1 page.title=Android 2016 6 2 @jd:body 3 <!-- 4 Copyright 2016 The Android Open Source Project 5 Licensed under the Apache License, Version 2.0 (the "License"); 6 you may not use this file except in compliance with the License. 7 You may obtain a copy of the License at 8 http://www.apache.org/licenses/LICENSE-2.0 9 Unless required by applicable law or agreed to in writing, software 10 distributed under the License is distributed on an "AS IS" BASIS, 11 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 12 See the License for the specific language governing permissions and 13 limitations under the License. 14 --> 15 16 <p><em>2016 6 6 | 2016 6 8 </em></p> 17 18 <p>Android Android Google OTA Nexus Nexus <a href="https://developers.google.com/android/nexus/images">Google </a> 19 2016 6 1 <a href="https://support.google.com/nexus/answer/4457705#nexus_devices">Nexus </a></p> 20 21 <p> 2016 5 2 () Android (AOSP) </p> 22 23 <p></p> 24 25 <p> <a href="{@docRoot}security/enhancements/index.html">Android </a> ( SafetyNet) Android <a href="#mitigations">Android Google </a></p> 26 27 <p></p> 28 29 <h2 id="security_vulnerability_summary"></h2> 30 31 32 <p> (CVE) Nexus <a href="{@docRoot}security/overview/updates-resources.html#severity"></a></p> 33 <table> 34 <col width="55%"> 35 <col width="20%"> 36 <col width="13%"> 37 <col width="12%"> 38 <tr> 39 <th></th> 40 <th>CVE</th> 41 <th></th> 42 <th> Nexus </th> 43 </tr> 44 <tr> 45 <td></td> 46 <td>CVE-2016-2463</td> 47 <td></td> 48 <td></td> 49 </tr> 50 <tr> 51 <td>libwebm </td> 52 <td>CVE-2016-2464</td> 53 <td></td> 54 <td></td> 55 </tr> 56 <tr> 57 <td>Qualcomm </td> 58 <td>CVE-2016-2465</td> 59 <td></td> 60 <td></td> 61 </tr> 62 <tr> 63 <td>Qualcomm </td> 64 <td>CVE-2016-2466<br> 65 CVE-2016-2467</td> 66 <td></td> 67 <td></td> 68 </tr> 69 <tr> 70 <td>Qualcomm GPU </td> 71 <td>CVE-2016-2468<br> 72 CVE-2016-2062</td> 73 <td></td> 74 <td></td> 75 </tr> 76 <tr> 77 <td>Qualcomm Wi-Fi </td> 78 <td>CVE-2016-2474</td> 79 <td></td> 80 <td></td> 81 </tr> 82 <tr> 83 <td>Broadcom Wi-Fi </td> 84 <td>CVE-2016-2475</td> 85 <td></td> 86 <td></td> 87 </tr> 88 <tr> 89 <td>Qualcomm </td> 90 <td>CVE-2016-2066<br> 91 CVE-2016-2469</td> 92 <td></td> 93 <td></td> 94 </tr> 95 <tr> 96 <td></td> 97 <td>CVE-2016-2476<br> 98 CVE-2016-2477<br> 99 CVE-2016-2478<br> 100 CVE-2016-2479<br> 101 CVE-2016-2480<br> 102 CVE-2016-2481<br> 103 CVE-2016-2482<br> 104 CVE-2016-2483<br> 105 CVE-2016-2484<br> 106 CVE-2016-2485<br> 107 CVE-2016-2486<br> 108 CVE-2016-2487</td> 109 <td></td> 110 <td></td> 111 </tr> 112 <tr> 113 <td>Qualcomm </td> 114 <td>CVE-2016-2061<br> 115 CVE-2016-2488</td> 116 <td></td> 117 <td></td> 118 </tr> 119 <tr> 120 <td>Qualcomm </td> 121 <td>CVE-2016-2489</td> 122 <td></td> 123 <td></td> 124 </tr> 125 <tr> 126 <td>NVIDIA </td> 127 <td>CVE-2016-2490<br> 128 CVE-2016-2491</td> 129 <td></td> 130 <td></td> 131 </tr> 132 <tr> 133 <td>Qualcomm Wi-Fi </td> 134 <td>CVE-2016-2470<br> 135 CVE-2016-2471<br> 136 CVE-2016-2472<br> 137 CVE-2016-2473</td> 138 <td></td> 139 <td></td> 140 </tr> 141 <tr> 142 <td>MediaTek </td> 143 <td>CVE-2016-2492</td> 144 <td></td> 145 <td></td> 146 </tr> 147 <tr> 148 <td>SD </td> 149 <td>CVE-2016-2494</td> 150 <td></td> 151 <td></td> 152 </tr> 153 <tr> 154 <td>Broadcom Wi-Fi </td> 155 <td>CVE-2016-2493</td> 156 <td></td> 157 <td></td> 158 </tr> 159 <tr> 160 <td></td> 161 <td>CVE-2016-2495</td> 162 <td></td> 163 <td></td> 164 </tr> 165 <tr> 166 <td></td> 167 <td>CVE-2016-2496</td> 168 <td></td> 169 <td></td> 170 </tr> 171 <tr> 172 <td>Qualcomm Wi-Fi </td> 173 <td>CVE-2016-2498</td> 174 <td></td> 175 <td></td> 176 </tr> 177 <tr> 178 <td></td> 179 <td>CVE-2016-2499</td> 180 <td></td> 181 <td></td> 182 </tr> 183 <tr> 184 <td></td> 185 <td>CVE-2016-2500</td> 186 <td></td> 187 <td></td> 188 </tr> 189 </table> 190 191 192 <h2 id="mitigations">Android Google </h2> 193 194 195 <p> <a href="{@docRoot}security/enhancements/index.html">Android </a> SafetyNet Android </p> 196 197 <ul> 198 <li>Android Android Android 199 <li>Android <a href="{@docRoot}security/reports/Google_Android_Security_2015_Report_Final.pdf"> SafetyNet</a> <a href="{@docRoot}security/reports/Google_Android_Security_PHA_classifications.pdf"></a> <a href="http://www.android.com/gms">Google </a> Google Play Google Play Root Root () 200 <li>Google Hangouts Messenger 201 </li></li></li></ul> 202 203 <h2 id="acknowledgements"></h2> 204 205 206 <p></p> 207 208 <ul> 209 <li> KeenLab (<a href="https://twitter.com/keen_lab">@keen_lab</a>) Di Shen (<a href="https://twitter.com/returnsme">@returnsme</a>)CVE-2016-2468 210 <li> <a href="http://bits-please.blogspot.com">Gal Beniamini</a> (<a href="https://twitter.com/laginimaineb">@laginimaineb</a>)CVE-2016-2476 211 <li> 360 IceSword Gengjia Chen (<a href="https://twitter.com/chengjia4574">@chengjia4574</a>)pjf (<a href="http://weibo.com/jfpan ">weibo.com/jfpan</a>)CVE-2016-2492 212 <li> 360 Hao ChenGuang Gong Wenlin YangCVE-2016-2470CVE-2016-2471CVE-2016-2472CVE-2016-2473CVE-2016-2498 213 <li> <a href="http://www.iwobanas.com">Iwo Banas</a>CVE-2016-2496 214 <li> 360 IceSword Jianqiang Zhao (<a href="https://twitter.com/jianqiangzhao ">@jianqiangzhao</a>) pjf (<a href="http://weibo.com/jfpan ">weibo.com/jfpan</a>)CVE-2016-2490CVE-2016-2491 215 <li>Google Lee CampbellCVE-2016-2500 216 <li>Google Maciej SzawowskiCVE-2016-2474 217 <li>Google Marco Nelissen Max SpectorCVE-2016-2487 218 <li>Google Project Zero Mark BrandCVE-2016-2494 219 <li><a href="http://c0reteam.org">C0RE </a> Mingjian Zhou (<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>)Chiachih Wu (<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>) Xuxian JiangCVE-2016-2477CVE-2016-2478CVE-2016-2479CVE-2016-2480CVE-2016-2481CVE-2016-2482CVE-2016-2483CVE-2016-2484CVE-2016-2485CVE-2016-2486 220 <li> <a href="mailto:sbauer (a] plzdonthack.me">Scott Bauer</a> (<a href="https://twitter.com/ScottyBauer1">@ScottyBauer1</a>)CVE-2016-2066CVE-2016-2061CVE-2016-2465CVE-2016-2469CVE-2016-2489 221 <li>Vasily VasilevCVE-2016-2463 222 <li> Weichao Sun (<a href="https://twitter.com/sunblate">@sunblate</a>)CVE-2016-2495 223 <li> Xiling GongCVE-2016-2499 224 <li>Android Zach Riggle (<a href="https://twitter.com/ebeip90">@ebeip90</a>)CVE-2016-2493 225 </li></li></li></li></li></li></li></li></li></li></li></li></li></li></li></li></ul> 226 227 <h2 id="security_vulnerability_details"></h2> 228 229 230 <p><a href="#security_vulnerability_summary"></a> CVE Android Nexus AOSP () AOSP AOSP </p> 231 232 <h3 id="remote_code_execution_vulnerability_in_mediaserver"> 233 </h3> 234 235 236 <p></p> 237 238 <p></p> 239 <table> 240 <col width="19%"> 241 <col width="16%"> 242 <col width="10%"> 243 <col width="19%"> 244 <col width="18%"> 245 <col width="16%"> 246 <tr> 247 <th>CVE</th> 248 <th>Android </th> 249 <th></th> 250 <th> Nexus </th> 251 <th> AOSP </th> 252 <th></th> 253 </tr> 254 <tr> 255 <td>CVE-2016-2463</td> 256 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/2b6f22dc64d456471a1dc6df09d515771d1427c8">27855419</a></td> 257 <td></td> 258 <td><a href="#nexus_devices"> Nexus </a></td> 259 <td>4.4.45.0.25.1.16.06.0.1</td> 260 <td>2016 3 25 </td> 261 </tr> 262 </table> 263 264 265 <h3 id="remote_code_execution_vulnerabilities_in_libwebm"> 266 libwebm </h3> 267 268 269 <p>libwebm </p> 270 271 <p></p> 272 <table> 273 <col width="19%"> 274 <col width="16%"> 275 <col width="10%"> 276 <col width="19%"> 277 <col width="18%"> 278 <col width="16%"> 279 <tr> 280 <th>CVE</th> 281 <th>Android </th> 282 <th></th> 283 <th> Nexus </th> 284 <th> AOSP </th> 285 <th></th> 286 </tr> 287 <tr> 288 <td>CVE-2016-2464</td> 289 <td><a href="https://android.googlesource.com/platform/external/libvpx/+/cc274e2abe8b2a6698a5c47d8aa4bb45f1f9538d">23167726</a> 290 [<a href="https://android.googlesource.com/platform/external/libvpx/+/65c49d5b382de4085ee5668732bcb0f6ecaf7148">2</a>] 291 </td> 292 <td></td> 293 <td><a href="#nexus_devices"> Nexus </a></td> 294 <td>4.4.45.0.25.1.16.06.0.1</td> 295 <td>Google </td> 296 </tr> 297 </table> 298 299 300 <h3 id="elevation_of_privilege_vulnerability_in_qualcomm_video_driver"> 301 Qualcomm </h3> 302 303 304 <p>Qualcomm (Re-flash) </p> 305 <table> 306 <col width="19%"> 307 <col width="16%"> 308 <col width="10%"> 309 <col width="27%"> 310 <col width="16%"> 311 <tr> 312 <th>CVE</th> 313 <th>Android </th> 314 <th></th> 315 <th> Nexus </th> 316 <th></th> 317 </tr> 318 <tr> 319 <td>CVE-2016-2465</td> 320 <td>27407865*</td> 321 <td></td> 322 <td>Nexus 5Nexus 5XNexus 6Nexus 6P</td> 323 <td>2016 2 21 </td> 324 </tr> 325 </table> 326 <p>* AOSP Nexus <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> 327 </p> 328 329 <h3 id="elevation_of_privilege_vulnerability_in_qualcomm_sound_driver"> 330 Qualcomm </h3> 331 332 <p>Qualcomm (Re-flash) </p> 333 334 <table> 335 <col width="19%"> 336 <col width="16%"> 337 <col width="10%"> 338 <col width="27%"> 339 <col width="16%"> 340 <tr> 341 <th>CVE</th> 342 <th>Android </th> 343 <th></th> 344 <th> Nexus </th> 345 <th></th> 346 </tr> 347 <tr> 348 <td>CVE-2016-2466</td> 349 <td>27947307*</td> 350 <td></td> 351 <td>Nexus 6</td> 352 <td>2016 2 27 </td> 353 </tr> 354 <tr> 355 <td>CVE-2016-2467</td> 356 <td>28029010*</td> 357 <td></td> 358 <td>Nexus 5</td> 359 <td>2014 3 13 </td> 360 </tr> 361 </table> 362 <p>* AOSP Nexus <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> 363 </p> 364 365 <h3 id="elevation_of_privilege_vulnerability_in_qualcomm_gpu_driver"> 366 Qualcomm GPU </h3> 367 368 369 <p>Qualcomm GPU (Re-flash) </p> 370 371 <table> 372 <col width="19%"> 373 <col width="16%"> 374 <col width="10%"> 375 <col width="27%"> 376 <col width="16%"> 377 <tr> 378 <th>CVE</th> 379 <th>Android </th> 380 <th></th> 381 <th> Nexus </th> 382 <th></th> 383 </tr> 384 <tr> 385 <td>CVE-2016-2468</td> 386 <td>27475454*</td> 387 <td></td> 388 <td>Nexus 5Nexus 5XNexus 6Nexus 6PNexus 7</td> 389 <td>2016 3 2 </td> 390 </tr> 391 <tr> 392 <td>CVE-2016-2062</td> 393 <td>27364029*</td> 394 <td></td> 395 <td>Nexus 5XNexus 6P</td> 396 <td>2016 3 6 </td> 397 </tr> 398 </table> 399 <p>* AOSP Nexus <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> 400 </p> 401 402 403 <h3 id="elevation_of_privilege_vulnerability_in_qualcomm_wi-fi_driver"> 404 Qualcomm Wi-Fi </h3> 405 406 407 <p>Qualcomm Wi-Fi (Re-flash) </p> 408 <table> 409 <col width="19%"> 410 <col width="16%"> 411 <col width="10%"> 412 <col width="27%"> 413 <col width="16%"> 414 <tr> 415 <th>CVE</th> 416 <th>Android </th> 417 <th></th> 418 <th> Nexus </th> 419 <th></th> 420 </tr> 421 <tr> 422 <td>CVE-2016-2474</td> 423 <td>27424603*</td> 424 <td></td> 425 <td>Nexus 5X</td> 426 <td>Google </td> 427 </tr> 428 </table> 429 <p>* AOSP Nexus <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> 430 </p> 431 432 433 <h3 id="elevation_of_privilege_vulnerability_in_broadcom_wi-fi_driver"> 434 Broadcom Wi-Fi </h3> 435 436 437 <p>Broadcom Wi-Fi </p> 438 <table> 439 <col width="19%"> 440 <col width="16%"> 441 <col width="10%"> 442 <col width="27%"> 443 <col width="16%"> 444 <tr> 445 <th>CVE</th> 446 <th>Android </th> 447 <th></th> 448 <th> Nexus </th> 449 <th></th> 450 </tr> 451 <tr> 452 <td>CVE-2016-2475</td> 453 <td>26425765*</td> 454 <td></td> 455 <td>Nexus 5Nexus 6Nexus 6PNexus 7 (2013)Nexus 9Nexus PlayerPixel C</td> 456 <td>2016 1 6 </td> 457 </tr> 458 </table> 459 <p>* AOSP Nexus <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> 460 </p> 461 462 463 <h3 id="elevation_of_privilege_vulnerability_in_qualcomm_sound_driver"> 464 Qualcomm </h3> 465 466 467 <p>Qualcomm </p> 468 469 <table> 470 <col width="19%"> 471 <col width="16%"> 472 <col width="10%"> 473 <col width="27%"> 474 <col width="16%"> 475 <tr> 476 <th>CVE</th> 477 <th>Android </th> 478 <th></th> 479 <th> Nexus </th> 480 <th></th> 481 </tr> 482 <tr> 483 <td>CVE-2016-2066</td> 484 <td>26876409*</td> 485 <td></td> 486 <td>Nexus 5Nexus 5XNexus 6Nexus 6P</td> 487 <td>2016 1 29 </td> 488 </tr> 489 <tr> 490 <td>CVE-2016-2469</td> 491 <td>27531992*</td> 492 <td></td> 493 <td>Nexus 5Nexus 6Nexus 6P</td> 494 <td>2016 3 4 </td> 495 </tr> 496 </table> 497 <p>* AOSP Nexus <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> 498 </p> 499 500 501 <h3 id="elevation_of_privilege_vulnerability_in_mediaserver"> 502 </h3> 503 504 505 <p> ( <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> ) </p> 506 507 <table> 508 <col width="19%"> 509 <col width="16%"> 510 <col width="10%"> 511 <col width="19%"> 512 <col width="18%"> 513 <col width="16%"> 514 <tr> 515 <th>CVE</th> 516 <th>Android </th> 517 <th></th> 518 <th> Nexus </th> 519 <th> AOSP </th> 520 <th></th> 521 </tr> 522 <tr> 523 <td>CVE-2016-2476</td> 524 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/295c883fe3105b19bcd0f9e07d54c6b589fc5bff">27207275</a> 525 [<a href="https://android.googlesource.com/platform/frameworks/av/+/94d9e646454f6246bf823b6897bd6aea5f08eda3">2</a>] 526 [<a href="https://android.googlesource.com/platform/frameworks/av/+/0bb5ced60304da7f61478ffd359e7ba65d72f181">3</a>] 527 [<a href="https://android.googlesource.com/platform/frameworks/av/+/db829699d3293f254a7387894303451a91278986">4</a>] 528 </td> 529 <td></td> 530 <td><a href="#nexus_devices"> Nexus </a></td> 531 <td>4.4.45.0.25.1.16.06.0.1</td> 532 <td>2016 2 11 </td> 533 </tr> 534 <tr> 535 <td>CVE-2016-2477</td> 536 <td><a href="https://android.googlesource.com/platform/hardware/qcom/media/+/f22c2a0f0f9e030c240468d9d18b9297f001bcf0">27251096</a> 537 </td> 538 <td></td> 539 <td><a href="#nexus_devices"> Nexus </a></td> 540 <td>4.4.45.0.25.1.16.06.0.1</td> 541 <td>2016 2 17 </td> 542 </tr> 543 <tr> 544 <td>CVE-2016-2478</td> 545 <td><a href="https://android.googlesource.com/platform/hardware/qcom/media/+/f22c2a0f0f9e030c240468d9d18b9297f001bcf0">27475409</a> 546 </td> 547 <td></td> 548 <td><a href="#nexus_devices"> Nexus </a></td> 549 <td>4.4.45.0.25.1.16.06.0.1</td> 550 <td>2016 3 3 </td> 551 </tr> 552 <tr> 553 <td>CVE-2016-2479</td> 554 <td><a href="https://android.googlesource.com/platform/hardware/qcom/media/+/46e305be6e670a5a0041b0b4861122a0f1aabefa">27532282</a> 555 </td> 556 <td></td> 557 <td><a href="#nexus_devices"> Nexus </a></td> 558 <td>4.4.45.0.25.1.16.06.0.1</td> 559 <td>2016 3 6 </td> 560 </tr> 561 <tr> 562 <td>CVE-2016-2480</td> 563 <td><a href="https://android.googlesource.com/platform/hardware/qcom/media/+/560ccdb509a7b86186fac0fce1b25bd9a3e6a6e8">27532721</a> 564 </td> 565 <td></td> 566 <td><a href="#nexus_devices"> Nexus </a></td> 567 <td>4.4.45.0.25.1.16.06.0.1</td> 568 <td>2016 3 6 </td> 569 </tr> 570 <tr> 571 <td>CVE-2016-2481</td> 572 <td><a href="https://android.googlesource.com/platform/hardware/qcom/media/+/89913d7df36dbeb458ce165856bd6505a2ec647d">27532497</a> 573 </td> 574 <td></td> 575 <td><a href="#nexus_devices"> Nexus </a></td> 576 <td>4.4.45.0.25.1.16.06.0.1</td> 577 <td>2016 3 6 </td> 578 </tr> 579 <tr> 580 <td>CVE-2016-2482</td> 581 <td><a href="https://android.googlesource.com/platform/hardware/qcom/media/+/46e305be6e670a5a0041b0b4861122a0f1aabefa">27661749</a> 582 </td> 583 <td></td> 584 <td><a href="#nexus_devices"> Nexus </a></td> 585 <td>4.4.45.0.25.1.16.06.0.1</td> 586 <td>2016 3 14 </td> 587 </tr> 588 <tr> 589 <td>CVE-2016-2483</td> 590 <td><a href="https://android.googlesource.com/platform/hardware/qcom/media/+/89913d7df36dbeb458ce165856bd6505a2ec647d">27662502</a> 591 </td> 592 <td></td> 593 <td><a href="#nexus_devices"> Nexus </a></td> 594 <td>4.4.45.0.25.1.16.06.0.1</td> 595 <td>2016 3 14 </td> 596 </tr> 597 <tr> 598 <td>CVE-2016-2484</td> 599 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/7cea5cb64b83d690fe02bc210bbdf08f5a87636f">27793163</a> 600 </td> 601 <td></td> 602 <td><a href="#nexus_devices"> Nexus </a></td> 603 <td>4.4.45.0.25.1.16.06.0.1</td> 604 <td>2016 3 22 </td> 605 </tr> 606 <tr> 607 <td>CVE-2016-2485</td> 608 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/7cea5cb64b83d690fe02bc210bbdf08f5a87636f">27793367</a> 609 </td> 610 <td></td> 611 <td><a href="#nexus_devices"> Nexus </a></td> 612 <td>4.4.45.0.25.1.16.06.0.1</td> 613 <td>2016 3 22 </td> 614 </tr> 615 <tr> 616 <td>CVE-2016-2486</td> 617 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/ad40e57890f81a3cf436c5f06da66396010bd9e5">27793371</a> 618 </td> 619 <td></td> 620 <td><a href="#nexus_devices"> Nexus </a></td> 621 <td>4.4.45.0.25.1.16.06.0.1</td> 622 <td>2016 3 22 </td> 623 </tr> 624 <tr> 625 <td>CVE-2016-2487</td> 626 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/918eeaa29d99d257282fafec931b4bda0e3bae12">27833616</a> 627 [<a href="https://android.googlesource.com/platform/frameworks/av/+/d2f47191538837e796e2b10c1ff7e1ee35f6e0ab">2</a>] 628 [<a href="https://android.googlesource.com/platform/frameworks/av/+/4e32001e4196f39ddd0b86686ae0231c8f5ed944">3</a>] 629 </td> 630 <td></td> 631 <td><a href="#nexus_devices"> Nexus </a></td> 632 <td>4.4.45.0.25.1.16.06.0.1</td> 633 <td>Google </td> 634 </tr> 635 </table> 636 637 638 <h3 id="elevation_of_privilege_vulnerability_in_qualcomm_camera_driver"> 639 Qualcomm </h3> 640 641 642 <p>Qualcomm </p> 643 <table> 644 <col width="19%"> 645 <col width="16%"> 646 <col width="10%"> 647 <col width="27%"> 648 <col width="16%"> 649 <tr> 650 <th>CVE</th> 651 <th>Android </th> 652 <th></th> 653 <th> Nexus </th> 654 <th></th> 655 </tr> 656 <tr> 657 <td>CVE-2016-2061</td> 658 <td>27207747*</td> 659 <td></td> 660 <td>Nexus 5XNexus 6P</td> 661 <td>2016 2 15 </td> 662 </tr> 663 <tr> 664 <td>CVE-2016-2488</td> 665 <td>27600832*</td> 666 <td></td> 667 <td>Nexus 5Nexus 5XNexus 6Nexus 6PNexus 7 (2013)</td> 668 <td>Google </td> 669 </tr> 670 </table> 671 <p>* AOSP Nexus <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> 672 </p> 673 674 675 <h3 id="elevation_of_privilege_vulnerability_in_qualcomm_video_driver_2"> 676 Qualcomm </h3> 677 678 679 <p>Qualcomm </p> 680 <table> 681 <col width="19%"> 682 <col width="16%"> 683 <col width="10%"> 684 <col width="27%"> 685 <col width="16%"> 686 <tr> 687 <th>CVE</th> 688 <th>Android </th> 689 <th></th> 690 <th> Nexus </th> 691 <th></th> 692 </tr> 693 <tr> 694 <td>CVE-2016-2489</td> 695 <td>27407629*</td> 696 <td></td> 697 <td>Nexus 5Nexus 5XNexus 6Nexus 6P</td> 698 <td>2016 2 21 </td> 699 </tr> 700 </table> 701 <p>* AOSP Nexus <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> 702 </p> 703 704 705 <h3 id="elevation_of_privilege_vulnerability_in_nvidia_camera_driver"> 706 NVIDIA </h3> 707 708 709 <p>NVIDIA </p> 710 <table> 711 <col width="19%"> 712 <col width="16%"> 713 <col width="10%"> 714 <col width="27%"> 715 <col width="16%"> 716 <tr> 717 <th>CVE</th> 718 <th>Android </th> 719 <th></th> 720 <th> Nexus </th> 721 <th></th> 722 </tr> 723 <tr> 724 <td>CVE-2016-2490</td> 725 <td>27533373*</td> 726 <td></td> 727 <td>Nexus 9</td> 728 <td>2016 3 6 </td> 729 </tr> 730 <tr> 731 <td>CVE-2016-2491</td> 732 <td>27556408*</td> 733 <td></td> 734 <td>Nexus 9</td> 735 <td>2016 3 8 </td> 736 </tr> 737 </table> 738 <p>* AOSP Nexus <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> 739 </p> 740 741 742 <h3 id="elevation_of_privilege_vulnerability_in_qualcomm_wi-fi_driver_2"> 743 Qualcomm Wi-Fi </h3> 744 745 746 <p>Qualcomm Wi-Fi </p> 747 748 <table> 749 <col width="19%"> 750 <col width="16%"> 751 <col width="10%"> 752 <col width="27%"> 753 <col width="16%"> 754 <tr> 755 <th>CVE</th> 756 <th>Android </th> 757 <th></th> 758 <th> Nexus </th> 759 <th></th> 760 </tr> 761 <tr> 762 <td>CVE-2016-2470</td> 763 <td>27662174*</td> 764 <td></td> 765 <td>Nexus 7 (2013)</td> 766 <td>2016 3 13 </td> 767 </tr> 768 <tr> 769 <td>CVE-2016-2471</td> 770 <td>27773913*</td> 771 <td></td> 772 <td>Nexus 7 (2013)</td> 773 <td>2016 3 19 </td> 774 </tr> 775 <tr> 776 <td>CVE-2016-2472</td> 777 <td>27776888*</td> 778 <td></td> 779 <td>Nexus 7 (2013)</td> 780 <td>2016 3 20 </td> 781 </tr> 782 <tr> 783 <td>CVE-2016-2473</td> 784 <td>27777501*</td> 785 <td></td> 786 <td>Nexus 7 (2013)</td> 787 <td>2016 3 20 </td> 788 </tr> 789 </table> 790 <p>* AOSP Nexus <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> 791 </p> 792 793 794 <h3 id="elevation_of_privilege_vulnerability_in_mediatek_power_management_driver"> 795 MediaTek </h3> 796 797 798 <p>MediaTek Root </p> 799 800 <table> 801 <col width="19%"> 802 <col width="16%"> 803 <col width="10%"> 804 <col width="27%"> 805 <col width="16%"> 806 <tr> 807 <th>CVE</th> 808 <th>Android </th> 809 <th></th> 810 <th> Nexus </th> 811 <th></th> 812 </tr> 813 <tr> 814 <td>CVE-2016-2492</td> 815 <td>28085410*</td> 816 <td></td> 817 <td>Android One</td> 818 <td>2016 4 7 </td> 819 </tr> 820 </table> 821 <p>* AOSP Nexus <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> 822 </p> 823 824 825 <h3 id="elevation_of_privilege_vulnerability_in_sd_card_emulation_layer"> 826 SD </h3> 827 828 829 <p>SD ( <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> ) </p> 830 831 <table> 832 <col width="19%"> 833 <col width="16%"> 834 <col width="10%"> 835 <col width="19%"> 836 <col width="18%"> 837 <col width="16%"> 838 <tr> 839 <th>CVE</th> 840 <th>Android </th> 841 <th></th> 842 <th> Nexus </th> 843 <th> AOSP </th> 844 <th></th> 845 </tr> 846 <tr> 847 <td>CVE-2016-2494</td> 848 <td><a href="https://android.googlesource.com/platform/system/core/+/864e2e22fcd0cba3f5e67680ccabd0302dfda45d">28085658</a> 849 </td> 850 <td></td> 851 <td><a href="#nexus_devices"> Nexus </a></td> 852 <td>4.4.45.0.25.1.16.06.0.1</td> 853 <td>2016 4 7 </td> 854 </tr> 855 </table> 856 857 858 <h3 id="elevation_of_privilege_vulnerability_in_broadcom_wi-fi_driver_2"> 859 Broadcom Wi-Fi </h3> 860 861 862 <p>Broadcom Wi-Fi </p> 863 <table> 864 <col width="19%"> 865 <col width="16%"> 866 <col width="10%"> 867 <col width="27%"> 868 <col width="16%"> 869 <tr> 870 <th>CVE</th> 871 <th>Android </th> 872 <th></th> 873 <th> Nexus </th> 874 <th></th> 875 </tr> 876 <tr> 877 <td>CVE-2016-2493</td> 878 <td>26571522*</td> 879 <td></td> 880 <td>Nexus 5Nexus 6Nexus 6PNexus 7 (2013)Nexus PlayerPixel C</td> 881 <td>Google </td> 882 </tr> 883 </table> 884 <p>* AOSP Nexus <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> 885 </p> 886 887 <h3 id="remote_denial_of_service_vulnerability_in_mediaserver"> 888 </h3> 889 890 891 <p></p> 892 <table> 893 <col width="19%"> 894 <col width="16%"> 895 <col width="10%"> 896 <col width="19%"> 897 <col width="18%"> 898 <col width="16%"> 899 <tr> 900 <th>CVE</th> 901 <th>Android </th> 902 <th></th> 903 <th> Nexus </th> 904 <th> AOSP </th> 905 <th></th> 906 </tr> 907 <tr> 908 <td>CVE-2016-2495</td> 909 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/45737cb776625f17384540523674761e6313e6d4">28076789</a> 910 [<a href="https://android.googlesource.com/platform/frameworks/av/+/b57b3967b1a42dd505dbe4fcf1e1d810e3ae3777">2</a>] 911 </td> 912 <td></td> 913 <td><a href="#nexus_devices"> Nexus </a></td> 914 <td>4.4.45.0.25.1.16.06.0.1</td> 915 <td>2016 4 6 </td> 916 </tr> 917 </table> 918 919 <h3 id="elevation_of_privilege_vulnerability_in_framework_ui"> 920 </h3> 921 922 923 <p><a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel"></a></p> 924 <table> 925 <col width="19%"> 926 <col width="16%"> 927 <col width="10%"> 928 <col width="19%"> 929 <col width="18%"> 930 <col width="16%"> 931 <tr> 932 <th>CVE</th> 933 <th>Android </th> 934 <th></th> 935 <th> Nexus </th> 936 <th> AOSP </th> 937 <th></th> 938 </tr> 939 <tr> 940 <td>CVE-2016-2496</td> 941 <td><a href="https://android.googlesource.com/platform/frameworks/native/+/03a53d1c7765eeb3af0bc34c3dff02ada1953fbf">26677796</a> 942 [<a href="https://android.googlesource.com/platform/frameworks/base/+/613f63b938145bb86cd64fe0752eaf5e99b5f628">2</a>] 943 [<a href="https://android.googlesource.com/platform/packages/apps/PackageInstaller/+/2068c7997265011ddc5e4dfa3418407881f7f81e">3</a>] 944 </td> 945 <td></td> 946 <td><a href="#nexus_devices"> Nexus </a></td> 947 <td>6.06.1</td> 948 <td>2015 5 26 </td> 949 </tr> 950 </table> 951 952 <h3 id="information_disclosure_vulnerability_in_qualcomm_wi-fi_driver"> 953 Qualcomm Wi-Fi </h3> 954 955 956 <p>Qualcomm Wi-Fi </p> 957 <table> 958 <col width="19%"> 959 <col width="16%"> 960 <col width="10%"> 961 <col width="27%"> 962 <col width="16%"> 963 <tr> 964 <th>CVE</th> 965 <th>Android </th> 966 <th></th> 967 <th> Nexus </th> 968 <th></th> 969 </tr> 970 <tr> 971 <td>CVE-2016-2498</td> 972 <td>27777162*</td> 973 <td></td> 974 <td>Nexus 7 (2013)</td> 975 <td>2016 3 20 </td> 976 </tr> 977 </table> 978 <p>* AOSP Nexus <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> 979 </p> 980 981 982 <h3 id="information_disclosure_vulnerability_in_mediaserver"> 983 </h3> 984 985 986 <p></p> 987 <table> 988 <col width="19%"> 989 <col width="16%"> 990 <col width="10%"> 991 <col width="19%"> 992 <col width="18%"> 993 <col width="16%"> 994 <tr> 995 <th>CVE</th> 996 <th>Android </th> 997 <th></th> 998 <th> Nexus </th> 999 <th> AOSP </th> 1000 <th></th> 1001 </tr> 1002 <tr> 1003 <td>CVE-2016-2499</td> 1004 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/dd3546765710ce8dd49eb23901d90345dec8282f">27855172</a> 1005 </td> 1006 <td></td> 1007 <td><a href="#nexus_devices"> Nexus </a></td> 1008 <td>4.4.45.0.25.1.16.06.0.1</td> 1009 <td>2016 3 24 </td> 1010 </tr> 1011 </table> 1012 1013 1014 <h3 id="information_disclosure_vulnerability_in_activity_manager"> 1015 </h3> 1016 1017 1018 <p></p> 1019 <table> 1020 <col width="19%"> 1021 <col width="16%"> 1022 <col width="10%"> 1023 <col width="19%"> 1024 <col width="18%"> 1025 <col width="16%"> 1026 <tr> 1027 <th>CVE</th> 1028 <th>Android </th> 1029 <th></th> 1030 <th> Nexus </th> 1031 <th> AOSP </th> 1032 <th></th> 1033 </tr> 1034 <tr> 1035 <td>CVE-2016-2500</td> 1036 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/9878bb99b77c3681f0fda116e2964bac26f349c3">19285814</a> 1037 </td> 1038 <td></td> 1039 <td><a href="#nexus_devices"> Nexus </a></td> 1040 <td>5.0.25.1.16.06.0.1</td> 1041 <td>Google </td> 1042 </tr> 1043 </table> 1044 1045 1046 <h2 id="common_questions_and_answers"></h2> 1047 1048 1049 <p></p> 1050 1051 <p><strong>1. </strong></p> 1052 1053 <p>2016 6 1 ( <a href="https://support.google.com/nexus/answer/4457705">Nexus </a>)[ro.build.version.security_patch]:[2016-06-01]</p> 1054 1055 <p id="nexus_devices"><strong>2. Nexus </strong></p> 1056 1057 <p><a href="#security_vulnerability_summary"></a> Nexus Nexus </p> 1058 1059 <ul> 1060 <li> <strong> Nexus </strong> Nexus Nexus <em></em> Nexus Nexus <a href="https://support.google.com/nexus/answer/4457705#nexus_devices"></a>Nexus 5Nexus 5XNexus 6Nexus 6PNexus 7 (2013)Nexus 9Android OneNexus Player Pixel C</li> 1061 <li> <strong> Nexus </strong> Nexus Nexus <em></em> Nexus </li> 1062 <li> <strong> Nexus </strong> Nexus Nexus <em></em></li> 1063 </ul> 1064 1065 <h2 id="revisions"></h2> 1066 1067 1068 <ul> 1069 <li>2016 6 6 </li> 1070 <li>2016 6 7 1071 <ul> 1072 <li> AOSP 1073 <li> CVE-2016-2496 1074 </li></li></ul> 1075 </li> 1076 <li>2016 6 8 CVE-2016-2496 </li> 1077 </ul> 1078
