1 <html devsite> 2 <head> 3 <title>Android 2016 8 </title> 4 <meta name="project_path" value="/_project.yaml" /> 5 <meta name="book_path" value="/_book.yaml" /> 6 </head> 7 <body> 8 <!-- 9 Copyright 2017 The Android Open Source Project 10 11 Licensed under the Apache License, Version 2.0 (the "License"); 12 you may not use this file except in compliance with the License. 13 You may obtain a copy of the License at 14 15 http://www.apache.org/licenses/LICENSE-2.0 16 17 Unless required by applicable law or agreed to in writing, software 18 distributed under the License is distributed on an "AS IS" BASIS, 19 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 20 See the License for the specific language governing permissions and 21 limitations under the License. 22 --> 23 24 25 26 <p><em>2016 8 1 | 2016 8 2 </em></p> 27 <p>Android Android Google OTA Nexus Nexus <a href="https://developers.google.com/android/nexus/images">Google </a>2016 8 5 <a href="https://support.google.com/nexus/answer/4457705#nexus_devices"></a> 28 </p> 29 <p> 2016 7 6 () Android (AOSP) AOSP 30 </p> 31 <p> 32 </p> 33 <p> <a href="/security/enhancements/index.html">Android </a> ( SafetyNet) Android <a href="#mitigations">Android Google </a> 34 </p> 35 <p> 36 </p> 37 <h2 id="announcements"></h2> 38 <ul> 39 <li> Android Android <a href="#common-questions-and-answers"></a> 40 <ul> 41 <li><strong>2016-08-01</strong> 2016-08-01 () </li> 42 <li><strong>2016-08-05</strong> 2016-08-01 2016-08-05 () </li> 43 </ul> 44 </li> 45 <li> Nexus 2016 8 5 OTA </li> 46 </ul> 47 48 <h2 id="security-vulnerability-summary"></h2> 49 <p> ID (CVE) Nexus <a href="/security/overview/updates-resources.html#severity"></a> 50 </p> 51 52 <h3 id="2016-08-01-security-patch-level-vulnerability-summary">2016-08-01 </h3> 53 <p>2016-08-01 54 </p> 55 <table> 56 <col width="55%"> 57 <col width="20%"> 58 <col width="13%"> 59 <col width="12%"> 60 <tr> 61 <th></th> 62 <th>CVE</th> 63 <th></th> 64 <th> Nexus </th> 65 </tr> 66 <tr> 67 <td></td> 68 <td>CVE-2016-3819CVE-2016-3820CVE-2016-3821</td> 69 <td></td> 70 <td></td> 71 </tr> 72 <tr> 73 <td>libjhead </td> 74 <td>CVE-2016-3822</td> 75 <td></td> 76 <td></td> 77 </tr> 78 <tr> 79 <td></td> 80 <td>CVE-2016-3823CVE-2016-3824CVE-2016-3825CVE-2016-3826</td> 81 <td></td> 82 <td></td> 83 </tr> 84 <tr> 85 <td></td> 86 <td>CVE-2016-3827CVE-2016-3828CVE-2016-3829CVE-2016-3830</td> 87 <td></td> 88 <td></td> 89 </tr> 90 <tr> 91 <td></td> 92 <td>CVE-2016-3831</td> 93 <td></td> 94 <td></td> 95 </tr> 96 <tr> 97 <td>Framework API </td> 98 <td>CVE-2016-3832</td> 99 <td></td> 100 <td></td> 101 </tr> 102 <tr> 103 <td>Shell </td> 104 <td>CVE-2016-3833</td> 105 <td></td> 106 <td></td> 107 </tr> 108 <tr> 109 <td>OpenSSL </td> 110 <td>CVE-2016-2842</td> 111 <td></td> 112 <td>*</td> 113 </tr> 114 <tr> 115 <td> API </td> 116 <td>CVE-2016-3834</td> 117 <td></td> 118 <td></td> 119 </tr> 120 <tr> 121 <td></td> 122 <td>CVE-2016-3835</td> 123 <td></td> 124 <td></td> 125 </tr> 126 <tr> 127 <td>SurfaceFlinger </td> 128 <td>CVE-2016-3836</td> 129 <td></td> 130 <td></td> 131 </tr> 132 <tr> 133 <td>Wi-Fi </td> 134 <td>CVE-2016-3837</td> 135 <td></td> 136 <td></td> 137 </tr> 138 <tr> 139 <td></td> 140 <td>CVE-2016-3838</td> 141 <td></td> 142 <td></td> 143 </tr> 144 <tr> 145 <td></td> 146 <td>CVE-2016-3839</td> 147 <td></td> 148 <td></td> 149 </tr> 150 </table> 151 <p>* Nexus </p> 152 153 <h3 id="2016-08-05-security-patch-level-vulnerability-summary">2016-08-05 154 </h3> 155 <p>2016-08-05 2016-08-01 156 </p> 157 <table> 158 <col width="55%"> 159 <col width="20%"> 160 <col width="13%"> 161 <col width="12%"> 162 <tr> 163 <th></th> 164 <th>CVE</th> 165 <th></th> 166 <th> Nexus </th> 167 </tr> 168 <tr> 169 <td>Qualcomm Qualcomm Wi-Fi </td> 170 <td>CVE-2014-9902</td> 171 <td></td> 172 <td></td> 173 </tr> 174 <tr> 175 <td>Conscrypt </td> 176 <td>CVE-2016-3840</td> 177 <td></td> 178 <td></td> 179 </tr> 180 <tr> 181 <td>Qualcomm </td> 182 <td>CVE-2014-9863CVE-2014-9864CVE-2014-9865CVE-2014-9866CVE-2014-9867CVE-2014-9868CVE-2014-9869CVE-2014-9870CVE-2014-9871CVE-2014-9872CVE-2014-9873CVE-2014-9874CVE-2014-9875CVE-2014-9876CVE-2014-9877CVE-2014-9878CVE-2014-9879CVE-2014-9880CVE-2014-9881CVE-2014-9882CVE-2014-9883CVE-2014-9884CVE-2014-9885CVE-2014-9886CVE-2014-9887CVE-2014-9888CVE-2014-9889CVE-2014-9890CVE-2014-9891CVE-2015-8937CVE-2015-8938CVE-2015-8939CVE-2015-8940CVE-2015-8941CVE-2015-8942CVE-2015-8943</td> 183 <td></td> 184 <td></td> 185 </tr> 186 <tr> 187 <td></td> 188 <td>CVE-2015-2686CVE-2016-3841</td> 189 <td></td> 190 <td></td> 191 </tr> 192 <tr> 193 <td>Qualcomm GPU </td> 194 <td>CVE-2016-2504CVE-2016-3842</td> 195 <td></td> 196 <td></td> 197 </tr> 198 <tr> 199 <td>Qualcomm </td> 200 <td>CVE-2016-3843</td> 201 <td></td> 202 <td></td> 203 </tr> 204 <tr> 205 <td></td> 206 <td>CVE-2016-3857</td> 207 <td></td> 208 <td></td> 209 </tr> 210 <tr> 211 <td></td> 212 <td>CVE-2015-1593CVE-2016-3672</td> 213 <td></td> 214 <td></td> 215 </tr> 216 <tr> 217 <td></td> 218 <td>CVE-2016-2544CVE-2016-2546CVE-2014-9904</td> 219 <td></td> 220 <td></td> 221 </tr> 222 <tr> 223 <td></td> 224 <td>CVE-2012-6701</td> 225 <td></td> 226 <td></td> 227 </tr> 228 <tr> 229 <td></td> 230 <td>CVE-2016-3844</td> 231 <td></td> 232 <td></td> 233 </tr> 234 <tr> 235 <td></td> 236 <td>CVE-2016-3845</td> 237 <td></td> 238 <td></td> 239 </tr> 240 <tr> 241 <td></td> 242 <td>CVE-2016-3846</td> 243 <td></td> 244 <td></td> 245 </tr> 246 <tr> 247 <td>NVIDIA </td> 248 <td>CVE-2016-3847CVE-2016-3848</td> 249 <td></td> 250 <td></td> 251 </tr> 252 <tr> 253 <td>ION </td> 254 <td>CVE-2016-3849</td> 255 <td></td> 256 <td></td> 257 </tr> 258 <tr> 259 <td>Qualcomm </td> 260 <td>CVE-2016-3850</td> 261 <td></td> 262 <td></td> 263 </tr> 264 <tr> 265 <td></td> 266 <td>CVE-2016-3843</td> 267 <td></td> 268 <td></td> 269 </tr> 270 <tr> 271 <td>LG </td> 272 <td>CVE-2016-3851</td> 273 <td></td> 274 <td></td> 275 </tr> 276 <tr> 277 <td>Qualcomm </td> 278 <td>CVE-2014-9892CVE-2014-9893 CVE-2014-9894CVE-2014-9895 CVE-2014-9896CVE-2014-9897 CVE-2014-9898CVE-2014-9899 CVE-2014-9900CVE-2015-8944</td> 279 <td></td> 280 <td></td> 281 </tr> 282 <tr> 283 <td></td> 284 <td>CVE-2014-9903</td> 285 <td></td> 286 <td></td> 287 </tr> 288 <tr> 289 <td>MediaTek Wi-Fi </td> 290 <td>CVE-2016-3852</td> 291 <td></td> 292 <td></td> 293 </tr> 294 <tr> 295 <td>USB </td> 296 <td>CVE-2016-4482</td> 297 <td></td> 298 <td></td> 299 </tr> 300 <tr> 301 <td>Qualcomm </td> 302 <td>CVE-2014-9901</td> 303 <td></td> 304 <td></td> 305 </tr> 306 <tr> 307 <td>Google Play </td> 308 <td>CVE-2016-3853</td> 309 <td></td> 310 <td></td> 311 </tr> 312 <tr> 313 <td>Framework API </td> 314 <td>CVE-2016-2497</td> 315 <td></td> 316 <td></td> 317 </tr> 318 <tr> 319 <td></td> 320 <td>CVE-2016-4578</td> 321 <td></td> 322 <td></td> 323 </tr> 324 <tr> 325 <td></td> 326 <td>CVE-2016-4569CVE-2016-4578</td> 327 <td></td> 328 <td></td> 329 </tr> 330 <tr> 331 <td>Qualcomm </td> 332 <td>CVE-2016-3854CVE-2016-3855CVE-2016-2060</td> 333 <td></td> 334 <td></td> 335 </tr> 336 </table> 337 <h2 id="mitigations">Android Google </h2> 338 <p> <a href="/security/enhancements/index.html">Android </a> SafetyNet Android 339 </p> 340 <ul> 341 <li>Android Android Android</li> 342 <li>Android <a href="http://static.googleusercontent.com/media/source.android.com/en//security/reports/Google_Android_Security_2015_Report_Final.pdf"> SafetyNet</a> <a href="http://static.googleusercontent.com/media/source.android.com/en//security/reports/Google_Android_Security_PHA_classifications.pdf"></a> <a href="http://www.android.com/gms">Google </a> Google Play Google Play Root Root () </li> 343 <li>Google Hangouts Messenger </li> 344 </ul> 345 <h2 id="acknowledgements"></h2> 346 <p> 347 </p> 348 <ul> 349 <li>Google Chrome Abhishek AryaOliver Chang Martin BarbellaCVE-2016-3821CVE-2016-3837</li> 350 <li>Check Point Software Technologies Ltd. Adam Donenfeld et al. 351 CVE-2016-2504</li> 352 <li><a href="http://c0reteam.org">C0RE </a> Chiachih Wu (<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>)Mingjian Zhou (<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>) Xuxian JiangCVE-2016-3844</li> 353 <li><a href="http://c0reteam.org">C0RE </a> Chiachih Wu (<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>)Yuan-Tsung Lo (<a href="mailto:computernik (a] gmail.com">computernik (a] gmail.com)</a> Xuxian Jiang 354 CVE-2016-3857</li> 355 <li>Google David Benjamin Kenny RootCVE-2016-3840</li> 356 <li><a href="http://jaq.alibaba.com"></a> Dawei Peng (<a href="http://weibo.com/u/5622360291">Vinc3nt4H</a>)CVE-2016-3822</li> 357 <li> KeenLab (<a href="https://twitter.com/keen_lab">@keen_lab</a>) Di Shen (<a href="https://twitter.com/returnsme">@returnsme</a>)CVE-2016-3842</li> 358 <li>Google Dianne HackbornCVE-2016-2497</li> 359 <li>Google Dmitry VyukovCVE-2016-3841</li> 360 <li><a href="http://www.360.com"> 360 </a> IceSword Gengjia Chen (<a href="https://twitter.com/chengjia4574">@chengjia4574</a>)pjf (<a href="http://weibo.com/jfpan ">weibo.com/jfpan</a>)CVE-2016-3852</li> 361 <li><a href="http://www.360.com"> 360 </a> Alpha Guang Gong () (<a href="https://twitter.com/oldfresher">@oldfresher</a>) 362 CVE-2016-3834</li> 363 <li>Fortinet FortiGuard Kai Lu (<a href="https://twitter.com/K3vinLuSec">@K3vinLuSec</a>)CVE-2016-3820</li> 364 <li>Kandala Shivaram ReddyDS UppiCVE-2016-3826</li> 365 <li><a href="http://c0reteam.org">C0RE </a> Mingjian Zhou (<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>)Chiachih Wu (<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>) Xuxian JiangCVE-2016-3823CVE-2016-3835CVE-2016-3824CVE-2016-3825</li> 366 <li>Tesla Motors Product Nathan Crandall (<a href="https://twitter.com/natecray">@natecray</a>)CVE-2016-3847CVE-2016-3848</li> 367 <li> Peng XiaoChengming YangNing YouChao Yang Yang SongCVE-2016-3845</li> 368 <li> Peter Pi (<a href="https://twitter.com/heisecode">@heisecode</a>) 369 CVE-2016-3849</li> 370 <li><a href="http://www.wooyun.org/">WooYun TangLab</a> Qianwei Hu (<a href="mailto:rayxcp (a] gmail.com">rayxcp (a] gmail.com</a>)CVE-2016-3846</li> 371 <li> KeenLab (<a href="https://twitter.com/keen_lab">@keen_lab</a>) Qidan He (<a href="https://twitter.com/flanker_hqd">@Flanker_hqd</a>) 372 CVE-2016-3832</li> 373 <li>Google Sharvil NanavatiCVE-2016-3839</li> 374 <li><a href="http://www.isti.tu-berlin.de/security_in_telecommunications">Security in Telecommunications</a> Shinjo Park (<a href="https://twitter.com/ad_ili_rai">@ad_ili_rai</a>) Altaf ShaikCVE-2016-3831</li> 375 <li>Tom RootjunkyCVE-2016-3853</li> 376 <li>Vasily VasilievCVE-2016-3819</li> 377 <li> Weichao Sun (<a href="https://twitter.com/sunblate">@sunblate</a>)CVE-2016-3827CVE-2016-3828CVE-2016-3829</li> 378 <li><a href="http://blog.trendmicro.com/trendlabs-security-intelligence/author/wishwu/"></a> Wish Wu (<a href="http://weibo.com/wishlinux"></a>) (<a href="https://twitter.com/wish_wu">@wish_wu</a>) 379 CVE-2016-3843</li> 380 <li> Xuanwu Yongke Wang (<a href="https://twitter.com/rudykewang">@Rudykewang</a>)CVE-2016-3836</li> 381 </ul> 382 <p> Copperhead Security Daniel MicayJeff Vander Stoep Google Yabin Cui CVE-2016-3843 Grsecurity Brad Spengler 383 </p> 384 <h2 id="2016-08-01-security-patch-level-security-vulnerability-details">2016-08-01 </h2> 385 <p> <a href="#2016-08-01-security-patch-level-vulnerability-summary">2016-08-01 </a> CVE Nexus AOSP () ID ( AOSP ) ID </p> 386 387 <h3 id="remote-code-execution-vulnerability-in-mediaserver"></h3> 388 <p> 389 </p> 390 <p> 391 </p> 392 <table> 393 <col width="18%"> 394 <col width="18%"> 395 <col width="10%"> 396 <col width="19%"> 397 <col width="17%"> 398 <col width="17%"> 399 <tr> 400 <th>CVE</th> 401 <th></th> 402 <th></th> 403 <th> Nexus </th> 404 <th> AOSP </th> 405 <th></th> 406 </tr> 407 <tr> 408 <td>CVE-2016-3819</td> 409 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/590d1729883f700ab905cdc9ad850f3ddd7e1f56"> 410 A-28533562</a></td> 411 <td></td> 412 <td> Nexus </td> 413 <td>4.4.45.0.25.1.16.06.0.1</td> 414 <td>2016 5 2 </td> 415 </tr> 416 <tr> 417 <td>CVE-2016-3820</td> 418 <td><a href="https://android.googlesource.com/platform/external/libavc/+/a78887bcffbc2995cf9ed72e0697acf560875e9e"> 419 A-28673410</a></td> 420 <td></td> 421 <td> Nexus </td> 422 <td>6.06.0.1</td> 423 <td>2016 5 6 </td> 424 </tr> 425 <tr> 426 <td>CVE-2016-3821</td> 427 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/42a25c46b844518ff0d0b920c20c519e1417be69"> 428 A-28166152</a></td> 429 <td></td> 430 <td> Nexus </td> 431 <td>4.4.45.0.25.1.16.06.0.1</td> 432 <td>Google </td> 433 </tr> 434 </table> 435 436 <h3 id="remote-code-execution-vulnerability-in-libjhead">libjhead </h3> 437 <p>libjhead 438 </p> 439 <table> 440 <col width="18%"> 441 <col width="18%"> 442 <col width="10%"> 443 <col width="19%"> 444 <col width="17%"> 445 <col width="17%"> 446 <tr> 447 <th>CVE</th> 448 <th></th> 449 <th></th> 450 <th> Nexus </th> 451 <th> AOSP </th> 452 <th></th> 453 </tr> 454 <tr> 455 <td>CVE-2016-3822</td> 456 <td><a href="https://android.googlesource.com/platform/external/jhead/+/bae671597d47b9e5955c4cb742e468cebfd7ca6b"> 457 A-28868315</a></td> 458 <td></td> 459 <td> Nexus </td> 460 <td>4.4.45.0.25.1.16.06.0.1</td> 461 <td>Google </td> 462 </tr> 463 </table> 464 465 <h3 id="elevation-of-privilege-vulnerability-in-mediaserver"></h3> 466 <p> 467 </p> 468 <table> 469 <col width="18%"> 470 <col width="18%"> 471 <col width="10%"> 472 <col width="19%"> 473 <col width="17%"> 474 <col width="17%"> 475 <tr> 476 <th>CVE</th> 477 <th></th> 478 <th></th> 479 <th> Nexus </th> 480 <th> AOSP </th> 481 <th></th> 482 </tr> 483 <tr> 484 <td>CVE-2016-3823</td> 485 <td><a href="https://android.googlesource.com/platform/hardware/qcom/media/+/7558d03e6498e970b761aa44fff6b2c659202d95"> 486 A-28815329</a></td> 487 <td></td> 488 <td> Nexus </td> 489 <td>4.4.45.0.25.1.16.06.0.1</td> 490 <td>2016 5 17 </td> 491 </tr> 492 <tr> 493 <td>CVE-2016-3824</td> 494 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/b351eabb428c7ca85a34513c64601f437923d576"> 495 A-28816827</a></td> 496 <td></td> 497 <td> Nexus </td> 498 <td>4.4.45.0.25.1.16.06.0.1</td> 499 <td>2016 5 17 </td> 500 </tr> 501 <tr> 502 <td>CVE-2016-3825</td> 503 <td><a href="https://android.googlesource.com/platform/hardware/qcom/media/+/d575ecf607056d8e3328ef2eb56c52e98f81e87d"> 504 A-28816964</a></td> 505 <td></td> 506 <td> Nexus </td> 507 <td>5.0.25.1.16.06.0.1</td> 508 <td>2016 5 17 </td> 509 </tr> 510 <tr> 511 <td>CVE-2016-3826</td> 512 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/9cd8c3289c91254b3955bd7347cf605d6fa032c6"> 513 A-29251553</a></td> 514 <td></td> 515 <td> Nexus </td> 516 <td>4.4.45.0.25.1.16.06.0.1</td> 517 <td>2016 6 9 </td> 518 </tr> 519 </table> 520 521 <h3 id="denial-of-service-vulnerability-in-mediaserver"></h3> 522 <p> 523 </p> 524 <table> 525 <col width="18%"> 526 <col width="18%"> 527 <col width="10%"> 528 <col width="19%"> 529 <col width="17%"> 530 <col width="17%"> 531 <tr> 532 <th>CVE</th> 533 <th></th> 534 <th></th> 535 <th> Nexus </th> 536 <th> AOSP </th> 537 <th></th> 538 </tr> 539 <tr> 540 <td>CVE-2016-3827</td> 541 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/a4567c66f4764442c6cb7b5c1858810194480fb5"> 542 A-28816956</a></td> 543 <td></td> 544 <td> Nexus </td> 545 <td>6.0.1</td> 546 <td>2016 5 16 </td> 547 </tr> 548 <tr> 549 <td>CVE-2016-3828</td> 550 <td><a href="https://android.googlesource.com/platform/external/libavc/+/7554755536019e439433c515eeb44e701fb3bfb2"> 551 A-28835995</a></td> 552 <td></td> 553 <td> Nexus </td> 554 <td>6.06.0.1</td> 555 <td>2016 5 17 </td> 556 </tr> 557 <tr> 558 <td>CVE-2016-3829</td> 559 <td><a href="https://android.googlesource.com/platform/external/libavc/+/326fe991a4b7971e8aeaf4ac775491dd8abd85bb"> 560 A-29023649</a></td> 561 <td></td> 562 <td> Nexus </td> 563 <td>6.06.0.1</td> 564 <td>2016 5 27 </td> 565 </tr> 566 <tr> 567 <td>CVE-2016-3830</td> 568 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/8e438e153f661e9df8db0ac41d587e940352df06"> 569 A-29153599</a></td> 570 <td></td> 571 <td> Nexus </td> 572 <td>4.4.45.0.25.1.16.06.0.1</td> 573 <td>Google </td> 574 </tr> 575 </table> 576 577 <h3 id="denial-of-service-vulnerability-in-system-clock"></h3> 578 <p> 579 </p> 580 <table> 581 <col width="18%"> 582 <col width="18%"> 583 <col width="10%"> 584 <col width="19%"> 585 <col width="17%"> 586 <col width="17%"> 587 <tr> 588 <th>CVE</th> 589 <th></th> 590 <th></th> 591 <th> Nexus </th> 592 <th> AOSP </th> 593 <th></th> 594 </tr> 595 <tr> 596 <td>CVE-2016-3831</td> 597 <td><a href="https://android.googlesource.com/platform/frameworks/opt/telephony/+/f47bc301ccbc5e6d8110afab5a1e9bac1d4ef058"> 598 A-29083635</a></td> 599 <td></td> 600 <td> Nexus </td> 601 <td>4.4.45.0.25.1.16.06.0.1</td> 602 <td>2016 5 31 </td> 603 </tr> 604 </table> 605 606 <h3 id="elevation-of-privilege-vulnerability-in-framework-apis">Framework API </h3> 607 <p>Framework API 608 </p> 609 <table> 610 <col width="18%"> 611 <col width="17%"> 612 <col width="10%"> 613 <col width="19%"> 614 <col width="18%"> 615 <col width="17%"> 616 <tr> 617 <th>CVE</th> 618 <th></th> 619 <th></th> 620 <th> Nexus </th> 621 <th> AOSP </th> 622 <th></th> 623 </tr> 624 <tr> 625 <td>CVE-2016-3832</td> 626 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/e7cf91a198de995c7440b3b64352effd2e309906"> 627 A-28795098</a></td> 628 <td></td> 629 <td> Nexus </td> 630 <td>4.4.45.0.25.1.16.06.0.1</td> 631 <td>2016 5 15 </td> 632 </tr> 633 </table> 634 635 <h3 id="elevation-of-privilege-vulnerability-in-shell">Shell </h3> 636 <p>Shell () 637 </p> 638 <table> 639 <col width="18%"> 640 <col width="17%"> 641 <col width="10%"> 642 <col width="19%"> 643 <col width="17%"> 644 <col width="18%"> 645 <tr> 646 <th>CVE</th> 647 <th></th> 648 <th></th> 649 <th> Nexus </th> 650 <th> AOSP </th> 651 <th></th> 652 </tr> 653 <tr> 654 <td>CVE-2016-3833</td> 655 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/01875b0274e74f97edf6b0d5c92de822e0555d03"> 656 A-29189712</a> 657 [<a href="https://android.googlesource.com/platform/frameworks/base/+/4e4743a354e26467318b437892a9980eb9b8328a">2</a>]</td> 658 <td></td> 659 <td> Nexus </td> 660 <td>5.0.25.1.16.06.0.1</td> 661 <td>Google </td> 662 </tr> 663 </table> 664 665 <h3 id="information-disclosure-vulnerability-in-openssl">OpenSSL </h3> 666 <p>OpenSSL 667 </p> 668 <table> 669 <col width="18%"> 670 <col width="18%"> 671 <col width="10%"> 672 <col width="19%"> 673 <col width="17%"> 674 <col width="17%"> 675 <tr> 676 <th>CVE</th> 677 <th></th> 678 <th></th> 679 <th> Nexus </th> 680 <th> AOSP </th> 681 <th></th> 682 </tr> 683 <tr> 684 <td>CVE-2016-2842</td> 685 <td>A-29060514</td> 686 <td>*</td> 687 <td> Nexus </td> 688 <td>4.4.45.0.25.1.1</td> 689 <td>2016 3 29 </td> 690 </tr> 691 </table> 692 <p>* Nexus </p> 693 694 <h3 id="information-disclosure-vulnerability-in-camera-apis"> API </h3> 695 <p> API 696 </p> 697 <table> 698 <col width="18%"> 699 <col width="17%"> 700 <col width="10%"> 701 <col width="19%"> 702 <col width="18%"> 703 <col width="17%"> 704 <tr> 705 <th>CVE</th> 706 <th></th> 707 <th></th> 708 <th> Nexus </th> 709 <th> AOSP </th> 710 <th></th> 711 </tr> 712 <tr> 713 <td>CVE-2016-3834</td> 714 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/1f24c730ab6ca5aff1e3137b340b8aeaeda4bdbc"> 715 A-28466701</a></td> 716 <td></td> 717 <td> Nexus </td> 718 <td>4.4.45.0.25.1.16.06.0.1</td> 719 <td>2016 4 28 </td> 720 </tr> 721 </table> 722 723 <h3 id="information-disclosure-vulnerability-in-mediaserver"></h3> 724 <p> 725 </p> 726 <table> 727 <col width="18%"> 728 <col width="17%"> 729 <col width="10%"> 730 <col width="19%"> 731 <col width="18%"> 732 <col width="17%"> 733 <tr> 734 <th>CVE</th> 735 <th></th> 736 <th></th> 737 <th> Nexus </th> 738 <th> AOSP </th> 739 <th></th> 740 </tr> 741 <tr> 742 <td>CVE-2016-3835</td> 743 <td><a href="https://android.googlesource.com/platform/hardware/qcom/media/+/7558d03e6498e970b761aa44fff6b2c659202d95"> 744 A-28920116</a></td> 745 <td></td> 746 <td> Nexus </td> 747 <td>4.4.45.0.25.1.16.06.0.1</td> 748 <td>2016 5 23 </td> 749 </tr> 750 </table> 751 752 <h3 id="information-disclosure-vulnerability-in-surfaceflinger">SurfaceFlinger </h3> 753 <p>SurfaceFlinger 754 </p> 755 <table> 756 <col width="18%"> 757 <col width="18%"> 758 <col width="10%"> 759 <col width="19%"> 760 <col width="17%"> 761 <col width="17%"> 762 <tr> 763 <th>CVE</th> 764 <th></th> 765 <th></th> 766 <th> Nexus </th> 767 <th> AOSP </th> 768 <th></th> 769 </tr> 770 <tr> 771 <td>CVE-2016-3836</td> 772 <td><a href="https://android.googlesource.com/platform/frameworks/native/+/3bcf0caa8cca9143443814b36676b3bae33a4368"> 773 A-28592402</a></td> 774 <td></td> 775 <td> Nexus </td> 776 <td>5.0.25.1.16.06.0.1</td> 777 <td>2016 5 4 </td> 778 </tr> 779 </table> 780 781 <h3 id="information-disclosure-vulnerability-in-wi-fi">Wi-Fi </h3> 782 <p>Wi-Fi 783 </p> 784 <table> 785 <col width="18%"> 786 <col width="18%"> 787 <col width="10%"> 788 <col width="19%"> 789 <col width="17%"> 790 <col width="17%"> 791 <tr> 792 <th>CVE</th> 793 <th></th> 794 <th></th> 795 <th> Nexus </th> 796 <th> AOSP </th> 797 <th></th> 798 </tr> 799 <tr> 800 <td>CVE-2016-3837</td> 801 <td><a href="https://android.googlesource.com/platform/frameworks/opt/net/wifi/+/a209ff12ba9617c10550678ff93d01fb72a33399"> 802 A-28164077</a></td> 803 <td></td> 804 <td> Nexus </td> 805 <td>5.0.25.1.16.06.0.1</td> 806 <td>Google </td> 807 </tr> 808 </table> 809 810 <h3 id="denial-of-service-vulnerability-in-system-ui"></h3> 811 <p> 119 812 </p> 813 <table> 814 <col width="18%"> 815 <col width="18%"> 816 <col width="10%"> 817 <col width="19%"> 818 <col width="17%"> 819 <col width="17%"> 820 <tr> 821 <th>CVE</th> 822 <th></th> 823 <th></th> 824 <th> Nexus </th> 825 <th> AOSP </th> 826 <th></th> 827 </tr> 828 <tr> 829 <td>CVE-2016-3838</td> 830 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/468651c86a8adb7aa56c708d2348e99022088af3"> 831 A-28761672</a></td> 832 <td></td> 833 <td> Nexus </td> 834 <td>6.06.0.1</td> 835 <td>Google </td> 836 </tr> 837 </table> 838 839 <h3 id="denial-of-service-vulnerability-in-bluetooth"></h3> 840 <p> 841 </p> 842 <table> 843 <col width="18%"> 844 <col width="17%"> 845 <col width="10%"> 846 <col width="19%"> 847 <col width="18%"> 848 <col width="17%"> 849 <tr> 850 <th>CVE</th> 851 <th></th> 852 <th></th> 853 <th> Nexus </th> 854 <th> AOSP </th> 855 <th></th> 856 </tr> 857 <tr> 858 <td>CVE-2016-3839</td> 859 <td><a href="https://android.googlesource.com/platform/system/bt/+/472271b153c5dc53c28beac55480a8d8434b2d5c"> 860 A-28885210</a></td> 861 <td></td> 862 <td> Nexus </td> 863 <td>4.4.45.0.25.1.16.06.0.1</td> 864 <td>Google </td> 865 </tr> 866 </table> 867 <h2 id="2016-08-05-security-patch-level-vulnerability-details">2016-08-05 </h2> 868 <p> <a href="#2016-08-05-security-patch-level-vulnerability-summary">2016-08-05 </a> CVE Nexus AOSP () ID ( AOSP ) ID </p> 869 870 <h3 id="remote-code-execution-vulnerability-in-qualcomm-wi-fi-driver"> 871 Qualcomm Wi-Fi </h3> 872 <p>Qualcomm Wi-Fi 873 </p> 874 <table> 875 <col width="19%"> 876 <col width="20%"> 877 <col width="10%"> 878 <col width="23%"> 879 <col width="17%"> 880 <tr> 881 <th>CVE</th> 882 <th></th> 883 <th></th> 884 <th> Nexus </th> 885 <th></th> 886 </tr> 887 <tr> 888 <td>CVE-2014-9902</td> 889 <td>A-28668638 890 <p> 891 <a href="https://us.codeaurora.org/cgit/quic/la//platform/vendor/qcom-opensource/wlan/prima/commit/?id=3b1c44a3a7129dc25abe2c23543f6f66c59e8f50"> 892 QC-CR#553937</a><br> 893 <a href="https://us.codeaurora.org/cgit/quic/la//platform/vendor/qcom-opensource/wlan/prima/commit/?id=3b1c44a3a7129dc25abe2c23543f6f66c59e8f50"> 894 QC-CR#553941</a> 895 </p> 896 </td> 897 <td></td> 898 <td>Nexus 7 (2013)</td> 899 <td>2014 3 31 </td> 900 </tr> 901 </table> 902 903 <h3 id="remote-code-execution-vulnerability-in-conscrypt">Conscrypt </h3> 904 <p>Conscrypt 905 </p> 906 <table> 907 <col width="18%"> 908 <col width="18%"> 909 <col width="10%"> 910 <col width="19%"> 911 <col width="17%"> 912 <col width="17%"> 913 <tr> 914 <th>CVE</th> 915 <th></th> 916 <th></th> 917 <th> Nexus </th> 918 <th> AOSP </th> 919 <th></th> 920 </tr> 921 <tr> 922 <td>CVE-2016-3840</td> 923 <td><a href="https://android.googlesource.com/platform/external/conscrypt/+/5af5e93463f4333187e7e35f3bd2b846654aa214"> 924 A-28751153</a></td> 925 <td></td> 926 <td> Nexus </td> 927 <td>4.4.45.0.25.1.16.06.0.1</td> 928 <td>Google </td> 929 </tr> 930 </table> 931 932 <h3 id="elevation-of-privilege-vulnerability-in-qualcomm-components">Qualcomm </h3> 933 <p> Qualcomm 934 </p> 935 <p> (Re-flash) 936 </p> 937 <table> 938 <col width="19%"> 939 <col width="20%"> 940 <col width="10%"> 941 <col width="23%"> 942 <col width="17%"> 943 <tr> 944 <th>CVE</th> 945 <th></th> 946 <th></th> 947 <th> Nexus </th> 948 <th></th> 949 </tr> 950 <tr> 951 <td>CVE-2014-9863</td> 952 <td>A-28768146 953 <p> 954 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=75eac48a48562f819f50eeff8369b296d89102d7"> 955 QC-CR#549470</a> 956 </p> 957 </td> 958 <td></td> 959 <td>Nexus 5Nexus 7 (2013)</td> 960 <td>2014 4 30 </td> 961 </tr> 962 <tr> 963 <td>CVE-2014-9864</td> 964 <td>A-28747998 965 <p> 966 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=a1124defc680055e2f2a8c8e3da4a94ca2ec842e"> 967 QC-CR#561841</a> 968 </p></td> 969 <td></td> 970 <td>Nexus 5Nexus 7 (2013)</td> 971 <td>2014 3 27 </td> 972 </tr> 973 <tr> 974 <td>CVE-2014-9865</td> 975 <td>A-28748271 976 <p> 977 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=e65a876a155de945e306f2726f3a557415e6044e"> 978 QC-CR#550013</a> 979 </p> 980 </td> 981 <td></td> 982 <td>Nexus 5Nexus 7 (2013)</td> 983 <td>2014 3 27 </td> 984 </tr> 985 <tr> 986 <td>CVE-2014-9866</td> 987 <td>A-28747684 988 <p> 989 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=8e6daae70422ad35146a87700e6634a747d1ff5d"> 990 QC-CR#511358</a> 991 </p> 992 </td> 993 <td></td> 994 <td>Nexus 5Nexus 7 (2013)</td> 995 <td>2014 3 31 </td> 996 </tr> 997 <tr> 998 <td>CVE-2014-9867</td> 999 <td>A-28749629 1000 <p> 1001 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=322c518689a7f820165ca4c5d6b750b02ac34665"> 1002 QC-CR#514702</a> 1003 </p> 1004 </td> 1005 <td></td> 1006 <td>Nexus 5Nexus 7 (2013)</td> 1007 <td>2014 3 31 </td> 1008 </tr> 1009 <tr> 1010 <td>CVE-2014-9868</td> 1011 <td>A-28749721 1012 <p> 1013 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=1f274b74c00187ba1c379971503f51944148b22f"> 1014 QC-CR#511976</a> 1015 </p> 1016 </td> 1017 <td></td> 1018 <td>Nexus 5Nexus 7 (2013)</td> 1019 <td>2014 3 31 </td> 1020 </tr> 1021 <tr> 1022 <td>CVE-2014-9869</td> 1023 <td>A-28749728 1024 <p> 1025 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=8d1f7531ff379befc129a6447642061e87562bca"> 1026 QC-CR#514711</a> 1027 [<a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=7a26934e4196b4aa61944081989189d59b108768">2</a>] 1028 </p> 1029 </td> 1030 <td></td> 1031 <td>Nexus 5Nexus 7 (2013)</td> 1032 <td>2014 3 31 </td> 1033 </tr> 1034 <tr> 1035 <td>CVE-2014-9870</td> 1036 <td>A-28749743 1037 <p> 1038 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm/commit/?id=4f57652fcd2dce7741f1ac6dc0417e2f265cd1de"> 1039 QC-CR#561044</a> 1040 </p> 1041 </td> 1042 <td></td> 1043 <td>Nexus 5Nexus 7 (2013)</td> 1044 <td>2014 3 31 </td> 1045 </tr> 1046 <tr> 1047 <td>CVE-2014-9871</td> 1048 <td>A-28749803 1049 <p> 1050 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=f615e40c706708f74cd826d5b19c63025f54c041"> 1051 QC-CR#514717</a> 1052 </p> 1053 </td> 1054 <td></td> 1055 <td>Nexus 5Nexus 7 (2013)</td> 1056 <td>2014 3 31 </td> 1057 </tr> 1058 <tr> 1059 <td>CVE-2014-9872</td> 1060 <td>A-28750155 1061 <p> 1062 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=fc787ebd71fa231cc7dd2a0d5f2208da0527096a"> 1063 QC-CR#590721</a> 1064 </p> 1065 </td> 1066 <td></td> 1067 <td>Nexus 5</td> 1068 <td>2014 3 31 </td> 1069 </tr> 1070 <tr> 1071 <td>CVE-2014-9873</td> 1072 <td>A-28750726 1073 <p> 1074 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm/commit/?id=ef29ae1d40536fef7fb95e4d5bb5b6b57bdf9420"> 1075 QC-CR#556860</a> 1076 </p> 1077 </td> 1078 <td></td> 1079 <td>Nexus 5Nexus 7 (2013)</td> 1080 <td>2014 3 31 </td> 1081 </tr> 1082 <tr> 1083 <td>CVE-2014-9874</td> 1084 <td>A-28751152 1085 <p> 1086 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm/commit/?id=56ff68b1f93eaf22e5e0284648fd862dc08c9236"> 1087 QC-CR#563086</a> 1088 </p> 1089 </td> 1090 <td></td> 1091 <td>Nexus 5Nexus 5XNexus 6PNexus 7 (2013)</td> 1092 <td>2014 3 31 </td> 1093 </tr> 1094 <tr> 1095 <td>CVE-2014-9875</td> 1096 <td>A-28767589 1097 <p> 1098 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=b77c694b88a994d077316c157168c710696f8805"> 1099 QC-CR#483310</a> 1100 </p> 1101 </td> 1102 <td></td> 1103 <td>Nexus 7 (2013)</td> 1104 <td>2014 4 30 </td> 1105 </tr> 1106 <tr> 1107 <td>CVE-2014-9876</td> 1108 <td>A-28767796 1109 <p> 1110 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=7efd393ca08ac74b2e3d2639b0ad77da139e9139"> 1111 QC-CR#483408</a> 1112 </p> 1113 </td> 1114 <td></td> 1115 <td>Nexus 5Nexus 5XNexus 6Nexus 6PNexus 7 (2013)</td> 1116 <td>2014 4 30 </td> 1117 </tr> 1118 <tr> 1119 <td>CVE-2014-9877</td> 1120 <td>A-28768281 1121 <p> 1122 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=f0c0112a6189747a3f24f20210157f9974477e03"> 1123 QC-CR#547231</a> 1124 </p> 1125 </td> 1126 <td></td> 1127 <td>Nexus 5Nexus 7 (2013)</td> 1128 <td>2014 4 30 </td> 1129 </tr> 1130 <tr> 1131 <td>CVE-2014-9878</td> 1132 <td>A-28769208 1133 <p> 1134 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=96a62c1de93a44e6ca69514411baf4b3d67f6dee"> 1135 QC-CR#547479</a> 1136 </p> 1137 </td> 1138 <td></td> 1139 <td>Nexus 5</td> 1140 <td>2014 4 30 </td> 1141 </tr> 1142 <tr> 1143 <td>CVE-2014-9879</td> 1144 <td>A-28769221 1145 <p> 1146 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=ecc8116e1befb3a764109f47ba0389434ddabbe4"> 1147 QC-CR#524490</a> 1148 </p> 1149 </td> 1150 <td></td> 1151 <td>Nexus 5</td> 1152 <td>2014 4 30 </td> 1153 </tr> 1154 <tr> 1155 <td>CVE-2014-9880</td> 1156 <td>A-28769352 1157 <p> 1158 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=f2a3f5e63e15e97a66e8f5a300457378bcb89d9c"> 1159 QC-CR#556356</a> 1160 </p> 1161 </td> 1162 <td></td> 1163 <td>Nexus 7 (2013)</td> 1164 <td>2014 4 30 </td> 1165 </tr> 1166 <tr> 1167 <td>CVE-2014-9881</td> 1168 <td>A-28769368 1169 <p> 1170 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=ba3f404a10b3bb7e9c20440837df3cd35c5d0c4b"> 1171 QC-CR#539008</a> 1172 </p> 1173 </td> 1174 <td></td> 1175 <td>Nexus 7 (2013)</td> 1176 <td>2014 4 30 </td> 1177 </tr> 1178 <tr> 1179 <td>CVE-2014-9882</td> 1180 <td>A-28769546 1181 <p> 1182 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=3a4ebaac557a9e3fbcbab4561650abac8298a4d9"> 1183 QC-CR#552329</a> 1184 [<a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=0f6afe815b1b3f920f3502be654c848bdfe5ef38">2</a>]</p> 1185 </td> 1186 <td></td> 1187 <td>Nexus 7 (2013)</td> 1188 <td>2014 4 30 </td> 1189 </tr> 1190 <tr> 1191 <td>CVE-2014-9883</td> 1192 <td>A-28769912 1193 <p> 1194 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=cbf79a67348e48557c0d0bb9bc58391b3f84bc46"> 1195 QC-CR#565160</a> 1196 </p> 1197 </td> 1198 <td></td> 1199 <td>Nexus 5Nexus 7 (2013)</td> 1200 <td>2014 4 30 </td> 1201 </tr> 1202 <tr> 1203 <td>CVE-2014-9884</td> 1204 <td>A-28769920 1205 <p> 1206 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=f4948193c46f75e16d4382c4472485ab12b7bd17"> 1207 QC-CR#580740</a> 1208 </p> 1209 </td> 1210 <td></td> 1211 <td>Nexus 5Nexus 7 (2013)</td> 1212 <td>2014 4 30 </td> 1213 </tr> 1214 <tr> 1215 <td>CVE-2014-9885</td> 1216 <td>A-28769959 1217 <p> 1218 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=a1d5a4cbd5aa8656bc23b40c7cc43941e10f89c3"> 1219 QC-CR#562261</a> 1220 </p> 1221 </td> 1222 <td></td> 1223 <td>Nexus 5</td> 1224 <td>2014 4 30 </td> 1225 </tr> 1226 <tr> 1227 <td>CVE-2014-9886</td> 1228 <td>A-28815575 1229 <p> 1230 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=80be0e249c906704085d13d4ae446f73913fc225"> 1231 QC-CR#555030</a> 1232 </p> 1233 </td> 1234 <td></td> 1235 <td>Nexus 5Nexus 7 (2013)</td> 1236 <td>2014 4 30 </td> 1237 </tr> 1238 <tr> 1239 <td>CVE-2014-9887</td> 1240 <td>A-28804057 1241 <p> 1242 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm-3.10/commit/?id=b1bc773cf61265e0e3871b2e52bd6b3270ffc6c3"> 1243 QC-CR#636633</a> 1244 </p> 1245 </td> 1246 <td></td> 1247 <td>Nexus 5Nexus 7 (2013)</td> 1248 <td>2014 7 3 </td> 1249 </tr> 1250 <tr> 1251 <td>CVE-2014-9888</td> 1252 <td>A-28803642 1253 <p> 1254 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=f044936caab337a4384fbfe64a4cbae33c7e22a1"> 1255 QC-CR#642735</a> 1256 </p> 1257 </td> 1258 <td></td> 1259 <td>Nexus 5Nexus 7 (2013)</td> 1260 <td>2014 8 29 </td> 1261 </tr> 1262 <tr> 1263 <td>CVE-2014-9889</td> 1264 <td>A-28803645 1265 <p> 1266 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit?id=f4e2f2d4ef58c88340774099dff3324ec8baa24a"> 1267 QC-CR#674712</a> 1268 </p></td> 1269 <td></td> 1270 <td>Nexus 5</td> 1271 <td>2014 10 31 </td> 1272 </tr> 1273 <tr> 1274 <td>CVE-2015-8937</td> 1275 <td>A-28803962 1276 <p> 1277 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm-3.10/commit/?id=c66202b9288cc4ab1c38f7c928fa1005c285c170"> 1278 QC-CR#770548</a> 1279 </p> 1280 </td> 1281 <td></td> 1282 <td>Nexus 5Nexus 6Nexus 7 (2013)</td> 1283 <td>2015 3 31 </td> 1284 </tr> 1285 <tr> 1286 <td>CVE-2015-8938</td> 1287 <td>A-28804030 1288 <p> 1289 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm-3.10/commit/?id=51c39420e3a49d1a7f05a77c64369b7623088238"> 1290 QC-CR#766022</a></p></td> 1291 <td></td> 1292 <td>Nexus 6</td> 1293 <td>2015 3 31 </td> 1294 </tr> 1295 <tr> 1296 <td>CVE-2015-8939</td> 1297 <td>A-28398884 1298 <p> 1299 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=884cff808385788fa620833c7e2160a4b98a21da"> 1300 QC-CR#779021</a></p></td> 1301 <td></td> 1302 <td>Nexus 7 (2013)</td> 1303 <td>2015 4 30 </td> 1304 </tr> 1305 <tr> 1306 <td>CVE-2015-8940</td> 1307 <td>A-28813987 1308 <p> 1309 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm-3.10/commit/?id=e13ebd727d161db7003be6756e61283dce85fa3b"> 1310 QC-CR#792367</a></p></td> 1311 <td></td> 1312 <td>Nexus 6</td> 1313 <td>2015 4 30 </td> 1314 </tr> 1315 <tr> 1316 <td>CVE-2015-8941</td> 1317 <td>A-28814502 1318 <p> 1319 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm-3.10/commit/?id=d4d4d1dd626b21e68e78395bab3382c1eb04877f"> 1320 QC-CR#792473</a></p></td> 1321 <td></td> 1322 <td>Nexus 6Nexus 7 (2013)</td> 1323 <td>2015 5 29 </td> 1324 </tr> 1325 <tr> 1326 <td>CVE-2015-8942</td> 1327 <td>A-28814652 1328 <p> 1329 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm-3.10/commit/?id=9ec380c06bbd79493828fcc3c876d8a53fd3369f"> 1330 QC-CR#803246</a></p></td> 1331 <td></td> 1332 <td>Nexus 6</td> 1333 <td>2015 6 30 </td> 1334 </tr> 1335 <tr> 1336 <td>CVE-2015-8943</td> 1337 <td>A-28815158 1338 <p> 1339 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm/commit/?id=ad376e4053b87bd58f62f45b6df2c5544bc21aee"> 1340 QC-CR#794217</a></p> 1341 <p> 1342 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm/commit/?id=ad376e4053b87bd58f62f45b6df2c5544bc21aee"> 1343 QC-CR#836226</a></p></td> 1344 <td></td> 1345 <td>Nexus 5</td> 1346 <td>2015 9 11 </td> 1347 </tr> 1348 <tr> 1349 <td>CVE-2014-9891</td> 1350 <td>A-28749283 1351 <p> 1352 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=c10f03f191307f7114af89933f2d91b830150094"> 1353 QC-CR#550061</a></p></td> 1354 <td></td> 1355 <td>Nexus 5</td> 1356 <td>2014 3 13 </td> 1357 </tr> 1358 <tr> 1359 <td>CVE-2014-9890</td> 1360 <td>A-28770207 1361 <p> 1362 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm-3.10/commit/?id=14e0c8614d2715589583d8a95e33c422d110eb6f"> 1363 QC-CR#529177</a></p></td> 1364 <td></td> 1365 <td>Nexus 5Nexus 7 (2013)</td> 1366 <td>2014 6 2 </td> 1367 </tr> 1368 </table> 1369 1370 <h3 id="elevation-of-privilege-vulnerability-in-kernel-networking-component"></h3> 1371 <p> (Re-flash) 1372 </p> 1373 <table> 1374 <col width="19%"> 1375 <col width="20%"> 1376 <col width="10%"> 1377 <col width="23%"> 1378 <col width="17%"> 1379 <tr> 1380 <th>CVE</th> 1381 <th></th> 1382 <th></th> 1383 <th> Nexus </th> 1384 <th></th> 1385 </tr> 1386 <tr> 1387 <td>CVE-2015-2686</td> 1388 <td>A-28759139 1389 <p> 1390 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4de930efc23b92ddf88ce91c405ee645fe6e27ea"> 1391 </a></p></td> 1392 <td></td> 1393 <td> Nexus </td> 1394 <td>2015 3 23 </td> 1395 </tr> 1396 <tr> 1397 <td>CVE-2016-3841</td> 1398 <td>A-28746669 1399 <p> 1400 <a href="https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=45f6fad84cc305103b28d73482b344d7f5b76f39"> 1401 </a></p></td> 1402 <td></td> 1403 <td> Nexus </td> 1404 <td>2015 12 3 </td> 1405 </tr> 1406 </table> 1407 1408 <h3 id="elevation-of-privilege-vulnerability-in-qualcomm-gpu-driver">Qualcomm GPU </h3> 1409 <p>Qualcomm GPU (Re-flash) 1410 </p> 1411 <table> 1412 <col width="19%"> 1413 <col width="20%"> 1414 <col width="10%"> 1415 <col width="23%"> 1416 <col width="17%"> 1417 <tr> 1418 <th>CVE</th> 1419 <th></th> 1420 <th></th> 1421 <th> Nexus </th> 1422 <th></th> 1423 </tr> 1424 <tr> 1425 <td>CVE-2016-2504</td> 1426 <td>A-28026365 1427 <p>QC-CR#1002974</p></td> 1428 <td></td> 1429 <td>Nexus 5Nexus 5XNexus 6Nexus 6PNexus 7 (2013)</td> 1430 <td>2016 4 5 </td> 1431 </tr> 1432 <tr> 1433 <td>CVE-2016-3842</td> 1434 <td>A-28377352 1435 <p> 1436 QC-CR#1002974</p></td> 1437 <td></td> 1438 <td>Nexus 5XNexus 6Nexus 6P</td> 1439 <td>2016 4 25 </td> 1440 </tr> 1441 </table> 1442 <p>* Nexus <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> 1443 </p> 1444 1445 1446 <h3 id="elevation-of-privilege-vulnerability-in-qualcomm-performance-component">Qualcomm </h3> 1447 <p>Qualcomm (Re-flash) 1448 </p> 1449 <p class="note"> 1450 <strong></strong> A-29119870 1451 </p> 1452 <table> 1453 <col width="19%"> 1454 <col width="20%"> 1455 <col width="10%"> 1456 <col width="23%"> 1457 <col width="17%"> 1458 <tr> 1459 <th>CVE</th> 1460 <th></th> 1461 <th></th> 1462 <th> Nexus </th> 1463 <th></th> 1464 </tr> 1465 <tr> 1466 <td>CVE-2016-3843</td> 1467 <td>A-28086229* 1468 <p> 1469 QC-CR#1011071</p></td> 1470 <td></td> 1471 <td>Nexus 5XNexus 6P</td> 1472 <td>2016 4 7 </td> 1473 </tr> 1474 </table> 1475 <p>* Nexus <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> 1476 </p> 1477 1478 <h3 id="elevation-of-privilege-vulnerability-in-kernel"></h3> 1479 <p> (Re-flash) 1480 </p> 1481 <table> 1482 <col width="19%"> 1483 <col width="20%"> 1484 <col width="10%"> 1485 <col width="23%"> 1486 <col width="17%"> 1487 <tr> 1488 <th>CVE</th> 1489 <th></th> 1490 <th></th> 1491 <th> Nexus </th> 1492 <th></th> 1493 </tr> 1494 <tr> 1495 <td>CVE-2016-3857</td> 1496 <td>A-28522518*</td> 1497 <td></td> 1498 <td>Nexus 7 (2013)</td> 1499 <td>2016 5 2 </td> 1500 </tr> 1501 </table> 1502 <p>* Nexus <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> 1503 </p> 1504 1505 <h3 id="elevation-of-privilege-vulnerability-in-kernel-memory-system"></h3> 1506 <p> 1507 </p> 1508 <table> 1509 <col width="19%"> 1510 <col width="20%"> 1511 <col width="10%"> 1512 <col width="23%"> 1513 <col width="17%"> 1514 <tr> 1515 <th>CVE</th> 1516 <th></th> 1517 <th></th> 1518 <th> Nexus </th> 1519 <th></th> 1520 </tr> 1521 <tr> 1522 <td>CVE-2015-1593</td> 1523 <td>A-29577822 1524 <p> 1525 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4e7c22d447bb6d7e37bfe39ff658486ae78e8d77"> 1526 </a></p></td> 1527 <td></td> 1528 <td>Nexus Player</td> 1529 <td>2015 2 13 </td> 1530 </tr> 1531 <tr> 1532 <td>CVE-2016-3672</td> 1533 <td>A-28763575 1534 <p> 1535 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=8b8addf891de8a00e4d39fc32f93f7c5eb8feceb"> 1536 </a></p></td> 1537 <td></td> 1538 <td>Nexus Player</td> 1539 <td>2016 3 25 </td> 1540 </tr> 1541 </table> 1542 1543 <h3 id="elevation-of-privilege-vulnerability-in-kernel-sound-component"></h3> 1544 <p> 1545 </p> 1546 <table> 1547 <col width="19%"> 1548 <col width="20%"> 1549 <col width="10%"> 1550 <col width="23%"> 1551 <col width="17%"> 1552 <tr> 1553 <th>CVE</th> 1554 <th></th> 1555 <th></th> 1556 <th> Nexus </th> 1557 <th></th> 1558 </tr> 1559 <tr> 1560 <td>CVE-2016-2544</td> 1561 <td>A-28695438 1562 <p> 1563 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=3567eb6af614dac436c4b16a8d426f9faed639b3"> 1564 </a></p></td> 1565 <td></td> 1566 <td> Nexus </td> 1567 <td>2016 1 19 </td> 1568 </tr> 1569 <tr> 1570 <td>CVE-2016-2546</td> 1571 <td>A-28694392 1572 <p> 1573 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=af368027a49a751d6ff4ee9e3f9961f35bb4fede"> 1574 </a></p></td> 1575 <td></td> 1576 <td>Pixel C</td> 1577 <td>2016 1 19 </td> 1578 </tr> 1579 <tr> 1580 <td>CVE-2014-9904</td> 1581 <td>A-28592007 1582 <p> 1583 <a href="https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=6217e5ede23285ddfee10d2e4ba0cc2d4c046205"> 1584 </a></p></td> 1585 <td></td> 1586 <td>Nexus 5XNexus 6Nexus 6PNexus 9Nexus Player</td> 1587 <td>2016 5 4 </td> 1588 </tr> 1589 </table> 1590 1591 <h3 id="elevation-of-privilege-vulnerability-in-kernel-file-system"></h3> 1592 <p> 1593 </p> 1594 <table> 1595 <col width="19%"> 1596 <col width="20%"> 1597 <col width="10%"> 1598 <col width="23%"> 1599 <col width="17%"> 1600 <tr> 1601 <th>CVE</th> 1602 <th></th> 1603 <th></th> 1604 <th> Nexus </th> 1605 <th></th> 1606 </tr> 1607 <tr> 1608 <td>CVE-2012-6701</td> 1609 <td>A-28939037 1610 <p> 1611 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=a70b52ec1aaeaf60f4739edb1b422827cb6f3893"> 1612 </a></p></td> 1613 <td></td> 1614 <td>Nexus 5Nexus 7 (2013)</td> 1615 <td>2016 3 2 </td> 1616 </tr> 1617 </table> 1618 1619 <h3 id="elevation-of-privilege-vulnerability-in-mediaserver"></h3> 1620 <p> 1621 </p> 1622 <table> 1623 <col width="19%"> 1624 <col width="20%"> 1625 <col width="10%"> 1626 <col width="23%"> 1627 <col width="17%"> 1628 <tr> 1629 <th>CVE</th> 1630 <th></th> 1631 <th></th> 1632 <th> Nexus </th> 1633 <th></th> 1634 </tr> 1635 <tr> 1636 <td>CVE-2016-3844</td> 1637 <td>A-28299517* 1638 <p> 1639 N-CVE-2016-3844</p></td> 1640 <td></td> 1641 <td>Nexus 9Pixel C</td> 1642 <td>2016 4 19 </td> 1643 </tr> 1644 </table> 1645 <p>* Nexus <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> 1646 </p> 1647 1648 <h3></h3> 1649 <p> 1650 </p> 1651 <table> 1652 <col width="19%"> 1653 <col width="20%"> 1654 <col width="10%"> 1655 <col width="23%"> 1656 <col width="17%"> 1657 <tr> 1658 <th>CVE</th> 1659 <th></th> 1660 <th></th> 1661 <th> Nexus </th> 1662 <th></th> 1663 </tr> 1664 <tr> 1665 <td>CVE-2016-3845</td> 1666 <td>A-28399876*</td> 1667 <td></td> 1668 <td>Nexus 5</td> 1669 <td>2016 4 20 </td> 1670 </tr> 1671 </table> 1672 <p>* Nexus <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> 1673 </p> 1674 1675 <h3 id="elevation-of-privilege-vulnerability-in-serial-peripheral-interface-driver"></h3> 1676 <p> 1677 </p> 1678 <table> 1679 <col width="19%"> 1680 <col width="20%"> 1681 <col width="10%"> 1682 <col width="23%"> 1683 <col width="17%"> 1684 <tr> 1685 <th>CVE</th> 1686 <th></th> 1687 <th></th> 1688 <th> Nexus </th> 1689 <th></th> 1690 </tr> 1691 <tr> 1692 <td>CVE-2016-3846</td> 1693 <td>A-28817378*</td> 1694 <td></td> 1695 <td>Nexus 5XNexus 6P</td> 1696 <td>2016 5 17 </td> 1697 </tr> 1698 </table> 1699 <p>* Nexus <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> 1700 </p> 1701 1702 <h3 id="elevation-of-privilege-vulnerability-in-nvidia-media-driver">NVIDIA </h3> 1703 <p>NVIDIA 1704 </p> 1705 <table> 1706 <col width="19%"> 1707 <col width="20%"> 1708 <col width="10%"> 1709 <col width="23%"> 1710 <col width="17%"> 1711 <tr> 1712 <th>CVE</th> 1713 <th></th> 1714 <th></th> 1715 <th> Nexus </th> 1716 <th></th> 1717 </tr> 1718 <tr> 1719 <td>CVE-2016-3847</td> 1720 <td>A-28871433* 1721 <p> 1722 N-CVE-2016-3847</p></td> 1723 <td></td> 1724 <td>Nexus 9</td> 1725 <td>2016 5 19 </td> 1726 </tr> 1727 <tr> 1728 <td>CVE-2016-3848</td> 1729 <td>A-28919417* 1730 <p> 1731 N-CVE-2016-3848</p></td> 1732 <td></td> 1733 <td>Nexus 9</td> 1734 <td>2016 5 19 </td> 1735 </tr> 1736 </table> 1737 <p>* Nexus <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> 1738 </p> 1739 1740 <h3 id="elevation-of-privilege-vulnerability-in-ion-driver">ION </h3> 1741 <p>ION 1742 </p> 1743 <table> 1744 <col width="19%"> 1745 <col width="20%"> 1746 <col width="10%"> 1747 <col width="23%"> 1748 <col width="17%"> 1749 <tr> 1750 <th>CVE</th> 1751 <th></th> 1752 <th></th> 1753 <th> Nexus </th> 1754 <th></th> 1755 </tr> 1756 <tr> 1757 <td>CVE-2016-3849</td> 1758 <td>A-28939740</td> 1759 <td></td> 1760 <td>Pixel C</td> 1761 <td>2016 5 24 </td> 1762 </tr> 1763 </table> 1764 <p>* Nexus <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> 1765 </p> 1766 1767 <h3 id="elevation-of-privilege-vulnerability-in-qualcomm-bootloader">Qualcomm </h3> 1768 <p>Qualcomm 1769 </p> 1770 <table> 1771 <col width="19%"> 1772 <col width="20%"> 1773 <col width="10%"> 1774 <col width="26%"> 1775 <col width="17%"> 1776 <tr> 1777 <th>CVE</th> 1778 <th></th> 1779 <th></th> 1780 <th> Nexus </th> 1781 <th></th> 1782 </tr> 1783 <tr> 1784 <td>CVE-2016-3850</td> 1785 <td>A-27917291 1786 <p> 1787 <a href="https://source.codeaurora.org/quic/la/kernel/lk/commit/?id=030371d45a9dcda4d0cc3c76647e753a1cc1b782"> 1788 QC-CR#945164</a></p></td> 1789 <td></td> 1790 <td>Nexus 5Nexus 5XNexus 6PNexus 7 (2013)</td> 1791 <td>2016 3 28 </td> 1792 </tr> 1793 </table> 1794 1795 <h3 id="elevation-of-privilege-vulnerability-in-kernel-performance"></h3> 1796 <p> 1797 </p> 1798 <p class="note"> 1799 <strong></strong> CVE-2016-3843 (A-28086229) 1800 </p> 1801 <table> 1802 <col width="18%"> 1803 <col width="18%"> 1804 <col width="10%"> 1805 <col width="19%"> 1806 <col width="17%"> 1807 <col width="17%"> 1808 <tr> 1809 <th>CVE</th> 1810 <th></th> 1811 <th></th> 1812 <th> Nexus </th> 1813 <th> AOSP </th> 1814 <th></th> 1815 </tr> 1816 <tr> 1817 <td>CVE-2016-3843</td> 1818 <td>A-29119870*</td> 1819 <td></td> 1820 <td> Nexus </td> 1821 <td>6.06.1</td> 1822 <td>Google </td> 1823 </tr> 1824 </table> 1825 <p>* Nexus <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> 1826 </p> 1827 1828 <h3 id="elevation-of-privilege-vulnerability-in-lg-electronics-bootloader">LG </h3> 1829 <p>LG 1830 </p> 1831 <table> 1832 <col width="19%"> 1833 <col width="20%"> 1834 <col width="10%"> 1835 <col width="23%"> 1836 <col width="17%"> 1837 <tr> 1838 <th>CVE</th> 1839 <th></th> 1840 <th></th> 1841 <th> Nexus </th> 1842 <th></th> 1843 </tr> 1844 <tr> 1845 <td>CVE-2016-3851</td> 1846 <td>A-29189941*</td> 1847 <td></td> 1848 <td>Nexus 5X</td> 1849 <td>Google </td> 1850 </tr> 1851 </table> 1852 <p>* Nexus <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> 1853 </p> 1854 1855 <h3 id="information-disclosure-vulnerability-in-qualcomm-components">Qualcomm </h3> 1856 <p> Qualcomm 1857 </p> 1858 <p> () 1859 </p> 1860 <table> 1861 <col width="19%"> 1862 <col width="20%"> 1863 <col width="10%"> 1864 <col width="23%"> 1865 <col width="17%"> 1866 <tr> 1867 <th>CVE</th> 1868 <th></th> 1869 <th></th> 1870 <th> Nexus </th> 1871 <th></th> 1872 </tr> 1873 <tr> 1874 <td>CVE-2014-9892</td> 1875 <td>A-28770164 1876 <p> 1877 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm-3.10/commit/?id=591b1f455c32206704cbcf426bb30911c260c33e"> 1878 QC-CR#568717</a></p></td> 1879 <td></td> 1880 <td>Nexus 5Nexus 7 (2013)</td> 1881 <td>2014 6 2 </td> 1882 </tr> 1883 <tr> 1884 <td>CVE-2015-8944</td> 1885 <td>A-28814213 1886 <p> 1887 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm-3.10/commit/?id=e758417e7c31b975c862aa55d0ceef28f3cc9104"> 1888 QC-CR#786116</a></p></td> 1889 <td></td> 1890 <td>Nexus 6Nexus 7 (2013)</td> 1891 <td>2015 4 30 </td> 1892 </tr> 1893 <tr> 1894 <td>CVE-2014-9893</td> 1895 <td>A-28747914 1896 <p> 1897 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=bfc6eee5e30a0c20bc37495233506f4f0cc4991d"> 1898 QC-CR#542223</a></p></td> 1899 <td></td> 1900 <td>Nexus 5</td> 1901 <td>2014 3 27 </td> 1902 </tr> 1903 <tr> 1904 <td>CVE-2014-9894</td> 1905 <td>A-28749708 1906 <p> 1907 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=83214431cd02674c70402b160b16b7427e28737f"> 1908 QC-CR#545736</a></p></td> 1909 <td></td> 1910 <td>Nexus 7 (2013)</td> 1911 <td>2014 3 31 </td> 1912 </tr> 1913 <tr> 1914 <td>CVE-2014-9895</td> 1915 <td>A-28750150 1916 <p> 1917 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm/commit/?id=cc4b26575602e492efd986e9a6ffc4278cee53b5"> 1918 QC-CR#570757</a></p></td> 1919 <td></td> 1920 <td>Nexus 5Nexus 7 (2013)</td> 1921 <td>2014 3 31 </td> 1922 </tr> 1923 <tr> 1924 <td>CVE-2014-9896</td> 1925 <td>A-28767593 1926 <p> 1927 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=89f2bcf1ac860b0b380e579e9a8764013f263a7d"> 1928 QC-CR#551795</a></p></td> 1929 <td></td> 1930 <td>Nexus 5Nexus 7 (2013)</td> 1931 <td>2014 4 30 </td> 1932 </tr> 1933 <tr> 1934 <td>CVE-2014-9897</td> 1935 <td>A-28769856 1936 <p> 1937 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=46135d80765cb70a914f02a6e7b6abe64679ec86"> 1938 QC-CR#563752</a></p></td> 1939 <td></td> 1940 <td>Nexus 5</td> 1941 <td>2014 4 30 </td> 1942 </tr> 1943 <tr> 1944 <td>CVE-2014-9898</td> 1945 <td>A-28814690 1946 <p> 1947 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=80be0e249c906704085d13d4ae446f73913fc225"> 1948 QC-CR#554575</a></p></td> 1949 <td></td> 1950 <td>Nexus 5Nexus 7 (2013)</td> 1951 <td>2014 4 30 </td> 1952 </tr> 1953 <tr> 1954 <td>CVE-2014-9899</td> 1955 <td>A-28803909 1956 <p> 1957 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm-3.10/commit/?id=8756624acb1e090b45baf07b2a8d0ebde114000e"> 1958 QC-CR#547910</a></p></td> 1959 <td></td> 1960 <td>Nexus 5</td> 1961 <td>2014 7 3 </td> 1962 </tr> 1963 <tr> 1964 <td>CVE-2014-9900</td> 1965 <td>A-28803952 1966 <p> 1967 <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm-3.10/commit/?id=63c317dbee97983004dffdd9f742a20d17150071"> 1968 QC-CR#570754</a></p></td> 1969 <td></td> 1970 <td>Nexus 5Nexus 7 (2013)</td> 1971 <td>2014 8 8 </td> 1972 </tr> 1973 </table> 1974 1975 <h3 id="information-disclosure-vulnerability-in-kernel-scheduler"></h3> 1976 <p> 1977 </p> 1978 <table> 1979 <col width="19%"> 1980 <col width="20%"> 1981 <col width="10%"> 1982 <col width="23%"> 1983 <col width="17%"> 1984 <tr> 1985 <th>CVE</th> 1986 <th></th> 1987 <th></th> 1988 <th> Nexus </th> 1989 <th></th> 1990 </tr> 1991 <tr> 1992 <td>CVE-2014-9903</td> 1993 <td>A-28731691 1994 <p> 1995 <a href="https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=4efbc454ba68def5ef285b26ebfcfdb605b52755"> 1996 </a></p></td> 1997 <td></td> 1998 <td>Nexus 5XNexus 6P</td> 1999 <td>2014 2 21 </td> 2000 </tr> 2001 </table> 2002 2003 <h3 id="information-disclosure-vulnerability-in-mediatek-wi-fi-driver-device-specific">MediaTek Wi-Fi ()</h3> 2004 <p>MediaTek Wi-Fi 2005 </p> 2006 <table> 2007 <col width="19%"> 2008 <col width="20%"> 2009 <col width="10%"> 2010 <col width="23%"> 2011 <col width="17%"> 2012 <tr> 2013 <th>CVE</th> 2014 <th></th> 2015 <th></th> 2016 <th> Nexus </th> 2017 <th></th> 2018 </tr> 2019 <tr> 2020 <td>CVE-2016-3852</td> 2021 <td>A-29141147* 2022 <p> 2023 M-ALPS02751738</p></td> 2024 <td></td> 2025 <td>Android One</td> 2026 <td>2016 4 12 </td> 2027 </tr> 2028 </table> 2029 <p>* Nexus <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> 2030 </p> 2031 2032 <h3 id="information-disclosure-vulnerability-in-usb-driver">USB </h3> 2033 <p>USB 2034 </p> 2035 <table> 2036 <col width="19%"> 2037 <col width="20%"> 2038 <col width="10%"> 2039 <col width="23%"> 2040 <col width="17%"> 2041 <tr> 2042 <th>CVE</th> 2043 <th></th> 2044 <th></th> 2045 <th> Nexus </th> 2046 <th></th> 2047 </tr> 2048 <tr> 2049 <td>CVE-2016-4482</td> 2050 <td>A-28619695 2051 <p> 2052 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=681fef8380eb818c0b845fca5d2ab1dcbab114ee"> 2053 </a></p></td> 2054 <td></td> 2055 <td> Nexus </td> 2056 <td>2016 5 3 </td> 2057 </tr> 2058 </table> 2059 2060 <h3 id="denial-of-service-vulnerability-in-qualcomm-components">Qualcomm </h3> 2061 <p> Qualcomm ( Wi-Fi ) 2062 </p> 2063 <p> 2064 </p> 2065 <table> 2066 <col width="19%"> 2067 <col width="20%"> 2068 <col width="10%"> 2069 <col width="23%"> 2070 <col width="17%"> 2071 <tr> 2072 <th>CVE</th> 2073 <th></th> 2074 <th></th> 2075 <th> Nexus </th> 2076 <th></th> 2077 </tr> 2078 <tr> 2079 <td>CVE-2014-9901</td> 2080 <td>A-28670333 2081 <p> 2082 <a href="https://us.codeaurora.org/cgit/quic/la//platform/vendor/qcom-opensource/wlan/prima/commit/?id=637f0f7931dd7265ac1c250dc2884d6389c66bde"> 2083 QC-CR#548711</a></p></td> 2084 <td></td> 2085 <td>Nexus 7 (2013)</td> 2086 <td>2014 3 31 </td> 2087 </tr> 2088 </table> 2089 2090 <h3 id="elevation-of-privilege-vulnerability-in-google-play-services">Google Play </h3> 2091 <p>Google Play 2092 </p> 2093 <table> 2094 <col width="18%"> 2095 <col width="18%"> 2096 <col width="10%"> 2097 <col width="19%"> 2098 <col width="17%"> 2099 <col width="17%"> 2100 <tr> 2101 <th>CVE</th> 2102 <th></th> 2103 <th></th> 2104 <th> Nexus </th> 2105 <th> AOSP </th> 2106 <th></th> 2107 </tr> 2108 <tr> 2109 <td>CVE-2016-3853</td> 2110 <td>A-26803208*</td> 2111 <td></td> 2112 <td> Nexus </td> 2113 <td></td> 2114 <td>2016 5 4 </td> 2115 </tr> 2116 </table> 2117 <p>* Nexus <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> 2118 </p> 2119 2120 <h3 id="elevation-of-privilege-vulnerability-in-framework-apis-2">Framework API </h3> 2121 <p>Framework API 2122 </p> 2123 <table> 2124 <col width="18%"> 2125 <col width="17%"> 2126 <col width="10%"> 2127 <col width="19%"> 2128 <col width="18%"> 2129 <col width="17%"> 2130 <tr> 2131 <th>CVE</th> 2132 <th></th> 2133 <th></th> 2134 <th> Nexus </th> 2135 <th> AOSP </th> 2136 <th></th> 2137 </tr> 2138 <tr> 2139 <td>CVE-2016-2497</td> 2140 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/a75537b496e9df71c74c1d045ba5569631a16298"> 2141 A-27450489</a></td> 2142 <td></td> 2143 <td> Nexus </td> 2144 <td>4.4.45.0.25.1.16.06.0.1</td> 2145 <td>Google </td> 2146 </tr> 2147 </table> 2148 2149 <h3 id="information-disclosure-vulnerability-in-kernel-networking-component"></h3> 2150 <p> 2151 </p> 2152 <table> 2153 <col width="19%"> 2154 <col width="20%"> 2155 <col width="10%"> 2156 <col width="23%"> 2157 <col width="17%"> 2158 <tr> 2159 <th>CVE</th> 2160 <th></th> 2161 <th></th> 2162 <th> Nexus </th> 2163 <th></th> 2164 </tr> 2165 <tr> 2166 <td>CVE-2016-4578</td> 2167 <td>A-28620102 2168 <p> 2169 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5f8e44741f9f216e33736ea4ec65ca9ac03036e6"> 2170 </a></p></td> 2171 <td></td> 2172 <td> Nexus </td> 2173 <td>2016 5 3 </td> 2174 </tr> 2175 </table> 2176 2177 <h3 id="information-disclosure-vulnerability-in-kernel-sound-component"></h3> 2178 <p> 2179 </p> 2180 <table> 2181 <col width="19%"> 2182 <col width="20%"> 2183 <col width="10%"> 2184 <col width="23%"> 2185 <col width="17%"> 2186 <tr> 2187 <th>CVE</th> 2188 <th></th> 2189 <th></th> 2190 <th> Nexus </th> 2191 <th></th> 2192 </tr> 2193 <tr> 2194 <td>CVE-2016-4569</td> 2195 <td>A-28980557 2196 <p> 2197 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=cec8f96e49d9be372fdb0c3836dcf31ec71e457e"> 2198 </a></p></td> 2199 <td></td> 2200 <td> Nexus </td> 2201 <td>2016 5 9 </td> 2202 </tr> 2203 <tr> 2204 <td>CVE-2016-4578</td> 2205 <td>A-28980217 2206 <p> 2207 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=e4ec8cc8039a7063e24204299b462bd1383184a5"> 2208 </a> 2209 [<a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9a47e9cff994f37f7f0dbd9ae23740d0f64f9fe6">2</a>]</p></td> 2210 <td></td> 2211 <td> Nexus </td> 2212 <td>2016 5 11 </td> 2213 </tr> 2214 </table> 2215 2216 <h3 id="vulnerabilities-in-qualcomm-components">Qualcomm </h3> 2217 <p> Qualcomm 2218 </p> 2219 <table> 2220 <col width="19%"> 2221 <col width="20%"> 2222 <col width="10%"> 2223 <col width="23%"> 2224 <col width="17%"> 2225 <tr> 2226 <th>CVE</th> 2227 <th></th> 2228 <th></th> 2229 <th> Nexus </th> 2230 <th></th> 2231 </tr> 2232 <tr> 2233 <td>CVE-2016-3854</td> 2234 <td><a href="https://source.codeaurora.org/quic/la/kernel/msm/commit/?h=LA.AF.1.2.1_rb1.5&id=cc96def76dfd18fba88575065b29f2ae9191fafa"> 2235 QC-CR#897326</a></td> 2236 <td></td> 2237 <td></td> 2238 <td>2016 2 </td> 2239 </tr> 2240 <tr> 2241 <td>CVE-2016-3855</td> 2242 <td><a href="https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=ab3f46119ca10de87a11fe966b0723c48f27acd4"> 2243 QC-CR#990824</a></td> 2244 <td></td> 2245 <td></td> 2246 <td>2016 5 </td> 2247 </tr> 2248 <tr> 2249 <td>CVE-2016-2060</td> 2250 <td><a href="https://source.codeaurora.org/quic/la/platform/system/netd/commit/?id=e9925f5acb4401588e23ea8a27c3e318f71b5cf8"> 2251 QC-CR#959631</a> 2252 <td></td> 2253 <td></td> 2254 <td>2016 4 </td> 2255 </tr> 2256 </table> 2257 <h2 id="common-questions-and-answers"></h2> 2258 <p> 2259 </p> 2260 <p> 2261 <strong>1. 2262 </strong> 2263 </p> 2264 <p>2016 8 1 2016-8-01 2016 8 5 2016-08-05 <a href="https://support.google.com/nexus/answer/4457705"></a>[ro.build.version.security_patch]:[2016-08-01] [ro.build.version.security_patch]:[2016-08-05] 2265 </p> 2266 <p> 2267 <strong>2. </strong> 2268 </p> 2269 <p> Android Android Android 2270 </p> 2271 <p> 2016 8 5 () 2272 </p> 2273 <p> 2016 8 1 2016 8 1 2016 8 5 2274 </p> 2275 <p> 2276 3<strong>. Nexus </strong> 2277 </p> 2278 <p> <a href="#2016-08-01-security-patch-level-security-vulnerability-details">2016-08-01</a> <a href="#2016-08-05-security-patch-level-vulnerability-details">2016-08-05</a> Nexus Nexus 2279 </p> 2280 <ul> 2281 <li><strong> Nexus </strong> Nexus Nexus <em></em> Nexus Nexus <a href="https://support.google.com/nexus/answer/4457705#nexus_devices"></a>Nexus 5Nexus 5XNexus 6Nexus 6PNexus 7 (2013)Nexus 9Android OneNexus Player Pixel C</li> 2282 <li><strong> Nexus </strong> Nexus Nexus <em></em> Nexus </li> 2283 <li><strong> Nexus </strong> Nexus Nexus <em></em> 2284 </li> 2285 </ul> 2286 <p> 2287 <strong>4. </strong> 2288 </p> 2289 <p><em></em> 2290 </p> 2291 <table> 2292 <tr> 2293 <th></th> 2294 <th></th> 2295 </tr> 2296 <tr> 2297 <td>A-</td> 2298 <td>Android ID</td> 2299 </tr> 2300 <tr> 2301 <td>QC-</td> 2302 <td>Qualcomm </td> 2303 </tr> 2304 <tr> 2305 <td>M-</td> 2306 <td>MediaTek </td> 2307 </tr> 2308 <tr> 2309 <td>N-</td> 2310 <td>NVIDIA </td> 2311 </tr> 2312 </table> 2313 <h2 id="revisions"></h2> 2314 2315 <ul> 2316 <li>2016 8 1 </li> 2317 <li>2016 8 2 AOSP </li> 2318 </ul> 2319 2320 </body> 2321 </html> 2322
