1 <html devsite> 2 <head> 3 <title>Nexus - 2016 2 </title> 4 <meta name="project_path" value="/_project.yaml" /> 5 <meta name="book_path" value="/_book.yaml" /> 6 </head> 7 <body> 8 <!-- 9 Copyright 2017 The Android Open Source Project 10 11 Licensed under the Apache License, Version 2.0 (the "License"); 12 you may not use this file except in compliance with the License. 13 You may obtain a copy of the License at 14 15 http://www.apache.org/licenses/LICENSE-2.0 16 17 Unless required by applicable law or agreed to in writing, software 18 distributed under the License is distributed on an "AS IS" BASIS, 19 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 20 See the License for the specific language governing permissions and 21 limitations under the License. 22 --> 23 24 25 26 <p><em>2016 2 1 | 2016 3 7 </em></p> 27 28 <p>Android Nexus 29 OTA 30 Nexus <a href="https://developers.google.com/android/nexus/images">Google </a> 31 32 LMY49G Android Marshmallow 2016 2 1 33 34 35 <a href="https://support.google.com/nexus/answer/4457705">Nexus </a></p> 36 37 <p> 2016 1 4 38 Android 39 AOSP</p> 40 41 <p>MMS 42 43 Broadcom Wi-Fi 44 45 46 </p> 47 48 <p> 49 <a href="/security/enhancements/index.html">Android </a> 50 SafetyNet 51 <a href="#mitigations"></a>Android 52 53 </p> 54 55 <h2 id="security_vulnerability_summary"></h2> 56 57 58 <p>CVE 59 60 <a href="/security/overview/updates-resources.html#severity"></a> 61 62 63 </p> 64 <table> 65 <tr> 66 <th></th> 67 <th>CVE</th> 68 <th></th> 69 </tr> 70 <tr> 71 <td>Broadcom Wi-Fi </td> 72 <td>CVE-2016-0801<br> 73 CVE-2016-0802</td> 74 <td></td> 75 </tr> 76 <tr> 77 <td></td> 78 <td>CVE-2016-0803<br> 79 CVE-2016-0804</td> 80 <td></td> 81 </tr> 82 <tr> 83 <td>Qualcomm </td> 84 <td>CVE-2016-0805</td> 85 <td></td> 86 </tr> 87 <tr> 88 <td>Qualcomm Wi-Fi </td> 89 <td>CVE-2016-0806</td> 90 <td></td> 91 </tr> 92 <tr> 93 <td> </td> 94 <td>CVE-2016-0807</td> 95 <td></td> 96 </tr> 97 <tr> 98 <td>Minikin </td> 99 <td>CVE-2016-0808</td> 100 <td></td> 101 </tr> 102 <tr> 103 <td>Wi-Fi </td> 104 <td>CVE-2016-0809</td> 105 <td></td> 106 </tr> 107 <tr> 108 <td></td> 109 <td>CVE-2016-0810</td> 110 <td></td> 111 </tr> 112 <tr> 113 <td>libmediaplayerservice </td> 114 <td>CVE-2016-0811</td> 115 <td></td> 116 </tr> 117 <tr> 118 <td> </td> 119 <td>CVE-2016-0812<br> 120 CVE-2016-0813</td> 121 <td></td> 122 </tr> 123 </table> 124 125 126 <h3 id="mitigations"></h3> 127 128 129 <p><a href="https://source.android.com/security/enhancements/index.html">Android </a> SafetyNet Android </p> 130 131 <ul> 132 <li> Android Android Android 133 <li> Android SafetyNet Google Play Google Play 134 <li> Google 135 </li></li></li></ul> 136 137 <h3 id="acknowledgements"></h3> 138 139 140 <p></p> 141 142 <ul> 143 <li> Android Chrome : CVE-2016-0809CVE-2016-0810 144 <li> Broadgate : CVE-2016-0801CVE-2015-0802 145 <li> <a href="http://www.360safe.com/">Qihoo 360</a> <a href="http://c0reteam.org">C0RE </a> Chiachih Wu<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>Mingjian Zhou 146 <a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>Xuxian Jiang: CVE-2016-0804 147 <li> Google Pixel C David Riley: CVE-2016-0812 148 <li> Qihoo 360 Lab IceSword 149 Gengjia Chen<a href="https://twitter.com/@chengjia4574">@chengjia4574</a>: CVE-2016-0805 150 <li> Tencent KeenLab<a href="https://twitter.com/keen_lab">@keen_lab</a> 151 Qidan He<a href="https://twitter.com/@Flanker_hqd">@Flanker_hqd</a>: CVE-2016-0811 152 <li> Trend Micro<a href="http://www.trendmicro.com">www.trendmicro.com</a> 153 Seven Shen<a href="https://twitter.com/@lingtongshen">@lingtongshen</a>: CVE-2016-0803 154 <li> Alibaba Inc Weichao Sun<a href="https://twitter.com/sunblate">@sunblate</a>: CVE-2016-0808 155 <li> Android Zach Riggle<a href="https://twitter.com/@ebeip90">@ebeip90</a>: CVE-2016-0807 156 </li></li></li></li></li></li></li></li></li></li></li></ul> 157 158 <h2 id="security_vulnerability_details"></h2> 159 160 161 <p><a href="#security_vulnerability_summary"></a> 162 163 CVE 164 165 ID AOSP 166 ID 167 AOSP </p> 168 169 <h3 id="remote_code_execution_vulnerability_in_broadcom_wi-fi_driver">Broadcom Wi-Fi </h3> 170 171 172 <p>Broadcom Wi-Fi 173 174 175 176 177 178 </p> 179 <table> 180 <tr> 181 <th>CVE</th> 182 <th></th> 183 <th></th> 184 <th></th> 185 <th></th> 186 </tr> 187 <tr> 188 <td>CVE-2016-0801</td> 189 <td><a href="https://android.googlesource.com/kernel/msm/+/68cdc8df1cb6622980b791ce03e99c255c9888af^!">ANDROID-25662029</a><br> 190 <a href="https://android.googlesource.com/kernel/msm/+/68cdc8df1cb6622980b791ce03e99c255c9888af^!">ANDROID-25662233</a></td> 191 <td></td> 192 <td>4.4.45.05.1.16.06.0.1</td> 193 <td>2015 10 25 </td> 194 </tr> 195 <tr> 196 <td>CVE-2016-0802</td> 197 <td><a href="https://android.googlesource.com/kernel/msm/+/3fffc78f70dc101add8b82af878d53457713d005^%21/">ANDROID-25306181</a></td> 198 <td></td> 199 <td>4.4.45.05.1.16.06.0.1</td> 200 <td>2015 10 26 </td> 201 </tr> 202 </table> 203 204 <h3 id="remote_code_execution_vulnerability_in_mediaserver"></h3> 205 206 <p> </p> 207 208 <p> MMS </p> 209 210 <p></p> 211 <table> 212 <tr> 213 <th>CVE</th> 214 <th> AOSP </th> 215 <th></th> 216 <th></th> 217 <th></th> 218 </tr> 219 <tr> 220 <td>CVE-2016-0803</td> 221 <td><a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/50270d98e26fa18b20ca88216c3526667b724ba7">ANDROID-25812794</a></td> 222 <td></td> 223 <td>4.4.45.05.1.16.06.0.1</td> 224 <td>2015 11 19 </td> 225 </tr> 226 <tr> 227 <td>CVE-2016-0804</td> 228 <td><a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/224858e719d045c8554856b12c4ab73d2375cf33">ANDROID-25070434</a></td> 229 <td></td> 230 <td>5.05.1.16.06.0.1</td> 231 <td>2015 10 12 </td> 232 </tr> 233 </table> 234 235 236 <h3 id="elevation_of_privilege_vulnerability_in_qualcomm_performance_module">Qualcomm </h3> 237 238 239 <p>Qualcomm ARM 240 241 242 243 244 </p> 245 <table> 246 <tr> 247 <th>CVE</th> 248 <th></th> 249 <th></th> 250 <th></th> 251 <th></th> 252 </tr> 253 <tr> 254 <td>CVE-2016-0805</td> 255 <td>ANDROID-25773204*</td> 256 <td></td> 257 <td>4.4.45.05.1.16.06.0.1</td> 258 <td>2015 11 15 </td> 259 </tr> 260 </table> 261 262 <p>* AOSP 263 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus </p> 264 265 <h3 id="elevation_of_privilege_vulnerability_in_qualcomm_wifi_driver">Qualcomm Wi-Fi </h3> 266 267 268 <p>Qualcomm Wi-Fi 269 270 271 272 </p> 273 <table> 274 <tr> 275 <th>CVE</th> 276 <th></th> 277 <th></th> 278 <th></th> 279 <th></th> 280 </tr> 281 <tr> 282 <td>CVE-2016-0806</td> 283 <td>ANDROID-25344453*</td> 284 <td></td> 285 <td>4.4.45.05.1.16.06.0.1</td> 286 <td>2015 11 15 </td> 287 </tr> 288 </table> 289 290 <p>* AOSP 291 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus </p> 292 293 <h3 id="elevation_of_privilege_vulnerability_in_the_debuggerd">Debuggerd </h3> 294 295 296 <p>Debuggerd 297 298 299 300 </p> 301 <table> 302 <tr> 303 <th>CVE</th> 304 <th> AOSP </th> 305 <th></th> 306 <th></th> 307 <th></th> 308 </tr> 309 <tr> 310 <td>CVE-2016-0807</td> 311 <td><a href="https://android.googlesource.com/platform%2Fsystem%2Fcore/+/d917514bd6b270df431ea4e781a865764d406120">ANDROID-25187394</a></td> 312 <td></td> 313 <td>6.06.0.1</td> 314 <td>Google </td> 315 </tr> 316 </table> 317 318 319 <h3 id="denial_of_service_vulnerability_in_minikin">Minikin </h3> 320 321 322 <p>Minikin 323 324 Minikin 325 326 </p> 327 <table> 328 <tr> 329 <th>CVE</th> 330 <th> AOSP </th> 331 <th></th> 332 <th></th> 333 <th></th> 334 </tr> 335 <tr> 336 <td>CVE-2016-0808</td> 337 <td><a href="https://android.googlesource.com/platform/frameworks/minikin/+/ed4c8d79153baab7f26562afb8930652dfbf853b">ANDROID-25645298</a></td> 338 <td></td> 339 <td>5.05.1.16.06.0.1</td> 340 <td>2015 11 3 </td> 341 </tr> 342 </table> 343 344 345 <h3 id="elevation_of_privilege_vulnerability_in_wi-fi">Wi-Fi </h3> 346 347 348 <p>Wi-Fi 349 350 351 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel"></a> 352 </p> 353 <table> 354 <tr> 355 <th>CVE</th> 356 <th> AOSP </th> 357 <th></th> 358 <th></th> 359 <th></th> 360 </tr> 361 <tr> 362 <td>CVE-2016-0809</td> 363 <td><a href="https://android.googlesource.com/platform/hardware/broadcom/wlan/+/2c5a4fac8bc8198f6a2635ede776f8de40a0c3e1^%21/#F0">ANDROID-25753768</a></td> 364 <td></td> 365 <td>6.06.0.1</td> 366 <td>Google </td> 367 </tr> 368 </table> 369 370 371 <h3 id="elevation_of_privilege_vulnerability_in_mediaserver"></h3> 372 373 374 <p> 375 376 377 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">signature</a> <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">signatureOrSystem</a> </p> 378 <table> 379 <tr> 380 <th>CVE</th> 381 <th> AOSP </th> 382 <th></th> 383 <th></th> 384 <th></th> 385 </tr> 386 <tr> 387 <td>CVE-2016-0810</td> 388 <td><a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/19c47afbc402542720ddd280e1bbde3b2277b586">ANDROID-25781119</a></td> 389 <td></td> 390 <td>4.4.45.05.1.16.06.0.1</td> 391 <td>Google </td> 392 </tr> 393 </table> 394 395 396 <h3 id="information_disclosure_vulnerability_in_libmediaplayerservice">libmediaplayerservice </h3> 397 398 399 <p>libmediaplayerservice 400 401 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">signature</a> 402 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">signatureOrSystem</a> </p> 403 <table> 404 <tr> 405 <th>CVE</th> 406 <th> AOSP </th> 407 <th></th> 408 <th></th> 409 <th></th> 410 </tr> 411 <tr> 412 <td>CVE-2016-0811</td> 413 <td><a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/22f824feac43d5758f9a70b77f2aca840ba62c3b">ANDROID-25800375</a></td> 414 <td></td> 415 <td>6.06.0.1</td> 416 <td>2015 11 16 </td> 417 </tr> 418 </table> 419 420 421 <h3 id="elevation_of_privilege_vulnerability_in_setup_wizard"> </h3> 422 423 424 <p> 425 426 427 428 </p> 429 <table> 430 <tr> 431 <th>CVE</th> 432 <th> AOSP </th> 433 <th></th> 434 <th></th> 435 <th></th> 436 </tr> 437 <tr> 438 <td>CVE-2016-0812</td> 439 <td><a href="https://android.googlesource.com/platform%2Fframeworks%2Fbase/+/84669ca8de55d38073a0dcb01074233b0a417541">ANDROID-25229538</a></td> 440 <td></td> 441 <td>5.1.16.0</td> 442 <td>Google </td> 443 </tr> 444 <tr> 445 <td>CVE-2016-0813</td> 446 <td><a href="https://android.googlesource.com/platform%2Fframeworks%2Fbase/+/16a76dadcc23a13223e9c2216dad1fe5cad7d6e1">ANDROID-25476219</a></td> 447 <td></td> 448 <td>5.1.16.06.0.1</td> 449 <td>Google </td> 450 </tr> 451 </table> 452 453 <h3 id="common_questions_and_answers"></h3> 454 455 <p></p> 456 457 <p><strong>1. </strong></p> 458 459 <p>LMY49G Android 6.0 2016 2 1 460 <a href="https://support.google.com/nexus/answer/4457705">Nexus </a> 461 462 [ro.build.version.security_patch]:[2016-02-01] </p> 463 464 <h2 id="revisions"></h2> 465 466 467 <ul> 468 <li> 2016 2 1 : 469 <li> 2016 2 2 : AOSP 470 <li> 2016 3 7 : AOSP 471 472 </li></li></li></ul> 473 474 </body> 475 </html> 476
