Google Fixes 83 Android Flaws in November Update | eWeek

Google Patches 83 Android Flaws in November Update

Google Patches 83 Android Flaws in November Update
Nov 8, 2016
2 minute read
eWeek Le contenu et les recommandations de produits sont indépendants de la rédaction. Nous pouvons gagner de l'argent lorsque vous cliquez sur des liens vers nos partenaires. En savoir plus

Google on Nov. 7 released its November Android patches, which provide 83 fixes for vulnerabilities across three patch levels.

Across the patch levels—a complete patch level identified as 2016-11-05, a partial patch level identified as 2016-11-01 and the 2016-11-06 supplementary patch level—Google is patching a total of 13 vulnerabilities rated as having critical impact. Among the critical flaws being patched is CVE-2016-5195, also known as the so-called “Dirty COW” vulnerability in Linux.

The Dirty COW flaw is a privilege escalation that abuses the Copy On Write (COW) capabilities in the upstream Linux kernel. The issue was first fixed in Linux on Oct. 19. Google has included the fix for CVE-2016-5195 in its supplementary patch-level grouping.

“Supplemental security patch levels are provided to identify devices that contain fixes for issues that were publicly disclosed after the patch level was defined,” Google stated in its November security bulletin.”Addressing these recently disclosed vulnerabilities is not required until the 2016-12-01 security patch level.”

The Dirty COW issue is only one of 16 critical privilege escalation vulnerabilities that Google patched in November. Seven of the critical privilege escalation issues were found in the Nvidia GPU driver. The kernel file system is responsible for three of the privilege escalation flaws with CVE-2015-8961, CVE-2016-7910 and CVE-2016-7911.Three additional privilege escalation flaws were found in other parts of the Android kernel, including the SCSI driver (CVE-2015-8962), kernel media driver (CVE-2016-7913), kernel USB driver (CVE-2016-7912) and the kernel ION subsystem (CVE-2016-6728).

There is also a critical privilege escalation flaw in the Qualcomm bootloader. Qualcomm overall has been a source of many patched vulnerabilities in Android in recent months. In the October update, Qualcomm was the leading source of vulnerabilities with 30 patched flaws. For the November update, Qualcomm components account for 17 flaws in total, including four critical flaws (CVE-2016-6726, CVE-2016-6727, CVE-2016-6728 and CVE-2016-6725), five high-impact flaws and eight issues identified as having moderate impact.

Android’s mediaserver component once again is also part of Google’s patch update. There are a total of 13 patches in the November update for mediaserver-related flaws, though only one of them is rated as critical (CVE-2016-6699). Android’s media server and related libraries have been under scrutiny from security researchers since June 2015, when the first Stagefright flaw was revealed.

Sean Michael Kerner is a senior editor at eWEEK and InternetNews.com. Follow him on Twitter @TechJournalist.

eWeek Logo

eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site's focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

Propriété de TechnologyAdvice. © 2026 TechnologyAdvice. Tous droits réservés

Divulgation publicitaire : Certains des produits qui apparaissent sur ce site proviennent d'entreprises dont TechnologyAdvice reçoit une compensation. Cette compensation peut influencer la façon dont les produits apparaissent sur ce site, notamment l'ordre dans lequel ils apparaissent. TechnologyAdvice n'inclut pas toutes les entreprises ou tous les types de produits disponibles sur le marché.