Nexus5X, Nexus6, Nexus6P, Nexus9, AndroidOne, Nexus Player, Pixel, PixelXL</td> 1249 <td>13 2016.</td> 1250 </tr> 1251 </table> 1252 <p> 1253 * . Google, <a href="https://developers.google.com/android/nexus/drivers"> </a>. 1254 </p> 1255 1256 <h3 id="eop-in-qualcomm-camera-driver"> Qualcomm </h3> 1257 <p> 1258 . , . 1259 </p> 1260 1261 <table> 1262 <col width="19%"> 1263 <col width="20%"> 1264 <col width="10%"> 1265 <col width="23%"> 1266 <col width="17%"> 1267 <tr> 1268 <th>CVE</th> 1269 <th></th> 1270 <th> </th> 1271 <th> Google</th> 1272 <th> </th> 1273 </tr> 1274 <tr> 1275 <td>CVE-2016-6755</td> 1276 <td>A-30740545<br> 1277 <a href="https://source.codeaurora.org/quic/la//kernel/msm-3.10/commit/?id=b5df02edbcdf53dbbab77903d28162772edcf6e0"> 1278 QC-CR#1065916</a></td> 1279 <td></td> 1280 <td>Nexus5X, Nexus6, Nexus6P, AndroidOne, Pixel, PixelXL</td> 1281 <td>3 2016.</td> 1282 </tr> 1283 </table> 1284 1285 1286 <h3 id="eop-in-kernel-performance-subsystem"> </h3> 1287 <p> 1288 . , . 1289 </p> 1290 1291 <table> 1292 <col width="19%"> 1293 <col width="20%"> 1294 <col width="10%"> 1295 <col width="23%"> 1296 <col width="17%"> 1297 <tr> 1298 <th>CVE</th> 1299 <th></th> 1300 <th> </th> 1301 <th> Google</th> 1302 <th> </th> 1303 </tr> 1304 <tr> 1305 <td>CVE-2016-6786</td> 1306 <td>A-30955111 1307 <a href="https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f63a8daa5812afef4f06c962351687e1ff9ccb2b">Upstream kernel</a></td> 1308 <td></td> 1309 <td>Nexus5X, Nexus6, Nexus6P, Nexus9, AndroidOne, PixelC, Nexus Player, Pixel, PixelXL</td> 1310 <td>18 2016.</td> 1311 </tr> 1312 <tr> 1313 <td>CVE-2016-6787</td> 1314 <td>A-31095224 1315 <a href="https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f63a8daa5812afef4f06c962351687e1ff9ccb2b">Upstream kernel</a></td> 1316 <td></td> 1317 <td>Nexus5X, Nexus6, Nexus6P, Nexus9, AndroidOne, PixelC, Nexus Player, Pixel, PixelXL</td> 1318 <td>22 2016.</td> 1319 </tr> 1320 </table> 1321 1322 1323 <h3 id="eop-in-mediatek-i2c-driver"> I2C MediaTek</h3> 1324 <p> 1325 . , . 1326 </p> 1327 1328 <table> 1329 <col width="19%"> 1330 <col width="20%"> 1331 <col width="10%"> 1332 <col width="23%"> 1333 <col width="17%"> 1334 <tr> 1335 <th>CVE</th> 1336 <th></th> 1337 <th> </th> 1338 <th> Google</th> 1339 <th> </th> 1340 </tr> 1341 <tr> 1342 <td>CVE-2016-6788</td> 1343 <td>A-31224428<br>MT-ALPS02943467</td> 1344 <td></td> 1345 <td>*</td> 1346 <td>24 2016.</td> 1347 </tr> 1348 </table> 1349 <p> 1350 * Google Android7.0, . 1351 </p> 1352 1353 1354 <h3 id="eop-in-nvidia-libomx-library"> libomx NVIDIA</h3> 1355 <p> 1356 . , , . 1357 </p> 1358 1359 <table> 1360 <col width="19%"> 1361 <col width="20%"> 1362 <col width="10%"> 1363 <col width="23%"> 1364 <col width="17%"> 1365 <tr> 1366 <th>CVE</th> 1367 <th></th> 1368 <th> </th> 1369 <th> Google</th> 1370 <th> </th> 1371 </tr> 1372 <tr> 1373 <td>CVE-2016-6789</td> 1374 <td>A-31251973* 1375 <br>N-CVE-2016-6789</td> 1376 <td></td> 1377 <td>Pixel</td> 1378 <td>29 2016.</td> 1379 </tr> 1380 <tr> 1381 <td>CVE-2016-6790</td> 1382 <td>A-31251628* 1383 <br>N-CVE-2016-6790</td> 1384 <td></td> 1385 <td>Pixel</td> 1386 <td>28 2016.</td> 1387 </tr> 1388 </table> 1389 <p> 1390 * . Google, <a href="https://developers.google.com/android/nexus/drivers"> </a>. 1391 </p> 1392 1393 <h3 id="eop-in-qualcomm-sound-driver"> Qualcomm</h3> 1394 <p> 1395 . , . 1396 </p> 1397 1398 <table> 1399 <col width="19%"> 1400 <col width="20%"> 1401 <col width="10%"> 1402 <col width="23%"> 1403 <col width="17%"> 1404 <tr> 1405 <th>CVE</th> 1406 <th></th> 1407 <th> </th> 1408 <th> Google</th> 1409 <th> </th> 1410 </tr> 1411 <tr> 1412 <td>CVE-2016-6791</td> 1413 <td>A-31252384<br> 1414 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=62580295210b6c0bd809cde7088b45ebb65ace79"> 1415 QC-CR#1071809</a></td> 1416 <td></td> 1417 <td>Nexus5X, Nexus6, Nexus6P, AndroidOne, Pixel, PixelXL</td> 1418 <td>31 2016.</td> 1419 </tr> 1420 <tr> 1421 <td>CVE-2016-8391</td> 1422 <td>A-31253255<br> 1423 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=62580295210b6c0bd809cde7088b45ebb65ace79"> 1424 QC-CR#1072166</a></td> 1425 <td></td> 1426 <td>Nexus5X, Nexus6, Nexus6P, AndroidOne, Pixel, PixelXL</td> 1427 <td>31 2016.</td> 1428 </tr> 1429 <tr> 1430 <td>CVE-2016-8392</td> 1431 <td>A-31385862<br> 1432 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=62580295210b6c0bd809cde7088b45ebb65ace79"> 1433 QC-CR#1073136</a></td> 1434 <td></td> 1435 <td>Nexus5X, Nexus6, Nexus6P, AndroidOne, Pixel, PixelXL</td> 1436 <td>8 2016.</td> 1437 </tr> 1438 </table> 1439 1440 1441 <h3 id="eop-in-kernel-security-subsystem"> </h3> 1442 <p> 1443 . , . 1444 </p> 1445 1446 <table> 1447 <col width="19%"> 1448 <col width="20%"> 1449 <col width="10%"> 1450 <col width="23%"> 1451 <col width="17%"> 1452 <tr> 1453 <th>CVE</th> 1454 <th></th> 1455 <th> </th> 1456 <th> Google</th> 1457 <th> </th> 1458 </tr> 1459 <tr> 1460 <td>CVE-2015-7872</td> 1461 <td>A-31253168<br> 1462 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f05819df10d7b09f6d1eb6f8534a8f68e5a4fe61"> 1463 Upstream kernel</a></td> 1464 <td></td> 1465 <td>Nexus5X, Nexus6, Nexus6P, Nexus9, AndroidOne, Nexus Player, Pixel, PixelXL</td> 1466 <td>31 2016.</td> 1467 </tr> 1468 </table> 1469 1470 1471 <h3 id="eop-in-synaptics-touchscreen-driver"> Synaptics</h3> 1472 <p> 1473 . , . 1474 </p> 1475 1476 <table> 1477 <col width="19%"> 1478 <col width="20%"> 1479 <col width="10%"> 1480 <col width="23%"> 1481 <col width="17%"> 1482 <tr> 1483 <th>CVE</th> 1484 <th></th> 1485 <th> </th> 1486 <th> Google</th> 1487 <th> </th> 1488 </tr> 1489 <tr> 1490 <td>CVE-2016-8393</td> 1491 <td>A-31911920*</td> 1492 <td></td> 1493 <td>Nexus5X, Nexus6P, Nexus9, AndroidOne, Pixel, PixelXL</td> 1494 <td>8 2016.</td> 1495 </tr> 1496 <tr> 1497 <td>CVE-2016-8394</td> 1498 <td>A-31913197*</td> 1499 <td></td> 1500 <td>Nexus9, AndroidOne</td> 1501 <td>8 2016.</td> 1502 </tr> 1503 </table> 1504 <p> 1505 * . Google, <a href="https://developers.google.com/android/nexus/drivers"> </a>. 1506 </p> 1507 1508 <h3 id="eop-in-broadcom-wi-fi-driver"> Wi-Fi- Broadcom</h3> 1509 <p> 1510 . , . 1511 </p> 1512 1513 <table> 1514 <col width="19%"> 1515 <col width="20%"> 1516 <col width="10%"> 1517 <col width="23%"> 1518 <col width="17%"> 1519 <tr> 1520 <th>CVE</th> 1521 <th></th> 1522 <th> </th> 1523 <th> Google</th> 1524 <th> </th> 1525 </tr> 1526 <tr> 1527 <td>CVE-2014-9909</td> 1528 <td>A-31676542<br>B-RB#26684</td> 1529 <td></td> 1530 <td>*</td> 1531 <td>21 2016.</td> 1532 </tr> 1533 <tr> 1534 <td>CVE-2014-9910</td> 1535 <td>A-31746399<br>B-RB#26710</td> 1536 <td></td> 1537 <td>*</td> 1538 <td>26 2016.</td> 1539 </tr> 1540 </table> 1541 <p> 1542 * Google Android7.0, . 1543 </p> 1544 1545 1546 <h3 id="id-in-mediatek-video-driver"> MediaTek</h3> 1547 <p> 1548 . - . 1549 </p> 1550 1551 <table> 1552 <col width="19%"> 1553 <col width="20%"> 1554 <col width="10%"> 1555 <col width="23%"> 1556 <col width="17%"> 1557 <tr> 1558 <th>CVE</th> 1559 <th></th> 1560 <th> </th> 1561 <th> Google</th> 1562 <th> </th> 1563 </tr> 1564 <tr> 1565 <td>CVE-2016-8396</td> 1566 <td>A-31249105</td> 1567 <td></td> 1568 <td>*</td> 1569 <td>26 2016.</td> 1570 </tr> 1571 </table> 1572 <p> 1573 * Google Android7.0, . 1574 </p> 1575 1576 1577 <h3 id="id-in-nvidia-video-driver"> NVIDIA</h3> 1578 <p> 1579 . 1580 - . 1581 </p> 1582 1583 <table> 1584 <col width="19%"> 1585 <col width="20%"> 1586 <col width="10%"> 1587 <col width="23%"> 1588 <col width="17%"> 1589 <tr> 1590 <th>CVE</th> 1591 <th></th> 1592 <th> </th> 1593 <th> Google</th> 1594 <th> </th> 1595 </tr> 1596 <tr> 1597 <td>CVE-2016-8397</td> 1598 <td>A-31385953*<br> 1599 N-CVE-2016-8397</td> 1600 <td></td> 1601 <td>Nexus9</td> 1602 <td>8 2016.</td> 1603 </tr> 1604 </table> 1605 <p> 1606 * . Google, <a href="https://developers.google.com/android/nexus/drivers"> </a>. 1607 </p> 1608 1609 <h3 id="dos-in-gps"> GPS</h3> 1610 <p> 1611 . , . 1612 </p> 1613 1614 <table> 1615 <col width="19%"> 1616 <col width="20%"> 1617 <col width="10%"> 1618 <col width="23%"> 1619 <col width="17%"> 1620 <tr> 1621 <th>CVE</th> 1622 <th></th> 1623 <th> </th> 1624 <th> Google</th> 1625 <th> </th> 1626 </tr> 1627 <tr> 1628 <td>CVE-2016-5341</td> 1629 <td>A-31470303*</td> 1630 <td></td> 1631 <td>Nexus6, Nexus5X, Nexus6P, Nexus9, AndroidOne, Pixel, PixelXL</td> 1632 <td>21 2016.</td> 1633 </tr> 1634 </table> 1635 <p> 1636 * . Google, <a href="https://developers.google.com/android/nexus/drivers"> </a>. 1637 </p> 1638 1639 <h3 id="dos-in-nvidia-camera-driver"> NVIDIA </h3> 1640 <p> 1641 . , . , . 1642 </p> 1643 1644 <table> 1645 <col width="19%"> 1646 <col width="20%"> 1647 <col width="10%"> 1648 <col width="23%"> 1649 <col width="17%"> 1650 <tr> 1651 <th>CVE</th> 1652 <th></th> 1653 <th> </th> 1654 <th> Google</th> 1655 <th> </th> 1656 </tr> 1657 <tr> 1658 <td>CVE-2016-8395</td> 1659 <td>A-31403040* 1660 <br>N-CVE-2016-8395</td> 1661 <td></td> 1662 <td>Pixel</td> 1663 <td>9 2016.</td> 1664 </tr> 1665 </table> 1666 <p> 1667 * . Google, <a href="https://developers.google.com/android/nexus/drivers"> </a>. 1668 </p> 1669 1670 <h3 id="eop-in-kernel-networking-subsystem"> </h3> 1671 <p> 1672 . , . - . 1673 </p> 1674 1675 <table> 1676 <col width="19%"> 1677 <col width="20%"> 1678 <col width="10%"> 1679 <col width="23%"> 1680 <col width="17%"> 1681 <tr> 1682 <th>CVE</th> 1683 <th></th> 1684 <th> </th> 1685 <th> Google</th> 1686 <th> </th> 1687 </tr> 1688 <tr> 1689 <td>CVE-2016-8399</td> 1690 <td>A-31349935*</td> 1691 <td></td> 1692 <td>Nexus5X, Nexus6, Nexus6P, Nexus9, AndroidOne, PixelC, Nexus Player, Pixel, PixelXL</td> 1693 <td>5 2016.</td> 1694 </tr> 1695 </table> 1696 <p> 1697 * . Google, <a href="https://developers.google.com/android/nexus/drivers"> </a>. 1698 </p> 1699 1700 <h3 id="id-in-qualcomm-components"> Qualcomm</h3> 1701 <p> 1702 . , . 1703 </p> 1704 1705 <table> 1706 <col width="19%"> 1707 <col width="20%"> 1708 <col width="10%"> 1709 <col width="23%"> 1710 <col width="17%"> 1711 <tr> 1712 <th>CVE</th> 1713 <th></th> 1714 <th> </th> 1715 <th> Google</th> 1716 <th> </th> 1717 </tr> 1718 <tr> 1719 <td>CVE-2016-6756</td> 1720 <td>A-29464815<br> 1721 <a href="https://source.codeaurora.org/quic/la//kernel/msm-3.10/commit/?id=f91d28dcba304c9f3af35b5bebaa26233c8c13a5">QC-CR#1042068</a> 1722 [<a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=3a214ef870dc97437c7de79a1507dfe5079dce88">2</a>]</td> 1723 <td></td> 1724 <td>Nexus5X, Nexus6, Nexus6P, AndroidOne, Pixel, PixelXL</td> 1725 <td>17 2016.</td> 1726 </tr> 1727 <tr> 1728 <td>CVE-2016-6757</td> 1729 <td>A-30148242<br> 1730 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=cd99d3bbdb16899a425716e672485e0cdc283245"> 1731 QC-CR#1052821</a></td> 1732 <td></td> 1733 <td>Nexus5X, Nexus6, Nexus6P, Pixel, PixelXL</td> 1734 <td>13 2016.</td> 1735 </tr> 1736 </table> 1737 1738 1739 <h3 id="id-in-nvidia-librm-library"> librm NVIDIA</h3> 1740 <p> 1741 . - . 1742 </p> 1743 1744 <table> 1745 <col width="19%"> 1746 <col width="20%"> 1747 <col width="10%"> 1748 <col width="23%"> 1749 <col width="17%"> 1750 <tr> 1751 <th>CVE</th> 1752 <th></th> 1753 <th> </th> 1754 <th> Google</th> 1755 <th> </th> 1756 </tr> 1757 <tr> 1758 <td>CVE-2016-8400</td> 1759 <td>A-31251599* 1760 <br>N-CVE-2016-8400</td> 1761 <td></td> 1762 <td>Pixel</td> 1763 <td>29 2016.</td> 1764 </tr> 1765 </table> 1766 <p> 1767 * . Google, <a href="https://developers.google.com/android/nexus/drivers"> </a>. 1768 </p> 1769 1770 <h3 id="id-in-kernel-components"> </h3> 1771 <p> 1772 . , . 1773 </p> 1774 1775 <table> 1776 <col width="19%"> 1777 <col width="20%"> 1778 <col width="10%"> 1779 <col width="23%"> 1780 <col width="17%"> 1781 <tr> 1782 <th>CVE</th> 1783 <th></th> 1784 <th> </th> 1785 <th> Google</th> 1786 <th> </th> 1787 </tr> 1788 <tr> 1789 <td>CVE-2016-8401</td> 1790 <td>A-31494725*</td> 1791 <td></td> 1792 <td>Nexus5X, Nexus6, Nexus6P, Nexus9, AndroidOne, PixelC, Nexus Player, Pixel, PixelXL</td> 1793 <td>13 2016.</td> 1794 </tr> 1795 <tr> 1796 <td>CVE-2016-8402</td> 1797 <td>A-31495231*</td> 1798 <td></td> 1799 <td>Nexus5X, Nexus6, Nexus6P, Nexus9, AndroidOne, PixelC, Nexus Player, Pixel, PixelXL</td> 1800 <td>13 2016.</td> 1801 </tr> 1802 <tr> 1803 <td>CVE-2016-8403</td> 1804 <td>A-31495348*</td> 1805 <td></td> 1806 <td>Nexus9</td> 1807 <td>13 2016.</td> 1808 </tr> 1809 <tr> 1810 <td>CVE-2016-8404</td> 1811 <td>A-31496950*</td> 1812 <td></td> 1813 <td>Nexus9</td> 1814 <td>13 2016.</td> 1815 </tr> 1816 <tr> 1817 <td>CVE-2016-8405</td> 1818 <td>A-31651010*</td> 1819 <td></td> 1820 <td>Nexus5X, Nexus6, Nexus6P, Nexus9, AndroidOne, PixelC, Nexus Player, Pixel, PixelXL</td> 1821 <td>21 2016.</td> 1822 </tr> 1823 <tr> 1824 <td>CVE-2016-8406</td> 1825 <td>A-31796940*</td> 1826 <td></td> 1827 <td>Nexus5X, Nexus6, Nexus6P, Nexus9, AndroidOne, PixelC, Nexus Player, Pixel, PixelXL</td> 1828 <td>27 2016.</td> 1829 </tr> 1830 <tr> 1831 <td>CVE-2016-8407</td> 1832 <td>A-31802656*</td> 1833 <td></td> 1834 <td>Nexus5X, Nexus6, Nexus6P, AndroidOne, Pixel, PixelXL</td> 1835 <td>28 2016.</td> 1836 </tr> 1837 </table> 1838 <p> 1839 * . Google, <a href="https://developers.google.com/android/nexus/drivers"> </a>. 1840 </p> 1841 1842 <h3 id="id-in-nvidia-video-driver-2"> NVIDIA</h3> 1843 <p> 1844 . 1845 , . 1846 </p> 1847 1848 <table> 1849 <col width="19%"> 1850 <col width="20%"> 1851 <col width="10%"> 1852 <col width="23%"> 1853 <col width="17%"> 1854 <tr> 1855 <th>CVE</th> 1856 <th></th> 1857 <th> </th> 1858 <th> Google</th> 1859 <th> </th> 1860 </tr> 1861 <tr> 1862 <td>CVE-2016-8408</td> 1863 <td>A-31496571* 1864 <br>N-CVE-2016-8408</td> 1865 <td></td> 1866 <td>Nexus9</td> 1867 <td>13 2016.</td> 1868 </tr> 1869 <tr> 1870 <td>CVE-2016-8409</td> 1871 <td>A-31495687* 1872 <br>N-CVE-2016-8409</td> 1873 <td></td> 1874 <td>Nexus9</td> 1875 <td>13 2016.</td> 1876 </tr> 1877 </table> 1878 <p> 1879 * . Google, <a href="https://developers.google.com/android/nexus/drivers"> </a>. 1880 </p> 1881 1882 <h3 id="id-in-qualcomm-sound-driver"> Qualcomm</h3> 1883 <p> 1884 . , . 1885 </p> 1886 1887 <table> 1888 <col width="19%"> 1889 <col width="20%"> 1890 <col width="10%"> 1891 <col width="23%"> 1892 <col width="17%"> 1893 <tr> 1894 <th>CVE</th> 1895 <th></th> 1896 <th> </th> 1897 <th> Google</th> 1898 <th> </th> 1899 </tr> 1900 <tr> 1901 <td>CVE-2016-8410</td> 1902 <td>A-31498403<br> 1903 <a href="https://source.codeaurora.org/quic/la//kernel/msm-3.10/commit/?h=e2bbf665187a1f0a1248e4a088823cb182153ba9"> 1904 QC-CR#987010</a></td> 1905 <td></td> 1906 <td>Nexus5X, Nexus6, Nexus6P, Android One</td> 1907 <td> Google</td> 1908 </tr> 1909 </table> 1910 1911 <h2 id="common-questions-and-answers"> </h2> 1912 <p> 1913 , 1914 . 1915 </p> 1916 <p> 1917 <strong>1. , , ? 1918 </strong> 1919 </p> 1920 <p> 1921 , , <a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices"> </a>. 1922 </p> 1923 <ul> 1924 <li> 1 2016 , 2016-12-01.</li> 1925 <li> 5 2016 , 2016-12-05.</li> 1926 </ul> 1927 <p> 1928 , , : 1929 </p> 1930 <ul> 1931 <li>[ro.build.version.security_patch]:[2016-12-01];</li> 1932 <li>[ro.build.version.security_patch]:[2016-12-05].</li> 1933 </ul> 1934 <p> 1935 <strong>2. ?</strong> 1936 </p> 1937 <p> 1938 , , Android. Android . 1939 </p> 1940 <ul> 1941 <li> 1 2016 , , .</li> 1942 <li> 5 2016 , .</li> 1943 </ul> 1944 <p> 1945 . 1946 </p> 1947 <p> 1948 <strong>3. , Google ?</strong> 1949 </p> 1950 <p> 1951 <a href="#2016-12-01-details">2016-12-01</a> <a href="#2016-12-05-details">2016-12-05</a> <em> Google</em>. , . 1952 </p> 1953 <ul> 1954 <li><strong> .</strong> <em></em> <a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices"> Google</a>: Nexus5, Nexus5X, Nexus6, Nexus6P, Nexus7 (2013), Nexus9, AndroidOne, Nexus Player, PixelC, Pixel PixelXL.</li> 1955 <li><strong> .</strong> <em></em> , .</li> 1956 <li><strong>.</strong> Google.<em></em></li> 1957 </ul> 1958 <p> 1959 <strong>4. ""?</strong> 1960 </p> 1961 <p> 1962 <em></em>. 1963 , 1964 , : 1965 </p> 1966 <table> 1967 <tr> 1968 <th></th> 1969 <th></th> 1970 </tr> 1971 <tr> 1972 <td>A-</td> 1973 <td> Android</td> 1974 </tr> 1975 <tr> 1976 <td>QC-</td> 1977 <td> Qualcomm</td> 1978 </tr> 1979 <tr> 1980 <td>M-</td> 1981 <td> MediaTek</td> 1982 </tr> 1983 <tr> 1984 <td>N-</td> 1985 <td> NVIDIA</td> 1986 </tr> 1987 <tr> 1988 <td>B-</td> 1989 <td> Broadcom</td> 1990 </tr> 1991 </table> 1992 <h2 id="revisions"></h2> 1993 <ul> 1994 <li>5 2016. .</li> 1995 <li>7 2016. AOSP CVE-2016-6915, CVE-2016-6916 CVE-2016-6917.</li> 1996 </ul> 1997 1998 </body> 1999 </html> 2000
