1 <html devsite> 2 <head> 3 <title>Nexus - 2016 3 </title> 4 <meta name="project_path" value="/_project.yaml" /> 5 <meta name="book_path" value="/_book.yaml" /> 6 </head> 7 <body> 8 <!-- 9 Copyright 2017 The Android Open Source Project 10 11 Licensed under the Apache License, Version 2.0 (the "License"); 12 you may not use this file except in compliance with the License. 13 You may obtain a copy of the License at 14 15 http://www.apache.org/licenses/LICENSE-2.0 16 17 Unless required by applicable law or agreed to in writing, software 18 distributed under the License is distributed on an "AS IS" BASIS, 19 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 20 See the License for the specific language governing permissions and 21 limitations under the License. 22 --> 23 24 25 26 <p><em>2016 3 7 | 2016 3 8 </em></p> 27 28 <p>Android Nexus 29 OTA 30 Nexus <a href="https://developers.google.com/android/nexus/images">Google </a> 31 32 LMY49H Android Marshmallow 2016 3 1 33 34 35 <a href="https://support.google.com/nexus/answer/4457705">Nexus </a></p> 36 37 <p> 2016 2 1 38 48 39 Android AOSP 40 AOSP </p> 41 42 <p>MMS 43 44 </p> 45 46 <p> 47 <a href="#mitigations">Android </a> 48 SafetyNet 49 <a href="/security/enhancements/index.html"></a>Android 50 51 </p> 52 53 <h2 id="security_vulnerability_summary"></h2> 54 55 <p>CVE 56 57 <a href="/security/overview/updates-resources.html#severity"></a> 58 59 60 </p> 61 <table> 62 <tr> 63 <th></th> 64 <th>CVE</th> 65 <th></th> 66 </tr> 67 <tr> 68 <td></td> 69 <td>CVE-2016-0815<br> 70 CVE-2016-0816</td> 71 <td></td> 72 </tr> 73 <tr> 74 <td>libvpx </td> 75 <td>CVE-2016-1621</td> 76 <td></td> 77 </tr> 78 <tr> 79 <td>Conscrypt </td> 80 <td>CVE-2016-0818</td> 81 <td></td> 82 </tr> 83 <tr> 84 <td>Qualcomm <br> 85 </td> 86 <td>CVE-2016-0819</td> 87 <td></td> 88 </tr> 89 <tr> 90 <td>MediaTek Wi-Fi </td> 91 <td>CVE-2016-0820</td> 92 <td></td> 93 </tr> 94 <tr> 95 <td> </td> 96 <td>CVE-2016-0728</td> 97 <td></td> 98 </tr> 99 <tr> 100 <td></td> 101 <td>CVE-2016-0821</td> 102 <td></td> 103 </tr> 104 <tr> 105 <td>MediaTek </td> 106 <td>CVE-2016-0822</td> 107 <td></td> 108 </tr> 109 <tr> 110 <td></td> 111 <td>CVE-2016-0823</td> 112 <td></td> 113 </tr> 114 <tr> 115 <td>libstagefright </td> 116 <td>CVE-2016-0824</td> 117 <td></td> 118 </tr> 119 <tr> 120 <td>Widevine </td> 121 <td>CVE-2016-0825</td> 122 <td></td> 123 </tr> 124 <tr> 125 <td></td> 126 <td>CVE-2016-0826<br> 127 CVE-2016-0827</td> 128 <td></td> 129 </tr> 130 <tr> 131 <td></td> 132 <td>CVE-2016-0828<br> 133 CVE-2016-0829</td> 134 <td></td> 135 </tr> 136 <tr> 137 <td>Bluetooth </td> 138 <td>CVE-2016-0830</td> 139 <td></td> 140 </tr> 141 <tr> 142 <td>Telephony </td> 143 <td>CVE-2016-0831</td> 144 <td></td> 145 </tr> 146 <tr> 147 <td> </td> 148 <td>CVE-2016-0832</td> 149 <td></td> 150 </tr> 151 </table> 152 153 154 <h3 id="mitigations"></h3> 155 156 157 <p><a href="/security/enhancements/index.html">Android </a> 158 SafetyNet 159 160 Android 161 </p> 162 163 <ul> 164 <li> Android Android 165 Android 166 <li> Android SafetyNet Google Play Google Play 167 <li> Google 168 </li></li></li></ul> 169 170 <h3 id="acknowledgements"></h3> 171 172 173 <p></p> 174 175 <ul> 176 <li> Google Chrome Abhishek AryaOliver ChangMartin 177 Barbella: CVE-2016-0815 178 <li> CENSUS S.A. Anestis Bechtsoudis<a href="https://twitter.com/anestisb">@anestisb</a>: CVE-2016-0816CVE-2016-0824 179 <li> Android Chad Brubaker: CVE-2016-0818 180 <li> Google Project Zero Mark Brand: CVE-2016-0820 181 <li> <a href="http://www.360safe.com">Qihoo 360</a> <a href="http://c0reteam.org">C0RE </a> Mingjian Zhou<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>Chiachih Wu<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>Xuxian Jiang: CVE-2016-0826 182 <li> Trend Micro Peter Pi<a href="https://twitter.com/heisecode">@heisecode</a>: CVE-2016-0827CVE-2016-0828CVE-2016-0829 183 <li> Scott Bauer<a href="mailto:sbauer (a] eng.utah.edu">sbauer (a] eng.utah.edu</a><a href="mailto:sbauer (a] plzdonthack.me">sbauer (a] plzdonthack.me</a>: CVE-2016-0822 184 <li> Trend Micro Inc. Wish Wu<a href="https://twitter.com/@wish_wu">@wish_wu</a>: CVE-2016-0819 185 <li> Huawei Yongzheng WuTieyan Li: CVE-2016-0831 186 <li> Singapore Management University Su Mon KyweYingjiu Li: CVE-2016-0831 187 <li> Android Zach Riggle<a href="https://twitter.com/@ebeip90">@ebeip90</a>: CVE-2016-0821 188 </li></li></li></li></li></li></li></li></li></li></li></ul> 189 190 <h2 id="security_vulnerability_details"></h2> 191 192 193 <p><a href="#security_vulnerability_summary"></a>CVE 194 195 ID AOSP 196 ID 197 AOSP </p> 198 199 <h3 id="remote_code_execution_vulnerability_in_mediaserver"></h3> 200 201 202 <p> 203 204 </p> 205 206 <p> 207 MMS 208 </p> 209 210 <p> 211 212 213 </p> 214 <table> 215 <tr> 216 <th>CVE</th> 217 <th> AOSP </th> 218 <th></th> 219 <th></th> 220 <th></th> 221 </tr> 222 <tr> 223 <td>CVE-2016-0815</td> 224 <td><a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/5403587a74aee2fb57076528c3927851531c8afb">ANDROID-26365349</a> 225 </td> 226 <td></td> 227 <td>4.4.45.0.25.1.16.06.0.1</td> 228 <td>Google </td> 229 </tr> 230 <tr> 231 <td>CVE-2016-0816</td> 232 <td><a href="https://android.googlesource.com/platform/external/libavc/+/4a524d3a8ae9aa20c36430008e6bd429443f8f1d">ANDROID-25928803</a> 233 </td> 234 <td></td> 235 <td>6.06.0.1</td> 236 <td>Google </td> 237 </tr> 238 </table> 239 240 241 <h3 id="remote_code_execution_vulnerabilities_in_libvpx">libvpx </h3> 242 243 244 <p> 245 246 </p> 247 248 <p> 249 MMS 250 </p> 251 252 <p> 253 254 255 </p> 256 <table> 257 <tr> 258 <th>CVE</th> 259 <th> AOSP </th> 260 <th></th> 261 <th></th> 262 <th></th> 263 </tr> 264 <tr> 265 <td>CVE-2016-1621</td> 266 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/5a6788730acfc6fd8f4a6ef89d2c376572a26b55">ANDROID-23452792</a> 267 <a href="https://android.googlesource.com/platform/external/libvpx/+/04839626ed859623901ebd3a5fd483982186b59d">[2]</a> 268 <a href="https://android.googlesource.com/platform/external/libvpx/+/5a9753fca56f0eeb9f61e342b2fccffc364f9426">[3]</a> 269 </td> 270 <td></td> 271 <td>4.4.45.0.25.1.16.0</td> 272 <td>Google </td> 273 </tr> 274 </table> 275 276 277 <h3 id="elevation_of_privilege_in_conscrypt">Conscrypt </h3> 278 279 <p>Conscrypt CA</p> 280 281 <table> 282 <tr> 283 <th>CVE</th> 284 <th> AOSP </th> 285 <th>Severity</th> 286 <th></th> 287 <th></th> 288 </tr> 289 <tr> 290 <td>CVE-2016-0818</td> 291 <td><a href="https://android.googlesource.com/platform/external/conscrypt/+/c4ab1b959280413fb11bf4fd7f6b4c2ba38bd779">ANDROID-26232830</a> 292 <a href="https://android.googlesource.com/platform/external/conscrypt/+/4c9f9c2201116acf790fca25af43995d29980ee0">[2]</a> 293 </td> 294 <td></td> 295 <td>4.4.45.0.25.1.16.06.0.1</td> 296 <td>Google </td> 297 </tr> 298 </table> 299 300 301 <h3 id="elevation_of_privilege_vulnerability_in_the_qualcomm_performance_component">Qualcomm </h3> 302 303 304 <p>Qualcomm 305 306 307 308 </p> 309 <table> 310 <tr> 311 <th>CVE</th> 312 <th></th> 313 <th></th> 314 <th></th> 315 <th></th> 316 </tr> 317 <tr> 318 <td>CVE-2016-0819</td> 319 <td>ANDROID-25364034*</td> 320 <td></td> 321 <td>4.4.45.0.25.1.16.06.0.1</td> 322 <td>2015 10 29 </td> 323 </tr> 324 </table> 325 326 327 <p>* AOSP 328 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus </p> 329 330 <h3 id="elevation_of_privilege_vulnerability_in_mediatek_wi-fi_kernel_driver">MediaTek Wi-Fi </h3> 331 332 333 <p>MediaTek Wi-Fi 334 335 336 337 </p> 338 <table> 339 <tr> 340 <th>CVE</th> 341 <th></th> 342 <th></th> 343 <th></th> 344 <th></th> 345 </tr> 346 <tr> 347 <td>CVE-2016-0820</td> 348 <td>ANDROID-26267358*</td> 349 <td></td> 350 <td>6.0.1</td> 351 <td>2015 12 18 </td> 352 </tr> 353 </table> 354 355 356 <p>* AOSP 357 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 358 </p> 359 360 <h3 id="elevation_of_privilege_vulnerability_in_kernel_keyring_component"> </h3> 361 362 363 <p> 364 365 366 367 Android 5.0 368 SELinux 369 </p> 370 371 <p><strong>:</strong> AOSP 372 <a href="https://android.googlesource.com/kernel/common/+/8a8431507f8f5910db5ac85b72dbdc4ed8f6b308">4.1</a> 373 <a href="https://android.googlesource.com/kernel/common/+/ba8bb5774ca7b1acc314c98638cf678ce0beb19a">3.18</a> 374 <a href="https://android.googlesource.com/kernel/common/+/93faf7ad3d603c33b33e49318e81cf00f3a24a73">3.14</a> 375 <a href="https://android.googlesource.com/kernel/common/+/9fc5f368bb89b65b591c4f800dfbcc7432e49de5">3.10</a></p> 376 <table> 377 <tr> 378 <th>CVE</th> 379 <th></th> 380 <th></th> 381 <th></th> 382 <th></th> 383 </tr> 384 <tr> 385 <td>CVE-2016-0728</td> 386 <td>ANDROID-26636379 </td> 387 <td></td> 388 <td>4.4.45.0.25.1.16.06.0.1</td> 389 <td>2016 1 11 </td> 390 </tr> 391 </table> 392 393 394 <h3 id="mitigation_bypass_vulnerability_in_the_kernel"></h3> 395 396 397 <p> 398 399 400 401 </p> 402 403 <p><strong>:</strong> 404 <a href="https://github.com/torvalds/linux/commit/8a5e5e02fc83aaf67053ab53b359af08c6c49aaf">Linux </a></p> 405 406 <table> 407 <tr> 408 <th>CVE</th> 409 <th></th> 410 <th></th> 411 <th></th> 412 <th></th> 413 </tr> 414 <tr> 415 <td>CVE-2016-0821</td> 416 <td>ANDROID-26186802</td> 417 <td></td> 418 <td>6.0.1</td> 419 <td>Google </td> 420 </tr> 421 </table> 422 423 424 <h3 id="elevation_of_privilege_in_mediatek_connectivity_kernel_driver">MediaTek </h3> 425 426 427 <p>MediaTek 428 429 430 conn_launcher 431 432 </p> 433 <table> 434 <tr> 435 <th>CVE</th> 436 <th></th> 437 <th></th> 438 <th></th> 439 <th></th> 440 </tr> 441 <tr> 442 <td>CVE-2016-0822</td> 443 <td>ANDROID-25873324*</td> 444 <td></td> 445 <td>6.0.1</td> 446 <td>2015 11 24 </td> 447 </tr> 448 </table> 449 450 451 <p>* AOSP 452 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 453 </p> 454 455 <h3 id="information_disclosure_vulnerability_in_kernel"></h3> 456 457 458 <p> 459 460 ASLR 461 462 </p> 463 464 <p><strong>:</strong> 465 <a href="https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ab676b7d6fbf4b294bf198fb27ade5b0e865c7ce">Linux </a></p> 466 <table> 467 <tr> 468 <th>CVE</th> 469 <th></th> 470 <th></th> 471 <th></th> 472 <th></th> 473 </tr> 474 <tr> 475 <td>CVE-2016-0823</td> 476 <td>ANDROID-25739721*</td> 477 <td></td> 478 <td>6.0.1</td> 479 <td>Google </td> 480 </tr> 481 </table> 482 <p>* AOSP 483 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 484 </p> 485 486 <h3 id="information_disclosure_vulnerability_in_libstagefright">libstagefright </h3> 487 488 489 <p>libstagefright 490 491 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">signature</a> 492 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">signatureOrSystem</a> </p> 493 <table> 494 <tr> 495 <th>CVE</th> 496 <th> AOSP </th> 497 <th></th> 498 <th></th> 499 <th></th> 500 </tr> 501 <tr> 502 <td>CVE-2016-0824</td> 503 <td><a href="https://android.googlesource.com/platform/external/libmpeg2/+/ffab15eb80630dc799eb410855c93525b75233c3">ANDROID-25765591</a> 504 </td> 505 <td></td> 506 <td>6.06.0.1</td> 507 <td>2015 11 18 </td> 508 </tr> 509 </table> 510 511 512 <h3 id="information_disclosure_vulnerability_in_widevine">Widevine </h3> 513 514 515 <p>Widevine Trusted Application 516 TrustZone 517 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">signature</a> 518 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">signatureOrSystem</a> 519 520 521 </p> 522 <table> 523 <tr> 524 <th>CVE</th> 525 <th></th> 526 <th></th> 527 <th></th> 528 <th></th> 529 </tr> 530 <tr> 531 <td>CVE-2016-0825</td> 532 <td>ANDROID-20860039*</td> 533 <td></td> 534 <td>6.0.1</td> 535 <td>Google </td> 536 </tr> 537 </table> 538 539 540 <p>* AOSP 541 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 542 </p> 543 544 <h3 id="elevation_of_privilege_vulnerability_in_mediaserver"></h3> 545 546 547 <p> 548 549 550 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">signature</a> <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">signatureOrSystem</a> </p> 551 <table> 552 <tr> 553 <th>CVE</th> 554 <th> AOSP </th> 555 <th></th> 556 <th></th> 557 <th></th> 558 </tr> 559 <tr> 560 <td>CVE-2016-0826</td> 561 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/c9ab2b0bb05a7e19fb057e79b36e232809d70122">ANDROID-26265403</a> 562 <a href="https://android.googlesource.com/platform/frameworks/av/+/899823966e78552bb6dfd7772403a4f91471d2b0">[2]</a> 563 </td> 564 <td></td> 565 <td>4.4.45.0.25.1.16.06.0.1</td> 566 <td>2015 12 17 </td> 567 </tr> 568 <tr> 569 <td>CVE-2016-0827</td> 570 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/9e29523b9537983b4c4b205ff868d0b3bca0383b">ANDROID-26347509</a></td> 571 <td></td> 572 <td>4.4.45.0.25.1.16.06.0.1</td> 573 <td>2015 12 28 </td> 574 </tr> 575 </table> 576 577 578 <h3 id="information_disclosure_vulnerability_in_mediaserver"></h3> 579 580 581 <p> 582 583 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">signature</a> 584 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">signatureOrSystem</a> </p> 585 <table> 586 <tr> 587 <th>CVE</th> 588 <th> AOSP </th> 589 <th></th> 590 <th></th> 591 <th></th> 592 </tr> 593 <tr> 594 <td>CVE-2016-0828</td> 595 <td><a href="https://android.googlesource.com/platform/frameworks/native/+/dded8fdbb700d6cc498debc69a780915bc34d755">ANDROID-26338113</a> 596 </td> 597 <td></td> 598 <td>5.0.25.1.16.06.0.1</td> 599 <td>2015 12 27 </td> 600 </tr> 601 <tr> 602 <td>CVE-2016-0829</td> 603 <td><a href="https://android.googlesource.com/platform/frameworks/native/+/d06421fd37fbb7fd07002e6738fac3a223cb1a62">ANDROID-26338109</a></td> 604 <td></td> 605 <td>4.4.45.0.25.1.16.06.0.1</td> 606 <td>2015 12 27 </td> 607 </tr> 608 </table> 609 610 611 <h3 id="remote_denial_of_service_vulnerability_in_bluetooth">Bluetooth </h3> 612 613 614 <p>Bluetooth 615 616 Bluetooth Bluetooth 617 Bluetooth 618 619 </p> 620 <table> 621 <tr> 622 <th>CVE</th> 623 <th> AOSP </th> 624 <th></th> 625 <th></th> 626 <th></th> 627 </tr> 628 <tr> 629 <td>CVE-2016-0830</td> 630 <td><a href="https://android.googlesource.com/platform/system/bt/+/d77f1999ecece56c1cbb333f4ddc26f0b5bac2c5">ANDROID-26071376</a></td> 631 <td></td> 632 <td>6.06.0.1</td> 633 <td>Google </td> 634 </tr> 635 </table> 636 637 638 <h3 id="information_disclosure_vulnerability_in_telephony">Telephony </h3> 639 640 641 <p>Telephony 642 643 644 </p> 645 <table> 646 <tr> 647 <th>CVE</th> 648 <th> AOSP </th> 649 <th></th> 650 <th></th> 651 <th></th> 652 </tr> 653 <tr> 654 <td>CVE-2016-0831</td> 655 <td><a href="https://android.googlesource.com/platform/frameworks/opt/telephony/+/79eecef63f3ea99688333c19e22813f54d4a31b1">ANDROID-25778215</a></td> 656 <td></td> 657 <td>5.0.25.1.16.06.0.1</td> 658 <td>2015 11 16 </td> 659 </tr> 660 </table> 661 662 663 <h3 id="elevation_of_privilege_vulnerability_in_setup_wizard"> </h3> 664 665 666 <p> 667 668 669 </p> 670 <table> 671 <tr> 672 <th>CVE</th> 673 <th></th> 674 <th></th> 675 <th></th> 676 <th></th> 677 </tr> 678 <tr> 679 <td>CVE-2016-0832</td> 680 <td>ANDROID-25955042*</td> 681 <td></td> 682 <td>5.1.16.06.0.1</td> 683 <td>Google </td> 684 </tr> 685 </table> 686 687 688 <p>* </p> 689 690 <h2 id="common_questions_and_answers"></h2> 691 692 693 <p></p> 694 695 <p><strong>1. </strong></p> 696 697 <p>LMY49H Android 6.0 2016 3 1 698 <a href="https://support.google.com/nexus/answer/4457705">Nexus </a> 699 700 [ro.build.version.security_patch]:[2016-03-01] </p> 701 702 <h2 id="revisions"></h2> 703 704 705 <ul> 706 <li> 2016 3 7 : 707 <li> 2016 3 8 : AOSP 708 </li></li></ul> 709 710 711 </body> 712 </html> 713
