A presentation by Google engineer Jeff Vander Stoep on the Linux Security Summit (PDF) shows that 85% of all kernel bugs in Android are caused by vendor drivers. Most of them are not part of the mainline kernel (i.e. they represent out-of-tree code) and many of them are proprietary. This is also an explanation why Google (remember that Kees Cook is a Google employee, too) is one of the moving forces behind the Kernel Self-Protection Project. Hardening the kernel makes Android less vulnerable against these bugs.