1 page.title=Nexus - 2015 12 2 @jd:body 3 4 <!-- 5 Copyright 2016 The Android Open Source Project 6 7 Licensed under the Apache License, Version 2.0 (the "License"); 8 you may not use this file except in compliance with the License. 9 You may obtain a copy of the License at 10 11 http://www.apache.org/licenses/LICENSE-2.0 12 13 Unless required by applicable law or agreed to in writing, software 14 distributed under the License is distributed on an "AS IS" BASIS, 15 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 See the License for the specific language governing permissions and 17 limitations under the License. 18 --> 19 <div id="qv-wrapper"> 20 <div id="qv"> 21 <ol id="auto-toc"> 22 </ol> 23 </div> 24 </div> 25 26 <p> 27 Google Android 28 Nexus . 29 Nexus 30 <a href="https://developers.google.com/android/nexus/images"> 31 Google 32 </a> 33 . LMY48Z 2015 12 1 34 Android 6.0 . 35 <a href="http://source.android.com/security/bulletin/2015-12-01.html#common_questions_and_answers"> 36 37 </a> 38 . 39 </p> 40 <p> 41 2015 11 2 42 . , Android 43 (AOSP) . 44 </p> 45 <p> 46 47 , MMS 48 . 49 </p> 50 <p> 51 52 . SafetyNet Android 53 <a href="http://source.android.com/security/enhancements/index.html"> 54 Android 55 </a> 56 57 <a href="http://source.android.com/security/bulletin/2015-12-01.html#mitigations"> 58 59 </a> 60 . 61 . 62 </p> 63 <h2 id="security_vulnerability_summary" style="margin-bottom:0px"> 64 65 </h2> 66 <hr/> 67 <p> 68 , ID(CVE), 69 . 70 <a href="http://source.android.com/security/overview/updates-resources.html#severity"> 71 72 </a> 73 74 75 . 76 </p> 77 <table> 78 <tbody> 79 <tr> 80 <th> 81 82 </th> 83 <th> 84 CVE 85 </th> 86 <th> 87 88 </th> 89 </tr> 90 <tr> 91 <td> 92 93 </td> 94 <td> 95 CVE-2015-6616 96 </td> 97 <td> 98 99 </td> 100 </tr> 101 <tr> 102 <td> 103 Skia 104 </td> 105 <td> 106 CVE-2015-6617 107 </td> 108 <td> 109 110 </td> 111 </tr> 112 <tr> 113 <td> 114 115 </td> 116 <td> 117 CVE-2015-6619 118 </td> 119 <td> 120 121 </td> 122 </tr> 123 <tr> 124 <td> 125 126 </td> 127 <td> 128 CVE-2015-6633 129 <br/> 130 CVE-2015-6634 131 </td> 132 <td> 133 134 </td> 135 </tr> 136 <tr> 137 <td> 138 139 </td> 140 <td> 141 CVE-2015-6618 142 </td> 143 <td> 144 145 </td> 146 </tr> 147 <tr> 148 <td> 149 libstagefright 150 </td> 151 <td> 152 CVE-2015-6620 153 </td> 154 <td> 155 156 </td> 157 </tr> 158 <tr> 159 <td> 160 SystemUI 161 </td> 162 <td> 163 CVE-2015-6621 164 </td> 165 <td> 166 167 </td> 168 </tr> 169 <tr> 170 <td> 171 172 </td> 173 <td> 174 CVE-2015-6622 175 </td> 176 <td> 177 178 </td> 179 </tr> 180 <tr> 181 <td> 182 Wi-Fi 183 </td> 184 <td> 185 CVE-2015-6623 186 </td> 187 <td> 188 189 </td> 190 </tr> 191 <tr> 192 <td> 193 194 </td> 195 <td> 196 CVE-2015-6624 197 </td> 198 <td> 199 200 </td> 201 </tr> 202 <tr> 203 <td> 204 libstagefright 205 </td> 206 <td> 207 CVE-2015-6626 208 <br/> 209 CVE-2015-6631 210 <br/> 211 CVE-2015-6632 212 </td> 213 <td> 214 215 </td> 216 </tr> 217 <tr> 218 <td> 219 220 </td> 221 <td> 222 CVE-2015-6627 223 </td> 224 <td> 225 226 </td> 227 </tr> 228 <tr> 229 <td> 230 231 </td> 232 <td> 233 CVE-2015-6628 234 </td> 235 <td> 236 237 </td> 238 </tr> 239 <tr> 240 <td> 241 Wi-Fi 242 </td> 243 <td> 244 CVE-2015-6629 245 </td> 246 <td> 247 248 </td> 249 </tr> 250 <tr> 251 <td> 252 253 </td> 254 <td> 255 CVE-2015-6625 256 </td> 257 <td> 258 259 </td> 260 </tr> 261 <tr> 262 <td> 263 SystemUI 264 </td> 265 <td> 266 CVE-2015-6630 267 </td> 268 <td> 269 270 </td> 271 </tr> 272 </tbody> 273 </table> 274 <h2 id="mitigations" style="margin-bottom:0px"> 275 276 </h2> 277 <hr/> 278 <p> 279 SafetyNet 280 <a href="http://source.android.com/security/enhancements/index.html"> 281 Android 282 </a> 283 . 284 Android 285 . 286 </p> 287 <ul> 288 <li> 289 Android Android 290 . 291 Android . 292 </li> 293 <li> 294 Android 295 SafetyNet 296 . Google Play . 297 Google Play 298 . 299 300 . 301 302 . 303 </li> 304 <li> 305 Google 306 . 307 </li> 308 </ul> 309 <h2 id="acknowledgements" style="margin-bottom:0px"> 310 311 </h2> 312 <hr/> 313 <p> 314 . 315 </p> 316 <ul> 317 <li> 318 Chrome Abhishek Arya, Oliver Chang, Martin Barbella: 319 CVE-2015-6616, CVE-2015-6617, CVE-2015-6623, CVE-2015-6626, 320 CVE-2015-6619, CVE-2015-6633, CVE-2015-6634 321 </li> 322 <li> 323 <a href="http://k33nteam.org/"> 324 KeenTeam 325 </a> 326 ( 327 <a href="https://twitter.com/k33nteam"> @K33nTeam </a> 328 ) Flanker( 329 <a href="https://twitter.com/flanker_hqd"> @flanker_hqd </a> 330 ): CVE-2015-6620 331 </li> 332 <li> 333 <a href="http://www.360.cn/"> 334 Qihoo 360 Technology Co.Ltd 335 </a> 336 Guang Gong()( 337 <a href="https://twitter.com/oldfresher"> @oldfresher </a> 338 , higongguang (a] gmail.com): CVE-2015-6626 339 </li> 340 <li> 341 EmberMitre Ltd Mark Carter( 342 <a href="https://twitter.com/hanpingchinese"> @hanpingchinese </a> 343 ): CVE-2015-6630 344 </li> 345 <li> 346 Micha Bednarski( 347 <a href="https://github.com/michalbednarski"> 348 https://github.com/michalbednarski 349 </a> 350 ): CVE-2015-6621 351 </li> 352 <li> 353 Google Project Zero Natalie Silvanovich: CVE-2015-6616 354 </li> 355 <li> 356 Trend Micro Peter Pi: CVE-2015-6616, CVE-2015-6628 357 </li> 358 <li> 359 <a href="http://k33nteam.org/"> 360 KeenTeam 361 </a> 362 ( 363 <a href="https://twitter.com/k33nteam"> @K33nTeam </a> 364 ) Qidan He( 365 <a href="https://twitter.com/flanker_hqd"> @flanker_hqd </a> 366 ), Marco Grassi( 367 <a href="https://twitter.com/marcograss"> @marcograss </a> 368 ): CVE-2015-6622 369 </li> 370 <li> 371 Tzu-Yin(Nina) Tai: CVE-2015-6627 372 </li> 373 <li> 374 Fundacin Dr. Manuel Sadosky, Programa STIC Joaqun Rinaudo( 375 <a href="https://twitter.com/xeroxnir"> @xeroxnir </a> 376 ): CVE-2015-6631 377 </li> 378 </ul> 379 <h2 id="security_vulnerability_details" style="margin-bottom:0px"> 380 381 </h2> 382 <hr/> 383 <p> 384 385 <a href="http://source.android.com/security/bulletin/2015-12-01.html#security_vulnerability_summary"> 386 387 </a> 388 389 . , CVE, 390 , , , . 391 AOSP ID . 392 393 AOSP ID . 394 </p> 395 <h3 id="remote_code_execution_vulnerabilities_in_mediaserver"> 396 397 </h3> 398 <p> 399 400 401 . 402 </p> 403 <p> 404 , 405 , MMS 406 . 407 </p> 408 <p> 409 410 . 411 412 . 413 </p> 414 <table> 415 <tbody> 416 <tr> 417 <th> 418 CVE 419 </th> 420 <th> 421 AOSP 422 </th> 423 <th> 424 425 </th> 426 <th> 427 428 </th> 429 <th> 430 431 </th> 432 </tr> 433 <tr> 434 <td rowspan="5"> 435 CVE-2015-6616 436 </td> 437 <td> 438 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/257b3bc581bbc65318a4cc2d3c22a07a4429dc1d"> 439 ANDROID-24630158 440 </a> 441 </td> 442 <td> 443 444 </td> 445 <td> 446 6.0 447 </td> 448 <td> 449 Google 450 </td> 451 </tr> 452 <tr> 453 <td> 454 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/0d35dd2068d6422c3c77fb68f248cbabf3d0b10c"> 455 ANDROID-23882800 456 </a> 457 </td> 458 <td> 459 460 </td> 461 <td> 462 6.0 463 </td> 464 <td> 465 Google 466 </td> 467 </tr> 468 <tr> 469 <td> 470 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/dedaca6f04ac9f95fabe3b64d44cd1a2050f079e"> 471 ANDROID-17769851 472 </a> 473 </td> 474 <td> 475 476 </td> 477 <td> 478 5.1 479 </td> 480 <td> 481 Google 482 </td> 483 </tr> 484 <tr> 485 <td> 486 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/5d101298d8b0a78a1dc5bd26dbdada411f4ecd4d"> 487 ANDROID-24441553 488 </a> 489 </td> 490 <td> 491 492 </td> 493 <td> 494 6.0 495 </td> 496 <td> 497 2015 9 22 498 </td> 499 </tr> 500 <tr> 501 <td> 502 <a href="https://android.googlesource.com/platform%2Fexternal%2Flibavc/+/2ee0c1bced131ffb06d1b430b08a202cd3a52005"> 503 ANDROID-24157524 504 </a> 505 </td> 506 <td> 507 508 </td> 509 <td> 510 6.0 511 </td> 512 <td> 513 2015 9 8 514 </td> 515 </tr> 516 </tbody> 517 </table> 518 <h3 id="remote_code_execution_vulnerability_in_skia"> 519 Skia 520 </h3> 521 <p> 522 Skia 523 524 . 525 , MMS 526 527 . 528 </p> 529 <table> 530 <tbody> 531 <tr> 532 <th> 533 CVE 534 </th> 535 <th> 536 AOSP 537 </th> 538 <th> 539 540 </th> 541 <th> 542 543 </th> 544 <th> 545 546 </th> 547 </tr> 548 <tr> 549 <td> 550 CVE-2015-6617 551 </td> 552 <td> 553 <a href="https://android.googlesource.com/platform%2Fexternal%2Fskia/+/a1d8ac0ac0af44d74fc082838936ec265216ab60"> 554 ANDROID-23648740 555 </a> 556 </td> 557 <td> 558 559 </td> 560 <td> 561 6.0 562 </td> 563 <td> 564 Google 565 </td> 566 </tr> 567 </tbody> 568 </table> 569 <h3 id="elevation_of_privilege_in_kernel"> 570 571 </h3> 572 <p> 573 574 575 . 576 577 . 578 </p> 579 <table> 580 <tbody> 581 <tr> 582 <th> 583 CVE 584 </th> 585 <th> 586 AOSP 587 </th> 588 <th> 589 590 </th> 591 <th> 592 593 </th> 594 <th> 595 596 </th> 597 </tr> 598 <tr> 599 <td> 600 CVE-2015-6619 601 </td> 602 <td> 603 <a href="https://android.googlesource.com/device%2Fhtc%2Fflounder-kernel/+/25d3e5d71865a7c0324423fad87aaabb70e82ee4"> 604 ANDROID-23520714 605 </a> 606 </td> 607 <td> 608 609 </td> 610 <td> 611 6.0 612 </td> 613 <td> 614 2015 6 7 615 </td> 616 </tr> 617 </tbody> 618 </table> 619 <h3 id="remote_code_execution_vulnerabilities_in_display_driver"> 620 621 </h3> 622 <p> 623 624 625 . 626 , MMS 627 628 . 629 </p> 630 <table> 631 <tbody> 632 <tr> 633 <th> 634 CVE 635 </th> 636 <th> 637 AOSP 638 </th> 639 <th> 640 641 </th> 642 <th> 643 644 </th> 645 <th> 646 647 </th> 648 </tr> 649 <tr> 650 <td> 651 CVE-2015-6633 652 </td> 653 <td> 654 ANDROID-23987307* 655 </td> 656 <td> 657 658 </td> 659 <td> 660 6.0 661 </td> 662 <td> 663 Google 664 </td> 665 </tr> 666 <tr> 667 <td> 668 CVE-2015-6634 669 </td> 670 <td> 671 <a href="https://android.googlesource.com/platform%2Fhardware%2Fqcom%2Fdisplay/+/25016fd2865943dec1a6b2b167ef85c772fb90f7"> 672 ANDROID-24163261 673 </a> 674 [ 675 <a href="https://android.googlesource.com/platform%2Fhardware%2Fqcom%2Fdisplay/+/0787bc222a016e944f01492c2dd04bd03c1da6af"> 676 2 677 </a> 678 ] [ 679 <a href="https://android.googlesource.com/platform%2Fhardware%2Fqcom%2Fdisplay/+/95c2601aab7f27505e8b086fdd1f1dce31091e5d"> 680 3 681 </a> 682 ] [ 683 <a href="https://android.googlesource.com/platform%2Fhardware%2Fqcom%2Fdisplay/+/45660529af1f4063a00e84aa2361649e6a9a878c"> 684 4 685 </a> 686 ] 687 </td> 688 <td> 689 690 </td> 691 <td> 692 5.1 693 </td> 694 <td> 695 Google 696 </td> 697 </tr> 698 </tbody> 699 </table> 700 <p> 701 * AOSP . 702 <a href="https://developers.google.com/android/nexus/drivers"> 703 Google 704 </a> 705 706 Nexus . 707 </p> 708 <h3 id="remote_code_execution_vulnerability_in_bluetooth"> 709 710 </h3> 711 <p> 712 Android 713 . . 714 (PAN) 715 (: ) 716 . 717 . . 718 </p> 719 <p> 720 , 721 722 . 723 </p> 724 <table> 725 <tbody> 726 <tr> 727 <th> 728 CVE 729 </th> 730 <th> 731 732 </th> 733 <th> 734 735 </th> 736 <th> 737 738 </th> 739 <th> 740 741 </th> 742 </tr> 743 <tr> 744 <td> 745 CVE-2015-6618 746 </td> 747 <td> 748 ANDROID-24595992* 749 </td> 750 <td> 751 752 </td> 753 <td> 754 4.4, 5.0, 5.1 755 </td> 756 <td> 757 2015 9 28 758 </td> 759 </tr> 760 </tbody> 761 </table> 762 <p> 763 * AOSP . 764 <a href="https://developers.google.com/android/nexus/drivers"> 765 Google 766 </a> 767 768 Nexus . 769 </p> 770 <h3 id="elevation_of_privilege_vulnerabilities_in_libstagefright"> 771 libstagefright 772 </h3> 773 <p> 774 libstagefright 775 776 . 777 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel"> 778 779 </a> 780 781 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel"> 782 SignatureOrSystem 783 </a> 784 785 . 786 </p> 787 <table> 788 <tbody> 789 <tr> 790 <th> 791 CVE 792 </th> 793 <th> 794 AOSP 795 </th> 796 <th> 797 798 </th> 799 <th> 800 801 </th> 802 <th> 803 804 </th> 805 </tr> 806 <tr> 807 <td rowspan="2"> 808 CVE-2015-6620 809 </td> 810 <td> 811 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/2b8cd9cbb3e72ffd048ffdd1609fac74f61a22ac"> 812 ANDROID-24123723 813 </a> 814 </td> 815 <td> 816 817 </td> 818 <td> 819 6.0 820 </td> 821 <td> 822 2015 9 10 823 </td> 824 </tr> 825 <tr> 826 <td> 827 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/77c185d5499d6174e7a97b3e1512994d3a803151"> 828 ANDROID-24445127 829 </a> 830 </td> 831 <td> 832 833 </td> 834 <td> 835 6.0 836 </td> 837 <td> 838 2015 9 2 839 </td> 840 </tr> 841 </tbody> 842 </table> 843 <h3 id="elevation_of_privilege_vulnerability_in_systemui"> 844 SystemUI 845 </h3> 846 <p> 847 SystemUI 848 849 . 850 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel"> 851 852 </a> 853 854 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel"> 855 SignatureOrSystem 856 </a> 857 858 . 859 </p> 860 <table> 861 <tbody> 862 <tr> 863 <th> 864 CVE 865 </th> 866 <th> 867 AOSP 868 </th> 869 <th> 870 871 </th> 872 <th> 873 874 </th> 875 <th> 876 877 </th> 878 </tr> 879 <tr> 880 <td> 881 CVE-2015-6621 882 </td> 883 <td> 884 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fbase/+/e70e8ac93807c51240b2cd9afed35bf454ea00b3"> 885 ANDROID-23909438 886 </a> 887 </td> 888 <td> 889 890 </td> 891 <td> 892 5.0, 5.1, 6.0 893 </td> 894 <td> 895 2015 9 7 896 </td> 897 </tr> 898 </tbody> 899 </table> 900 <h3 id="information_disclosure_vulnerability_in_native_frameworks_library"> 901 902 </h3> 903 <p> 904 Android 905 906 . 907 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel"> 908 909 </a> 910 911 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel"> 912 SignatureOrSystem 913 </a> 914 . 915 </p> 916 <table> 917 <tbody> 918 <tr> 919 <th> 920 CVE 921 </th> 922 <th> 923 AOSP 924 </th> 925 <th> 926 927 </th> 928 <th> 929 930 </th> 931 <th> 932 933 </th> 934 </tr> 935 <tr> 936 <td> 937 CVE-2015-6622 938 </td> 939 <td> 940 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fnative/+/5d17838adef13062717322e79d4db0b9bb6b2395"> 941 ANDROID-23905002 942 </a> 943 </td> 944 <td> 945 946 </td> 947 <td> 948 6.0 949 </td> 950 <td> 951 2015 9 7 952 </td> 953 </tr> 954 </tbody> 955 </table> 956 <h3 id="elevation_of_privilege_vulnerability_in_wi-fi"> 957 Wi-Fi 958 </h3> 959 <p> 960 Wi-Fi 961 962 . 963 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel"> 964 965 </a> 966 967 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel"> 968 SignatureOrSystem 969 </a> 970 . 971 </p> 972 <table> 973 <tbody> 974 <tr> 975 <th> 976 CVE 977 </th> 978 <th> 979 AOSP 980 </th> 981 <th> 982 983 </th> 984 <th> 985 986 </th> 987 <th> 988 989 </th> 990 </tr> 991 <tr> 992 <td> 993 CVE-2015-6623 994 </td> 995 <td> 996 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fopt%2Fnet%2Fwifi/+/a15a2ee69156fa6fff09c0dd9b8182cb8fafde1c"> 997 ANDROID-24872703 998 </a> 999 </td> 1000 <td> 1001 1002 </td> 1003 <td> 1004 6.0 1005 </td> 1006 <td> 1007 Google 1008 </td> 1009 </tr> 1010 </tbody> 1011 </table> 1012 <h3 id="elevation_of_privilege_vulnerability_in_system_server"> 1013 1014 </h3> 1015 <p> 1016 1017 1018 . 1019 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel"> 1020 1021 </a> 1022 1023 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel"> 1024 SignatureOrSystem 1025 </a> 1026 . 1027 </p> 1028 <table> 1029 <tbody> 1030 <tr> 1031 <th> 1032 CVE 1033 </th> 1034 <th> 1035 AOSP 1036 </th> 1037 <th> 1038 1039 </th> 1040 <th> 1041 1042 </th> 1043 <th> 1044 1045 </th> 1046 </tr> 1047 <tr> 1048 <td> 1049 CVE-2015-6624 1050 </td> 1051 <td> 1052 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/f86a441cb5b0dccd3106019e578c3535498e5315"> 1053 ANDROID-23999740 1054 </a> 1055 </td> 1056 <td> 1057 1058 </td> 1059 <td> 1060 6.0 1061 </td> 1062 <td> 1063 Google 1064 </td> 1065 </tr> 1066 </tbody> 1067 </table> 1068 <h3 id="information_disclosure_vulnerabilities_in_libstagefright"> 1069 libstagefright 1070 </h3> 1071 <p> 1072 1073 1074 libstagefright . 1075 1076 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel"> 1077 1078 </a> 1079 1080 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel"> 1081 SignatureOrSystem 1082 </a> 1083 . 1084 </p> 1085 <table> 1086 <tbody> 1087 <tr> 1088 <th> 1089 CVE 1090 </th> 1091 <th> 1092 AOSP 1093 </th> 1094 <th> 1095 1096 </th> 1097 <th> 1098 1099 </th> 1100 <th> 1101 1102 </th> 1103 </tr> 1104 <tr> 1105 <td> 1106 CVE-2015-6632 1107 </td> 1108 <td> 1109 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/5cae16bdce77b0a3ba590b55637f7d55a2f35402"> 1110 ANDROID-24346430 1111 </a> 1112 </td> 1113 <td> 1114 1115 </td> 1116 <td> 1117 6.0 1118 </td> 1119 <td> 1120 Google 1121 </td> 1122 </tr> 1123 <tr> 1124 <td> 1125 CVE-2015-6626 1126 </td> 1127 <td> 1128 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/8dde7269a5356503d2b283234b6cb46d0c3f214e"> 1129 ANDROID-24310423 1130 </a> 1131 </td> 1132 <td> 1133 1134 </td> 1135 <td> 1136 6.0 1137 </td> 1138 <td> 1139 2015 9 2 1140 </td> 1141 </tr> 1142 <tr> 1143 <td> 1144 CVE-2015-6631 1145 </td> 1146 <td> 1147 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/7ed8d1eff9b292b3c65a875b13a549e29654534b"> 1148 ANDROID-24623447 1149 </a> 1150 </td> 1151 <td> 1152 1153 </td> 1154 <td> 1155 6.0 1156 </td> 1157 <td> 1158 2015 8 21 1159 </td> 1160 </tr> 1161 </tbody> 1162 </table> 1163 <h3 id="information_disclosure_vulnerability_in_audio"> 1164 1165 </h3> 1166 <p> 1167 1168 . 1169 . 1170 1171 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel"> 1172 1173 </a> 1174 1175 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel"> 1176 SignatureOrSystem 1177 </a> 1178 . 1179 </p> 1180 <table> 1181 <tbody> 1182 <tr> 1183 <th> 1184 CVE 1185 </th> 1186 <th> 1187 AOSP 1188 </th> 1189 <th> 1190 1191 </th> 1192 <th> 1193 1194 </th> 1195 <th> 1196 1197 </th> 1198 </tr> 1199 <tr> 1200 <td> 1201 CVE-2015-6627 1202 </td> 1203 <td> 1204 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/8c987fa71326eb0cc504959a5ebb440410d73180"> 1205 ANDROID-24211743 1206 </a> 1207 </td> 1208 <td> 1209 1210 </td> 1211 <td> 1212 6.0 1213 </td> 1214 <td> 1215 Google 1216 </td> 1217 </tr> 1218 </tbody> 1219 </table> 1220 <h3 id="information_disclosure_vulnerability_in_media_framework"> 1221 1222 </h3> 1223 <p> 1224 1225 1226 . 1227 1228 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel"> 1229 1230 </a> 1231 1232 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel"> 1233 SignatureOrSystem 1234 </a> 1235 . 1236 </p> 1237 <table> 1238 <tbody> 1239 <tr> 1240 <th> 1241 CVE 1242 </th> 1243 <th> 1244 AOSP 1245 </th> 1246 <th> 1247 1248 </th> 1249 <th> 1250 1251 </th> 1252 <th> 1253 1254 </th> 1255 </tr> 1256 <tr> 1257 <td> 1258 CVE-2015-6628 1259 </td> 1260 <td> 1261 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/5e7e87a383fdb1fece977097a7e3cc51b296f3a0"> 1262 ANDROID-24074485 1263 </a> 1264 </td> 1265 <td> 1266 1267 </td> 1268 <td> 1269 6.0 1270 </td> 1271 <td> 1272 2015 9 8 1273 </td> 1274 </tr> 1275 </tbody> 1276 </table> 1277 <h3 id="information_disclosure_vulnerability_in_wi-fi"> 1278 Wi-Fi 1279 </h3> 1280 <p> 1281 Wi-Fi Wi-Fi . 1282 1283 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel"> 1284 1285 </a> 1286 1287 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel"> 1288 SignatureOrSystem 1289 </a> 1290 1291 . 1292 </p> 1293 <table> 1294 <tbody> 1295 <tr> 1296 <th> 1297 CVE 1298 </th> 1299 <th> 1300 AOSP 1301 </th> 1302 <th> 1303 1304 </th> 1305 <th> 1306 1307 </th> 1308 <th> 1309 1310 </th> 1311 </tr> 1312 <tr> 1313 <td> 1314 CVE-2015-6629 1315 </td> 1316 <td> 1317 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fopt%2Fnet%2Fwifi/+/8b41627f7411306a0c42867fb526fa214f2991cd"> 1318 ANDROID-22667667 1319 </a> 1320 </td> 1321 <td> 1322 1323 </td> 1324 <td> 1325 5.1 5.0 1326 </td> 1327 <td> 1328 Google 1329 </td> 1330 </tr> 1331 </tbody> 1332 </table> 1333 <h3 id="elevation_of_privilege_vulnerability_in_system_server19"> 1334 1335 </h3> 1336 <p> 1337 1338 Wi-Fi 1339 . ' 1340 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel"> 1341 1342 </a> 1343 ' 1344 . 1345 </p> 1346 <table> 1347 <tbody> 1348 <tr> 1349 <th> 1350 CVE 1351 </th> 1352 <th> 1353 AOSP 1354 </th> 1355 <th> 1356 1357 </th> 1358 <th> 1359 1360 </th> 1361 <th> 1362 1363 </th> 1364 </tr> 1365 <tr> 1366 <td> 1367 CVE-2015-6625 1368 </td> 1369 <td> 1370 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fopt%2Fnet%2Fwifi/+/29fa7d2ffc3bba55173969309e280328b43eeca1"> 1371 ANDROID-23936840 1372 </a> 1373 </td> 1374 <td> 1375 1376 </td> 1377 <td> 1378 6.0 1379 </td> 1380 <td> 1381 Google 1382 </td> 1383 </tr> 1384 </tbody> 1385 </table> 1386 <h3 id="information_disclosure_vulnerability_in_systemui"> 1387 SystemUI 1388 </h3> 1389 <p> 1390 SystemUI 1391 . 1392 ' 1393 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel"> 1394 1395 </a> 1396 ' . 1397 </p> 1398 <table> 1399 <tbody> 1400 <tr> 1401 <th> 1402 CVE 1403 </th> 1404 <th> 1405 AOSP 1406 </th> 1407 <th> 1408 1409 </th> 1410 <th> 1411 1412 </th> 1413 <th> 1414 1415 </th> 1416 </tr> 1417 <tr> 1418 <td> 1419 CVE-2015-6630 1420 </td> 1421 <td> 1422 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fbase/+/51c2619c7706575a171cf29819db14e91b815a62"> 1423 ANDROID-19121797 1424 </a> 1425 </td> 1426 <td> 1427 1428 </td> 1429 <td> 1430 5.0, 5.1, 6.0 1431 </td> 1432 <td> 1433 2015 1 22 1434 </td> 1435 </tr> 1436 </tbody> 1437 </table> 1438 <h3 id="common_questions_and_answers"> 1439 1440 </h3> 1441 <p> 1442 . 1443 </p> 1444 <p> 1445 <strong> 1446 1. ? 1447 </strong> 1448 </p> 1449 <p> 1450 LMY48Z 2015 12 1 1451 Android 6.0 . 1452 <a href="https://support.google.com/nexus/answer/4457705"> 1453 Nexus 1454 </a> 1455 . 1456 . 1457 [ro.build.version.security_patch]:[2015-12-01] 1458 </p> 1459 <h2 id="revisions" style="margin-bottom:0px"> 1460 1461 </h2> 1462 <hr/> 1463 <ul> 1464 <li> 1465 2015 12 7: 1466 </li> 1467 <li> 1468 2015 12 9: AOSP 1469 </li> 1470 <li> 1471 2015 12 22: 1472 </li> 1473 </ul> 1474
