1 <html devsite> 2 <head> 3 <title>Nexus - 2015 10 </title> 4 <meta name="project_path" value="/_project.yaml" /> 5 <meta name="book_path" value="/_book.yaml" /> 6 </head> 7 <body> 8 <!-- 9 Copyright 2017 The Android Open Source Project 10 11 Licensed under the Apache License, Version 2.0 (the "License"); 12 you may not use this file except in compliance with the License. 13 You may obtain a copy of the License at 14 15 http://www.apache.org/licenses/LICENSE-2.0 16 17 Unless required by applicable law or agreed to in writing, software 18 distributed under the License is distributed on an "AS IS" BASIS, 19 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 20 See the License for the specific language governing permissions and 21 limitations under the License. 22 --> 23 24 25 26 <p> 27 <em> 28 2015 10 5 | 2015 10 12 29 </em> 30 </p> 31 <p> 32 Android Nexus OTANexus 33 <a href="https://developers.google.com/android/nexus/images"> 34 Google 35 </a> 36 LMY48T LMY48W Android Marshmallow 2015 10 1 37 <a href="https://support.google.com/nexus/answer/4457705"> 38 Nexus 39 </a> 40 41 </p> 42 <p> 43 2015 9 10 Android AOSP 44 </p> 45 <p> 46 MMS 47 </p> 48 <p> 49 50 <a href="http://source.android.com/security/bulletin/2015-10-01.html#mitigations"> 51 Android 52 </a> 53 SafetyNet 54 <a href="http://source.android.com/security/enhancements/index.html"> 55 56 </a> 57 Android 58 </p> 59 <h2 id="security_vulnerability_summary" style="margin-bottom:0px"> 60 61 </h2> 62 <hr/> 63 <p> 64 CVE 65 <a href="http://source.android.com/security/overview/updates-resources.html#severity"> 66 67 </a> 68 69 </p> 70 <table> 71 <tbody> 72 <tr> 73 <th> 74 75 </th> 76 <th> 77 CVE 78 </th> 79 <th> 80 81 </th> 82 </tr> 83 <tr> 84 <td> 85 libstagefright 86 </td> 87 <td> 88 CVE-2015-3873 89 <br/> 90 CVE-2015-3872 91 <br/> 92 CVE-2015-3871 93 <br/> 94 CVE-2015-3868 95 <br/> 96 CVE-2015-3867 97 <br/> 98 CVE-2015-3869 99 <br/> 100 CVE-2015-3870 101 <br/> 102 CVE-2015-3823 103 <br/> 104 CVE-2015-6598 105 <br/> 106 CVE-2015-6599 107 <br/> 108 CVE-2015-6600 109 <br/> 110 CVE-2015-6603 111 <br/> 112 CVE-2015-6601 113 <br/> 114 CVE-2015-3876 115 <br/> 116 CVE-2015-6604 117 </td> 118 <td> 119 120 </td> 121 </tr> 122 <tr> 123 <td> 124 Sonivox 125 </td> 126 <td> 127 CVE-2015-3874 128 </td> 129 <td> 130 131 </td> 132 </tr> 133 <tr> 134 <td> 135 libutils 136 </td> 137 <td> 138 CVE-2015-3875 139 <br/> 140 CVE-2015-6602 141 </td> 142 <td> 143 144 </td> 145 </tr> 146 <tr> 147 <td> 148 Skia 149 </td> 150 <td> 151 CVE-2015-3877 152 </td> 153 <td> 154 155 </td> 156 </tr> 157 <tr> 158 <td> 159 libFLAC 160 </td> 161 <td> 162 CVE-2014-9028 163 </td> 164 <td> 165 166 </td> 167 </tr> 168 <tr> 169 <td> 170 171 </td> 172 <td> 173 CVE-2015-3863 174 </td> 175 <td> 176 177 </td> 178 </tr> 179 <tr> 180 <td> 181 182 </td> 183 <td> 184 CVE-2015-3879 185 </td> 186 <td> 187 188 </td> 189 </tr> 190 <tr> 191 <td> 192 Android Runtime 193 </td> 194 <td> 195 CVE-2015-3865 196 </td> 197 <td> 198 199 </td> 200 </tr> 201 <tr> 202 <td> 203 204 </td> 205 <td> 206 CVE-2015-6596 207 </td> 208 <td> 209 210 </td> 211 </tr> 212 <tr> 213 <td> 214 Secure Element Evaluation Kit 215 </td> 216 <td> 217 CVE-2015-6606 218 </td> 219 <td> 220 221 </td> 222 </tr> 223 <tr> 224 <td> 225 Media Projection 226 </td> 227 <td> 228 CVE-2015-3878 229 </td> 230 <td> 231 232 </td> 233 </tr> 234 <tr> 235 <td> 236 Bluetooth 237 </td> 238 <td> 239 CVE-2015-3847 240 </td> 241 <td> 242 243 </td> 244 </tr> 245 <tr> 246 <td> 247 SQLite 248 </td> 249 <td> 250 CVE-2015-6607 251 </td> 252 <td> 253 254 </td> 255 </tr> 256 <tr> 257 <td> 258 259 </td> 260 <td> 261 CVE-2015-6605 262 <br/> 263 CVE-2015-3862 264 </td> 265 <td> 266 267 </td> 268 </tr> 269 </tbody> 270 </table> 271 <h2 id="mitigations" style="margin-bottom:0px"> 272 273 </h2> 274 <hr/> 275 <p> 276 277 <a href="http://source.android.com/security/enhancements/index.html"> 278 Android 279 </a> 280 SafetyNet Android 281 </p> 282 <ul> 283 <li> 284 Android Android Android 285 </li> 286 <li> 287 Android SafetyNet Google Play Google Play 288 </li> 289 <li> 290 Google 291 </li> 292 </ul> 293 <h2 id="acknowledgements" style="margin-bottom:0px"> 294 295 </h2> 296 <hr/> 297 <p> 298 299 </p> 300 <ul> 301 <li> 302 Brennan Lautner: CVE-2015-3863 303 </li> 304 <li> 305 Qihoo 360 C0re Team Yajin ZhouLei WuXuxian Jiang: CVE-2015-3868CVE-2015-3869CVE-2015-3865CVE-2015-3862 306 </li> 307 <li> 308 Copperhead Security Daniel Micaydaniel.micay (a] copperhead.co: CVE-2015-3875 309 </li> 310 <li> 311 Alibaba Mobile Security Team dragonltx: CVE-2015-6599 312 </li> 313 <li> 314 Google Project Zero Ian BeerSteven Vittitoe: CVE-2015-6604 315 </li> 316 <li> 317 Fundacin Dr. Manuel SadoskyPrograma STIC Joaqun Rinaudo@xeroxnirIvn Arce@4Dgifts: CVE-2015-3870 318 </li> 319 <li> 320 Zimperium Josh Drake: CVE-2015-3876CVE-2015-6602 321 </li> 322 <li> 323 Exodus Intelligence@jgrusko Jordan Gruskovnjak: CVE-2015-3867 324 </li> 325 <li> 326 Trend Micro Peter Pi: CVE-2015-3872CVE-2015-3871 327 </li> 328 <li> 329 Qihoo 360 Technology Co. Ltd Ping Li: CVE-2015-3878 330 </li> 331 <li> 332 Seven Shen: CVE-2015-6600CVE-2015-3847 333 </li> 334 <li> 335 Baidu X-Team Wangtaoneobyte: CVE-2015-6598 336 </li> 337 <li> 338 Trend Micro Inc. Wish Wu@wish_wu: CVE-2015-3823 339 </li> 340 </ul> 341 <p> 342 Chrome Google Project Zero Google 343 </p> 344 <h2 id="security_vulnerability_details" style="margin-bottom:0px"> 345 346 </h2> 347 <hr/> 348 <p> 349 350 <a href="http://source.android.com/security/bulletin/2015-10-01.html#security_vulnerability_summary"> 351 352 </a> 353 CVE ID AOSP ID AOSP 354 </p> 355 <h3 id="remote_code_execution_vulnerabilities_in_libstagefright"> 356 libstagefright 357 </h3> 358 <p> 359 libstagefright 360 </p> 361 <p> 362 363 </p> 364 <table> 365 <tbody> 366 <tr> 367 <th> 368 CVE 369 </th> 370 <th> 371 AOSP 372 </th> 373 <th> 374 375 </th> 376 <th> 377 378 </th> 379 <th> 380 381 </th> 382 </tr> 383 <tr> 384 <td rowspan="14"> 385 CVE-2015-3873 386 </td> 387 <td> 388 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/c23e3dd8af7397f023aae040c4a03dd14091cbed"> 389 ANDROID-20674086 390 </a> 391 [ 392 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/9abb7401df730b5c510f6b8dac2716a0928d9623"> 393 2 394 </a> 395 396 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/b62a73b860757143d3b140b2985fdae71e18d675"> 397 3 398 </a> 399 400 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/b2ae4351539de9aa4667fcb3e02ba40d9c6bd094"> 401 4 402 </a> 403 ] 404 </td> 405 <td rowspan="13"> 406 407 </td> 408 <td rowspan="13"> 409 5.1 410 </td> 411 <td rowspan="13"> 412 Google 413 </td> 414 </tr> 415 <tr> 416 <td> 417 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/3fd96683850cf27648e036180acb149fac362242"> 418 ANDROID-20674674 419 </a> 420 [ 421 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/65842db06c2d77e53cc5ac61692160d844cc7d0a"> 422 2 423 </a> 424 425 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/38eff9af5c032bf12f89d6e94df05f65eef51afc"> 426 3 427 </a> 428 429 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/91860b89488b3ee4644c539e89e657fbb79fb6ad"> 430 4 431 </a> 432 ] 433 </td> 434 </tr> 435 <tr> 436 <td> 437 <a href="https://android.googlesource.com/platform%2Fexternal%2Ftremolo/+/2e941e40ce76eb13b273479a4ee8fb6e40d33795"> 438 ANDROID-20718524 439 </a> 440 </td> 441 </tr> 442 <tr> 443 <td> 444 <a href="https://android.googlesource.com/platform%2Fexternal%2Ftremolo/+/06ca06ac6107f88530cc67225c47537621bb41a5"> 445 ANDROID-21048776 446 </a> 447 </td> 448 </tr> 449 <tr> 450 <td> 451 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/dc5e47f013bfbb74c5c35ad976aa98d480cb351b"> 452 ANDROID-21443020 453 </a> 454 </td> 455 </tr> 456 <tr> 457 <td> 458 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/f11e95b21007f24e5ab77298370855f9f085b2d7"> 459 ANDROID-21814993 460 </a> 461 </td> 462 </tr> 463 <tr> 464 <td> 465 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/f810a8298aea13fa177060cdc10c8297eac69c49"> 466 ANDROID-22008959 467 </a> 468 </td> 469 </tr> 470 <tr> 471 <td> 472 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/7913508110c80da87fb085514208adbd874d7d54"> 473 ANDROID-22077698 474 </a> 475 </td> 476 </tr> 477 <tr> 478 <td> 479 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/073e4f6748f5d7deb095c42fad9271cb99e22d07"> 480 ANDROID-22388975 481 </a> 482 </td> 483 </tr> 484 <tr> 485 <td> 486 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/bf47eb9c67ed364f3c288954857aab9d9311db4c"> 487 ANDROID-22845824 488 </a> 489 </td> 490 </tr> 491 <tr> 492 <td> 493 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/b158a9a5bcfe21480f57bc58d45517f1a81cca39"> 494 ANDROID-23016072 495 </a> 496 </td> 497 </tr> 498 <tr> 499 <td> 500 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/5a132594b531f1f48098a790927f82080cc27f61"> 501 ANDROID-23247055 502 </a> 503 </td> 504 </tr> 505 <tr> 506 <td> 507 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/d2ebc0b9e147f9406db20ec4df61da50e3614ee4"> 508 ANDROID-23248776 509 </a> 510 </td> 511 </tr> 512 <tr> 513 <td> 514 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/3179e3b3531b5fe93dc7f5b2c378e27010a406d5"> 515 ANDROID-20721050 516 </a> 517 </td> 518 <td> 519 520 </td> 521 <td> 522 5.0 5.1 523 </td> 524 <td> 525 Google 526 </td> 527 </tr> 528 <tr> 529 <td> 530 CVE-2015-3823 531 </td> 532 <td> 533 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/407d475b797fdc595299d67151230dc6e3835ccd"> 534 ANDROID-21335999 535 </a> 536 </td> 537 <td> 538 539 </td> 540 <td> 541 5.1 542 </td> 543 <td> 544 2105 5 20 545 </td> 546 </tr> 547 <tr> 548 <td> 549 CVE-2015-6600 550 </td> 551 <td> 552 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/e6f5d47a7f9eab8a0009f8a563de473cd47d3110"> 553 ANDROID-22882938 554 </a> 555 </td> 556 <td> 557 558 </td> 559 <td> 560 5.1 561 </td> 562 <td> 563 2015 7 31 564 </td> 565 </tr> 566 <tr> 567 <td> 568 CVE-2015-6601 569 </td> 570 <td> 571 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/738a753a3ca7bf8f9f608ca941575626265294e4"> 572 ANDROID-22935234 573 </a> 574 </td> 575 <td> 576 577 </td> 578 <td> 579 5.1 580 </td> 581 <td> 582 2015 8 3 583 </td> 584 </tr> 585 <tr> 586 <td> 587 CVE-2015-3869 588 </td> 589 <td> 590 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/450e1015b7939292ca988dd1b4f0303a094478e9"> 591 ANDROID-23036083 592 </a> 593 </td> 594 <td> 595 596 </td> 597 <td> 598 5.1 599 </td> 600 <td> 601 2015 8 4 602 </td> 603 </tr> 604 <tr> 605 <td> 606 CVE-2015-3870 607 </td> 608 <td> 609 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/4bce636865bdf0e2a79fc9a5d9a69107649c850d"> 610 ANDROID-22771132 611 </a> 612 </td> 613 <td> 614 615 </td> 616 <td> 617 5.1 618 </td> 619 <td> 620 2015 8 5 621 </td> 622 </tr> 623 <tr> 624 <td> 625 CVE-2015-3871 626 </td> 627 <td> 628 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/c570778430a22b5488cae72982cf9fb8033dbda3"> 629 ANDROID-23031033 630 </a> 631 </td> 632 <td> 633 634 </td> 635 <td> 636 5.1 637 </td> 638 <td> 639 2015 8 6 640 </td> 641 </tr> 642 <tr> 643 <td> 644 CVE-2015-3868 645 </td> 646 <td> 647 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/937c6bedd4b6e5c6cb29a238eb459047dedd3486"> 648 ANDROID-23270724 649 </a> 650 </td> 651 <td> 652 653 </td> 654 <td> 655 5.1 656 </td> 657 <td> 658 2015 8 6 659 </td> 660 </tr> 661 <tr> 662 <td> 663 CVE-2015-6604 664 </td> 665 <td> 666 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/f51115bd8e44c2779b74477277c6f6046916e7cf"> 667 ANDROID-23129786 668 </a> 669 </td> 670 <td> 671 672 </td> 673 <td> 674 5.1 675 </td> 676 <td> 677 2015 8 11 678 </td> 679 </tr> 680 <tr> 681 <td> 682 CVE-2015-3867 683 </td> 684 <td> 685 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/7e9ac3509d72e8dc6f1316b5ce0a0066638b9737"> 686 ANDROID-23213430 687 </a> 688 </td> 689 <td> 690 691 </td> 692 <td> 693 5.1 694 </td> 695 <td> 696 2015 8 14 697 </td> 698 </tr> 699 <tr> 700 <td> 701 CVE-2015-6603 702 </td> 703 <td> 704 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/c37f7f6fa0cb7f55cdc5b2d4ccbf2c87c3bc6c3b"> 705 ANDROID-23227354 706 </a> 707 </td> 708 <td> 709 710 </td> 711 <td> 712 5.1 713 </td> 714 <td> 715 2015 8 15 716 </td> 717 </tr> 718 <tr> 719 <td> 720 CVE-2015-3876 721 </td> 722 <td> 723 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/c580c836c1941fb4912e1dd4e08626caf98a62c7"> 724 ANDROID-23285192 725 </a> 726 </td> 727 <td> 728 729 </td> 730 <td> 731 5.1 732 </td> 733 <td> 734 2015 8 15 735 </td> 736 </tr> 737 <tr> 738 <td> 739 CVE-2015-6598 740 </td> 741 <td> 742 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/ba6093a4c6997b9d36d9700ee8c974941bf82e3a"> 743 ANDROID-23306638 744 </a> 745 </td> 746 <td> 747 748 </td> 749 <td> 750 5.1 751 </td> 752 <td> 753 2015 8 18 754 </td> 755 </tr> 756 <tr> 757 <td> 758 CVE-2015-3872 759 </td> 760 <td> 761 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/4d46f6f18f5160b8992ec1e66ef1844212fc7d48"> 762 ANDROID-23346388 763 </a> 764 </td> 765 <td> 766 767 </td> 768 <td> 769 5.1 770 </td> 771 <td> 772 2015 8 19 773 </td> 774 </tr> 775 <tr> 776 <td> 777 CVE-2015-6599 778 </td> 779 <td> 780 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/af7e33f6043c0be1c0310d675884e3b263ca2438"> 781 ANDROID-23416608 782 </a> 783 </td> 784 <td> 785 786 </td> 787 <td> 788 5.1 789 </td> 790 <td> 791 2015 8 21 792 </td> 793 </tr> 794 </tbody> 795 </table> 796 <h3 id="remote_code_execution_vulnerabilities_in_sonivox"> 797 Sonivox 798 </h3> 799 <p> 800 Sonivox 801 </p> 802 <table> 803 <tbody> 804 <tr> 805 <th> 806 CVE 807 </th> 808 <th> 809 AOSP 810 </th> 811 <th> 812 813 </th> 814 <th> 815 816 </th> 817 <th> 818 819 </th> 820 </tr> 821 <tr> 822 <td rowspan="3"> 823 CVE-2015-3874 824 </td> 825 <td> 826 <a href="https://android.googlesource.com/platform%2Fexternal%2Fsonivox/+/8cbef48ba6e3d3f844b895f8ca1a1aee74414fff"> 827 ANDROID-23335715 828 </a> 829 </td> 830 <td rowspan="3"> 831 832 </td> 833 <td rowspan="3"> 834 5.1 835 </td> 836 <td rowspan="3"> 837 838 </td> 839 </tr> 840 <tr> 841 <td> 842 <a href="https://android.googlesource.com/platform%2Fexternal%2Fsonivox/+/5d2e7de37d4a28cf25cc5d0c64b3a29c1824dc0a"> 843 ANDROID-23307276 844 </a> 845 [ 846 <a href="https://android.googlesource.com/platform%2Fexternal%2Fsonivox/+/f333a822c38c3d92f40e8f1686348e6a62c291"> 847 2 848 </a> 849 ] 850 </td> 851 </tr> 852 <tr> 853 <td> 854 <a href="https://android.googlesource.com/platform%2Fexternal%2Fsonivox/+/8a9f53ee2c661e8b5b94d6e9fbb8af3baa34310d"> 855 ANDROID-23286323 856 </a> 857 </td> 858 </tr> 859 </tbody> 860 </table> 861 <h3 id="remote_code_execution_vulnerabilities_in_libutils"> 862 libutils 863 </h3> 864 <p> 865 libutils 866 </p> 867 <p> 868 API MMS 869 </p> 870 <table> 871 <tbody> 872 <tr> 873 <th> 874 CVE 875 </th> 876 <th> 877 AOSP 878 </th> 879 <th> 880 881 </th> 882 <th> 883 884 </th> 885 <th> 886 887 </th> 888 </tr> 889 <tr> 890 <td> 891 CVE-2015-3875 892 </td> 893 <td> 894 <a href="https://android.googlesource.com/platform%2Fsystem%2Fcore/+/0cc9a6e6e1f8e675c1238e5e05418cabcc699b52"> 895 ANDROID-22952485 896 </a> 897 </td> 898 <td> 899 900 </td> 901 <td> 902 5.1 903 </td> 904 <td> 905 2015 8 15 906 </td> 907 </tr> 908 <tr> 909 <td> 910 CVE-2015-6602 911 </td> 912 <td> 913 <a href="https://android.googlesource.com/platform%2Fsystem%2Fcore/+/e0dce90b0de2b2b7c2baae8035f810a55526effb"> 914 ANDROID-23290056 915 </a> 916 [ 917 <a href="https://android.googlesource.com/platform%2Fsystem%2Fcore/+/5b85b1d40d619c2064d321364f212ebfeb6ba185"> 918 2 919 </a> 920 ] 921 </td> 922 <td> 923 924 </td> 925 <td> 926 5.1 927 </td> 928 <td> 929 2015 8 15 930 </td> 931 </tr> 932 </tbody> 933 </table> 934 <h3 id="remote_code_execution_vulnerability_in_skia"> 935 Skia 936 </h3> 937 <p> 938 Skia MMS 939 </p> 940 <table> 941 <tbody> 942 <tr> 943 <th> 944 CVE 945 </th> 946 <th> 947 AOSP 948 </th> 949 <th> 950 951 </th> 952 <th> 953 954 </th> 955 <th> 956 957 </th> 958 </tr> 959 <tr> 960 <td> 961 CVE-2015-3877 962 </td> 963 <td> 964 <a href="https://android.googlesource.com/platform%2Fexternal%2Fskia/+/55ad31336a6de7037139820558c5de834797c09e"> 965 ANDROID-20723696 966 </a> 967 </td> 968 <td> 969 970 </td> 971 <td> 972 5.1 973 </td> 974 <td> 975 2015 7 30 976 </td> 977 </tr> 978 </tbody> 979 </table> 980 <h3 id="remote_code_execution_vulnerabilities_in_libflac"> 981 libFLAC 982 </h3> 983 <p> 984 libFLAC 985 </p> 986 <p> 987 API MMS 988 </p> 989 <table> 990 <tbody> 991 <tr> 992 <th> 993 CVE 994 </th> 995 <th> 996 AOSP 997 </th> 998 <th> 999 1000 </th> 1001 <th> 1002 1003 </th> 1004 <th> 1005 1006 </th> 1007 </tr> 1008 <tr> 1009 <td> 1010 CVE-2014-9028 1011 </td> 1012 <td> 1013 <a href="https://android.googlesource.com/platform%2Fexternal%2Fflac/+/fe03f73d86bb415f5d5145f0de091834d89ae3a9"> 1014 ANDROID-18872897 1015 </a> 1016 [ 1017 <a href="https://android.googlesource.com/platform%2Fexternal%2Fflac/+/5859ae22db0a2d16af3e3ca19d582de37daf5eb6"> 1018 2 1019 </a> 1020 ] 1021 </td> 1022 <td> 1023 1024 </td> 1025 <td> 1026 5.1 1027 </td> 1028 <td> 1029 2014 11 14 1030 </td> 1031 </tr> 1032 </tbody> 1033 </table> 1034 <p> 1035 </p> 1036 <h3 id="elevation_of_privilege_vulnerability_in_keystore"> 1037 1038 </h3> 1039 <p> 1040 API 1041 </p> 1042 <table> 1043 <tbody> 1044 <tr> 1045 <th> 1046 CVE 1047 </th> 1048 <th> 1049 AOSP 1050 </th> 1051 <th> 1052 1053 </th> 1054 <th> 1055 1056 </th> 1057 <th> 1058 1059 </th> 1060 </tr> 1061 <tr> 1062 <td> 1063 CVE-2015-3863 1064 </td> 1065 <td> 1066 <a href="https://android.googlesource.com/platform%2Fsystem%2Fsecurity/+/0d5935262dbbcaf2cf6145529ffd71a728ef4609"> 1067 ANDROID-22802399 1068 </a> 1069 </td> 1070 <td> 1071 1072 </td> 1073 <td> 1074 5.1 1075 </td> 1076 <td> 1077 2015 7 28 1078 </td> 1079 </tr> 1080 </tbody> 1081 </table> 1082 <h3 id="elevation_of_privilege_vulnerability_in_media_player_framework"> 1083 1084 </h3> 1085 <p> 1086 1087 </p> 1088 <table> 1089 <tbody> 1090 <tr> 1091 <th> 1092 CVE 1093 </th> 1094 <th> 1095 AOSP 1096 </th> 1097 <th> 1098 1099 </th> 1100 <th> 1101 1102 </th> 1103 <th> 1104 1105 </th> 1106 </tr> 1107 <tr> 1108 <td> 1109 CVE-2015-3879 1110 </td> 1111 <td> 1112 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/aa4da6fa7ca2454f0713de0a5a583b5b8160166b"> 1113 ANDROID-23223325 1114 </a> 1115 [2]* 1116 </td> 1117 <td> 1118 1119 </td> 1120 <td> 1121 5.1 1122 </td> 1123 <td> 1124 2015 8 14 1125 </td> 1126 </tr> 1127 </tbody> 1128 </table> 1129 <p> 1130 * 2 AOSP 1131 <a href="https://developers.google.com/android/nexus/drivers"> 1132 Google 1133 </a> 1134 Nexus 1135 </p> 1136 <h3 id="elevation_of_privilege_vulnerability_in_android_runtime"> 1137 Android Runtime 1138 </h3> 1139 <p> 1140 Android Runtime 1141 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel"> 1142 signature 1143 </a> 1144 1145 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel"> 1146 signatureOrSystem 1147 </a> 1148 1149 </p> 1150 <table> 1151 <tbody> 1152 <tr> 1153 <th> 1154 CVE 1155 </th> 1156 <th> 1157 AOSP 1158 </th> 1159 <th> 1160 1161 </th> 1162 <th> 1163 1164 </th> 1165 <th> 1166 1167 </th> 1168 </tr> 1169 <tr> 1170 <td> 1171 CVE-2015-3865 1172 </td> 1173 <td> 1174 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fbase/+/ff8dc21278b19b22ed8dc9f9475850838336d351"> 1175 ANDROID-23050463 1176 </a> 1177 [ 1178 <a href="https://android.googlesource.com/platform%2Fcts/+/3f7334822ba4cc53f81f22f3519093bf4e1d7f89"> 1179 2 1180 </a> 1181 ] 1182 </td> 1183 <td> 1184 1185 </td> 1186 <td> 1187 5.1 1188 </td> 1189 <td> 1190 2015 8 8 1191 </td> 1192 </tr> 1193 </tbody> 1194 </table> 1195 <h3 id="elevation_of_privilege_vulnerabilities_in_mediaserver"> 1196 1197 </h3> 1198 <p> 1199 1200 </p> 1201 <table> 1202 <tbody> 1203 <tr> 1204 <th> 1205 CVE 1206 </th> 1207 <th> 1208 AOSP 1209 </th> 1210 <th> 1211 1212 </th> 1213 <th> 1214 1215 </th> 1216 <th> 1217 1218 </th> 1219 </tr> 1220 <tr> 1221 <td rowspan="3"> 1222 CVE-2015-6596 1223 </td> 1224 <td> 1225 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/b97ee930e4f7ed1587b869c92b4aa1dc90b641cc"> 1226 ANDROID-20731946 1227 </a> 1228 </td> 1229 <td rowspan="2"> 1230 1231 </td> 1232 <td rowspan="2"> 1233 5.1 1234 </td> 1235 <td rowspan="2"> 1236 1237 </td> 1238 </tr> 1239 <tr> 1240 <td> 1241 ANDROID-20719651* 1242 </td> 1243 </tr> 1244 <tr> 1245 <td> 1246 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/9ef830c6dbd4f6000b94abee3df14b9e27a38294"> 1247 ANDROID-19573085 1248 </a> 1249 </td> 1250 <td> 1251 1252 </td> 1253 <td> 1254 5.06.0 1255 </td> 1256 <td> 1257 Google 1258 </td> 1259 </tr> 1260 </tbody> 1261 </table> 1262 <p> 1263 * AOSP 1264 <a href="https://developers.google.com/android/nexus/drivers"> 1265 Google 1266 </a> 1267 Nexus 1268 </p> 1269 <h3 id="elevation_of_privilege_vulnerability_in_secure_element_evaluation_kit"> 1270 Secure Element Evaluation Kit 1271 </h3> 1272 <p> 1273 <a href="http://seek-for-android.github.io/"> 1274 SEEK 1275 </a> 1276 Secure Element Evaluation Kit SmartCard API 1277 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel"> 1278 signature 1279 </a> 1280 1281 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel"> 1282 signatureOrSystem 1283 </a> 1284 1285 </p> 1286 <table> 1287 <tbody> 1288 <tr> 1289 <th> 1290 CVE 1291 </th> 1292 <th> 1293 AOSP 1294 </th> 1295 <th> 1296 1297 </th> 1298 <th> 1299 1300 </th> 1301 <th> 1302 1303 </th> 1304 </tr> 1305 <tr> 1306 <td> 1307 CVE-2015-6606 1308 </td> 1309 <td> 1310 ANDROID-22301786* 1311 </td> 1312 <td> 1313 1314 </td> 1315 <td> 1316 5.1 1317 </td> 1318 <td> 1319 2015 6 30 1320 </td> 1321 </tr> 1322 </tbody> 1323 </table> 1324 <p> 1325 * 1326 <a href="http://seek-for-android.github.io/"> 1327 SEEK for Android 1328 </a> 1329 1330 </p> 1331 <h3 id="elevation_of_privilege_vulnerability_in_media_projection"> 1332 Media Projection 1333 </h3> 1334 <p> 1335 Media Projection 1336 </p> 1337 <table> 1338 <tbody> 1339 <tr> 1340 <th> 1341 CVE 1342 </th> 1343 <th> 1344 AOSP 1345 </th> 1346 <th> 1347 1348 </th> 1349 <th> 1350 1351 </th> 1352 <th> 1353 1354 </th> 1355 </tr> 1356 <tr> 1357 <td> 1358 CVE-2015-3878 1359 </td> 1360 <td> 1361 <a href="https://android.googlesource.com/platform/frameworks/base/+/b3145760db5d58a107fd1ffd8eeec67d983d45f3"> 1362 ANDROID-23345192 1363 </a> 1364 </td> 1365 <td> 1366 1367 </td> 1368 <td> 1369 5.06.0 1370 </td> 1371 <td> 1372 2015 8 18 1373 </td> 1374 </tr> 1375 </tbody> 1376 </table> 1377 <h3 id="elevation_of_privilege_vulnerability_in_bluetooth"> 1378 Bluetooth 1379 </h3> 1380 <p> 1381 Android Bluetooth SMS 1382 </p> 1383 <table> 1384 <tbody> 1385 <tr> 1386 <th> 1387 CVE 1388 </th> 1389 <th> 1390 AOSP 1391 </th> 1392 <th> 1393 1394 </th> 1395 <th> 1396 1397 </th> 1398 <th> 1399 1400 </th> 1401 </tr> 1402 <tr> 1403 <td> 1404 CVE-2015-3847 1405 </td> 1406 <td> 1407 <a href="https://android.googlesource.com/platform%2Fpackages%2Fapps%2FBluetooth/+/19004c751f36aa2b01d3e03d4f761d8897542bd2"> 1408 ANDROID-22343270 1409 </a> 1410 </td> 1411 <td> 1412 1413 </td> 1414 <td> 1415 5.1 1416 </td> 1417 <td> 1418 2015 7 8 1419 </td> 1420 </tr> 1421 </tbody> 1422 </table> 1423 <h3 id="elevation_of_privilege_vulnerabilities_in_sqlite"> 1424 SQLite 1425 </h3> 1426 <p> 1427 SQLite SQL 1428 </p> 1429 <p> 1430 2015 4 8 AOSP SQLite 3.8.9 1431 <a href="https://android-review.googlesource.com/#/c/145961/"> 1432 https://android-review.googlesource.com/#/c/145961/ 1433 </a> 1434 1435 </p> 1436 <p> 1437 SQLite Android 4.4 SQLite 3.7.11 Android 5.05.1 SQLite 3.8.6 1438 </p> 1439 <table> 1440 <tbody> 1441 <tr> 1442 <th> 1443 CVE 1444 </th> 1445 <th> 1446 AOSP 1447 </th> 1448 <th> 1449 1450 </th> 1451 <th> 1452 1453 </th> 1454 <th> 1455 1456 </th> 1457 </tr> 1458 <tr> 1459 <td> 1460 CVE-2015-6607 1461 </td> 1462 <td> 1463 <a href="https://android.googlesource.com/platform%2Fexternal%2Fsqlite/+/3fcd43a0f1ef02756029e12af3cb9ba9faa13364"> 1464 ANDROID-20099586 1465 </a> 1466 </td> 1467 <td> 1468 1469 </td> 1470 <td> 1471 5.1 1472 </td> 1473 <td> 1474 2015 4 7 1475 <br/> 1476 1477 </td> 1478 </tr> 1479 </tbody> 1480 </table> 1481 <h3 id="denial_of_service_vulnerabilities_in_mediaserver"> 1482 1483 </h3> 1484 <p> 1485 1486 </p> 1487 <table> 1488 <tbody> 1489 <tr> 1490 <th> 1491 CVE 1492 </th> 1493 <th> 1494 AOSP 1495 </th> 1496 <th> 1497 1498 </th> 1499 <th> 1500 1501 </th> 1502 <th> 1503 1504 </th> 1505 </tr> 1506 <tr> 1507 <td rowspan="3"> 1508 CVE-2015-6605 1509 </td> 1510 <td> 1511 <a href="https://android.googlesource.com/platform%2Fexternal%2Ftremolo/+/36ec928f52271dd1feb4c86b18026564220629e9"> 1512 ANDROID-20915134 1513 </a> 1514 </td> 1515 <td rowspan="2"> 1516 1517 </td> 1518 <td rowspan="2"> 1519 5.1 1520 </td> 1521 <td rowspan="2"> 1522 Google 1523 </td> 1524 </tr> 1525 <tr> 1526 <td> 1527 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/3ce293842fed1b3abd2ff0aecd2a0c70a55086ee"> 1528 ANDROID-23142203 1529 </a> 1530 </td> 1531 </tr> 1532 <tr> 1533 <td> 1534 <a href="https://android.googlesource.com/platform%2Fexternal%2Flibhevc/+/2b67e532653b815e2341a0ac0b59d1b0ef82170d"> 1535 ANDROID-22278703 1536 </a> 1537 </td> 1538 <td> 1539 1540 </td> 1541 <td> 1542 5.06.0 1543 </td> 1544 <td> 1545 Google 1546 </td> 1547 </tr> 1548 <tr> 1549 <td> 1550 CVE-2015-3862 1551 </td> 1552 <td> 1553 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/f26400c9d01a0e2f71690d5ebc644270f098d590"> 1554 ANDROID-22954006 1555 </a> 1556 </td> 1557 <td> 1558 1559 </td> 1560 <td> 1561 5.1 1562 </td> 1563 <td> 1564 2015 8 2 1565 </td> 1566 </tr> 1567 </tbody> 1568 </table> 1569 <h2 id="revisions" style="margin-bottom:0px"> 1570 1571 </h2> 1572 <hr/> 1573 <ul> 1574 <li> 1575 2015 10 5 : 1576 </li> 1577 <li> 1578 2015 10 7 : AOSP CVE-2014-9028 1579 </li> 1580 <li> 1581 2015 10 12 : CVE-2015-3868CVE-2015-3869CVE-2015-3865CVE-2015-3862 1582 </li> 1583 </ul> 1584 </div> 1585 <div class="content-footer-sac" itemscope="" itemtype="http://schema.org/SiteNavigationElement"> 1586 <div class="layout-content-col col-9" style="padding-top:4px"> 1587 </div> 1588 <div class="paging-links layout-content-col col-4"> 1589 </div> 1590 </div> 1591 </div> 1592 1593 </body> 1594 </html> 1595
