1 <html devsite> 2 <head> 3 <title>Nexus - 2016 1 </title> 4 <meta name="project_path" value="/_project.yaml" /> 5 <meta name="book_path" value="/_book.yaml" /> 6 </head> 7 <body> 8 <!-- 9 Copyright 2017 The Android Open Source Project 10 11 Licensed under the Apache License, Version 2.0 (the "License"); 12 you may not use this file except in compliance with the License. 13 You may obtain a copy of the License at 14 15 http://www.apache.org/licenses/LICENSE-2.0 16 17 Unless required by applicable law or agreed to in writing, software 18 distributed under the License is distributed on an "AS IS" BASIS, 19 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 20 See the License for the specific language governing permissions and 21 limitations under the License. 22 --> 23 24 25 26 <p> 27 Android Nexus OTANexus 28 <a href="https://developers.google.com/android/nexus/images"> 29 Google 30 </a> 31 LMY49F Android 6.0 2016 1 1 32 <a href="http://source.android.com/security/bulletin/2016-01-01.html#common_questions_and_answers"> 33 34 </a> 35 36 </p> 37 <p> 38 2015 12 7 Android AOSP 39 </p> 40 <p> 41 MMS 42 </p> 43 <p> 44 45 <a href="https://source.android.com/security/enhancements/"> 46 Android 47 </a> 48 SafetyNet 49 <a href="http://source.android.com/security/bulletin/2016-01-01.html#mitigations"> 50 51 </a> 52 Android 53 </p> 54 <h2 id="security_vulnerability_summary" style="margin-bottom:0px"> 55 56 </h2> 57 <hr/> 58 <p> 59 CVE 60 <a href="https://source.android.com/security/overview/updates-resources.html#severity"> 61 62 </a> 63 64 </p> 65 <table> 66 <tbody> 67 <tr> 68 <th> 69 70 </th> 71 <th> 72 CVE 73 </th> 74 <th> 75 76 </th> 77 </tr> 78 <tr> 79 <td> 80 81 </td> 82 <td> 83 CVE-2015-6636 84 </td> 85 <td> 86 87 </td> 88 </tr> 89 <tr> 90 <td> 91 misc-sd 92 </td> 93 <td> 94 CVE-2015-6637 95 </td> 96 <td> 97 98 </td> 99 </tr> 100 <tr> 101 <td> 102 Imagination Technologies 103 </td> 104 <td> 105 CVE-2015-6638 106 </td> 107 <td> 108 109 </td> 110 </tr> 111 <tr> 112 <td> 113 TrustZone 114 </td> 115 <td> 116 CVE-2015-6639<br /> 117 CVE-2015-6647 118 </td> 119 <td> 120 121 </td> 122 </tr> 123 <tr> 124 <td> 125 126 </td> 127 <td> 128 CVE-2015-6640 129 </td> 130 <td> 131 132 </td> 133 </tr> 134 <tr> 135 <td> 136 Bluetooth 137 </td> 138 <td> 139 CVE-2015-6641 140 </td> 141 <td> 142 143 </td> 144 </tr> 145 <tr> 146 <td> 147 148 </td> 149 <td> 150 CVE-2015-6642 151 </td> 152 <td> 153 154 </td> 155 </tr> 156 <tr> 157 <td> 158 159 </td> 160 <td> 161 CVE-2015-6643 162 </td> 163 <td> 164 165 </td> 166 </tr> 167 <tr> 168 <td> 169 Wi-Fi 170 </td> 171 <td> 172 CVE-2015-5310 173 </td> 174 <td> 175 176 </td> 177 </tr> 178 <tr> 179 <td> 180 Bouncy Castle 181 </td> 182 <td> 183 CVE-2015-6644 184 </td> 185 <td> 186 187 </td> 188 </tr> 189 <tr> 190 <td> 191 SyncManager 192 </td> 193 <td> 194 CVE-2015-6645 195 </td> 196 <td> 197 198 </td> 199 </tr> 200 <tr> 201 <td> 202 Nexus 203 </td> 204 <td> 205 CVE-2015-6646 206 </td> 207 <td> 208 209 </td> 210 </tr> 211 </tbody> 212 </table> 213 <h2 id="mitigations" style="margin-bottom:0px"> 214 215 </h2> 216 <hr/> 217 <p> 218 219 <a href="https://source.android.com/security/enhancements/index.html"> 220 Android 221 </a> 222 SafetyNet Android 223 </p> 224 <ul> 225 <li> 226 Android Android Android 227 </li> 228 <li> 229 Android SafetyNet Google Play Google Play 230 </li> 231 <li> 232 Google 233 </li> 234 </ul> 235 <h2 id="acknowledgements" style="margin-bottom:0px"> 236 237 </h2> 238 <hr/> 239 <p> 240 241 </p> 242 <ul> 243 <li> 244 Google Chrome Abhishek AryaOliver ChangMartin Barbella: CVE-2015-6636 245 </li> 246 <li> 247 Tencent KEEN lab 248 <a href="https://twitter.com/k33nteam"> @K33nTeam </a> 249 Sen Nie 250 <a href="https://twitter.com/@nforest_"> @nforest_ </a> 251 jfang: CVE-2015-6637 252 </li> 253 <li> 254 Android Bionic Yabin Cui: CVE-2015-6640 255 </li> 256 <li> 257 Google X Tom Craig: CVE-2015-6641 258 </li> 259 <li> 260 Jann Horn 261 <a href="https://thejh.net/"> 262 https://thejh.net 263 </a> 264 : CVE-2015-6642 265 </li> 266 <li> 267 Jouni Malinen PGP id EFC895FA: CVE-2015-5310 268 </li> 269 <li> 270 Google Quan Nguyen: CVE-2015-6644 271 </li> 272 <li> 273 Gal Beniamini 274 <a href="https://twitter.com/@laginimaineb"> @laginimaineb </a> 275 276 <a href="http://bits-please.blogspot.com/"> 277 http://bits-please.blogspot.com 278 </a> 279 : CVE-2015-6639 280 </li> 281 </ul> 282 <h2 id="security_vulnerability_details" style="margin-bottom:0px"> 283 284 </h2> 285 <hr/> 286 <p> 287 288 <a href="http://source.android.com/security/bulletin/2016-01-01.html#security_vulnerability_summary"> 289 290 </a> 291 CVE ID AOSP ID AOSP 292 </p> 293 <h3 id="remote_code_execution_vulnerability_in_mediaserver"> 294 295 </h3> 296 <p> 297 298 </p> 299 <p> 300 MMS 301 </p> 302 <p> 303 304 </p> 305 <table> 306 <tbody> 307 <tr> 308 <th> 309 CVE 310 </th> 311 <th> 312 AOSP 313 </th> 314 <th> 315 316 </th> 317 <th> 318 319 </th> 320 <th> 321 322 </th> 323 </tr> 324 <tr> 325 <td rowspan="2"> 326 CVE-2015-6636 327 </td> 328 <td> 329 <a href="https://android.googlesource.com/platform%2Fexternal%2Flibhevc/+/b9f7c2c45c6fe770b7daffb9a4e61522d1f12d51#"> 330 ANDROID-25070493 331 </a> 332 </td> 333 <td> 334 335 </td> 336 <td> 337 5.05.1.16.06.0.1 338 </td> 339 <td> 340 Google 341 </td> 342 </tr> 343 <tr> 344 <td> 345 <a href="https://android.googlesource.com/platform%2Fexternal%2Flibhevc/+/e8bfec1fa41eafa1fd8e05d0fdc53ea0f2379518"> 346 ANDROID-24686670 347 </a> 348 </td> 349 <td> 350 351 </td> 352 <td> 353 5.05.1.16.06.0.1 354 </td> 355 <td> 356 Google 357 </td> 358 </tr> 359 </tbody> 360 </table> 361 <h3 id="elevation_of_privilege_vulnerability_in_misc-sd_driver"> 362 misc-sd 363 </h3> 364 <p> 365 MediaTek misc-sd 366 </p> 367 <table> 368 <tbody> 369 <tr> 370 <th> 371 CVE 372 </th> 373 <th> 374 375 </th> 376 <th> 377 378 </th> 379 <th> 380 381 </th> 382 <th> 383 384 </th> 385 </tr> 386 <tr> 387 <td> 388 CVE-2015-6637 389 </td> 390 <td> 391 ANDROID-25307013* 392 </td> 393 <td> 394 395 </td> 396 <td> 397 4.4.45.05.1.16.06.0.1 398 </td> 399 <td> 400 2015 10 26 401 </td> 402 </tr> 403 </tbody> 404 </table> 405 <p> 406 * AOSP 407 <a href="https://developers.google.com/android/nexus/drivers"> 408 Google 409 </a> 410 Nexus 411 </p> 412 <h3 id="elevation_of_privilege_vulnerability_in_the_imagination_technologies_driver"> 413 Imagination Technologies 414 </h3> 415 <p> 416 Imagination Technologies 417 </p> 418 <table> 419 <tbody> 420 <tr> 421 <th> 422 CVE 423 </th> 424 <th> 425 426 </th> 427 <th> 428 429 </th> 430 <th> 431 432 </th> 433 <th> 434 435 </th> 436 </tr> 437 <tr> 438 <td> 439 CVE-2015-6638 440 </td> 441 <td> 442 ANDROID-24673908* 443 </td> 444 <td> 445 446 </td> 447 <td> 448 5.05.1.16.06.0.1 449 </td> 450 <td> 451 Google 452 </td> 453 </tr> 454 </tbody> 455 </table> 456 <p> 457 * AOSP 458 <a href="https://developers.google.com/android/nexus/drivers"> 459 Google 460 </a> 461 Nexus 462 </p> 463 <h3 id="elevation_of_privilege_vulnerabilities_in_trustzone"> 464 TrustZone 465 </h3> 466 <p> 467 Widevine QSEE TrustZone QSEECOM TrustZone 468 </p> 469 <table> 470 <tbody> 471 <tr> 472 <th> 473 CVE 474 </th> 475 <th> 476 477 </th> 478 <th> 479 480 </th> 481 <th> 482 483 </th> 484 <th> 485 486 </th> 487 </tr> 488 <tr> 489 <td> 490 CVE-2015-6639 491 </td> 492 <td> 493 ANDROID-24446875* 494 </td> 495 <td> 496 497 </td> 498 <td> 499 5.05.1.16.06.0.1 500 </td> 501 <td> 502 2015 9 23 503 </td> 504 </tr> 505 <tr> 506 <td> 507 CVE-2015-6647 508 </td> 509 <td> 510 ANDROID-24441554* 511 </td> 512 <td> 513 514 </td> 515 <td> 516 5.05.1.16.06.0.1 517 </td> 518 <td> 519 2015 9 27 520 </td> 521 </tr> 522 </tbody> 523 </table> 524 <p> 525 * AOSP 526 <a href="https://developers.google.com/android/nexus/drivers"> 527 Google 528 </a> 529 Nexus 530 </p> 531 <h3 id="elevation_of_privilege_vulnerability_in_kernel"> 532 533 </h3> 534 <p> 535 536 </p> 537 <table> 538 <tbody> 539 <tr> 540 <th> 541 CVE 542 </th> 543 <th> 544 AOSP 545 </th> 546 <th> 547 548 </th> 549 <th> 550 551 </th> 552 <th> 553 554 </th> 555 </tr> 556 <tr> 557 <td> 558 CVE-2015-6640 559 </td> 560 <td> 561 <a href="https://android.googlesource.com/kernel%2Fcommon/+/69bfe2d957d903521d32324190c2754cb073be15"> 562 ANDROID-20017123 563 </a> 564 </td> 565 <td> 566 567 </td> 568 <td> 569 4.4.45.05.1.16.0 570 </td> 571 <td> 572 Google 573 </td> 574 </tr> 575 </tbody> 576 </table> 577 <h3 id="elevation_of_privilege_vulnerability_in_bluetooth"> 578 Bluetooth 579 </h3> 580 <p> 581 Bluetooth Bluetooth 582 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel"> 583 dangerous 584 </a> 585 586 </p> 587 <table> 588 <tbody> 589 <tr> 590 <th> 591 CVE 592 </th> 593 <th> 594 AOSP 595 </th> 596 <th> 597 598 </th> 599 <th> 600 601 </th> 602 <th> 603 604 </th> 605 </tr> 606 <tr> 607 <td> 608 CVE-2015-6641 609 </td> 610 <td> 611 <a href="https://android.googlesource.com/platform%2Fpackages%2Fapps%2FSettings/+/98f11fd1a4752beed56b5fe7a4097ec0ae0c74b3"> 612 ANDROID-23607427 613 </a> 614 [ 615 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fbase/+/ccbe7383e63d7d23bac6bccc8e4094fe474645ec"> 616 2 617 </a> 618 ] 619 </td> 620 <td> 621 622 </td> 623 <td> 624 6.06.0.1 625 </td> 626 <td> 627 Google 628 </td> 629 </tr> 630 </tbody> 631 </table> 632 <h3 id="information_disclosure_vulnerability_in_kernel"> 633 634 </h3> 635 <p> 636 637 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel"> 638 signature 639 </a> 640 641 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel"> 642 signatureOrSystem 643 </a> 644 645 </p> 646 <table> 647 <tbody> 648 <tr> 649 <th> 650 CVE 651 </th> 652 <th> 653 654 </th> 655 <th> 656 657 </th> 658 <th> 659 660 </th> 661 <th> 662 663 </th> 664 </tr> 665 <tr> 666 <td> 667 CVE-2015-6642 668 </td> 669 <td> 670 ANDROID-24157888* 671 </td> 672 <td> 673 674 </td> 675 <td> 676 4.4.45.05.1.16.0 677 </td> 678 <td> 679 2015 9 12 680 </td> 681 </tr> 682 </tbody> 683 </table> 684 <p> 685 * AOSP 686 <a href="https://developers.google.com/android/nexus/drivers"> 687 Google 688 </a> 689 Nexus 690 </p> 691 <h3 id="elevation_of_privilege_vulnerability_in_setup_wizard"> 692 693 </h3> 694 <p> 695 696 </p> 697 <table> 698 <tbody> 699 <tr> 700 <th> 701 CVE 702 </th> 703 <th> 704 AOSP 705 </th> 706 <th> 707 708 </th> 709 <th> 710 711 </th> 712 <th> 713 714 </th> 715 </tr> 716 <tr> 717 <td> 718 CVE-2015-6643 719 </td> 720 <td> 721 <a href="https://android.googlesource.com/platform/packages/apps/Settings/+/665ac7bc29396fd5af2ecfdfda2b9de7a507daa0"> 722 ANDROID-25290269 723 </a> 724 [ 725 <a href="https://android.googlesource.com/platform/packages/apps/Settings/+/a7ff2e955d2509ed28deeef984347e093794f92b"> 726 2 727 </a> 728 ] 729 </td> 730 <td> 731 732 </td> 733 <td> 734 5.1.16.06.0.1 735 </td> 736 <td> 737 Google 738 </td> 739 </tr> 740 </tbody> 741 </table> 742 <h3 id="elevation_of_privilege_vulnerability_in_wi-fi"> 743 Wi-Fi 744 </h3> 745 <p> 746 Wi-Fi Wi-Fi 747 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel"> 748 normal 749 </a> 750 751 </p> 752 <table> 753 <tbody> 754 <tr> 755 <th> 756 CVE 757 </th> 758 <th> 759 AOSP 760 </th> 761 <th> 762 763 </th> 764 <th> 765 766 </th> 767 <th> 768 769 </th> 770 </tr> 771 <tr> 772 <td> 773 CVE-2015-5310 774 </td> 775 <td> 776 <a href="https://android.googlesource.com/platform%2Fexternal%2Fwpa_supplicant_8/+/1e9857b5f1dd84ac5a0ada0150b1b9c87d44d99d"> 777 ANDROID-25266660 778 </a> 779 </td> 780 <td> 781 782 </td> 783 <td> 784 4.4.45.05.1.16.06.0.1 785 </td> 786 <td> 787 2015 10 25 788 </td> 789 </tr> 790 </tbody> 791 </table> 792 <h3 id="information_disclosure_vulnerability_in_bouncy_castle"> 793 Bouncy Castle 794 </h3> 795 <p> 796 Bouncy Castle 797 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel"> 798 dangerous 799 </a> 800 801 </p> 802 <table> 803 <tbody> 804 <tr> 805 <th> 806 CVE 807 </th> 808 <th> 809 AOSP 810 </th> 811 <th> 812 813 </th> 814 <th> 815 816 </th> 817 <th> 818 819 </th> 820 </tr> 821 <tr> 822 <td> 823 CVE-2015-6644 824 </td> 825 <td> 826 <a href="https://android.googlesource.com/platform/external/bouncycastle/+/3e128c5fea3a0ca2d372aa09c4fd4bb0eadfbd3f"> 827 ANDROID-24106146 828 </a> 829 </td> 830 <td> 831 832 </td> 833 <td> 834 4.4.45.05.1.16.06.0.1 835 </td> 836 <td> 837 Google 838 </td> 839 </tr> 840 </tbody> 841 </table> 842 <h3 id="denial_of_service_vulnerability_in_syncmanager"> 843 SyncManager 844 </h3> 845 <p> 846 SyncManager 847 </p> 848 <table> 849 <tbody> 850 <tr> 851 <th> 852 CVE 853 </th> 854 <th> 855 AOSP 856 </th> 857 <th> 858 859 </th> 860 <th> 861 862 </th> 863 <th> 864 865 </th> 866 </tr> 867 <tr> 868 <td> 869 CVE-2015-6645 870 </td> 871 <td> 872 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fbase/+/c0f39c1ece72a05c796f7ba30b7a2b5b580d5025"> 873 ANDROID-23591205 874 </a> 875 </td> 876 <td> 877 878 </td> 879 <td> 880 4.4.45.05.1.16.0 881 </td> 882 <td> 883 Google 884 </td> 885 </tr> 886 </tbody> 887 </table> 888 <h3 id="attack_surface_reduction_for_nexus_kernels"> 889 Nexus 890 </h3> 891 <p> 892 System V IPC Android System V IPC OS System V IPC Android CVE-2015-7613 893 </p> 894 <table> 895 <tbody> 896 <tr> 897 <th> 898 CVE 899 </th> 900 <th> 901 902 </th> 903 <th> 904 905 </th> 906 <th> 907 908 </th> 909 <th> 910 911 </th> 912 </tr> 913 <tr> 914 <td> 915 CVE-2015-6646 916 </td> 917 <td> 918 ANDROID-22300191* 919 </td> 920 <td> 921 922 </td> 923 <td> 924 6.0 925 </td> 926 <td> 927 Google 928 </td> 929 </tr> 930 </tbody> 931 </table> 932 <p> 933 * AOSP 934 <a href="https://developers.google.com/android/nexus/drivers"> 935 Google 936 </a> 937 Nexus 938 </p> 939 <h3 id="common_questions_and_answers"> 940 941 </h3> 942 <p> 943 944 </p> 945 <p> 946 <strong> 947 1. 948 </strong> 949 </p> 950 <p> 951 LMY49F Android 6.0 2016 1 1 952 <a href="https://support.google.com/nexus/answer/4457705"> 953 Nexus 954 </a> 955 [ro.build.version.security_patch]:[2016-01-01] 956 </p> 957 <h2 id="revisions" style="margin-bottom:0px"> 958 959 </h2> 960 <hr/> 961 <ul> 962 <li> 963 2016 1 4 : 964 </li> 965 <li> 966 2016 1 6 : AOSP 967 </li> 968 </ul> 969 970 </body> 971 </html> 972