14 DAY TRIAL // Google has just released its biggest-ever Android Security Bulletin since it started the program in August 2015, with its engineers having fixed 108 vulnerabilities in two batches, of which 20 issues labeled as "Critical," the highest severity level possible.
The most patched component was not the Mediaserver component like in past security bulletins, even if Google fixed seven issues, but various security fixes for multiple Qualcomm components such as the USB driver, Wi-Fi driver, camera driver, GPU driver, sound driver, and several others.
In total, Google's engineers addressed 42 Qualcomm-specific issues, most of which were elevation of privilege (EoP) vulnerabilities that allow third-party actors to execute code on the device that could lead to permanent device compromise. These issues may have required reflashing the operating system to repair the device, something Google could not leave unpatched.
First time the Android Security Bulletin is delivered in two batches
This is the first time Google split its Android Security Bulletin in two. The first batch was released on July 1 and contained general fixes to the Android OS while the second batch was offered on July 5 and included fixes for device-specific components.
OEMs that don't feature specific drivers such as NVIDIA, Qualcomm, or MediaTek must apply the first patch while also selectively implementing the second.
Below is a breakdown of all the issues Google addressed this month. None of these issues deals with the Qualcomm bugs that allow the cracking of Android's Full-Disk Encryption (FDE).
| Issue | CVE | Severity | Affects Nexus? |
|---|---|---|---|
| Remote code execution vulnerability in Mediaserver | CVE-2016-2506, CVE-2016-2505, CVE-2016-2507, CVE-2016-2508, CVE-2016-3741, CVE-2016-3742, CVE-2016-3743 | Critical | Yes |
| Remote code execution vulnerability in OpenSSL & BoringSSL | CVE-2016-2108 | Critical | Yes |
| Remote code execution vulnerability in Bluetooth | CVE-2016-3744 | High | Yes |
| Elevation of privilege vulnerability in libpng | CVE-2016-3751 | High | Yes |
| Elevation of privilege vulnerability in Mediaserver | CVE-2016-3745, CVE-2016-3746, CVE-2016-3747 | High | Yes |
| Elevation of privilege vulnerability in sockets | CVE-2016-3748 | High | Yes |
| Elevation of privilege vulnerability in LockSettingsService | CVE-2016-3749 | High | Yes |
| Elevation of privilege vulnerability in Framework APIs | CVE-2016-3750 | High | Yes |
| Elevation of privilege vulnerability in ChooserTarget service | CVE-2016-3752 | High | Yes |
| Information disclosure vulnerability in Mediaserver | CVE-2016-3753 | High | No* |
| Information disclosure vulnerability in OpenSSL | CVE-2016-2107 | High | No* |
| Denial of service vulnerability in Mediaserver | CVE-2016-3754, CVE-2016-3755, CVE-2016-3756 | High | Yes |
| Denial of service vulnerability in libc | CVE-2016-3818 | High | No* |
| Elevation of privilege vulnerability in lsof | CVE-2016-3757 | Moderate | Yes |
| Elevation of privilege vulnerability in DexClassLoader | CVE-2016-3758 | Moderate | Yes |
| Elevation of privilege vulnerability in Framework APIs | CVE-2016-3759 | Moderate | Yes |
| Elevation of privilege vulnerability in Bluetooth | CVE-2016-3760 | Moderate | Yes |
| Elevation of privilege vulnerability in NFC | CVE-2016-3761 | Moderate | Yes |
| Elevation of privilege vulnerability in sockets | CVE-2016-3762 | Moderate | Yes |
| Information disclosure vulnerability in Proxy Auto-Config | CVE-2016-3763 | Moderate | Yes |
| Information disclosure vulnerability in Mediaserver | CVE-2016-3764, CVE-2016-3765 | Moderate | Yes |
| Denial of service vulnerability in Mediaserver | CVE-2016-3766 | Moderate | Yes |
| Issue | CVE | Severity | Affects Nexus? |
|---|---|---|---|
| Elevation of privilege vulnerability in Qualcomm GPU driver (Device specific) | CVE-2016-2503, CVE-2016-2067 | Critical | Yes |
| Elevation of privilege vulnerability in MediaTek Wi-Fi driver (Device specific) | CVE-2016-3767 | Critical | Yes |
| Elevation of privilege vulnerability in Qualcomm performance component (Device specific) | CVE-2016-3768 | Critical | Yes |
| Elevation of privilege vulnerability in NVIDIA video driver (Device specific) | CVE-2016-3769 | Critical | Yes |
| Elevation of privilege vulnerability in MediaTek drivers (Device specific) | CVE-2016-3770, CVE-2016-3771, CVE-2016-3772, CVE-2016-3773, CVE-2016-3774 | Critical | Yes |
| Elevation of privilege vulnerability in kernel file system (Device specific) | CVE-2016-3775 | Critical | Yes |
| Elevation of privilege vulnerability in USB driver (Device specific) | CVE-2015-8816 | Critical | Yes |
| Elevation of privilege vulnerability in Qualcomm components (Device specific) | CVE-2014-9794, CVE-2014-9795, CVE-2015-8892, CVE-2013-7457, CVE-2014-9781, CVE-2014-9786, CVE-2014-9788, CVE-2014-9779, CVE-2014-9780, CVE-2014-9789, CVE-2014-9793, CVE-2014-9782, CVE-2014-9783, CVE-2014-9785, CVE-2014-9787, CVE-2014-9784, CVE-2014-9777, CVE-2014-9778, CVE-2014-9790, CVE-2014-9792, CVE-2014-9797, CVE-2014-9791, CVE-2014-9796, CVE-2014-9800, CVE-2014-9799, CVE-2014-9801, CVE-2014-9802, CVE-2015-8891, CVE-2015-8888, CVE-2015-8889, CVE-2015-8890 | High | Yes |
| Elevation of privilege vulnerability in Qualcomm USB driver (Device specific) | CVE-2016-2502 | High | Yes |
| Elevation of privilege vulnerability in Qualcomm Wi-Fi driver (Device specific) | CVE-2016-3792 | High | Yes |
| Elevation of privilege vulnerability in Qualcomm camera driver (Device specific) | CVE-2016-2501 | High | Yes |
| Elevation of privilege vulnerability in NVIDIA camera driver (Device specific) | CVE-2016-3793, CVE-2016-3794 | High | Yes |
| Elevation of privilege vulnerability in MediaTek power driver (Device specific) | CVE-2016-3795, CVE-2016-3796 | High | Yes |
| Elevation of privilege vulnerability in Qualcomm Wi-Fi driver (Device specific) | CVE-2016-3797 | High | Yes |
| Elevation of privilege vulnerability in MediaTek hardware sensor driver (Device specific) | CVE-2016-3798 | High | Yes |
| Elevation of privilege vulnerability in MediaTek video driver (Device specific) | CVE-2016-3799, CVE-2016-3800 | High | Yes |
| Elevation of privilege vulnerability in MediaTek GPS driver (Device specific) | CVE-2016-3801 | High | Yes |
| Elevation of privilege vulnerability in kernel file system (Device specific) | CVE-2016-3802, CVE-2016-3803 | High | Yes |
| Elevation of privilege vulnerability in MediaTek power management driver (Device specific) | CVE-2016-3804, CVE-2016-3805 | High | Yes |
| Elevation of privilege vulnerability in MediaTek display driver (Device specific) | CVE-2016-3806 | High | Yes |
| Elevation of privilege vulnerability in serial peripheral interface driver (Device specific) | CVE-2016-3807, CVE-2016-3808 | High | Yes |
| Elevation of privilege vulnerability in Qualcomm sound driver (Device specific) | CVE-2016-2068 | High | Yes |
| Elevation of privilege vulnerability in kernel (Device specific) | CVE-2014-9803 | High | Yes |
| Information disclosure vulnerability in networking component (Device specific) | CVE-2016-3809 | High | Yes |
| Information disclosure vulnerability in MediaTek Wi-Fi driver (Device specific) | CVE-2016-3810 | High | Yes |
| Elevation of privilege vulnerability in kernel video driver (Device specific) | CVE-2016-3811 | Moderate | Yes |
| Information disclosure vulnerability in MediaTek video codec driver (Device specific) | CVE-2016-3812 | Moderate | Yes |
| Information disclosure vulnerability in Qualcomm USB driver (Device specific) | CVE-2016-3813 | Moderate | Yes |
| Information disclosure vulnerability in NVIDIA camera driver (Device specific) | CVE-2016-3814, CVE-2016-3815 | Moderate | Yes |
| Information disclosure vulnerability in MediaTek display driver (Device specific) | CVE-2016-3816 | Moderate | Yes |
| Information disclosure vulnerability in kernel teletype driver (Device specific) | CVE-2016-0723 | Moderate | Yes |
| Denial of service vulnerability in Qualcomm bootloader (Device specific) | CVE-2014-9798, CVE-2015-8893 | Moderate | Yes |