1 page.title=Nexus - 2016 2 2 @jd:body 3 4 <!-- 5 Copyright 2016 The Android Open Source Project 6 7 Licensed under the Apache License, Version 2.0 (the "License"); 8 you may not use this file except in compliance with the License. 9 You may obtain a copy of the License at 10 11 http://www.apache.org/licenses/LICENSE-2.0 12 13 Unless required by applicable law or agreed to in writing, software 14 distributed under the License is distributed on an "AS IS" BASIS, 15 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 16 See the License for the specific language governing permissions and 17 limitations under the License. 18 --> 19 20 <div id="qv-wrapper"> 21 <div id="qv"> 22 <h2></h2> 23 <ol id="auto-toc"> 24 </ol> 25 </div> 26 </div> 27 28 <p><em>2016 2 1 | 2016 3 7 </em></p> 29 30 <p>Google Android 31 OTA Nexus 32 Nexus 33 <a href="https://developers.google.com/android/nexus/images">Google Developers </a> 34 LMY49G Android M ( 2016 2 1 ) 35 36 <a href="https://support.google.com/nexus/answer/4457705">Nexus </a> 37 </p> 38 39 <p> 2016 1 4 40 41 Android 42 (AOSP) </p> 43 44 <p> 45 46 Broadcom Wi-Fi 47 48 </p> 49 50 <p> 51 <a href="{@docRoot}security/enhancements/index.html">Android </a> 52 ( SafetyNet) Android 53 <a href="#mitigations"></a></p> 54 55 <h2 id="security_vulnerability_summary"></h2> 56 57 58 <p> (CVE) 59 <a href="{@docRoot}security/overview/updates-resources.html#severity"></a> 60 61 62 </p> 63 <table> 64 <tr> 65 <th></th> 66 <th>CVE</th> 67 <th></th> 68 </tr> 69 <tr> 70 <td>Broadcom Wi-Fi </td> 71 <td>CVE-2016-0801<br> 72 CVE-2016-0802</td> 73 <td></td> 74 </tr> 75 <tr> 76 <td></td> 77 <td>CVE-2016-0803<br> 78 CVE-2016-0804</td> 79 <td></td> 80 </tr> 81 <tr> 82 <td>Qualcomm </td> 83 <td>CVE-2016-0805</td> 84 <td></td> 85 </tr> 86 <tr> 87 <td>Qualcomm Wi-Fi </td> 88 <td>CVE-2016-0806</td> 89 <td></td> 90 </tr> 91 <tr> 92 <td>Debugger Daemon </td> 93 <td>CVE-2016-0807</td> 94 <td></td> 95 </tr> 96 <tr> 97 <td>Minikin </td> 98 <td>CVE-2016-0808</td> 99 <td></td> 100 </tr> 101 <tr> 102 <td>Wi-Fi </td> 103 <td>CVE-2016-0809</td> 104 <td></td> 105 </tr> 106 <tr> 107 <td></td> 108 <td>CVE-2016-0810</td> 109 <td></td> 110 </tr> 111 <tr> 112 <td>libmediaplayerservice </td> 113 <td>CVE-2016-0811</td> 114 <td></td> 115 </tr> 116 <tr> 117 <td></td> 118 <td>CVE-2016-0812<br> 119 CVE-2016-0813</td> 120 <td></td> 121 </tr> 122 </table> 123 124 125 <h3 id="mitigations"></h3> 126 127 128 <p> <a href="https://source.android.com/security/enhancements/index.html">Android </a> SafetyNet 129 Android 130 </p> 131 132 <ul> 133 <li>Android 134 Android 135 Android 136 <li>Android SafetyNet 137 138 Google Play Root 139 Google Play 140 Root 141 142 143 144 <li>Google Hangouts Messenger 145 146 </li></li></li></ul> 147 148 <h3 id="acknowledgements"></h3> 149 150 151 <p></p> 152 153 <ul> 154 <li> Android Chrome CVE-2016-0809CVE-2016-0810 155 <li>Broadgate CVE-2016-0801CVE-2015-0802 156 <li> <a href="http://www.360safe.com/"> 360</a> <a href="http://c0reteam.org">C0RE </a> Chiachih Wu (<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>) 157 Mingjian Zhou (<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>) Xuxian JiangCVE-2016-0804 158 <li>Google Pixel C David RileyCVE-2016-0812 159 <li> 360 IceSword 160 Gengjia Chen (<a href="https://twitter.com/@chengjia4574">@chengjia4574</a>)CVE-2016-0805 161 <li> KeenLab (<a href="https://twitter.com/keen_lab">@keen_lab</a>) 162 Qidan He (<a href="https://twitter.com/@Flanker_hqd">@Flanker_hqd</a>)CVE-2016-0811 163 <li> (<a href="http://www.trendmicro.com">www.trendmicro.com</a>) 164 Seven Shen (<a href="https://twitter.com/@lingtongshen">@lingtongshen</a>)CVE-2016-0803 165 <li> Weichao Sun (<a href="https://twitter.com/sunblate">@sunblate</a>)CVE-2016-0808 166 <li> Android Zach Riggle (<a href="https://twitter.com/@ebeip90">@ebeip90</a>)CVE-2016-0807 167 </li></li></li></li></li></li></li></li></li></li></li></ul> 168 169 <h2 id="security_vulnerability_details"></h2> 170 171 172 <p><a href="#security_vulnerability_summary"></a> 173 174 175 CVE 176 AOSP 177 AOSP 178 </p> 179 180 <h3 id="remote_code_execution_vulnerability_in_broadcom_wi-fi_driver">Broadcom Wi-Fi </h3> 181 182 183 <p>Broadcom Wi-Fi 184 185 186 187 188 189 </p> 190 <table> 191 <tr> 192 <th>CVE</th> 193 <th></th> 194 <th></th> 195 <th></th> 196 <th></th> 197 </tr> 198 <tr> 199 <td>CVE-2016-0801</td> 200 <td><a href="https://android.googlesource.com/kernel/msm/+/68cdc8df1cb6622980b791ce03e99c255c9888af^!">ANDROID-25662029</a><br> 201 <a href="https://android.googlesource.com/kernel/msm/+/68cdc8df1cb6622980b791ce03e99c255c9888af^!">ANDROID-25662233</a></td> 202 <td></td> 203 <td>4.4.4, 5.0, 5.1.1, 6.0, 6.0.1</td> 204 <td>2015 10 25 </td> 205 </tr> 206 <tr> 207 <td>CVE-2016-0802</td> 208 <td><a href="https://android.googlesource.com/kernel/msm/+/3fffc78f70dc101add8b82af878d53457713d005^%21/">ANDROID-25306181</a></td> 209 <td></td> 210 <td>4.4.4, 5.0, 5.1.1, 6.0, 6.0.1</td> 211 <td>2015 10 26 </td> 212 </tr> 213 </table> 214 215 <h3 id="remote_code_execution_vulnerability_in_mediaserver"></h3> 216 217 <p> 218 219 </p> 220 221 <p> 222 223 </p> 224 225 <p> 226 227 228 </p> 229 <table> 230 <tr> 231 <th>CVE</th> 232 <th> ( AOSP )</th> 233 <th></th> 234 <th></th> 235 <th></th> 236 </tr> 237 <tr> 238 <td>CVE-2016-0803</td> 239 <td><a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/50270d98e26fa18b20ca88216c3526667b724ba7">ANDROID-25812794</a></td> 240 <td></td> 241 <td>4.4.4, 5.0, 5.1.1, 6.0, 6.0.1</td> 242 <td>2015 11 19 </td> 243 </tr> 244 <tr> 245 <td>CVE-2016-0804</td> 246 <td><a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/224858e719d045c8554856b12c4ab73d2375cf33">ANDROID-25070434</a></td> 247 <td></td> 248 <td>5.0, 5.1.1, 6.0, 6.0.1</td> 249 <td>2015 10 12 </td> 250 </tr> 251 </table> 252 253 254 <h3 id="elevation_of_privilege_vulnerability_in_qualcomm_performance_module">Qualcomm </h3> 255 256 257 <p>Qualcomm ARM 258 259 260 (Re-flash) 261 </p> 262 <table> 263 <tr> 264 <th>CVE</th> 265 <th></th> 266 <th></th> 267 <th></th> 268 <th></th> 269 </tr> 270 <tr> 271 <td>CVE-2016-0805</td> 272 <td>ANDROID-25773204*</td> 273 <td></td> 274 <td>4.4.4, 5.0, 5.1.1, 6.0, 6.0.1</td> 275 <td>2015 11 15 </td> 276 </tr> 277 </table> 278 279 <p>* AOSP Nexus <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a></p> 280 281 <h3 id="elevation_of_privilege_vulnerability_in_qualcomm_wifi_driver">Qualcomm Wi-Fi </h3> 282 283 284 <p> Qualcomm Wi-Fi 285 286 287 (Re-flash) 288 </p> 289 <table> 290 <tr> 291 <th>CVE</th> 292 <th></th> 293 <th></th> 294 <th></th> 295 <th></th> 296 </tr> 297 <tr> 298 <td>CVE-2016-0806</td> 299 <td>ANDROID-25344453*</td> 300 <td></td> 301 <td>4.4.4, 5.0, 5.1.1, 6.0, 6.0.1</td> 302 <td>2015 11 15 </td> 303 </tr> 304 </table> 305 306 <p>* AOSP Nexus <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a></p> 307 308 <h3 id="elevation_of_privilege_vulnerability_in_the_debuggerd">Debuggerd </h3> 309 310 311 <p>Debuggerd 312 313 314 (Re-flash) 315 </p> 316 <table> 317 <tr> 318 <th>CVE</th> 319 <th> ( AOSP )</th> 320 <th></th> 321 <th></th> 322 <th></th> 323 </tr> 324 <tr> 325 <td>CVE-2016-0807</td> 326 <td><a href="https://android.googlesource.com/platform%2Fsystem%2Fcore/+/d917514bd6b270df431ea4e781a865764d406120">ANDROID-25187394</a></td> 327 <td></td> 328 <td>6.0 6.0.1</td> 329 <td>Google </td> 330 </tr> 331 </table> 332 333 334 <h3 id="denial_of_service_vulnerability_in_minikin">Minikin </h3> 335 336 337 <p>Minikin 338 339 Minikin 340 341 </p> 342 <table> 343 <tr> 344 <th>CVE</th> 345 <th> ( AOSP )</th> 346 <th></th> 347 <th></th> 348 <th></th> 349 </tr> 350 <tr> 351 <td>CVE-2016-0808</td> 352 <td><a href="https://android.googlesource.com/platform/frameworks/minikin/+/ed4c8d79153baab7f26562afb8930652dfbf853b">ANDROID-25645298</a></td> 353 <td></td> 354 <td>5.05.1.16.06.0.1</td> 355 <td>2015 11 3 </td> 356 </tr> 357 </table> 358 359 360 <h3 id="elevation_of_privilege_vulnerability_in_wi-fi">Wi-Fi </h3> 361 362 363 <p>Wi-Fi 364 365 366 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel"></a> 367 </p> 368 <table> 369 <tr> 370 <th>CVE</th> 371 <th> ( AOSP )</th> 372 <th></th> 373 <th></th> 374 <th></th> 375 </tr> 376 <tr> 377 <td>CVE-2016-0809</td> 378 <td><a href="https://android.googlesource.com/platform/hardware/broadcom/wlan/+/2c5a4fac8bc8198f6a2635ede776f8de40a0c3e1^%21/#F0">ANDROID-25753768</a></td> 379 <td></td> 380 <td>6.06.0.1</td> 381 <td>Google </td> 382 </tr> 383 </table> 384 385 386 <h3 id="elevation_of_privilege_vulnerability_in_mediaserver"></h3> 387 388 389 <p> 390 391 392 ( <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> )</p> 393 <table> 394 <tr> 395 <th>CVE</th> 396 <th> ( AOSP )</th> 397 <th></th> 398 <th></th> 399 <th></th> 400 </tr> 401 <tr> 402 <td>CVE-2016-0810</td> 403 <td><a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/19c47afbc402542720ddd280e1bbde3b2277b586">ANDROID-25781119</a></td> 404 <td></td> 405 <td>4.4.4, 5.0, 5.1.1, 6.0, 6.0.1</td> 406 <td>Google </td> 407 </tr> 408 </table> 409 410 411 <h3 id="information_disclosure_vulnerability_in_libmediaplayerservice">libmediaplayerservice </h3> 412 413 414 <p>libmediaplayerservice 415 416 417 ( <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> )</p> 418 <table> 419 <tr> 420 <th>CVE</th> 421 <th> ( AOSP )</th> 422 <th></th> 423 <th></th> 424 <th></th> 425 </tr> 426 <tr> 427 <td>CVE-2016-0811</td> 428 <td><a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/22f824feac43d5758f9a70b77f2aca840ba62c3b">ANDROID-25800375</a></td> 429 <td></td> 430 <td>6.0, 6.0.1</td> 431 <td>2015 11 16 </td> 432 </tr> 433 </table> 434 435 436 <h3 id="elevation_of_privilege_vulnerability_in_setup_wizard"></h3> 437 438 439 <p> 440 441 442 443 </p> 444 <table> 445 <tr> 446 <th>CVE</th> 447 <th> ( AOSP )</th> 448 <th></th> 449 <th></th> 450 <th></th> 451 </tr> 452 <tr> 453 <td>CVE-2016-0812</td> 454 <td><a href="https://android.googlesource.com/platform%2Fframeworks%2Fbase/+/84669ca8de55d38073a0dcb01074233b0a417541">ANDROID-25229538</a></td> 455 <td></td> 456 <td>5.1.16.0</td> 457 <td>Google </td> 458 </tr> 459 <tr> 460 <td>CVE-2016-0813</td> 461 <td><a href="https://android.googlesource.com/platform%2Fframeworks%2Fbase/+/16a76dadcc23a13223e9c2216dad1fe5cad7d6e1">ANDROID-25476219</a></td> 462 <td></td> 463 <td>5.1.16.06.0.1</td> 464 <td>Google </td> 465 </tr> 466 </table> 467 468 <h3 id="common_questions_and_answers"></h3> 469 470 <p> 471 </p> 472 473 <p><strong>1. </strong></p> 474 475 <p>LMY49G Android 6.0 ( 2016 2 1 ) 476 <a href="https://support.google.com/nexus/answer/4457705">Nexus </a> 477 478 [ro.build.version.security_patch]:[2016-02-01]</p> 479 480 <h2 id="revisions"></h2> 481 482 483 <ul> 484 <li> 2016 2 1 485 <li> 2016 2 2 AOSP 486 <li> 2016 3 7 AOSP 487 488 </li></li></li></ul> 489
