Skip to content

Latest commit

 

History

History
197 lines (190 loc) · 17.3 KB

2016.md

File metadata and controls

197 lines (190 loc) · 17.3 KB
Raw

Open

Closed

  • CVE-2014-9798 & CVE-2015-8893 - Denial of service vulnerability in Qualcomm bootloader (Device specific)
  • CVE-2016-0723 - Information disclosure vulnerability in kernel teletype driver (Device specific)
  • CVE-2016-3816 - Information disclosure vulnerability in MediaTek display driver (Device specific)
  • CVE-2016-3814 & CVE-2016-3815 - Information disclosure vulnerability in NVIDIA camera driver (Device specific)
  • CVE-2016-3813 - Information disclosure vulnerability in Qualcomm USB driver (Device specific)
  • CVE-2016-3812 - Information disclosure vulnerability in MediaTek video codec driver (Device specific)
  • CVE-2016-3811 - Elevation of privilege vulnerability in kernel video driver (Device specific)
  • CVE-2016-3810 - Information disclosure vulnerability in MediaTek Wi-Fi driver (Device specific)
  • CVE-2016-3809 - Information disclosure vulnerability in networking component (Device specific)
  • CVE-2014-9803 - Elevation of privilege vulnerability in kernel (Device specific)
  • CVE-2016-2068 - Elevation of privilege vulnerability in Qualcomm sound driver (Device specific)
  • CVE-2016-3807 & CVE-2016-3808 - Elevation of privilege vulnerability in serial peripheral interface driver (Device specific)
  • CVE-2016-3806 - Elevation of privilege vulnerability in MediaTek display driver (Device specific)
  • CVE-2016-3804 & CVE-2016-3805 - Elevation of privilege vulnerability in MediaTek power management driver (Device specific)
  • CVE-2016-3802 & CVE-2016-3803 - Elevation of privilege vulnerability in kernel file system (Device specific)
  • CVE-2016-3801 - Elevation of privilege vulnerability in MediaTek GPS driver (Device specific)
  • CVE-2016-3799 & CVE-2016-3800 - Elevation of privilege vulnerability in MediaTek video driver (Device specific)
  • CVE-2016-3798 - Elevation of privilege vulnerability in MediaTek hardware sensor driver (Device specific)
  • CVE-2016-3797 - Elevation of privilege vulnerability in Qualcomm Wi-Fi driver (Device specific)
  • CVE-2016-3795 & CVE-2016-3796 - Elevation of privilege vulnerability in MediaTek power driver (Device specific)
  • CVE-2016-3793 - Elevation of privilege vulnerability in NVIDIA camera driver (Device specific)
  • CVE-2016-2501 - Elevation of privilege vulnerability in Qualcomm camera driver (Device specific)
  • CVE-2016-3792 - Elevation of privilege vulnerability in Qualcomm Wi-Fi driver (Device specific)
  • CVE-2016-2502 - Elevation of privilege vulnerability in Qualcomm USB driver (Device specific)
  • CVE-2014-9794 up to CVE-2015-8890 - Elevation of privilege vulnerability in Qualcomm components (Device specific) (OEM specific)
  • CVE-2015-8816 - Elevation of privilege vulnerability in USB driver (Device specific) (all OS)
  • CVE-2016-3775 - Elevation of privilege vulnerability in kernel file system (Device specific) (all OS)
  • CVE-2016-3770 up to CVE-2016-3774 - Elevation of privilege vulnerability in MediaTek drivers (Device specific)
  • CVE-2016-3769 - Elevation of privilege vulnerability in NVIDIA video driver (Device specific)
  • CVE-2016-3768 - Elevation of privilege vulnerability in Qualcomm performance component (Device specific)
  • CVE-2016-3767 - Elevation of privilege vulnerability in MediaTek Wi-Fi driver (Device specific)
  • CVE-2016-2503 & CVE-2016-2067 - Elevation of privilege vulnerability in Qualcomm GPU driver (Device specific)
  • CVE-2016-3766 - Denial of service vulnerability in Mediaserver
  • CVE-2016-3764 & CVE-2016-3765 - Information disclosure vulnerability in Mediaserver
  • CVE-2016-3763 - Information disclosure vulnerability in Proxy Auto-Config
  • CVE-2016-3762 - Elevation of privilege vulnerability in sockets
  • CVE-2016-3761 - Elevation of privilege vulnerability in NFC
  • CVE-2016-3760 - Elevation of privilege vulnerability in Bluetooth
  • CVE-2016-3759 - Elevation of privilege vulnerability in Framework APIs
  • CVE-2016-3758 - Elevation of privilege vulnerability in DexClassLoader
  • CVE-2016-3757 - Elevation of privilege vulnerability in lsof
  • CVE-2016-3818 - Denial of service vulnerability in libc
  • CVE-2016-3754 up to CVE-2016-3756 - Denial of service vulnerability in Mediaserver
  • CVE-2016-2107 - Information disclosure vulnerability in OpenSSL
  • CVE-2016-3753 - Information disclosure vulnerability in Mediaserver
  • CVE-2016-3752 - Elevation of privilege vulnerability in ChooserTarget service
  • CVE-2016-3750 - Elevation of privilege vulnerability in Framework APIs
  • CVE-2016-3749 - Elevation of privilege vulnerability in LockSettingsService
  • CVE-2016-3748 - Elevation of privilege vulnerability in sockets
  • CVE-2016-3745 up to CVE-2016-3747 - Elevation of privilege vulnerability in Mediaserver (Android 4 & 5/6)
  • CVE-2016-3751 - Elevation of privilege vulnerability in libpng
  • CVE-2016-3744 - Remote code execution vulnerability in Bluetooth
  • CVE-2016-2108 - Remote code execution vulnerability in OpenSSL & BoringSSL (4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1)
  • CVE-2016-2506, CVE-2016-2505, CVE-2016-2507, CVE-2016-2508, CVE-2016-3741, CVE-2016-3742 & CVE-2016-3743 - Remote code execution vulnerability in Mediaserver (all OS)
  • CVE-2016-2500 - Information Disclosure Vulnerability in Activity Manager
  • CVE-2016-2499 - Information Disclosure Vulnerability in Mediaserver
  • CVE-2016-2498 - Information Disclosure Vulnerability in Qualcomm Wi-Fi Driver
  • CVE-2016-2496 - Elevation of Privilege Vulnerability in Framework UI
  • CVE-2016-2495 - Remote Denial of Service Vulnerability in Mediaserver
  • CVE-2016-2493 - Elevation of Privilege Vulnerability in Broadcom Wi-Fi Driver
  • CVE-2016-2494 - Elevation of Privilege Vulnerability in SD Card Emulation Layer
  • CVE-2016-2492 - Elevation of Privilege Vulnerability in MediaTek Power Management Driver
  • CVE-2016-2470 up to CVE-2016-2473 (4!) - Elevation of Privilege Vulnerability in Qualcomm Wi-Fi Driver
  • CVE-2016-2490 & CVE-2016-2491 - Elevation of Privilege Vulnerability in NVIDIA Camera Driver
  • CVE-2016-2489 - Elevation of Privilege Vulnerability in Qualcomm Video Driver
  • CVE-2016-2061 & CVE-2016-2488 - Elevation of Privilege Vulnerability in Qualcomm Camera Driver
  • CVE-2016-2476 up to 2487 (12!) - Elevation of Privilege Vulnerability in Mediaserver
  • CVE-2016-2066 & CVE-2016-2469 - Elevation of Privilege Vulnerability in Qualcomm Sound Driver
  • CVE-2016-2475 - Elevation of Privilege Vulnerability in Broadcom Wi-Fi Driver
  • CVE-2016-2474 - Elevation of Privilege Vulnerability in Qualcomm Wi-Fi Driver
  • CVE-2016-2468 & CVE-2016-2062 - Elevation of Privilege Vulnerability in Qualcomm GPU Driver
  • CVE-2016-2466 & CVE-2016-2467 - Elevation of Privilege Vulnerability in Qualcomm Sound Driver
  • CVE-2016-2465 - Elevation of Privilege Vulnerability in Qualcomm Video Driver
  • CVE-2016-2464 - Remote Code Execution Vulnerabilities in libwebm
  • CVE-2016-2463 - Remote Code Execution Vulnerability in Mediaserver
  • CVE-2016-0774 - Denial of Service Vulnerability in Kernel
  • CVE-2016-2459 & CVE-2016-2460 - Information Disclosure Vulnerability in Mediaserver
  • CVE-2016-2458 - Information Disclosure Vulnerability in AOSP Mail
  • CVE-2016-2457 - Elevation of Privilege in Wi-Fi
  • CVE-2016-2456 - Elevation of Privilege Vulnerability in MediaTek Wi-Fi Driver
  • CVE-2016-0705 - Elevation of Privilege Vulnerability in OpenSSL & BoringSSL
  • CVE-2016-2461 & CVE-2016-2462 - Elevation of Privilege in Conscrypt
  • CVE-2016-2454 - Remote Denial of Service Vulnerability in Qualcomm Hardware Codec
  • CVE-2016-2453 - Elevation of Privilege Vulnerability in MediaTek Wi-Fi Driver
  • CVE-2016-2448 & CVE-2016-xx52 - Elevation of Privilege Vulnerability in Mediaserver
  • CVE-2016-4477 - Elevation of Privilege in Wi-Fi
  • CVE-2016-2444 & CVE-2016-xx46 - Elevation of Privilege Vulnerability in NVIDIA Video Driver
  • CVE-2015-0571 - Elevation of Privilege Vulnerability in Qualcomm Wi-Fi Driver
  • CVE-2016-2443 - Elevation of Privilege Vulnerability in Qualcomm MDP Driver
  • CVE-2016-2441 & CVE-2016-2442 - Elevation of Privilege Vulnerability in Qualcomm Buspm Driver
  • CVE-2016-2440 - Elevation of Privilege in Binder
  • CVE-2016-2439 - Remote Code Execution in Bluetooth
  • CVE-2016-2060 - Information Disclosure Vulnerability in Qualcomm Tethering Controller
  • CVE-2016-2438 - Remote Code Execution Vulnerability in Kernel
  • CVE-2015-1805 - Elevation of Privilege Vulnerability in Kernel
  • CVE-2016-2434 & CVE-2016-xx37 - Elevation of Privilege Vulnerability in NVIDIA Video Driver
  • CVE-2015-0569 & CVE-2015-0570 - Elevation of Privilege Vulnerability in Qualcomm Wi-Fi Driver
  • CVE-2016-2431 & CVE-2016-2432 - Elevation of Privilege Vulnerability in Qualcomm TrustZone
  • CVE-2016-2430 - Elevation of Privilege Vulnerability in Debuggerd
  • CVE-2016-2428 & CVE-2016-2429 - Remote Code Execution Vulnerability in Mediaserver
  • CVE-2015-3825
  • CVE-2016-2427 - Information Disclosure Vulnerability in BouncyCastle
  • CVE-2016-2426 - Information Disclosure Vulnerability in Framework
  • CVE-2016-2425 - Information Disclosure Vulnerability in AOSP Mail
  • CVE-2016-2424 - Denial of Service Vulnerability in SyncStorageEngine
  • CVE-2016-2423 - Elevation of Privilege Vulnerability in Telephony
  • CVE-2016-2422 - Elevation of Privilege Vulnerability in Wi-Fi
  • CVE-2016-2421 - Elevation of Privilege Vulnerability in Setup Wizard
  • CVE-2016-2420 - Elevation of Privilege Vulnerability in Debuggerd Component
  • CVE-2016-2416 up to xxx2419 - Information Disclosure Vulnerability in Mediaserver
  • CVE-2016-2415 - Information Disclosure Vulnerability in Exchange ActiveSync
  • CVE-2016-2414 - Denial of Service Vulnerability in Minikin
  • CVE-2016-2413 - Elevation of Privilege Vulnerability in Mediaserver
  • CVE-2016-2412 - Elevation of Privilege Vulnerability in System_server
  • CVE-2016-2411 - Elevation of Privilege Vulnerability in Qualcomm Power Management Component
  • CVE-2016-2410 - Elevation of Privilege Vulnerability in a Video Kernel Driver
  • CVE-2016-2409 - Elevation of Privilege Vulnerability in Texas Instruments Haptic Driver
  • CVE-2016-0850 - Elevation of Privilege Vulnerability in Bluetooth
  • CVE-2016-0849 - Elevation of Privilege Vulnerability in Recovery Procedure
  • CVE-2016-0848 - Elevation of Privilege Vulnerability in Download Manager
  • CVE-2016-0847 - Elevation of Privilege Vulnerability in Telecom Component
  • CVE-2016-0846 - Elevation of Privilege Vulnerability in IMemory Native Interface
  • CVE-2014-9322 - Elevation of Privilege Vulnerability in Kernel
  • CVE-2016-0844 - Elevation of Privilege Vulnerability in Qualcomm RF Component
  • CVE-2016-0843 - Elevation of Privilege Vulnerability in Qualcomm Performance Module
  • CVE-2015-1805 - Elevation of Privilege Vulnerability in Kernel
  • CVE-2016-0842 - Remote Code Execution Vulnerability in libstagefright
  • CVE-2016-0835 up to xx0841 - Remote Code Execution Vulnerability in Mediaserver
  • CVE-2016-0834 - Remote Code Execution Vulnerability in Media Codec
  • CVE-2016-1503 & CVE-2014-6060 - Remote Code Execution Vulnerability in DHCPCD
  • CVE-2016-0815 - Remote Code Execution Vulnerability in Mediaserver
  • CVE-2016-0816 - Remote Code Execution Vulnerability in Mediaserver
  • CVE-2016-1621 - Remote Code Execution Vulnerabilities in libvpx
  • CVE-2016-0818 - Elevation of Privilege in Conscrypt
  • CVE-2016-0819 - Elevation of Privilege Vulnerability in the Qualcomm Performance Component
  • CVE-2016-0820 - Elevation of Privilege Vulnerability in MediaTek Wi-Fi Driver )
  • CVE-2016-0728 - Elevation of Privilege Vulnerability in Keyring Component
  • CVE-2016-0821 - Mitigation Bypass Vulnerability in the Kernel
  • CVE-2016-0822 - Elevation of Privilege in MediaTek Connectivity Driver
  • CVE-2016-0823 - Information Disclosure Vulnerability in Kernel
  • CVE-2016-0824 - Information Disclosure Vulnerability in libstagefright
  • CVE-2016-0825 - Information Disclosure Vulnerability in Widevine
  • CVE-2016-0826 - Elevation of Privilege Vulnerability in Mediaserver
  • CVE-2016-0827 - Elevation of Privilege Vulnerability in Mediaserver
  • CVE-2016-0828 - Information Disclosure Vulnerability in Mediaserver
  • CVE-2016-0829 - Information Disclosure Vulnerability in Mediaserver
  • CVE-2016-0830 - Remote Denial of Service Vulnerability in Bluetooth
  • CVE-2016-0831 - Information Disclosure Vulnerability in Telephony
  • CVE-2016-0832 - Elevation of Privilege Vulnerability in Setup Wizard
  • CVE-2015-6646 (Android 5.1.1 - 6.0.1 r13)
  • CVE-2015-5310 - Elevation of Privilege Vulnerability in Wi-Fi
  • CVE-2015-6643 (Android 5.1.1 - 6.0.1 r13)
  • CVE-2016-0812 + CVE-2016-0813 - Elevation of Privilege Vulnerability in Setup Wizard (fixed since Android 6.0.1 r13)
  • CVE-2016-0811 - Information Disclosure Vulnerability in libmediaplayerservice (fixed since Android 6.0.1 r13)
  • CVE-2016-0809 - Elevation of Privilege Vulnerability in Wi-Fi (fixed since Android 6.0.1 r13)
  • CVE-2016-0808 - Denial of Service Vulnerability in Minikin (fixed since Android 6.0.1 r13)
  • CVE-2016-0803 + CVE-2016-0804 - Remote Code Execution Vulnerability in Mediaserver - (fixed since Android 6.0.1 r13)
  • CVE-2015-6645 (Android 4.4.4 - 6.0.1 r13)
  • CVE-2015-6644 (Android 4.4.4 - 6.0.1 r13) alias bug 24106146
  • CVE-2015-6641 (Android 6.0)
  • CVE-2015-6636 (Android 5.0 - 6.0.1)
  • CVE-2016-0801 & CVE-2016-0802 - Remote Code Execution (RCE) patched with (fixed since Android 6.0.1 r13)
  • CVE-2016-0807 Debuggerd execute arbitrary code within the device's root level (fixed since Android 6.0.1 r13)
  • CVE-2016-0810 Elevation of privilege (fixed since Android 6.0.1 r13)
  • CVE-2016-0805 Qualcomm Performance Module Elevation of Privilege vulnerabilitie (fixed since Android 6.0.1 r13)
  • CVE-2016-0806 Qualcomm Wi-Fi Driver Elevation of Privilege vulnerabilitie (fixed since Android 6.0.1 r13)
  • CVE-2015-6637 (Android 4.4.4 - 6.0.1 r13)
  • CVE-2015-6638 (Android 5.1.0 - 6.0.1 r13)
  • CVE-2015-6639 (Android 5.1.0 - 6.0.1 r13)
  • CVE-2015-6640 (Android 5.1.0 - 6.0 r13)
  • CVE-2015-6642 (Android 5.1.0 - 6.0.1 r13)
  • CVE-2014-7920 & CVE-2014-7921 Android privilege escalation to mediaserver from zero permissions - source code (fixed in Android 5.1.1 and higher)

Rolling out to manufacturers and carriers