1 page.title=Nexus - 2015 9 2 @jd:body 3 4 <!-- 5 Copyright 2016 The Android Open Source Project 6 7 Licensed under the Apache License, Version 2.0 (the "License"); 8 you may not use this file except in compliance with the License. 9 You may obtain a copy of the License at 10 11 http://www.apache.org/licenses/LICENSE-2.0 12 13 Unless required by applicable law or agreed to in writing, software 14 distributed under the License is distributed on an "AS IS" BASIS, 15 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 See the License for the specific language governing permissions and 17 limitations under the License. 18 --> 19 <div id="qv-wrapper"> 20 <div id="qv"> 21 <ol id="auto-toc"> 22 </ol> 23 </div> 24 </div> 25 26 <p> 27 <em> 28 : 2015 9 9 29 </em> 30 </p> 31 <p> 32 Google Android 33 Nexus ( LMY48M) 34 . Nexus 35 Android (AOSP) 36 . 37 . 38 </p> 39 <p> 40 Nexus 41 <a href="https://developers.google.com/android/nexus/images"> 42 Google 43 </a> 44 . 45 LMY48M . 2015 46 8 13 . 47 </p> 48 <p> 49 . 50 (CVE-2015-3636) . 51 <a href="http://source.android.com/security/bulletin/2015-09-01.html#mitigations"> 52 53 </a> 54 Android 55 <a href="http://source.android.com/security/enhancements/index.html"> 56 Android 57 </a> 58 SafetyNet . 59 </p> 60 <p> 61 CVE-2015-3864 62 CVE-2015-3686 . 63 . 64 . 65 </p> 66 <h2 id="security_vulnerability_summary" style="margin-bottom:0px"> 67 68 </h2> 69 <hr/> 70 <p> 71 , ID(CVE), 72 . 73 <a href="http://source.android.com/security/overview/updates-resources.html#severity"> 74 75 </a> 76 77 78 . 79 </p> 80 <table> 81 <tbody> 82 <tr> 83 <th> 84 85 </th> 86 <th> 87 CVE 88 </th> 89 <th> 90 91 </th> 92 </tr> 93 <tr> 94 <td> 95 96 </td> 97 <td> 98 CVE-2015-3864 99 </td> 100 <td> 101 102 </td> 103 </tr> 104 <tr> 105 <td> 106 107 </td> 108 <td> 109 CVE-2015-3636 110 </td> 111 <td> 112 113 </td> 114 </tr> 115 <tr> 116 <td> 117 Binder 118 </td> 119 <td> 120 CVE-2015-3845 121 <br/> 122 CVE-2015-1528 123 </td> 124 <td> 125 126 </td> 127 </tr> 128 <tr> 129 <td> 130 131 </td> 132 <td> 133 CVE-2015-3863 134 </td> 135 <td> 136 137 </td> 138 </tr> 139 <tr> 140 <td> 141 142 </td> 143 <td> 144 CVE-2015-3849 145 </td> 146 <td> 147 148 </td> 149 </tr> 150 <tr> 151 <td> 152 SMS 153 </td> 154 <td> 155 CVE-2015-3858 156 </td> 157 <td> 158 159 </td> 160 </tr> 161 <tr> 162 <td> 163 164 </td> 165 <td> 166 CVE-2015-3860 167 </td> 168 <td> 169 170 </td> 171 </tr> 172 <tr> 173 <td> 174 (DoS) 175 </td> 176 <td> 177 CVE-2015-3861 178 </td> 179 <td> 180 181 </td> 182 </tr> 183 </tbody> 184 </table> 185 <h2 id="mitigations" style="margin-bottom:0px"> 186 187 </h2> 188 <hr/> 189 <p> 190 SafetyNet 191 <a href="http://source.android.com/security/enhancements"> 192 Android 193 </a> 194 . Android 195 . 196 </p> 197 <ul> 198 <li> 199 Android Android 200 . 201 Android . 202 </li> 203 <li> 204 Android 205 SafetyNet 206 . Google Play . 207 Google Play 208 . 209 210 . 211 212 . 213 </li> 214 <li> 215 Google 216 . 217 </li> 218 </ul> 219 <h2 id="acknowledgements" style="margin-bottom:0px"> 220 221 </h2> 222 <hr/> 223 <p> 224 . 225 </p> 226 <ul> 227 <li> 228 Exodus Intelligence Jordan Gruskovnjak(@jgrusko): CVE-2015-3864 229 </li> 230 <li> 231 Micha Bednarski: CVE-2015-3845 232 </li> 233 <li> 234 Qihoo 360 Technology Co. Ltd Guang Gong(@oldfresher): CVE-2015-1528 235 </li> 236 <li> 237 Brennan Lautner: CVE-2015-3863 238 </li> 239 <li> 240 jgor(@indiecom): CVE-2015-3860 241 </li> 242 <li> 243 Trend Micro Inc. Wish Wu(@wish_wu): CVE-2015-3861 244 </li> 245 </ul> 246 <h2 id="security_vulnerability_details" style="margin-bottom:0px"> 247 248 </h2> 249 <hr/> 250 <p> 251 252 <a href="http://source.android.com/security/bulletin/2015-09-01.html#security_vulnerability_summary"> 253 254 </a> 255 256 . , CVE, , , 257 . 258 AOSP ID 259 . 260 AOSP ID . 261 </p> 262 <h3 id="remote_code_execution_vulnerability_in_mediaserver"> 263 264 </h3> 265 <p> 266 267 268 . 269 </p> 270 <p> 271 , 272 , MMS 273 . 274 </p> 275 <p> 276 277 . 278 3 279 . 280 </p> 281 <p> 282 CVE-2015-3824(ANDROID-20923261) . 283 . 284 </p> 285 <table> 286 <tbody> 287 <tr> 288 <th> 289 CVE 290 </th> 291 <th> 292 AOSP 293 </th> 294 <th> 295 296 </th> 297 <th> 298 299 </th> 300 </tr> 301 <tr> 302 <td> 303 CVE-2015-3864 304 </td> 305 <td> 306 <a href="https://android.googlesource.com/platform/frameworks/av/+/6fe85f7e15203e48df2cc3e8e1c4bc6ad49dc968"> 307 ANDROID-23034759 308 </a> 309 </td> 310 <td> 311 312 </td> 313 <td> 314 5.1 315 </td> 316 </tr> 317 </tbody> 318 </table> 319 <h3 id="elevation_privilege_vulnerability_in_kernel"> 320 321 </h3> 322 <p> 323 Linux 324 325 . 326 </p> 327 <p> 328 329 (: 330 ) 331 . 332 </p> 333 <p> 334 2015 5 1 . 335 336 ' ' . 337 </p> 338 <table> 339 <tbody> 340 <tr> 341 <th> 342 CVE 343 </th> 344 <th> 345 AOSP 346 </th> 347 <th> 348 349 </th> 350 <th> 351 352 </th> 353 </tr> 354 <tr> 355 <td> 356 CVE-2015-3636 357 </td> 358 <td> 359 <a href="https://github.com/torvalds/linux/commit/a134f083e79f"> 360 ANDROID-20770158 361 </a> 362 </td> 363 <td> 364 365 </td> 366 <td> 367 5.1 368 </td> 369 </tr> 370 </tbody> 371 </table> 372 <h3 id="elevation_of_privilege_vulnerability_in_binder"> 373 Binder 374 </h3> 375 <p> 376 Binder 377 378 . 379 </p> 380 <p> 381 3 382 . 383 </p> 384 <table> 385 <tbody> 386 <tr> 387 <th> 388 CVE 389 </th> 390 <th> 391 AOSP 392 </th> 393 <th> 394 395 </th> 396 <th> 397 398 </th> 399 </tr> 400 <tr> 401 <td> 402 CVE-2015-3845 403 </td> 404 <td> 405 <a href="https://android.googlesource.com/platform/frameworks/native/+/e68cbc3e9e66df4231e70efa3e9c41abc12aea20"> 406 ANDROID-17312693 407 </a> 408 </td> 409 <td> 410 411 </td> 412 <td> 413 5.1 414 </td> 415 </tr> 416 <tr> 417 <td> 418 CVE-2015-1528 419 </td> 420 <td> 421 <a href="https://android.googlesource.com/platform/frameworks/native/+/7dcd0ec9c91688cfa3f679804ba6e132f9811254"> 422 ANDROID-19334482 423 </a> 424 [ 425 <a href="https://android.googlesource.com/platform/system/core/+/e8c62fb484151f76ab88b1d5130f38de24ac8c14"> 426 2 427 </a> 428 ] 429 </td> 430 <td> 431 432 </td> 433 <td> 434 5.1 435 </td> 436 </tr> 437 </tbody> 438 </table> 439 <h3 id="elevation_of_privilege_vulnerability_in_keystore"> 440 441 </h3> 442 <p> 443 444 445 . 446 . 447 </p> 448 <p> 449 3 450 . 451 </p> 452 <table> 453 <tbody> 454 <tr> 455 <th> 456 CVE 457 </th> 458 <th> 459 AOSP 460 </th> 461 <th> 462 463 </th> 464 <th> 465 466 </th> 467 </tr> 468 <tr> 469 <td> 470 CVE-2015-3863 471 </td> 472 <td> 473 <a href="https://android.googlesource.com/platform/system/security/+/bb9f4392c2f1b11be3acdc1737828274ff1ec55b"> 474 ANDROID-22802399 475 </a> 476 </td> 477 <td> 478 479 </td> 480 <td> 481 5.1 482 </td> 483 </tr> 484 </tbody> 485 </table> 486 <h3 id="elevation_of_privilege_vulnerability_in_region"> 487 488 </h3> 489 <p> 490 491 492 . 493 </p> 494 <p> 495 3 496 . 497 </p> 498 <table> 499 <tbody> 500 <tr> 501 <th> 502 CVE 503 </th> 504 <th> 505 AOSP 506 </th> 507 <th> 508 509 </th> 510 <th> 511 512 </th> 513 </tr> 514 <tr> 515 <td> 516 CVE-2015-3849 517 </td> 518 <td> 519 <a href="https://android.googlesource.com/platform/frameworks/base/+/4cff1f49ff95d990d6c2614da5d5a23d02145885"> 520 ANDROID-20883006 521 </a> 522 [ 523 <a href="https://android.googlesource.com/platform/frameworks/base/+/1e72dc7a3074cd0b44d89afbf39bbf5000ef7cc3"> 524 2 525 </a> 526 ] 527 </td> 528 <td> 529 530 </td> 531 <td> 532 5.1 533 </td> 534 </tr> 535 </tbody> 536 </table> 537 <h3 id="elevation_of_privilege_vulnerability_in_sms_enables_notification_bypass"> 538 SMS 539 </h3> 540 <p> 541 Android SMS 542 SMS 543 SMS . 544 </p> 545 <p> 546 3 547 . 548 </p> 549 <table> 550 <tbody> 551 <tr> 552 <th> 553 CVE 554 </th> 555 <th> 556 AOSP 557 </th> 558 <th> 559 560 </th> 561 <th> 562 563 </th> 564 </tr> 565 <tr> 566 <td> 567 CVE-2015-3858 568 </td> 569 <td> 570 <a href="https://android.googlesource.com/platform/frameworks/opt/telephony/+/df31d37d285dde9911b699837c351aed2320b586"> 571 ANDROID-22314646 572 </a> 573 </td> 574 <td> 575 576 </td> 577 <td> 578 5.1 579 </td> 580 </tr> 581 </tbody> 582 </table> 583 <h3 id="elevation_of_privilege_vulnerability_in_lockscreen"> 584 585 </h3> 586 <p> 587 588 . 589 Android 5.0 5.1 . 4.4 590 UI 591 . 592 </p> 593 <p> 594 595 3 596 . 597 , , SMS '' 598 . 599 </p> 600 <table> 601 <tbody> 602 <tr> 603 <th> 604 CVE 605 </th> 606 <th> 607 AOSP 608 </th> 609 <th> 610 611 </th> 612 <th> 613 614 </th> 615 </tr> 616 <tr> 617 <td> 618 CVE-2015-3860 619 </td> 620 <td> 621 <a href="https://android.googlesource.com/platform/frameworks/base/+/8fba7e6931245a17215e0e740e78b45f6b66d590"> 622 ANDROID-22214934 623 </a> 624 </td> 625 <td> 626 627 </td> 628 <td> 629 5.1 5.0 630 </td> 631 </tr> 632 </tbody> 633 </table> 634 <h3 id="denial_of_service_vulnerability_in_mediaserver"> 635 (DoS) 636 </h3> 637 <p> 638 639 . 640 </p> 641 <p> 642 643 . 644 MMS 645 , 646 . 647 </p> 648 <table> 649 <tbody> 650 <tr> 651 <th> 652 CVE 653 </th> 654 <th> 655 AOSP 656 </th> 657 <th> 658 659 </th> 660 <th> 661 662 </th> 663 </tr> 664 <tr> 665 <td> 666 CVE-2015-3861 667 </td> 668 <td> 669 <a href="https://android.googlesource.com/platform/frameworks/av/+/304ef91624e12661e7e35c2c0c235da84a73e9c0"> 670 ANDROID-21296336 671 </a> 672 </td> 673 <td> 674 675 </td> 676 <td> 677 5.1 678 </td> 679 </tr> 680 </tbody> 681 </table> 682 </div> 683 <div class="content-footer-sac" itemscope="" itemtype="http://schema.org/SiteNavigationElement"> 684 <div class="layout-content-col col-9" style="padding-top:4px"> 685 </div> 686 <div class="paging-links layout-content-col col-4"> 687 </div> 688 </div> 689 </div> 690
