-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
                         AUSCERT Security Bulletin

                               ASB-2016.0071
         Multiple vulnerabilities have been identified in Android
                                7 July 2016

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:              Google Nexus devices
Operating System:     Android
Impact/Access:        Execute Arbitrary Code/Commands -- Remote with User Interaction
                      Increased Privileges            -- Remote with User Interaction
                      Access Privileged Data          -- Remote with User Interaction
                      Denial of Service               -- Remote with User Interaction
Resolution:           Patch/Upgrade
CVE Names:            CVE-2016-3818 CVE-2016-3816 CVE-2016-3815
                      CVE-2016-3814 CVE-2016-3813 CVE-2016-3812
                      CVE-2016-3811 CVE-2016-3810 CVE-2016-3809
                      CVE-2016-3808 CVE-2016-3807 CVE-2016-3806
                      CVE-2016-3805 CVE-2016-3804 CVE-2016-3803
                      CVE-2016-3802 CVE-2016-3801 CVE-2016-3800
                      CVE-2016-3799 CVE-2016-3798 CVE-2016-3797
                      CVE-2016-3796 CVE-2016-3795 CVE-2016-3794
                      CVE-2016-3793 CVE-2016-3792 CVE-2016-3775
                      CVE-2016-3774 CVE-2016-3773 CVE-2016-3772
                      CVE-2016-3771 CVE-2016-3770 CVE-2016-3769
                      CVE-2016-3768 CVE-2016-3767 CVE-2016-3766
                      CVE-2016-3765 CVE-2016-3764 CVE-2016-3763
                      CVE-2016-3762 CVE-2016-3761 CVE-2016-3760
                      CVE-2016-3759 CVE-2016-3758 CVE-2016-3757
                      CVE-2016-3756 CVE-2016-3755 CVE-2016-3754
                      CVE-2016-3753 CVE-2016-3752 CVE-2016-3751
                      CVE-2016-3750 CVE-2016-3749 CVE-2016-3748
                      CVE-2016-3747 CVE-2016-3746 CVE-2016-3745
                      CVE-2016-3744 CVE-2016-3743 CVE-2016-3742
                      CVE-2016-3741 CVE-2016-2508 CVE-2016-2507
                      CVE-2016-2506 CVE-2016-2505 CVE-2016-2503
                      CVE-2016-2502 CVE-2016-2501 CVE-2016-2108
                      CVE-2016-2107 CVE-2016-2068 CVE-2016-2067
                      CVE-2016-0723 CVE-2015-8893 CVE-2015-8892
                      CVE-2015-8891 CVE-2015-8890 CVE-2015-8889
                      CVE-2015-8888 CVE-2015-8816 CVE-2014-9803
                      CVE-2014-9802 CVE-2014-9801 CVE-2014-9800
                      CVE-2014-9799 CVE-2014-9798 CVE-2014-9797
                      CVE-2014-9796 CVE-2014-9795 CVE-2014-9794
                      CVE-2014-9793 CVE-2014-9792 CVE-2014-9791
                      CVE-2014-9790 CVE-2014-9789 CVE-2014-9788
                      CVE-2014-9787 CVE-2014-9786 CVE-2014-9785
                      CVE-2014-9784 CVE-2014-9783 CVE-2014-9782
                      CVE-2014-9781 CVE-2014-9780 CVE-2014-9779
                      CVE-2014-9778 CVE-2014-9777 
Member content until: Saturday, August  6 2016

OVERVIEW

        Multiple vulnerabilities have been identified in Android versions 
        4.4.4, 5.0.2, 5.1.1, 6.0, and 6.0.1. [1]


IMPACT

        The vendor has provided the following information:
        
        2016-07-01 security patch level - Security vulnerability details:
        
        "Remote code execution vulnerability in Mediaserver
        
        A remote code execution vulnerability in Mediaserver could enable an
        attacker using a specially crafted file to cause memory corruption 
        during media file and data processing. This issue is rated as 
        Critical due to the possibility of remote code execution within the
        context of the Mediaserver process. The Mediaserver process has 
        access to audio and video streams, as well as access to privileges 
        that third-party apps could not normally access.
        
        The affected functionality is provided as a core part of the 
        operating system and there are multiple applications that allow it 
        to be reached with remote content, most notably MMS and browser 
        playback of media.
        
        CVE 		References Severity 	Updated Nexus devices	Updated AOSP versions		Date reported
        
        CVE-2016-2506 	A-28175045 Critical 	All Nexus 		4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 Apr 11, 2016
        
        CVE-2016-2505 	A-28333006 Critical 	All Nexus 		6.0, 6.0.1 			Apr 21, 2016
        
        CVE-2016-2507 	A-28532266 Critical 	All Nexus 		4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 May 2, 2016
        
        CVE-2016-2508 	A-28799341 Critical 	All Nexus 		4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 May 16, 2016
        
        CVE-2016-3741 	A-28165661 Critical 	All Nexus 		6.0, 6.0.1 			Google internal
        
        CVE-2016-3742 	A-28165659 Critical 	All Nexus 		6.0, 6.0.1 			Google internal
        
        CVE-2016-3743 	A-27907656 Critical 	All Nexus 		6.0, 6.0.1 			Google internal
        
        Remote code execution vulnerability in OpenSSL & BoringSSL
        
        A remote code execution vulnerability in OpenSSL and BoringSSL could
        enable an attacker using a specially crafted file to cause memory 
        corruption during file and data processing. This issue is rated as 
        Critical due to the possibility of remote code execution within the
        context of an affected process.
        
        CVE 		References Severity 	Updated Nexus devices 	Updated AOSP versions		Date reported
        
        CVE-2016-2108 	A-28175332 Critical 	All Nexus 		4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 May 3, 2016
        
        Remote code execution vulnerability in Bluetooth
        
        A remote code execution vulnerability in Bluetooth could allow a 
        proximal attacker to execute arbitrary code during the pairing 
        process. This issue is rated as High due to the possibility of 
        remote code execution during the initialization of a Bluetooth 
        device.
        
        CVE 		References Severity 	Updated Nexus devices 	Updated AOSP versions		Date reported
        
        CVE-2016-3744 	A-27930580 High		All Nexus 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 		Mar 30, 2016
        
        Elevation of privilege vulnerability in libpng
        
        An elevation of privilege vulnerability in libpng could enable a 
        local malicious application to execute arbitrary code within the 
        context of an elevated system application. This issue is rated as 
        High because it could be used to gain local access to elevated 
        capabilities, such as Signature or SignatureOrSystem permissions 
        privileges, which are not accessible to a third-party application.
        
        CVE 		References Severity	Updated Nexus devices 	Updated AOSP versions		Date reported
        
        CVE-2016-3751 	A-23265085 High 	All Nexus 		4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 Dec 3, 2015
        
        Elevation of privilege vulnerability in Mediaserver
        
        An elevation of privilege vulnerability in Mediaserver could enable
        a local malicious application to execute arbitrary code within the 
        context of an elevated system application. This issue is rated as 
        High because it could be used to gain local access to elevated 
        capabilities, such as Signature or SignatureOrSystem permissions 
        privileges, which are not accessible to a third-party application.
        
        CVE 		References Severity	Updated Nexus devices 	Updated AOSP versions 		Date reported
        
        CVE-2016-3745 	A-28173666 High 	All Nexus 		4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 Apr 10, 2016
        
        CVE-2016-3746 	A-27890802 High 	All Nexus 		4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 Mar 27, 2016
        
        CVE-2016-3747 	A-27903498 High 	All Nexus 		4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 Mar 28, 2016
        
        Elevation of privilege vulnerability in sockets
        
        An elevation of privilege vulnerability in sockets could enable a 
        local malicious application to access system calls outside of its 
        permissions level. This issue is rated as High because it could 
        permit a bypass of security measures in place to increase the 
        difficulty of attackers exploiting the platform.
        
        CVE 		References Severity 	Updated Nexus devices 	Updated AOSP versions		Date reported
        
        CVE-2016-3748 	A-28171804 High 	All Nexus 		6.0, 6.0.1 			Apr 13, 2016
        
        Elevation of privilege vulnerability in LockSettingsService
        
        An elevation of privilege vulnerability in the LockSettingsService 
        could enable a malicious application to reset the screen lock 
        password without authorization from the user. This issue is rated as
        High because it is a local bypass of user interaction requirements 
        for any developer or security settings modifications.
        
        CVE 		References Severity 	Updated Nexus devices 	Updated AOSP versions		Date reported
        
        CVE-2016-3749 	A-28163930 High 	All Nexus 		6.0, 6.0.1 			Google internal
        
        Elevation of privilege vulnerability in Framework APIs
        
        An elevation of privilege vulnerability in the Parcels Framework 
        APIs could enable a local malicious application to bypass operating
        system protections that isolate application data from other 
        applications. This issue is rated as High because it could be used 
        to gain access to data that the application does not have access to.
        
        CVE 		References Severity 	Updated Nexus devices 	Updated AOSP versions 		Date reported
        
        CVE-2016-3750 	A-28395952 High 	All Nexus 		4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 Google internal
        
        Elevation of privilege vulnerability in ChooserTarget service
        
        An elevation of privilege vulnerability in the ChooserTarget service
        could enable a local malicious application to execute code in the 
        context of another application. This issue is rated High because it
        could be used to access Activities belonging to another application
        without permission.
        
        CVE 		References Severity 	Updated Nexus devices 	Updated AOSP versions 		Date reported
        
        CVE-2016-3752 	A-28384423 High 	All Nexus 		6.0, 6.0.1 			Google internal
        
        Information disclosure vulnerability in Mediaserver
        
        An information disclosure vulnerability in Mediaserver could enable
        a remote attacker to access protected data normally only accessible
        to locally installed apps that request permission. This issue is 
        rated as High because it could be used to access data without 
        permission.
        
        CVE 		References Severity 	Updated Nexus devices 	Updated AOSP versions		Date reported
        
        CVE-2016-3753 	A-27210135 High 	None* 			4.4.4 				Feb 15, 2016
        
        * Supported Nexus devices that have installed all available updates
        are not affected by this vulnerability.
        
        Information disclosure vulnerability in OpenSSL
        
        An information disclosure vulnerability in OpenSSL could enable a 
        remote attacker to access protected data normally only accessible to
        locally installed apps that request permission. This issue is rated
        as High because it could be used to access data without permission.
        
        CVE 		References Severity 	Updated Nexus devices 	Updated AOSP versions 		Date reported
        
        CVE-2016-2107 	A-28550804 High 	None* 			4.4.4, 5.0.2, 5.1.1 		April 13, 2016
        
        * Supported Nexus devices that have installed all available updates
        are not affected by this vulnerability.
        
        Denial of service vulnerability in Mediaserver
        
        A denial of service vulnerability in Mediaserver could enable an 
        attacker to use a specially crafted file to cause a device hang or 
        reboot. This issue is rated as High due to the possibility of a 
        temporary remote denial of service.
        
        CVE 		References Severity 	Updated Nexus devices 	Updated AOSP versions 		Date reported
        
        CVE-2016-3754 	A-28615448 High 	All Nexus 		4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 May 5, 2016
        
        CVE-2016-3755 	A-28470138 High 	All Nexus 		6.0, 6.0.1 			Apr 29, 2016
        
        CVE-2016-3756 	A-28556125 High 	All Nexus 		4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 Google internal
        
        Denial of service vulnerability in libc
        
        A denial of service vulnerability in libc could enable an attacker 
        to use a specially crafted file to cause a device hang or reboot. 
        This issue is rated as High due to the possibility of remote denial
        of service.
        
        CVE 		References Severity 	Updated Nexus devices 	Updated AOSP versions D		ate reported
        
        CVE-2016-3818 	A-28740702 High 	None* 			4.4.4 				Google internal
        
        * Supported Nexus devices that have installed all available updates
        are not affected by this vulnerability.
        
        Elevation of privilege vulnerability in lsof
        
        An elevation of privilege vulnerability in lsof could enable a local
        malicious application to execute arbitrary code that could lead to a
        permanent device compromise. This issue is rated as Moderate because
        it requires uncommon manual steps.
        
        CVE 		References Severity 	Updated Nexus devices 	Updated AOSP versions 		Date reported
        
        CVE-2016-3757 	A-28175237 Moderate 	All Nexus 		4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 Apr 11, 2016
        
        Elevation of privilege vulnerability in DexClassLoader
        
        An elevation of privilege vulnerability in the DexClassLoader could
        enable a local malicious application to execute arbitrary code 
        within the context of a privileged process. This issue is rated as 
        Moderate because it requires uncommon manual steps.
        
        CVE 		References Severity 	Updated Nexus devices 	Updated AOSP versions		Date reported
        
        CVE-2016-3758 	A-27840771 Moderate 	All Nexus 		4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 Google internal
        
        Elevation of privilege vulnerability in Framework APIs
        
        An elevation of privilege vulnerability in the Framework APIs could
        enable a local malicious application to request backup permissions 
        and intercept all backup data. This issue is rated as Moderate 
        because it requires specific permissions to bypass operating system
        protections that isolate application data from other applications.
        
        CVE 		References Severity 	Updated Nexus devices 	Updated AOSP versions		Date reported
        
        CVE-2016-3759 	A-28406080 Moderate 	All Nexus 		5.0.2, 5.1.1, 6.0, 6.0.1 	Google internal
        
        Elevation of privilege vulnerability in Bluetooth
        
        An elevation of privilege vulnerability in the Bluetooth component 
        could enable a local attacker to add an authenticated Bluetooth 
        device that persists for the primary user. This issue is rated as 
        Moderate because it could be used to gain elevated capabilities 
        without explicit user permission.
        
        CVE 		References Severity 	Updated Nexus devices 	Updated AOSP versions 		Date reported
        
        CVE-2016-3760 	A-27410683 Moderate 	All Nexus 		5.0.2, 5.1.1, 6.0, 6.0.1	Feb 29, 2016
        
        Elevation of privilege vulnerability in NFC
        
        An elevation of privilege vulnerability in NFC could enable a local
        malicious background application to access information from a 
        foreground application. This issue is rated as Moderate because it 
        could be used to gain elevated capabilities without explicit user 
        permission.
        
        CVE 		References Severity 	Updated Nexus devices 	Updated AOSP versions		Date reported
        
        CVE-2016-3761	A-28300969 Moderate 	All Nexus 		4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 Apr 20, 2016
        
        Elevation of privilege vulnerability in sockets
        
        An elevation of privilege vulnerability in sockets could enable a 
        local malicious application to gain access to certain uncommon 
        socket types possibly leading to arbitrary code execution within the
        context of the kernel. This issue is rated as Moderate because it 
        could permit a bypass of security measures in place to increase the
        difficulty of attackers exploiting the platform.
        
        CVE 		References Severity 	Updated Nexus devices 	Updated AOSP versions		Date reported
        
        CVE-2016-3762 	A-28612709 Moderate 	All Nexus 		5.0.2, 5.1.1, 6.0, 6.0.1 	Apr 21, 2016
        
        Information disclosure vulnerability in Proxy Auto-Config
        
        An information disclosure vulnerability in the Proxy Auto-Config 
        component could allow an application to access sensitive 
        information. This issue is rated Moderate because it could be used 
        to access data without permission.
        
        CVE 		References Severity 	Updated Nexus devices 	Updated AOSP versions 		Date reported
        
        CVE-2016-3763 	A-27593919 Moderate 	All Nexus 		4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 Mar 10, 2016
        
        Information disclosure vulnerability in Mediaserver
        
        An information disclosure vulnerability in Mediaserver could allow a
        local malicious application to access sensitive information. This 
        issue is rated as Moderate because it could be used to access data 
        without permission.
        
        CVE 		References Severity 	Updated Nexus devices 	Updated AOSP versions		Date reported
        
        CVE-2016-3764 	A-28377502 Moderate 	All Nexus 		4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 Apr 25, 2016
        
        CVE-2016-3765 A-28168413 Moderate All Nexus 6.0, 6.0.1 Apr 8, 2016
        
        Denial of service vulnerability in Mediaserver
        
        A denial of service vulnerability in Mediaserver could enable an 
        attacker to use a specially crafted file to cause a device hang or 
        reboot. This issue is rated as Moderate due to the possibility of 
        remote denial of service.
        
        CVE 		References Severity 	Updated Nexus devices 	Updated AOSP versions		Date reported
        
        CVE-2016-3766 	A-28471206 Moderate 	All Nexus 		4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 Apr 29, 2016" [1]
        
        2016-07-05 security patch level - Vulnerability details:
        
        "Elevation of privilege vulnerability in Qualcomm GPU driver
        
        An elevation of privilege vulnerability in the Qualcomm GPU driver 
        could enable a local malicious application to execute arbitrary code
        within the context of the kernel. This issue is rated as Critical 
        due to the possibility of a local permanent device compromise, which
        may require reflashing the operating system to repair the device.
        
        CVE 		References 			Severity	Updated Nexus devices 		Date reported
        
        CVE-2016-2503 	A-28084795* QC-CR1006067 	Critical	Nexus 5X, Nexus 6P 		Apr 5, 2016
        
        CVE-2016-2067 	A-28305757 QC-CR988993 		Critical	Nexus 5X, Nexus 6, Nexus 6P 	Apr 20, 2016
        
        * The patch for this issue is not publicly available. The update is
        contained in the latest binary drivers for Nexus devices available 
        from the Google Developer site.
        
        Elevation of privilege vulnerability in MediaTek Wi-Fi driver
        
        An elevation of privilege vulnerability in the MediaTek Wi-Fi driver
        could enable a local malicious application to execute arbitrary code
        within the context of the kernel. This issue is rated as Critical 
        due to the possibility of a local permanent device compromise, which
        may require reflashing the operating system to repair the device.
        
        CVE 		References 			Severity 	Updated Nexus devices 		Date reported
        
        CVE-2016-3767 	A-28169363* M-ALPS02689526 	Critical 	Android One 			Apr 6,2016
        
        * The patch for this issue is not publicly available. The update is
        contained in the latest binary drivers for Nexus devices available 
        from the Google Developer site.
        
        Elevation of privilege vulnerability in Qualcomm performance 
        component
        
        An elevation of privilege vulnerability in the Qualcomm performance
        component could enable a local malicious application to execute 
        arbitrary code within the context of the kernel. This issue is rated
        as Critical severity due to the possibility of a local permanent 
        device compromise, which may require reflashing the operating system
        to repair the device.
        
        CVE 		References 			Severity	Updated Nexus devices 					Date reported
        
        CVE-2016-3768 	A-28172137* QC-CR1010644 	Critical	Nexus 5, Nexus 6, Nexus 5X, Nexus 6P, Nexus 7 (2013) 	Apr 9, 2016
        
        * The patch for this issue is not publicly available. The update is
        contained in the latest binary drivers for Nexus devices available 
        from the Google Developer site.
        
        Elevation of privilege vulnerability in NVIDIA video driver
        
        An elevation of privilege vulnerability in the NVIDIA video driver 
        could enable a local malicious application to execute arbitrary code
        within the context of the kernel. This issue is rated as Critical 
        due to the possibility of a local permanent device compromise, which
        may require reflashing the operating system to repair the device.
        
        CVE 		References 			Severity 	Updated Nexus devices 		Date reported
        
        CVE-2016-3769 	A-28376656* N-CVE20163769 	Critical 	Nexus 9 			Apr 18, 2016
        
        * The patch for this issue is not publicly available. The update is
        contained in the latest binary drivers for Nexus devices available 
        from the Google Developer site.
        
        Elevation of privilege vulnerability in MediaTek drivers (Device 
        specific)
        
        An elevation of privilege vulnerability in multiple MediaTek drivers
        could enable a local malicious application to execute arbitrary code
        within the context of the kernel. This issue is rated as Critical 
        due to the possibility of a local permanent device compromise, which
        may require reflashing the operating system to repair the device.
        
        CVE 		References 			Severity	Updated Nexus devices 		Date reported
        
        CVE-2016-3770 	A-28346752* M-ALPS02703102 	Critical 	Android One 			Apr 22, 2016
        
        CVE-2016-3771 	A-29007611* M-ALPS02703102 	Critical 	Android One 			Apr 22, 2016
        
        CVE-2016-3772 	A-29008188* M-ALPS02703102 	Critical 	Android One 			Apr 22, 2016
        
        CVE-2016-3773 	A-29008363* M-ALPS02703102 	Critical 	Android One 			Apr 22, 2016
        
        CVE-2016-3774 	A-29008609* M-ALPS02703102 	Critical 	Android One 			Apr 22, 2016
        
        * The patch for this issue is not publicly available. The update is
        contained in the latest binary drivers for Nexus devices available 
        from the Google Developer site.
        
        Elevation of privilege vulnerability in kernel file system
        
        An elevation of privilege vulnerability in the kernel file system 
        could enable a local malicious application to execute arbitrary code
        within the context of the kernel. This issue is rated as Critical 
        due to the possibility of a local permanent device compromise, which
        may require reflashing the operating system to repair the device.
        
        CVE 		References 	Severity 	Updated Nexus devices 					Date reported
        
        CVE-2016-3775 	A-28588279* 	Critical 	Nexus 5X, Nexus 6, Nexus 6P and Nexus Player, Pixel C 	May 4, 2016
        
        * The patch for this issue is not publicly available. The update is
        contained in the latest binary drivers for Nexus devices available 
        from the Google Developer site.
        
        Elevation of privilege vulnerability in USB driver
        
        An elevation of privilege vulnerability in the USB driver could 
        enable a local malicious application to execute arbitrary code 
        within the context of the kernel. This issue is rated as Critical 
        severity due to the possibility of a local permanent device 
        compromise, which may require reflashing the operating system to 
        repair the device.
        
        CVE 		References 	Severity 	Updated Nexus devices 								Date reported
        
        CVE-2015-8816 	A-28712303* 	Critical 	Nexus 5X, Nexus 6, Nexus 6P, Nexus 7 (2013), Nexus 9, Nexus Player, Pixel 	C May 4, 2016
        
        * The patch for this issue is not publicly available. The update is
        contained in the latest binary drivers for Nexus devices available 
        from the Google Developer site.
        
        Elevation of privilege vulnerability in Qualcomm components
        
        The table below contains security vulnerabilities affecting Qualcomm
        components including the bootloader, camera driver, character drive,
        networking, sound driver and video driver.
        
        The most severe of these issues is rated as Critical due to 
        possibility of arbitrary code execution leading to the possibility 
        of a local permanent device compromise, which may require reflashing
        the operating system to repair the device. 
        
        CVE		References 		Severity*	Updated Nexus devices 		Date reported
        
        CVE-2014-9795 	A-28820720 QC-CR681957	Critical 	Nexus 5 			Aug 8, 2014
        
        CVE-2014-9794 	A-28821172 QC-CR646385 	Critical 	Nexus 7 (2013) 			Aug 8,2014
        
        CVE-2015-8892 	A-28822807 QC-CR902998 	Critical 	Nexus 5X, Nexus 6P 		Dec 30, 2015
        
        CVE-2014-9781 	A-28410333 QC-CR556471 	High 		Nexus 7 (2013) 			Feb 6, 2014
        
        CVE-2014-9786 	A-28557260 QC-CR545979 	High 		Nexus 5, Nexus 7 (2013) 	Mar 13, 2014
        
        CVE-2014-9788 	A-28573112 QC-CR548872 	High 		Nexus 5 			Mar 13, 2014
        
        CVE-2014-9779 	A-28598347 QC-CR548679 	High 		Nexus 5 			Mar 13, 2014
        	
        CVE-2014-9780 	A-28602014 QC-CR542222 	High 		Nexus 5, Nexus 5X, Nexus 6P 	Mar 13, 2014
        
        CVE-2014-9789 	A-28749392 QC-CR556425 	High 		Nexus 5 			Mar 13, 2014
        
        CVE-2014-9793 	A-28821253 QC-CR580567 	High 		Nexus 7 (2013) 			Mar 13, 2014
        
        CVE-2014-9782 	A-28431531 QC-CR511349 	High 		Nexus 5, Nexus 7 (2013) 	Mar 31, 2014
        
        CVE-2014-9783 	A-28441831 QC-CR511382	High 		Nexus 7 (2013) 			Mar 31,2014
        
        CVE-2014-9785 	A-28469042 QC-CR545747 	High 		Nexus 7 (2013) 			Mar 31, 2014
        
        CVE-2014-9787 	A-28571496 QC-CR545764 	High 		Nexus 7 (2013) 			Mar 31, 2014
        
        CVE-2014-9784 	A-28442449 QC-CR585147 	High 		Nexus 5, Nexus 7 (2013) 	Apr 30, 2014
        
        CVE-2014-9777 	A-28598501 QC-CR563654 	High 		Nexus 5, Nexus 7 (2013)		Apr 30, 2014
        
        CVE-2014-9778 	A-28598515 QC-CR563694 	High 		Nexus 5, Nexus 7 (2013) 	Apr 30, 2014
        
        CVE-2014-9790 	A-28769136 QC-CR545716 	High 		Nexus 5, Nexus 7 (2013) 	Apr 30, 2014
        
        CVE-2014-9792 	A-28769399 QC-CR550606 	High 		Nexus 5 			Apr 30, 2014
        
        CVE-2014-9797 	A-28821090 QC-CR674071 	High 		Nexus 5 			Jul 3, 2014
        
        CVE-2014-9791 	A-28803396 QC-CR659364 	High 		Nexus 7 (2013) 			Aug 29, 2014
        
        CVE-2014-9796 	A-28820722 QC-CR684756 	High 		Nexus 5, Nexus 7 (2013) 	Sep 30, 2014
        
        CVE-2014-9800 	A-28822150 QC-CR692478 	High 		Nexus 5, Nexus 7 (2013) 	Oct 31, 2014
        
        CVE-2014-9799 	A-28821731 QC-CR691916 	High 		Nexus 5, Nexus 7 (2013) 	Oct 31, 2014
        
        CVE-2014-9801 	A-28822060 QC-CR705078 	High 		Nexus 5 			Nov 28, 2014
        
        CVE-2014-9802 	A-28821965 QC-CR705108 	High 		Nexus 5, Nexus 7 (2013) 	Dec 31, 2014
        
        CVE-2015-8891 	A-28842418 QC-CR813930 	High 		Nexus 5, Nexus 7 (2013) 	May 29, 2015
        
        CVE-2015-8888 	A-28822465 QC-CR813933 	High 		Nexus 5 			Jun 30, 2015
        
        CVE-2015-8889 	A-28822677 QC-CR804067 	High 		Nexus 6P 			Jun 30, 2015
        
        CVE-2015-8890 	A-28822878 QC-CR823461 	High 		Nexus 5, Nexus 7 (2013) 	Aug 19, 2015
        
        * The severity rating for these issues is provided directly by 
        Qualcomm.
        
        Elevation of privilege vulnerability in Qualcomm USB driver
        
        An elevation of privilege vulnerability in the Qualcomm USB driver 
        could enable a local malicious application to execute arbitrary code
        within the context of the kernel. This issue is rated as High 
        because it first requires compromising a privileged process.
        
        CVE 		References 		Severity 	Updated Nexus devices 		Date reported
        
        CVE-2016-2502 	A-27657963 QC-CR997044 	High 		Nexus 5X, Nexus 6P 		Mar 11,2016
        
        Elevation of privilege vulnerability in Qualcomm Wi-Fi driver
        
        An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver
        could enable a local malicious application to execute arbitrary code
        within the context of the kernel. This issue is rated as High 
        because it first requires compromising a privileged process.
        
        CVE 		References 		Severity 	Updated Nexus devices 		Date reported
        
        CVE-2016-3792 	A-27725204 QC-CR561022 	High 		Nexus 7 (2013) 			Mar 17, 2016
        
        Elevation of privilege vulnerability in Qualcomm camera driver
        
        An elevation of privilege vulnerability in the Qualcomm camera 
        driver could enable a local malicious application to execute 
        arbitrary code within the context of the kernel. This issue is rated
        as High because it first requires compromising a privileged process.
        
        CVE 		References 			Severity 	Updated Nexus devices 				Date reported
        
        CVE-2016-2501 	A-27890772* QC-CR1001092	High 		Nexus 5X, Nexus 6, Nexus6P, Nexus 7 (2013) 	Mar 27, 2016
        
        * The patch for this issue is not publicly available. The update is
        contained in the latest binary drivers for Nexus devices available 
        from the Google Developer site.
        
        Elevation of privilege vulnerability in NVIDIA camera driver
        
        An elevation of privilege vulnerability in the NVIDIA camera driver
        could enable a local malicious application to execute arbitrary code
        within the context of the kernel. This issue is rated as High 
        because it first requires compromising a privileged process.
        
        CVE 		References 			Severity 	Updated Nexus devices 	Date reported
        
        CVE-2016-3793 	A-28026625* N-CVE20163793 	High 		Nexus 9 		Apr 5, 2016
        
        CVE-2016-3794 	A-28522227* N-CVE20163794 	High 		Nexus 9 		May 1, 2016
        
        * The patch for this issue is not publicly available. The update is
        contained in the latest binary drivers for Nexus devices available 
        from the Google Developer site.
        
        Elevation of privilege vulnerability in MediaTek power driver
        
        An elevation of privilege in the MediaTek power driver could enable
        a local malicious application to execute arbitrary code within the 
        context of the kernel. This issue is rated as High because it first
        requires compromising a privileged process.
        
        CVE 		References 			Severity 	Updated Nexus devices 	Date reported
        
        CVE-2016-3795 	A-28085222* M-ALPS02677244 	High 		Android One 		Apr 7, 2016
        
        CVE-2016-3796 	A-29008443* M-ALPS02677244 	High 		Android One 		Apr 7, 2016
        
        * The patch for this issue is not publicly available. The update is
        contained in the latest binary drivers for Nexus devices available 
        from the Google Developer site.
        
        Elevation of privilege vulnerability in Qualcomm Wi-Fi driver
        
        An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver
        could enable a local malicious application to execute arbitrary code
        within the context of the kernel. This issue is rated as High 
        because it first requires compromising a privileged process.
        
        CVE 		References 			Severity 	Updated Nexus devices 	Date reported
        
        CVE-2016-3797 	A-28085680* QC-CR1001450 	High 		Nexus 5X 		Apr 7, 2016
        
        * The patch for this issue is not publicly available. The update is
        contained in the latest binary drivers for Nexus devices available 
        from the Google Developer site.
        
        Elevation of privilege vulnerability in MediaTek hardware sensor 
        driver
        
        An elevation of privilege vulnerability in the MediaTek hardware 
        sensor driver could enable a local malicious application to execute
        arbitrary code within the context of the kernel. This issue is rated
        as High because it first requires compromising a privileged process.
        
        CVE 		References 			Severity 	Updated Nexus devices 	Date reported
        
        CVE-2016-3798 	A-28174490* M-ALPS02703105 	High 		Android One 		Apr 11, 2016
        
        * The patch for this issue is not publicly available. The update is
        contained in the latest binary drivers for Nexus devices available 
        from the Google Developer site.
        
        Elevation of privilege vulnerability in MediaTek video driver
        
        An elevation of privilege vulnerability in the MediaTek video driver
        could enable a local malicious application to execute arbitrary code
        within the context of the kernel. This issue is rated as High 
        because it first requires compromising a privileged process.
        
        CVE 		References 			Severity 	Updated Nexus devices 	Date reported
        
        CVE-2016-3799 	A-28175025* M-ALPS02693738 	High 		Android One 		Apr 11, 2016
        
        CVE-2016-3800 	A-28175027* M-ALPS02693739 	High 		Android One 		Apr 11, 2016
        
        * The patch for this issue is not publicly available. The update is
        contained in the latest binary drivers for Nexus devices available 
        from the Google Developer site.
        
        Elevation of privilege vulnerability in MediaTek GPS driver
        
        An elevation of privilege vulnerability in the MediaTek GPS driver 
        could enable a local malicious application to execute arbitrary code
        within the context of the kernel. This issue is rated as High 
        because it first requires compromising a privileged process.
        
        CVE 		References 			Severity 	Updated Nexus devices 	Date reported
        
        CVE-2016-3801 	A-28174914* M-ALPS02688853 	High 		Android One 		Apr 11, 2016
        
        * The patch for this issue is not publicly available. The update is
        contained in the latest binary drivers for Nexus devices available 
        from the Google Developer site.
        
        Elevation of privilege vulnerability in kernel file system
        
        An elevation of privilege vulnerability in the kernel file system 
        could enable a local malicious application to execute arbitrary code
        within the context of the kernel. This issue is rated as High 
        because it first requires compromising a privileged process. 
        
        CVE 		References 	Severity 	Updated Nexus devices 	Date reported
        
        CVE-2016-3802 	A-28271368* 	High 		Nexus 9 		Apr 19, 2016
        
        CVE-2016-3803 	A-28588434* 	High 		Nexus 5X, Nexus 6P 	May 4, 2016
        
        * The patch for this issue is not publicly available. The update is
        contained in the latest binary drivers for Nexus devices available 
        from the Google Developer site.
        
        Elevation of privilege vulnerability in MediaTek power management 
        driver
        
        An elevation of privilege in the MediaTek power management driver 
        could enable a local malicious application to execute arbitrary code
        within the context of the kernel. This issue is rated as High 
        because it first requires compromising a privileged process.
        
        CVE 		References 			Severity 	Updated Nexus devices 	Date reported
        
        CVE-2016-3804 	A-28332766* M-ALPS02694410 	High 		Android One 		Apr 20, 2016
        
        CVE-2016-3805 	A-28333002* M-ALPS02694412 	High 		Android One 		Apr 21, 2016
        
        * The patch for this issue is not publicly available. The update is
        contained in the latest binary drivers for Nexus devices available 
        from the Google Developer site.
        
        Elevation of privilege vulnerability in MediaTek display driver
        
        An elevation of privilege vulnerability in the MediaTek display 
        driver could enable a local malicious application to execute 
        arbitrary code within the context of the kernel. This issue is rated
        as High because it first requires compromising a privileged process.
        
        CVE 		References 			Severity 	Updated Nexus devices 	Date reported
        
        CVE-2016-3806 	A-28402341* M-ALPS02715341 	High 		Android One 		Apr 26, 2016
        
        * The patch for this issue is not publicly available. The update is
        contained in the latest binary drivers for Nexus devices available 
        from the Google Developer site.
        
        Elevation of privilege vulnerability in serial peripheral interface
        driver
        
        An elevation of privilege vulnerability in the serial peripheral 
        interface driver could enable a local malicious application to 
        execute arbitrary code within the context of the kernel. This issue
        is rated as High because it first requires compromising a privileged
        process.
        
        CVE 		References 	Severity Updated Nexus devices 	Date reported
        
        CVE-2016-3807 	A-28402196* 	High 	Nexus 5X, Nexus 6P 	Apr 26, 2016
        
        CVE-2016-3808 	A-28430009* 	High 	Pixel C 		Apr 26, 2016
        
        * The patch for this issue is not publicly available. The update is
        contained in the latest binary drivers for Nexus devices available 
        from the Google Developer site.
        
        Elevation of privilege vulnerability in Qualcomm sound driver
        
        An elevation of privilege vulnerability in the Qualcomm sound driver
        could enable a local malicious application to execute arbitrary code
        within the context of the kernel. This issue is rated as High 
        severity because it first requires compromising a privileged 
        process.
        
        CVE 		References 		Severity 	Updated Nexus devices 			Date reported
        
        CVE-2016-2068 	A-28470967 QC-CR1006609 High 		Nexus 5, Nexus 5X, Nexus 6, Nexus 6P 	Apr 28, 2016
        
        Elevation of privilege vulnerability in kernel
        
        An elevation of privilege vulnerability in the kernel could enable a
        local malicious application to execute arbitrary code within the 
        context of the kernel. This issue is rated as High because it first
        requires compromising a privileged process.
        
        CVE 		References 			Severity 	Updated Nexus devices 	Date reported
        
        CVE-2014-9803 	A-28557020 Upstream kernel 	High 		Nexus 5X, Nexus 6P 	Google internal
        
        Information disclosure vulnerability in networking component
        
        An information disclosure vulnerability in the networking component
        could enable a local malicious application to access data outside of
        its permission levels. This issue is rated as High because it could
        be used to access sensitive data without explicit user permission.
        
        CVE 		References 	Severity 	Updated Nexus devices 	Date reported
        
        CVE-2016-3809	A-27532522* 	High 		All Nexus 		Mar 5, 2016
        
        * The patch for this issue is not publicly available. The update is
        contained in the latest binary drivers for Nexus devices available 
        from the Google Developer site.
        
        Information disclosure vulnerability in MediaTek Wi-Fi driver
        
        An information disclosure vulnerability in the MediaTek Wi-Fi driver
        could enable a local malicious application to access data outside of
        its permission levels. This issue is rated as High because it could
        be used to access sensitive data without explicit user permission.
        
        CVE 		References 			Severity 	Updated Nexus devices 	Date reported
        
        CVE-2016-3810 	A-28175522* M-ALPS02694389 	High 		Android One 		Apr 12, 2016
        
        * The patch for this issue is not publicly available. The update is
        contained in the latest binary drivers for Nexus devices available 
        from the Google Developer site.
        
        Elevation of privilege vulnerability in kernel video driver
        
        An elevation of privilege vulnerability in the kernel video driver 
        could enable a local malicious application to execute arbitrary code
        within the context of the kernel. This issue is rated as Moderate 
        because it first requires compromising a privileged process.
        
        CVE 		References 	Severity 	Updated Nexus devices 	Date reported
        
        CVE-2016-3811 	A-28447556* 	Moderate 	Nexus 9 		Google internal
        
        * The patch for this issue is not publicly available. The update is
        contained in the latest binary drivers for Nexus devices available 
        from the Google Developer site.
        
        Information disclosure vulnerability in MediaTek video codec driver
        
        An information disclosure vulnerability in the MediaTek video codec
        driver could enable a local malicious application to access data 
        outside of its permission levels. This issue is rated as Moderate 
        because it first requires compromising a privileged process.
        
        CVE 		References 			Severity 	Updated Nexus devices 	Date reported
        
        CVE-2016-3812 	A-28174833* M-ALPS02688832 	Moderate 	Android One 		Apr 11, 2016
        
        * The patch for this issue is not publicly available. The update is
        contained in the latest binary drivers for Nexus devices available 
        from the Google Developer site.
        
        Information disclosure vulnerability in Qualcomm USB driver
        
        An information disclosure vulnerability in the Qualcomm USB driver 
        could enable a local malicious application to access data outside of
        its permission levels. This issue is rated as Moderate because it 
        first requires compromising a privileged process.
        
        CVE 		References 			Severity 	Updated Nexus devices 			Date reported
        
        CVE-2016-3813 	A-28172322* QC-CR1010222 	Moderate 	Nexus 5, Nexus 5X, Nexus 6, Nexus 6P 	Apr 11, 2016
        
        * The patch for this issue is not publicly available. The update is
        contained in the latest binary drivers for Nexus devices available 
        from the Google Developer site.
        
        Information disclosure vulnerability in NVIDIA camera driver
        
        An information disclosure vulnerability in the NVIDIA camera driver
        could enable a local malicious application to access data outside of
        its permission levels. This issue is rated as Moderate because it 
        first requires compromising a privileged process.
        
        CVE 		References 			Severity 	Updated Nexus devices 	Date reported
        
        CVE-2016-3814 	A-28193342* N-CVE20163814 	Moderate 	Nexus 9 		Apr 14, 2016
        
        CVE-2016-3815 	A-28522274* N-CVE20163815 	Moderate 	Nexus 9 		May 1, 2016
        
        * The patch for this issue is not publicly available. The update is
        contained in the latest binary drivers for Nexus devices available 
        from the Google Developer site.
        
        Information disclosure vulnerability in MediaTek display driver
        
        An information disclosure vulnerability in the MediaTek display 
        driver could enable a local malicious application to access data 
        outside of its permission levels. This issue is rated as Moderate 
        because it first requires compromising a privileged process.
        
        CVE 		References 	Severity 	Updated Nexus devices 	Date reported
        
        CVE-2016-3816 	A-28402240* 	Moderate 	Android One 		Apr 26, 2016
        
        * The patch for this issue is not publicly available. The update is
        contained in the latest binary drivers for Nexus devices available 
        from the Google Developer site.
        
        Information disclosure vulnerability in kernel teletype driver
        
        An information disclosure vulnerability in the teletype driver could
        enable a local malicious application to access data outside of its 
        permission levels. This issue is rated as Moderate because it first
        requires compromising a privileged process.
        
        CVE 		References 			Severity 	Updated Nexus devices 									Date reported
        
        CVE-2016-0723 	A-28409131 Upstream kernel 	Moderate 	Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, Nexus 7 (2013), Nexus 9, Nexus Player, Pixel C 	Apr 26, 2016
        
        Denial of service vulnerability in Qualcomm bootloader
        
        A denial of service vulnerability in the Qualcomm bootloader could 
        enable a local malicious application to cause a local permanent 
        device compromise, which may require reflashing the operating system
        to repair the device. This issue is rated as Moderate because it 
        first requires compromising a privileged process.
        
        CVE 		References 		Severity 	Updated Nexus devices 	Date reported
        
        CVE-2014-9798 	A-28821448 QC-CR681965 	Moderate 	Nexus 5 		Oct 31, 2014
        
        CVE-2015-8893 	A-28822690 QC-CR822275 	Moderate 	Nexus 5, Nexus 7 (2013)	Aug 19, 2015" [1]


MITIGATION

        Google advises it has released Over The Air (OTA) updates for Nexus,
        and partner updates are expected to be released to the Android Open
        Source Project (AOSP) shortly. Android users are advised to update 
        to the latest versions to address these issues. [1]


REFERENCES

        [1] Android Security Bulletin - July 2016
            https://source.android.com/security/bulletin/2016-07-01.html

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBV33v24x+lLeg9Ub1AQhlNQ//VnvvYMbZRXv/oBzGPm66MRkQ6KhnLlYd
8IsiIzbLGHelTjxxkLHMTLKL4/vSK5QxGZVMJblvLSiDZExtSC1NFQAUXLByGdGH
+jj7BAkjDNLDCkt96DZm5MJcaboaA0qEzvOLJstgRwExRdfkHfp3A6EiJ2dsz6SP
0QLcL6JaR5g4eM9hgbsri8GJKIcx8cPX/elyWsDJD9T4OxAm+IQ/NRT9yRW46FdO
ikWXUxKRlv8pjlztoo6g3ZNyuNb627FJ9YFqkeAeRaNsDaXS7jxxrANxTGWhxzLc
2fn7YlhCUHnhAg+ky0pFszhcmxFFer2/QTx61Sh7NJOFINxDXeHtwhVzS14R09f9
+YOCqnWGd4q8mkxU02tDa4z5HOtk1md7bkdtDalmkR9GE7nULtWtyfuJYhTSR+Vd
E4xC43vYutmllGWF6Cqrt5Itt+0j1/b32Ef71cSi/pMkCEUJJlO86VQeaHg6/0j9
GEK0lB1jvNaPew7tDgu5gxylFnBInbtPJDkkswE66CgE8JX0GERvtzYUl+byBNAM
q/3EtDm+QiIUzjKU2wkg2DaeC+Uw59DHWsi1FexV4jE7w7tvYDPuzIt2iufTjaa5
t35u19hSnkZxwI5LiUzn9MnSWPiAPV4q2YeIIUeskUIILJt8+9TxR+DL3Z0qiFG0
pzmXcbmHv9c=
=nE/f
-----END PGP SIGNATURE-----