1 page.title=Nexus - 2016 1 2 @jd:body 3 4 <!-- 5 Copyright 2016 The Android Open Source Project 6 7 Licensed under the Apache License, Version 2.0 (the "License"); 8 you may not use this file except in compliance with the License. 9 You may obtain a copy of the License at 10 11 http://www.apache.org/licenses/LICENSE-2.0 12 13 Unless required by applicable law or agreed to in writing, software 14 distributed under the License is distributed on an "AS IS" BASIS, 15 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 See the License for the specific language governing permissions and 17 limitations under the License. 18 --> 19 <div id="qv-wrapper"> 20 <div id="qv"> 21 <ol id="auto-toc"> 22 </ol> 23 </div> 24 </div> 25 26 <p> 27 Google Android 28 Nexus . 29 Nexus 30 <a href="https://developers.google.com/android/nexus/images"> 31 Google 32 </a> 33 . LMY49F 2016 1 1 Android 6.0 34 . 35 <a href="http://source.android.com/security/bulletin/2016-01-01.html#common_questions_and_answers"> 36 37 </a> 38 . 39 </p> 40 <p> 41 2015 12 7 42 . , 43 Android (AOSP) . 44 </p> 45 <p> 46 47 , MMS 48 . 49 </p> 50 <p> 51 52 . SafetyNet Android 53 <a href="https://source.android.com/security/enhancements/"> 54 Android 55 </a> 56 57 <a href="http://source.android.com/security/bulletin/2016-01-01.html#mitigations"> 58 59 </a> 60 . 61 . 62 </p> 63 <h2 id="security_vulnerability_summary" style="margin-bottom:0px"> 64 65 </h2> 66 <hr/> 67 <p> 68 , ID(CVE), 69 . 70 <a href="https://source.android.com/security/overview/updates-resources.html#severity"> 71 72 </a> 73 74 75 . 76 </p> 77 <table> 78 <tbody> 79 <tr> 80 <th> 81 82 </th> 83 <th> 84 CVE 85 </th> 86 <th> 87 88 </th> 89 </tr> 90 <tr> 91 <td> 92 93 </td> 94 <td> 95 CVE-2015-6636 96 </td> 97 <td> 98 99 </td> 100 </tr> 101 <tr> 102 <td> 103 misc-sd 104 </td> 105 <td> 106 CVE-2015-6637 107 </td> 108 <td> 109 110 </td> 111 </tr> 112 <tr> 113 <td> 114 Imagination Technologies 115 </td> 116 <td> 117 CVE-2015-6638 118 </td> 119 <td> 120 121 </td> 122 </tr> 123 <tr> 124 <td> 125 Trustzone 126 </td> 127 <td> 128 CVE-2015-6639<br /> 129 CVE-2015-6647 130 </td> 131 <td> 132 133 </td> 134 </tr> 135 <tr> 136 <td> 137 138 </td> 139 <td> 140 CVE-2015-6640 141 </td> 142 <td> 143 144 </td> 145 </tr> 146 <tr> 147 <td> 148 149 </td> 150 <td> 151 CVE-2015-6641 152 </td> 153 <td> 154 155 </td> 156 </tr> 157 <tr> 158 <td> 159 160 </td> 161 <td> 162 CVE-2015-6642 163 </td> 164 <td> 165 166 </td> 167 </tr> 168 <tr> 169 <td> 170 171 </td> 172 <td> 173 CVE-2015-6643 174 </td> 175 <td> 176 177 </td> 178 </tr> 179 <tr> 180 <td> 181 Wi-Fi 182 </td> 183 <td> 184 CVE-2015-5310 185 </td> 186 <td> 187 188 </td> 189 </tr> 190 <tr> 191 <td> 192 Bouncy Castle 193 </td> 194 <td> 195 CVE-2015-6644 196 </td> 197 <td> 198 199 </td> 200 </tr> 201 <tr> 202 <td> 203 SyncManager (DoS) 204 </td> 205 <td> 206 CVE-2015-6645 207 </td> 208 <td> 209 210 </td> 211 </tr> 212 <tr> 213 <td> 214 Nexus 215 </td> 216 <td> 217 CVE-2015-6646 218 </td> 219 <td> 220 221 </td> 222 </tr> 223 </tbody> 224 </table> 225 <h2 id="mitigations" style="margin-bottom:0px"> 226 227 </h2> 228 <hr/> 229 <p> 230 SafetyNet 231 <a href="https://source.android.com/security/enhancements/index.html"> 232 Android 233 </a> 234 . 235 Android 236 . 237 </p> 238 <ul> 239 <li> 240 Android Android 241 . 242 Android . 243 </li> 244 <li> 245 Android 246 SafetyNet 247 . Google Play . 248 Google Play 249 . 250 251 . 252 253 . 254 </li> 255 <li> 256 Google 257 . 258 </li> 259 </ul> 260 <h2 id="acknowledgements" style="margin-bottom:0px"> 261 262 </h2> 263 <hr/> 264 <p> 265 . 266 </p> 267 <ul> 268 <li> 269 Chrome Abhishek Arya, Oliver Chang, Martin Barbella: CVE-2015-6636 270 </li> 271 <li> 272 KEEN lab, Tencent( 273 <a href="https://twitter.com/k33nteam"> @K33nTeam </a> 274 ) Sen Nie( 275 <a href="https://twitter.com/@nforest_"> @nforest_ </a> 276 ), jfang: CVE-2015-6637 277 </li> 278 <li> 279 Android Bionic Yabin Cui: CVE-2015-6640 280 </li> 281 <li> 282 Google X Tom Craig: CVE-2015-6641 283 </li> 284 <li> 285 Jann Horn( 286 <a href="https://thejh.net/"> 287 https://thejh.net 288 </a> 289 ): CVE-2015-6642 290 </li> 291 <li> 292 Jouni Malinen PGP(id: EFC895FA): CVE-2015-5310 293 </li> 294 <li> 295 Google Quan Nguyen: CVE-2015-6644 296 </li> 297 <li> 298 Gal Beniamini( 299 <a href="https://twitter.com/@laginimaineb"> @laginimaineb </a> 300 , 301 <a href="http://bits-please.blogspot.com/"> 302 http://bits-please.blogspot.com 303 </a> 304 ): CVE-2015-6639 305 </li> 306 </ul> 307 <h2 id="security_vulnerability_details" style="margin-bottom:0px"> 308 309 </h2> 310 <hr/> 311 <p> 312 313 <a href="http://source.android.com/security/bulletin/2016-01-01.html#security_vulnerability_summary"> 314 315 </a> 316 317 . , CVE, , 318 , . 319 AOSP ID . 320 321 AOSP ID . 322 </p> 323 <h3 id="remote_code_execution_vulnerability_in_mediaserver"> 324 325 </h3> 326 <p> 327 328 329 . 330 </p> 331 <p> 332 , 333 , MMS 334 . 335 </p> 336 <p> 337 338 . 339 340 . 341 </p> 342 <table> 343 <tbody> 344 <tr> 345 <th> 346 CVE 347 </th> 348 <th> 349 AOSP 350 </th> 351 <th> 352 353 </th> 354 <th> 355 356 </th> 357 <th> 358 359 </th> 360 </tr> 361 <tr> 362 <td rowspan="2"> 363 CVE-2015-6636 364 </td> 365 <td> 366 <a href="https://android.googlesource.com/platform%2Fexternal%2Flibhevc/+/b9f7c2c45c6fe770b7daffb9a4e61522d1f12d51#"> 367 ANDROID-25070493 368 </a> 369 </td> 370 <td> 371 372 </td> 373 <td> 374 5.0, 5.1.1, 6.0, 6.0.1 375 </td> 376 <td> 377 Google 378 </td> 379 </tr> 380 <tr> 381 <td> 382 <a href="https://android.googlesource.com/platform%2Fexternal%2Flibhevc/+/e8bfec1fa41eafa1fd8e05d0fdc53ea0f2379518"> 383 ANDROID-24686670 384 </a> 385 </td> 386 <td> 387 388 </td> 389 <td> 390 5.0, 5.1.1, 6.0, 6.0.1 391 </td> 392 <td> 393 Google 394 </td> 395 </tr> 396 </tbody> 397 </table> 398 <h3 id="elevation_of_privilege_vulnerability_in_misc-sd_driver"> 399 misc-sd 400 </h3> 401 <p> 402 MediaTek misc-sd 403 404 . 405 406 . 407 </p> 408 <table> 409 <tbody> 410 <tr> 411 <th> 412 CVE 413 </th> 414 <th> 415 416 </th> 417 <th> 418 419 </th> 420 <th> 421 422 </th> 423 <th> 424 425 </th> 426 </tr> 427 <tr> 428 <td> 429 CVE-2015-6637 430 </td> 431 <td> 432 ANDROID-25307013* 433 </td> 434 <td> 435 436 </td> 437 <td> 438 4.4.4, 5.0, 5.1.1, 6.0, 6.0.1 439 </td> 440 <td> 441 2015 10 26 442 </td> 443 </tr> 444 </tbody> 445 </table> 446 <p> 447 * AOSP . 448 <a href="https://developers.google.com/android/nexus/drivers"> 449 Google 450 </a> 451 Nexus . 452 </p> 453 <h3 id="elevation_of_privilege_vulnerability_in_the_imagination_technologies_driver"> 454 Imagination Technologies 455 </h3> 456 <p> 457 Imagination Technologies 458 459 . 460 461 . 462 </p> 463 <table> 464 <tbody> 465 <tr> 466 <th> 467 CVE 468 </th> 469 <th> 470 471 </th> 472 <th> 473 474 </th> 475 <th> 476 477 </th> 478 <th> 479 480 </th> 481 </tr> 482 <tr> 483 <td> 484 CVE-2015-6638 485 </td> 486 <td> 487 ANDROID-24673908* 488 </td> 489 <td> 490 491 </td> 492 <td> 493 5.0, 5.1.1, 6.0, 6.0.1 494 </td> 495 <td> 496 Google 497 </td> 498 </tr> 499 </tbody> 500 </table> 501 <p> 502 * AOSP . 503 <a href="https://developers.google.com/android/nexus/drivers"> 504 Google 505 </a> 506 Nexus . 507 </p> 508 <h3 id="elevation_of_privilege_vulnerabilities_in_trustzone"> 509 Trustzone 510 </h3> 511 <p> 512 Widevine QSEE TrustZone 513 QSEECOM Trustzone 514 . 515 516 . 517 </p> 518 <table> 519 <tbody> 520 <tr> 521 <th> 522 CVE 523 </th> 524 <th> 525 526 </th> 527 <th> 528 529 </th> 530 <th> 531 532 </th> 533 <th> 534 535 </th> 536 </tr> 537 <tr> 538 <td> 539 CVE-2015-6639 540 </td> 541 <td> 542 ANDROID-24446875* 543 </td> 544 <td> 545 546 </td> 547 <td> 548 5.0, 5.1.1, 6.0, 6.0.1 549 </td> 550 <td> 551 2015 9 23 552 </td> 553 </tr> 554 <tr> 555 <td> 556 CVE-2015-6647 557 </td> 558 <td> 559 ANDROID-24441554* 560 </td> 561 <td> 562 563 </td> 564 <td> 565 5.0, 5.1.1, 6.0, 6.0.1 566 </td> 567 <td> 568 2015 9 27 569 </td> 570 </tr> 571 </tbody> 572 </table> 573 <p> 574 * AOSP . 575 <a href="https://developers.google.com/android/nexus/drivers"> 576 Google 577 </a> 578 Nexus . 579 </p> 580 <h3 id="elevation_of_privilege_vulnerability_in_kernel"> 581 582 </h3> 583 <p> 584 585 . 586 587 . 588 </p> 589 <table> 590 <tbody> 591 <tr> 592 <th> 593 CVE 594 </th> 595 <th> 596 AOSP 597 </th> 598 <th> 599 600 </th> 601 <th> 602 603 </th> 604 <th> 605 606 </th> 607 </tr> 608 <tr> 609 <td> 610 CVE-2015-6640 611 </td> 612 <td> 613 <a href="https://android.googlesource.com/kernel%2Fcommon/+/69bfe2d957d903521d32324190c2754cb073be15"> 614 ANDROID-20017123 615 </a> 616 </td> 617 <td> 618 619 </td> 620 <td> 621 4.4.4, 5.0, 5.1.1, 6.0 622 </td> 623 <td> 624 Google 625 </td> 626 </tr> 627 </tbody> 628 </table> 629 <h3 id="elevation_of_privilege_vulnerability_in_bluetooth"> 630 631 </h3> 632 <p> 633 () . ' 634 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel"> 635 636 </a> 637 ' 638 . 639 . 640 </p> 641 <table> 642 <tbody> 643 <tr> 644 <th> 645 CVE 646 </th> 647 <th> 648 AOSP 649 </th> 650 <th> 651 652 </th> 653 <th> 654 655 </th> 656 <th> 657 658 </th> 659 </tr> 660 <tr> 661 <td> 662 CVE-2015-6641 663 </td> 664 <td> 665 <a href="https://android.googlesource.com/platform%2Fpackages%2Fapps%2FSettings/+/98f11fd1a4752beed56b5fe7a4097ec0ae0c74b3"> 666 ANDROID-23607427 667 </a> 668 [ 669 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fbase/+/ccbe7383e63d7d23bac6bccc8e4094fe474645ec"> 670 2 671 </a> 672 ] 673 </td> 674 <td> 675 676 </td> 677 <td> 678 6.0, 6.0.1 679 </td> 680 <td> 681 Google 682 </td> 683 </tr> 684 </tbody> 685 </table> 686 <h3 id="information_disclosure_vulnerability_in_kernel"> 687 688 </h3> 689 <p> 690 691 692 . 693 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel"> 694 695 </a> 696 697 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel"> 698 SignatureOrSystem 699 </a> 700 . 701 </p> 702 <table> 703 <tbody> 704 <tr> 705 <th> 706 CVE 707 </th> 708 <th> 709 710 </th> 711 <th> 712 713 </th> 714 <th> 715 716 </th> 717 <th> 718 719 </th> 720 </tr> 721 <tr> 722 <td> 723 CVE-2015-6642 724 </td> 725 <td> 726 ANDROID-24157888* 727 </td> 728 <td> 729 730 </td> 731 <td> 732 4.4.4, 5.0, 5.1.1, 6.0 733 </td> 734 <td> 735 2015 9 12 736 </td> 737 </tr> 738 </tbody> 739 </table> 740 <p> 741 * AOSP . 742 <a href="https://developers.google.com/android/nexus/drivers"> 743 Google 744 </a> 745 Nexus . 746 </p> 747 <h3 id="elevation_of_privilege_vulnerability_in_setup_wizard"> 748 749 </h3> 750 <p> 751 752 753 . . 754 </p> 755 <table> 756 <tbody> 757 <tr> 758 <th> 759 CVE 760 </th> 761 <th> 762 AOSP 763 </th> 764 <th> 765 766 </th> 767 <th> 768 769 </th> 770 <th> 771 772 </th> 773 </tr> 774 <tr> 775 <td> 776 CVE-2015-6643 777 </td> 778 <td> 779 <a href="https://android.googlesource.com/platform/packages/apps/Settings/+/665ac7bc29396fd5af2ecfdfda2b9de7a507daa0"> 780 ANDROID-25290269 781 </a> 782 [ 783 <a href="https://android.googlesource.com/platform/packages/apps/Settings/+/a7ff2e955d2509ed28deeef984347e093794f92b"> 784 2 785 </a> 786 ] 787 </td> 788 <td> 789 790 </td> 791 <td> 792 5.1.1, 6.0, 6.0.1 793 </td> 794 <td> 795 Google 796 </td> 797 </tr> 798 </tbody> 799 </table> 800 <h3 id="elevation_of_privilege_vulnerability_in_wi-fi"> 801 Wi-Fi 802 </h3> 803 <p> 804 Wi-Fi 805 Wi-Fi . 806 . 807 ' 808 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel"> 809 810 </a> 811 ' . 812 . 813 </p> 814 <table> 815 <tbody> 816 <tr> 817 <th> 818 CVE 819 </th> 820 <th> 821 AOSP 822 </th> 823 <th> 824 825 </th> 826 <th> 827 828 </th> 829 <th> 830 831 </th> 832 </tr> 833 <tr> 834 <td> 835 CVE-2015-5310 836 </td> 837 <td> 838 <a href="https://android.googlesource.com/platform%2Fexternal%2Fwpa_supplicant_8/+/1e9857b5f1dd84ac5a0ada0150b1b9c87d44d99d"> 839 ANDROID-25266660 840 </a> 841 </td> 842 <td> 843 844 </td> 845 <td> 846 4.4.4, 5.0, 5.1.1, 6.0, 6.0.1 847 </td> 848 <td> 849 2015 10 25 850 </td> 851 </tr> 852 </tbody> 853 </table> 854 <h3 id="information_disclosure_vulnerability_in_bouncy_castle"> 855 Bouncy Castle 856 </h3> 857 <p> 858 Bouncy Castle 859 . 860 ' 861 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel"> 862 863 </a> 864 ' . 865 </p> 866 <table> 867 <tbody> 868 <tr> 869 <th> 870 CVE 871 </th> 872 <th> 873 AOSP 874 </th> 875 <th> 876 877 </th> 878 <th> 879 880 </th> 881 <th> 882 883 </th> 884 </tr> 885 <tr> 886 <td> 887 CVE-2015-6644 888 </td> 889 <td> 890 <a href="https://android.googlesource.com/platform/external/bouncycastle/+/3e128c5fea3a0ca2d372aa09c4fd4bb0eadfbd3f"> 891 ANDROID-24106146 892 </a> 893 </td> 894 <td> 895 896 </td> 897 <td> 898 4.4.4, 5.0, 5.1.1, 6.0, 6.0.1 899 </td> 900 <td> 901 Google 902 </td> 903 </tr> 904 </tbody> 905 </table> 906 <h3 id="denial_of_service_vulnerability_in_syncmanager"> 907 SyncManager (DoS) 908 </h3> 909 <p> 910 SyncManager . 911 912 . 913 </p> 914 <table> 915 <tbody> 916 <tr> 917 <th> 918 CVE 919 </th> 920 <th> 921 AOSP 922 </th> 923 <th> 924 925 </th> 926 <th> 927 928 </th> 929 <th> 930 931 </th> 932 </tr> 933 <tr> 934 <td> 935 CVE-2015-6645 936 </td> 937 <td> 938 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fbase/+/c0f39c1ece72a05c796f7ba30b7a2b5b580d5025"> 939 ANDROID-23591205 940 </a> 941 </td> 942 <td> 943 944 </td> 945 <td> 946 4.4.4, 5.0, 5.1.1, 6.0 947 </td> 948 <td> 949 Google 950 </td> 951 </tr> 952 </tbody> 953 </table> 954 <h3 id="attack_surface_reduction_for_nexus_kernels"> 955 Nexus 956 </h3> 957 <p> 958 SysV IPC Android . SysV IPC OS . 959 , 960 System V IPC Android 961 . CVE-2015-7613 . 962 </p> 963 <table> 964 <tbody> 965 <tr> 966 <th> 967 CVE 968 </th> 969 <th> 970 971 </th> 972 <th> 973 974 </th> 975 <th> 976 977 </th> 978 <th> 979 980 </th> 981 </tr> 982 <tr> 983 <td> 984 CVE-2015-6646 985 </td> 986 <td> 987 ANDROID-22300191* 988 </td> 989 <td> 990 991 </td> 992 <td> 993 6.0 994 </td> 995 <td> 996 Google 997 </td> 998 </tr> 999 </tbody> 1000 </table> 1001 <p> 1002 * AOSP . 1003 <a href="https://developers.google.com/android/nexus/drivers"> 1004 Google 1005 </a> 1006 Nexus . 1007 </p> 1008 <h3 id="common_questions_and_answers"> 1009 1010 </h3> 1011 <p> 1012 1013 . 1014 </p> 1015 <p> 1016 <strong> 1017 1. ? 1018 </strong> 1019 </p> 1020 <p> 1021 LMY49F 2016 1 1 1022 Android 6.0 . 1023 <a href="https://support.google.com/nexus/answer/4457705"> 1024 Nexus 1025 </a> 1026 . 1027 . 1028 [ro.build.version.security_patch]:[2016-01-01] 1029 </p> 1030 <h2 id="revisions" style="margin-bottom:0px"> 1031 1032 </h2> 1033 <hr/> 1034 <ul> 1035 <li> 1036 2016 1 4: 1037 </li> 1038 <li> 1039 2016 1 6: AOSP 1040 </li> 1041 </ul> 1042
