1 page.title=Nexus - 2016 3 2 @jd:body 3 <!-- 4 Copyright 2016 The Android Open Source Project 5 Licensed under the Apache License, Version 2.0 (the "License"); 6 you may not use this file except in compliance with the License. 7 You may obtain a copy of the License at 8 http://www.apache.org/licenses/LICENSE-2.0 9 Unless required by applicable law or agreed to in writing, software 10 distributed under the License is distributed on an "AS IS" BASIS, 11 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 See the License for the specific language governing permissions and 13 limitations under the License. 14 --> 15 16 <div id="qv-wrapper"> 17 <div id="qv"> 18 <h2></h2> 19 <ol id="auto-toc"> 20 </ol> 21 </div> 22 </div> 23 24 <p><em>2016 3 7 | 2016 3 8 </em></p> 25 26 <p>Android Nexus 27 OTA 28 Nexus <a href="https://developers.google.com/android/nexus/images">Google </a> 29 30 LMY49H Android Marshmallow 2016 3 1 31 32 33 <a href="https://support.google.com/nexus/answer/4457705">Nexus </a></p> 34 35 <p> 2016 2 1 36 48 37 Android AOSP 38 AOSP </p> 39 40 <p>MMS 41 42 </p> 43 44 <p> 45 <a href="#mitigations">Android </a> 46 SafetyNet 47 <a href="{@docRoot}security/enhancements/index.html"></a>Android 48 49 </p> 50 51 <h2 id="security_vulnerability_summary"></h2> 52 53 <p>CVE 54 55 <a href="{@docRoot}security/overview/updates-resources.html#severity"></a> 56 57 58 </p> 59 <table> 60 <tr> 61 <th></th> 62 <th>CVE</th> 63 <th></th> 64 </tr> 65 <tr> 66 <td></td> 67 <td>CVE-2016-0815<br> 68 CVE-2016-0816</td> 69 <td></td> 70 </tr> 71 <tr> 72 <td>libvpx </td> 73 <td>CVE-2016-1621</td> 74 <td></td> 75 </tr> 76 <tr> 77 <td>Conscrypt </td> 78 <td>CVE-2016-0818</td> 79 <td></td> 80 </tr> 81 <tr> 82 <td>Qualcomm <br> 83 </td> 84 <td>CVE-2016-0819</td> 85 <td></td> 86 </tr> 87 <tr> 88 <td>MediaTek Wi-Fi </td> 89 <td>CVE-2016-0820</td> 90 <td></td> 91 </tr> 92 <tr> 93 <td> </td> 94 <td>CVE-2016-0728</td> 95 <td></td> 96 </tr> 97 <tr> 98 <td></td> 99 <td>CVE-2016-0821</td> 100 <td></td> 101 </tr> 102 <tr> 103 <td>MediaTek </td> 104 <td>CVE-2016-0822</td> 105 <td></td> 106 </tr> 107 <tr> 108 <td></td> 109 <td>CVE-2016-0823</td> 110 <td></td> 111 </tr> 112 <tr> 113 <td>libstagefright </td> 114 <td>CVE-2016-0824</td> 115 <td></td> 116 </tr> 117 <tr> 118 <td>Widevine </td> 119 <td>CVE-2016-0825</td> 120 <td></td> 121 </tr> 122 <tr> 123 <td></td> 124 <td>CVE-2016-0826<br> 125 CVE-2016-0827</td> 126 <td></td> 127 </tr> 128 <tr> 129 <td></td> 130 <td>CVE-2016-0828<br> 131 CVE-2016-0829</td> 132 <td></td> 133 </tr> 134 <tr> 135 <td>Bluetooth </td> 136 <td>CVE-2016-0830</td> 137 <td></td> 138 </tr> 139 <tr> 140 <td>Telephony </td> 141 <td>CVE-2016-0831</td> 142 <td></td> 143 </tr> 144 <tr> 145 <td> </td> 146 <td>CVE-2016-0832</td> 147 <td></td> 148 </tr> 149 </table> 150 151 152 <h3 id="mitigations"></h3> 153 154 155 <p><a href="{@docRoot}security/enhancements/index.html">Android </a> 156 SafetyNet 157 158 Android 159 </p> 160 161 <ul> 162 <li> Android Android 163 Android 164 <li> Android SafetyNet Google Play Google Play 165 <li> Google 166 </li></li></li></ul> 167 168 <h3 id="acknowledgements"></h3> 169 170 171 <p></p> 172 173 <ul> 174 <li> Google Chrome Abhishek AryaOliver ChangMartin 175 Barbella: CVE-2016-0815 176 <li> CENSUS S.A. Anestis Bechtsoudis<a href="https://twitter.com/anestisb">@anestisb</a>: CVE-2016-0816CVE-2016-0824 177 <li> Android Chad Brubaker: CVE-2016-0818 178 <li> Google Project Zero Mark Brand: CVE-2016-0820 179 <li> <a href="http://www.360safe.com">Qihoo 360</a> <a href="http://c0reteam.org">C0RE </a> Mingjian Zhou<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>Chiachih Wu<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>Xuxian Jiang: CVE-2016-0826 180 <li> Trend Micro Peter Pi<a href="https://twitter.com/heisecode">@heisecode</a>: CVE-2016-0827CVE-2016-0828CVE-2016-0829 181 <li> Scott Bauer<a href="mailto:sbauer (a] eng.utah.edu">sbauer (a] eng.utah.edu</a><a href="mailto:sbauer (a] plzdonthack.me">sbauer (a] plzdonthack.me</a>: CVE-2016-0822 182 <li> Trend Micro Inc. Wish Wu<a href="https://twitter.com/@wish_wu">@wish_wu</a>: CVE-2016-0819 183 <li> Huawei Yongzheng WuTieyan Li: CVE-2016-0831 184 <li> Singapore Management University Su Mon KyweYingjiu Li: CVE-2016-0831 185 <li> Android Zach Riggle<a href="https://twitter.com/@ebeip90">@ebeip90</a>: CVE-2016-0821 186 </li></li></li></li></li></li></li></li></li></li></li></ul> 187 188 <h2 id="security_vulnerability_details"></h2> 189 190 191 <p><a href="#security_vulnerability_summary"></a>CVE 192 193 ID AOSP 194 ID 195 AOSP </p> 196 197 <h3 id="remote_code_execution_vulnerability_in_mediaserver"></h3> 198 199 200 <p> 201 202 </p> 203 204 <p> 205 MMS 206 </p> 207 208 <p> 209 210 211 </p> 212 <table> 213 <tr> 214 <th>CVE</th> 215 <th> AOSP </th> 216 <th></th> 217 <th></th> 218 <th></th> 219 </tr> 220 <tr> 221 <td>CVE-2016-0815</td> 222 <td><a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/5403587a74aee2fb57076528c3927851531c8afb">ANDROID-26365349</a> 223 </td> 224 <td></td> 225 <td>4.4.45.0.25.1.16.06.0.1</td> 226 <td>Google </td> 227 </tr> 228 <tr> 229 <td>CVE-2016-0816</td> 230 <td><a href="https://android.googlesource.com/platform/external/libavc/+/4a524d3a8ae9aa20c36430008e6bd429443f8f1d">ANDROID-25928803</a> 231 </td> 232 <td></td> 233 <td>6.06.0.1</td> 234 <td>Google </td> 235 </tr> 236 </table> 237 238 239 <h3 id="remote_code_execution_vulnerabilities_in_libvpx">libvpx </h3> 240 241 242 <p> 243 244 </p> 245 246 <p> 247 MMS 248 </p> 249 250 <p> 251 252 253 </p> 254 <table> 255 <tr> 256 <th>CVE</th> 257 <th> AOSP </th> 258 <th></th> 259 <th></th> 260 <th></th> 261 </tr> 262 <tr> 263 <td>CVE-2016-1621</td> 264 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/5a6788730acfc6fd8f4a6ef89d2c376572a26b55">ANDROID-23452792</a> 265 <a href="https://android.googlesource.com/platform/external/libvpx/+/04839626ed859623901ebd3a5fd483982186b59d">[2]</a> 266 <a href="https://android.googlesource.com/platform/external/libvpx/+/5a9753fca56f0eeb9f61e342b2fccffc364f9426">[3]</a> 267 </td> 268 <td></td> 269 <td>4.4.45.0.25.1.16.0</td> 270 <td>Google </td> 271 </tr> 272 </table> 273 274 275 <h3 id="elevation_of_privilege_in_conscrypt">Conscrypt </h3> 276 277 <p>Conscrypt CA</p> 278 279 <table> 280 <tr> 281 <th>CVE</th> 282 <th> AOSP </th> 283 <th>Severity</th> 284 <th></th> 285 <th></th> 286 </tr> 287 <tr> 288 <td>CVE-2016-0818</td> 289 <td><a href="https://android.googlesource.com/platform/external/conscrypt/+/c4ab1b959280413fb11bf4fd7f6b4c2ba38bd779">ANDROID-26232830</a> 290 <a href="https://android.googlesource.com/platform/external/conscrypt/+/4c9f9c2201116acf790fca25af43995d29980ee0">[2]</a> 291 </td> 292 <td></td> 293 <td>4.4.45.0.25.1.16.06.0.1</td> 294 <td>Google </td> 295 </tr> 296 </table> 297 298 299 <h3 id="elevation_of_privilege_vulnerability_in_the_qualcomm_performance_component">Qualcomm </h3> 300 301 302 <p>Qualcomm 303 304 305 306 </p> 307 <table> 308 <tr> 309 <th>CVE</th> 310 <th></th> 311 <th></th> 312 <th></th> 313 <th></th> 314 </tr> 315 <tr> 316 <td>CVE-2016-0819</td> 317 <td>ANDROID-25364034*</td> 318 <td></td> 319 <td>4.4.45.0.25.1.16.06.0.1</td> 320 <td>2015 10 29 </td> 321 </tr> 322 </table> 323 324 325 <p>* AOSP 326 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus </p> 327 328 <h3 id="elevation_of_privilege_vulnerability_in_mediatek_wi-fi_kernel_driver">MediaTek Wi-Fi </h3> 329 330 331 <p>MediaTek Wi-Fi 332 333 334 335 </p> 336 <table> 337 <tr> 338 <th>CVE</th> 339 <th></th> 340 <th></th> 341 <th></th> 342 <th></th> 343 </tr> 344 <tr> 345 <td>CVE-2016-0820</td> 346 <td>ANDROID-26267358*</td> 347 <td></td> 348 <td>6.0.1</td> 349 <td>2015 12 18 </td> 350 </tr> 351 </table> 352 353 354 <p>* AOSP 355 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 356 </p> 357 358 <h3 id="elevation_of_privilege_vulnerability_in_kernel_keyring_component"> </h3> 359 360 361 <p> 362 363 364 365 Android 5.0 366 SELinux 367 </p> 368 369 <p><strong>:</strong> AOSP 370 <a href="https://android.googlesource.com/kernel/common/+/8a8431507f8f5910db5ac85b72dbdc4ed8f6b308">4.1</a> 371 <a href="https://android.googlesource.com/kernel/common/+/ba8bb5774ca7b1acc314c98638cf678ce0beb19a">3.18</a> 372 <a href="https://android.googlesource.com/kernel/common/+/93faf7ad3d603c33b33e49318e81cf00f3a24a73">3.14</a> 373 <a href="https://android.googlesource.com/kernel/common/+/9fc5f368bb89b65b591c4f800dfbcc7432e49de5">3.10</a></p> 374 <table> 375 <tr> 376 <th>CVE</th> 377 <th></th> 378 <th></th> 379 <th></th> 380 <th></th> 381 </tr> 382 <tr> 383 <td>CVE-2016-0728</td> 384 <td>ANDROID-26636379 </td> 385 <td></td> 386 <td>4.4.45.0.25.1.16.06.0.1</td> 387 <td>2016 1 11 </td> 388 </tr> 389 </table> 390 391 392 <h3 id="mitigation_bypass_vulnerability_in_the_kernel"></h3> 393 394 395 <p> 396 397 398 399 </p> 400 401 <p><strong>:</strong> 402 <a href="https://github.com/torvalds/linux/commit/8a5e5e02fc83aaf67053ab53b359af08c6c49aaf">Linux </a></p> 403 404 <table> 405 <tr> 406 <th>CVE</th> 407 <th></th> 408 <th></th> 409 <th></th> 410 <th></th> 411 </tr> 412 <tr> 413 <td>CVE-2016-0821</td> 414 <td>ANDROID-26186802</td> 415 <td></td> 416 <td>6.0.1</td> 417 <td>Google </td> 418 </tr> 419 </table> 420 421 422 <h3 id="elevation_of_privilege_in_mediatek_connectivity_kernel_driver">MediaTek </h3> 423 424 425 <p>MediaTek 426 427 428 conn_launcher 429 430 </p> 431 <table> 432 <tr> 433 <th>CVE</th> 434 <th></th> 435 <th></th> 436 <th></th> 437 <th></th> 438 </tr> 439 <tr> 440 <td>CVE-2016-0822</td> 441 <td>ANDROID-25873324*</td> 442 <td></td> 443 <td>6.0.1</td> 444 <td>2015 11 24 </td> 445 </tr> 446 </table> 447 448 449 <p>* AOSP 450 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 451 </p> 452 453 <h3 id="information_disclosure_vulnerability_in_kernel"></h3> 454 455 456 <p> 457 458 ASLR 459 460 </p> 461 462 <p><strong>:</strong> 463 <a href="https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ab676b7d6fbf4b294bf198fb27ade5b0e865c7ce">Linux </a></p> 464 <table> 465 <tr> 466 <th>CVE</th> 467 <th></th> 468 <th></th> 469 <th></th> 470 <th></th> 471 </tr> 472 <tr> 473 <td>CVE-2016-0823</td> 474 <td>ANDROID-25739721*</td> 475 <td></td> 476 <td>6.0.1</td> 477 <td>Google </td> 478 </tr> 479 </table> 480 <p>* AOSP 481 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 482 </p> 483 484 <h3 id="information_disclosure_vulnerability_in_libstagefright">libstagefright </h3> 485 486 487 <p>libstagefright 488 489 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">signature</a> 490 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">signatureOrSystem</a> </p> 491 <table> 492 <tr> 493 <th>CVE</th> 494 <th> AOSP </th> 495 <th></th> 496 <th></th> 497 <th></th> 498 </tr> 499 <tr> 500 <td>CVE-2016-0824</td> 501 <td><a href="https://android.googlesource.com/platform/external/libmpeg2/+/ffab15eb80630dc799eb410855c93525b75233c3">ANDROID-25765591</a> 502 </td> 503 <td></td> 504 <td>6.06.0.1</td> 505 <td>2015 11 18 </td> 506 </tr> 507 </table> 508 509 510 <h3 id="information_disclosure_vulnerability_in_widevine">Widevine </h3> 511 512 513 <p>Widevine Trusted Application 514 TrustZone 515 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">signature</a> 516 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">signatureOrSystem</a> 517 518 519 </p> 520 <table> 521 <tr> 522 <th>CVE</th> 523 <th></th> 524 <th></th> 525 <th></th> 526 <th></th> 527 </tr> 528 <tr> 529 <td>CVE-2016-0825</td> 530 <td>ANDROID-20860039*</td> 531 <td></td> 532 <td>6.0.1</td> 533 <td>Google </td> 534 </tr> 535 </table> 536 537 538 <p>* AOSP 539 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 540 </p> 541 542 <h3 id="elevation_of_privilege_vulnerability_in_mediaserver"></h3> 543 544 545 <p> 546 547 548 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">signature</a> <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">signatureOrSystem</a> </p> 549 <table> 550 <tr> 551 <th>CVE</th> 552 <th> AOSP </th> 553 <th></th> 554 <th></th> 555 <th></th> 556 </tr> 557 <tr> 558 <td>CVE-2016-0826</td> 559 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/c9ab2b0bb05a7e19fb057e79b36e232809d70122">ANDROID-26265403</a> 560 <a href="https://android.googlesource.com/platform/frameworks/av/+/899823966e78552bb6dfd7772403a4f91471d2b0">[2]</a> 561 </td> 562 <td></td> 563 <td>4.4.45.0.25.1.16.06.0.1</td> 564 <td>2015 12 17 </td> 565 </tr> 566 <tr> 567 <td>CVE-2016-0827</td> 568 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/9e29523b9537983b4c4b205ff868d0b3bca0383b">ANDROID-26347509</a></td> 569 <td></td> 570 <td>4.4.45.0.25.1.16.06.0.1</td> 571 <td>2015 12 28 </td> 572 </tr> 573 </table> 574 575 576 <h3 id="information_disclosure_vulnerability_in_mediaserver"></h3> 577 578 579 <p> 580 581 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">signature</a> 582 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">signatureOrSystem</a> </p> 583 <table> 584 <tr> 585 <th>CVE</th> 586 <th> AOSP </th> 587 <th></th> 588 <th></th> 589 <th></th> 590 </tr> 591 <tr> 592 <td>CVE-2016-0828</td> 593 <td><a href="https://android.googlesource.com/platform/frameworks/native/+/dded8fdbb700d6cc498debc69a780915bc34d755">ANDROID-26338113</a> 594 </td> 595 <td></td> 596 <td>5.0.25.1.16.06.0.1</td> 597 <td>2015 12 27 </td> 598 </tr> 599 <tr> 600 <td>CVE-2016-0829</td> 601 <td><a href="https://android.googlesource.com/platform/frameworks/native/+/d06421fd37fbb7fd07002e6738fac3a223cb1a62">ANDROID-26338109</a></td> 602 <td></td> 603 <td>4.4.45.0.25.1.16.06.0.1</td> 604 <td>2015 12 27 </td> 605 </tr> 606 </table> 607 608 609 <h3 id="remote_denial_of_service_vulnerability_in_bluetooth">Bluetooth </h3> 610 611 612 <p>Bluetooth 613 614 Bluetooth Bluetooth 615 Bluetooth 616 617 </p> 618 <table> 619 <tr> 620 <th>CVE</th> 621 <th> AOSP </th> 622 <th></th> 623 <th></th> 624 <th></th> 625 </tr> 626 <tr> 627 <td>CVE-2016-0830</td> 628 <td><a href="https://android.googlesource.com/platform/system/bt/+/d77f1999ecece56c1cbb333f4ddc26f0b5bac2c5">ANDROID-26071376</a></td> 629 <td></td> 630 <td>6.06.0.1</td> 631 <td>Google </td> 632 </tr> 633 </table> 634 635 636 <h3 id="information_disclosure_vulnerability_in_telephony">Telephony </h3> 637 638 639 <p>Telephony 640 641 642 </p> 643 <table> 644 <tr> 645 <th>CVE</th> 646 <th> AOSP </th> 647 <th></th> 648 <th></th> 649 <th></th> 650 </tr> 651 <tr> 652 <td>CVE-2016-0831</td> 653 <td><a href="https://android.googlesource.com/platform/frameworks/opt/telephony/+/79eecef63f3ea99688333c19e22813f54d4a31b1">ANDROID-25778215</a></td> 654 <td></td> 655 <td>5.0.25.1.16.06.0.1</td> 656 <td>2015 11 16 </td> 657 </tr> 658 </table> 659 660 661 <h3 id="elevation_of_privilege_vulnerability_in_setup_wizard"> </h3> 662 663 664 <p> 665 666 667 </p> 668 <table> 669 <tr> 670 <th>CVE</th> 671 <th></th> 672 <th></th> 673 <th></th> 674 <th></th> 675 </tr> 676 <tr> 677 <td>CVE-2016-0832</td> 678 <td>ANDROID-25955042*</td> 679 <td></td> 680 <td>5.1.16.06.0.1</td> 681 <td>Google </td> 682 </tr> 683 </table> 684 685 686 <p>* </p> 687 688 <h2 id="common_questions_and_answers"></h2> 689 690 691 <p></p> 692 693 <p><strong>1. </strong></p> 694 695 <p>LMY49H Android 6.0 2016 3 1 696 <a href="https://support.google.com/nexus/answer/4457705">Nexus </a> 697 698 [ro.build.version.security_patch]:[2016-03-01] </p> 699 700 <h2 id="revisions"></h2> 701 702 703 <ul> 704 <li> 2016 3 7 : 705 <li> 2016 3 8 : AOSP 706 </li></li></ul> 707 708