1 <html devsite> 2 <head> 3 <title>Android Security BulletinMay 2016</title> 4 <meta name="project_path" value="/_project.yaml" /> 5 <meta name="book_path" value="/_book.yaml" /> 6 </head> 7 <body> 8 <!-- 9 Copyright 2017 The Android Open Source Project 10 11 Licensed under the Apache License, Version 2.0 (the "License"); 12 you may not use this file except in compliance with the License. 13 You may obtain a copy of the License at 14 15 http://www.apache.org/licenses/LICENSE-2.0 16 17 Unless required by applicable law or agreed to in writing, software 18 distributed under the License is distributed on an "AS IS" BASIS, 19 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 20 See the License for the specific language governing permissions and 21 limitations under the License. 22 --> 23 24 25 26 <p><em>Published May 02, 2016 | Updated May 04, 2016</em></p> 27 28 <p>The Android Security Bulletin contains details of security vulnerabilities 29 affecting Android devices. Alongside the bulletin, we have released a 30 security update to Nexus devices through an over-the-air (OTA) update. The 31 Nexus firmware images have also been released to the 32 <a href="https://developers.google.com/android/nexus/images">Google Developer site</a>. 33 Security Patch Levels of May 01, 2016 or later address these issues (refer to 34 the <a href="https://support.google.com/nexus/answer/4457705">Nexus documentation</a> 35 for instructions on how to check the security patch level).</p> 36 37 <p>Partners were notified about the issues described in the bulletin on April 04, 38 2016 or earlier. Where applicable, source code patches for these issues have 39 been released to the Android Open Source Project (AOSP) repository.</p> 40 41 <p>The most severe of these issues is a Critical security vulnerability that could 42 enable remote code execution on an affected device through multiple methods 43 such as email, web browsing, and MMS when processing media files. The 44 <a href="/security/overview/updates-resources.html#severity">severity 45 assessment</a> is based on the effect that exploiting the vulnerability would 46 possibly have on an affected device, assuming the platform and service 47 mitigations are disabled for development purposes or if successfully bypassed. 48 </p> 49 50 <p>We have had no reports of active customer exploitation or abuse of these newly 51 reported issues. Refer to the <a href="#mitigations">Android and Google Service Mitigations</a> 52 section for details on the <a href="/security/enhancements/index.html"> 53 Android security platform protections</a> and service protections such as SafetyNet, 54 which improve the security of the Android platform.</p> 55 56 <p>We encourage all customers to accept these updates to their devices.</p> 57 58 <h2 id=announcements>Announcements</h2> 59 60 61 <ul> 62 <li> To reflect a broader focus, we renamed this bulletin (and all following in the 63 series) to the Android Security Bulletin. These bulletins encompass a broader 64 range of vulnerabilities that may affect Android devices, even if they do not 65 affect Nexus devices.</li> 66 <li> We updated the Android Security 67 <a href="/security/overview/updates-resources.html#severity">severity ratings</a>. 68 These changes were the result of data collected over the last six months on 69 reported security vulnerabilities and aim to align severities more closely with 70 real world impact to users.</li> 71 </ul> 72 73 <h2 id=android_and_google_service_mitigations>Android and Google Service Mitigations</h2> 74 75 76 <p>This is a summary of the mitigations provided by the 77 <a href="/security/enhancements/index.html">Android security platform</a> 78 and service protections such as SafetyNet. These capabilities reduce the 79 likelihood that security vulnerabilities could be successfully exploited on 80 Android.</p> 81 82 <ul> 83 <li> Exploitation for many issues on Android is made more difficult by enhancements 84 in newer versions of the Android platform. We encourage all users to update to 85 the latest version of Android where possible.</li> 86 <li> The Android Security team actively monitors for abuse with 87 <a href="http://static.googleusercontent.com/media/source.android.com/en//security/reports/Google_Android_Security_2015_Report_Final.pdf"> 88 Verify Apps and SafetyNet</a>, which are designed to warn users about 89 <a href="http://static.googleusercontent.com/media/source.android.com/en//security/reports/Google_Android_Security_PHA_classifications.pdf"> 90 Potentially Harmful Applications</a>. Verify Apps is enabled by default on devices with 91 <a href="http://www.android.com/gms">Google Mobile Services</a>, and is especially 92 important for users who install applications from outside 93 of Google Play. Device rooting tools are prohibited within Google Play, but 94 Verify Apps warns users when they attempt to install a detected rooting 95 applicationno matter where it comes from. Additionally, Verify Apps attempts 96 to identify and block installation of known malicious applications that exploit 97 a privilege escalation vulnerability. If such an application has already been 98 installed, Verify Apps will notify the user and attempt to remove the detected 99 application.</li> 100 <li> As appropriate, Google Hangouts and Messenger applications do not automatically 101 pass media to processes such as mediaserver.</li> 102 </ul> 103 104 <h2 id=acknowledgements>Acknowledgements</h2> 105 106 107 <p>We would like to thank these researchers for their contributions:</p> 108 109 <ul> 110 <li> Abhishek Arya, Oliver Chang, and Martin Barbella of Google Chrome Security 111 Team: CVE-2016-2454 112 <li> Andy Tyler (<a href="https://twitter.com/ticarpi">@ticarpi</a>) of 113 <a href="https://www.e2e-assure.com">e2e-assure</a>: CVE-2016-2457 114 <li> Chiachih Wu (<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>) and 115 Xuxian Jiang of <a href="http://c0reteam.org">C0RE Team</a>: CVE-2016-2441, 116 CVE-2016-2442 117 <li> Dzmitry Lukyanenka (<a href="http://www.linkedin.com/in/dzima"> 118 www.linkedin.com/in/dzima</a>): CVE-2016-2458 119 <li> Gal Beniamini: CVE-2016-2431 120 <li> Hao Chen of Vulpecker Team, Qihoo 360 Technology Co. Ltd: CVE-2016-2456 121 <li> Jake Valletta of Mandiant, a FireEye company: CVE-2016-2060 122 <li> Jianqiang Zhao (<a href="https://twitter.com/jianqiangzhao">@jianqiangzhao</a>) 123 and pjf (<a href="http://weibo.com/jfpan">weibo.com/jfpan</a>) of IceSword Lab, 124 Qihoo 360 Technology Co. Ltd: CVE-2016-2434, CVE-2016-2435, CVE-2016-2436, 125 CVE-2016-2441, CVE-2016-2442, CVE-2016-2444, CVE-2016-2445, CVE-2016-2446 126 <li> Imre Rad of <a href="http://www.search-lab.hu">Search-Lab Ltd.</a>: CVE-2016-4477 127 <li> Jeremy C. Joslin of Google: CVE-2016-2461 128 <li> Kenny Root of Google: CVE-2016-2462 129 <li> Marco Grassi (<a href="https://twitter.com/marcograss">@marcograss</a>) of KeenLab 130 (<a href="https://twitter.com/keen_lab">@keen_lab</a>), Tencent: CVE-2016-2443 131 <li> Micha Bednarski (<a href="https://github.com/michalbednarski"> 132 https://github.com/michalbednarski</a>): CVE-2016-2440 133 <li> Mingjian Zhou (<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>), 134 Chiachih Wu (<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>), and Xuxian 135 Jiang of <a href="http://c0reteam.org">C0RE Team</a>: CVE-2016-2450, CVE-2016-2448, 136 CVE-2016-2449, CVE-2016-2451, CVE-2016-2452 137 <li> Peter Pi (<a href="https://twitter.com/heisecode">@heisecode</a>) of Trend Micro: 138 CVE-2016-2459, CVE-2016-2460 139 <li> Weichao Sun (<a href="https://twitter.com/sunblate">@sunblate</a>) of Alibaba Inc.: 140 CVE-2016-2428, CVE-2016-2429 141 <li> <a href="mailto:computernik (a] gmail.com">Yuan-Tsung Lo</a>, <a href="mailto:zlbzlb815 (a] 163.com"> 142 Lubo Zhang</a>, Chiachih Wu (<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>), 143 and Xuxian Jiang of <a href="http://c0reteam.org">C0RE Team</a>: CVE-2016-2437 144 <li> Yulong Zhang and Tao (Lenx) Wei of Baidu X-Lab: CVE-2016-2439 145 <li> Zach Riggle (<a href="https://twitter.com/ebeip90">@ebeip90</a>) of the Android 146 Security Team: CVE-2016-2430 147 </ul> 148 149 <h2 id=security_vulnerability_details>Security Vulnerability Details</h2> 150 151 152 <p>In the sections below, we provide details for each of the security 153 vulnerabilities that apply to the 2016-05-01 patch level. There is a description of the issue, 154 a severity rationale, and a table with the CVE, associated bug, severity, 155 updated Nexus devices, updated AOSP versions (where applicable), and date reported. 156 When available, we will link the AOSP change that addressed the issue to 157 the bug ID. When multiple changes relate to a single bug, additional AOSP 158 references are linked to numbers following the bug ID.</p> 159 160 <h3 id=remote_code_execution_vulnerability_in_mediaserver> 161 Remote Code Execution Vulnerability in Mediaserver</h3> 162 163 164 <p>During media file and data processing of a specially crafted file, a 165 vulnerability in mediaserver could allow an attacker to cause memory corruption 166 and remote code execution as the mediaserver process.</p> 167 168 <p>The affected functionality is provided as a core part of the operating system 169 and there are multiple applications that allow it to be reached with remote 170 content, most notably MMS and browser playback of media.</p> 171 172 <p>This issue is rated as Critical severity due to the possibility of remote code 173 execution within the context of the mediaserver service. The mediaserver 174 service has access to audio and video streams, as well as access to privileges 175 that third-party apps could not normally access.</p> 176 <table> 177 <col width="19%"> 178 <col width="16%"> 179 <col width="10%"> 180 <col width="19%"> 181 <col width="18%"> 182 <col width="16%"> 183 <tr> 184 <th>CVE</th> 185 <th>Android bugs</th> 186 <th>Severity</th> 187 <th>Updated Nexus devices</th> 188 <th>Updated AOSP versions</th> 189 <th>Date reported</th> 190 </tr> 191 <tr> 192 <td>CVE-2016-2428</td> 193 <td><a href="https://android.googlesource.com/platform/external/aac/+/5d4405f601fa11a8955fd7611532c982420e4206"> 194 26751339</a></td> 195 <td>Critical</td> 196 <td><a href="#nexus_devices">All Nexus</a></td> 197 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 198 <td>Jan 22, 2016</td> 199 </tr> 200 <tr> 201 <td>CVE-2016-2429</td> 202 <td><a href="https://android.googlesource.com/platform/external/flac/+/b499389da21d89d32deff500376c5ee4f8f0b04c"> 203 27211885</a></td> 204 <td>Critical</td> 205 <td><a href="#nexus_devices">All Nexus</a></td> 206 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 207 <td>Feb 16, 2016</td> 208 </tr> 209 </table> 210 211 212 <h3 id=elevation_of_privilege_vulnerability_in_debuggerd> 213 Elevation of Privilege Vulnerability in Debuggerd</h3> 214 215 216 <p>An elevation of privilege vulnerability in the integrated Android debugger 217 could enable a local malicious application to execute arbitrary code within the 218 context of the Android debugger. This issue is rated as Critical severity due 219 to the possibility of a local permanent device compromise, which may require 220 reflashing the operating system to repair the device.</p> 221 <table> 222 <col width="19%"> 223 <col width="16%"> 224 <col width="10%"> 225 <col width="19%"> 226 <col width="18%"> 227 <col width="16%"> 228 <tr> 229 <th>CVE</th> 230 <th>Android bug</th> 231 <th>Severity</th> 232 <th>Updated Nexus devices</th> 233 <th>Updated AOSP versions</th> 234 <th>Date reported</th> 235 </tr> 236 <tr> 237 <td>CVE-2016-2430</td> 238 <td><a href="https://android.googlesource.com/platform/system/core/+/ad54cfed4516292654c997910839153264ae00a0"> 239 27299236</a></td> 240 <td>Critical</td> 241 <td><a href="#nexus_devices">All Nexus</a></td> 242 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 243 <td>Feb 22, 2016</td> 244 </tr> 245 </table> 246 247 248 <h3 id=elevation_of_privilege_vulnerability_in_qualcomm_trustzone> 249 Elevation of Privilege Vulnerability in Qualcomm TrustZone </h3> 250 251 252 <p>An elevation of privilege vulnerability in the Qualcomm TrustZone component 253 could enable a secure local malicious application to execute arbitrary code 254 within the context of the TrustZone kernel. This issue is rated as Critical 255 severity due to the possibility of a local permanent device compromise, which 256 may require reflashing the operating system to repair the device.</p> 257 <table> 258 <col width="19%"> 259 <col width="16%"> 260 <col width="10%"> 261 <col width="27%"> 262 <col width="16%"> 263 <tr> 264 <th>CVE</th> 265 <th>Android bugs</th> 266 <th>Severity</th> 267 <th>Updated Nexus devices</th> 268 <th>Date reported</th> 269 </tr> 270 <tr> 271 <td>CVE-2016-2431</td> 272 <td>24968809*</td> 273 <td>Critical</td> 274 <td>Nexus 5, Nexus 6, Nexus 7 (2013), Android One</td> 275 <td>Oct 15, 2015</td> 276 </tr> 277 <tr> 278 <td>CVE-2016-2432</td> 279 <td>25913059*</td> 280 <td>Critical</td> 281 <td>Nexus 6, Android One</td> 282 <td>Nov 28, 2015</td> 283 </tr> 284 </table> 285 <p>* The patch for this issue is not in AOSP. The update is contained in the 286 latest binary drivers for Nexus devices available from the 287 <a href="https://developers.google.com/android/nexus/drivers">Google Developer 288 site</a>.</p> 289 290 <h3 id=elevation_of_privilege_vulnerability_in_qualcomm_wi-fi_driver> 291 Elevation of Privilege Vulnerability in Qualcomm Wi-Fi Driver</h3> 292 293 294 <p>An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could 295 enable a local malicious application to execute arbitrary code within the 296 context of the kernel. This issue is rated as Critical severity due to 297 possibility of a local privilege escalation and arbitrary code execution 298 leading to the possibility of a local permanent device compromise, which may 299 require reflashing the operating system to repair the device.</p> 300 <table> 301 <col width="19%"> 302 <col width="16%"> 303 <col width="10%"> 304 <col width="27%"> 305 <col width="16%"> 306 <tr> 307 <th>CVE</th> 308 <th>Android bugs</th> 309 <th>Severity</th> 310 <th>Updated Nexus devices</th> 311 <th>Date reported</th> 312 </tr> 313 <tr> 314 <td>CVE-2015-0569</td> 315 <td>26754117*</td> 316 <td>Critical</td> 317 <td>Nexus 5X, Nexus 7 (2013)</td> 318 <td>Jan 23, 2016</td> 319 </tr> 320 <tr> 321 <td>CVE-2015-0570</td> 322 <td>26764809*</td> 323 <td>Critical</td> 324 <td>Nexus 5X, Nexus 7 (2013)</td> 325 <td>Jan 25, 2016</td> 326 </tr> 327 </table> 328 <p>* The patch for this issue is not in AOSP. The update is contained in the 329 latest binary drivers for Nexus devices available from the 330 <a href="https://developers.google.com/android/nexus/drivers">Google Developer 331 site</a>.</p> 332 333 <h3 id=elevation_of_privilege_vulnerability_in_nvidia_video_driver> 334 Elevation of Privilege Vulnerability in NVIDIA Video Driver</h3> 335 336 337 <p>An elevation of privilege vulnerability in the NVIDIA video driver could enable 338 a local malicious application to execute arbitrary code within the context of 339 the kernel. This issue is rated as Critical severity due to the possibility of 340 a local permanent device compromise, which may require reflashing the operating 341 system to repair the device.</p> 342 <table> 343 <col width="19%"> 344 <col width="16%"> 345 <col width="10%"> 346 <col width="27%"> 347 <col width="16%"> 348 <tr> 349 <th>CVE</th> 350 <th>Android bugs</th> 351 <th>Severity</th> 352 <th>Updated Nexus devices</th> 353 <th>Date reported</th> 354 </tr> 355 <tr> 356 <td>CVE-2016-2434</td> 357 <td>27251090*</td> 358 <td>Critical</td> 359 <td>Nexus 9</td> 360 <td>Feb 17, 2016</td> 361 </tr> 362 <tr> 363 <td>CVE-2016-2435</td> 364 <td>27297988*</td> 365 <td>Critical</td> 366 <td>Nexus 9</td> 367 <td>Feb 20, 2016</td> 368 </tr> 369 <tr> 370 <td>CVE-2016-2436</td> 371 <td>27299111*</td> 372 <td>Critical</td> 373 <td>Nexus 9</td> 374 <td>Feb 22, 2016</td> 375 </tr> 376 <tr> 377 <td>CVE-2016-2437</td> 378 <td>27436822*</td> 379 <td>Critical</td> 380 <td>Nexus 9</td> 381 <td>Mar 1, 2016</td> 382 </tr> 383 </table> 384 <p>* The patch for this issue is not in AOSP. The update is contained in the 385 latest binary drivers for Nexus devices available from the 386 <a href="https://developers.google.com/android/nexus/drivers">Google Developer 387 site</a>.</p> 388 389 <h3 id=elevation_of_privilege_vulnerability_in_kernel> 390 Elevation of Privilege Vulnerability in Kernel</h3> 391 392 393 <p>An elevation of privilege vulnerability in the kernel could enable a local 394 malicious application to execute arbitrary code within the context of the 395 kernel. This issue is rated as Critical severity due to the possibility of a 396 local privilege escalation and arbitrary code execution leading to the 397 possibility of a local permanent device compromise, which may require 398 reflashing the operating system to repair the device. This issue was described 399 in <a href="/security/advisory/2016-03-18.html">Android Security Advisory 2016-03-18</a>.</p> 400 <table> 401 <col width="19%"> 402 <col width="16%"> 403 <col width="10%"> 404 <col width="27%"> 405 <col width="16%"> 406 <tr> 407 <th>CVE</th> 408 <th>Android bug</th> 409 <th>Severity</th> 410 <th>Updated Nexus devices</th> 411 <th>Date reported</th> 412 </tr> 413 <tr> 414 <td>CVE-2015-1805</td> 415 <td>27275324*</td> 416 <td>Critical</td> 417 <td>Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, Nexus 7 (2013), Nexus 9</td> 418 <td>Feb 19, 2016</td> 419 </tr> 420 </table> 421 <p>* The patch in AOSP is available for specific kernel versions: 422 <a href="https://android.googlesource.com/kernel/common/+/bf010e99c9bc48002f6bfa1ad801a59bf996270f">3.14</a>, 423 <a href="https://android.googlesource.com/kernel/common/+/4a5a45669796c5b4617109182e25b321f9f00beb">3.10</a>, and 424 <a href="https://android.googlesource.com/kernel/common/+/f7ebfe91b806501808413c8473a300dff58ddbb5">3.4</a>.</p> 425 426 <h3 id=remote_code_execution_vulnerability_in_kernel> 427 Remote Code Execution Vulnerability in Kernel</h3> 428 429 430 <p>A remote code execution vulnerability in the audio subsystem could enable a 431 local malicious application to execute arbitrary code within the context of the 432 kernel. Normally a kernel code execution bug like this would be rated Critical, 433 but because it first requires compromising a privileged service in order to 434 call the audio subsystem, it is rated High severity.</p> 435 <table> 436 <col width="19%"> 437 <col width="16%"> 438 <col width="10%"> 439 <col width="27%"> 440 <col width="16%"> 441 <tr> 442 <th>CVE</th> 443 <th>Android bug</th> 444 <th>Severity</th> 445 <th>Updated Nexus devices</th> 446 <th>Date reported</th> 447 </tr> 448 <tr> 449 <td>CVE-2016-2438</td> 450 <td>26636060*</td> 451 <td>High</td> 452 <td>Nexus 9 </td> 453 <td>Google Internal</td> 454 </tr> 455 </table> 456 <p>* The patch for this issue is available in 457 <a href="https://github.com/torvalds/linux/commit/b5a663aa426f4884c71cd8580adae73f33570f0d"> 458 Linux upstream</a>.</p> 459 460 <h3 id=information_disclosure_vulnerability_in_qualcomm_tethering_controller> 461 Information Disclosure Vulnerability in Qualcomm Tethering Controller</h3> 462 463 464 <p>An information disclosure vulnerability in the Qualcomm Tethering controller 465 could allow a local malicious application to access personal identifiable 466 information without the privileges to do so. This issue is rated as High 467 severity because it can be used to gain elevated capabilities, such as 468 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> or 469 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> 470 permissions privileges, which are not accessible to a third-party application.</p> 471 <table> 472 <col width="19%"> 473 <col width="16%"> 474 <col width="10%"> 475 <col width="27%"> 476 <col width="16%"> 477 <tr> 478 <th>CVE</th> 479 <th>Android bug</th> 480 <th>Severity</th> 481 <th>Updated Nexus devices</th> 482 <th>Date reported</th> 483 </tr> 484 <tr> 485 <td>CVE-2016-2060</td> 486 <td>27942588*</td> 487 <td>High</td> 488 <td>None</td> 489 <td>Mar 23, 2016</td> 490 </tr> 491 </table> 492 <p>* The patch for this issue is not in AOSP. The update should be contained in the 493 latest drivers of affected devices.</p> 494 495 <h3 id=remote_code_execution_vulnerability_in_bluetooth> 496 Remote Code Execution Vulnerability in Bluetooth</h3> 497 498 499 <p>During pairing of a Bluetooth device, a vulnerability in Bluetooth could allow 500 a proximal attacker to execute arbitrary code during the pairing process. This 501 issue is rated as High severity due to the possibility of remote code execution 502 during the initialization of a Bluetooth device.</p> 503 <table> 504 <col width="19%"> 505 <col width="16%"> 506 <col width="10%"> 507 <col width="19%"> 508 <col width="18%"> 509 <col width="16%"> 510 <tr> 511 <th>CVE</th> 512 <th>Android bug</th> 513 <th>Severity</th> 514 <th>Updated Nexus devices</th> 515 <th>Updated AOSP versions</th> 516 <th>Date reported</th> 517 </tr> 518 <tr> 519 <td>CVE-2016-2439</td> 520 <td><a href="https://android.googlesource.com/platform/system/bt/+/9b534de2aca5d790c2a1c4d76b545f16137d95dd"> 521 27411268</a></td> 522 <td>High</td> 523 <td><a href="#nexus_devices">All Nexus</a></td> 524 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 525 <td>Feb 28, 2016</td> 526 </tr> 527 </table> 528 529 530 <h3 id=elevation_of_privilege_vulnerability_in_binder> 531 Elevation of Privilege Vulnerability in Binder</h3> 532 533 534 <p>An elevation of privilege vulnerability in Binder could allow a local malicious 535 application to execute arbitrary code within the context of another apps 536 process. While freeing memory, a vulnerability in the Binder could allow an 537 attacker to cause local code execution. This issue is rated as High severity 538 due to the possibility of local code execution during free memory process in 539 the Binder.</p> 540 <table> 541 <col width="19%"> 542 <col width="16%"> 543 <col width="10%"> 544 <col width="19%"> 545 <col width="18%"> 546 <col width="16%"> 547 <tr> 548 <th>CVE</th> 549 <th>Android bug</th> 550 <th>Severity</th> 551 <th>Updated Nexus devices</th> 552 <th>Updated AOSP versions</th> 553 <th>Date reported</th> 554 </tr> 555 <tr> 556 <td>CVE-2016-2440</td> 557 <td><a href="https://android.googlesource.com/platform/frameworks/native/+/a59b827869a2ea04022dd225007f29af8d61837a"> 558 27252896</a></td> 559 <td>High</td> 560 <td><a href="#nexus_devices">All Nexus</a></td> 561 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 562 <td>Feb 18, 2016</td> 563 </tr> 564 </table> 565 566 567 <h3 id=elevation_of_privilege_vulnerability_in_qualcomm_buspm_driver> 568 Elevation of Privilege Vulnerability in Qualcomm Buspm Driver</h3> 569 570 571 <p>An elevation of privilege vulnerability in the Qualcomm buspm driver could 572 enable a local malicious application to execute arbitrary code within the 573 context of the kernel. Normally a kernel code execution bug like this would be 574 rated Critical, but because it first requires compromising a service that can 575 call the driver, it is rated as High severity.</p> 576 <table> 577 <col width="19%"> 578 <col width="16%"> 579 <col width="10%"> 580 <col width="27%"> 581 <col width="16%"> 582 <tr> 583 <th>CVE</th> 584 <th>Android bugs</th> 585 <th>Severity</th> 586 <th>Updated Nexus devices</th> 587 <th>Date reported</th> 588 </tr> 589 <tr> 590 <td>CVE-2016-2441</td> 591 <td>26354602*</td> 592 <td>High</td> 593 <td>Nexus 5X, Nexus 6, Nexus 6P</td> 594 <td>Dec 30, 2015</td> 595 </tr> 596 <tr> 597 <td>CVE-2016-2442</td> 598 <td>26494907*</td> 599 <td>High</td> 600 <td>Nexus 5X, Nexus 6, Nexus 6P</td> 601 <td>Dec 30, 2015</td> 602 </tr> 603 </table> 604 <p>* The patch for this issue is not in AOSP. The update is contained in the 605 latest binary drivers for Nexus devices available from the 606 <a href="https://developers.google.com/android/nexus/drivers">Google Developer site</a>.</p> 607 608 <h3 id=elevation_of_privilege_vulnerability_in_qualcomm_mdp_driver> 609 Elevation of Privilege Vulnerability in Qualcomm MDP Driver</h3> 610 611 612 <p>An elevation of privilege vulnerability in the Qualcomm MDP driver could enable 613 a local malicious application to execute arbitrary code within the context of 614 the kernel. Normally a kernel code execution bug like this would be rated 615 Critical, but because it first requires compromising a service that can call 616 the driver, it is rated as High severity.</p> 617 <table> 618 <col width="19%"> 619 <col width="16%"> 620 <col width="10%"> 621 <col width="27%"> 622 <col width="16%"> 623 <tr> 624 <th>CVE</th> 625 <th>Android bug</th> 626 <th>Severity</th> 627 <th>Updated Nexus devices</th> 628 <th>Date reported</th> 629 </tr> 630 <tr> 631 <td>CVE-2016-2443</td> 632 <td>26404525*</td> 633 <td>High</td> 634 <td>Nexus 5, Nexus 7 (2013)</td> 635 <td>Jan 5, 2016</td> 636 </tr> 637 </table> 638 <p>* The patch for this issue is not in AOSP. The update is contained in the 639 latest binary drivers for Nexus devices available from the 640 <a href="https://developers.google.com/android/nexus/drivers">Google Developer site</a>.</p> 641 642 <h3 id=eop_in_qualcomm_wi-fi_driver> 643 Elevation of Privilege Vulnerability in Qualcomm Wi-Fi Driver</h3> 644 645 646 <p>An elevation of privilege vulnerability in the Qualcomm Wi-Fi component could 647 enable a local malicious application to invoke system calls changing the device 648 settings and behavior without the privileges to do so. This issue is rated as 649 High severity because it could be used to gain local access to elevated 650 capabilities, such as 651 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> or 652 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> 653 permissions privileges, which are not accessible to a third-party application.</p> 654 <table> 655 <col width="19%"> 656 <col width="16%"> 657 <col width="10%"> 658 <col width="27%"> 659 <col width="16%"> 660 <tr> 661 <th>CVE</th> 662 <th>Android bug</th> 663 <th>Severity</th> 664 <th>Updated Nexus devices</th> 665 <th>Date reported</th> 666 </tr> 667 <tr> 668 <td>CVE-2015-0571</td> 669 <td>26763920*</td> 670 <td>High</td> 671 <td>Nexus 5X, Nexus 7 (2013)</td> 672 <td>Jan 25, 2016</td> 673 </tr> 674 </table> 675 <p>* The patch for this issue is not in AOSP. The update is contained in the 676 latest binary drivers for Nexus devices available from the 677 <a href="https://developers.google.com/android/nexus/drivers">Google Developer site</a>.</p> 678 679 <h3 id=eop_in_nvidia_video_driver> 680 Elevation of Privilege Vulnerability in NVIDIA Video Driver</h3> 681 682 683 <p>An elevation of privilege vulnerability in the NVIDIA media driver could enable 684 a local malicious application to execute arbitrary code within the context of 685 the kernel. Normally a kernel code execution bug like this would be rated 686 Critical, but because it first requires compromising a high privilege service 687 to call the driver, it is rated High severity.</p> 688 <table> 689 <col width="19%"> 690 <col width="16%"> 691 <col width="10%"> 692 <col width="27%"> 693 <col width="16%"> 694 <tr> 695 <th>CVE</th> 696 <th>Android bugs</th> 697 <th>Severity</th> 698 <th>Updated Nexus devices</th> 699 <th>Date reported</th> 700 </tr> 701 <tr> 702 <td>CVE-2016-2444</td> 703 <td>27208332*</td> 704 <td>High</td> 705 <td>Nexus 9</td> 706 <td>Feb 16, 2016</td> 707 </tr> 708 <tr> 709 <td>CVE-2016-2445</td> 710 <td>27253079*</td> 711 <td>High</td> 712 <td>Nexus 9</td> 713 <td>Feb 17, 2016</td> 714 </tr> 715 <tr> 716 <td>CVE-2016-2446</td> 717 <td>27441354*</td> 718 <td>High</td> 719 <td>Nexus 9</td> 720 <td>Mar 1, 2016</td> 721 </tr> 722 </table> 723 <p>* The patch for this issue is not in AOSP. The update is contained in the 724 latest binary drivers for Nexus devices available from the 725 <a href="https://developers.google.com/android/nexus/drivers">Google Developer site</a>.</p> 726 727 <h3 id=eop_in_wi-fi> 728 Elevation of Privilege Vulnerability in Wi-Fi</h3> 729 730 731 <p>An elevation of privilege vulnerability in Wi-Fi could enable a local malicious 732 application to execute arbitrary code within the context of an elevated system 733 application. This issue is rated as High severity because it could also be used 734 to gain elevated capabilities, such as 735 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> or 736 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> 737 permissions privileges, which are not accessible to third-party applications.</p> 738 739 <p><strong>Note</strong>:The CVE number has been updated, per MITRE request, 740 from CVE-2016-2447 to CVE-2016-4477.</p> 741 742 <table> 743 <col width="19%"> 744 <col width="16%"> 745 <col width="10%"> 746 <col width="19%"> 747 <col width="18%"> 748 <col width="16%"> 749 <tr> 750 <th>CVE</th> 751 <th>Android bug</th> 752 <th>Severity</th> 753 <th>Updated Nexus devices</th> 754 <th>Updated AOSP versions</th> 755 <th>Date reported</th> 756 </tr> 757 <tr> 758 <td>CVE-2016-4477</td> 759 <td><a href="https://android.googlesource.com/platform/external/wpa_supplicant_8/+/b79e09574e50e168dd5f19d540ae0b9a05bd1535"> 760 27371366</a> 761 [<a href="https://android.googlesource.com/platform/external/wpa_supplicant_8/+/b845b81ec6d724bd359cdb77f515722dd4066cf8">2</a>] 762 </td> 763 <td>High</td> 764 <td><a href="#nexus_devices">All Nexus</a></td> 765 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 766 <td>Feb 24, 2016</td> 767 </tr> 768 </table> 769 770 771 <h3 id=elevation_of_privilege_vulnerability_in_mediaserver> 772 Elevation of Privilege Vulnerability in Mediaserver</h3> 773 774 775 <p>An elevation of privilege vulnerability in mediaserver could enable a local 776 malicious application to execute arbitrary code within the context of an 777 elevated system application. This issue is rated as High severity because it 778 could be used to gain elevated capabilities, such as 779 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> or 780 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> 781 permissions privileges, which are not accessible to a third-party application.</p> 782 <table> 783 <col width="19%"> 784 <col width="16%"> 785 <col width="10%"> 786 <col width="19%"> 787 <col width="18%"> 788 <col width="16%"> 789 <tr> 790 <th>CVE</th> 791 <th>Android bugs</th> 792 <th>Severity</th> 793 <th>Updated Nexus devices</th> 794 <th>Updated AOSP versions</th> 795 <th>Date reported</th> 796 </tr> 797 <tr> 798 <td>CVE-2016-2448</td> 799 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/a2d1d85726aa2a3126e9c331a8e00a8c319c9e2b"> 800 27533704</a></td> 801 <td>High</td> 802 <td><a href="#nexus_devices">All Nexus</a></td> 803 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 804 <td>Mar 7, 2016</td> 805 </tr> 806 <tr> 807 <td>CVE-2016-2449</td> 808 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/b04aee833c5cfb6b31b8558350feb14bb1a0f353"> 809 27568958</a></td> 810 <td>High</td> 811 <td><a href="#nexus_devices">All Nexus</a></td> 812 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 813 <td>Mar 9, 2016</td> 814 </tr> 815 <tr> 816 <td>CVE-2016-2450</td> 817 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/7fd96ebfc4c9da496c59d7c45e1f62be178e626d"> 818 27569635</a></td> 819 <td>High</td> 820 <td><a href="#nexus_devices">All Nexus</a></td> 821 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 822 <td>Mar 9, 2016</td> 823 </tr> 824 <tr> 825 <td>CVE-2016-2451</td> 826 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/f9ed2fe6d61259e779a37d4c2d7edb33a1c1f8ba"> 827 27597103</a></td> 828 <td>High</td> 829 <td><a href="#nexus_devices">All Nexus</a></td> 830 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 831 <td>Mar 10, 2016</td> 832 </tr> 833 <tr> 834 <td>CVE-2016-2452</td> 835 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/44749eb4f273f0eb681d0fa013e3beef754fa687"> 836 27662364</a> 837 [<a href="https://android.googlesource.com/platform/frameworks/av/+/65756b4082cd79a2d99b2ccb5b392291fd53703f">2</a>] 838 [<a href="https://android.googlesource.com/platform/frameworks/av/+/daa85dac2055b22dabbb3b4e537597e6ab73a866">3</a>] 839 </td> 840 <td>High</td> 841 <td><a href="#nexus_devices">All Nexus</a></td> 842 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 843 <td>Mar 14, 2016</td> 844 </tr> 845 </table> 846 847 848 <h3 id=elevation_of_privilege_vulnerability_in_mediatek_wi-fi_driver> 849 Elevation of Privilege Vulnerability in MediaTek Wi-Fi Driver</h3> 850 851 852 <p>An elevation of privilege vulnerability in the MediaTek Wi-Fi driver could 853 enable a local malicious application to execute arbitrary code within the 854 context of the kernel. Normally a kernel code execution bug like this would be 855 rated Critical, but because it first requires compromising a service that can 856 call the driver, it is rated as High severity.</p> 857 <table> 858 <col width="19%"> 859 <col width="16%"> 860 <col width="10%"> 861 <col width="27%"> 862 <col width="16%"> 863 <tr> 864 <th>CVE</th> 865 <th>Android bug</th> 866 <th>Severity</th> 867 <th>Updated Nexus devices</th> 868 <th>Date reported</th> 869 </tr> 870 <tr> 871 <td>CVE-2016-2453</td> 872 <td>27549705*</td> 873 <td>High</td> 874 <td>Android One</td> 875 <td>Mar 8, 2016</td> 876 </tr> 877 </table> 878 <p>* The patch for this issue is not in AOSP. The update is contained in the 879 latest binary drivers for Nexus devices available from the 880 <a href="https://developers.google.com/android/nexus/drivers">Google Developer site</a>.</p> 881 882 <h3 id=remote_denial_of_service_vulnerability_in_qualcomm_hardware_codec> 883 Remote Denial of Service Vulnerability in Qualcomm Hardware Codec</h3> 884 885 886 <p>During media file and data processing of a specially crafted file, a remote 887 denial of service vulnerability in the Qualcomm hardware video codec could 888 allow a remote attacker to block access to an affected device by causing a 889 device reboot. This is rated as High severity due to the possibility of remote 890 denial of service.</p> 891 <table> 892 <col width="19%"> 893 <col width="16%"> 894 <col width="10%"> 895 <col width="27%"> 896 <col width="16%"> 897 <tr> 898 <th>CVE</th> 899 <th>Android bug</th> 900 <th>Severity</th> 901 <th>Updated Nexus devices</th> 902 <th>Date reported</th> 903 </tr> 904 <tr> 905 <td>CVE-2016-2454</td> 906 <td>26221024*</td> 907 <td>High</td> 908 <td>Nexus 5</td> 909 <td>Dec 16, 2015</td> 910 </tr> 911 </table> 912 <p>* The patch for this issue is not in AOSP. The update is contained in the 913 latest binary drivers for Nexus devices available from the 914 <a href="https://developers.google.com/android/nexus/drivers">Google Developer site</a>.</p> 915 916 <h3 id=elevation_of_privilege_vulnerability_in_conscrypt> 917 Elevation of Privilege Vulnerability in Conscrypt</h3> 918 919 920 <p>An elevation of privilege vulnerability in Conscrypt could allow an local 921 application to believe a message was authenticated when it was not. This issue 922 is rated as Moderate severity because it requires coordinated steps across 923 multiple devices.</p> 924 <table> 925 <col width="19%"> 926 <col width="16%"> 927 <col width="10%"> 928 <col width="19%"> 929 <col width="18%"> 930 <col width="16%"> 931 <tr> 932 <th>CVE</th> 933 <th>Android bugs</th> 934 <th>Severity</th> 935 <th>Updated Nexus devices</th> 936 <th>Updated AOSP versions</th> 937 <th>Date reported</th> 938 </tr> 939 <tr> 940 <td>CVE-2016-2461</td> 941 <td><a href="https://android.googlesource.com/platform/external/conscrypt/+/50d0447566db4a77d78d592f1c1b5d31096fac8f"> 942 27324690</a> 943 [<a href="https://android.googlesource.com/platform/external/conscrypt/+/1638945d4ed9403790962ec7abed1b7a232a9ff8">2</a>] 944 </td> 945 <td>Moderate</td> 946 <td><a href="#nexus_devices">All Nexus</a></td> 947 <td>6.0, 6.0.1</td> 948 <td>Google Internal</td> 949 </tr> 950 <tr> 951 <td>CVE-2016-2462</td> 952 <td><a href="https://android.googlesource.com/platform/external/conscrypt/+/8bec47d2184fca7e8b7337d2a65b2b75a9bc8f54"> 953 27371173</a></td> 954 <td>Moderate</td> 955 <td><a href="#nexus_devices">All Nexus</a></td> 956 <td>6.0, 6.0.1</td> 957 <td>Google Internal</td> 958 </tr> 959 </table> 960 961 962 <h3 id=elevation_of_privilege_vulnerability_in_openssl_&_boringssl> 963 Elevation of Privilege Vulnerability in OpenSSL & BoringSSL</h3> 964 965 966 <p>An elevation of privilege vulnerability in OpenSSL and BoringSSL could enable a 967 local malicious application to access data outside of its permission levels. 968 Normally this would be rated High, but because it requires an uncommon manual 969 configuration, it is rated as Moderate severity.</p> 970 <table> 971 <col width="19%"> 972 <col width="16%"> 973 <col width="10%"> 974 <col width="19%"> 975 <col width="18%"> 976 <col width="16%"> 977 <tr> 978 <th>CVE</th> 979 <th>Android bug</th> 980 <th>Severity</th> 981 <th>Updated Nexus devices</th> 982 <th>Updated AOSP versions</th> 983 <th>Date reported</th> 984 </tr> 985 <tr> 986 <td>CVE-2016-0705</td> 987 <td><a href="https://android.googlesource.com/platform/external/boringssl/+/591be84e89682622957c8f103ca4be3a5ed0f800"> 988 27449871</a></td> 989 <td>Moderate</td> 990 <td><a href="#nexus_devices">All Nexus</a></td> 991 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 992 <td>Feb 7, 2016</td> 993 </tr> 994 </table> 995 996 997 <h3 id=eop_in_mediatek_wi-fi_driver> 998 Elevation of Privilege Vulnerability in MediaTek Wi-Fi Driver</h3> 999 1000 1001 <p>An elevation of privilege vulnerability in MediaTek Wi-Fi driver could enable a 1002 local malicious application to cause a denial of service. Normally an elevation 1003 of privilege bug like this would be rated High, but because it requires first 1004 compromising a system service, it is rated as Moderate severity.</p> 1005 <table> 1006 <col width="19%"> 1007 <col width="16%"> 1008 <col width="10%"> 1009 <col width="27%"> 1010 <col width="16%"> 1011 <tr> 1012 <th>CVE</th> 1013 <th>Android bug</th> 1014 <th>Severity</th> 1015 <th>Updated Nexus devices</th> 1016 <th>Date reported</th> 1017 </tr> 1018 <tr> 1019 <td>CVE-2016-2456</td> 1020 <td>27275187*</td> 1021 <td>Moderate</td> 1022 <td>Android One</td> 1023 <td>Feb 19, 2016</td> 1024 </tr> 1025 </table> 1026 <p>* The patch for this issue is not in AOSP. The update is contained in the 1027 latest binary drivers for Nexus devices available from the 1028 <a href="https://developers.google.com/android/nexus/drivers">Google Developer site</a>.</p> 1029 1030 <h3 id=elevation_of_privilege_vulnerability_in_wi-fi> 1031 Elevation of Privilege Vulnerability in Wi-Fi</h3> 1032 1033 1034 <p>An elevation of privilege vulnerability in Wi-Fi could enable a guest account 1035 to modify the Wi-Fi settings that persist for the primary user. This issue is 1036 rated as Moderate severity because it enables local access to " 1037 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel"> 1038 dangerous</a>" capabilities without permission.</p> 1039 <table> 1040 <col width="19%"> 1041 <col width="16%"> 1042 <col width="10%"> 1043 <col width="19%"> 1044 <col width="18%"> 1045 <col width="16%"> 1046 <tr> 1047 <th>CVE</th> 1048 <th>Android bug</th> 1049 <th>Severity</th> 1050 <th>Updated Nexus devices</th> 1051 <th>Updated AOSP versions</th> 1052 <th>Date reported</th> 1053 </tr> 1054 <tr> 1055 <td>CVE-2016-2457</td> 1056 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/12332e05f632794e18ea8c4ac52c98e82532e5db"> 1057 27411179</a></td> 1058 <td>Moderate</td> 1059 <td><a href="#nexus_devices">All Nexus</a></td> 1060 <td>5.0.2, 5.1.1, 6.0, 6.0.1</td> 1061 <td>Feb 29, 2016</td> 1062 </tr> 1063 </table> 1064 1065 1066 <h3 id=information_disclosure_vulnerability_in_aosp_mail> 1067 Information Disclosure Vulnerability in AOSP Mail</h3> 1068 1069 1070 <p>An information disclosure vulnerability in AOSP Mail could enable a local 1071 malicious application to gain access to users private information. This issue 1072 is rated Moderate severity because it could be used to improperly access data 1073 without permission.</p> 1074 <table> 1075 <col width="19%"> 1076 <col width="16%"> 1077 <col width="10%"> 1078 <col width="19%"> 1079 <col width="18%"> 1080 <col width="16%"> 1081 <tr> 1082 <th>CVE</th> 1083 <th>Android bug</th> 1084 <th>Severity</th> 1085 <th>Updated Nexus devices</th> 1086 <th>Updated AOSP versions</th> 1087 <th>Date reported</th> 1088 </tr> 1089 <tr> 1090 <td>CVE-2016-2458</td> 1091 <td><a href="https://android.googlesource.com/platform/packages/apps/UnifiedEmail/+/a55168330d9326ff2120285763c818733590266a"> 1092 27335139</a> 1093 [<a href="https://android.googlesource.com/platform/packages/apps/Email/+/2791f0b33b610247ef87278862e66c6045f89693">2</a>] 1094 </td> 1095 <td>Moderate</td> 1096 <td><a href="#nexus_devices">All Nexus</a></td> 1097 <td>5.0.2, 5.1.1, 6.0, 6.0.1</td> 1098 <td>Feb 23, 2016</td> 1099 </tr> 1100 </table> 1101 1102 1103 <h3 id=information_disclosure_vulnerability_in_mediaserver> 1104 Information Disclosure Vulnerability in Mediaserver</h3> 1105 1106 1107 <p>An information disclosure vulnerability in Mediaserver could allow an 1108 application to access sensitive information. This issue is rated as Moderate 1109 severity because it could be used to improperly access data without permission.</p> 1110 <table> 1111 <col width="19%"> 1112 <col width="16%"> 1113 <col width="10%"> 1114 <col width="19%"> 1115 <col width="18%"> 1116 <col width="16%"> 1117 <tr> 1118 <th>CVE</th> 1119 <th>Android bugs</th> 1120 <th>Severity</th> 1121 <th>Updated Nexus devices</th> 1122 <th>Updated AOSP versions</th> 1123 <th>Date reported</th> 1124 </tr> 1125 <tr> 1126 <td>CVE-2016-2459</td> 1127 <td><a href="https://android.googlesource.com/platform/frameworks/native/+/a30d7d90c4f718e46fb41a99b3d52800e1011b73"> 1128 27556038</a></td> 1129 <td>Moderate</td> 1130 <td><a href="#nexus_devices">All Nexus</a></td> 1131 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 1132 <td>Mar 7, 2016</td> 1133 </tr> 1134 <tr> 1135 <td>CVE-2016-2460</td> 1136 <td><a href="https://android.googlesource.com/platform/frameworks/native/+/a30d7d90c4f718e46fb41a99b3d52800e1011b73"> 1137 27555981</a></td> 1138 <td>Moderate</td> 1139 <td><a href="#nexus_devices">All Nexus</a></td> 1140 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 1141 <td>Mar 7, 2016</td> 1142 </tr> 1143 </table> 1144 1145 1146 <h3 id=denial_of_service_vulnerability_in_kernel> 1147 Denial of Service Vulnerability in Kernel</h3> 1148 1149 1150 <p>A denial of service vulnerability in the kernel could allow a local malicious 1151 application to cause a device reboot. This issue is rated as Low severity 1152 because the effect is a temporary denial of service.</p> 1153 <table> 1154 <col width="19%"> 1155 <col width="16%"> 1156 <col width="10%"> 1157 <col width="27%"> 1158 <col width="16%"> 1159 <tr> 1160 <th>CVE</th> 1161 <th>Android bug</th> 1162 <th>Severity</th> 1163 <th>Updated Nexus devices</th> 1164 <th>Date reported</th> 1165 </tr> 1166 <tr> 1167 <td>CVE-2016-0774</td> 1168 <td>27721803*</td> 1169 <td>Low</td> 1170 <td><a href="#nexus_devices">All Nexus</a></td> 1171 <td>Mar 17, 2016</td> 1172 </tr> 1173 </table> 1174 <p>* The patch for this issue is available in 1175 <a href="https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/fs/pipe.c?id=b381fbc509052d07ccf8641fd7560a25d46aaf1e"> 1176 Linux upstream</a>.</p> 1177 1178 <h2 id=common_questions_and_answers>Common Questions and Answers</h2> 1179 1180 1181 <p>This section reviews answers to common questions that may occur after reading 1182 this bulletin.</p> 1183 1184 <p><strong>1. How do I determine if my device is updated to address these issues?</strong></p> 1185 1186 <p>Security Patch Levels of May 01, 2016 or later address these issues (refer to 1187 the <a href="https://support.google.com/nexus/answer/4457705">Nexus documentation</a> 1188 for instructions on how to check the security patch level). Device 1189 manufacturers that include these updates should set the patch string level to: 1190 [ro.build.version.security_patch]:[2016-05-01]</p> 1191 1192 <p id="nexus_devices"><strong>2. How do I determine which Nexus devices are affected 1193 by each issue?</strong></p> 1194 1195 <p>In the <a href="#security_vulnerability_details">Security Vulnerability Details</a> 1196 section, each table has an Updated Nexus devices column that covers the range 1197 of affected Nexus devices updated for each issue. This column has a few 1198 options:</p> 1199 1200 <ul> 1201 <li> <strong>All Nexus devices</strong>: If an issue affects all Nexus devices, 1202 the table will have All Nexus in the <em>Updated Nexus devices</em> column. 1203 All Nexus encapsulates the following 1204 <a href="https://support.google.com/nexus/answer/4457705#nexus_devices"> 1205 supported devices</a>: Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, Nexus 7 (2013), 1206 Nexus 9, Android One, Nexus Player, and Pixel C. 1207 <li> <strong>Some Nexus devices</strong>: If an issue doesnt affect all Nexus 1208 devices, the affected Nexus devices are listed in the <em>Updated Nexus 1209 devices</em> column.</li> 1210 <li> <strong>No Nexus devices</strong>: If no Nexus devices are affected by the 1211 issue, the table will have None in the <em>Updated Nexus devices</em> column.</li> 1212 </ul> 1213 1214 <p><strong>3. Why is CVE-2015-1805 included in this bulletin?</strong></p> 1215 <p>CVE-2015-1805 is included in this bulletin because the <a href="/security/advisory/2016-03-18.html"> 1216 Android Security Advisory2016-03-18</a> was published very close to the release of 1217 the April bulletin. Due to the tight timeline, device manufacturers were given the 1218 option to ship fixes from the <a href="2016-04-02.html">Nexus Security BulletinApril 2016</a>, 1219 without the fix for CVE-2015-1805, if they used the April 01, 2016 Security Patch Level. 1220 It is included again in this bulletin as it must be fixed in order to use the 1221 May 01, 2016 Security Patch Level.</p> 1222 <h2 id=revisions>Revisions</h2> 1223 1224 1225 <ul> 1226 <li> May 02, 2016: Bulletin published.</li> 1227 <li> May 04, 2016: 1228 <ul> 1229 <li> Bulletin revised to include AOSP links. 1230 <li> List of all Nexus devices updated to include Nexus Player and Pixel C. 1231 <li> CVE-2016-2447 updated to CVE-2016-4477, per MITRE request. 1232 </ul> 1233 </li> 1234 </ul> 1235 1236 </body> 1237 </html> 1238
