diff options
Diffstat (limited to 'src/security/bulletin/2016-07-01.jd')
-rw-r--r-- | src/security/bulletin/2016-07-01.jd | 2920 |
1 files changed, 2920 insertions, 0 deletions
diff --git a/src/security/bulletin/2016-07-01.jd b/src/security/bulletin/2016-07-01.jd new file mode 100644 index 00000000..716d1a5e --- /dev/null +++ b/src/security/bulletin/2016-07-01.jd @@ -0,0 +1,2920 @@ +page.title=Android Security Bulletin—July 2016 +@jd:body + +<!-- + Copyright 2016 The Android Open Source Project + + Licensed under the Apache License, Version 2.0 (the "License"); + you may not use this file except in compliance with the License. + You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + + Unless required by applicable law or agreed to in writing, software + distributed under the License is distributed on an "AS IS" BASIS, + WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + See the License for the specific language governing permissions and + limitations under the License. +--> + +<p><em>Published July 06, 2016 | Updated July 07, 2016</em></p> +<p>The Android Security Bulletin contains details of security vulnerabilities +affecting Android devices. Alongside the bulletin, we have released a security +update to Nexus devices through an over-the-air (OTA) update. The Nexus firmware +images have also been released to the <a +href="https://developers.google.com/android/nexus/images">Google Developer +site</a>. Security patch levels of July 05, 2016 or later address all applicable +issues in this bulletin. Refer to the <a +href="https://support.google.com/nexus/answer/4457705#nexus_devices">documentation</a> +to learn how to check the security patch level.</p> +<p> +Partners were notified about the issues described in the bulletin on June 06, +2016 or earlier. Where applicable, source code patches for these issues have +been released to the Android Open Source Project (AOSP) repository. +This bulletin also includes links to patches outside of AOSP.</p> + +<p>The most severe of these issues is a Critical security vulnerability that could +enable remote code execution on an affected device through multiple methods such +as email, web browsing, and MMS when processing media files.</p> +<p>We have had no reports of active customer exploitation or abuse of these newly +reported issues. Refer to the <a href="mitigations">Android and Google service mitigations</a> +section for details on the +<a href="{@docRoot}security/enhancements/index.html">Android +security platform protections</a> and service protections such as SafetyNet, +which improve the security of the Android platform.</p> +<p>We encourage all customers to accept these updates to their devices.</p> +<h2 id="announcements">Announcements</h2> +<ul> + <li>This bulletin defines two security patch level strings to provide Android + partners with the flexibility to move more quickly to fix a subset of + vulnerabilities that are similar across all Android devices. See + <a href="#common-questions-and-answers">Common questions and answers</a> + for additional information: + <ul> + <li><strong>2016-07-01</strong>: Partial security patch level string. This + security patch level string indicates that all issues associated with + 2016-07-01 are addressed. + <li><strong>2016-07-05</strong>: Complete security patch level string. This + security patch level string indicates that all issues associated with + 2016-07-01 and 2016-07-05 are addressed.</li> + </ul> + </li> + <li>Supported Nexus devices will be receiving a single OTA update with the + July 05, 2016 security patch level.</li> + </ul> +<h2 id="security_vulnerability_summary">Security vulnerability summary</h2> +<p>The tables below contain a list of security vulnerabilities, the Common +Vulnerability and Exposures ID (CVE), the assessed severity, and whether or not +Nexus devices are affected. The <a +href="{@docRoot}security/overview/updates-resources.html#severity">severity +assessment</a> is based on the effect that exploiting the vulnerability would +possibly have on an affected device, assuming the platform and service +mitigations are disabled for development purposes or if successfully bypassed.</p> + +<h3 id="2016-07-01_summary">2016-07-01 security patch level—Vulnerability summary</h3> +<p> +Security patch levels of 2016-07-01 or later must address the following issues.</p> + +<table> + <col width="55%"> + <col width="20%"> + <col width="13%"> + <col width="12%"> + <tr> + <th>Issue</th> + <th>CVE</th> + <th>Severity</th> + <th>Affects Nexus?</th> + </tr> + <tr> + <td>Remote code execution vulnerability in Mediaserver</td> + <td>CVE-2016-2506, CVE-2016-2505, CVE-2016-2507, CVE-2016-2508, + CVE-2016-3741, CVE-2016-3742, CVE-2016-3743</td> + <td>Critical</td> + <td>Yes</td> + </tr> + <tr> + <td>Remote code execution vulnerability in OpenSSL & BoringSSL</td> + <td>CVE-2016-2108</td> + <td>Critical</td> + <td>Yes</td> + </tr> + <tr> + <td>Remote code execution vulnerability in Bluetooth</td> + <td>CVE-2016-3744</td> + <td>High</td> + <td>Yes</td> + </tr> + <tr> + <td>Elevation of privilege vulnerability in libpng</td> + <td>CVE-2016-3751</td> + <td>High</td> + <td>Yes</td> + </tr> + <tr> + <td>Elevation of privilege vulnerability in Mediaserver</td> + <td>CVE-2016-3745, CVE-2016-3746, CVE-2016-3747</td> + <td>High</td> + <td>Yes</td> + </tr> + <tr> + <td>Elevation of privilege vulnerability in sockets</td> + <td>CVE-2016-3748</td> + <td>High</td> + <td>Yes</td> + </tr> + <tr> + <td>Elevation of privilege vulnerability in LockSettingsService</td> + <td>CVE-2016-3749</td> + <td>High</td> + <td>Yes</td> + </tr> + <tr> + <td>Elevation of privilege vulnerability in Framework APIs</td> + <td>CVE-2016-3750</td> + <td>High</td> + <td>Yes</td> + </tr> + <tr> + <td>Elevation of privilege vulnerability in ChooserTarget service</td> + <td>CVE-2016-3752</td> + <td>High</td> + <td>Yes</td> + </tr> + <tr> + <td>Information disclosure vulnerability in Mediaserver</td> + <td>CVE-2016-3753</td> + <td>High</td> + <td>No*</td> + </tr> + <tr> + <td>Information disclosure vulnerability in OpenSSL</td> + <td>CVE-2016-2107</td> + <td>High</td> + <td>No*</td> + </tr> + <tr> + <td>Denial of service vulnerability in Mediaserver</td> + <td>CVE-2016-3754, CVE-2016-3755, CVE-2016-3756</td> + <td>High</td> + <td>Yes</td> + </tr> + <tr> + <td>Denial of service vulnerability in libc</td> + <td>CVE-2016-3818</td> + <td>High</td> + <td>No*</td> + </tr> + <tr> + <td>Elevation of privilege vulnerability in lsof</td> + <td>CVE-2016-3757</td> + <td>Moderate</td> + <td>Yes</td> + </tr> + <tr> + <td>Elevation of privilege vulnerability in DexClassLoader</td> + <td>CVE-2016-3758</td> + <td>Moderate</td> + <td>Yes</td> + </tr> + <tr> + <td>Elevation of privilege vulnerability in Framework APIs</td> + <td>CVE-2016-3759</td> + <td>Moderate</td> + <td>Yes</td> + </tr> + <tr> + <td>Elevation of privilege vulnerability in Bluetooth</td> + <td>CVE-2016-3760</td> + <td>Moderate</td> + <td>Yes</td> + </tr> + <tr> + <td>Elevation of privilege vulnerability in NFC</td> + <td>CVE-2016-3761</td> + <td>Moderate</td> + <td>Yes</td> + </tr> + <tr> + <td>Elevation of privilege vulnerability in sockets</td> + <td>CVE-2016-3762</td> + <td>Moderate</td> + <td>Yes</td> + </tr> + <tr> + <td>Information disclosure vulnerability in Proxy Auto-Config</td> + <td>CVE-2016-3763</td> + <td>Moderate</td> + <td>Yes</td> + </tr> + <tr> + <td>Information disclosure vulnerability in Mediaserver</td> + <td>CVE-2016-3764, CVE-2016-3765</td> + <td>Moderate</td> + <td>Yes</td> + </tr> + <tr> + <td>Denial of service vulnerability in Mediaserver</td> + <td>CVE-2016-3766</td> + <td>Moderate</td> + <td>Yes</td> + </tr> +</table> +<p>* Supported Nexus devices that have installed all available updates are not +affected by this vulnerability.</p> + + +<h3 id="2016-07-05_summary">2016-07-05 security patch level—Vulnerability summary</h3> +<p> +Security patch levels of 2016-07-05 or later must address all of the 2016-07-01 +issues as well as the following issues.</p> + +<table> + <col width="55%"> + <col width="20%"> + <col width="13%"> + <col width="12%"> + <tr> + <th>Issue</th> + <th>CVE</th> + <th>Severity</th> + <th>Affects Nexus?</th> + </tr> + <tr> + <td>Elevation of privilege vulnerability in Qualcomm GPU driver (Device + specific)</td> + <td>CVE-2016-2503, CVE-2016-2067</td> + <td>Critical</td> + <td>Yes</td> + </tr> + <tr> + <td>Elevation of privilege vulnerability in MediaTek Wi-Fi driver (Device + specific)</td> + <td>CVE-2016-3767</td> + <td>Critical</td> + <td>Yes</td> + </tr> + <tr> + <td>Elevation of privilege vulnerability in Qualcomm performance component + (Device specific)</td> + <td>CVE-2016-3768</td> + <td>Critical</td> + <td>Yes</td> + </tr> + <tr> + <td>Elevation of privilege vulnerability in NVIDIA video driver (Device + specific)</td> + <td>CVE-2016-3769</td> + <td>Critical</td> + <td>Yes</td> + </tr> + <tr> + <td>Elevation of privilege vulnerability in MediaTek drivers (Device + specific)</td> + <td>CVE-2016-3770, CVE-2016-3771, CVE-2016-3772, CVE-2016-3773, + CVE-2016-3774</td> + <td>Critical</td> + <td>Yes</td> + </tr> + <tr> + <td>Elevation of privilege vulnerability in kernel file system (Device + specific)</td> + <td>CVE-2016-3775</td> + <td>Critical</td> + <td>Yes</td> + </tr> + <tr> + <td>Elevation of privilege vulnerability in USB driver (Device specific)</td> + <td>CVE-2015-8816</td> + <td>Critical</td> + <td>Yes</td> + </tr> + <tr> + <td>Elevation of privilege vulnerability in Qualcomm components (Device + specific)</td> + <td>CVE-2014-9794, CVE-2014-9795, CVE-2015-8892, CVE-2013-7457, CVE-2014-9781, + CVE-2014-9786, CVE-2014-9788, CVE-2014-9779, CVE-2014-9780, CVE-2014-9789, + CVE-2014-9793, CVE-2014-9782, CVE-2014-9783, CVE-2014-9785, CVE-2014-9787, + CVE-2014-9784, CVE-2014-9777, CVE-2014-9778, CVE-2014-9790, CVE-2014-9792, + CVE-2014-9797, CVE-2014-9791, CVE-2014-9796, CVE-2014-9800, CVE-2014-9799, + CVE-2014-9801, CVE-2014-9802, CVE-2015-8891, CVE-2015-8888, CVE-2015-8889, + CVE-2015-8890</td> + <td>High</td> + <td>Yes</td> + </tr> + <tr> + <td>Elevation of privilege vulnerability in Qualcomm USB driver (Device + specific)</td> + <td>CVE-2016-2502</td> + <td>High</td> + <td>Yes</td> + </tr> + <tr> + <td>Elevation of privilege vulnerability in Qualcomm Wi-Fi driver (Device + specific)</td> + <td>CVE-2016-3792</td> + <td>High</td> + <td>Yes</td> + </tr> + <tr> + <td>Elevation of privilege vulnerability in Qualcomm camera driver (Device + specific)</td> + <td>CVE-2016-2501</td> + <td>High</td> + <td>Yes</td> + </tr> + <tr> + <td>Elevation of privilege vulnerability in NVIDIA camera driver (Device + specific)</td> + <td>CVE-2016-3793</td> + <td>High</td> + <td>Yes</td> + </tr> + <tr> + <td>Elevation of privilege vulnerability in MediaTek power driver (Device + specific)</td> + <td>CVE-2016-3795, CVE-2016-3796</td> + <td>High</td> + <td>Yes</td> + </tr> + <tr> + <td>Elevation of privilege vulnerability in Qualcomm Wi-Fi driver (Device + specific)</td> + <td>CVE-2016-3797</td> + <td>High</td> + <td>Yes</td> + </tr> + <tr> + <td>Elevation of privilege vulnerability in MediaTek hardware sensor driver + (Device specific)</td> + <td>CVE-2016-3798</td> + <td>High</td> + <td>Yes</td> + </tr> + <tr> + <td>Elevation of privilege vulnerability in MediaTek video driver (Device + specific)</td> + <td>CVE-2016-3799, CVE-2016-3800</td> + <td>High</td> + <td>Yes</td> + </tr> + <tr> + <td>Elevation of privilege vulnerability in MediaTek GPS driver (Device + specific)</td> + <td>CVE-2016-3801</td> + <td>High</td> + <td>Yes</td> + </tr> + <tr> + <td>Elevation of privilege vulnerability in kernel file system (Device + specific)</td> + <td>CVE-2016-3802, CVE-2016-3803</td> + <td>High</td> + <td>Yes</td> + </tr> + <tr> + <td>Elevation of privilege vulnerability in MediaTek power management + driver (Device specific)</td> + <td>CVE-2016-3804, CVE-2016-3805</td> + <td>High</td> + <td>Yes</td> + </tr> + <tr> + <td>Elevation of privilege vulnerability in MediaTek display driver (Device + specific)</td> + <td>CVE-2016-3806</td> + <td>High</td> + <td>Yes</td> + </tr> + <tr> + <td>Elevation of privilege vulnerability in serial peripheral interface + driver (Device specific)</td> + <td>CVE-2016-3807, CVE-2016-3808</td> + <td>High</td> + <td>Yes</td> + </tr> + <tr> + <td>Elevation of privilege vulnerability in Qualcomm sound driver (Device + specific)</td> + <td>CVE-2016-2068</td> + <td>High</td> + <td>Yes</td> + </tr> + <tr> + <td>Elevation of privilege vulnerability in kernel (Device specific)</td> + <td>CVE-2014-9803</td> + <td>High</td> + <td>Yes</td> + </tr> + <tr> + <td>Information disclosure vulnerability in networking component (Device + specific)</td> + <td>CVE-2016-3809</td> + <td>High</td> + <td>Yes</td> + </tr> + <tr> + <td>Information disclosure vulnerability in MediaTek Wi-Fi driver (Device + specific)</td> + <td>CVE-2016-3810</td> + <td>High</td> + <td>Yes</td> + </tr> + <tr> + <td>Elevation of privilege vulnerability in kernel video driver (Device + specific)</td> + <td>CVE-2016-3811</td> + <td>Moderate</td> + <td>Yes</td> + </tr> + <tr> + <td>Information disclosure vulnerability in MediaTek video codec driver + (Device specific)</td> + <td>CVE-2016-3812</td> + <td>Moderate</td> + <td>Yes</td> + </tr> + <tr> + <td>Information disclosure vulnerability in Qualcomm USB driver (Device + specific)</td> + <td>CVE-2016-3813</td> + <td>Moderate</td> + <td>Yes</td> + </tr> + <tr> + <td>Information disclosure vulnerability in NVIDIA camera driver (Device + specific)</td> + <td>CVE-2016-3814, CVE-2016-3815</td> + <td>Moderate</td> + <td>Yes</td> + </tr> + <tr> + <td>Information disclosure vulnerability in MediaTek display driver (Device + specific)</td> + <td>CVE-2016-3816</td> + <td>Moderate</td> + <td>Yes</td> + </tr> + <tr> + <td>Information disclosure vulnerability in kernel teletype driver (Device + specific)</td> + <td>CVE-2016-0723</td> + <td>Moderate</td> + <td>Yes</td> + </tr> + <tr> + <td>Denial of service vulnerability in Qualcomm bootloader (Device + specific)</td> + <td>CVE-2014-9798, CVE-2015-8893</td> + <td>Moderate</td> + <td>Yes</td> + </tr> +</table> + +<h2 id="mitigations">Android and Google service mitigations</h2> +<p>This is a summary of the mitigations provided by the <a +href="{@docRoot}security/enhancements/index.html">Android +security platform</a> and service protections such as SafetyNet. These +capabilities reduce the likelihood that security vulnerabilities could be +successfully exploited on Android.</p> +<ul> + <li>Exploitation for many issues on Android is made more difficult by + enhancements in newer versions of the Android platform. We encourage all users + to update to the latest version of Android where possible.</li> + <li>The Android Security team actively monitors for abuse with + <a href="{@docRoot}security/reports/Google_Android_Security_2015_Report_Final.pdf"> + Verify Apps and SafetyNet</a>, which are designed to warn users about + <a href="{@docRoot}security/reports/Google_Android_Security_PHA_classifications.pdf"> + Potentially Harmful Applications</a>. Verify Apps is enabled by default on devices with + <a href="http://www.android.com/gms">Google Mobile Services</a>, and is especially + important for users who install applications from outside of Google Play. Device + rooting tools are prohibited within Google Play, but Verify Apps warns users + when they attempt to install a detected rooting application—no matter where it + comes from. Additionally, Verify Apps attempts to identify and block + installation of known malicious applications that exploit a privilege escalation + vulnerability. If such an application has already been installed, Verify Apps + will notify the user and attempt to remove the detected application.</li> + <li>As appropriate, Google Hangouts and Messenger applications do not + automatically pass media to processes such as Mediaserver.</li> +</ul> + +<h2 id="acknowledgements">Acknowledgements</h2> +<p>We would like to thank these researchers for their contributions:</p> +<ul> + <li>Abhishek Arya, Oliver Chang, and Martin Barbella of Google Chrome Security + Team: CVE-2016-3756, CVE-2016-3741, CVE-2016-3743, CVE-2016-3742 + <li>Adam Powell of Google: CVE-2016-3752 + <li>Alex Chapman and Paul Stone of Context Information Security: CVE-2016-3763 + <li>Andy Tyler (<a href="https://twitter.com/ticarpi">@ticarpi</a>) of + <a href="https://www.e2e-assure.com/">e2e-assure</a>: CVE-2016-2457 + <li>Ben Hawkes of Google Project Zero: CVE-2016-3775 + <li>Chiachih Wu (<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>), + Yuan-Tsung Lo (<a href="mailto:computernik@gmail.com">computernik@gmail.com</a>), + and Xuxian Jiang of <a href="http://c0reteam.org">C0RE Team</a>: CVE-2016-3770, + CVE-2016-3771, CVE-2016-3772, CVE-2016-3773, CVE-2016-3774 + <li>Christopher Tate of Google: CVE-2016-3759 + <li>Di Shen (<a href="https://twitter.com/returnsme">@returnsme</a>) of KeenLab + (<a href="https://twitter.com/keen_lab">@keen_lab</a>), Tencent: CVE-2016-3762 + <li>Gengjia Chen (<a href="https://twitter.com/chengjia4574">@chengjia4574</a>), + pjf (<a href="http://weibo.com/jfpan">weibo.com/jfpan</a>) of IceSword Lab, + <a href="http://www.360.com">Qihoo 360 Technology Co. Ltd.</a>: CVE-2016-3806, + CVE-2016-3816, CVE-2016-3805, CVE-2016-3804, CVE-2016-3767, CVE-2016-3810, + CVE-2016-3795, CVE-2016-3796 + <li>Greg Kaiser of Google Android Team: CVE-2016-3758 + <li>Guang Gong (龚广) (<a href="https://twitter.com/oldfresher">@oldfresher</a>) + of Mobile Safe Team, <a href="http://www.360.com">Qihoo 360 Technology Co. + Ltd</a>.: CVE-2016-3764 + <li>Hao Chen and Guang Gong of Mobile Safe Team, <a href="http://www.360.com"> + Qihoo 360 Technology Co. Ltd</a>.: CVE-2016-3792, CVE-2016-3768 + <li>Hao Qin of Security Research Lab, <a href="http://www.cmcm.com">Cheetah + Mobile</a>: CVE-2016-3754, CVE-2016-3766 + <li>Jianqiang Zhao (<a href="https://twitter.com/jianqiangzhao">@jianqiangzhao</a>) + and pjf (<a href="http://weibo.com/jfpan">weibo.com/jfpan</a>) of IceSword Lab, + <a href="http://www.360.com">Qihoo 360 Technology Co. Ltd</a>: CVE-2016-3814, + CVE-2016-3802, CVE-2016-3769, CVE-2016-3807, CVE-2016-3808 + <li>Marco Nelissen of Google: CVE-2016-3818, CVE-2016-3750 + <li>Mark Brand of Google Project Zero: CVE-2016-3757 + <li>Mingjian Zhou (<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>), + Chiachih Wu (<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>), and + Xuxian Jiang of <a href="http://c0reteam.org">C0RE Team</a>: CVE-2016-3747, + CVE-2016-3746, CVE-2016-3765 + <li>Peng Xiao, Chengming Yang, Ning You, Chao Yang, and Yang Ssong of Alibaba + Mobile Security Group: CVE-2016-3800, CVE-2016-3799, CVE-2016-3801, + CVE-2016-3812, CVE-2016-3798 + <li>Peter Pi (<a href="https://twitter.com/heisecode">@heisecode</a>) of Trend + Micro: CVE-2016-3793 + <li>Ricky Wai of Google: CVE-2016-3749 + <li>Roeland Krak: CVE-2016-3753 + <li>Scott Bauer (<a href="https://twitter.com/ScottyBauer1">@ScottyBauer1</a>): + CVE-2016-3797, CVE-2016-3813, CVE-2016-3815, CVE-2016-2501, CVE-2016-2502 + <li>Vasily Vasilev: CVE-2016-2507 + <li>Weichao Sun (<a href="https://twitter.com/sunblate">@sunblate</a>) of + Alibaba Inc.: CVE-2016-2508, CVE-2016-3755 + <li>Wen Niu (<a href="https://twitter.com/NWMonster">@NWMonster</a>) of KeenLab + (<a href="https://twitter.com/keen_lab">@keen_lab</a>), Tencent: CVE-2016-3809 + <li>Xiling Gong of Tencent Security Platform Department: CVE-2016-3745 + <li>Yacong Gu of TCA Lab, Institute of Software, Chinese Academy of Sciences: + CVE-2016-3761 + <li>Yongke Wang (<a href="https://twitter.com/Rudykewang">@Rudykewang</a>) of + Xuanwu LAB, Tencent: CVE-2016-2505 + <li>Yongke Wang (<a href="https://twitter.com/Rudykewang">@Rudykewang</a>) and + Wei Wei (<a href="https://twitter.com/Danny__Wei">@Danny__Wei</a>) of Xuanwu + LAB, Tencent: CVE-2016-2506 + <li>Yulong Zhang and Tao (Lenx) Wei of Baidu X-Lab: CVE-2016-3744</li> +</ul> + +<h2 id="2016-07-01_details">2016-07-01 security patch level—Security vulnerability details</h2> +<p>In the sections below, we provide details for each of the security +vulnerabilities listed in the <a href="#2016-07-01_summary">2016-07-01 security patch level—Vulnerability +summary</a> above. There is a description of the issue, a severity rationale, and a +table with the CVE, associated references, severity, updated Nexus devices, +updated AOSP versions (where applicable), and date reported. When available, we +will link the public change that addressed the issue to the bug ID, like the +AOSP change list. When multiple changes relate to a single bug, additional +references are linked to numbers following the bug ID.</p> + +<h3 id="remote-code-execution-vulnerability-in-mediaserver"> +Remote code execution vulnerability in Mediaserver</h3> +<p>A remote code execution vulnerability in Mediaserver could enable an attacker +using a specially crafted file to cause memory corruption during media file and +data processing. This issue is rated as Critical due to the possibility of +remote code execution within the context of the Mediaserver process. The +Mediaserver process has access to audio and video streams, as well as access to +privileges that third-party apps could not normally access.</p> +<p>The affected functionality is provided as a core part of the operating system +and there are multiple applications that allow it to be reached with remote +content, most notably MMS and browser playback of media.</p> + +<table> + <col width="19%"> + <col width="19%"> + <col width="10%"> + <col width="16%"> + <col width="17%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Nexus devices</th> + <th>Updated AOSP versions</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2016-2506</td> + <td><a href="https://android.googlesource.com/platform/frameworks/av/+/e248db02fbab2ee9162940bc19f087fd7d96cb9d"> + A-28175045</a></td> + <td>Critical</td> + <td><a href="#all_nexus">All Nexus</a></td> + <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> + <td>Apr 11, 2016</td> + </tr> + <tr> + <td>CVE-2016-2505</td> + <td><a href="https://android.googlesource.com/platform/frameworks/av/+/4f236c532039a61f0cf681d2e3c6e022911bbb5c"> + A-28333006</a></td> + <td>Critical</td> + <td><a href="#all_nexus">All Nexus</a></td> + <td>6.0, 6.0.1</td> + <td>Apr 21, 2016</td> + </tr> + <tr> + <td>CVE-2016-2507</td> + <td><a href="https://android.googlesource.com/platform/frameworks/av/+/60547808ca4e9cfac50028c00c58a6ceb2319301"> + A-28532266</a></td> + <td>Critical</td> + <td><a href="#all_nexus">All Nexus</a></td> + <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> + <td>May 2, 2016</td> + </tr> + <tr> + <td>CVE-2016-2508</td> + <td><a href="https://android.googlesource.com/platform/frameworks/av/+/f81038006b4c59a5a148dcad887371206033c28f"> + A-28799341</a> + [<a href="https://android.googlesource.com/platform/frameworks/av/+/d112f7d0c1dbaf0368365885becb11ca8d3f13a4">2</a>] + </td> + <td>Critical</td> + <td><a href="#all_nexus">All Nexus</a></td> + <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> + <td>May 16, 2016</td> + </tr> + <tr> + <td>CVE-2016-3741</td> + <td><a href="https://android.googlesource.com/platform/external/libavc/+/e629194c62a9a129ce378e08cb1059a8a53f1795"> + A-28165661</a> + [<a href="https://android.googlesource.com/platform/external/libavc/+/cc676ebd95247646e67907ccab150fb77a847335">2</a>] + </td> + <td>Critical</td> + <td><a href="#all_nexus">All Nexus</a></td> + <td>6.0, 6.0.1</td> + <td>Google internal</td> + </tr> + <tr> + <td>CVE-2016-3742</td> + <td><a href="https://android.googlesource.com/platform/external/libavc/+/a583270e1c96d307469c83dc42bd3c5f1b9ef63f"> + A-28165659</a> + </td> + <td>Critical</td> + <td><a href="#all_nexus">All Nexus</a></td> + <td>6.0, 6.0.1</td> + <td>Google internal</td> + </tr> + <tr> + <td>CVE-2016-3743</td> + <td><a href="https://android.googlesource.com/platform/external/libavc/+/ecf6c7ce6d5a22d52160698aab44fc234c63291a"> + A-27907656</a> + </td> + <td>Critical</td> + <td><a href="#all_nexus">All Nexus</a></td> + <td>6.0, 6.0.1</td> + <td>Google internal</td> + </tr> +</table> + + +<h3 id="remote-code-execution-vulnerability-in-openssl-&-boringssl"> +Remote code execution vulnerability in OpenSSL & BoringSSL</h3> +<p>A remote code execution vulnerability in OpenSSL and BoringSSL could enable an +attacker using a specially crafted file to cause memory corruption during file +and data processing. This issue is rated as Critical due to the possibility of +remote code execution within the context of an affected process.</p> + +<table> + <col width="19%"> + <col width="16%"> + <col width="10%"> + <col width="19%"> + <col width="18%"> + <col width="16%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Nexus devices</th> + <th>Updated AOSP versions</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2016-2108</td> + <td><a href="https://android.googlesource.com/platform/external/boringssl/+/74750e1fb24149043a533497f79c577b704d6e30"> + A-28175332</a> + </td> + <td>Critical</td> + <td><a href="#all_nexus">All Nexus</a></td> + <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> + <td>May 3, 2016</td> + </tr> +</table> + +<h3 id="remote-code-execution-vulnerability-in-bluetooth"> +Remote code execution vulnerability in Bluetooth</h3> +<p>A remote code execution vulnerability in Bluetooth could allow a proximal +attacker to execute arbitrary code during the pairing process. This issue is +rated as High due to the possibility of remote code execution during the +initialization of a Bluetooth device.</p> + +<table> + <col width="19%"> + <col width="16%"> + <col width="10%"> + <col width="19%"> + <col width="18%"> + <col width="16%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Nexus devices</th> + <th>Updated AOSP versions</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2016-3744</td> + <td><a href="https://android.googlesource.com/platform/system/bt/+/514139f4b40cbb035bb92f3e24d5a389d75db9e6"> + A-27930580</a></td> + <td>High</td> + <td><a href="#all_nexus">All Nexus</a></td> + <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> + <td>Mar 30, 2016</td> + </tr> +</table> + +<h3 id="elevation-of-privilege-vulnerability-in-libpng"> +Elevation of privilege vulnerability in libpng</h3> +<p>An elevation of privilege vulnerability in libpng could enable a local malicious +application to execute arbitrary code within the context of an elevated system +application. This issue is rated as High because it could be used to gain local +access to elevated capabilities, such as +<a href="https://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> +or <a href="https://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> +permissions privileges, which are not accessible to a third-party application.</p> + +<table> + <col width="19%"> + <col width="16%"> + <col width="10%"> + <col width="19%"> + <col width="18%"> + <col width="16%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Nexus devices</th> + <th>Updated AOSP versions</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2016-3751</td> + <td><a href="https://android.googlesource.com/platform/external/libpng/+/9d4853418ab2f754c2b63e091c29c5529b8b86ca"> + A-23265085</a> + </td> + <td>High</td> + <td><a href="#all_nexus">All Nexus</a></td> + <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> + <td>Dec 3, 2015</td> + </tr> +</table> + +<h3 id="elevation-of-privilege-vulnerability-in-mediaserver"> +Elevation of privilege vulnerability in Mediaserver</h3> +<p>An elevation of privilege vulnerability in Mediaserver could enable a local +malicious application to execute arbitrary code within the context of an +elevated system application. This issue is rated as High because it could be +used to gain local access to elevated capabilities, such as +<a href="https://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> +or <a href="https://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> +permissions privileges, which are not accessible to a third-party application.</p> + +<table> + <col width="19%"> + <col width="16%"> + <col width="10%"> + <col width="19%"> + <col width="18%"> + <col width="16%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Nexus devices</th> + <th>Updated AOSP versions</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2016-3745</td> + <td><a href="https://android.googlesource.com/platform/hardware/qcom/audio/+/073a80800f341325932c66818ce4302b312909a4"> + A-28173666</a> + </td> + <td>High</td> + <td><a href="#all_nexus">All Nexus</a></td> + <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> + <td>Apr 10, 2016</td> + </tr> + <tr> + <td>CVE-2016-3746</td> + <td><a href="https://android.googlesource.com/platform/hardware/qcom/media/+/5b82f4f90c3d531313714df4b936f92fb0ff15cf"> + A-27890802</a> + </td> + <td>High</td> + <td><a href="#all_nexus">All Nexus</a></td> + <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> + <td>Mar 27, 2016</td> + </tr> + <tr> + <td>CVE-2016-3747</td> + <td><a href="https://android.googlesource.com/platform/hardware/qcom/media/+/4ed06d14080d8667d5be14eed200e378cba78345"> + A-27903498</a> + </td> + <td>High</td> + <td><a href="#all_nexus">All Nexus</a></td> + <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> + <td>Mar 28, 2016</td> + </tr> +</table> + +<h3 id="elevation-of-privilege-vulnerability-in-sockets"> +Elevation of privilege vulnerability in sockets</h3> +<p>An elevation of privilege vulnerability in sockets could enable a local +malicious application to access system calls outside of its permissions level. +This issue is rated as High because it could permit a bypass of security +measures in place to increase the difficulty of attackers exploiting the +platform.</p> + +<table> + <col width="19%"> + <col width="16%"> + <col width="10%"> + <col width="19%"> + <col width="18%"> + <col width="16%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Nexus devices</th> + <th>Updated AOSP versions</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2016-3748</td> + <td><a href="https://android.googlesource.com/platform/external/sepolicy/+/556bb0f55324e8839d7b735a0de9bc31028e839e"> + A-28171804</a> + </td> + <td>High</td> + <td><a href="#all_nexus">All Nexus</a></td> + <td>6.0, 6.0.1</td> + <td>Apr 13, 2016</td> + </tr> +</table> + +<h3 id="elevation-of-privilege-vulnerability-in-locksettingsservice"> +Elevation of privilege vulnerability in LockSettingsService</h3> +<p>An elevation of privilege vulnerability in the LockSettingsService could enable +a malicious application to reset the screen lock password without authorization +from the user. This issue is rated as High because it is a local bypass of user +interaction requirements for any developer or security settings modifications.</p> + +<table> + <col width="19%"> + <col width="16%"> + <col width="10%"> + <col width="19%"> + <col width="17%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Nexus devices</th> + <th>Updated AOSP versions</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2016-3749</td> + <td><a href="https://android.googlesource.com/platform/frameworks/base/+/e83f0f6a5a6f35323f5367f99c8e287c440f33f5"> + A-28163930</a> + </td> + <td>High</td> + <td><a href="#all_nexus">All Nexus</a></td> + <td>6.0, 6.0.1</td> + <td>Google internal</td> + </tr> +</table> + +<h3 id="elevation-of-privilege-vulnerability-in-framework-apis"> +Elevation of privilege vulnerability in Framework APIs</h3> +<p>An elevation of privilege vulnerability in the Parcels Framework APIs could +enable a local malicious application to bypass operating system protections that +isolate application data from other applications. This issue is rated as High +because it could be used to gain access to data that the application does not +have access to.</p> + +<table> + <col width="19%"> + <col width="16%"> + <col width="10%"> + <col width="19%"> + <col width="17%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Nexus devices</th> + <th>Updated AOSP versions</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2016-3750</td> + <td><a href="https://android.googlesource.com/platform/frameworks/native/+/54cb02ad733fb71b1bdf78590428817fb780aff8"> + A-28395952</a> + </td> + <td>High</td> + <td><a href="#all_nexus">All Nexus</a></td> + <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> + <td>Google internal</td> + </tr> +</table> + +<h3 id="elevation-of-privilege-vulnerability-in-choosertarget-service"> +Elevation of privilege vulnerability in ChooserTarget service</h3> +<p>An elevation of privilege vulnerability in the ChooserTarget service could +enable a local malicious application to execute code in the context of another +application. This issue is rated High because it could be used to access +Activities belonging to another application without permission.</p> + +<table> + <col width="19%"> + <col width="16%"> + <col width="10%"> + <col width="19%"> + <col width="17%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Nexus devices</th> + <th>Updated AOSP versions</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2016-3752</td> + <td><a href="https://android.googlesource.com/platform/frameworks/base/+/ddbf2db5b946be8fdc45c7b0327bf560b2a06988"> + A-28384423</a> + </td> + <td>High</td> + <td><a href="#all_nexus">All Nexus</a></td> + <td>6.0, 6.0.1</td> + <td>Google internal</td> + </tr> +</table> + +<h3 id="information-disclosure-vulnerability-in-mediaserver"> +Information disclosure vulnerability in Mediaserver</h3> +<p>An information disclosure vulnerability in Mediaserver could enable a remote +attacker to access protected data normally only accessible to locally installed +apps that request permission. This issue is rated as High because it could be +used to access data without permission.</p> + +<table> + <col width="19%"> + <col width="16%"> + <col width="10%"> + <col width="19%"> + <col width="18%"> + <col width="16%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Nexus devices</th> + <th>Updated AOSP versions</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2016-3753</td> + <td>A-27210135</td> + <td>High</td> + <td>None*</td> + <td>4.4.4</td> + <td>Feb 15, 2016</td> + </tr> +</table> +<p>* Supported Nexus devices that have installed all available updates are not +affected by this vulnerability.</p> + +<h3 id="information-disclosure-vulnerability-in-openssl"> +Information disclosure vulnerability in OpenSSL</h3> +<p>An information disclosure vulnerability in OpenSSL could enable a remote +attacker to access protected data normally only accessible to locally installed +apps that request permission. This issue is rated as High because it could be +used to access data without permission.</p> + +<table> + <col width="19%"> + <col width="16%"> + <col width="10%"> + <col width="19%"> + <col width="18%"> + <col width="16%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Nexus devices</th> + <th>Updated AOSP versions</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2016-2107</td> + <td>A-28550804</td> + <td>High</td> + <td>None*</td> + <td>4.4.4, 5.0.2, 5.1.1</td> + <td>April 13, 2016</td> + </tr> +</table> +<p>* Supported Nexus devices that have installed all available updates are not +affected by this vulnerability.</p> + +<h3 id="denial-of-service-vulnerability-in-mediaserver"> +Denial of service vulnerability in Mediaserver</h3> +<p>A denial of service vulnerability in Mediaserver could enable an attacker to use +a specially crafted file to cause a device hang or reboot. This issue is rated +as High due to the possibility of a temporary remote denial of service.</p> + +<table> + <col width="19%"> + <col width="19%"> + <col width="10%"> + <col width="16%"> + <col width="17%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Nexus devices</th> + <th>Updated AOSP versions</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2016-3754</td> + <td><a href="https://android.googlesource.com/platform/frameworks/av/+/6fdee2a83432b3b150d6a34f231c4e2f7353c01e"> + A-28615448</a> + [<a href="https://android.googlesource.com/platform/frameworks/av/+/e7142a0703bc93f75e213e96ebc19000022afed9">2</a>] + </td> + <td>High</td> + <td><a href="#all_nexus">All Nexus</a></td> + <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> + <td>May 5, 2016</td> + </tr> + <tr> + <td>CVE-2016-3755</td> + <td><a href="https://android.googlesource.com/platform/external/libavc/+/d4841f1161bdb5e13cb19e81af42437a634dd6ef"> + A-28470138</a> + </td> + <td>High</td> + <td><a href="#all_nexus">All Nexus</a></td> + <td>6.0, 6.0.1</td> + <td>Apr 29, 2016</td> + </tr> + <tr> + <td>CVE-2016-3756</td> + <td><a href="https://android.googlesource.com/platform/external/tremolo/+/659030a2e80c38fb8da0a4eb68695349eec6778b"> + A-28556125</a> + </td> + <td>High</td> + <td><a href="#all_nexus">All Nexus</a></td> + <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> + <td>Google internal</td> + </tr> +</table> + +<h3 id="denial-of-service-vulnerability-in-libc"> +Denial of service vulnerability in libc</h3> +<p>A denial of service vulnerability in libc could enable an attacker to use a +specially crafted file to cause a device hang or reboot. This issue is rated as +High due to the possibility of remote denial of service.</p> + +<table> + <col width="19%"> + <col width="16%"> + <col width="10%"> + <col width="19%"> + <col width="17%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Nexus devices</th> + <th>Updated AOSP versions</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2016-3818</td> + <td>A-28740702</td> + <td>High</td> + <td>None*</td> + <td>4.4.4</td> + <td>Google internal</td> + </tr> +</table> +<p>* Supported Nexus devices that have installed all available updates are not +affected by this vulnerability.</p> + +<h3 id="elevation-of-privilege-vulnerability-in-lsof"> +Elevation of privilege vulnerability in lsof</h3> +<p>An elevation of privilege vulnerability in lsof could enable a local malicious +application to execute arbitrary code that could lead to a permanent device +compromise. This issue is rated as Moderate because it requires uncommon manual +steps.</p> + +<table> + <col width="19%"> + <col width="16%"> + <col width="10%"> + <col width="19%"> + <col width="18%"> + <col width="16%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Nexus devices</th> + <th>Updated AOSP versions</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2016-3757</td> + <td><a href="https://android.googlesource.com/platform/system/core/+/ae18eb014609948a40e22192b87b10efc680daa7"> + A-28175237</a> + </td> + <td>Moderate</td> + <td><a href="#all_nexus">All Nexus</a></td> + <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> + <td>Apr 11, 2016</td> + </tr> +</table> + +<h3 id="elevation-of-privilege-vulnerability-in-dexclassloader"> +Elevation of privilege vulnerability in DexClassLoader</h3> +<p>An elevation of privilege vulnerability in the DexClassLoader could enable a +local malicious application to execute arbitrary code within the context of a +privileged process. This issue is rated as Moderate because it requires uncommon +manual steps.</p> + +<table> + <col width="19%"> + <col width="16%"> + <col width="10%"> + <col width="19%"> + <col width="17%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Nexus devices</th> + <th>Updated AOSP versions</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2016-3758</td> + <td><a href="https://android.googlesource.com/platform/dalvik/+/338aeaf28e9981c15d0673b18487dba61eb5447c"> + A-27840771</a> + </td> + <td>Moderate</td> + <td><a href="#all_nexus">All Nexus</a></td> + <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> + <td>Google internal</td> + </tr> +</table> + +<h3 id="elevation-of-privilege-vulnerability-in-framework-apis-2"> +Elevation of privilege vulnerability in Framework APIs</h3> +<p>An elevation of privilege vulnerability in the Framework APIs could enable a +local malicious application to request backup permissions and intercept all +backup data. This issue is rated as Moderate because it requires specific +permissions to bypass operating system protections that isolate application data +from other applications.</p> + +<table> + <col width="19%"> + <col width="16%"> + <col width="10%"> + <col width="19%"> + <col width="17%"> + <col width="17%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Nexus devices</th> + <th>Updated AOSP versions</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2016-3759</td> + <td><a href="https://android.googlesource.com/platform/frameworks/base/+/9b8c6d2df35455ce9e67907edded1e4a2ecb9e28"> + A-28406080</a> + </td> + <td>Moderate</td> + <td><a href="#all_nexus">All Nexus</a></td> + <td>5.0.2, 5.1.1, 6.0, 6.0.1</td> + <td>Google internal</td> + </tr> +</table> + +<h3 id="elevation-of-privilege-vulnerability-in-bluetooth"> +Elevation of privilege vulnerability in Bluetooth</h3> +<p>An elevation of privilege vulnerability in the Bluetooth component could enable +a local attacker to add an authenticated Bluetooth device that persists for the +primary user. This issue is rated as Moderate because it could be used to gain +elevated capabilities without explicit user permission.</p> + +<table> + <col width="19%"> + <col width="16%"> + <col width="10%"> + <col width="19%"> + <col width="18%"> + <col width="16%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Nexus devices</th> + <th>Updated AOSP versions</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2016-3760</td> + <td><a href="https://android.googlesource.com/platform/hardware/libhardware/+/8b3d5a64c3c8d010ad4517f652731f09107ae9c5">A-27410683</a> +[<a href="https://android.googlesource.com/platform/system/bt/+/37c88107679d36c419572732b4af6e18bb2f7dce">2</a>] +[<a href="https://android.googlesource.com/platform/packages/apps/Bluetooth/+/122feb9a0b04290f55183ff2f0384c6c53756bd8">3</a>] + </td> + <td>Moderate</td> + <td><a href="#all_nexus">All Nexus</a></td> + <td>5.0.2, 5.1.1, 6.0, 6.0.1</td> + <td>Feb 29, 2016</td> + </tr> +</table> + +<h3 id="elevation-of-privilege-vulnerability-in-nfc"> +Elevation of privilege vulnerability in NFC</h3> +<p>An elevation of privilege vulnerability in NFC could enable a local malicious +background application to access information from a foreground application. This +issue is rated as Moderate because it could be used to gain elevated +capabilities without explicit user permission.</p> + +<table> + <col width="19%"> + <col width="16%"> + <col width="10%"> + <col width="19%"> + <col width="18%"> + <col width="16%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Nexus devices</th> + <th>Updated AOSP versions</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2016-3761</td> + <td><a href="https://android.googlesource.com/platform/packages/apps/Nfc/+/9ea802b5456a36f1115549b645b65c791eff3c2c"> + A-28300969</a> + </td> + <td>Moderate</td> + <td><a href="#all_nexus">All Nexus</a></td> + <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> + <td>Apr 20, 2016</td> + </tr> +</table> + +<h3 id="elevation-of-privilege-vulnerability-in-sockets-2"> +Elevation of privilege vulnerability in sockets</h3> +<p>An elevation of privilege vulnerability in sockets could enable a local +malicious application to gain access to certain uncommon socket types possibly +leading to arbitrary code execution within the context of the kernel. This issue +is rated as Moderate because it could permit a bypass of security measures in +place to increase the difficulty of attackers exploiting the platform.</p> + +<table> + <col width="19%"> + <col width="16%"> + <col width="10%"> + <col width="19%"> + <col width="18%"> + <col width="16%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Nexus devices</th> + <th>Updated AOSP versions</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2016-3762</td> + <td><a href="https://android.googlesource.com/platform/external/sepolicy/+/abf0663ed884af7bc880a05e9529e6671eb58f39"> + A-28612709</a> + </td> + <td>Moderate</td> + <td><a href="#all_nexus">All Nexus</a></td> + <td>5.0.2, 5.1.1, 6.0, 6.0.1</td> + <td>Apr 21, 2016</td> + </tr> +</table> + +<h3 id="information-disclosure-vulnerability-in-proxy-auto-config"> +Information disclosure vulnerability in Proxy Auto-Config</h3> +<p>An information disclosure vulnerability in the Proxy Auto-Config component could +allow an application to access sensitive information. This issue is rated +Moderate because it could be used to access data without permission.</p> + +<table> + <col width="19%"> + <col width="16%"> + <col width="10%"> + <col width="19%"> + <col width="18%"> + <col width="16%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Nexus devices</th> + <th>Updated AOSP versions</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2016-3763</td> + <td><a href="https://android.googlesource.com/platform/frameworks/base/+/ec2fc50d202d975447211012997fe425496c849c"> + A-27593919</a> + </td> + <td>Moderate</td> + <td><a href="#all_nexus">All Nexus</a></td> + <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> + <td>Mar 10, 2016</td> + </tr> +</table> + +<h3 id="information-disclosure-vulnerability-in-mediaserver-2"> +Information disclosure vulnerability in Mediaserver</h3> +<p>An information disclosure vulnerability in Mediaserver could allow a local +malicious application to access sensitive information. This issue is rated as +Moderate because it could be used to access data without permission.</p> + +<table> + <col width="19%"> + <col width="16%"> + <col width="10%"> + <col width="19%"> + <col width="18%"> + <col width="16%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Nexus devices</th> + <th>Updated AOSP versions</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2016-3764</td> + <td><a href="https://android.googlesource.com/platform/frameworks/av/+/daef4327fe0c75b0a90bb8627458feec7a301e1f"> + A-28377502</a> + </td> + <td>Moderate</td> + <td><a href="#all_nexus">All Nexus</a></td> + <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> + <td>Apr 25, 2016</td> + </tr> + <tr> + <td>CVE-2016-3765</td> + <td><a href="https://android.googlesource.com/platform/external/libmpeg2/+/d1c775d1d8d2ed117d1e026719b7f9f089716597"> + A-28168413</a> + </td> + <td>Moderate</td> + <td><a href="#all_nexus">All Nexus</a></td> + <td>6.0, 6.0.1</td> + <td>Apr 8, 2016</td> + </tr> +</table> + +<h3 id="denial-of-service-vulnerability-in-mediaserver-2"> +Denial of service vulnerability in Mediaserver</h3> +<p>A denial of service vulnerability in Mediaserver could enable an attacker to use +a specially crafted file to cause a device hang or reboot. This issue is rated +as Moderate due to the possibility of remote denial of service.</p> + +<table> + <col width="19%"> + <col width="16%"> + <col width="10%"> + <col width="19%"> + <col width="18%"> + <col width="16%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Nexus devices</th> + <th>Updated AOSP versions</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2016-3766</td> + <td><a href="https://android.googlesource.com/platform/frameworks/av/+/6fdee2a83432b3b150d6a34f231c4e2f7353c01e"> + A-28471206</a> + [<a href="https://android.googlesource.com/platform/frameworks/av/+/e7142a0703bc93f75e213e96ebc19000022afed9">2</a>] + </td> + <td>Moderate</td> + <td><a href="#all_nexus">All Nexus</a></td> + <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> + <td>Apr 29, 2016</td> + </tr> +</table> + +<h2 id="2016-07-05_details">2016-07-05 security patch level—Vulnerability details</h2> +<p>In the sections below, we provide details for each of the security +vulnerabilities listed in the <a href="2016-07-05_summary">2016-07-05 security patch level—Vulnerability +summary</a> above. There is a description of the issue, a severity rationale, and a +table with the CVE, associated references, severity, updated Nexus devices, +updated AOSP versions (where applicable), and date reported. When available, we +will link the public change that addressed the issue to the bug ID, like the +AOSP change list. When multiple changes relate to a single bug, additional +references are linked to numbers following the bug ID.</p> + +<h3 id="elevation-of-privilege-vulnerability-in-qualcomm-gpu-driver"> +Elevation of privilege vulnerability in Qualcomm GPU driver</h3> +<p>An elevation of privilege vulnerability in the Qualcomm GPU driver could enable +a local malicious application to execute arbitrary code within the context of +the kernel. This issue is rated as Critical due to the possibility of a local +permanent device compromise, which may require reflashing the operating system +to repair the device.</p> + +<table> + <col width="19%"> + <col width="16%"> + <col width="10%"> + <col width="27%"> + <col width="16%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Nexus devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2016-2503</td> + <td>A-28084795* + QC-CR1006067</td> + <td>Critical</td> + <td>Nexus 5X, Nexus 6P</td> + <td>Apr 5, 2016</td> + </tr> + <tr> + <td>CVE-2016-2067</td> + <td>A-28305757 + <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm-3.18/commit/?id=410cfa95f0a1cf58819cbfbd896f9aa45b004ac0"> + QC-CR988993</a></td> + <td>Critical</td> + <td>Nexus 5X, Nexus 6, Nexus 6P</td> + <td>Apr 20, 2016</td> + </tr> +</table> +<p>* The patch for this issue is not publicly available. The update is contained in +the latest binary drivers for Nexus devices available from the +<a href="https://developers.google.com/android/nexus/drivers">Google Developer site</a>.</p> + +<h3 id="elevation-of-privilege-vulnerability-in-mediatek-wi-fi-driver"> +Elevation of privilege vulnerability in MediaTek Wi-Fi driver</h3> +<p>An elevation of privilege vulnerability in the MediaTek Wi-Fi driver could +enable a local malicious application to execute arbitrary code within the +context of the kernel. This issue is rated as Critical due to the possibility of +a local permanent device compromise, which may require reflashing the operating +system to repair the device.</p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="16%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Nexus devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2016-3767</td> + <td>A-28169363* + <br>M-ALPS02689526</td> + <td>Critical</td> + <td>Android One</td> + <td>Apr 6, 2016</td> + </tr> +</table> +<p>* The patch for this issue is not publicly available. The update is contained in +the latest binary drivers for Nexus devices available from the +<a href="https://developers.google.com/android/nexus/drivers">Google Developer site</a>.</p> + +<h3 +id="elevation-of-privilege-vulnerability-in-qualcomm-performance-component"> +Elevation of privilege vulnerability in Qualcomm performance component</h3> +<p>An elevation of privilege vulnerability in the Qualcomm performance component +could enable a local malicious application to execute arbitrary code within the +context of the kernel. This issue is rated as Critical severity due to the +possibility of a local permanent device compromise, which may require reflashing +the operating system to repair the device.</p> + +<table> + <col width="19%"> + <col width="16%"> + <col width="10%"> + <col width="27%"> + <col width="16%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Nexus devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2016-3768</td> + <td>A-28172137* + QC-CR1010644</td> + <td>Critical</td> + <td>Nexus 5, Nexus 6, Nexus 5X, Nexus 6P, Nexus 7 (2013)</td> + <td>Apr 9, 2016</td> + </tr> +</table> +<p>* The patch for this issue is not publicly available. The update is contained in +the latest binary drivers for Nexus devices available from the +<a href="https://developers.google.com/android/nexus/drivers">Google Developer site</a>.</p> + +<h3 id="elevation-of-privilege-vulnerability-in-nvidia-video-driver"> +Elevation of privilege vulnerability in NVIDIA video driver</h3> +<p>An elevation of privilege vulnerability in the NVIDIA video driver could enable +a local malicious application to execute arbitrary code within the context of +the kernel. This issue is rated as Critical due to the possibility of a local +permanent device compromise, which may require reflashing the operating system +to repair the device.</p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="16%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Nexus devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2016-3769</td> + <td>A-28376656*<br> + N-CVE20163769</td> + <td>Critical</td> + <td>Nexus 9</td> + <td>Apr 18, 2016</td> + </tr> +</table> +<p>* The patch for this issue is not publicly available. The update is contained in +the latest binary drivers for Nexus devices available from the +<a href="https://developers.google.com/android/nexus/drivers">Google Developer site</a>.</p> + +<h3 id="elevation-of-privilege-vulnerability-in-mediatek-drivers-device-specific"> +Elevation of privilege vulnerability in MediaTek drivers (Device specific)</h3> +<p>An elevation of privilege vulnerability in multiple MediaTek drivers could +enable a local malicious application to execute arbitrary code within the +context of the kernel. This issue is rated as Critical due to the possibility of +a local permanent device compromise, which may require reflashing the operating +system to repair the device.</p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="16%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Nexus devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2016-3770</td> + <td>A-28346752*<br> + M-ALPS02703102</td> + <td>Critical</td> + <td>Android One</td> + <td>Apr 22, 2016</td> + </tr> + <tr> + <td>CVE-2016-3771</td> + <td>A-29007611*<br> + M-ALPS02703102</td> + <td>Critical</td> + <td>Android One</td> + <td>Apr 22, 2016</td> + </tr> + <tr> + <td>CVE-2016-3772</td> + <td>A-29008188*<br> + M-ALPS02703102</td> + <td>Critical</td> + <td>Android One</td> + <td>Apr 22, 2016</td> + </tr> + <tr> + <td>CVE-2016-3773</td> + <td>A-29008363*<br> + M-ALPS02703102</td> + <td>Critical</td> + <td>Android One</td> + <td>Apr 22, 2016</td> + </tr> + <tr> + <td>CVE-2016-3774</td> + <td>A-29008609*<br> + M-ALPS02703102</td> + <td>Critical</td> + <td>Android One</td> + <td>Apr 22, 2016</td> + </tr> +</table> +<p>* The patch for this issue is not publicly available. The update is contained in +the latest binary drivers for Nexus devices available from the +<a href="https://developers.google.com/android/nexus/drivers">Google Developer site</a>.</p> + +<h3 id="elevation-of-privilege-vulnerability-in-kernel-file-system"> +Elevation of privilege vulnerability in kernel file system</h3> +<p>An elevation of privilege vulnerability in the kernel file system could enable a +local malicious application to execute arbitrary code within the context of the +kernel. This issue is rated as Critical due to the possibility of a local +permanent device compromise, which may require reflashing the operating system +to repair the device.</p> + +<table> + <col width="19%"> + <col width="16%"> + <col width="10%"> + <col width="27%"> + <col width="16%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Nexus devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2016-3775</td> + <td>A-28588279*</td> + <td>Critical</td> + <td>Nexus 5X, Nexus 6, Nexus 6P and Nexus Player, Pixel C</td> + <td>May 4, 2016</td> + </tr> +</table> +<p>* The patch for this issue is not publicly available. The update is contained in +the latest binary drivers for Nexus devices available from the +<a href="https://developers.google.com/android/nexus/drivers">Google Developer site</a>.</p> + +<h3 id="elevation-of-privilege-vulnerability-in-usb-driver"> +Elevation of privilege vulnerability in USB driver</h3> +<p>An elevation of privilege vulnerability in the USB driver could enable a local +malicious application to execute arbitrary code within the context of the +kernel. This issue is rated as Critical severity due to the possibility of a +local permanent device compromise, which may require reflashing the operating +system to repair the device.</p> + +<table> + <col width="19%"> + <col width="16%"> + <col width="10%"> + <col width="27%"> + <col width="16%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Nexus devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2015-8816</td> + <td>A-28712303*</td> + <td>Critical</td> + <td>Nexus 5X, Nexus 6, Nexus 6P, Nexus 7 (2013), Nexus 9, Nexus Player, Pixel C</td> + <td>May 4, 2016</td> + </tr> +</table> +<p>* The patch for this issue is not publicly available. The update is contained in +the latest binary drivers for Nexus devices available from the +<a href="https://developers.google.com/android/nexus/drivers">Google Developer site</a>.</p> + +<h3 id="elevation-of-privilege-vulnerability-in-qualcomm-components"> +Elevation of privilege vulnerability in Qualcomm components</h3> +<p>The table below contains security vulnerabilities affecting Qualcomm components +including the bootloader, camera driver, character drive, networking, sound +driver and video driver.</p> +<p>The most severe of these issues is rated as Critical due to possibility of +arbitrary code execution leading to the possibility of a local permanent device +compromise, which may require reflashing the operating system to repair the +device.</p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="16%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity*</th> + <th>Updated Nexus devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2014-9795</td> + <td>A-28820720<br> + <a href="https://us.codeaurora.org/cgit/quic/la//kernel/lk/commit/?id=ce2a0ea1f14298abc83729f3a095adab43342342">QC-CR681957</a> + [<a href="https://us.codeaurora.org/cgit/quic/la//kernel/lk/commit/?id=fc3b31f81a1c128c2bcc745564a075022cd72a2e">2</a>] + </td> + <td>Critical</td> + <td>Nexus 5</td> + <td>Aug 8, 2014</td> + </tr> + <tr> + <td>CVE-2014-9794</td> + <td>A-28821172<br> + <a href="https://us.codeaurora.org/cgit/quic/la//kernel/lk/commit/?id=f39085971c8c4e36cadbf8a72aabe6c7ff538ffa">QC-CR646385</a> + </td> + <td>Critical</td> + <td>Nexus 7 (2013)</td> + <td>Aug 8, 2014</td> + </tr> + <tr> + <td>CVE-2015-8892</td> + <td>A-28822807<br> + <a href="https://us.codeaurora.org/cgit/quic/la/kernel/lk/commit/?id=fae606b9dd92c021e2419369975264f24f60db23">QC-CR902998</a> + </td> + <td>Critical</td> + <td>Nexus 5X, Nexus 6P</td> + <td>Dec 30, 2015</td> + </tr> + <tr> + <td>CVE-2014-9781</td> + <td>A-28410333<br> + <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/drivers/video/?h=LA.BF.1.1.3_rb1.12&id=a2b5237ad265ec634489c8b296d870827b2a1b13&context=20&ignorews=0&dt=0">QC-CR556471</a> + </td> + <td>High</td> + <td>Nexus 7 (2013)</td> + <td>Feb 6, 2014</td> + </tr> + <tr> + <td>CVE-2014-9786</td> + <td>A-28557260<br> + <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/patch/?id=2fb303d9c6ca080f253b10ed9384293ca69ad32b">QC-CR545979</a></td> + <td>High</td> + <td>Nexus 5, Nexus 7 (2013)</td> + <td>Mar 13, 2014</td> + </tr> + <tr> + <td>CVE-2014-9788</td> + <td>A-28573112<br> + <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=73bfc22aa70cc0b7e6709381125a0a42aa72a4f2">QC-CR548872</a></td> + <td>High</td> + <td>Nexus 5</td> + <td>Mar 13, 2014</td> + </tr> + <tr> + <td>CVE-2014-9779</td> + <td>A-28598347<br> + <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/arch/arm/mach-msm/qdsp6v2/msm_audio_ion.c?h=LA.BF.1.1.3_rb1.12&id=0b5f49b360afdebf8ef55df1e48ec141b3629621">QC-CR548679</a></td> + <td>High</td> + <td>Nexus 5</td> + <td>Mar 13, 2014</td> + </tr> + <tr> + <td>CVE-2014-9780</td> + <td>A-28602014<br> + <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm-3.10/commit/?id=b5bb13e1f738f90df11e0c17f843c73999a84a54">QC-CR542222</a></td> + <td>High</td> + <td>Nexus 5, Nexus 5X, Nexus 6P</td> + <td>Mar 13, 2014</td> + </tr> + <tr> + <td>CVE-2014-9789</td> + <td>A-28749392<br> + <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=5720ed5c3a786e3ba0a2428ac45da5d7ec996b4e">QC-CR556425</a></td> + <td>High</td> + <td>Nexus 5</td> + <td>Mar 13, 2014</td> + </tr> + <tr> + <td>CVE-2014-9793</td> + <td>A-28821253<br> + <a href="https://us.codeaurora.org/cgit/quic/la/kernel/lk/commit/?id=0dcccecc4a6a9a9b3314cb87b2be8b52df1b7a81">QC-CR580567</a></td> + <td>High</td> + <td>Nexus 7 (2013)</td> + <td>Mar 13, 2014</td> + </tr> + <tr> + <td>CVE-2014-9782</td> + <td>A-28431531<br> + <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/patch/?id=2e57a46ab2ba7299d99d9cdc1382bd1e612963fb">QC-CR511349</a></td> + <td>High</td> + <td>Nexus 5, Nexus 7 (2013)</td> + <td>Mar 31, 2014</td> + </tr> + <tr> + <td>CVE-2014-9783</td> + <td>A-28441831<br> + <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=2b1050b49a9a5f7bb57006648d145e001a3eaa8b">QC-CR511382</a> + [<a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=a7502f4f801bb95bff73617309835bb7a016cde5">2</a>]</td> + <td>High</td> + <td>Nexus 7 (2013)</td> + <td>Mar 31, 2014</td> + </tr> + <tr> + <td>CVE-2014-9785</td> + <td>A-28469042<br> + <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=b4338420db61f029ca6713a89c41b3a5852b20ce">QC-CR545747</a></td> + <td>High</td> + <td>Nexus 7 (2013)</td> + <td>Mar 31, 2014</td> + </tr> + <tr> + <td>CVE-2014-9787</td> + <td>A-28571496<br> + <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=528400ae4cba715f6c9ff4a2657dafd913f30b8b">QC-CR545764</a></td> + <td>High</td> + <td>Nexus 7 (2013)</td> + <td>Mar 31, 2014</td> + </tr> + <tr> + <td>CVE-2014-9784</td> + <td>A-28442449<br> + <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=36503d639cedcc73880974ed92132247576e72ba">QC-CR585147</a></td> + <td>High</td> + <td>Nexus 5, Nexus 7 (2013)</td> + <td>Apr 30, 2014</td> + </tr> + <tr> + <td>CVE-2014-9777</td> + <td>A-28598501<br> + <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=17bfaf64ad503d2e6607d2d3e0956f25bf07eb43">QC-CR563654</a></td> + <td>High</td> + <td>Nexus 5, Nexus 7 (2013)</td> + <td>Apr 30, 2014</td> + </tr> + <tr> + <td>CVE-2014-9778</td> + <td>A-28598515<br> + <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=af85054aa6a1bcd38be2354921f2f80aef1440e5">QC-CR563694</a></td> + <td>High</td> + <td>Nexus 5, Nexus 7 (2013)</td> + <td>Apr 30, 2014</td> + </tr> + <tr> + <td>CVE-2014-9790</td> + <td>A-28769136<br> + <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?h=LA.BF.1.1.3_rb1.12&id=6ed921bda8cbb505e8654dfc1095185b0bccc38e">QC-CR545716</a> + [<a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit?h=LA.BF.1.1.3_rb1.12&id=9bc30c0d1832f7dd5b6fa10d5e48a29025176569">2</a>]</td> + <td>High</td> + <td>Nexus 5, Nexus 7 (2013)</td> + <td>Apr 30, 2014</td> + </tr> + <tr> + <td>CVE-2014-9792</td> + <td>A-28769399<br> + <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=a3e3dd9fc0a2699ae053ffd3efb52cdc73ad94cd">QC-CR550606</a></td> + <td>High</td> + <td>Nexus 5</td> + <td>Apr 30, 2014</td> + </tr> + <tr> + <td>CVE-2014-9797</td> + <td>A-28821090<br> + <a href="https://us.codeaurora.org/cgit/quic/la//kernel/lk/commit/?id=3312737f3e1ec84dd67ee0622c7dd031083f71a4">QC-CR674071</a></td> + <td>High</td> + <td>Nexus 5</td> + <td>Jul 3, 2014</td> + </tr> + <tr> + <td>CVE-2014-9791</td> + <td>A-28803396<br> + <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?h=LA.BF.1.1.3_rb1.12&id=9aabfc9e7775abbbcf534cdecccc4f12ee423b27">QC-CR659364</a></td> + <td>High</td> + <td>Nexus 7 (2013)</td> + <td>Aug 29, 2014</td> + </tr> + <tr> + <td>CVE-2014-9796</td> + <td>A-28820722<br> + <a href="https://us.codeaurora.org/cgit/quic/la//kernel/lk/commit/?id=2e21b3a57cac7fb876bcf43244d7cc3dc1f6030d">QC-CR684756</a></td> + <td>High</td> + <td>Nexus 5, Nexus 7 (2013)</td> + <td>Sep 30, 2014</td> + </tr> + <tr> + <td>CVE-2014-9800</td> + <td>A-28822150<br> + <a href="https://us.codeaurora.org/cgit/quic/la//kernel/lk/commit/?id=6390f200d966dc13cf61bb5abbe3110447ca82b5">QC-CR692478</a></td> + <td>High</td> + <td>Nexus 5, Nexus 7 (2013)</td> + <td>Oct 31, 2014</td> + </tr> + <tr> + <td>CVE-2014-9799</td> + <td>A-28821731<br> + <a href="https://us.codeaurora.org/cgit/quic/la/kernel/lk/commit/?id=c2119f1fba46f3b6e153aa018f15ee46fe6d5b76">QC-CR691916</a></td> + <td>High</td> + <td>Nexus 5, Nexus 7 (2013)</td> + <td>Oct 31, 2014</td> + </tr> + <tr> + <td>CVE-2014-9801</td> + <td>A-28822060<br> + <a href="https://us.codeaurora.org/cgit/quic/la//kernel/lk/commit/?id=cf8f5a105bafda906ccb7f149d1a5b8564ce20c0">QC-CR705078</a></td> + <td>High</td> + <td>Nexus 5</td> + <td>Nov 28, 2014</td> + </tr> + <tr> + <td>CVE-2014-9802</td> + <td>A-28821965<br> + <a href="https://us.codeaurora.org/cgit/quic/la//kernel/lk/commit/?id=222e0ec9bc755bfeaa74f9a0052b7c709a4ad054">QC-CR705108</a></td> + <td>High</td> + <td>Nexus 5, Nexus 7 (2013)</td> + <td>Dec 31, 2014</td> + </tr> + <tr> + <td>CVE-2015-8891</td> + <td>A-28842418<br> + <a href="https://us.codeaurora.org/cgit/quic/la//kernel/lk/commit/?id=4f829bb52d0338c87bc6fbd0414b258f55cc7c62">QC-CR813930</a></td> + <td>High</td> + <td>Nexus 5, Nexus 7 (2013)</td> + <td>May 29, 2015</td> + </tr> + <tr> + <td>CVE-2015-8888</td> + <td>A-28822465<br> + <a href="https://us.codeaurora.org/cgit/quic/la//kernel/lk/commit/?id=1321f34f1ebcff61ad7e65e507cfd3e9028af19b">QC-CR813933</a></td> + <td>High</td> + <td>Nexus 5</td> + <td>Jun 30, 2015</td> + </tr> + <tr> + <td>CVE-2015-8889</td> + <td>A-28822677<br> + <a href="https://us.codeaurora.org/cgit/quic/la/kernel/lk/commit/?id=fa774e023554427ee14d7a49181e9d4afbec035e">QC-CR804067</a></td> + <td>High</td> + <td>Nexus 6P</td> + <td>Jun 30, 2015</td> + </tr> + <tr> + <td>CVE-2015-8890</td> + <td>A-28822878<br> + <a href="https://us.codeaurora.org/cgit/quic/la//kernel/lk/commit/?id=e22aca36da2bb6f5016f3c885eb8c8ff85c115e4">QC-CR823461</a></td> + <td>High</td> + <td>Nexus 5, Nexus 7 (2013)</td> + <td>Aug 19, 2015</td> + </tr> +</table> +<p>* The severity rating for these issues is provided directly by Qualcomm.</p> + +<h3 id="elevation-of-privilege-vulnerability-in-qualcomm-usb-driver"> +Elevation of privilege vulnerability in Qualcomm USB driver</h3> +<p>An elevation of privilege vulnerability in the Qualcomm USB driver could enable +a local malicious application to execute arbitrary code within the context of +the kernel. This issue is rated as High because it first requires compromising a +privileged process.</p> + +<table> + <col width="19%"> + <col width="16%"> + <col width="10%"> + <col width="27%"> + <col width="16%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Nexus devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2016-2502</td> + <td>A-27657963 + <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm-3.10/commit/?id=0bc45d7712eabe315ce8299a49d16433c3801156">QC-CR997044</a></td> + <td>High</td> + <td>Nexus 5X, Nexus 6P</td> + <td>Mar 11, 2016</td> + </tr> +</table> + +<h3 id="elevation-of-privilege-vulnerability-in-qualcomm-wi-fi-driver"> +Elevation of privilege vulnerability in Qualcomm Wi-Fi driver</h3> +<p>An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could +enable a local malicious application to execute arbitrary code within the +context of the kernel. This issue is rated as High because it first requires +compromising a privileged process.</p> + +<table> + <col width="19%"> + <col width="16%"> + <col width="10%"> + <col width="27%"> + <col width="16%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Nexus devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2016-3792</td> + <td>A-27725204 + <a href="https://us.codeaurora.org/cgit/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=28d4f0c1f712bffb4aa5b47f06e97d5a9fa06d29">QC-CR561022</a></td> + <td>High</td> + <td>Nexus 7 (2013)</td> + <td>Mar 17, 2016</td> + </tr> +</table> + +<h3 id="elevation-of-privilege-vulnerability-in-qualcomm-camera-driver"> +Elevation of privilege vulnerability in Qualcomm camera driver</h3> +<p>An elevation of privilege vulnerability in the Qualcomm camera driver could +enable a local malicious application to execute arbitrary code within the +context of the kernel. This issue is rated as High because it first requires +compromising a privileged process.</p> + +<table> + <col width="19%"> + <col width="16%"> + <col width="10%"> + <col width="27%"> + <col width="16%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Nexus devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2016-2501</td> + <td>A-27890772* + QC-CR1001092</td> + <td>High</td> + <td>Nexus 5X, Nexus 6, Nexus 6P, Nexus 7 (2013)</td> + <td>Mar 27, 2016</td> + </tr> +</table> +<p>* The patch for this issue is not publicly available. The update is contained in +the latest binary drivers for Nexus devices available from the +<a href="https://developers.google.com/android/nexus/drivers">Google Developer site</a>.</p> + +<h3 id="elevation-of-privilege-vulnerability-in-nvidia-camera-driver"> +Elevation of privilege vulnerability in NVIDIA camera driver</h3> +<p>An elevation of privilege vulnerability in the NVIDIA camera driver could enable +a local malicious application to execute arbitrary code within the context of +the kernel. This issue is rated as High because it first requires compromising a +privileged process.</p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="16%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Nexus devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2016-3793</td> + <td>A-28026625*<br> + N-CVE20163793</td> + <td>High</td> + <td>Nexus 9</td> + <td>Apr 5, 2016</td> + </tr> +</table> +<p>* The patch for this issue is not publicly available. The update is contained in +the latest binary drivers for Nexus devices available from the +<a href="https://developers.google.com/android/nexus/drivers">Google Developer site</a>.</p> + +<h3 id="elevation-of-privilege-vulnerability-in-mediatek-power-driver"> +Elevation of privilege vulnerability in MediaTek power driver</h3> +<p>An elevation of privilege in the MediaTek power driver could enable a local +malicious application to execute arbitrary code within the context of the +kernel. This issue is rated as High because it first requires compromising a +privileged process.</p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="16%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Nexus devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2016-3795</td> + <td>A-28085222*<br> + M-ALPS02677244</td> + <td>High</td> + <td>Android One</td> + <td>Apr 7, 2016</td> + </tr> + <tr> + <td>CVE-2016-3796</td> + <td>A-29008443*<br> + M-ALPS02677244</td> + <td>High</td> + <td>Android One</td> + <td>Apr 7, 2016</td> + </tr> +</table> +<p>* The patch for this issue is not publicly available. The update is contained in +the latest binary drivers for Nexus devices available from the +<a href="https://developers.google.com/android/nexus/drivers">Google Developer site</a>.</p> + +<h3 id="elevation-of-privilege-vulnerability-in-qualcomm-wi-fi-driver-2"> +Elevation of privilege vulnerability in Qualcomm Wi-Fi driver</h3> +<p>An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could +enable a local malicious application to execute arbitrary code within the +context of the kernel. This issue is rated as High because it first requires +compromising a privileged process.</p> + +<table> + <col width="19%"> + <col width="16%"> + <col width="10%"> + <col width="27%"> + <col width="16%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Nexus devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2016-3797</td> + <td>A-28085680* + QC-CR1001450</td> + <td>High</td> + <td>Nexus 5X</td> + <td>Apr 7, 2016</td> + </tr> +</table> +<p>* The patch for this issue is not publicly available. The update is contained in +the latest binary drivers for Nexus devices available from the +<a href="https://developers.google.com/android/nexus/drivers">Google Developer site</a>.</p> + +<h3 id="elevation-of-privilege-vulnerability-in-mediatek-hardware-sensor-driver"> +Elevation of privilege vulnerability in MediaTek hardware sensor driver</h3> +<p>An elevation of privilege vulnerability in the MediaTek hardware sensor driver +could enable a local malicious application to execute arbitrary code within the +context of the kernel. This issue is rated as High because it first requires +compromising a privileged process.</p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="16%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Nexus devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2016-3798</td> + <td>A-28174490*<br> + M-ALPS02703105</td> + <td>High</td> + <td>Android One</td> + <td>Apr 11, 2016</td> + </tr> +</table> +<p>* The patch for this issue is not publicly available. The update is contained in +the latest binary drivers for Nexus devices available from the +<a href="https://developers.google.com/android/nexus/drivers">Google Developer site</a>.</p> + +<h3 id="elevation-of-privilege-vulnerability-in-mediatek-video-driver"> +Elevation of privilege vulnerability in MediaTek video driver</h3> +<p>An elevation of privilege vulnerability in the MediaTek video driver could +enable a local malicious application to execute arbitrary code within the +context of the kernel. This issue is rated as High because it first requires +compromising a privileged process.</p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="16%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Nexus devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2016-3799</td> + <td>A-28175025*<br> + M-ALPS02693738</td> + <td>High</td> + <td>Android One</td> + <td>Apr 11, 2016</td> + </tr> + <tr> + <td>CVE-2016-3800</td> + <td>A-28175027*<br> + M-ALPS02693739</td> + <td>High</td> + <td>Android One</td> + <td>Apr 11, 2016</td> + </tr> +</table> +<p>* The patch for this issue is not publicly available. The update is contained in +the latest binary drivers for Nexus devices available from the +<a href="https://developers.google.com/android/nexus/drivers">Google Developer site</a>.</p> + +<h3 id="elevation-of-privilege-vulnerability-in-mediatek-gps-driver"> +Elevation of privilege vulnerability in MediaTek GPS driver</h3> +<p>An elevation of privilege vulnerability in the MediaTek GPS driver could enable +a local malicious application to execute arbitrary code within the context of +the kernel. This issue is rated as High because it first requires compromising a +privileged process.</p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="16%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Nexus devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2016-3801</td> + <td>A-28174914*<br> + M-ALPS02688853</td> + <td>High</td> + <td>Android One</td> + <td>Apr 11, 2016</td> + </tr> +</table> +<p>* The patch for this issue is not publicly available. The update is contained in +the latest binary drivers for Nexus devices available from the +<a href="https://developers.google.com/android/nexus/drivers">Google Developer site</a>.</p> + +<h3 id="elevation-of-privilege-vulnerability-in-kernel-file-system-2"> +Elevation of privilege vulnerability in kernel file system</h3> +<p>An elevation of privilege vulnerability in the kernel file system could enable a +local malicious application to execute arbitrary code within the context of the +kernel. This issue is rated as High because it first requires compromising a +privileged process.</p> + +<table> + <col width="19%"> + <col width="16%"> + <col width="10%"> + <col width="27%"> + <col width="16%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Nexus devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2016-3802</td> + <td>A-28271368*</td> + <td>High</td> + <td>Nexus 9</td> + <td>Apr 19, 2016</td> + </tr> + <tr> + <td>CVE-2016-3803</td> + <td>A-28588434*</td> + <td>High</td> + <td>Nexus 5X, Nexus 6P</td> + <td>May 4, 2016</td> + </tr> +</table> +<p>* The patch for this issue is not publicly available. The update is contained in +the latest binary drivers for Nexus devices available from the +<a href="https://developers.google.com/android/nexus/drivers">Google Developer site</a>.</p> + +<h3 id="elevation-of-privilege-vulnerability-in-mediatek-power-management-driver"> +Elevation of privilege vulnerability in MediaTek power management driver</h3> +<p>An elevation of privilege in the MediaTek power management driver could enable a +local malicious application to execute arbitrary code within the context of the +kernel. This issue is rated as High because it first requires compromising a +privileged process.</p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="16%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Nexus devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2016-3804</td> + <td>A-28332766*<br> + M-ALPS02694410</td> + <td>High</td> + <td>Android One</td> + <td>Apr 20, 2016</td> + </tr> + <tr> + <td>CVE-2016-3805</td> + <td>A-28333002*<br> + M-ALPS02694412</td> + <td>High</td> + <td>Android One</td> + <td>Apr 21, 2016</td> + </tr> +</table> +<p>* The patch for this issue is not publicly available. The update is contained in +the latest binary drivers for Nexus devices available from the +<a href="https://developers.google.com/android/nexus/drivers">Google Developer site</a>.</p> + +<h3 id="elevation-of-privilege-vulnerability-in-mediatek-display-driver"> +Elevation of privilege vulnerability in MediaTek display driver</h3> +<p>An elevation of privilege vulnerability in the MediaTek display driver could +enable a local malicious application to execute arbitrary code within the +context of the kernel. This issue is rated as High because it first requires +compromising a privileged process.</p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="16%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Nexus devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2016-3806</td> + <td>A-28402341*<br> + M-ALPS02715341</td> + <td>High</td> + <td>Android One</td> + <td>Apr 26, 2016</td> + </tr> +</table> +<p>* The patch for this issue is not publicly available. The update is contained in +the latest binary drivers for Nexus devices available from the +<a href="https://developers.google.com/android/nexus/drivers">Google Developer site</a>.</p> + +<h3 id="elevation-of-privilege-vulnerability-in-serial-peripheral-interface-driver"> +Elevation of privilege vulnerability in serial peripheral interface driver</h3> +<p>An elevation of privilege vulnerability in the serial peripheral interface +driver could enable a local malicious application to execute arbitrary code +within the context of the kernel. This issue is rated as High because it first +requires compromising a privileged process.</p> + +<table> + <col width="19%"> + <col width="16%"> + <col width="10%"> + <col width="27%"> + <col width="16%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Nexus devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2016-3807</td> + <td>A-28402196*</td> + <td>High</td> + <td>Nexus 5X, Nexus 6P</td> + <td>Apr 26, 2016</td> + </tr> + <tr> + <td>CVE-2016-3808</td> + <td>A-28430009*</td> + <td>High</td> + <td>Pixel C</td> + <td>Apr 26, 2016</td> + </tr> +</table> +<p>* The patch for this issue is not publicly available. The update is contained in +the latest binary drivers for Nexus devices available from the +<a href="https://developers.google.com/android/nexus/drivers">Google Developer site</a>.</p> + +<h3 id="elevation-of-privilege-vulnerability-in-qualcomm-sound-driver"> +Elevation of privilege vulnerability in Qualcomm sound driver</h3> +<p>An elevation of privilege vulnerability in the Qualcomm sound driver could +enable a local malicious application to execute arbitrary code within the +context of the kernel. This issue is rated as High severity because it first +requires compromising a privileged process.</p> + +<table> + <col width="19%"> + <col width="16%"> + <col width="10%"> + <col width="27%"> + <col width="16%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Nexus devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2016-2068</td> + <td>A-28470967 + <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?h=APSS.FSM.3.0&id=01ee86da5a0cd788f134e360e2be517ef52b6b00">QC-CR1006609</a></td> + <td>High</td> + <td>Nexus 5, Nexus 5X, Nexus 6, Nexus 6P</td> + <td>Apr 28, 2016</td> + </tr> +</table> + +<h3 id="elevation-of-privilege-vulnerability-in-kernel"> +Elevation of privilege vulnerability in kernel</h3> +<p>An elevation of privilege vulnerability in the kernel could enable a local +malicious application to execute arbitrary code within the context of the +kernel. This issue is rated as High because it first requires compromising a +privileged process.</p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="16%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Nexus devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2014-9803</td> + <td>A-28557020<br> + <a href="https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/arch/arm64/include/asm/pgtable.h?h=linux-3.10.y&id=5a0fdfada3a2aa50d7b947a2e958bf00cbe0d830"> + Upstream kernel</a></td> + <td>High</td> + <td>Nexus 5X, Nexus 6P</td> + <td>Google internal</td> + </tr> +</table> + +<h3 +id="information-disclosure-vulnerability-in-networking-component"> +Information disclosure vulnerability in networking component</h3> +<p>An information disclosure vulnerability in the networking component could enable +a local malicious application to access data outside of its permission levels. +This issue is rated as High because it could be used to access sensitive data +without explicit user permission.</p> + +<table> + <col width="19%"> + <col width="16%"> + <col width="10%"> + <col width="27%"> + <col width="16%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Nexus devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2016-3809</td> + <td>A-27532522*</td> + <td>High</td> + <td><a href="#all_nexus">All Nexus</a></td> + <td>Mar 5, 2016</td> + </tr> +</table> +<p>* The patch for this issue is not publicly available. The update is contained in +the latest binary drivers for Nexus devices available from the +<a href="https://developers.google.com/android/nexus/drivers">Google Developer site</a>.</p> + +<h3 id="information-disclosure-vulnerability-in-mediatek-wi-fi-driver"> +Information disclosure vulnerability in MediaTek Wi-Fi driver</h3> +<p>An information disclosure vulnerability in the MediaTek Wi-Fi driver could +enable a local malicious application to access data outside of its permission +levels. This issue is rated as High because it could be used to access sensitive +data without explicit user permission.</p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="16%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Nexus devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2016-3810</td> + <td>A-28175522*<br> + M-ALPS02694389</td> + <td>High</td> + <td>Android One</td> + <td>Apr 12, 2016</td> + </tr> +</table> +<p>* The patch for this issue is not publicly available. The update is contained in +the latest binary drivers for Nexus devices available from the +<a href="https://developers.google.com/android/nexus/drivers">Google Developer site</a>.</p> + +<h3 id="elevation-of-privilege-vulnerability-in-kernel-video-driver"> +Elevation of privilege vulnerability in kernel video driver</h3> +<p>An elevation of privilege vulnerability in the kernel video driver could enable +a local malicious application to execute arbitrary code within the context of +the kernel. This issue is rated as Moderate because it first requires +compromising a privileged process.</p> + +<table> + <col width="19%"> + <col width="16%"> + <col width="10%"> + <col width="27%"> + <col width="16%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Nexus devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2016-3811</td> + <td>A-28447556*</td> + <td>Moderate</td> + <td>Nexus 9</td> + <td>Google internal</td> + </tr> +</table> +<p>* The patch for this issue is not publicly available. The update is contained in +the latest binary drivers for Nexus devices available from the +<a href="https://developers.google.com/android/nexus/drivers">Google Developer site</a>.</p> + +<h3 id="information-disclosure-vulnerability-in-mediatek-video-codec-driver"> +Information disclosure vulnerability in MediaTek video codec driver</h3> +<p>An information disclosure vulnerability in the MediaTek video codec driver could +enable a local malicious application to access data outside of its permission +levels. This issue is rated as Moderate because it first requires compromising a +privileged process.</p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="16%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Nexus devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2016-3812</td> + <td>A-28174833*<br> + M-ALPS02688832</td> + <td>Moderate</td> + <td>Android One</td> + <td>Apr 11, 2016</td> + </tr> +</table> +<p>* The patch for this issue is not publicly available. The update is contained in +the latest binary drivers for Nexus devices available from the +<a href="https://developers.google.com/android/nexus/drivers">Google Developer site</a>.</p> + +<h3 id="information-disclosure-vulnerability-in-qualcomm-usb-driver"> +Information disclosure vulnerability in Qualcomm USB driver</h3> +<p>An information disclosure vulnerability in the Qualcomm USB driver could enable +a local malicious application to access data outside of its permission levels. +This issue is rated as Moderate because it first requires compromising a +privileged process.</p> + +<table> + <col width="19%"> + <col width="16%"> + <col width="10%"> + <col width="27%"> + <col width="16%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Nexus devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2016-3813</td> + <td>A-28172322* + QC-CR1010222</td> + <td>Moderate</td> + <td>Nexus 5, Nexus 5X, Nexus 6, Nexus 6P</td> + <td>Apr 11, 2016</td> + </tr> +</table> +<p>* The patch for this issue is not publicly available. The update is contained in +the latest binary drivers for Nexus devices available from the +<a href="https://developers.google.com/android/nexus/drivers">Google Developer site</a>.</p> + +<h3 id="information-disclosure-vulnerability-in-nvidia-camera-driver"> +Information disclosure vulnerability in NVIDIA camera driver</h3> +<p>An information disclosure vulnerability in the NVIDIA camera driver could enable +a local malicious application to access data outside of its permission levels. +This issue is rated as Moderate because it first requires compromising a +privileged process.</p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="16%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Nexus devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2016-3814</td> + <td>A-28193342*<br> + N-CVE20163814</td> + <td>Moderate</td> + <td>Nexus 9</td> + <td>Apr 14, 2016</td> + </tr> + <tr> + <td>CVE-2016-3815</td> + <td>A-28522274*<br> + N-CVE20163815</td> + <td>Moderate</td> + <td>Nexus 9</td> + <td>May 1, 2016</td> + </tr> +</table> +<p>* The patch for this issue is not publicly available. The update is contained in +the latest binary drivers for Nexus devices available from the +<a href="https://developers.google.com/android/nexus/drivers">Google Developer site</a>.</p> + +<h3 id="information-disclosure-vulnerability-in-mediatek-display-driver"> +Information disclosure vulnerability in MediaTek display driver</h3> +<p>An information disclosure vulnerability in the MediaTek display driver could +enable a local malicious application to access data outside of its permission +levels. This issue is rated as Moderate because it first requires compromising a +privileged process.</p> + +<table> + <col width="19%"> + <col width="16%"> + <col width="10%"> + <col width="27%"> + <col width="16%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Nexus devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2016-3816</td> + <td>A-28402240*</td> + <td>Moderate</td> + <td>Android One</td> + <td>Apr 26, 2016</td> + </tr> +</table> +<p>* The patch for this issue is not publicly available. The update is contained in +the latest binary drivers for Nexus devices available from the +<a href="https://developers.google.com/android/nexus/drivers">Google Developer site</a>.</p> + +<h3 id="information-disclosure-vulnerability-in-kernel-teletype-driver"> +Information disclosure vulnerability in kernel teletype driver</h3> +<p>An information disclosure vulnerability in the teletype driver could enable a +local malicious application to access data outside of its permission levels. +This issue is rated as Moderate because it first requires compromising a +privileged process.</p> + +<table> + <col width="19%"> + <col width="20%"> + <col width="10%"> + <col width="23%"> + <col width="16%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Nexus devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2016-0723</td> + <td>A-28409131<br> + <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5c17c861a357e9458001f021a7afa7aab9937439">Upstream +kernel</a></td> + <td>Moderate</td> + <td>Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, Nexus 7 (2013), Nexus 9, Nexus + Player, Pixel C</td> + <td>Apr 26, 2016</td> + </tr> +</table> + +<h3 id="denial-of-service-vulnerability-in-qualcomm-bootloader"> +Denial of service vulnerability in Qualcomm bootloader</h3> +<p>A denial of service vulnerability in the Qualcomm bootloader could enable a +local malicious application to cause a local permanent device compromise, which +may require reflashing the operating system to repair the device. This issue is +rated as Moderate because it first requires compromising a privileged process.</p> + +<table> + <col width="19%"> + <col width="16%"> + <col width="10%"> + <col width="27%"> + <col width="16%"> + <tr> + <th>CVE</th> + <th>References</th> + <th>Severity</th> + <th>Updated Nexus devices</th> + <th>Date reported</th> + </tr> + <tr> + <td>CVE-2014-9798</td> + <td>A-28821448 + <a href="https://us.codeaurora.org/cgit/quic/la//kernel/lk/commit/?id=b05eed2491a098bf627ac485a5b43d2f4fae2484">QC-CR681965</a></td> + <td>Moderate</td> + <td>Nexus 5</td> + <td>Oct 31, 2014</td> + </tr> + <tr> + <td>CVE-2015-8893</td> + <td>A-28822690 + <a href="https://us.codeaurora.org/cgit/quic/la//kernel/lk/commit/?id=800255e8bfcc31a02e89460460e3811f225e7a69">QC-CR822275</a></td> + <td>Moderate</td> + <td>Nexus 5, Nexus 7 (2013)</td> + <td>Aug 19, 2015</td> + </tr> +</table> +<h2 id="common-questions-and-answers">Common questions and answers</h2> +<p>This section answers common questions that may occur after reading this +bulletin.</p> + +<p><strong>1. How do I determine if my device is updated to address these issues?</strong></p> +<p>Security Patch Levels of 2016-07-01 or later address all issues associated with +the 2016-7-01 security patch string level. Security Patch Levels of 2016-07-05 +or later address all issues associated with the 2016-07-05 security patch string +level. Refer to the <a +href="https://support.google.com/nexus/answer/4457705">help center</a> +for instructions on how to check the security patch level. Device manufacturers +that include these updates should set the patch string level to: +[ro.build.version.security_patch]:[2016-07-01] or +[ro.build.version.security_patch]:[2016-07-05].</p> + +<p><strong>2. Why does this bulletin have two security patch level strings?</strong></p> +<p>This bulletin has two security patch level strings in order to provide +Android partners with the flexibility to move more quickly to fix a subset of +vulnerabilities that are similar across all Android devices. Android partners +are encouraged to fix all issues in this bulletin and use the latest security +patch level string.</p> +<p>Devices that use the security patch level of July 5, 2016 or newer must +include all applicable patches in this (and previous) security bulletins.</p> +<p>Devices that use the July 1, 2016 security patch level must include all +issues associated with that security patch level, as well as fixes for all +issues reported in previous security bulletins. Devices that use July 1, 2016 +security patch level may also include a subset of fixes associated with the +July 5, 2016 security patch level.</p> + +<p id="all_nexus"><strong>3. How do I determine which Nexus devices are affected +by each issue?</strong></p> +<p>In the <a href="#2016-07-01_details">2016-07-01</a> and +<a href="#2016-07-05_details">2016-07-05</a> security vulnerability details sections, +each table has an Updated Nexus devices column that covers the range of affected +Nexus devices updated for each issue. This column has a few options:</p> +<ul> + <li><strong>All Nexus devices</strong>: If an issue affects all Nexus devices, + the table will have “All Nexus” in the <em>Updated Nexus devices</em> column. + “All Nexus” encapsulates the following + <a href="https://support.google.com/nexus/answer/4457705#nexus_devices">supported + devices</a>: Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, Nexus 7 (2013), Nexus 9, + Android One, Nexus Player, and Pixel C.</li> + <li><strong>Some Nexus devices</strong>: If an issue doesn’t affect all Nexus + devices, the affected Nexus devices are listed in the <em>Updated Nexus + devices</em> column.</li> + <li><strong>No Nexus devices</strong>: If no Nexus devices are affected by the + issue, the table will have “None” in the <em>Updated Nexus devices</em> column.</li> +</ul> + +<p><strong>4. What do the entries in the references column map to?</strong></p> +<p>Entries under the <em>References</em> column of the vulnerability details table may +contain a prefix identifying the organization to which the reference value belongs. These prefixes +map as follows:</p> + +<table> + <tr> + <th>Prefix</th> + <th>Reference</th> + </tr> + <tr> + <td>A-</td> + <td>Android bug ID</td> + </tr> + <tr> + <td>QC-</td> + <td>Qualcomm reference number</td> + </tr> + <tr> + <td>M-</td> + <td>MediaTek reference number</td> + </tr> + <tr> + <td>N-</td> + <td>NVIDIA reference number</td> + </tr> +</table> + +<h2 id="revisions">Revisions</h2> +<ul> + <li>July 06, 2016: Bulletin published.</li> + <li>July 07, 2016: + <ul> + <li>Added AOSP links. + <li>Removed CVE-2016-3794 because it is a duplicate of CVE-2016-3814 + <li>Added attribution for CVE-2016-2501 and CVE-2016-2502 + </ul> + </li> +</ul> |