aboutsummaryrefslogtreecommitdiff
path: root/src/security/bulletin/2016-07-01.jd
diff options
context:
space:
mode:
Diffstat (limited to 'src/security/bulletin/2016-07-01.jd')
-rw-r--r--src/security/bulletin/2016-07-01.jd2920
1 files changed, 2920 insertions, 0 deletions
diff --git a/src/security/bulletin/2016-07-01.jd b/src/security/bulletin/2016-07-01.jd
new file mode 100644
index 00000000..716d1a5e
--- /dev/null
+++ b/src/security/bulletin/2016-07-01.jd
@@ -0,0 +1,2920 @@
+page.title=Android Security Bulletin—July 2016
+@jd:body
+
+<!--
+ Copyright 2016 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<p><em>Published July 06, 2016 | Updated July 07, 2016</em></p>
+<p>The Android Security Bulletin contains details of security vulnerabilities
+affecting Android devices. Alongside the bulletin, we have released a security
+update to Nexus devices through an over-the-air (OTA) update. The Nexus firmware
+images have also been released to the <a
+href="https://developers.google.com/android/nexus/images">Google Developer
+site</a>. Security patch levels of July 05, 2016 or later address all applicable
+issues in this bulletin. Refer to the <a
+href="https://support.google.com/nexus/answer/4457705#nexus_devices">documentation</a>
+to learn how to check the security patch level.</p>
+<p>
+Partners were notified about the issues described in the bulletin on June 06,
+2016 or earlier. Where applicable, source code patches for these issues have
+been released to the Android Open Source Project (AOSP) repository.
+This bulletin also includes links to patches outside of AOSP.</p>
+
+<p>The most severe of these issues is a Critical security vulnerability that could
+enable remote code execution on an affected device through multiple methods such
+as email, web browsing, and MMS when processing media files.</p>
+<p>We have had no reports of active customer exploitation or abuse of these newly
+reported issues. Refer to the <a href="mitigations">Android and Google service mitigations</a>
+section for details on the
+<a href="{@docRoot}security/enhancements/index.html">Android
+security platform protections</a> and service protections such as SafetyNet,
+which improve the security of the Android platform.</p>
+<p>We encourage all customers to accept these updates to their devices.</p>
+<h2 id="announcements">Announcements</h2>
+<ul>
+ <li>This bulletin defines two security patch level strings to provide Android
+ partners with the flexibility to move more quickly to fix a subset of
+ vulnerabilities that are similar across all Android devices. See
+ <a href="#common-questions-and-answers">Common questions and answers</a>
+ for additional information:
+ <ul>
+ <li><strong>2016-07-01</strong>: Partial security patch level string. This
+ security patch level string indicates that all issues associated with
+ 2016-07-01 are addressed.
+ <li><strong>2016-07-05</strong>: Complete security patch level string. This
+ security patch level string indicates that all issues associated with
+ 2016-07-01 and 2016-07-05 are addressed.</li>
+ </ul>
+ </li>
+ <li>Supported Nexus devices will be receiving a single OTA update with the
+ July 05, 2016 security patch level.</li>
+ </ul>
+<h2 id="security_vulnerability_summary">Security vulnerability summary</h2>
+<p>The tables below contain a list of security vulnerabilities, the Common
+Vulnerability and Exposures ID (CVE), the assessed severity, and whether or not
+Nexus devices are affected. The <a
+href="{@docRoot}security/overview/updates-resources.html#severity">severity
+assessment</a> is based on the effect that exploiting the vulnerability would
+possibly have on an affected device, assuming the platform and service
+mitigations are disabled for development purposes or if successfully bypassed.</p>
+
+<h3 id="2016-07-01_summary">2016-07-01 security patch level—Vulnerability summary</h3>
+<p>
+Security patch levels of 2016-07-01 or later must address the following issues.</p>
+
+<table>
+ <col width="55%">
+ <col width="20%">
+ <col width="13%">
+ <col width="12%">
+ <tr>
+ <th>Issue</th>
+ <th>CVE</th>
+ <th>Severity</th>
+ <th>Affects Nexus?</th>
+ </tr>
+ <tr>
+ <td>Remote code execution vulnerability in Mediaserver</td>
+ <td>CVE-2016-2506, CVE-2016-2505, CVE-2016-2507, CVE-2016-2508,
+ CVE-2016-3741, CVE-2016-3742, CVE-2016-3743</td>
+ <td>Critical</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Remote code execution vulnerability in OpenSSL & BoringSSL</td>
+ <td>CVE-2016-2108</td>
+ <td>Critical</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Remote code execution vulnerability in Bluetooth</td>
+ <td>CVE-2016-3744</td>
+ <td>High</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of privilege vulnerability in libpng</td>
+ <td>CVE-2016-3751</td>
+ <td>High</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of privilege vulnerability in Mediaserver</td>
+ <td>CVE-2016-3745, CVE-2016-3746, CVE-2016-3747</td>
+ <td>High</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of privilege vulnerability in sockets</td>
+ <td>CVE-2016-3748</td>
+ <td>High</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of privilege vulnerability in LockSettingsService</td>
+ <td>CVE-2016-3749</td>
+ <td>High</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of privilege vulnerability in Framework APIs</td>
+ <td>CVE-2016-3750</td>
+ <td>High</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of privilege vulnerability in ChooserTarget service</td>
+ <td>CVE-2016-3752</td>
+ <td>High</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Information disclosure vulnerability in Mediaserver</td>
+ <td>CVE-2016-3753</td>
+ <td>High</td>
+ <td>No*</td>
+ </tr>
+ <tr>
+ <td>Information disclosure vulnerability in OpenSSL</td>
+ <td>CVE-2016-2107</td>
+ <td>High</td>
+ <td>No*</td>
+ </tr>
+ <tr>
+ <td>Denial of service vulnerability in Mediaserver</td>
+ <td>CVE-2016-3754, CVE-2016-3755, CVE-2016-3756</td>
+ <td>High</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Denial of service vulnerability in libc</td>
+ <td>CVE-2016-3818</td>
+ <td>High</td>
+ <td>No*</td>
+ </tr>
+ <tr>
+ <td>Elevation of privilege vulnerability in lsof</td>
+ <td>CVE-2016-3757</td>
+ <td>Moderate</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of privilege vulnerability in DexClassLoader</td>
+ <td>CVE-2016-3758</td>
+ <td>Moderate</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of privilege vulnerability in Framework APIs</td>
+ <td>CVE-2016-3759</td>
+ <td>Moderate</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of privilege vulnerability in Bluetooth</td>
+ <td>CVE-2016-3760</td>
+ <td>Moderate</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of privilege vulnerability in NFC</td>
+ <td>CVE-2016-3761</td>
+ <td>Moderate</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of privilege vulnerability in sockets</td>
+ <td>CVE-2016-3762</td>
+ <td>Moderate</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Information disclosure vulnerability in Proxy Auto-Config</td>
+ <td>CVE-2016-3763</td>
+ <td>Moderate</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Information disclosure vulnerability in Mediaserver</td>
+ <td>CVE-2016-3764, CVE-2016-3765</td>
+ <td>Moderate</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Denial of service vulnerability in Mediaserver</td>
+ <td>CVE-2016-3766</td>
+ <td>Moderate</td>
+ <td>Yes</td>
+ </tr>
+</table>
+<p>* Supported Nexus devices that have installed all available updates are not
+affected by this vulnerability.</p>
+
+
+<h3 id="2016-07-05_summary">2016-07-05 security patch level—Vulnerability summary</h3>
+<p>
+Security patch levels of 2016-07-05 or later must address all of the 2016-07-01
+issues as well as the following issues.</p>
+
+<table>
+ <col width="55%">
+ <col width="20%">
+ <col width="13%">
+ <col width="12%">
+ <tr>
+ <th>Issue</th>
+ <th>CVE</th>
+ <th>Severity</th>
+ <th>Affects Nexus?</th>
+ </tr>
+ <tr>
+ <td>Elevation of privilege vulnerability in Qualcomm GPU driver (Device
+ specific)</td>
+ <td>CVE-2016-2503, CVE-2016-2067</td>
+ <td>Critical</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of privilege vulnerability in MediaTek Wi-Fi driver (Device
+ specific)</td>
+ <td>CVE-2016-3767</td>
+ <td>Critical</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of privilege vulnerability in Qualcomm performance component
+ (Device specific)</td>
+ <td>CVE-2016-3768</td>
+ <td>Critical</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of privilege vulnerability in NVIDIA video driver (Device
+ specific)</td>
+ <td>CVE-2016-3769</td>
+ <td>Critical</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of privilege vulnerability in MediaTek drivers (Device
+ specific)</td>
+ <td>CVE-2016-3770, CVE-2016-3771, CVE-2016-3772, CVE-2016-3773,
+ CVE-2016-3774</td>
+ <td>Critical</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of privilege vulnerability in kernel file system (Device
+ specific)</td>
+ <td>CVE-2016-3775</td>
+ <td>Critical</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of privilege vulnerability in USB driver (Device specific)</td>
+ <td>CVE-2015-8816</td>
+ <td>Critical</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of privilege vulnerability in Qualcomm components (Device
+ specific)</td>
+ <td>CVE-2014-9794, CVE-2014-9795, CVE-2015-8892, CVE-2013-7457, CVE-2014-9781,
+ CVE-2014-9786, CVE-2014-9788, CVE-2014-9779, CVE-2014-9780, CVE-2014-9789,
+ CVE-2014-9793, CVE-2014-9782, CVE-2014-9783, CVE-2014-9785, CVE-2014-9787,
+ CVE-2014-9784, CVE-2014-9777, CVE-2014-9778, CVE-2014-9790, CVE-2014-9792,
+ CVE-2014-9797, CVE-2014-9791, CVE-2014-9796, CVE-2014-9800, CVE-2014-9799,
+ CVE-2014-9801, CVE-2014-9802, CVE-2015-8891, CVE-2015-8888, CVE-2015-8889,
+ CVE-2015-8890</td>
+ <td>High</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of privilege vulnerability in Qualcomm USB driver (Device
+ specific)</td>
+ <td>CVE-2016-2502</td>
+ <td>High</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of privilege vulnerability in Qualcomm Wi-Fi driver (Device
+ specific)</td>
+ <td>CVE-2016-3792</td>
+ <td>High</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of privilege vulnerability in Qualcomm camera driver (Device
+ specific)</td>
+ <td>CVE-2016-2501</td>
+ <td>High</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of privilege vulnerability in NVIDIA camera driver (Device
+ specific)</td>
+ <td>CVE-2016-3793</td>
+ <td>High</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of privilege vulnerability in MediaTek power driver (Device
+ specific)</td>
+ <td>CVE-2016-3795, CVE-2016-3796</td>
+ <td>High</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of privilege vulnerability in Qualcomm Wi-Fi driver (Device
+ specific)</td>
+ <td>CVE-2016-3797</td>
+ <td>High</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of privilege vulnerability in MediaTek hardware sensor driver
+ (Device specific)</td>
+ <td>CVE-2016-3798</td>
+ <td>High</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of privilege vulnerability in MediaTek video driver (Device
+ specific)</td>
+ <td>CVE-2016-3799, CVE-2016-3800</td>
+ <td>High</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of privilege vulnerability in MediaTek GPS driver (Device
+ specific)</td>
+ <td>CVE-2016-3801</td>
+ <td>High</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of privilege vulnerability in kernel file system (Device
+ specific)</td>
+ <td>CVE-2016-3802, CVE-2016-3803</td>
+ <td>High</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of privilege vulnerability in MediaTek power management
+ driver (Device specific)</td>
+ <td>CVE-2016-3804, CVE-2016-3805</td>
+ <td>High</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of privilege vulnerability in MediaTek display driver (Device
+ specific)</td>
+ <td>CVE-2016-3806</td>
+ <td>High</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of privilege vulnerability in serial peripheral interface
+ driver (Device specific)</td>
+ <td>CVE-2016-3807, CVE-2016-3808</td>
+ <td>High</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of privilege vulnerability in Qualcomm sound driver (Device
+ specific)</td>
+ <td>CVE-2016-2068</td>
+ <td>High</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of privilege vulnerability in kernel (Device specific)</td>
+ <td>CVE-2014-9803</td>
+ <td>High</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Information disclosure vulnerability in networking component (Device
+ specific)</td>
+ <td>CVE-2016-3809</td>
+ <td>High</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Information disclosure vulnerability in MediaTek Wi-Fi driver (Device
+ specific)</td>
+ <td>CVE-2016-3810</td>
+ <td>High</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of privilege vulnerability in kernel video driver (Device
+ specific)</td>
+ <td>CVE-2016-3811</td>
+ <td>Moderate</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Information disclosure vulnerability in MediaTek video codec driver
+ (Device specific)</td>
+ <td>CVE-2016-3812</td>
+ <td>Moderate</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Information disclosure vulnerability in Qualcomm USB driver (Device
+ specific)</td>
+ <td>CVE-2016-3813</td>
+ <td>Moderate</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Information disclosure vulnerability in NVIDIA camera driver (Device
+ specific)</td>
+ <td>CVE-2016-3814, CVE-2016-3815</td>
+ <td>Moderate</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Information disclosure vulnerability in MediaTek display driver (Device
+ specific)</td>
+ <td>CVE-2016-3816</td>
+ <td>Moderate</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Information disclosure vulnerability in kernel teletype driver (Device
+ specific)</td>
+ <td>CVE-2016-0723</td>
+ <td>Moderate</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Denial of service vulnerability in Qualcomm bootloader (Device
+ specific)</td>
+ <td>CVE-2014-9798, CVE-2015-8893</td>
+ <td>Moderate</td>
+ <td>Yes</td>
+ </tr>
+</table>
+
+<h2 id="mitigations">Android and Google service mitigations</h2>
+<p>This is a summary of the mitigations provided by the <a
+href="{@docRoot}security/enhancements/index.html">Android
+security platform</a> and service protections such as SafetyNet. These
+capabilities reduce the likelihood that security vulnerabilities could be
+successfully exploited on Android.</p>
+<ul>
+ <li>Exploitation for many issues on Android is made more difficult by
+ enhancements in newer versions of the Android platform. We encourage all users
+ to update to the latest version of Android where possible.</li>
+ <li>The Android Security team actively monitors for abuse with
+ <a href="{@docRoot}security/reports/Google_Android_Security_2015_Report_Final.pdf">
+ Verify Apps and SafetyNet</a>, which are designed to warn users about
+ <a href="{@docRoot}security/reports/Google_Android_Security_PHA_classifications.pdf">
+ Potentially Harmful Applications</a>. Verify Apps is enabled by default on devices with
+ <a href="http://www.android.com/gms">Google Mobile Services</a>, and is especially
+ important for users who install applications from outside of Google Play. Device
+ rooting tools are prohibited within Google Play, but Verify Apps warns users
+ when they attempt to install a detected rooting application—no matter where it
+ comes from. Additionally, Verify Apps attempts to identify and block
+ installation of known malicious applications that exploit a privilege escalation
+ vulnerability. If such an application has already been installed, Verify Apps
+ will notify the user and attempt to remove the detected application.</li>
+ <li>As appropriate, Google Hangouts and Messenger applications do not
+ automatically pass media to processes such as Mediaserver.</li>
+</ul>
+
+<h2 id="acknowledgements">Acknowledgements</h2>
+<p>We would like to thank these researchers for their contributions:</p>
+<ul>
+ <li>Abhishek Arya, Oliver Chang, and Martin Barbella of Google Chrome Security
+ Team: CVE-2016-3756, CVE-2016-3741, CVE-2016-3743, CVE-2016-3742
+ <li>Adam Powell of Google: CVE-2016-3752
+ <li>Alex Chapman and Paul Stone of Context Information Security: CVE-2016-3763
+ <li>Andy Tyler (<a href="https://twitter.com/ticarpi">@ticarpi</a>) of
+ <a href="https://www.e2e-assure.com/">e2e-assure</a>: CVE-2016-2457
+ <li>Ben Hawkes of Google Project Zero: CVE-2016-3775
+ <li>Chiachih Wu (<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>),
+ Yuan-Tsung Lo (<a href="mailto:computernik@gmail.com">computernik@gmail.com</a>),
+ and Xuxian Jiang of <a href="http://c0reteam.org">C0RE Team</a>: CVE-2016-3770,
+ CVE-2016-3771, CVE-2016-3772, CVE-2016-3773, CVE-2016-3774
+ <li>Christopher Tate of Google: CVE-2016-3759
+ <li>Di Shen (<a href="https://twitter.com/returnsme">@returnsme</a>) of KeenLab
+ (<a href="https://twitter.com/keen_lab">@keen_lab</a>), Tencent: CVE-2016-3762
+ <li>Gengjia Chen (<a href="https://twitter.com/chengjia4574">@chengjia4574</a>),
+ pjf (<a href="http://weibo.com/jfpan">weibo.com/jfpan</a>) of IceSword Lab,
+ <a href="http://www.360.com">Qihoo 360 Technology Co. Ltd.</a>: CVE-2016-3806,
+ CVE-2016-3816, CVE-2016-3805, CVE-2016-3804, CVE-2016-3767, CVE-2016-3810,
+ CVE-2016-3795, CVE-2016-3796
+ <li>Greg Kaiser of Google Android Team: CVE-2016-3758
+ <li>Guang Gong (龚广) (<a href="https://twitter.com/oldfresher">@oldfresher</a>)
+ of Mobile Safe Team, <a href="http://www.360.com">Qihoo 360 Technology Co.
+ Ltd</a>.: CVE-2016-3764
+ <li>Hao Chen and Guang Gong of Mobile Safe Team, <a href="http://www.360.com">
+ Qihoo 360 Technology Co. Ltd</a>.: CVE-2016-3792, CVE-2016-3768
+ <li>Hao Qin of Security Research Lab, <a href="http://www.cmcm.com">Cheetah
+ Mobile</a>: CVE-2016-3754, CVE-2016-3766
+ <li>Jianqiang Zhao (<a href="https://twitter.com/jianqiangzhao">@jianqiangzhao</a>)
+ and pjf (<a href="http://weibo.com/jfpan">weibo.com/jfpan</a>) of IceSword Lab,
+ <a href="http://www.360.com">Qihoo 360 Technology Co. Ltd</a>: CVE-2016-3814,
+ CVE-2016-3802, CVE-2016-3769, CVE-2016-3807, CVE-2016-3808
+ <li>Marco Nelissen of Google: CVE-2016-3818, CVE-2016-3750
+ <li>Mark Brand of Google Project Zero: CVE-2016-3757
+ <li>Mingjian Zhou (<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>),
+ Chiachih Wu (<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>), and
+ Xuxian Jiang of <a href="http://c0reteam.org">C0RE Team</a>: CVE-2016-3747,
+ CVE-2016-3746, CVE-2016-3765
+ <li>Peng Xiao, Chengming Yang, Ning You, Chao Yang, and Yang Ssong of Alibaba
+ Mobile Security Group: CVE-2016-3800, CVE-2016-3799, CVE-2016-3801,
+ CVE-2016-3812, CVE-2016-3798
+ <li>Peter Pi (<a href="https://twitter.com/heisecode">@heisecode</a>) of Trend
+ Micro: CVE-2016-3793
+ <li>Ricky Wai of Google: CVE-2016-3749
+ <li>Roeland Krak: CVE-2016-3753
+ <li>Scott Bauer (<a href="https://twitter.com/ScottyBauer1">@ScottyBauer1</a>):
+ CVE-2016-3797, CVE-2016-3813, CVE-2016-3815, CVE-2016-2501, CVE-2016-2502
+ <li>Vasily Vasilev: CVE-2016-2507
+ <li>Weichao Sun (<a href="https://twitter.com/sunblate">@sunblate</a>) of
+ Alibaba Inc.: CVE-2016-2508, CVE-2016-3755
+ <li>Wen Niu (<a href="https://twitter.com/NWMonster">@NWMonster</a>) of KeenLab
+ (<a href="https://twitter.com/keen_lab">@keen_lab</a>), Tencent: CVE-2016-3809
+ <li>Xiling Gong of Tencent Security Platform Department: CVE-2016-3745
+ <li>Yacong Gu of TCA Lab, Institute of Software, Chinese Academy of Sciences:
+ CVE-2016-3761
+ <li>Yongke Wang (<a href="https://twitter.com/Rudykewang">@Rudykewang</a>) of
+ Xuanwu LAB, Tencent: CVE-2016-2505
+ <li>Yongke Wang (<a href="https://twitter.com/Rudykewang">@Rudykewang</a>) and
+ Wei Wei (<a href="https://twitter.com/Danny__Wei">@Danny__Wei</a>) of Xuanwu
+ LAB, Tencent: CVE-2016-2506
+ <li>Yulong Zhang and Tao (Lenx) Wei of Baidu X-Lab: CVE-2016-3744</li>
+</ul>
+
+<h2 id="2016-07-01_details">2016-07-01 security patch level—Security vulnerability details</h2>
+<p>In the sections below, we provide details for each of the security
+vulnerabilities listed in the <a href="#2016-07-01_summary">2016-07-01 security patch level—Vulnerability
+summary</a> above. There is a description of the issue, a severity rationale, and a
+table with the CVE, associated references, severity, updated Nexus devices,
+updated AOSP versions (where applicable), and date reported. When available, we
+will link the public change that addressed the issue to the bug ID, like the
+AOSP change list. When multiple changes relate to a single bug, additional
+references are linked to numbers following the bug ID.</p>
+
+<h3 id="remote-code-execution-vulnerability-in-mediaserver">
+Remote code execution vulnerability in Mediaserver</h3>
+<p>A remote code execution vulnerability in Mediaserver could enable an attacker
+using a specially crafted file to cause memory corruption during media file and
+data processing. This issue is rated as Critical due to the possibility of
+remote code execution within the context of the Mediaserver process. The
+Mediaserver process has access to audio and video streams, as well as access to
+privileges that third-party apps could not normally access.</p>
+<p>The affected functionality is provided as a core part of the operating system
+and there are multiple applications that allow it to be reached with remote
+content, most notably MMS and browser playback of media.</p>
+
+<table>
+ <col width="19%">
+ <col width="19%">
+ <col width="10%">
+ <col width="16%">
+ <col width="17%">
+ <col width="17%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Updated AOSP versions</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-2506</td>
+ <td><a href="https://android.googlesource.com/platform/frameworks/av/+/e248db02fbab2ee9162940bc19f087fd7d96cb9d">
+ A-28175045</a></td>
+ <td>Critical</td>
+ <td><a href="#all_nexus">All Nexus</a></td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td>
+ <td>Apr 11, 2016</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-2505</td>
+ <td><a href="https://android.googlesource.com/platform/frameworks/av/+/4f236c532039a61f0cf681d2e3c6e022911bbb5c">
+ A-28333006</a></td>
+ <td>Critical</td>
+ <td><a href="#all_nexus">All Nexus</a></td>
+ <td>6.0, 6.0.1</td>
+ <td>Apr 21, 2016</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-2507</td>
+ <td><a href="https://android.googlesource.com/platform/frameworks/av/+/60547808ca4e9cfac50028c00c58a6ceb2319301">
+ A-28532266</a></td>
+ <td>Critical</td>
+ <td><a href="#all_nexus">All Nexus</a></td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td>
+ <td>May 2, 2016</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-2508</td>
+ <td><a href="https://android.googlesource.com/platform/frameworks/av/+/f81038006b4c59a5a148dcad887371206033c28f">
+ A-28799341</a>
+ [<a href="https://android.googlesource.com/platform/frameworks/av/+/d112f7d0c1dbaf0368365885becb11ca8d3f13a4">2</a>]
+ </td>
+ <td>Critical</td>
+ <td><a href="#all_nexus">All Nexus</a></td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td>
+ <td>May 16, 2016</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-3741</td>
+ <td><a href="https://android.googlesource.com/platform/external/libavc/+/e629194c62a9a129ce378e08cb1059a8a53f1795">
+ A-28165661</a>
+ [<a href="https://android.googlesource.com/platform/external/libavc/+/cc676ebd95247646e67907ccab150fb77a847335">2</a>]
+ </td>
+ <td>Critical</td>
+ <td><a href="#all_nexus">All Nexus</a></td>
+ <td>6.0, 6.0.1</td>
+ <td>Google internal</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-3742</td>
+ <td><a href="https://android.googlesource.com/platform/external/libavc/+/a583270e1c96d307469c83dc42bd3c5f1b9ef63f">
+ A-28165659</a>
+ </td>
+ <td>Critical</td>
+ <td><a href="#all_nexus">All Nexus</a></td>
+ <td>6.0, 6.0.1</td>
+ <td>Google internal</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-3743</td>
+ <td><a href="https://android.googlesource.com/platform/external/libavc/+/ecf6c7ce6d5a22d52160698aab44fc234c63291a">
+ A-27907656</a>
+ </td>
+ <td>Critical</td>
+ <td><a href="#all_nexus">All Nexus</a></td>
+ <td>6.0, 6.0.1</td>
+ <td>Google internal</td>
+ </tr>
+</table>
+
+
+<h3 id="remote-code-execution-vulnerability-in-openssl-&-boringssl">
+Remote code execution vulnerability in OpenSSL & BoringSSL</h3>
+<p>A remote code execution vulnerability in OpenSSL and BoringSSL could enable an
+attacker using a specially crafted file to cause memory corruption during file
+and data processing. This issue is rated as Critical due to the possibility of
+remote code execution within the context of an affected process.</p>
+
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="19%">
+ <col width="18%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Updated AOSP versions</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-2108</td>
+ <td><a href="https://android.googlesource.com/platform/external/boringssl/+/74750e1fb24149043a533497f79c577b704d6e30">
+ A-28175332</a>
+ </td>
+ <td>Critical</td>
+ <td><a href="#all_nexus">All Nexus</a></td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td>
+ <td>May 3, 2016</td>
+ </tr>
+</table>
+
+<h3 id="remote-code-execution-vulnerability-in-bluetooth">
+Remote code execution vulnerability in Bluetooth</h3>
+<p>A remote code execution vulnerability in Bluetooth could allow a proximal
+attacker to execute arbitrary code during the pairing process. This issue is
+rated as High due to the possibility of remote code execution during the
+initialization of a Bluetooth device.</p>
+
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="19%">
+ <col width="18%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Updated AOSP versions</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-3744</td>
+ <td><a href="https://android.googlesource.com/platform/system/bt/+/514139f4b40cbb035bb92f3e24d5a389d75db9e6">
+ A-27930580</a></td>
+ <td>High</td>
+ <td><a href="#all_nexus">All Nexus</a></td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td>
+ <td>Mar 30, 2016</td>
+ </tr>
+</table>
+
+<h3 id="elevation-of-privilege-vulnerability-in-libpng">
+Elevation of privilege vulnerability in libpng</h3>
+<p>An elevation of privilege vulnerability in libpng could enable a local malicious
+application to execute arbitrary code within the context of an elevated system
+application. This issue is rated as High because it could be used to gain local
+access to elevated capabilities, such as
+<a href="https://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a>
+or <a href="https://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a>
+permissions privileges, which are not accessible to a third-party application.</p>
+
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="19%">
+ <col width="18%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Updated AOSP versions</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-3751</td>
+ <td><a href="https://android.googlesource.com/platform/external/libpng/+/9d4853418ab2f754c2b63e091c29c5529b8b86ca">
+ A-23265085</a>
+ </td>
+ <td>High</td>
+ <td><a href="#all_nexus">All Nexus</a></td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td>
+ <td>Dec 3, 2015</td>
+ </tr>
+</table>
+
+<h3 id="elevation-of-privilege-vulnerability-in-mediaserver">
+Elevation of privilege vulnerability in Mediaserver</h3>
+<p>An elevation of privilege vulnerability in Mediaserver could enable a local
+malicious application to execute arbitrary code within the context of an
+elevated system application. This issue is rated as High because it could be
+used to gain local access to elevated capabilities, such as
+<a href="https://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a>
+or <a href="https://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a>
+permissions privileges, which are not accessible to a third-party application.</p>
+
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="19%">
+ <col width="18%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Updated AOSP versions</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-3745</td>
+ <td><a href="https://android.googlesource.com/platform/hardware/qcom/audio/+/073a80800f341325932c66818ce4302b312909a4">
+ A-28173666</a>
+ </td>
+ <td>High</td>
+ <td><a href="#all_nexus">All Nexus</a></td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td>
+ <td>Apr 10, 2016</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-3746</td>
+ <td><a href="https://android.googlesource.com/platform/hardware/qcom/media/+/5b82f4f90c3d531313714df4b936f92fb0ff15cf">
+ A-27890802</a>
+ </td>
+ <td>High</td>
+ <td><a href="#all_nexus">All Nexus</a></td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td>
+ <td>Mar 27, 2016</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-3747</td>
+ <td><a href="https://android.googlesource.com/platform/hardware/qcom/media/+/4ed06d14080d8667d5be14eed200e378cba78345">
+ A-27903498</a>
+ </td>
+ <td>High</td>
+ <td><a href="#all_nexus">All Nexus</a></td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td>
+ <td>Mar 28, 2016</td>
+ </tr>
+</table>
+
+<h3 id="elevation-of-privilege-vulnerability-in-sockets">
+Elevation of privilege vulnerability in sockets</h3>
+<p>An elevation of privilege vulnerability in sockets could enable a local
+malicious application to access system calls outside of its permissions level.
+This issue is rated as High because it could permit a bypass of security
+measures in place to increase the difficulty of attackers exploiting the
+platform.</p>
+
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="19%">
+ <col width="18%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Updated AOSP versions</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-3748</td>
+ <td><a href="https://android.googlesource.com/platform/external/sepolicy/+/556bb0f55324e8839d7b735a0de9bc31028e839e">
+ A-28171804</a>
+ </td>
+ <td>High</td>
+ <td><a href="#all_nexus">All Nexus</a></td>
+ <td>6.0, 6.0.1</td>
+ <td>Apr 13, 2016</td>
+ </tr>
+</table>
+
+<h3 id="elevation-of-privilege-vulnerability-in-locksettingsservice">
+Elevation of privilege vulnerability in LockSettingsService</h3>
+<p>An elevation of privilege vulnerability in the LockSettingsService could enable
+a malicious application to reset the screen lock password without authorization
+from the user. This issue is rated as High because it is a local bypass of user
+interaction requirements for any developer or security settings modifications.</p>
+
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="19%">
+ <col width="17%">
+ <col width="17%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Updated AOSP versions</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-3749</td>
+ <td><a href="https://android.googlesource.com/platform/frameworks/base/+/e83f0f6a5a6f35323f5367f99c8e287c440f33f5">
+ A-28163930</a>
+ </td>
+ <td>High</td>
+ <td><a href="#all_nexus">All Nexus</a></td>
+ <td>6.0, 6.0.1</td>
+ <td>Google internal</td>
+ </tr>
+</table>
+
+<h3 id="elevation-of-privilege-vulnerability-in-framework-apis">
+Elevation of privilege vulnerability in Framework APIs</h3>
+<p>An elevation of privilege vulnerability in the Parcels Framework APIs could
+enable a local malicious application to bypass operating system protections that
+isolate application data from other applications. This issue is rated as High
+because it could be used to gain access to data that the application does not
+have access to.</p>
+
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="19%">
+ <col width="17%">
+ <col width="17%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Updated AOSP versions</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-3750</td>
+ <td><a href="https://android.googlesource.com/platform/frameworks/native/+/54cb02ad733fb71b1bdf78590428817fb780aff8">
+ A-28395952</a>
+ </td>
+ <td>High</td>
+ <td><a href="#all_nexus">All Nexus</a></td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td>
+ <td>Google internal</td>
+ </tr>
+</table>
+
+<h3 id="elevation-of-privilege-vulnerability-in-choosertarget-service">
+Elevation of privilege vulnerability in ChooserTarget service</h3>
+<p>An elevation of privilege vulnerability in the ChooserTarget service could
+enable a local malicious application to execute code in the context of another
+application. This issue is rated High because it could be used to access
+Activities belonging to another application without permission.</p>
+
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="19%">
+ <col width="17%">
+ <col width="17%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Updated AOSP versions</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-3752</td>
+ <td><a href="https://android.googlesource.com/platform/frameworks/base/+/ddbf2db5b946be8fdc45c7b0327bf560b2a06988">
+ A-28384423</a>
+ </td>
+ <td>High</td>
+ <td><a href="#all_nexus">All Nexus</a></td>
+ <td>6.0, 6.0.1</td>
+ <td>Google internal</td>
+ </tr>
+</table>
+
+<h3 id="information-disclosure-vulnerability-in-mediaserver">
+Information disclosure vulnerability in Mediaserver</h3>
+<p>An information disclosure vulnerability in Mediaserver could enable a remote
+attacker to access protected data normally only accessible to locally installed
+apps that request permission. This issue is rated as High because it could be
+used to access data without permission.</p>
+
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="19%">
+ <col width="18%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Updated AOSP versions</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-3753</td>
+ <td>A-27210135</td>
+ <td>High</td>
+ <td>None*</td>
+ <td>4.4.4</td>
+ <td>Feb 15, 2016</td>
+ </tr>
+</table>
+<p>* Supported Nexus devices that have installed all available updates are not
+affected by this vulnerability.</p>
+
+<h3 id="information-disclosure-vulnerability-in-openssl">
+Information disclosure vulnerability in OpenSSL</h3>
+<p>An information disclosure vulnerability in OpenSSL could enable a remote
+attacker to access protected data normally only accessible to locally installed
+apps that request permission. This issue is rated as High because it could be
+used to access data without permission.</p>
+
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="19%">
+ <col width="18%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Updated AOSP versions</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-2107</td>
+ <td>A-28550804</td>
+ <td>High</td>
+ <td>None*</td>
+ <td>4.4.4, 5.0.2, 5.1.1</td>
+ <td>April 13, 2016</td>
+ </tr>
+</table>
+<p>* Supported Nexus devices that have installed all available updates are not
+affected by this vulnerability.</p>
+
+<h3 id="denial-of-service-vulnerability-in-mediaserver">
+Denial of service vulnerability in Mediaserver</h3>
+<p>A denial of service vulnerability in Mediaserver could enable an attacker to use
+a specially crafted file to cause a device hang or reboot. This issue is rated
+as High due to the possibility of a temporary remote denial of service.</p>
+
+<table>
+ <col width="19%">
+ <col width="19%">
+ <col width="10%">
+ <col width="16%">
+ <col width="17%">
+ <col width="17%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Updated AOSP versions</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-3754</td>
+ <td><a href="https://android.googlesource.com/platform/frameworks/av/+/6fdee2a83432b3b150d6a34f231c4e2f7353c01e">
+ A-28615448</a>
+ [<a href="https://android.googlesource.com/platform/frameworks/av/+/e7142a0703bc93f75e213e96ebc19000022afed9">2</a>]
+ </td>
+ <td>High</td>
+ <td><a href="#all_nexus">All Nexus</a></td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td>
+ <td>May 5, 2016</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-3755</td>
+ <td><a href="https://android.googlesource.com/platform/external/libavc/+/d4841f1161bdb5e13cb19e81af42437a634dd6ef">
+ A-28470138</a>
+ </td>
+ <td>High</td>
+ <td><a href="#all_nexus">All Nexus</a></td>
+ <td>6.0, 6.0.1</td>
+ <td>Apr 29, 2016</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-3756</td>
+ <td><a href="https://android.googlesource.com/platform/external/tremolo/+/659030a2e80c38fb8da0a4eb68695349eec6778b">
+ A-28556125</a>
+ </td>
+ <td>High</td>
+ <td><a href="#all_nexus">All Nexus</a></td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td>
+ <td>Google internal</td>
+ </tr>
+</table>
+
+<h3 id="denial-of-service-vulnerability-in-libc">
+Denial of service vulnerability in libc</h3>
+<p>A denial of service vulnerability in libc could enable an attacker to use a
+specially crafted file to cause a device hang or reboot. This issue is rated as
+High due to the possibility of remote denial of service.</p>
+
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="19%">
+ <col width="17%">
+ <col width="17%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Updated AOSP versions</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-3818</td>
+ <td>A-28740702</td>
+ <td>High</td>
+ <td>None*</td>
+ <td>4.4.4</td>
+ <td>Google internal</td>
+ </tr>
+</table>
+<p>* Supported Nexus devices that have installed all available updates are not
+affected by this vulnerability.</p>
+
+<h3 id="elevation-of-privilege-vulnerability-in-lsof">
+Elevation of privilege vulnerability in lsof</h3>
+<p>An elevation of privilege vulnerability in lsof could enable a local malicious
+application to execute arbitrary code that could lead to a permanent device
+compromise. This issue is rated as Moderate because it requires uncommon manual
+steps.</p>
+
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="19%">
+ <col width="18%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Updated AOSP versions</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-3757</td>
+ <td><a href="https://android.googlesource.com/platform/system/core/+/ae18eb014609948a40e22192b87b10efc680daa7">
+ A-28175237</a>
+ </td>
+ <td>Moderate</td>
+ <td><a href="#all_nexus">All Nexus</a></td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td>
+ <td>Apr 11, 2016</td>
+ </tr>
+</table>
+
+<h3 id="elevation-of-privilege-vulnerability-in-dexclassloader">
+Elevation of privilege vulnerability in DexClassLoader</h3>
+<p>An elevation of privilege vulnerability in the DexClassLoader could enable a
+local malicious application to execute arbitrary code within the context of a
+privileged process. This issue is rated as Moderate because it requires uncommon
+manual steps.</p>
+
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="19%">
+ <col width="17%">
+ <col width="17%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Updated AOSP versions</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-3758</td>
+ <td><a href="https://android.googlesource.com/platform/dalvik/+/338aeaf28e9981c15d0673b18487dba61eb5447c">
+ A-27840771</a>
+ </td>
+ <td>Moderate</td>
+ <td><a href="#all_nexus">All Nexus</a></td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td>
+ <td>Google internal</td>
+ </tr>
+</table>
+
+<h3 id="elevation-of-privilege-vulnerability-in-framework-apis-2">
+Elevation of privilege vulnerability in Framework APIs</h3>
+<p>An elevation of privilege vulnerability in the Framework APIs could enable a
+local malicious application to request backup permissions and intercept all
+backup data. This issue is rated as Moderate because it requires specific
+permissions to bypass operating system protections that isolate application data
+from other applications.</p>
+
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="19%">
+ <col width="17%">
+ <col width="17%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Updated AOSP versions</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-3759</td>
+ <td><a href="https://android.googlesource.com/platform/frameworks/base/+/9b8c6d2df35455ce9e67907edded1e4a2ecb9e28">
+ A-28406080</a>
+ </td>
+ <td>Moderate</td>
+ <td><a href="#all_nexus">All Nexus</a></td>
+ <td>5.0.2, 5.1.1, 6.0, 6.0.1</td>
+ <td>Google internal</td>
+ </tr>
+</table>
+
+<h3 id="elevation-of-privilege-vulnerability-in-bluetooth">
+Elevation of privilege vulnerability in Bluetooth</h3>
+<p>An elevation of privilege vulnerability in the Bluetooth component could enable
+a local attacker to add an authenticated Bluetooth device that persists for the
+primary user. This issue is rated as Moderate because it could be used to gain
+elevated capabilities without explicit user permission.</p>
+
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="19%">
+ <col width="18%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Updated AOSP versions</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-3760</td>
+ <td><a href="https://android.googlesource.com/platform/hardware/libhardware/+/8b3d5a64c3c8d010ad4517f652731f09107ae9c5">A-27410683</a>
+[<a href="https://android.googlesource.com/platform/system/bt/+/37c88107679d36c419572732b4af6e18bb2f7dce">2</a>]
+[<a href="https://android.googlesource.com/platform/packages/apps/Bluetooth/+/122feb9a0b04290f55183ff2f0384c6c53756bd8">3</a>]
+ </td>
+ <td>Moderate</td>
+ <td><a href="#all_nexus">All Nexus</a></td>
+ <td>5.0.2, 5.1.1, 6.0, 6.0.1</td>
+ <td>Feb 29, 2016</td>
+ </tr>
+</table>
+
+<h3 id="elevation-of-privilege-vulnerability-in-nfc">
+Elevation of privilege vulnerability in NFC</h3>
+<p>An elevation of privilege vulnerability in NFC could enable a local malicious
+background application to access information from a foreground application. This
+issue is rated as Moderate because it could be used to gain elevated
+capabilities without explicit user permission.</p>
+
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="19%">
+ <col width="18%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Updated AOSP versions</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-3761</td>
+ <td><a href="https://android.googlesource.com/platform/packages/apps/Nfc/+/9ea802b5456a36f1115549b645b65c791eff3c2c">
+ A-28300969</a>
+ </td>
+ <td>Moderate</td>
+ <td><a href="#all_nexus">All Nexus</a></td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td>
+ <td>Apr 20, 2016</td>
+ </tr>
+</table>
+
+<h3 id="elevation-of-privilege-vulnerability-in-sockets-2">
+Elevation of privilege vulnerability in sockets</h3>
+<p>An elevation of privilege vulnerability in sockets could enable a local
+malicious application to gain access to certain uncommon socket types possibly
+leading to arbitrary code execution within the context of the kernel. This issue
+is rated as Moderate because it could permit a bypass of security measures in
+place to increase the difficulty of attackers exploiting the platform.</p>
+
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="19%">
+ <col width="18%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Updated AOSP versions</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-3762</td>
+ <td><a href="https://android.googlesource.com/platform/external/sepolicy/+/abf0663ed884af7bc880a05e9529e6671eb58f39">
+ A-28612709</a>
+ </td>
+ <td>Moderate</td>
+ <td><a href="#all_nexus">All Nexus</a></td>
+ <td>5.0.2, 5.1.1, 6.0, 6.0.1</td>
+ <td>Apr 21, 2016</td>
+ </tr>
+</table>
+
+<h3 id="information-disclosure-vulnerability-in-proxy-auto-config">
+Information disclosure vulnerability in Proxy Auto-Config</h3>
+<p>An information disclosure vulnerability in the Proxy Auto-Config component could
+allow an application to access sensitive information. This issue is rated
+Moderate because it could be used to access data without permission.</p>
+
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="19%">
+ <col width="18%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Updated AOSP versions</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-3763</td>
+ <td><a href="https://android.googlesource.com/platform/frameworks/base/+/ec2fc50d202d975447211012997fe425496c849c">
+ A-27593919</a>
+ </td>
+ <td>Moderate</td>
+ <td><a href="#all_nexus">All Nexus</a></td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td>
+ <td>Mar 10, 2016</td>
+ </tr>
+</table>
+
+<h3 id="information-disclosure-vulnerability-in-mediaserver-2">
+Information disclosure vulnerability in Mediaserver</h3>
+<p>An information disclosure vulnerability in Mediaserver could allow a local
+malicious application to access sensitive information. This issue is rated as
+Moderate because it could be used to access data without permission.</p>
+
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="19%">
+ <col width="18%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Updated AOSP versions</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-3764</td>
+ <td><a href="https://android.googlesource.com/platform/frameworks/av/+/daef4327fe0c75b0a90bb8627458feec7a301e1f">
+ A-28377502</a>
+ </td>
+ <td>Moderate</td>
+ <td><a href="#all_nexus">All Nexus</a></td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td>
+ <td>Apr 25, 2016</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-3765</td>
+ <td><a href="https://android.googlesource.com/platform/external/libmpeg2/+/d1c775d1d8d2ed117d1e026719b7f9f089716597">
+ A-28168413</a>
+ </td>
+ <td>Moderate</td>
+ <td><a href="#all_nexus">All Nexus</a></td>
+ <td>6.0, 6.0.1</td>
+ <td>Apr 8, 2016</td>
+ </tr>
+</table>
+
+<h3 id="denial-of-service-vulnerability-in-mediaserver-2">
+Denial of service vulnerability in Mediaserver</h3>
+<p>A denial of service vulnerability in Mediaserver could enable an attacker to use
+a specially crafted file to cause a device hang or reboot. This issue is rated
+as Moderate due to the possibility of remote denial of service.</p>
+
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="19%">
+ <col width="18%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Updated AOSP versions</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-3766</td>
+ <td><a href="https://android.googlesource.com/platform/frameworks/av/+/6fdee2a83432b3b150d6a34f231c4e2f7353c01e">
+ A-28471206</a>
+ [<a href="https://android.googlesource.com/platform/frameworks/av/+/e7142a0703bc93f75e213e96ebc19000022afed9">2</a>]
+ </td>
+ <td>Moderate</td>
+ <td><a href="#all_nexus">All Nexus</a></td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td>
+ <td>Apr 29, 2016</td>
+ </tr>
+</table>
+
+<h2 id="2016-07-05_details">2016-07-05 security patch level—Vulnerability details</h2>
+<p>In the sections below, we provide details for each of the security
+vulnerabilities listed in the <a href="2016-07-05_summary">2016-07-05 security patch level—Vulnerability
+summary</a> above. There is a description of the issue, a severity rationale, and a
+table with the CVE, associated references, severity, updated Nexus devices,
+updated AOSP versions (where applicable), and date reported. When available, we
+will link the public change that addressed the issue to the bug ID, like the
+AOSP change list. When multiple changes relate to a single bug, additional
+references are linked to numbers following the bug ID.</p>
+
+<h3 id="elevation-of-privilege-vulnerability-in-qualcomm-gpu-driver">
+Elevation of privilege vulnerability in Qualcomm GPU driver</h3>
+<p>An elevation of privilege vulnerability in the Qualcomm GPU driver could enable
+a local malicious application to execute arbitrary code within the context of
+the kernel. This issue is rated as Critical due to the possibility of a local
+permanent device compromise, which may require reflashing the operating system
+to repair the device.</p>
+
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="27%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-2503</td>
+ <td>A-28084795*
+ QC-CR1006067</td>
+ <td>Critical</td>
+ <td>Nexus 5X, Nexus 6P</td>
+ <td>Apr 5, 2016</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-2067</td>
+ <td>A-28305757
+ <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm-3.18/commit/?id=410cfa95f0a1cf58819cbfbd896f9aa45b004ac0">
+ QC-CR988993</a></td>
+ <td>Critical</td>
+ <td>Nexus 5X, Nexus 6, Nexus 6P</td>
+ <td>Apr 20, 2016</td>
+ </tr>
+</table>
+<p>* The patch for this issue is not publicly available. The update is contained in
+the latest binary drivers for Nexus devices available from the
+<a href="https://developers.google.com/android/nexus/drivers">Google Developer site</a>.</p>
+
+<h3 id="elevation-of-privilege-vulnerability-in-mediatek-wi-fi-driver">
+Elevation of privilege vulnerability in MediaTek Wi-Fi driver</h3>
+<p>An elevation of privilege vulnerability in the MediaTek Wi-Fi driver could
+enable a local malicious application to execute arbitrary code within the
+context of the kernel. This issue is rated as Critical due to the possibility of
+a local permanent device compromise, which may require reflashing the operating
+system to repair the device.</p>
+
+<table>
+ <col width="19%">
+ <col width="20%">
+ <col width="10%">
+ <col width="23%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-3767</td>
+ <td>A-28169363*
+ <br>M-ALPS02689526</td>
+ <td>Critical</td>
+ <td>Android One</td>
+ <td>Apr 6, 2016</td>
+ </tr>
+</table>
+<p>* The patch for this issue is not publicly available. The update is contained in
+the latest binary drivers for Nexus devices available from the
+<a href="https://developers.google.com/android/nexus/drivers">Google Developer site</a>.</p>
+
+<h3
+id="elevation-of-privilege-vulnerability-in-qualcomm-performance-component">
+Elevation of privilege vulnerability in Qualcomm performance component</h3>
+<p>An elevation of privilege vulnerability in the Qualcomm performance component
+could enable a local malicious application to execute arbitrary code within the
+context of the kernel. This issue is rated as Critical severity due to the
+possibility of a local permanent device compromise, which may require reflashing
+the operating system to repair the device.</p>
+
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="27%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-3768</td>
+ <td>A-28172137*
+ QC-CR1010644</td>
+ <td>Critical</td>
+ <td>Nexus 5, Nexus 6, Nexus 5X, Nexus 6P, Nexus 7 (2013)</td>
+ <td>Apr 9, 2016</td>
+ </tr>
+</table>
+<p>* The patch for this issue is not publicly available. The update is contained in
+the latest binary drivers for Nexus devices available from the
+<a href="https://developers.google.com/android/nexus/drivers">Google Developer site</a>.</p>
+
+<h3 id="elevation-of-privilege-vulnerability-in-nvidia-video-driver">
+Elevation of privilege vulnerability in NVIDIA video driver</h3>
+<p>An elevation of privilege vulnerability in the NVIDIA video driver could enable
+a local malicious application to execute arbitrary code within the context of
+the kernel. This issue is rated as Critical due to the possibility of a local
+permanent device compromise, which may require reflashing the operating system
+to repair the device.</p>
+
+<table>
+ <col width="19%">
+ <col width="20%">
+ <col width="10%">
+ <col width="23%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-3769</td>
+ <td>A-28376656*<br>
+ N-CVE20163769</td>
+ <td>Critical</td>
+ <td>Nexus 9</td>
+ <td>Apr 18, 2016</td>
+ </tr>
+</table>
+<p>* The patch for this issue is not publicly available. The update is contained in
+the latest binary drivers for Nexus devices available from the
+<a href="https://developers.google.com/android/nexus/drivers">Google Developer site</a>.</p>
+
+<h3 id="elevation-of-privilege-vulnerability-in-mediatek-drivers-device-specific">
+Elevation of privilege vulnerability in MediaTek drivers (Device specific)</h3>
+<p>An elevation of privilege vulnerability in multiple MediaTek drivers could
+enable a local malicious application to execute arbitrary code within the
+context of the kernel. This issue is rated as Critical due to the possibility of
+a local permanent device compromise, which may require reflashing the operating
+system to repair the device.</p>
+
+<table>
+ <col width="19%">
+ <col width="20%">
+ <col width="10%">
+ <col width="23%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-3770</td>
+ <td>A-28346752*<br>
+ M-ALPS02703102</td>
+ <td>Critical</td>
+ <td>Android One</td>
+ <td>Apr 22, 2016</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-3771</td>
+ <td>A-29007611*<br>
+ M-ALPS02703102</td>
+ <td>Critical</td>
+ <td>Android One</td>
+ <td>Apr 22, 2016</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-3772</td>
+ <td>A-29008188*<br>
+ M-ALPS02703102</td>
+ <td>Critical</td>
+ <td>Android One</td>
+ <td>Apr 22, 2016</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-3773</td>
+ <td>A-29008363*<br>
+ M-ALPS02703102</td>
+ <td>Critical</td>
+ <td>Android One</td>
+ <td>Apr 22, 2016</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-3774</td>
+ <td>A-29008609*<br>
+ M-ALPS02703102</td>
+ <td>Critical</td>
+ <td>Android One</td>
+ <td>Apr 22, 2016</td>
+ </tr>
+</table>
+<p>* The patch for this issue is not publicly available. The update is contained in
+the latest binary drivers for Nexus devices available from the
+<a href="https://developers.google.com/android/nexus/drivers">Google Developer site</a>.</p>
+
+<h3 id="elevation-of-privilege-vulnerability-in-kernel-file-system">
+Elevation of privilege vulnerability in kernel file system</h3>
+<p>An elevation of privilege vulnerability in the kernel file system could enable a
+local malicious application to execute arbitrary code within the context of the
+kernel. This issue is rated as Critical due to the possibility of a local
+permanent device compromise, which may require reflashing the operating system
+to repair the device.</p>
+
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="27%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-3775</td>
+ <td>A-28588279*</td>
+ <td>Critical</td>
+ <td>Nexus 5X, Nexus 6, Nexus 6P and Nexus Player, Pixel C</td>
+ <td>May 4, 2016</td>
+ </tr>
+</table>
+<p>* The patch for this issue is not publicly available. The update is contained in
+the latest binary drivers for Nexus devices available from the
+<a href="https://developers.google.com/android/nexus/drivers">Google Developer site</a>.</p>
+
+<h3 id="elevation-of-privilege-vulnerability-in-usb-driver">
+Elevation of privilege vulnerability in USB driver</h3>
+<p>An elevation of privilege vulnerability in the USB driver could enable a local
+malicious application to execute arbitrary code within the context of the
+kernel. This issue is rated as Critical severity due to the possibility of a
+local permanent device compromise, which may require reflashing the operating
+system to repair the device.</p>
+
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="27%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2015-8816</td>
+ <td>A-28712303*</td>
+ <td>Critical</td>
+ <td>Nexus 5X, Nexus 6, Nexus 6P, Nexus 7 (2013), Nexus 9, Nexus Player, Pixel C</td>
+ <td>May 4, 2016</td>
+ </tr>
+</table>
+<p>* The patch for this issue is not publicly available. The update is contained in
+the latest binary drivers for Nexus devices available from the
+<a href="https://developers.google.com/android/nexus/drivers">Google Developer site</a>.</p>
+
+<h3 id="elevation-of-privilege-vulnerability-in-qualcomm-components">
+Elevation of privilege vulnerability in Qualcomm components</h3>
+<p>The table below contains security vulnerabilities affecting Qualcomm components
+including the bootloader, camera driver, character drive, networking, sound
+driver and video driver.</p>
+<p>The most severe of these issues is rated as Critical due to possibility of
+arbitrary code execution leading to the possibility of a local permanent device
+compromise, which may require reflashing the operating system to repair the
+device.</p>
+
+<table>
+ <col width="19%">
+ <col width="20%">
+ <col width="10%">
+ <col width="23%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity*</th>
+ <th>Updated Nexus devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2014-9795</td>
+ <td>A-28820720<br>
+ <a href="https://us.codeaurora.org/cgit/quic/la//kernel/lk/commit/?id=ce2a0ea1f14298abc83729f3a095adab43342342">QC-CR681957</a>
+ [<a href="https://us.codeaurora.org/cgit/quic/la//kernel/lk/commit/?id=fc3b31f81a1c128c2bcc745564a075022cd72a2e">2</a>]
+ </td>
+ <td>Critical</td>
+ <td>Nexus 5</td>
+ <td>Aug 8, 2014</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9794</td>
+ <td>A-28821172<br>
+ <a href="https://us.codeaurora.org/cgit/quic/la//kernel/lk/commit/?id=f39085971c8c4e36cadbf8a72aabe6c7ff538ffa">QC-CR646385</a>
+ </td>
+ <td>Critical</td>
+ <td>Nexus 7 (2013)</td>
+ <td>Aug 8, 2014</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-8892</td>
+ <td>A-28822807<br>
+ <a href="https://us.codeaurora.org/cgit/quic/la/kernel/lk/commit/?id=fae606b9dd92c021e2419369975264f24f60db23">QC-CR902998</a>
+ </td>
+ <td>Critical</td>
+ <td>Nexus 5X, Nexus 6P</td>
+ <td>Dec 30, 2015</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9781</td>
+ <td>A-28410333<br>
+ <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/drivers/video/?h=LA.BF.1.1.3_rb1.12&id=a2b5237ad265ec634489c8b296d870827b2a1b13&context=20&ignorews=0&dt=0">QC-CR556471</a>
+ </td>
+ <td>High</td>
+ <td>Nexus 7 (2013)</td>
+ <td>Feb 6, 2014</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9786</td>
+ <td>A-28557260<br>
+ <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/patch/?id=2fb303d9c6ca080f253b10ed9384293ca69ad32b">QC-CR545979</a></td>
+ <td>High</td>
+ <td>Nexus 5, Nexus 7 (2013)</td>
+ <td>Mar 13, 2014</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9788</td>
+ <td>A-28573112<br>
+ <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=73bfc22aa70cc0b7e6709381125a0a42aa72a4f2">QC-CR548872</a></td>
+ <td>High</td>
+ <td>Nexus 5</td>
+ <td>Mar 13, 2014</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9779</td>
+ <td>A-28598347<br>
+ <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/arch/arm/mach-msm/qdsp6v2/msm_audio_ion.c?h=LA.BF.1.1.3_rb1.12&id=0b5f49b360afdebf8ef55df1e48ec141b3629621">QC-CR548679</a></td>
+ <td>High</td>
+ <td>Nexus 5</td>
+ <td>Mar 13, 2014</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9780</td>
+ <td>A-28602014<br>
+ <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm-3.10/commit/?id=b5bb13e1f738f90df11e0c17f843c73999a84a54">QC-CR542222</a></td>
+ <td>High</td>
+ <td>Nexus 5, Nexus 5X, Nexus 6P</td>
+ <td>Mar 13, 2014</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9789</td>
+ <td>A-28749392<br>
+ <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=5720ed5c3a786e3ba0a2428ac45da5d7ec996b4e">QC-CR556425</a></td>
+ <td>High</td>
+ <td>Nexus 5</td>
+ <td>Mar 13, 2014</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9793</td>
+ <td>A-28821253<br>
+ <a href="https://us.codeaurora.org/cgit/quic/la/kernel/lk/commit/?id=0dcccecc4a6a9a9b3314cb87b2be8b52df1b7a81">QC-CR580567</a></td>
+ <td>High</td>
+ <td>Nexus 7 (2013)</td>
+ <td>Mar 13, 2014</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9782</td>
+ <td>A-28431531<br>
+ <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/patch/?id=2e57a46ab2ba7299d99d9cdc1382bd1e612963fb">QC-CR511349</a></td>
+ <td>High</td>
+ <td>Nexus 5, Nexus 7 (2013)</td>
+ <td>Mar 31, 2014</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9783</td>
+ <td>A-28441831<br>
+ <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=2b1050b49a9a5f7bb57006648d145e001a3eaa8b">QC-CR511382</a>
+ [<a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=a7502f4f801bb95bff73617309835bb7a016cde5">2</a>]</td>
+ <td>High</td>
+ <td>Nexus 7 (2013)</td>
+ <td>Mar 31, 2014</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9785</td>
+ <td>A-28469042<br>
+ <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=b4338420db61f029ca6713a89c41b3a5852b20ce">QC-CR545747</a></td>
+ <td>High</td>
+ <td>Nexus 7 (2013)</td>
+ <td>Mar 31, 2014</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9787</td>
+ <td>A-28571496<br>
+ <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=528400ae4cba715f6c9ff4a2657dafd913f30b8b">QC-CR545764</a></td>
+ <td>High</td>
+ <td>Nexus 7 (2013)</td>
+ <td>Mar 31, 2014</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9784</td>
+ <td>A-28442449<br>
+ <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=36503d639cedcc73880974ed92132247576e72ba">QC-CR585147</a></td>
+ <td>High</td>
+ <td>Nexus 5, Nexus 7 (2013)</td>
+ <td>Apr 30, 2014</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9777</td>
+ <td>A-28598501<br>
+ <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=17bfaf64ad503d2e6607d2d3e0956f25bf07eb43">QC-CR563654</a></td>
+ <td>High</td>
+ <td>Nexus 5, Nexus 7 (2013)</td>
+ <td>Apr 30, 2014</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9778</td>
+ <td>A-28598515<br>
+ <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=af85054aa6a1bcd38be2354921f2f80aef1440e5">QC-CR563694</a></td>
+ <td>High</td>
+ <td>Nexus 5, Nexus 7 (2013)</td>
+ <td>Apr 30, 2014</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9790</td>
+ <td>A-28769136<br>
+ <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?h=LA.BF.1.1.3_rb1.12&id=6ed921bda8cbb505e8654dfc1095185b0bccc38e">QC-CR545716</a>
+ [<a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit?h=LA.BF.1.1.3_rb1.12&id=9bc30c0d1832f7dd5b6fa10d5e48a29025176569">2</a>]</td>
+ <td>High</td>
+ <td>Nexus 5, Nexus 7 (2013)</td>
+ <td>Apr 30, 2014</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9792</td>
+ <td>A-28769399<br>
+ <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=a3e3dd9fc0a2699ae053ffd3efb52cdc73ad94cd">QC-CR550606</a></td>
+ <td>High</td>
+ <td>Nexus 5</td>
+ <td>Apr 30, 2014</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9797</td>
+ <td>A-28821090<br>
+ <a href="https://us.codeaurora.org/cgit/quic/la//kernel/lk/commit/?id=3312737f3e1ec84dd67ee0622c7dd031083f71a4">QC-CR674071</a></td>
+ <td>High</td>
+ <td>Nexus 5</td>
+ <td>Jul 3, 2014</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9791</td>
+ <td>A-28803396<br>
+ <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm/commit/?h=LA.BF.1.1.3_rb1.12&id=9aabfc9e7775abbbcf534cdecccc4f12ee423b27">QC-CR659364</a></td>
+ <td>High</td>
+ <td>Nexus 7 (2013)</td>
+ <td>Aug 29, 2014</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9796</td>
+ <td>A-28820722<br>
+ <a href="https://us.codeaurora.org/cgit/quic/la//kernel/lk/commit/?id=2e21b3a57cac7fb876bcf43244d7cc3dc1f6030d">QC-CR684756</a></td>
+ <td>High</td>
+ <td>Nexus 5, Nexus 7 (2013)</td>
+ <td>Sep 30, 2014</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9800</td>
+ <td>A-28822150<br>
+ <a href="https://us.codeaurora.org/cgit/quic/la//kernel/lk/commit/?id=6390f200d966dc13cf61bb5abbe3110447ca82b5">QC-CR692478</a></td>
+ <td>High</td>
+ <td>Nexus 5, Nexus 7 (2013)</td>
+ <td>Oct 31, 2014</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9799</td>
+ <td>A-28821731<br>
+ <a href="https://us.codeaurora.org/cgit/quic/la/kernel/lk/commit/?id=c2119f1fba46f3b6e153aa018f15ee46fe6d5b76">QC-CR691916</a></td>
+ <td>High</td>
+ <td>Nexus 5, Nexus 7 (2013)</td>
+ <td>Oct 31, 2014</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9801</td>
+ <td>A-28822060<br>
+ <a href="https://us.codeaurora.org/cgit/quic/la//kernel/lk/commit/?id=cf8f5a105bafda906ccb7f149d1a5b8564ce20c0">QC-CR705078</a></td>
+ <td>High</td>
+ <td>Nexus 5</td>
+ <td>Nov 28, 2014</td>
+ </tr>
+ <tr>
+ <td>CVE-2014-9802</td>
+ <td>A-28821965<br>
+ <a href="https://us.codeaurora.org/cgit/quic/la//kernel/lk/commit/?id=222e0ec9bc755bfeaa74f9a0052b7c709a4ad054">QC-CR705108</a></td>
+ <td>High</td>
+ <td>Nexus 5, Nexus 7 (2013)</td>
+ <td>Dec 31, 2014</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-8891</td>
+ <td>A-28842418<br>
+ <a href="https://us.codeaurora.org/cgit/quic/la//kernel/lk/commit/?id=4f829bb52d0338c87bc6fbd0414b258f55cc7c62">QC-CR813930</a></td>
+ <td>High</td>
+ <td>Nexus 5, Nexus 7 (2013)</td>
+ <td>May 29, 2015</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-8888</td>
+ <td>A-28822465<br>
+ <a href="https://us.codeaurora.org/cgit/quic/la//kernel/lk/commit/?id=1321f34f1ebcff61ad7e65e507cfd3e9028af19b">QC-CR813933</a></td>
+ <td>High</td>
+ <td>Nexus 5</td>
+ <td>Jun 30, 2015</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-8889</td>
+ <td>A-28822677<br>
+ <a href="https://us.codeaurora.org/cgit/quic/la/kernel/lk/commit/?id=fa774e023554427ee14d7a49181e9d4afbec035e">QC-CR804067</a></td>
+ <td>High</td>
+ <td>Nexus 6P</td>
+ <td>Jun 30, 2015</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-8890</td>
+ <td>A-28822878<br>
+ <a href="https://us.codeaurora.org/cgit/quic/la//kernel/lk/commit/?id=e22aca36da2bb6f5016f3c885eb8c8ff85c115e4">QC-CR823461</a></td>
+ <td>High</td>
+ <td>Nexus 5, Nexus 7 (2013)</td>
+ <td>Aug 19, 2015</td>
+ </tr>
+</table>
+<p>* The severity rating for these issues is provided directly by Qualcomm.</p>
+
+<h3 id="elevation-of-privilege-vulnerability-in-qualcomm-usb-driver">
+Elevation of privilege vulnerability in Qualcomm USB driver</h3>
+<p>An elevation of privilege vulnerability in the Qualcomm USB driver could enable
+a local malicious application to execute arbitrary code within the context of
+the kernel. This issue is rated as High because it first requires compromising a
+privileged process.</p>
+
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="27%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-2502</td>
+ <td>A-27657963
+ <a href="https://us.codeaurora.org/cgit/quic/la//kernel/msm-3.10/commit/?id=0bc45d7712eabe315ce8299a49d16433c3801156">QC-CR997044</a></td>
+ <td>High</td>
+ <td>Nexus 5X, Nexus 6P</td>
+ <td>Mar 11, 2016</td>
+ </tr>
+</table>
+
+<h3 id="elevation-of-privilege-vulnerability-in-qualcomm-wi-fi-driver">
+Elevation of privilege vulnerability in Qualcomm Wi-Fi driver</h3>
+<p>An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could
+enable a local malicious application to execute arbitrary code within the
+context of the kernel. This issue is rated as High because it first requires
+compromising a privileged process.</p>
+
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="27%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-3792</td>
+ <td>A-27725204
+ <a href="https://us.codeaurora.org/cgit/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=28d4f0c1f712bffb4aa5b47f06e97d5a9fa06d29">QC-CR561022</a></td>
+ <td>High</td>
+ <td>Nexus 7 (2013)</td>
+ <td>Mar 17, 2016</td>
+ </tr>
+</table>
+
+<h3 id="elevation-of-privilege-vulnerability-in-qualcomm-camera-driver">
+Elevation of privilege vulnerability in Qualcomm camera driver</h3>
+<p>An elevation of privilege vulnerability in the Qualcomm camera driver could
+enable a local malicious application to execute arbitrary code within the
+context of the kernel. This issue is rated as High because it first requires
+compromising a privileged process.</p>
+
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="27%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-2501</td>
+ <td>A-27890772*
+ QC-CR1001092</td>
+ <td>High</td>
+ <td>Nexus 5X, Nexus 6, Nexus 6P, Nexus 7 (2013)</td>
+ <td>Mar 27, 2016</td>
+ </tr>
+</table>
+<p>* The patch for this issue is not publicly available. The update is contained in
+the latest binary drivers for Nexus devices available from the
+<a href="https://developers.google.com/android/nexus/drivers">Google Developer site</a>.</p>
+
+<h3 id="elevation-of-privilege-vulnerability-in-nvidia-camera-driver">
+Elevation of privilege vulnerability in NVIDIA camera driver</h3>
+<p>An elevation of privilege vulnerability in the NVIDIA camera driver could enable
+a local malicious application to execute arbitrary code within the context of
+the kernel. This issue is rated as High because it first requires compromising a
+privileged process.</p>
+
+<table>
+ <col width="19%">
+ <col width="20%">
+ <col width="10%">
+ <col width="23%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-3793</td>
+ <td>A-28026625*<br>
+ N-CVE20163793</td>
+ <td>High</td>
+ <td>Nexus 9</td>
+ <td>Apr 5, 2016</td>
+ </tr>
+</table>
+<p>* The patch for this issue is not publicly available. The update is contained in
+the latest binary drivers for Nexus devices available from the
+<a href="https://developers.google.com/android/nexus/drivers">Google Developer site</a>.</p>
+
+<h3 id="elevation-of-privilege-vulnerability-in-mediatek-power-driver">
+Elevation of privilege vulnerability in MediaTek power driver</h3>
+<p>An elevation of privilege in the MediaTek power driver could enable a local
+malicious application to execute arbitrary code within the context of the
+kernel. This issue is rated as High because it first requires compromising a
+privileged process.</p>
+
+<table>
+ <col width="19%">
+ <col width="20%">
+ <col width="10%">
+ <col width="23%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-3795</td>
+ <td>A-28085222*<br>
+ M-ALPS02677244</td>
+ <td>High</td>
+ <td>Android One</td>
+ <td>Apr 7, 2016</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-3796</td>
+ <td>A-29008443*<br>
+ M-ALPS02677244</td>
+ <td>High</td>
+ <td>Android One</td>
+ <td>Apr 7, 2016</td>
+ </tr>
+</table>
+<p>* The patch for this issue is not publicly available. The update is contained in
+the latest binary drivers for Nexus devices available from the
+<a href="https://developers.google.com/android/nexus/drivers">Google Developer site</a>.</p>
+
+<h3 id="elevation-of-privilege-vulnerability-in-qualcomm-wi-fi-driver-2">
+Elevation of privilege vulnerability in Qualcomm Wi-Fi driver</h3>
+<p>An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could
+enable a local malicious application to execute arbitrary code within the
+context of the kernel. This issue is rated as High because it first requires
+compromising a privileged process.</p>
+
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="27%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-3797</td>
+ <td>A-28085680*
+ QC-CR1001450</td>
+ <td>High</td>
+ <td>Nexus 5X</td>
+ <td>Apr 7, 2016</td>
+ </tr>
+</table>
+<p>* The patch for this issue is not publicly available. The update is contained in
+the latest binary drivers for Nexus devices available from the
+<a href="https://developers.google.com/android/nexus/drivers">Google Developer site</a>.</p>
+
+<h3 id="elevation-of-privilege-vulnerability-in-mediatek-hardware-sensor-driver">
+Elevation of privilege vulnerability in MediaTek hardware sensor driver</h3>
+<p>An elevation of privilege vulnerability in the MediaTek hardware sensor driver
+could enable a local malicious application to execute arbitrary code within the
+context of the kernel. This issue is rated as High because it first requires
+compromising a privileged process.</p>
+
+<table>
+ <col width="19%">
+ <col width="20%">
+ <col width="10%">
+ <col width="23%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-3798</td>
+ <td>A-28174490*<br>
+ M-ALPS02703105</td>
+ <td>High</td>
+ <td>Android One</td>
+ <td>Apr 11, 2016</td>
+ </tr>
+</table>
+<p>* The patch for this issue is not publicly available. The update is contained in
+the latest binary drivers for Nexus devices available from the
+<a href="https://developers.google.com/android/nexus/drivers">Google Developer site</a>.</p>
+
+<h3 id="elevation-of-privilege-vulnerability-in-mediatek-video-driver">
+Elevation of privilege vulnerability in MediaTek video driver</h3>
+<p>An elevation of privilege vulnerability in the MediaTek video driver could
+enable a local malicious application to execute arbitrary code within the
+context of the kernel. This issue is rated as High because it first requires
+compromising a privileged process.</p>
+
+<table>
+ <col width="19%">
+ <col width="20%">
+ <col width="10%">
+ <col width="23%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-3799</td>
+ <td>A-28175025*<br>
+ M-ALPS02693738</td>
+ <td>High</td>
+ <td>Android One</td>
+ <td>Apr 11, 2016</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-3800</td>
+ <td>A-28175027*<br>
+ M-ALPS02693739</td>
+ <td>High</td>
+ <td>Android One</td>
+ <td>Apr 11, 2016</td>
+ </tr>
+</table>
+<p>* The patch for this issue is not publicly available. The update is contained in
+the latest binary drivers for Nexus devices available from the
+<a href="https://developers.google.com/android/nexus/drivers">Google Developer site</a>.</p>
+
+<h3 id="elevation-of-privilege-vulnerability-in-mediatek-gps-driver">
+Elevation of privilege vulnerability in MediaTek GPS driver</h3>
+<p>An elevation of privilege vulnerability in the MediaTek GPS driver could enable
+a local malicious application to execute arbitrary code within the context of
+the kernel. This issue is rated as High because it first requires compromising a
+privileged process.</p>
+
+<table>
+ <col width="19%">
+ <col width="20%">
+ <col width="10%">
+ <col width="23%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-3801</td>
+ <td>A-28174914*<br>
+ M-ALPS02688853</td>
+ <td>High</td>
+ <td>Android One</td>
+ <td>Apr 11, 2016</td>
+ </tr>
+</table>
+<p>* The patch for this issue is not publicly available. The update is contained in
+the latest binary drivers for Nexus devices available from the
+<a href="https://developers.google.com/android/nexus/drivers">Google Developer site</a>.</p>
+
+<h3 id="elevation-of-privilege-vulnerability-in-kernel-file-system-2">
+Elevation of privilege vulnerability in kernel file system</h3>
+<p>An elevation of privilege vulnerability in the kernel file system could enable a
+local malicious application to execute arbitrary code within the context of the
+kernel. This issue is rated as High because it first requires compromising a
+privileged process.</p>
+
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="27%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-3802</td>
+ <td>A-28271368*</td>
+ <td>High</td>
+ <td>Nexus 9</td>
+ <td>Apr 19, 2016</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-3803</td>
+ <td>A-28588434*</td>
+ <td>High</td>
+ <td>Nexus 5X, Nexus 6P</td>
+ <td>May 4, 2016</td>
+ </tr>
+</table>
+<p>* The patch for this issue is not publicly available. The update is contained in
+the latest binary drivers for Nexus devices available from the
+<a href="https://developers.google.com/android/nexus/drivers">Google Developer site</a>.</p>
+
+<h3 id="elevation-of-privilege-vulnerability-in-mediatek-power-management-driver">
+Elevation of privilege vulnerability in MediaTek power management driver</h3>
+<p>An elevation of privilege in the MediaTek power management driver could enable a
+local malicious application to execute arbitrary code within the context of the
+kernel. This issue is rated as High because it first requires compromising a
+privileged process.</p>
+
+<table>
+ <col width="19%">
+ <col width="20%">
+ <col width="10%">
+ <col width="23%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-3804</td>
+ <td>A-28332766*<br>
+ M-ALPS02694410</td>
+ <td>High</td>
+ <td>Android One</td>
+ <td>Apr 20, 2016</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-3805</td>
+ <td>A-28333002*<br>
+ M-ALPS02694412</td>
+ <td>High</td>
+ <td>Android One</td>
+ <td>Apr 21, 2016</td>
+ </tr>
+</table>
+<p>* The patch for this issue is not publicly available. The update is contained in
+the latest binary drivers for Nexus devices available from the
+<a href="https://developers.google.com/android/nexus/drivers">Google Developer site</a>.</p>
+
+<h3 id="elevation-of-privilege-vulnerability-in-mediatek-display-driver">
+Elevation of privilege vulnerability in MediaTek display driver</h3>
+<p>An elevation of privilege vulnerability in the MediaTek display driver could
+enable a local malicious application to execute arbitrary code within the
+context of the kernel. This issue is rated as High because it first requires
+compromising a privileged process.</p>
+
+<table>
+ <col width="19%">
+ <col width="20%">
+ <col width="10%">
+ <col width="23%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-3806</td>
+ <td>A-28402341*<br>
+ M-ALPS02715341</td>
+ <td>High</td>
+ <td>Android One</td>
+ <td>Apr 26, 2016</td>
+ </tr>
+</table>
+<p>* The patch for this issue is not publicly available. The update is contained in
+the latest binary drivers for Nexus devices available from the
+<a href="https://developers.google.com/android/nexus/drivers">Google Developer site</a>.</p>
+
+<h3 id="elevation-of-privilege-vulnerability-in-serial-peripheral-interface-driver">
+Elevation of privilege vulnerability in serial peripheral interface driver</h3>
+<p>An elevation of privilege vulnerability in the serial peripheral interface
+driver could enable a local malicious application to execute arbitrary code
+within the context of the kernel. This issue is rated as High because it first
+requires compromising a privileged process.</p>
+
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="27%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-3807</td>
+ <td>A-28402196*</td>
+ <td>High</td>
+ <td>Nexus 5X, Nexus 6P</td>
+ <td>Apr 26, 2016</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-3808</td>
+ <td>A-28430009*</td>
+ <td>High</td>
+ <td>Pixel C</td>
+ <td>Apr 26, 2016</td>
+ </tr>
+</table>
+<p>* The patch for this issue is not publicly available. The update is contained in
+the latest binary drivers for Nexus devices available from the
+<a href="https://developers.google.com/android/nexus/drivers">Google Developer site</a>.</p>
+
+<h3 id="elevation-of-privilege-vulnerability-in-qualcomm-sound-driver">
+Elevation of privilege vulnerability in Qualcomm sound driver</h3>
+<p>An elevation of privilege vulnerability in the Qualcomm sound driver could
+enable a local malicious application to execute arbitrary code within the
+context of the kernel. This issue is rated as High severity because it first
+requires compromising a privileged process.</p>
+
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="27%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-2068</td>
+ <td>A-28470967
+ <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?h=APSS.FSM.3.0&id=01ee86da5a0cd788f134e360e2be517ef52b6b00">QC-CR1006609</a></td>
+ <td>High</td>
+ <td>Nexus 5, Nexus 5X, Nexus 6, Nexus 6P</td>
+ <td>Apr 28, 2016</td>
+ </tr>
+</table>
+
+<h3 id="elevation-of-privilege-vulnerability-in-kernel">
+Elevation of privilege vulnerability in kernel</h3>
+<p>An elevation of privilege vulnerability in the kernel could enable a local
+malicious application to execute arbitrary code within the context of the
+kernel. This issue is rated as High because it first requires compromising a
+privileged process.</p>
+
+<table>
+ <col width="19%">
+ <col width="20%">
+ <col width="10%">
+ <col width="23%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2014-9803</td>
+ <td>A-28557020<br>
+ <a href="https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/arch/arm64/include/asm/pgtable.h?h=linux-3.10.y&id=5a0fdfada3a2aa50d7b947a2e958bf00cbe0d830">
+ Upstream kernel</a></td>
+ <td>High</td>
+ <td>Nexus 5X, Nexus 6P</td>
+ <td>Google internal</td>
+ </tr>
+</table>
+
+<h3
+id="information-disclosure-vulnerability-in-networking-component">
+Information disclosure vulnerability in networking component</h3>
+<p>An information disclosure vulnerability in the networking component could enable
+a local malicious application to access data outside of its permission levels.
+This issue is rated as High because it could be used to access sensitive data
+without explicit user permission.</p>
+
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="27%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-3809</td>
+ <td>A-27532522*</td>
+ <td>High</td>
+ <td><a href="#all_nexus">All Nexus</a></td>
+ <td>Mar 5, 2016</td>
+ </tr>
+</table>
+<p>* The patch for this issue is not publicly available. The update is contained in
+the latest binary drivers for Nexus devices available from the
+<a href="https://developers.google.com/android/nexus/drivers">Google Developer site</a>.</p>
+
+<h3 id="information-disclosure-vulnerability-in-mediatek-wi-fi-driver">
+Information disclosure vulnerability in MediaTek Wi-Fi driver</h3>
+<p>An information disclosure vulnerability in the MediaTek Wi-Fi driver could
+enable a local malicious application to access data outside of its permission
+levels. This issue is rated as High because it could be used to access sensitive
+data without explicit user permission.</p>
+
+<table>
+ <col width="19%">
+ <col width="20%">
+ <col width="10%">
+ <col width="23%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-3810</td>
+ <td>A-28175522*<br>
+ M-ALPS02694389</td>
+ <td>High</td>
+ <td>Android One</td>
+ <td>Apr 12, 2016</td>
+ </tr>
+</table>
+<p>* The patch for this issue is not publicly available. The update is contained in
+the latest binary drivers for Nexus devices available from the
+<a href="https://developers.google.com/android/nexus/drivers">Google Developer site</a>.</p>
+
+<h3 id="elevation-of-privilege-vulnerability-in-kernel-video-driver">
+Elevation of privilege vulnerability in kernel video driver</h3>
+<p>An elevation of privilege vulnerability in the kernel video driver could enable
+a local malicious application to execute arbitrary code within the context of
+the kernel. This issue is rated as Moderate because it first requires
+compromising a privileged process.</p>
+
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="27%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-3811</td>
+ <td>A-28447556*</td>
+ <td>Moderate</td>
+ <td>Nexus 9</td>
+ <td>Google internal</td>
+ </tr>
+</table>
+<p>* The patch for this issue is not publicly available. The update is contained in
+the latest binary drivers for Nexus devices available from the
+<a href="https://developers.google.com/android/nexus/drivers">Google Developer site</a>.</p>
+
+<h3 id="information-disclosure-vulnerability-in-mediatek-video-codec-driver">
+Information disclosure vulnerability in MediaTek video codec driver</h3>
+<p>An information disclosure vulnerability in the MediaTek video codec driver could
+enable a local malicious application to access data outside of its permission
+levels. This issue is rated as Moderate because it first requires compromising a
+privileged process.</p>
+
+<table>
+ <col width="19%">
+ <col width="20%">
+ <col width="10%">
+ <col width="23%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-3812</td>
+ <td>A-28174833*<br>
+ M-ALPS02688832</td>
+ <td>Moderate</td>
+ <td>Android One</td>
+ <td>Apr 11, 2016</td>
+ </tr>
+</table>
+<p>* The patch for this issue is not publicly available. The update is contained in
+the latest binary drivers for Nexus devices available from the
+<a href="https://developers.google.com/android/nexus/drivers">Google Developer site</a>.</p>
+
+<h3 id="information-disclosure-vulnerability-in-qualcomm-usb-driver">
+Information disclosure vulnerability in Qualcomm USB driver</h3>
+<p>An information disclosure vulnerability in the Qualcomm USB driver could enable
+a local malicious application to access data outside of its permission levels.
+This issue is rated as Moderate because it first requires compromising a
+privileged process.</p>
+
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="27%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-3813</td>
+ <td>A-28172322*
+ QC-CR1010222</td>
+ <td>Moderate</td>
+ <td>Nexus 5, Nexus 5X, Nexus 6, Nexus 6P</td>
+ <td>Apr 11, 2016</td>
+ </tr>
+</table>
+<p>* The patch for this issue is not publicly available. The update is contained in
+the latest binary drivers for Nexus devices available from the
+<a href="https://developers.google.com/android/nexus/drivers">Google Developer site</a>.</p>
+
+<h3 id="information-disclosure-vulnerability-in-nvidia-camera-driver">
+Information disclosure vulnerability in NVIDIA camera driver</h3>
+<p>An information disclosure vulnerability in the NVIDIA camera driver could enable
+a local malicious application to access data outside of its permission levels.
+This issue is rated as Moderate because it first requires compromising a
+privileged process.</p>
+
+<table>
+ <col width="19%">
+ <col width="20%">
+ <col width="10%">
+ <col width="23%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-3814</td>
+ <td>A-28193342*<br>
+ N-CVE20163814</td>
+ <td>Moderate</td>
+ <td>Nexus 9</td>
+ <td>Apr 14, 2016</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-3815</td>
+ <td>A-28522274*<br>
+ N-CVE20163815</td>
+ <td>Moderate</td>
+ <td>Nexus 9</td>
+ <td>May 1, 2016</td>
+ </tr>
+</table>
+<p>* The patch for this issue is not publicly available. The update is contained in
+the latest binary drivers for Nexus devices available from the
+<a href="https://developers.google.com/android/nexus/drivers">Google Developer site</a>.</p>
+
+<h3 id="information-disclosure-vulnerability-in-mediatek-display-driver">
+Information disclosure vulnerability in MediaTek display driver</h3>
+<p>An information disclosure vulnerability in the MediaTek display driver could
+enable a local malicious application to access data outside of its permission
+levels. This issue is rated as Moderate because it first requires compromising a
+privileged process.</p>
+
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="27%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-3816</td>
+ <td>A-28402240*</td>
+ <td>Moderate</td>
+ <td>Android One</td>
+ <td>Apr 26, 2016</td>
+ </tr>
+</table>
+<p>* The patch for this issue is not publicly available. The update is contained in
+the latest binary drivers for Nexus devices available from the
+<a href="https://developers.google.com/android/nexus/drivers">Google Developer site</a>.</p>
+
+<h3 id="information-disclosure-vulnerability-in-kernel-teletype-driver">
+Information disclosure vulnerability in kernel teletype driver</h3>
+<p>An information disclosure vulnerability in the teletype driver could enable a
+local malicious application to access data outside of its permission levels.
+This issue is rated as Moderate because it first requires compromising a
+privileged process.</p>
+
+<table>
+ <col width="19%">
+ <col width="20%">
+ <col width="10%">
+ <col width="23%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-0723</td>
+ <td>A-28409131<br>
+ <a href="http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=5c17c861a357e9458001f021a7afa7aab9937439">Upstream
+kernel</a></td>
+ <td>Moderate</td>
+ <td>Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, Nexus 7 (2013), Nexus 9, Nexus
+ Player, Pixel C</td>
+ <td>Apr 26, 2016</td>
+ </tr>
+</table>
+
+<h3 id="denial-of-service-vulnerability-in-qualcomm-bootloader">
+Denial of service vulnerability in Qualcomm bootloader</h3>
+<p>A denial of service vulnerability in the Qualcomm bootloader could enable a
+local malicious application to cause a local permanent device compromise, which
+may require reflashing the operating system to repair the device. This issue is
+rated as Moderate because it first requires compromising a privileged process.</p>
+
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="27%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>References</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2014-9798</td>
+ <td>A-28821448
+ <a href="https://us.codeaurora.org/cgit/quic/la//kernel/lk/commit/?id=b05eed2491a098bf627ac485a5b43d2f4fae2484">QC-CR681965</a></td>
+ <td>Moderate</td>
+ <td>Nexus 5</td>
+ <td>Oct 31, 2014</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-8893</td>
+ <td>A-28822690
+ <a href="https://us.codeaurora.org/cgit/quic/la//kernel/lk/commit/?id=800255e8bfcc31a02e89460460e3811f225e7a69">QC-CR822275</a></td>
+ <td>Moderate</td>
+ <td>Nexus 5, Nexus 7 (2013)</td>
+ <td>Aug 19, 2015</td>
+ </tr>
+</table>
+<h2 id="common-questions-and-answers">Common questions and answers</h2>
+<p>This section answers common questions that may occur after reading this
+bulletin.</p>
+
+<p><strong>1. How do I determine if my device is updated to address these issues?</strong></p>
+<p>Security Patch Levels of 2016-07-01 or later address all issues associated with
+the 2016-7-01 security patch string level. Security Patch Levels of 2016-07-05
+or later address all issues associated with the 2016-07-05 security patch string
+level. Refer to the <a
+href="https://support.google.com/nexus/answer/4457705">help center</a>
+for instructions on how to check the security patch level. Device manufacturers
+that include these updates should set the patch string level to:
+[ro.build.version.security_patch]:[2016-07-01] or
+[ro.build.version.security_patch]:[2016-07-05].</p>
+
+<p><strong>2. Why does this bulletin have two security patch level strings?</strong></p>
+<p>This bulletin has two security patch level strings in order to provide
+Android partners with the flexibility to move more quickly to fix a subset of
+vulnerabilities that are similar across all Android devices. Android partners
+are encouraged to fix all issues in this bulletin and use the latest security
+patch level string.</p>
+<p>Devices that use the security patch level of July 5, 2016 or newer must
+include all applicable patches in this (and previous) security bulletins.</p>
+<p>Devices that use the July 1, 2016 security patch level must include all
+issues associated with that security patch level, as well as fixes for all
+issues reported in previous security bulletins. Devices that use July 1, 2016
+security patch level may also include a subset of fixes associated with the
+July 5, 2016 security patch level.</p>
+
+<p id="all_nexus"><strong>3. How do I determine which Nexus devices are affected
+by each issue?</strong></p>
+<p>In the <a href="#2016-07-01_details">2016-07-01</a> and
+<a href="#2016-07-05_details">2016-07-05</a> security vulnerability details sections,
+each table has an Updated Nexus devices column that covers the range of affected
+Nexus devices updated for each issue. This column has a few options:</p>
+<ul>
+ <li><strong>All Nexus devices</strong>: If an issue affects all Nexus devices,
+ the table will have “All Nexus” in the <em>Updated Nexus devices</em> column.
+ “All Nexus” encapsulates the following
+ <a href="https://support.google.com/nexus/answer/4457705#nexus_devices">supported
+ devices</a>: Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, Nexus 7 (2013), Nexus 9,
+ Android One, Nexus Player, and Pixel C.</li>
+ <li><strong>Some Nexus devices</strong>: If an issue doesn’t affect all Nexus
+ devices, the affected Nexus devices are listed in the <em>Updated Nexus
+ devices</em> column.</li>
+ <li><strong>No Nexus devices</strong>: If no Nexus devices are affected by the
+ issue, the table will have “None” in the <em>Updated Nexus devices</em> column.</li>
+</ul>
+
+<p><strong>4. What do the entries in the references column map to?</strong></p>
+<p>Entries under the <em>References</em> column of the vulnerability details table may
+contain a prefix identifying the organization to which the reference value belongs. These prefixes
+map as follows:</p>
+
+<table>
+ <tr>
+ <th>Prefix</th>
+ <th>Reference</th>
+ </tr>
+ <tr>
+ <td>A-</td>
+ <td>Android bug ID</td>
+ </tr>
+ <tr>
+ <td>QC-</td>
+ <td>Qualcomm reference number</td>
+ </tr>
+ <tr>
+ <td>M-</td>
+ <td>MediaTek reference number</td>
+ </tr>
+ <tr>
+ <td>N-</td>
+ <td>NVIDIA reference number</td>
+ </tr>
+</table>
+
+<h2 id="revisions">Revisions</h2>
+<ul>
+ <li>July 06, 2016: Bulletin published.</li>
+ <li>July 07, 2016:
+ <ul>
+ <li>Added AOSP links.
+ <li>Removed CVE-2016-3794 because it is a duplicate of CVE-2016-3814
+ <li>Added attribution for CVE-2016-2501 and CVE-2016-2502
+ </ul>
+ </li>
+</ul>
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-14 06:28:29 +0000