1 <html devsite> 2 <head> 3 <title>Android 2016 12 </title> 4 <meta name="project_path" value="/_project.yaml" /> 5 <meta name="book_path" value="/_book.yaml" /> 6 </head> 7 <body> 8 <!-- 9 Copyright 2017 The Android Open Source Project 10 11 Licensed under the Apache License, Version 2.0 (the "License"); 12 you may not use this file except in compliance with the License. 13 You may obtain a copy of the License at 14 15 http://www.apache.org/licenses/LICENSE-2.0 16 17 Unless required by applicable law or agreed to in writing, software 18 distributed under the License is distributed on an "AS IS" BASIS, 19 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 20 See the License for the specific language governing permissions and 21 limitations under the License. 22 --> 23 24 25 26 <p><em>2016 12 5 | 2016 12 7 </em></p> 27 <p>Android Android Google OTA Google Google <a href="https://developers.google.com/android/nexus/images">Google Developers </a>2016 12 5 <a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">Pixel Nexus </a> 28 </p> 29 <p> 30 2016 11 7 Android (AOSP) AOSP 31 </p> 32 <p> 33 (Re-flash) 34 </p> 35 <p> <a href="/security/enhancements/index.html">Android </a> ( <a href="https://developer.android.com/training/safetynet/index.html">SafetyNet</a>) Android <a href="#mitigations">Android Google </a> 36 </p> 37 <p> 38 </p> 39 <h2 id="announcements"></h2> 40 <ul> 41 <li> Android Android <a href="#common-questions-and-answers"></a> 42 <ul> 43 <li><strong>2016-12-01</strong> 2016-12-01 () </li> 44 <li><strong>2016-12-05</strong> 2016-12-01 2016-12-05 () </li> 45 </ul> 46 </li> 47 <li> Google 2016 12 5 OTA </li> 48 </ul> 49 <h2 id="security-vulnerability-summary"></h2> 50 <p> 51 ID (CVE) Google <a href="/security/overview/updates-resources.html#severity"></a> 52 </p> 53 <h3 id="2016-12-01-summary">2016-12-01 </h3> 54 <p> 55 2016-12-01 56 </p> 57 <table> 58 <col width="55%"> 59 <col width="20%"> 60 <col width="13%"> 61 <col width="12%"> 62 <tr> 63 <th></th> 64 <th>CVE</th> 65 <th></th> 66 <th> Google </th> 67 </tr> 68 <tr> 69 <td>CURL/LIBCURL </td> 70 <td>CVE-2016-5419CVE-2016-5420CVE-2016-5421</td> 71 <td></td> 72 <td></td> 73 </tr> 74 <tr> 75 <td>libziparchive </td> 76 <td>CVE-2016-6762</td> 77 <td></td> 78 <td></td> 79 </tr> 80 <tr> 81 <td></td> 82 <td>CVE-2016-6763</td> 83 <td></td> 84 <td></td> 85 </tr> 86 <tr> 87 <td></td> 88 <td>CVE-2016-6766CVE-2016-6765CVE-2016-6764CVE-2016-6767</td> 89 <td></td> 90 <td></td> 91 </tr> 92 <tr> 93 <td>Framesequence </td> 94 <td>CVE-2016-6768</td> 95 <td></td> 96 <td></td> 97 </tr> 98 <tr> 99 <td>Smart Lock </td> 100 <td>CVE-2016-6769</td> 101 <td></td> 102 <td>*</td> 103 </tr> 104 <tr> 105 <td>Framework API </td> 106 <td>CVE-2016-6770</td> 107 <td></td> 108 <td></td> 109 </tr> 110 <tr> 111 <td></td> 112 <td>CVE-2016-6771</td> 113 <td></td> 114 <td></td> 115 </tr> 116 <tr> 117 <td>Wi-Fi </td> 118 <td>CVE-2016-6772</td> 119 <td></td> 120 <td></td> 121 </tr> 122 <tr> 123 <td></td> 124 <td>CVE-2016-6773</td> 125 <td></td> 126 <td></td> 127 </tr> 128 <tr> 129 <td></td> 130 <td>CVE-2016-6774</td> 131 <td></td> 132 <td></td> 133 </tr> 134 </table> 135 <p> 136 * Android 7.0 Google () 137 </p> 138 <h3 id="2016-12-05-summary">2016-12-05 </h3> 139 <p> 140 2016-12-05 2016-12-01 141 </p> 142 <table> 143 <col width="55%"> 144 <col width="20%"> 145 <col width="13%"> 146 <col width="12%"> 147 <tr> 148 <th></th> 149 <th>CVE</th> 150 <th></th> 151 <th> Google </th> 152 </tr> 153 <tr> 154 <td></td> 155 <td>CVE-2016-4794CVE-2016-5195</td> 156 <td></td> 157 <td></td> 158 </tr> 159 <tr> 160 <td>NVIDIA GPU </td> 161 <td>CVE-2016-6775CVE-2016-6776CVE-2016-6777</td> 162 <td></td> 163 <td></td> 164 </tr> 165 <tr> 166 <td></td> 167 <td>CVE-2015-8966</td> 168 <td></td> 169 <td>*</td> 170 </tr> 171 <tr> 172 <td>NVIDIA </td> 173 <td>CVE-2016-6915CVE-2016-6916CVE-2016-6917</td> 174 <td></td> 175 <td></td> 176 </tr> 177 <tr> 178 <td> ION </td> 179 <td>CVE-2016-9120</td> 180 <td></td> 181 <td></td> 182 </tr> 183 <tr> 184 <td>Qualcomm </td> 185 <td>CVE-2016-8411</td> 186 <td></td> 187 <td></td> 188 </tr> 189 <tr> 190 <td></td> 191 <td>CVE-2014-4014</td> 192 <td></td> 193 <td></td> 194 </tr> 195 <tr> 196 <td></td> 197 <td>CVE-2015-8967</td> 198 <td></td> 199 <td></td> 200 </tr> 201 <tr> 202 <td>HTC </td> 203 <td>CVE-2016-6778CVE-2016-6779CVE-2016-6780</td> 204 <td></td> 205 <td></td> 206 </tr> 207 <tr> 208 <td>MediaTek </td> 209 <td>CVE-2016-6492CVE-2016-6781CVE-2016-6782CVE-2016-6783CVE-2016-6784CVE-2016-6785</td> 210 <td></td> 211 <td>*</td> 212 </tr> 213 <tr> 214 <td>Qualcomm </td> 215 <td>CVE-2016-6761CVE-2016-6760CVE-2016-6759CVE-2016-6758</td> 216 <td></td> 217 <td></td> 218 </tr> 219 <tr> 220 <td>Qualcomm </td> 221 <td>CVE-2016-6755</td> 222 <td></td> 223 <td></td> 224 </tr> 225 <tr> 226 <td></td> 227 <td>CVE-2016-6786CVE-2016-6787</td> 228 <td></td> 229 <td></td> 230 </tr> 231 <tr> 232 <td>MediaTek I2C </td> 233 <td>CVE-2016-6788</td> 234 <td></td> 235 <td>*</td> 236 </tr> 237 <tr> 238 <td>NVIDIA libomx </td> 239 <td>CVE-2016-6789CVE-2016-6790</td> 240 <td></td> 241 <td></td> 242 </tr> 243 <tr> 244 <td>Qualcomm </td> 245 <td>CVE-2016-6791CVE-2016-8391CVE-2016-8392</td> 246 <td></td> 247 <td></td> 248 </tr> 249 <tr> 250 <td></td> 251 <td>CVE-2015-7872</td> 252 <td></td> 253 <td></td> 254 </tr> 255 <tr> 256 <td>Synaptics </td> 257 <td>CVE-2016-8393CVE-2016-8394</td> 258 <td></td> 259 <td></td> 260 </tr> 261 <tr> 262 <td>Broadcom Wi-Fi </td> 263 <td>CVE-2014-9909CVE-2014-9910</td> 264 <td></td> 265 <td>*</td> 266 </tr> 267 <tr> 268 <td>MediaTek </td> 269 <td>CVE-2016-8396</td> 270 <td></td> 271 <td>*</td> 272 </tr> 273 <tr> 274 <td>NVIDIA </td> 275 <td>CVE-2016-8397</td> 276 <td></td> 277 <td></td> 278 </tr> 279 <tr> 280 <td>GPS </td> 281 <td>CVE-2016-5341</td> 282 <td></td> 283 <td></td> 284 </tr> 285 <tr> 286 <td>NVIDIA </td> 287 <td>CVE-2016-8395</td> 288 <td></td> 289 <td></td> 290 </tr> 291 <tr> 292 <td></td> 293 <td>CVE-2016-8399</td> 294 <td></td> 295 <td></td> 296 </tr> 297 <tr> 298 <td>Qualcomm </td> 299 <td>CVE-2016-6756CVE-2016-6757</td> 300 <td></td> 301 <td></td> 302 </tr> 303 <tr> 304 <td>NVIDIA librm </td> 305 <td>CVE-2016-8400</td> 306 <td></td> 307 <td></td> 308 </tr> 309 <tr> 310 <td></td> 311 <td>CVE-2016-8401CVE-2016-8402CVE-2016-8403CVE-2016-8404CVE-2016-8405CVE-2016-8406CVE-2016-8407</td> 312 <td></td> 313 <td></td> 314 </tr> 315 <tr> 316 <td>NVIDIA </td> 317 <td>CVE-2016-8408CVE-2016-8409</td> 318 <td></td> 319 <td></td> 320 </tr> 321 <tr> 322 <td>Qualcomm </td> 323 <td>CVE-2016-8410</td> 324 <td></td> 325 <td></td> 326 </tr> 327 </table> 328 <p> 329 * Android 7.0 Google () 330 </p> 331 <h2 id="mitigations">Android Google </h2> 332 <p> 333 <a href="/security/enhancements/index.html">Android </a> SafetyNet Android 334 </p> 335 <ul> 336 <li>Android Android Android</li> 337 <li>Android <a href="http://static.googleusercontent.com/media/source.android.com/en//security/reports/Google_Android_Security_2015_Report_Final.pdf"> SafetyNet</a> <a href="http://static.googleusercontent.com/media/source.android.com/en//security/reports/Google_Android_Security_PHA_classifications.pdf"></a> <a href="http://www.android.com/gms">Google </a> Google Play Google Play Root Root () </li> 338 <li>Google Hangouts Messenger </li> 339 </ul> 340 341 <h2 id="acknowledgements"></h2> 342 <p> 343 </p> 344 345 <ul> 346 <li> Baozeng DingChengming YangPeng XiaoNing YouYang DongChao YangYi Zhang Yang SongCVE-2016-6783CVE-2016-6784CVE-2016-6785</li> 347 <li><a href="http://c0reteam.org">C0RE </a> <a href="mailto:zc1991 (a] mail.ustc.edu.cn">Chi Zhang</a>Mingjian Zhou (<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>)Chiachih Wu (<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>) Xuxian JiangCVE-2016-6789CVE-2016-6790</li> 348 <li>Christian SeelCVE-2016-6769</li> 349 <li>Google David Benjamin Kenny RootCVE-2016-6767</li> 350 <li> KeenLab (<a href="https://twitter.com/keen_lab">@keen_lab</a>) Di Shen (<a href="https://twitter.com/returnsme">@returnsme</a>)CVE-2016-6776CVE-2016-6787</li> 351 <li><a href="http://www.ms509.com">MS509Team</a> En He (<a href="https://twitter.com/heeeeen4x">@heeeeen4x</a>)CVE-2016-6763</li> 352 <li> 360 IceSword Gengjia Chen (<a href="https://twitter.com/chengjia4574">@chengjia4574</a>) <a href="http://weibo.com/jfpan ">pjf</a>CVE-2016-6779CVE-2016-6778CVE-2016-8401CVE-2016-8402CVE-2016-8403CVE-2016-8409CVE-2016-8408CVE-2016-8404</li> 353 <li> 360 IceSword Jianqiang Zhao (<a href="https://twitter.com/jianqiangzhao ">@jianqiangzhao</a>) <a href="http://weibo.com/jfpan ">pjf</a>CVE-2016-6788CVE-2016-6781CVE-2016-6782CVE-2016-8396</li> 354 <li><a href="http://c0reteam.org">C0RE </a> <a href="mailto:zlbzlb815 (a] 163.com">Lubo Zhang</a><a href="mailto:segfault5514 (a] gmail.com">Tong Lin</a><a href="mailto:computernik (a] gmail.com">Yuan-Tsung Lo</a>Chiachih Wu (<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>) Xuxian JiangCVE-2016-6791CVE-2016-8391CVE-2016-8392</li> 355 <li>Google Project Zero Mark BrandCVE-2016-6772</li> 356 <li><a href="https://github.com/michalbednarski">Micha Bednarski</a>CVE-2016-6770CVE-2016-6774</li> 357 <li><a href="http://c0reteam.org">C0RE </a> Mingjian Zhou (<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>)<a href="mailto:zc1991 (a] mail.ustc.edu.cn">Chi Zhang</a>Chiachih Wu (<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>) Xuxian JiangCVE-2016-6761CVE-2016-6759CVE-2016-8400</li> 358 <li><a href="http://c0reteam.org">C0RE </a> Mingjian Zhou (<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>)Chiachih Wu (<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>) Xuxian JiangCVE-2016-6760</li> 359 <li><a href="http://c0reteam.org">C0RE </a> Mingjian Zhou (<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>)<a href="mailto:arnow117 (a] gmail.com">Hanxiang Wen</a>Chiachih Wu (<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>) Xuxian JiangCVE-2016-6759</li> 360 <li>Tesla Motors Product Nathan Crandall (<a href="https://twitter.com/natecray">@natecray</a>)CVE-2016-6915CVE-2016-6916CVE-2016-6917</li> 361 <li>Nightwatch Cybersecurity Research (<a href="https://twitter.com/nightwatchcyber">@nightwatchcyber</a>)CVE-2016-5341</li> 362 <li> X- Pengfei Ding ()Chenfu Bao () Lenx Wei ()CVE-2016-6755CVE-2016-6756</li> 363 <li> Peter Pi (<a href="https://twitter.com/heisecode">@heisecode</a>)CVE-2016-8397CVE-2016-8405CVE-2016-8406CVE-2016-8407</li> 364 <li> KeenLab () Qidan He () (<a href="https://twitter.com/flanker_hqd">@flanker_hqd</a>)CVE-2016-8399CVE-2016-8395</li> 365 <li> KeenLab () Qidan He () (<a href="https://twitter.com/flanker_hqd">@flanker_hqd</a>) Marco Grassi (<a href="https://twitter.com/marcograss">@marcograss</a>)CVE-2016-6768</li> 366 <li>Richard ShupakCVE-2016-5341</li> 367 <li>IBM X-Force Research Sagi KedmiCVE-2016-8393CVE-2016-8394</li> 368 <li> Seven Shen (<a href="https://twitter.com/lingtongshen">@lingtongshen</a>)CVE-2016-6757</li> 369 <li> Weichao Sun (<a href="https://twitter.com/sunblate">@sunblate</a>)CVE-2016-6773</li> 370 <li><a href="http://c0reteam.org">C0RE </a> <a href="mailto:vancouverdou (a] gmail.com">Wenke Dou</a><a href="mailto:zc1991 (a] mail.ustc.edu.cn">Chi Zhang</a>Chiachih Wu (<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>) Xuxian JiangCVE-2016-6765</li> 371 <li><a href="http://www.trendmicro.com"></a><a href="http://blog.trendmicro.com/trendlabs-security-intelligence/category/mobile/"></a> Wish Wu (<a href="https://twitter.com/wish_wu">@wish_wu</a>) (<a href="http://weibo.com/wishlinux"></a>)CVE-2016-6704</li> 372 <li><a href="http://c0reteam.org">C0RE </a> <a href="mailto:computernik (a] gmail.com">Yuan-Tsung Lo</a><a href="mailto:segfault5514 (a] gmail.com">Tong Lin</a>Chiachih Wu (<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>) Xuxian JiangCVE-2016-6786CVE-2016-6780CVE-2016-6775</li> 373 <li><a href="http://c0reteam.org">C0RE </a> <a href="mailto:computernik (a] gmail.com">Yuan-Tsung Lo</a><a href="mailto:wisedd (a] gmail.com">Xiaodong Wang</a>Chiachih Wu (<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>) Xuxian JiangCVE-2016-6777</li> 374 <li> Yuxiang LiCVE-2016-6771</li> 375 <li> 360 Zhe Jin ()CVE-2016-6764CVE-2016-6766</li> 376 <li> 360 <a href="http://weibo.com/ele7enxxh">Zinuo Han</a>CVE-2016-6762</li> 377 </ul> 378 <p> 379 MengLuo Gou (<a href="https://twitter.com/idhyt3r">@idhyt3r</a>)Yong Wang () (<a href="https://twitter.com/ThomasKing2014">@ThomasKing2014</a>) Google Zubin Mithra 380 </p> 381 382 <h2 id="2016-12-01-details">2016-12-01 </h2> 383 <p> 384 <a href="#2016-12-01-summary">2016-12-01 </a> CVE Google AOSP () ID ( AOSP ) ID </p> 385 386 387 <h3 id="rce-in-curl-libcurl">CURL/LIBCURL </h3> 388 <p> 389 CURL LIBCURL 390 </p> 391 392 <table> 393 <col width="18%"> 394 <col width="18%"> 395 <col width="10%"> 396 <col width="19%"> 397 <col width="17%"> 398 <col width="17%"> 399 <tr> 400 <th>CVE</th> 401 <th></th> 402 <th></th> 403 <th> Google </th> 404 <th> AOSP </th> 405 <th></th> 406 </tr> 407 <tr> 408 <td>CVE-2016-5419</td> 409 <td>A-31271247</td> 410 <td></td> 411 <td></td> 412 <td>7.0</td> 413 <td>2016 8 3 </td> 414 </tr> 415 <tr> 416 <td>CVE-2016-5420</td> 417 <td>A-31271247</td> 418 <td></td> 419 <td></td> 420 <td>7.0</td> 421 <td>2016 8 3 </td> 422 </tr> 423 <tr> 424 <td>CVE-2016-5421</td> 425 <td>A-31271247</td> 426 <td></td> 427 <td></td> 428 <td>7.0</td> 429 <td>2016 8 3 </td> 430 </tr> 431 </table> 432 433 434 <h3 id="eop-in-libziparchive">libziparchive </h3> 435 <p> 436 libziparchive 437 </p> 438 439 <table> 440 <col width="18%"> 441 <col width="18%"> 442 <col width="10%"> 443 <col width="19%"> 444 <col width="17%"> 445 <col width="17%"> 446 <tr> 447 <th>CVE</th> 448 <th></th> 449 <th></th> 450 <th> Google </th> 451 <th> AOSP </th> 452 <th></th> 453 </tr> 454 <tr> 455 <td>CVE-2016-6762</td> 456 <td><a href="https://android.googlesource.com/platform/system/core/+/1ee4892e66ba314131b7ecf17e98bb1762c4b84c"> 457 A-31251826</a> 458 [<a href="https://android.googlesource.com/platform/bionic/+/3656958a16590d07d1e25587734e000beb437740">2</a>] 459 </td> 460 <td></td> 461 <td></td> 462 <td>5.0.25.1.16.06.0.17.0</td> 463 <td>2016 8 28 </td> 464 </tr> 465 </table> 466 467 468 <h3 id="dos-in-telephony"></h3> 469 <p> 470 471 </p> 472 473 <table> 474 <col width="18%"> 475 <col width="18%"> 476 <col width="10%"> 477 <col width="19%"> 478 <col width="17%"> 479 <col width="17%"> 480 <tr> 481 <th>CVE</th> 482 <th></th> 483 <th></th> 484 <th> Google </th> 485 <th> AOSP </th> 486 <th></th> 487 </tr> 488 <tr> 489 <td>CVE-2016-6763</td> 490 <td><a href="https://android.googlesource.com/platform/packages/services/Telephony/+/1294620627b1e9afdf4bd0ad51c25ed3daf80d84"> 491 A-31530456</a></td> 492 <td></td> 493 <td></td> 494 <td>4.4.45.0.25.1.16.06.0.17.0</td> 495 <td>2016 9 12 </td> 496 </tr> 497 </table> 498 499 500 <h3 id="dos-in-mediaserver"></h3> 501 <p> 502 503 </p> 504 505 <table> 506 <col width="18%"> 507 <col width="18%"> 508 <col width="10%"> 509 <col width="19%"> 510 <col width="17%"> 511 <col width="17%"> 512 <tr> 513 <th>CVE</th> 514 <th></th> 515 <th></th> 516 <th> Google </th> 517 <th> AOSP </th> 518 <th></th> 519 </tr> 520 <tr> 521 <td>CVE-2016-6766</td> 522 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/0d13824315b0491d44e9c6eb5db06489ab0fcc20"> 523 A-31318219</a></td> 524 <td></td> 525 <td></td> 526 <td>4.4.45.0.25.1.16.06.0.17.0</td> 527 <td>2016 9 5 </td> 528 </tr> 529 <tr> 530 <td>CVE-2016-6765</td> 531 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/fd9cc97d4dfe2a2fbce2c0f1704d7a27ce7cbc44"> 532 A-31449945</a></td> 533 <td></td> 534 <td></td> 535 <td>4.4.45.0.25.1.17.0</td> 536 <td>2016 9 13 </td> 537 </tr> 538 <tr> 539 <td>CVE-2016-6764</td> 540 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/0d13824315b0491d44e9c6eb5db06489ab0fcc20"> 541 A-31681434</a></td> 542 <td></td> 543 <td></td> 544 <td>4.4.45.0.25.1.16.06.0.17.0</td> 545 <td>2016 9 22 </td> 546 </tr> 547 <tr> 548 <td>CVE-2016-6767</td> 549 <td>A-31833604</td> 550 <td></td> 551 <td>*</td> 552 <td>4.4.4</td> 553 <td>Google </td> 554 </tr> 555 </table> 556 557 <p> 558 * Android 7.0 Google () 559 </p> 560 561 562 <h3 id="rce-in-framesequence-library">Framesequence </h3> 563 <p> 564 Framesequence Framesequence 565 </p> 566 567 <table> 568 <col width="18%"> 569 <col width="18%"> 570 <col width="10%"> 571 <col width="19%"> 572 <col width="17%"> 573 <col width="17%"> 574 <tr> 575 <th>CVE</th> 576 <th></th> 577 <th></th> 578 <th> Google </th> 579 <th> AOSP </th> 580 <th></th> 581 </tr> 582 <tr> 583 <td>CVE-2016-6768</td> 584 <td><a href="https://android.googlesource.com/platform/frameworks/ex/+/0ada9456d0270cb0e357a43d9187a6418d770760"> 585 A-31631842</a></td> 586 <td></td> 587 <td></td> 588 <td>5.0.25.1.16.06.0.17.0</td> 589 <td>2016 9 19 </td> 590 </tr> 591 </table> 592 593 594 <h3 id="eop-in-smart-lock">Smart Lock </h3> 595 <p> 596 Smart Lock PIN Smart Lock ( Smart Lock) 597 </p> 598 599 <table> 600 <col width="18%"> 601 <col width="18%"> 602 <col width="10%"> 603 <col width="19%"> 604 <col width="17%"> 605 <col width="17%"> 606 <tr> 607 <th>CVE</th> 608 <th></th> 609 <th></th> 610 <th> Google </th> 611 <th> AOSP </th> 612 <th></th> 613 </tr> 614 <tr> 615 <td>CVE-2016-6769</td> 616 <td>A-29055171</td> 617 <td></td> 618 <td>*</td> 619 <td>5.0.25.1.16.06.0.1</td> 620 <td>2016 5 27 </td> 621 </tr> 622 </table> 623 <p> 624 * Android 7.0 Google () 625 </p> 626 627 628 <h3 id="eop-in-framework-apis">Framework API </h3> 629 <p> 630 Framework API 631 </p> 632 633 <table> 634 <col width="18%"> 635 <col width="18%"> 636 <col width="10%"> 637 <col width="19%"> 638 <col width="17%"> 639 <col width="17%"> 640 <tr> 641 <th>CVE</th> 642 <th></th> 643 <th></th> 644 <th> Google </th> 645 <th> AOSP </th> 646 <th></th> 647 </tr> 648 <tr> 649 <td>CVE-2016-6770</td> 650 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/2c61c57ac53cbb270b4e76b9d04465f8a3f6eadc"> 651 A-30202228</a></td> 652 <td></td> 653 <td></td> 654 <td>4.4.45.0.25.1.16.06.0.17.0</td> 655 <td>2016 7 16 </td> 656 </tr> 657 </table> 658 659 660 <h3 id="eop-in-telephony"></h3> 661 <p> 662 663 </p> 664 665 <table> 666 <col width="18%"> 667 <col width="18%"> 668 <col width="10%"> 669 <col width="19%"> 670 <col width="17%"> 671 <col width="17%"> 672 <tr> 673 <th>CVE</th> 674 <th></th> 675 <th></th> 676 <th> Google </th> 677 <th> AOSP </th> 678 <th></th> 679 </tr> 680 <tr> 681 <td>CVE-2016-6771</td> 682 <td><a href="https://android.googlesource.com/platform/packages/services/Telephony/+/a39ff9526aee6f2ea4f6e02412db7b33d486fd7d"> 683 A-31566390</a></td> 684 <td></td> 685 <td></td> 686 <td>6.06.0.17.0</td> 687 <td>2016 9 17 </td> 688 </tr> 689 </table> 690 691 692 <h3 id="eop-in-wi-fi">Wi-Fi </h3> 693 <p> 694 Wi-Fi 695 </p> 696 697 <table> 698 <col width="18%"> 699 <col width="18%"> 700 <col width="10%"> 701 <col width="19%"> 702 <col width="17%"> 703 <col width="17%"> 704 <tr> 705 <th>CVE</th> 706 <th></th> 707 <th></th> 708 <th> Google </th> 709 <th> AOSP </th> 710 <th></th> 711 </tr> 712 <tr> 713 <td>CVE-2016-6772</td> 714 <td><a href="https://android.googlesource.com/platform/frameworks/opt/net/wifi/+/a5a18239096f6faee80f15f3fff39c3311898484"> 715 A-31856351</a> 716 [<a href="https://android.googlesource.com/platform/frameworks/opt/net/wifi/+/29a2baf3195256bab6a0a4a2d07b7f2efa46b614">2</a>]</td> 717 <td></td> 718 <td></td> 719 <td>5.0.25.1.16.06.0.17.0</td> 720 <td>2016 9 30 </td> 721 </tr> 722 </table> 723 724 725 <h3 id="id-in-mediaserver"></h3> 726 <p> 727 728 </p> 729 730 <table> 731 <col width="18%"> 732 <col width="18%"> 733 <col width="10%"> 734 <col width="19%"> 735 <col width="17%"> 736 <col width="17%"> 737 <tr> 738 <th>CVE</th> 739 <th></th> 740 <th></th> 741 <th> Google </th> 742 <th> AOSP </th> 743 <th></th> 744 </tr> 745 <tr> 746 <td>CVE-2016-6773</td> 747 <td><a href="https://android.googlesource.com/platform/external/libavc/+/026745ef046e646b8d04f4f57d8320042f6b29b0"> 748 A-30481714</a> 749 [<a href="https://android.googlesource.com/platform/external/libavc/+/6676aeb4195e7c7379915c0972f3d209410f0641">2</a>]</td> 750 <td></td> 751 <td></td> 752 <td>6.06.0.17.0</td> 753 <td>2016 7 27 </td> 754 </tr> 755 </table> 756 757 758 <h3 id="id-in-package-manager"></h3> 759 <p> 760 761 </p> 762 763 <table> 764 <col width="18%"> 765 <col width="18%"> 766 <col width="10%"> 767 <col width="19%"> 768 <col width="17%"> 769 <col width="17%"> 770 <tr> 771 <th>CVE</th> 772 <th></th> 773 <th></th> 774 <th> Google </th> 775 <th> AOSP </th> 776 <th></th> 777 </tr> 778 <tr> 779 <td>CVE-2016-6774</td> 780 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/e2d4f5fc313ecb4ba587b20fff6d346f8cd51775"> 781 A-31251489</a></td> 782 <td></td> 783 <td></td> 784 <td>7.0</td> 785 <td>2016 8 29 </td> 786 </tr> 787 </table> 788 789 790 <h2 id="2016-12-05-details">2016-12-05 </h2> 791 <p> 792 <a href="#2016-12-05-summary">2016-12-05 </a> CVE Google AOSP () ID ( AOSP ) ID </p> 793 794 <h3 id="eop-in-kernel-memory-subsystem"></h3> 795 <p> 796 (Re-flash) 797 </p> 798 799 <table> 800 <col width="19%"> 801 <col width="20%"> 802 <col width="10%"> 803 <col width="23%"> 804 <col width="17%"> 805 <tr> 806 <th>CVE</th> 807 <th></th> 808 <th></th> 809 <th> Google </th> 810 <th></th> 811 </tr> 812 <tr> 813 <td>CVE-2016-4794</td> 814 <td>A-31596597<br> 815 <a href="http://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=6710e594f71ccaad8101bc64321152af7cd9ea28"></a> 816 [<a href="http://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=4f996e234dad488e5d9ba0858bc1bae12eff82c3">2</a>]</td> 817 <td></td> 818 <td>Pixel CPixelPixel XL</td> 819 <td>2016 4 17 </td> 820 </tr> 821 <tr> 822 <td>CVE-2016-5195</td> 823 <td>A-32141528<br> 824 <a href="https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=9691eac5593ff1e2f82391ad327f21d90322aec1"></a> 825 [<a href="https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/?id=e45a502bdeae5a075257c4f061d1ff4ff0821354">2</a>]</td> 826 <td></td> 827 <td>Nexus 5XNexus 6Nexus 6PNexus 9Android OnePixel CNexus PlayerPixelPixel XL</td> 828 <td>2016 10 12 </td> 829 </tr> 830 </table> 831 832 833 <h3 id="eop-in-nvidia-gpu-driver">NVIDIA GPU </h3> 834 <p> 835 NVIDIA GPU (Re-flash) 836 </p> 837 838 <table> 839 <col width="19%"> 840 <col width="20%"> 841 <col width="10%"> 842 <col width="23%"> 843 <col width="17%"> 844 <tr> 845 <th>CVE</th> 846 <th></th> 847 <th></th> 848 <th> Google </th> 849 <th></th> 850 </tr> 851 <tr> 852 <td>CVE-2016-6775</td> 853 <td>A-31222873*<br>N-CVE-2016-6775</td> 854 <td></td> 855 <td>Nexus 9</td> 856 <td>2016 8 25 </td> 857 </tr> 858 <tr> 859 <td>CVE-2016-6776</td> 860 <td>A-31680980*<br>N-CVE-2016-6776</td> 861 <td></td> 862 <td>Nexus 9</td> 863 <td>2016 9 22 </td> 864 </tr> 865 <tr> 866 <td>CVE-2016-6777</td> 867 <td>A-31910462*<br>N-CVE-2016-6777</td> 868 <td></td> 869 <td>Nexus 9</td> 870 <td>2016 10 3 </td> 871 </tr> 872 </table> 873 <p>* Google <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> 874 </p> 875 876 <h3 id="eop-in-kernel"></h3> 877 <p> (Re-flash) 878 </p> 879 880 <table> 881 <col width="19%"> 882 <col width="20%"> 883 <col width="10%"> 884 <col width="23%"> 885 <col width="17%"> 886 <tr> 887 <th>CVE</th> 888 <th></th> 889 <th></th> 890 <th> Google </th> 891 <th></th> 892 </tr> 893 <tr> 894 <td>CVE-2015-8966</td> 895 <td>A-31435731<br> 896 <a href="https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=76cc404bfdc0d419c720de4daaf2584542734f42"> 897 </a></td> 898 <td></td> 899 <td>*</td> 900 <td>2016 9 10 </td> 901 </tr> 902 </table> 903 <p> 904 * Android 7.0 Google () 905 </p> 906 907 908 <h3 id="eop-in-nvidia-video-driver">NVIDIA </h3> 909 <p> 910 NVIDIA (Re-flash) 911 </p> 912 913 <table> 914 <col width="19%"> 915 <col width="20%"> 916 <col width="10%"> 917 <col width="23%"> 918 <col width="17%"> 919 <tr> 920 <th>CVE</th> 921 <th></th> 922 <th></th> 923 <th> Google </th> 924 <th></th> 925 </tr> 926 <tr> 927 <td>CVE-2016-6915</td> 928 <td>A-31471161* 929 <br>N-CVE-2016-6915</td> 930 <td></td> 931 <td>Nexus 9</td> 932 <td>2016 9 13 </td> 933 </tr> 934 <tr> 935 <td>CVE-2016-6916</td> 936 <td>A-32072350* 937 <br>N-CVE-2016-6916</td> 938 <td></td> 939 <td>Nexus 9Pixel C</td> 940 <td>2016 9 13 </td> 941 </tr> 942 <tr> 943 <td>CVE-2016-6917</td> 944 <td>A-32072253* 945 <br>N-CVE-2016-6917</td> 946 <td></td> 947 <td>Nexus 9</td> 948 <td>2016 9 13 </td> 949 </tr> 950 </table> 951 <p>* Google <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> 952 </p> 953 954 <h3 id="eop-in-kernel-ion-driver"> ION </h3> 955 <p> 956 ION (Re-flash) 957 </p> 958 959 <table> 960 <col width="19%"> 961 <col width="20%"> 962 <col width="10%"> 963 <col width="23%"> 964 <col width="17%"> 965 <tr> 966 <th>CVE</th> 967 <th></th> 968 <th></th> 969 <th> Google </th> 970 <th></th> 971 </tr> 972 <tr> 973 <td>CVE-2016-9120</td> 974 <td>A-31568617<br> 975 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=9590232bb4f4cc824f3425a6e1349afbe6d6d2b7"> 976 </a></td> 977 <td></td> 978 <td>Nexus 5XNexus 6Nexus 6PAndroid OnePixel CNexus Player</td> 979 <td>2016 9 16 </td> 980 </tr> 981 </table> 982 983 <h3>Qualcomm </h3> 984 <p> 985 Qualcomm 2015 11 Qualcomm AMSS 986 </p> 987 <table> 988 <col width="19%"> 989 <col width="20%"> 990 <col width="10%"> 991 <col width="23%"> 992 <col width="17%"> 993 <tr> 994 <th>CVE</th> 995 <th></th> 996 <th>*</th> 997 <th> Google </th> 998 <th></th> 999 </tr> 1000 <tr> 1001 <td>CVE-2016-8411</td> 1002 <td>A-31805216**</td> 1003 <td></td> 1004 <td>Nexus 6Nexus 6PAndroid One</td> 1005 <td>Qualcomm </td> 1006 </tr> 1007 </table> 1008 <p>* </p> 1009 <p>** Google <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> 1010 </p> 1011 1012 <h3 id="eop-in-kernel-file-system"></h3> 1013 <p> 1014 1015 </p> 1016 1017 <table> 1018 <col width="19%"> 1019 <col width="20%"> 1020 <col width="10%"> 1021 <col width="23%"> 1022 <col width="17%"> 1023 <tr> 1024 <th>CVE</th> 1025 <th></th> 1026 <th></th> 1027 <th> Google </th> 1028 <th></th> 1029 </tr> 1030 <tr> 1031 <td>CVE-2014-4014</td> 1032 <td>A-31252187<br> 1033 <a href="https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=23adbe12ef7d3d4195e80800ab36b37bee28cd03"> 1034 </a></td> 1035 <td></td> 1036 <td>Nexus 6Nexus Player</td> 1037 <td>2014 6 10 </td> 1038 </tr> 1039 </table> 1040 1041 1042 <h3 id="eop-in-kernel-2"></h3> 1043 <p> 1044 1045 </p> 1046 1047 <table> 1048 <col width="19%"> 1049 <col width="20%"> 1050 <col width="10%"> 1051 <col width="23%"> 1052 <col width="17%"> 1053 <tr> 1054 <th>CVE</th> 1055 <th></th> 1056 <th></th> 1057 <th> Google </th> 1058 <th></th> 1059 </tr> 1060 <tr> 1061 <td>CVE-2015-8967</td> 1062 <td>A-31703084<br> 1063 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=c623b33b4e9599c6ac5076f7db7369eb9869aa04"> 1064 </a></td> 1065 <td></td> 1066 <td>Nexus 5XNexus 6PNexus 9Pixel CPixelPixel XL</td> 1067 <td>2015 1 8 </td> 1068 </tr> 1069 </table> 1070 1071 1072 <h3 id="eop-in-htc-sound-codec-driver">HTC </h3> 1073 <p> 1074 HTC 1075 </p> 1076 1077 <table> 1078 <col width="19%"> 1079 <col width="20%"> 1080 <col width="10%"> 1081 <col width="23%"> 1082 <col width="17%"> 1083 <tr> 1084 <th>CVE</th> 1085 <th></th> 1086 <th></th> 1087 <th> Google </th> 1088 <th></th> 1089 </tr> 1090 <tr> 1091 <td>CVE-2016-6778</td> 1092 <td>A-31384646*</td> 1093 <td></td> 1094 <td>Nexus 9</td> 1095 <td>2016 2 25 </td> 1096 </tr> 1097 <tr> 1098 <td>CVE-2016-6779</td> 1099 <td>A-31386004*</td> 1100 <td></td> 1101 <td>Nexus 9</td> 1102 <td>2016 2 25 </td> 1103 </tr> 1104 <tr> 1105 <td>CVE-2016-6780</td> 1106 <td>A-31251496*</td> 1107 <td></td> 1108 <td>Nexus 9</td> 1109 <td>2016 8 30 </td> 1110 </tr> 1111 </table> 1112 <p>* Google <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> 1113 </p> 1114 1115 <h3 id="eop-in-mediatek-driver">MediaTek </h3> 1116 <p> 1117 MediaTek 1118 </p> 1119 1120 <table> 1121 <col width="19%"> 1122 <col width="20%"> 1123 <col width="10%"> 1124 <col width="23%"> 1125 <col width="17%"> 1126 <tr> 1127 <th>CVE</th> 1128 <th></th> 1129 <th></th> 1130 <th> Google </th> 1131 <th></th> 1132 </tr> 1133 <tr> 1134 <td>CVE-2016-6492</td> 1135 <td>A-28175122<br>MT-ALPS02696413</td> 1136 <td></td> 1137 <td>*</td> 1138 <td>2016 4 11 </td> 1139 </tr> 1140 <tr> 1141 <td>CVE-2016-6781</td> 1142 <td>A-31095175<br>MT-ALPS02943455</td> 1143 <td></td> 1144 <td>*</td> 1145 <td>2016 8 22 </td> 1146 </tr> 1147 <tr> 1148 <td>CVE-2016-6782</td> 1149 <td>A-31224389<br>MT-ALPS02943506</td> 1150 <td></td> 1151 <td>*</td> 1152 <td>2016 8 24 </td> 1153 </tr> 1154 <tr> 1155 <td>CVE-2016-6783</td> 1156 <td>A-31350044<br>MT-ALPS02943437</td> 1157 <td></td> 1158 <td>*</td> 1159 <td>2016 9 6 </td> 1160 </tr> 1161 <tr> 1162 <td>CVE-2016-6784</td> 1163 <td>A-31350755<br>MT-ALPS02961424</td> 1164 <td></td> 1165 <td>*</td> 1166 <td>2016 9 6 </td> 1167 </tr> 1168 <tr> 1169 <td>CVE-2016-6785</td> 1170 <td>A-31748056<br>MT-ALPS02961400</td> 1171 <td></td> 1172 <td>*</td> 1173 <td>2016 9 25 </td> 1174 </tr> 1175 </table> 1176 <p> 1177 * Android 7.0 Google () 1178 </p> 1179 1180 1181 <h3 id="eop-in-qualcomm-media-codecs">Qualcomm </h3> 1182 <p>Qualcomm 1183 </p> 1184 1185 <table> 1186 <col width="19%"> 1187 <col width="20%"> 1188 <col width="10%"> 1189 <col width="23%"> 1190 <col width="17%"> 1191 <tr> 1192 <th>CVE</th> 1193 <th></th> 1194 <th></th> 1195 <th> Google </th> 1196 <th></th> 1197 </tr> 1198 <tr> 1199 <td>CVE-2016-6761</td> 1200 <td>A-29421682* 1201 <br>QC-CR#1055792</td> 1202 <td></td> 1203 <td>Nexus 5XNexus 6Nexus 6PNexus 9Android OneNexus PlayerPixelPixel XL</td> 1204 <td>2016 6 16 </td> 1205 </tr> 1206 <tr> 1207 <td>CVE-2016-6760</td> 1208 <td>A-29617572* 1209 <br>QC-CR#1055783</td> 1210 <td></td> 1211 <td>Nexus 5XNexus 6Nexus 6PNexus 9Android OneNexus PlayerPixelPixel XL</td> 1212 <td>2016 6 23 </td> 1213 </tr> 1214 <tr> 1215 <td>CVE-2016-6759</td> 1216 <td>A-29982686* 1217 <br>QC-CR#1055766</td> 1218 <td></td> 1219 <td>Nexus 5XNexus 6Nexus 6PNexus 9Android OneNexus PlayerPixelPixel XL</td> 1220 <td>2016 7 4 </td> 1221 </tr> 1222 <tr> 1223 <td>CVE-2016-6758</td> 1224 <td>A-30148882* 1225 <br>QC-CR#1071731</td> 1226 <td></td> 1227 <td>Nexus 5XNexus 6Nexus 6PNexus 9Android OneNexus PlayerPixelPixel XL</td> 1228 <td>2016 7 13 </td> 1229 </tr> 1230 </table> 1231 <p>* Google <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> 1232 </p> 1233 1234 <h3 id="eop-in-qualcomm-camera-driver">Qualcomm </h3> 1235 <p> 1236 Qualcomm 1237 </p> 1238 1239 <table> 1240 <col width="19%"> 1241 <col width="20%"> 1242 <col width="10%"> 1243 <col width="23%"> 1244 <col width="17%"> 1245 <tr> 1246 <th>CVE</th> 1247 <th></th> 1248 <th></th> 1249 <th> Google </th> 1250 <th></th> 1251 </tr> 1252 <tr> 1253 <td>CVE-2016-6755</td> 1254 <td>A-30740545<br> 1255 <a href="https://source.codeaurora.org/quic/la//kernel/msm-3.10/commit/?id=b5df02edbcdf53dbbab77903d28162772edcf6e0"> 1256 QC-CR#1065916</a></td> 1257 <td></td> 1258 <td>Nexus 5XNexus 6Nexus 6PAndroid OnePixelPixel XL</td> 1259 <td>2016 8 3 </td> 1260 </tr> 1261 </table> 1262 1263 1264 <h3 id="eop-in-kernel-performance-subsystem"></h3> 1265 <p> 1266 1267 </p> 1268 1269 <table> 1270 <col width="19%"> 1271 <col width="20%"> 1272 <col width="10%"> 1273 <col width="23%"> 1274 <col width="17%"> 1275 <tr> 1276 <th>CVE</th> 1277 <th></th> 1278 <th></th> 1279 <th> Google </th> 1280 <th></th> 1281 </tr> 1282 <tr> 1283 <td>CVE-2016-6786</td> 1284 <td>A-30955111 1285 <a href="https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f63a8daa5812afef4f06c962351687e1ff9ccb2b"></a></td> 1286 <td></td> 1287 <td>Nexus 5XNexus 6Nexus 6PNexus 9Android OnePixel CNexus PlayerPixelPixel XL</td> 1288 <td>2016 8 18 </td> 1289 </tr> 1290 <tr> 1291 <td>CVE-2016-6787</td> 1292 <td>A-31095224 1293 <a href="https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f63a8daa5812afef4f06c962351687e1ff9ccb2b"></a></td> 1294 <td></td> 1295 <td>Nexus 5XNexus 6Nexus 6PNexus 9Android OnePixel CNexus PlayerPixelPixel XL</td> 1296 <td>2016 8 22 </td> 1297 </tr> 1298 </table> 1299 1300 1301 <h3 id="eop-in-mediatek-i2c-driver">MediaTek I2C </h3> 1302 <p> 1303 MediaTek I2C 1304 </p> 1305 1306 <table> 1307 <col width="19%"> 1308 <col width="20%"> 1309 <col width="10%"> 1310 <col width="23%"> 1311 <col width="17%"> 1312 <tr> 1313 <th>CVE</th> 1314 <th></th> 1315 <th></th> 1316 <th> Google </th> 1317 <th></th> 1318 </tr> 1319 <tr> 1320 <td>CVE-2016-6788</td> 1321 <td>A-31224428<br>MT-ALPS02943467</td> 1322 <td></td> 1323 <td>*</td> 1324 <td>2016 8 24 </td> 1325 </tr> 1326 </table> 1327 <p> 1328 * Android 7.0 Google () 1329 </p> 1330 1331 1332 <h3 id="eop-in-nvidia-libomx-library">NVIDIA libomx </h3> 1333 <p> 1334 NVIDIA libomx 1335 </p> 1336 1337 <table> 1338 <col width="19%"> 1339 <col width="20%"> 1340 <col width="10%"> 1341 <col width="23%"> 1342 <col width="17%"> 1343 <tr> 1344 <th>CVE</th> 1345 <th></th> 1346 <th></th> 1347 <th> Google </th> 1348 <th></th> 1349 </tr> 1350 <tr> 1351 <td>CVE-2016-6789</td> 1352 <td>A-31251973* 1353 <br>N-CVE-2016-6789</td> 1354 <td></td> 1355 <td>Pixel C</td> 1356 <td>2016 8 29 </td> 1357 </tr> 1358 <tr> 1359 <td>CVE-2016-6790</td> 1360 <td>A-31251628* 1361 <br>N-CVE-2016-6790</td> 1362 <td></td> 1363 <td>Pixel C</td> 1364 <td>2016 8 28 </td> 1365 </tr> 1366 </table> 1367 <p>* Google <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> 1368 </p> 1369 1370 <h3 id="eop-in-qualcomm-sound-driver">Qualcomm </h3> 1371 <p> 1372 Qualcomm 1373 </p> 1374 1375 <table> 1376 <col width="19%"> 1377 <col width="20%"> 1378 <col width="10%"> 1379 <col width="23%"> 1380 <col width="17%"> 1381 <tr> 1382 <th>CVE</th> 1383 <th></th> 1384 <th></th> 1385 <th> Google </th> 1386 <th></th> 1387 </tr> 1388 <tr> 1389 <td>CVE-2016-6791</td> 1390 <td>A-31252384<br> 1391 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=62580295210b6c0bd809cde7088b45ebb65ace79"> 1392 QC-CR#1071809</a></td> 1393 <td></td> 1394 <td>Nexus 5XNexus 6Nexus 6PAndroid OnePixelPixel XL</td> 1395 <td>2016 8 31 </td> 1396 </tr> 1397 <tr> 1398 <td>CVE-2016-8391</td> 1399 <td>A-31253255<br> 1400 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=62580295210b6c0bd809cde7088b45ebb65ace79"> 1401 QC-CR#1072166</a></td> 1402 <td></td> 1403 <td>Nexus 5XNexus 6Nexus 6PAndroid OnePixelPixel XL</td> 1404 <td>2016 8 31 </td> 1405 </tr> 1406 <tr> 1407 <td>CVE-2016-8392</td> 1408 <td>A-31385862<br> 1409 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=62580295210b6c0bd809cde7088b45ebb65ace79"> 1410 QC-CR#1073136</a></td> 1411 <td></td> 1412 <td>Nexus 5XNexus 6Nexus 6PAndroid OnePixelPixel XL</td> 1413 <td>2016 9 8 </td> 1414 </tr> 1415 </table> 1416 1417 1418 <h3 id="eop-in-kernel-security-subsystem"></h3> 1419 <p> 1420 1421 </p> 1422 1423 <table> 1424 <col width="19%"> 1425 <col width="20%"> 1426 <col width="10%"> 1427 <col width="23%"> 1428 <col width="17%"> 1429 <tr> 1430 <th>CVE</th> 1431 <th></th> 1432 <th></th> 1433 <th> Google </th> 1434 <th></th> 1435 </tr> 1436 <tr> 1437 <td>CVE-2015-7872</td> 1438 <td>A-31253168<br> 1439 <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=f05819df10d7b09f6d1eb6f8534a8f68e5a4fe61"> 1440 </a></td> 1441 <td></td> 1442 <td>Nexus 5XNexus 6Nexus 6PNexus 9Android OneNexus PlayerPixelPixel XL</td> 1443 <td>2016 8 31 </td> 1444 </tr> 1445 </table> 1446 1447 1448 <h3 id="eop-in-synaptics-touchscreen-driver">Synaptics </h3> 1449 <p>Synaptics 1450 </p> 1451 1452 <table> 1453 <col width="19%"> 1454 <col width="20%"> 1455 <col width="10%"> 1456 <col width="23%"> 1457 <col width="17%"> 1458 <tr> 1459 <th>CVE</th> 1460 <th></th> 1461 <th></th> 1462 <th> Google </th> 1463 <th></th> 1464 </tr> 1465 <tr> 1466 <td>CVE-2016-8393</td> 1467 <td>A-31911920*</td> 1468 <td></td> 1469 <td>Nexus 5XNexus 6PNexus 9Android OnePixelPixel XL</td> 1470 <td>2016 9 8 </td> 1471 </tr> 1472 <tr> 1473 <td>CVE-2016-8394</td> 1474 <td>A-31913197*</td> 1475 <td></td> 1476 <td>Nexus 9Android One</td> 1477 <td>2016 9 8 </td> 1478 </tr> 1479 </table> 1480 <p>* Google <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> 1481 </p> 1482 1483 <h3 id="eop-in-broadcom-wi-fi-driver">Broadcom Wi-Fi </h3> 1484 <p> 1485 Broadcom Wi-Fi 1486 </p> 1487 1488 <table> 1489 <col width="19%"> 1490 <col width="20%"> 1491 <col width="10%"> 1492 <col width="23%"> 1493 <col width="17%"> 1494 <tr> 1495 <th>CVE</th> 1496 <th></th> 1497 <th></th> 1498 <th> Google </th> 1499 <th></th> 1500 </tr> 1501 <tr> 1502 <td>CVE-2014-9909</td> 1503 <td>A-31676542<br>B-RB#26684</td> 1504 <td></td> 1505 <td>*</td> 1506 <td>2016 9 21 </td> 1507 </tr> 1508 <tr> 1509 <td>CVE-2014-9910</td> 1510 <td>A-31746399<br>B-RB#26710</td> 1511 <td></td> 1512 <td>*</td> 1513 <td>2016 9 26 </td> 1514 </tr> 1515 </table> 1516 <p> 1517 * Android 7.0 Google () 1518 </p> 1519 1520 1521 <h3 id="id-in-mediatek-video-driver">MediaTek </h3> 1522 <p> 1523 MediaTek 1524 </p> 1525 1526 <table> 1527 <col width="19%"> 1528 <col width="20%"> 1529 <col width="10%"> 1530 <col width="23%"> 1531 <col width="17%"> 1532 <tr> 1533 <th>CVE</th> 1534 <th></th> 1535 <th></th> 1536 <th> Google </th> 1537 <th></th> 1538 </tr> 1539 <tr> 1540 <td>CVE-2016-8396</td> 1541 <td>A-31249105</td> 1542 <td></td> 1543 <td>*</td> 1544 <td>2016 8 26 </td> 1545 </tr> 1546 </table> 1547 <p> 1548 * Android 7.0 Google () 1549 </p> 1550 1551 1552 <h3 id="id-in-nvidia-video-driver">NVIDIA </h3> 1553 <p> 1554 NVIDIA 1555 </p> 1556 1557 <table> 1558 <col width="19%"> 1559 <col width="20%"> 1560 <col width="10%"> 1561 <col width="23%"> 1562 <col width="17%"> 1563 <tr> 1564 <th>CVE</th> 1565 <th></th> 1566 <th></th> 1567 <th> Google </th> 1568 <th></th> 1569 </tr> 1570 <tr> 1571 <td>CVE-2016-8397</td> 1572 <td>A-31385953*<br> 1573 N-CVE-2016-8397</td> 1574 <td></td> 1575 <td>Nexus 9</td> 1576 <td>2016 9 8 </td> 1577 </tr> 1578 </table> 1579 <p>* Google <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> 1580 </p> 1581 1582 <h3 id="dos-in-gps">GPS </h3> 1583 <p> 1584 Qualcomm GPS 1585 </p> 1586 1587 <table> 1588 <col width="19%"> 1589 <col width="20%"> 1590 <col width="10%"> 1591 <col width="23%"> 1592 <col width="17%"> 1593 <tr> 1594 <th>CVE</th> 1595 <th></th> 1596 <th></th> 1597 <th> Google </th> 1598 <th></th> 1599 </tr> 1600 <tr> 1601 <td>CVE-2016-5341</td> 1602 <td>A-31470303*</td> 1603 <td></td> 1604 <td>Nexus 6Nexus 5XNexus 6PNexus 9Android OnePixelPixel XL</td> 1605 <td>2016 6 21 </td> 1606 </tr> 1607 </table> 1608 <p>* Google <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> 1609 </p> 1610 1611 <h3 id="dos-in-nvidia-camera-driver">NVIDIA </h3> 1612 <p> 1613 NVIDIA (Re-flash) 1614 </p> 1615 1616 <table> 1617 <col width="19%"> 1618 <col width="20%"> 1619 <col width="10%"> 1620 <col width="23%"> 1621 <col width="17%"> 1622 <tr> 1623 <th>CVE</th> 1624 <th></th> 1625 <th></th> 1626 <th> Google </th> 1627 <th></th> 1628 </tr> 1629 <tr> 1630 <td>CVE-2016-8395</td> 1631 <td>A-31403040* 1632 <br>N-CVE-2016-8395</td> 1633 <td></td> 1634 <td>Pixel C</td> 1635 <td>2016 9 9 </td> 1636 </tr> 1637 </table> 1638 <p>* Google <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> 1639 </p> 1640 1641 <h3 id="eop-in-kernel-networking-subsystem"></h3> 1642 <p> 1643 1644 </p> 1645 1646 <table> 1647 <col width="19%"> 1648 <col width="20%"> 1649 <col width="10%"> 1650 <col width="23%"> 1651 <col width="17%"> 1652 <tr> 1653 <th>CVE</th> 1654 <th></th> 1655 <th></th> 1656 <th> Google </th> 1657 <th></th> 1658 </tr> 1659 <tr> 1660 <td>CVE-2016-8399</td> 1661 <td>A-31349935*</td> 1662 <td></td> 1663 <td>Nexus 5XNexus 6Nexus 6PNexus 9Android OnePixel CNexus PlayerPixelPixel XL</td> 1664 <td>2016 9 5 </td> 1665 </tr> 1666 </table> 1667 <p>* Google <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> 1668 </p> 1669 1670 <h3 id="id-in-qualcomm-components">Qualcomm </h3> 1671 <p> 1672 Qualcomm () 1673 </p> 1674 1675 <table> 1676 <col width="19%"> 1677 <col width="20%"> 1678 <col width="10%"> 1679 <col width="23%"> 1680 <col width="17%"> 1681 <tr> 1682 <th>CVE</th> 1683 <th></th> 1684 <th></th> 1685 <th> Google </th> 1686 <th></th> 1687 </tr> 1688 <tr> 1689 <td>CVE-2016-6756</td> 1690 <td>A-29464815<br> 1691 <a href="https://source.codeaurora.org/quic/la//kernel/msm-3.10/commit/?id=f91d28dcba304c9f3af35b5bebaa26233c8c13a5"> 1692 QC-CR#1042068</a> 1693 [<a href="https://source.codeaurora.org/quic/la/kernel/msm-3.18/commit/?id=3a214ef870dc97437c7de79a1507dfe5079dce88">2</a>]</td> 1694 <td></td> 1695 <td>Nexus 5XNexus 6Nexus 6PAndroid OnePixelPixel XL</td> 1696 <td>2016 6 17 </td> 1697 </tr> 1698 <tr> 1699 <td>CVE-2016-6757</td> 1700 <td>A-30148242<br> 1701 <a href="https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=cd99d3bbdb16899a425716e672485e0cdc283245"> 1702 QC-CR#1052821</a></td> 1703 <td></td> 1704 <td>Nexus 5XNexus 6Nexus 6PPixelPixel XL</td> 1705 <td>2016 7 13 </td> 1706 </tr> 1707 </table> 1708 1709 1710 <h3 id="id-in-nvidia-librm-library">NVIDIA librm </h3> 1711 <p> 1712 NVIDIA librm (libnvrm) 1713 </p> 1714 1715 <table> 1716 <col width="19%"> 1717 <col width="20%"> 1718 <col width="10%"> 1719 <col width="23%"> 1720 <col width="17%"> 1721 <tr> 1722 <th>CVE</th> 1723 <th></th> 1724 <th></th> 1725 <th> Google </th> 1726 <th></th> 1727 </tr> 1728 <tr> 1729 <td>CVE-2016-8400</td> 1730 <td>A-31251599* 1731 <br>N-CVE-2016-8400</td> 1732 <td></td> 1733 <td>Pixel C</td> 1734 <td>2016 8 29 </td> 1735 </tr> 1736 </table> 1737 <p>* Google <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> 1738 </p> 1739 1740 <h3 id="id-in-kernel-components"></h3> 1741 <p> 1742 ( ION USB ) 1743 </p> 1744 1745 <table> 1746 <col width="19%"> 1747 <col width="20%"> 1748 <col width="10%"> 1749 <col width="23%"> 1750 <col width="17%"> 1751 <tr> 1752 <th>CVE</th> 1753 <th></th> 1754 <th></th> 1755 <th> Google </th> 1756 <th></th> 1757 </tr> 1758 <tr> 1759 <td>CVE-2016-8401</td> 1760 <td>A-31494725*</td> 1761 <td></td> 1762 <td>Nexus 5XNexus 6Nexus 6PNexus 9Android OnePixel CNexus PlayerPixelPixel XL</td> 1763 <td>2016 9 13 </td> 1764 </tr> 1765 <tr> 1766 <td>CVE-2016-8402</td> 1767 <td>A-31495231*</td> 1768 <td></td> 1769 <td>Nexus 5XNexus 6Nexus 6PNexus 9Android OnePixel CNexus PlayerPixelPixel XL</td> 1770 <td>2016 9 13 </td> 1771 </tr> 1772 <tr> 1773 <td>CVE-2016-8403</td> 1774 <td>A-31495348*</td> 1775 <td></td> 1776 <td>Nexus 9</td> 1777 <td>2016 9 13 </td> 1778 </tr> 1779 <tr> 1780 <td>CVE-2016-8404</td> 1781 <td>A-31496950*</td> 1782 <td></td> 1783 <td>Nexus 9</td> 1784 <td>2016 9 13 </td> 1785 </tr> 1786 <tr> 1787 <td>CVE-2016-8405</td> 1788 <td>A-31651010*</td> 1789 <td></td> 1790 <td>Nexus 5XNexus 6Nexus 6PNexus 9Android OnePixel CNexus PlayerPixelPixel XL</td> 1791 <td>2016 9 21 </td> 1792 </tr> 1793 <tr> 1794 <td>CVE-2016-8406</td> 1795 <td>A-31796940*</td> 1796 <td></td> 1797 <td>Nexus 5XNexus 6Nexus 6PNexus 9Android OnePixel CNexus PlayerPixelPixel XL</td> 1798 <td>2016 9 27 </td> 1799 </tr> 1800 <tr> 1801 <td>CVE-2016-8407</td> 1802 <td>A-31802656*</td> 1803 <td></td> 1804 <td>Nexus 5XNexus 6Nexus 6PAndroid OnePixelPixel XL</td> 1805 <td>2016 9 28 </td> 1806 </tr> 1807 </table> 1808 <p>* Google <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> 1809 </p> 1810 1811 <h3 id="id-in-nvidia-video-driver-2">NVIDIA </h3> 1812 <p> 1813 NVIDIA 1814 </p> 1815 1816 <table> 1817 <col width="19%"> 1818 <col width="20%"> 1819 <col width="10%"> 1820 <col width="23%"> 1821 <col width="17%"> 1822 <tr> 1823 <th>CVE</th> 1824 <th></th> 1825 <th></th> 1826 <th> Google </th> 1827 <th></th> 1828 </tr> 1829 <tr> 1830 <td>CVE-2016-8408</td> 1831 <td>A-31496571* 1832 <br>N-CVE-2016-8408</td> 1833 <td></td> 1834 <td>Nexus 9</td> 1835 <td>2016 9 13 </td> 1836 </tr> 1837 <tr> 1838 <td>CVE-2016-8409</td> 1839 <td>A-31495687* 1840 <br>N-CVE-2016-8409</td> 1841 <td></td> 1842 <td>Nexus 9</td> 1843 <td>2016 9 13 </td> 1844 </tr> 1845 </table> 1846 <p>* Google <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> 1847 </p> 1848 1849 <h3 id="id-in-qualcomm-sound-driver">Qualcomm </h3> 1850 <p> 1851 Qualcomm 1852 </p> 1853 1854 <table> 1855 <col width="19%"> 1856 <col width="20%"> 1857 <col width="10%"> 1858 <col width="23%"> 1859 <col width="17%"> 1860 <tr> 1861 <th>CVE</th> 1862 <th></th> 1863 <th></th> 1864 <th> Google </th> 1865 <th></th> 1866 </tr> 1867 <tr> 1868 <td>CVE-2016-8410</td> 1869 <td>A-31498403<br> 1870 <a href="https://source.codeaurora.org/quic/la//kernel/msm-3.10/commit/?h=e2bbf665187a1f0a1248e4a088823cb182153ba9"> 1871 QC-CR#987010</a></td> 1872 <td></td> 1873 <td>Nexus 5XNexus 6Nexus 6PAndroid One</td> 1874 <td>Google </td> 1875 </tr> 1876 </table> 1877 1878 <h2 id="common-questions-and-answers"></h2> 1879 <p> 1880 </p> 1881 <p> 1882 <strong>1. 1883 </strong> 1884 </p> 1885 <p> 1886 <a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices">Pixel Nexus </a> 1887 </p> 1888 <ul> 1889 <li>2016 12 1 2016-12-01 </li> 1890 <li>2016 12 5 2016-12-05 </li> 1891 </ul> 1892 <p> 1893 1894 </p> 1895 <ul> 1896 <li>[ro.build.version.security_patch]:[2016-12-01]</li> 1897 <li>[ro.build.version.security_patch]:[2016-12-05]</li> 1898 </ul> 1899 <p> 1900 <strong>2. </strong> 1901 </p> 1902 <p> 1903 Android Android Android 1904 </p> 1905 <ul> 1906 <li> 2016 12 1 </li> 1907 <li> 2016 12 5 () </li> 1908 </ul> 1909 <p> 1910 1911 </p> 1912 <p> 1913 <strong>3. Google </strong> 1914 </p> 1915 <p> <a href="#2016-12-01-details">2016-12-01</a> <a href="#2016-12-05-details">2016-12-05</a> Google <em></em> Google </p> 1916 <ul> 1917 <li><strong> Google </strong> Pixel Google <em></em><a href="https://support.google.com/pixelphone/answer/4457705#pixel_phones&nexus_devices"></a>Nexus 5Nexus 5XNexus 6Nexus 6PNexus 7 (2013)Nexus 9Android OneNexus PlayerPixel CPixel Pixel XL</li> 1918 <li><strong> Google </strong> Google Google <em></em> Google </li> 1919 <li><strong> Google </strong> Android 7.0 Google Google <em></em></li> 1920 </ul> 1921 <p> 1922 <strong>4. </strong> 1923 </p> 1924 <p><em></em> 1925 </p> 1926 <table> 1927 <tr> 1928 <th></th> 1929 <th></th> 1930 </tr> 1931 <tr> 1932 <td>A-</td> 1933 <td>Android ID</td> 1934 </tr> 1935 <tr> 1936 <td>QC-</td> 1937 <td>Qualcomm </td> 1938 </tr> 1939 <tr> 1940 <td>M-</td> 1941 <td>MediaTek </td> 1942 </tr> 1943 <tr> 1944 <td>N-</td> 1945 <td>NVIDIA </td> 1946 </tr> 1947 <tr> 1948 <td>B-</td> 1949 <td>Broadcom </td> 1950 </tr> 1951 </table> 1952 <h2 id="revisions"></h2> 1953 <ul> 1954 <li>2016 12 5 </li> 1955 <li>2016 12 7 AOSP CVE-2016-6915CVE-2016-6916 CVE-2016-6917 </li> 1956 </ul> 1957 1958 </body> 1959 </html> 1960