1 <html devsite> 2 <head> 3 <title>Nexus - 2016 4 </title> 4 <meta name="project_path" value="/_project.yaml" /> 5 <meta name="book_path" value="/_book.yaml" /> 6 </head> 7 <body> 8 <!-- 9 Copyright 2017 The Android Open Source Project 10 11 Licensed under the Apache License, Version 2.0 (the "License"); 12 you may not use this file except in compliance with the License. 13 You may obtain a copy of the License at 14 15 http://www.apache.org/licenses/LICENSE-2.0 16 17 Unless required by applicable law or agreed to in writing, software 18 distributed under the License is distributed on an "AS IS" BASIS, 19 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 20 See the License for the specific language governing permissions and 21 limitations under the License. 22 --> 23 24 25 26 27 28 <p><em>2016 4 4 | 2016 4 6 </em></p> 29 <p>Android Nexus 30 OTA 31 Nexus <a href="https://developers.google.com/android/nexus/images">Google </a> 32 33 2016 4 2 34 35 36 <a href="https://support.google.com/nexus/answer/4457705">Nexus </a></p> 37 <p> 2016 3 16 38 Android 39 AOSP</p> 40 <p>MMS 41 42 </p> 43 <p> 44 2016 3 18 <a href="/security/advisory/2016-03-18.html">Android </a> 45 <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1805">CVE-2015-1805</a> 46 <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1805">CVE-2015-1805</a> 47 48 49 <a href="/security/enhancements/index.html">Android </a> 50 SafetyNet 51 Android 52 <a href="#mitigations"></a></p> 53 <h2 id="security_vulnerability_summary"></h2> 54 <p>CVE 55 56 <a href="/security/overview/updates-resources.html#severity"></a> 57 58 59 </p> 60 <table> 61 <tr> 62 <th></th> 63 <th>CVE</th> 64 <th></th> 65 </tr> 66 <tr> 67 <td>DHCPCD </td> 68 <td>CVE-2016-1503<br/> 69 CVE-2014-6060</td> 70 <td></td> 71 </tr> 72 <tr> 73 <td> </td> 74 <td>CVE-2016-0834</td> 75 <td></td> 76 </tr> 77 <tr> 78 <td></td> 79 <td>CVE-2016-0835<br/> 80 CVE-2016-0836<br/> 81 CVE-2016-0837<br/> 82 CVE-2016-0838<br/> 83 CVE-2016-0839<br/> 84 CVE-2016-0840<br/> 85 CVE-2016-0841</td> 86 <td></td> 87 </tr> 88 <tr> 89 <td>libstagefright </td> 90 <td>CVE-2016-0842</td> 91 <td></td> 92 </tr> 93 <tr> 94 <td></td> 95 <td>CVE-2015-1805</td> 96 <td></td> 97 </tr> 98 <tr> 99 <td>Qualcomm <br/> 100 </td> 101 <td>CVE-2016-0843</td> 102 <td></td> 103 </tr> 104 <tr> 105 <td>Qualcomm RF </td> 106 <td>CVE-2016-0844</td> 107 <td></td> 108 </tr> 109 <tr> 110 <td></td> 111 <td>CVE-2014-9322</td> 112 <td></td> 113 </tr> 114 <tr> 115 <td>IMemory </td> 116 <td>CVE-2016-0846</td> 117 <td></td> 118 </tr> 119 <tr> 120 <td></td> 121 <td>CVE-2016-0847</td> 122 <td></td> 123 </tr> 124 <tr> 125 <td> </td> 126 <td>CVE-2016-0848</td> 127 <td></td> 128 </tr> 129 <tr> 130 <td> </td> 131 <td>CVE-2016-0849</td> 132 <td></td> 133 </tr> 134 <tr> 135 <td>Bluetooth </td> 136 <td>CVE-2016-0850</td> 137 <td></td> 138 </tr> 139 <tr> 140 <td>Texas Instruments </td> 141 <td>CVE-2016-2409</td> 142 <td></td> 143 </tr> 144 <tr> 145 <td> </td> 146 <td>CVE-2016-2410</td> 147 <td></td> 148 </tr> 149 <tr> 150 <td>Qualcomm <br/> 151 </td> 152 <td>CVE-2016-2411</td> 153 <td></td> 154 </tr> 155 <tr> 156 <td>System_server </td> 157 <td>CVE-2016-2412</td> 158 <td></td> 159 </tr> 160 <tr> 161 <td></td> 162 <td>CVE-2016-2413</td> 163 <td></td> 164 </tr> 165 <tr> 166 <td>Minikin </td> 167 <td>CVE-2016-2414</td> 168 <td></td> 169 </tr> 170 <tr> 171 <td>Exchange ActiveSync </td> 172 <td>CVE-2016-2415</td> 173 <td></td> 174 </tr> 175 <tr> 176 <td></td> 177 <td>CVE-2016-2416<br/> 178 CVE-2016-2417<br/> 179 CVE-2016-2418<br/> 180 CVE-2016-2419</td> 181 <td></td> 182 </tr> 183 <tr> 184 <td>Debuggerd </td> 185 <td>CVE-2016-2420</td> 186 <td></td> 187 </tr> 188 <tr> 189 <td> </td> 190 <td>CVE-2016-2421</td> 191 <td></td> 192 </tr> 193 <tr> 194 <td>Wi-Fi </td> 195 <td>CVE-2016-2422</td> 196 <td></td> 197 </tr> 198 <tr> 199 <td>Telephony </td> 200 <td>CVE-2016-2423</td> 201 <td></td> 202 </tr> 203 <tr> 204 <td>SyncStorageEngine </td> 205 <td>CVE-2016-2424</td> 206 <td></td> 207 </tr> 208 <tr> 209 <td>AOSP </td> 210 <td>CVE-2016-2425</td> 211 <td></td> 212 </tr> 213 <tr> 214 <td></td> 215 <td>CVE-2016-2426</td> 216 <td></td> 217 </tr> 218 <tr> 219 <td>BouncyCastle </td> 220 <td>CVE-2016-2427</td> 221 <td></td> 222 </tr> 223 </table> 224 <h2 id="mitigations"></h2> 225 <p><a href="/security/enhancements/index.html">Android </a> SafetyNet Android </p> 226 <ul> 227 <li> Android Android Google 228 Android 229 </li><li> Android SafetyNet 230 231 Google Play 232 Google Play 233 234 235 236 237 238 </li><li> Google 239 240 </li></ul> 241 <h2 id="acknowledgements"></h2> 242 <p>Android 243 </p> 244 <ul> 245 <li> Google Chrome Abhishek AryaOliver ChangMartin Barbella: 246 CVE-2016-0834CVE-2016-0841CVE-2016-0840CVE-2016-0839CVE-2016-0838 247 </li><li> CENSUS S.A. Anestis Bechtsoudis 248 <a href="https://twitter.com/anestisb">@anestisb</a>: CVE-2016-0842CVE-2016-0836CVE-2016-0835 249 </li><li> Google Telecom Brad EbingerSantos Cordon: CVE-2016-0847 250 </li><li> <a href="https://www.ibr.cs.tu-bs.de">Institute for 251 Operating Systems and Computer Networks</a> Dominik Schrmann: CVE-2016-2425 252 </li><li> Qihoo 360 IceSword Lab 253 Gengjia Chen<a href="https://twitter.com/chengjia4574">@chengjia4574</a> 254 <a href="http://weibo.com/jfpan">pjf</a>Jianqiang Zhao 255 <a href="https://twitter.com/jianqiangzhao">@jianqiangzhao</a>: CVE-2016-08444 256 </li><li> <a href="https://www.epfl.ch"> 257 </a> <a href="mailto:gpiskas (a] gmail.com">George Piskas</a>: CVE-2016-2426 258 </li><li> <a href="http://www.360.com/">Qihoo 360 Technology Co.Ltd</a> 259 Guang Gong<a href="https://twitter.com/oldfresher">@oldfresher</a>: CVE-2016-2412CVE-2016-2416 260 </li><li> Google Project Zero James Forshaw: CVE-2016-2417CVE-2016-0846 261 </li><li> Qihoo 360 IceSword Lab 262 ianqiang Zhao<a href="https://twitter.com/jianqiangzhao">@jianqiangzhao</a> 263 <a href="http://weibo.com/jfpan">pjf</a>Gengjia Chen 264 <a href="https://twitter.com/chengjia4574">@chengjia4574</a>: CVE-2016-2410CVE-2016-2411 265 </li><li> Qihoo 360 IceSword Lab 266 Jianqiang Zhao<a href="https://twitter.com/jianqiangzhao">@jianqiangzhao</a><a href="http://weibo.com/jfpan">pjf</a>: CVE-2016-2409 267 </li><li> Vertu Corporation LTD Nancy Wang: CVE-2016-0837 268 </li><li> <a href="mailto:nasim (a] zamir.ca">Nasim Zamir</a>: CVE-2016-2409 269 </li><li> Qualcomm Product Security Initiative 270 Nico Golde<a href="https://twitter.com/iamnion">@iamnion</a>: CVE-2016-2420CVE-2016-0849 271 </li><li> Trend Micro Peter Pi 272 <a href="https://twitter.com/heisecode">@heisecode</a>: CVE-2016-2418CVE-2016-2413CVE-2016-2419 273 </li><li> Google Quan Nguyen: CVE-2016-2427 274 </li><li> Richard Shupak: CVE-2016-2415 275 </li><li> <a href="https://labs.mwrinfosecurity.com/">MWR Labs</a> Romain Trouv 276 <a href="https://twitter.com/bouuntyyy">@bouuntyyy</a>: CVE-2016-0850 277 </li><li> Stuart Henderson: CVE-2016-2422 278 </li><li> Android Vishwath Mohan: CVE-2016-2424 279 </li><li>Alibaba Inc Weichao Sun 280 <a href="https://twitter.com/sunblate">@sunblate</a>: CVE-2016-2414 281 </li><li> Trend Micro Inc. Wish Wu 282 <a href="https://twitter.com/wish_wu">@wish_wu</a>: CVE-2016-0843 283 </li><li> 284 <a href="mailto:luc2yj (a] gmail.com">Yeonjoon Lee</a> <a href="mailto:xw7 (a] indiana.edu">Xiaofeng Wang</a> 285 286 <a href="mailto:litongxin1991 (a] gmail.com">Tongxin Li</a> <a href="mailto:hanxinhui (a] pku.edu.cn">Xinhui Han</a>: CVE-2016-0848 287 </li></ul> 288 <p>Android 289 CVE-2015-1805 290 291 <a href="http://c0reteam.org">C0RE Team</a> <a href="https://www.zimperium.com/">Zimperium</a> 292 <a href="mailto:computernik (a] gmail.com">Yuan-Tsung Lo</a><a href="mailto:vancouverdou (a] gmail.com">Wenke Dou</a> 293 Chiachih Wu 294 <a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>Xuxian Jiang </p> 295 <h2 id="security_vulnerability_details"></h2> 296 <p><a href="#security_vulnerability_summary"></a> 297 298 CVE 299 300 ID AOSP 301 1 ID 302 AOSP </p> 303 <h3 id="remote_code_execution_vulnerability_in_dhcpcd">DHCPCD </h3> 304 <p>DHCPDynamic Host Configuration Protocol 305 306 DHCP 307 DHCP 308 </p> 309 <table> 310 <tr> 311 <th>CVE</th> 312 <th> AOSP </th> 313 <th></th> 314 <th></th> 315 <th></th> 316 </tr> 317 <tr> 318 <td>CVE-2014-6060</td> 319 <td><a href="https://android.googlesource.com/platform/external/dhcpcd/+/38cb7a7feff88d58fb4a565ba7f12cd4469af243"> 320 ANDROID-15268738</a></td> 321 <td></td> 322 <td>4.4.4</td> 323 <td>2014 7 30 </td> 324 </tr> 325 <tr> 326 <td>CVE-2014-6060</td> 327 <td><a href="https://android.googlesource.com/platform/external/dhcpcd/+/de806dfdb6dd3b9dec5d1d23c9029fb300799cf8"> 328 ANDROID-16677003</a></td> 329 <td></td> 330 <td>4.4.4</td> 331 <td>2014 7 30 </td> 332 </tr> 333 <tr> 334 <td>CVE-2016-1503</td> 335 <td><a href="https://android.googlesource.com/platform/external/dhcpcd/+/1390ace71179f04a09c300ee8d0300aa69d9db09"> 336 ANDROID-26461634</a></td> 337 <td></td> 338 <td>4.4.45.0.25.1.16.06.0.1</td> 339 <td>2016 1 4 </td> 340 </tr> 341 </table> 342 <h3 id="remote_code_execution_vulnerability_in_media_codec"> </h3> 343 <p> 344 345 </p> 346 <p> 347 MMS 348 </p> 349 <p> 350 351 352 </p> 353 <table> 354 <tr> 355 <th>CVE</th> 356 <th></th> 357 <th></th> 358 <th></th> 359 <th></th> 360 </tr> 361 <tr> 362 <td>CVE-2016-0834</td> 363 <td>ANDROID-26220548*</td> 364 <td></td> 365 <td>6.06.0.1</td> 366 <td>2015 12 16 </td> 367 </tr> 368 </table> 369 <p>* AOSP 370 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 371 </p> 372 <h3 id="remote_code_execution_vulnerability_in_mediaserver"></h3> 373 <p> 374 375 </p> 376 <p> 377 MMS 378 </p> 379 <p> 380 381 382 </p> 383 <table> 384 <tr> 385 <th>CVE</th> 386 <th> AOSP </th> 387 <th></th> 388 <th></th> 389 <th></th> 390 </tr> 391 <tr> 392 <td>CVE-2016-0835</td> 393 <td><a href="https://android.googlesource.com/platform/external/libmpeg2/+/ba604d336b40fd4bde1622f64d67135bdbd61301"> 394 ANDROID-26070014</a> 395 [<a href="https://android.googlesource.com/platform/external/libmpeg2/+/58a6822d7140137ce957c6d2fc20bae1374186c1">2</a>] 396 </td> 397 <td></td> 398 <td>6.06.0.1</td> 399 <td>2015 12 6 </td> 400 </tr> 401 <tr> 402 <td>CVE-2016-0836</td> 403 <td><a href="https://android.googlesource.com/platform/external/libmpeg2/+/8b4ed5a23175b7ffa56eea4678db7287f825e985"> 404 ANDROID-25812590</a></td> 405 <td></td> 406 <td>6.06.0.1</td> 407 <td>2015 11 19 </td> 408 </tr> 409 <tr> 410 <td>CVE-2016-0837</td> 411 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/7a282fb64fef25349e9d341f102d9cea3bf75baf"> 412 ANDROID-27208621</a></td> 413 <td></td> 414 <td>4.4.45.0.25.1.16.06.0.1</td> 415 <td>2016 2 11 </td> 416 </tr> 417 <tr> 418 <td>CVE-2016-0838</td> 419 <td><a href="https://android.googlesource.com/platform/external/sonivox/+/3ac044334c3ff6a61cb4238ff3ddaf17c7efcf49"> 420 ANDROID-26366256</a> 421 [<a href="https://android.googlesource.com/platform/external/sonivox/+/24d7c408c52143bce7b49de82f3913fd8d1219cf">2</a>]</td> 422 <td></td> 423 <td>4.4.45.0.25.1.16.06.0.1</td> 424 <td>Google </td> 425 </tr> 426 <tr> 427 <td>CVE-2016-0839</td> 428 <td><a href="https://android.googlesource.com/platform/hardware/qcom/audio/+/ebbb82365172337c6c250c6cac4e326970a9e351"> 429 ANDROID-25753245</a></td> 430 <td></td> 431 <td>6.06.0.1</td> 432 <td>Google </td> 433 </tr> 434 <tr> 435 <td>CVE-2016-0840</td> 436 <td><a href="https://android.googlesource.com/platform/external/libavc/+/c57fc3703ae2e0d41b1f6580c50015937f2d23c1"> 437 ANDROID-26399350</a></td> 438 <td></td> 439 <td>6.06.0.1</td> 440 <td>Google </td> 441 </tr> 442 <tr> 443 <td>CVE-2016-0841</td> 444 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/3097f364237fb552871f7639d37a7afa4563e252"> 445 ANDROID-26040840</a></td> 446 <td></td> 447 <td>4.4.45.0.25.1.16.06.0.1</td> 448 <td>Google </td> 449 </tr> 450 </table> 451 <h3 id="remote_code_execution_vulnerability_in_libstagefright">libstagefright </h3> 452 <p> 453 libstagefright 454 </p> 455 <p> 456 MMS 457 </p> 458 <p> 459 460 461 </p> 462 <table> 463 <tr> 464 <th>CVE</th> 465 <th> AOSP </th> 466 <th></th> 467 <th></th> 468 <th></th> 469 </tr> 470 <tr> 471 <td>CVE-2016-0842</td> 472 <td><a href="https://android.googlesource.com/platform/external/libavc/+/943323f1d9d3dd5c2634deb26cbe72343ca6b3db"> 473 ANDROID-25818142</a></td> 474 <td></td> 475 <td>6.06.0.1</td> 476 <td>2015 11 23 </td> 477 </tr> 478 </table> 479 <h3 id="elevation_of_privilege_vulnerability_in_kernel"></h3> 480 <p> 481 482 483 484 <a href="/security/advisory/2016-03-18.html">2016 3 18 Android </a></p> 485 <table> 486 <tr> 487 <th>CVE</th> 488 <th></th> 489 <th></th> 490 <th></th> 491 <th></th> 492 </tr> 493 <tr> 494 <td>CVE-2015-1805</td> 495 <td>ANDROID-27275324*</td> 496 <td></td> 497 <td>4.4.45.0.25.1.16.06.0.1</td> 498 <td>2016 2 19 </td> 499 </tr> 500 </table> 501 <p>* AOSP 502 <a href="https://android.googlesource.com/kernel/common/+/bf010e99c9bc48002f6bfa1ad801a59bf996270f">3.14</a> 503 <a href="https://android.googlesource.com/kernel/common/+/4a5a45669796c5b4617109182e25b321f9f00beb">3.10</a> 504 <a href="https://android.googlesource.com/kernel/common/+/f7ebfe91b806501808413c8473a300dff58ddbb5">3.4</a></p> 505 <h3 id="elevation_of_privilege_vulnerability_in_qualcomm_performance_module">Qualcomm </h3> 506 <p>Qualcomm ARM 507 508 509 510 511 </p> 512 <table> 513 <tr> 514 <th>CVE</th> 515 <th></th> 516 <th></th> 517 <th></th> 518 <th></th> 519 </tr> 520 <tr> 521 <td>CVE-2016-0843</td> 522 <td>ANDROID-25801197*</td> 523 <td></td> 524 <td>4.4.45.0.25.1.16.06.0.1</td> 525 <td>2015 11 19 </td> 526 </tr> 527 </table> 528 <p>* AOSP 529 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 530 </p> 531 <h3 id="elevation_of_privilege_in_qualcomm_rf_component">Qualcomm RF </h3> 532 <p>Qualcomm RF 533 534 535 536 </p> 537 <table> 538 <tr> 539 <th>CVE</th> 540 <th></th> 541 <th></th> 542 <th></th> 543 <th></th> 544 </tr> 545 <tr> 546 <td>CVE-2016-0844</td> 547 <td>ANDROID-26324307*</td> 548 <td></td> 549 <td>6.06.0.1</td> 550 <td>2015 12 25 </td> 551 </tr> 552 </table> 553 <p>* AOSP 554 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.18/commit/?id=90a9da2ea95e86b4f0ff493cd891a11da0ee67aa"> 555 Linux </a></p> 556 <h3 id="elevation_of_privilege_vulnerability_in_kernel12"></h3> 557 <p> 558 559 560 561 </p> 562 <table> 563 <tr> 564 <th>CVE</th> 565 <th> AOSP </th> 566 <th>Severity</th> 567 <th></th> 568 <th></th> 569 </tr> 570 <tr> 571 <td>CVE-2014-9322</td> 572 <td><a href="https://android.googlesource.com/kernel/common/+/c22e479e335628ce8766cfbf06e2ba17e8f9a1bb">ANDROID-26927260</a> 573 [<a href="https://android.googlesource.com/kernel/common/+/1b627d4e5e61e89b840f77abb3ca6711ad6ffbeb">2</a>] 574 [<a href="https://android.googlesource.com/kernel/common/+/4c941665c7368a34b146929b31949555e680a4ee">3</a>]<br/> 575 [<a href="https://android.googlesource.com/kernel/common/+/758f0dac9104b46016af98304656a0268ac3e105">4</a>] 576 [<a href="https://android.googlesource.com/kernel/common/+/44d057a37868a60bc2eb6e7d1dcea701f234d56a">5</a>] 577 [<a href="https://android.googlesource.com/kernel/common/+/b9b9f908c8ae82b73b9d75181982028b6bc06c2b">6</a>] 578 [<a href="https://android.googlesource.com/kernel/common/+/e068734f9e7344997a61022629b92d142a985ab3">7</a>] 579 [<a href="https://android.googlesource.com/kernel/common/+/fdc6c1052bc7d89a5826904fbb4318677e8442ce">8</a>] 580 [<a href="https://android.googlesource.com/kernel/common/+/211d59c0034ec9d88690c750ccd6da27f6952dc5">9</a>] 581 [<a href="https://android.googlesource.com/kernel/common/+/c9e31d5a4747e9967ace6d05896c78516c4c0850">10</a>] 582 [<a href="https://android.googlesource.com/kernel/common/+/e01834bfbafd25fd392bf10014451c4e5f34f829">11</a>]</td> 583 <td></td> 584 <td>6.06.0.1</td> 585 <td>2015 12 25 </td> 586 </tr> 587 </table> 588 <h3 id="elevation_of_privilege_in_imemory_native_interface"> 589 IMemory </h3> 590 <p>IMemory 591 592 593 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">signature</a> <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">signatureOrSystem</a> 594 595 596 </p> 597 <table> 598 <tr> 599 <th>CVE</th> 600 <th> AOSP </th> 601 <th></th> 602 <th></th> 603 <th></th> 604 </tr> 605 <tr> 606 <td>CVE-2016-0846</td> 607 <td><a href="https://android.googlesource.com/platform/frameworks/native/+/f3199c228aced7858b75a8070b8358c155ae0149"> 608 ANDROID-26877992</a></td> 609 <td></td> 610 <td>4.4.45.0.25.1.16.06.0.1</td> 611 <td>2016 1 29 </td> 612 </tr> 613 </table> 614 <h3 id="elevation_of_privilege_vulnerability_in_telecom_component"> 615 </h3> 616 <p> 617 618 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">signature</a> 619 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">signatureOrSystem</a> 620 621 622 </p> 623 <table> 624 <tr> 625 <th>CVE</th> 626 <th> AOSP </th> 627 <th>Severity</th> 628 <th></th> 629 <th></th> 630 </tr> 631 <tr> 632 <td>CVE-2016-0847</td> 633 <td><a href="https://android.googlesource.com/platform/packages/services/Telecomm/+/2750faaa1ec819eed9acffea7bd3daf867fda444"> 634 ANDROID-26864502</a> 635 [<a href="https://android.googlesource.com/platform/packages/services/Telephony/+/a294ae5342410431a568126183efe86261668b5d">2</a>] 636 </td> 637 <td></td> 638 <td>5.0.25.1.16.06.0.1</td> 639 <td>Google </td> 640 </tr> 641 </table> 642 <h3 id="elevation_of_privilege_vulnerability_in_download_manager"> 643 </h3> 644 <p> 645 646 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">signature</a> 647 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">signatureOrSystem</a> 648 649 650 </p> 651 <table> 652 <tr> 653 <th>CVE</th> 654 <th> AOSP </th> 655 <th></th> 656 <th></th> 657 <th></th> 658 </tr> 659 <tr> 660 <td>CVE-2016-0848</td> 661 <td><a href="https://android.googlesource.com/platform/packages/providers/DownloadProvider/+/bdc831357e7a116bc561d51bf2ddc85ff11c01a9"> 662 ANDROID-26211054</a></td> 663 <td></td> 664 <td>4.4.45.0.25.1.16.06.0.1</td> 665 <td>2015 12 14 </td> 666 </tr> 667 </table> 668 <h3 id="elevation_of_privilege_in_recovery_procedure"> 669 </h3> 670 <p> 671 672 673 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">signature</a> <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">signatureOrSystem</a> 674 675 676 </p> 677 <table> 678 <tr> 679 <th>CVE</th> 680 <th> AOSP </th> 681 <th></th> 682 <th></th> 683 <th></th> 684 </tr> 685 <tr> 686 <td>CVE-2016-0849</td> 687 <td><a href="https://android.googlesource.com/platform/bootable/recovery/+/28a566f7731b4cb76d2a9ba16d997ac5aeb07dad"> 688 ANDROID-26960931</a></td> 689 <td></td> 690 <td>5.0.25.1.16.06.0.1</td> 691 <td>2016 2 3 </td> 692 </tr> 693 </table> 694 <h3 id="elevation_of_privilege_in_bluetooth"> 695 Bluetooth </h3> 696 <p>Bluetooth 697 698 699 700 </p> 701 <table> 702 <tr> 703 <th>CVE</th> 704 <th> AOSP </th> 705 <th></th> 706 <th></th> 707 <th></th> 708 </tr> 709 <tr> 710 <td>CVE-2016-0850</td> 711 <td><a href="https://android.googlesource.com/platform/external/bluetooth/bluedroid/+/c677ee92595335233eb0e7b59809a1a94e7a678a"> 712 ANDROID-26551752</a></td> 713 <td></td> 714 <td>4.4.45.0.25.1.16.06.0.1</td> 715 <td>2016 1 13 </td> 716 </tr> 717 </table> 718 <h3 id="elevation_of_privilege_in_texas_instruments_haptic_driver"> 719 Texas Instruments </h3> 720 <p>Texas Instruments 721 722 723 724 725 </p> 726 <table> 727 <tr> 728 <th>CVE</th> 729 <th></th> 730 <th></th> 731 <th></th> 732 <th></th> 733 </tr> 734 <tr> 735 <td>CVE-2016-2409</td> 736 <td>ANDROID-25981545*</td> 737 <td></td> 738 <td>6.06.0.1</td> 739 <td>2015 12 25 </td> 740 </tr> 741 </table> 742 <p>* AOSP 743 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 744 </p> 745 <h3 id="elevation_of_privilege_vulnerability_in_qualcomm_video_kernel_driver"> 746 Qualcomm </h3> 747 <p>Qualcomm 748 749 750 751 752 </p> 753 <table> 754 <tr> 755 <th>CVE</th> 756 <th></th> 757 <th></th> 758 <th></th> 759 <th></th> 760 </tr> 761 <tr> 762 <td>CVE-2016-2410</td> 763 <td>ANDROID-26291677*</td> 764 <td></td> 765 <td>6.06.0.1</td> 766 <td>2015 12 21 </td> 767 </tr> 768 </table> 769 <p>* AOSP 770 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 771 </p> 772 <h3 id="elevation_of_privilege_vulnerability_in_qualcomm_power_management_component"> 773 Qualcomm </h3> 774 <p>Qualcomm 775 776 777 778 779 </p> 780 <table> 781 <tr> 782 <th>CVE</th> 783 <th></th> 784 <th></th> 785 <th></th> 786 <th></th> 787 </tr> 788 <tr> 789 <td>CVE-2016-2411</td> 790 <td>ANDROID-26866053*</td> 791 <td></td> 792 <td>6.06.0.1</td> 793 <td>2016 1 28 </td> 794 </tr> 795 </table> 796 <p>* AOSP 797 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 798 </p> 799 <h3 id="elevation_of_privilege_vulnerability_in_system_server"> 800 System_server </h3> 801 <p>System_server 802 803 804 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">signature</a> <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">signatureOrSystem</a> </p> 805 <table> 806 <tr> 807 <th>CVE</th> 808 <th> AOSP </th> 809 <th></th> 810 <th></th> 811 <th></th> 812 </tr> 813 <tr> 814 <td>CVE-2016-2412</td> 815 <td><a href="https://android.googlesource.com/platform/external/skia/+/b36c23b3e6b0b316075cc43e466d44c62508fcac"> 816 ANDROID-26593930</a></td> 817 <td></td> 818 <td>4.4.45.0.25.1.16.06.0.1</td> 819 <td>2016 1 15 </td> 820 </tr> 821 </table> 822 <h3 id="elevation_of_privilege_vulnerability_in_mediaserver"> 823 </h3> 824 <p> 825 826 827 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">signature</a> <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">signatureOrSystem</a> 828 829 830 </p> 831 <table> 832 <tr> 833 <th>CVE</th> 834 <th> AOSP </th> 835 <th></th> 836 <th></th> 837 <th></th> 838 </tr> 839 <tr> 840 <td>CVE-2016-2413</td> 841 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/25be9ac20db51044e1b09ca67906355e4f328d48"> 842 ANDROID-26403627</a></td> 843 <td></td> 844 <td>5.0.25.1.16.06.0.1</td> 845 <td>2016 1 5 </td> 846 </tr> 847 </table> 848 <h3 id="denial_of_service_vulnerability_in_minikin">Minikin </h3> 849 <p>Minikin 850 851 Minikin 852 853 </p> 854 <table> 855 <tr> 856 <th>CVE</th> 857 <th> AOSP </th> 858 <th>Severity</th> 859 <th></th> 860 <th></th> 861 </tr> 862 <tr> 863 <td>CVE-2016-2414</td> 864 <td><a href="https://android.googlesource.com/platform/frameworks/minikin/+/ca8ac8acdad662230ae37998c6c4091bb39402b6"> 865 ANDROID-26413177</a> 866 [<a href="https://android.googlesource.com/platform/frameworks/minikin/+/f4785aa1947b8d22d5b19559ef1ca526d98e0e73">2</a>] 867 </td> 868 <td></td> 869 <td>5.0.25.1.16.06.0.1</td> 870 <td>2015 11 3 </td> 871 </tr> 872 </table> 873 <h3 id="information_disclosure_vulnerability_in_exchange_activesync"> 874 Exchange ActiveSync </h3> 875 <p>Exchange ActiveSync 876 877 878 </p> 879 <table> 880 <tr> 881 <th>CVE</th> 882 <th> AOSP </th> 883 <th></th> 884 <th></th> 885 <th></th> 886 </tr> 887 <tr> 888 <td>CVE-2016-2415</td> 889 <td><a href="https://android.googlesource.com/platform/packages/apps/Exchange/+/0d1a38b1755efe7ed4e8d7302a24186616bba9b2"> 890 ANDROID-26488455</a></td> 891 <td></td> 892 <td>5.0.25.1.16.06.0.1</td> 893 <td>2016 1 11 </td> 894 </tr> 895 </table> 896 <h3 id="information_disclosure_vulnerability_in_mediaserver"></h3> 897 <p> 898 899 900 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">signature</a> <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">signatureOrSystem</a> 901 902 903 </p> 904 <table> 905 <tr> 906 <th>CVE</th> 907 <th> AOSP </th> 908 <th></th> 909 <th></th> 910 <th></th> 911 </tr> 912 <tr> 913 <td>CVE-2016-2416</td> 914 <td><a href="https://android.googlesource.com/platform/frameworks/native/+/85d253fab5e2c01bd90990667c6de25c282fc5cd"> 915 ANDROID-27046057</a> 916 [<a href="https://android.googlesource.com/platform/frameworks/native/+/a40b30f5c43726120bfe69d41ff5aeb31fe1d02a">2</a>] 917 </td> 918 <td></td> 919 <td>4.4.45.0.25.1.16.06.0.1</td> 920 <td>2016 2 5 </td> 921 </tr> 922 <tr> 923 <td>CVE-2016-2417</td> 924 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/1171e7c047bf79e7c93342bb6a812c9edd86aa84"> 925 ANDROID-26914474</a></td> 926 <td></td> 927 <td>4.4.45.0.25.1.16.06.0.1</td> 928 <td>2016 2 1 </td> 929 </tr> 930 <tr> 931 <td>CVE-2016-2418</td> 932 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/8d87321b704cb3f88e8cae668937d001fd63d5e3"> 933 ANDROID-26324358</a></td> 934 <td></td> 935 <td>6.06.0.1</td> 936 <td>2015 12 24 </td> 937 </tr> 938 <tr> 939 <td>CVE-2016-2419</td> 940 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/5a856f2092f7086aa0fea9ae06b9255befcdcd34"> 941 ANDROID-26323455</a></td> 942 <td></td> 943 <td>6.06.0.1</td> 944 <td>2015 12 24 </td> 945 </tr> 946 </table> 947 <h3 id="elevation_of_privilege_vulnerability_in_debuggerd_component"> 948 Debuggerd </h3> 949 <p>Debuggerd 950 951 952 953 Android 4.4.4 954 955 Android 5.0 SELinux 956 </p> 957 <table> 958 <tr> 959 <th>CVE</th> 960 <th> AOSP </th> 961 <th>Severity</th> 962 <th></th> 963 <th></th> 964 </tr> 965 <tr> 966 <td>CVE-2016-2420</td> 967 <td><a href="https://android.googlesource.com/platform/system/core/+/669ecc2f5e80ff924fa20ce7445354a7c5bcfd98"> 968 ANDROID-26403620</a> 969 [<a href="https://android.googlesource.com/platform/system/core/+/81df1cc77722000f8d0025c1ab00ced123aa573c">2</a>] 970 </td> 971 <td></td> 972 <td>4.4.45.0.25.1.16.06.0.1</td> 973 <td>2016 1 5 </td> 974 </tr> 975 </table> 976 <h3 id="elevation_of_privilege_vulnerability_in_setup_wizard"> 977 </h3> 978 <p> 979 980 981 982 </p> 983 <table> 984 <tr> 985 <th>CVE</th> 986 <th></th> 987 <th></th> 988 <th></th> 989 <th></th> 990 </tr> 991 <tr> 992 <td>CVE-2016-2421</td> 993 <td>ANDROID-26154410*</td> 994 <td></td> 995 <td>5.1.16.06.0.1</td> 996 <td>Google </td> 997 </tr> 998 </table> 999 <p>* AOSP <a href="https://developers.google.com/android/nexus/drivers">Google </a> 1000 Nexus 1001 </p> 1002 <h3 id="elevation_of_privilege_in_wi-fi">Wi-Fi </h3> 1003 <p>Wi-Fi 1004 1005 1006 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">signature</a> <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">signatureOrSystem</a> 1007 1008 1009 </p> 1010 <table> 1011 <tr> 1012 <th>CVE</th> 1013 <th> AOSP </th> 1014 <th></th> 1015 <th></th> 1016 <th></th> 1017 </tr> 1018 <tr> 1019 <td>CVE-2016-2422</td> 1020 <td><a href="https://android.googlesource.com/platform/packages/apps/CertInstaller/+/70dde9870e9450e10418a32206ac1bb30f036b2c"> 1021 ANDROID-26324357</a></td> 1022 <td></td> 1023 <td>4.4.45.0.25.1.16.06.0.1</td> 1024 <td>2015 12 23 </td> 1025 </tr> 1026 </table> 1027 <h3 id="elevation_of_privilege_in_telephony">Telephony </h3> 1028 <p>Telephony 1029 1030 1031 1032 </p> 1033 <table> 1034 <tr> 1035 <th>CVE</th> 1036 <th> AOSP </th> 1037 <th></th> 1038 <th></th> 1039 <th></th> 1040 </tr> 1041 <tr> 1042 <td>CVE-2016-2423</td> 1043 <td><a href="https://android.googlesource.com/platform/packages/services/Telecomm/+/a06c9a4aef69ae27b951523cf72bf72412bf48fa"> 1044 ANDROID-26303187</a></td> 1045 <td></td> 1046 <td>4.4.45.0.25.1.16.06.0.1</td> 1047 <td>Google </td> 1048 </tr> 1049 </table> 1050 <h3 id="denial_of_service_in_syncstorageengine">SyncStorageEngine </h3> 1051 <p>SyncStorageEngine 1052 1053 1054 </p> 1055 <table> 1056 <tr> 1057 <th>CVE</th> 1058 <th> AOSP </th> 1059 <th></th> 1060 <th></th> 1061 <th></th> 1062 </tr> 1063 <tr> 1064 <td>CVE-2016-2424</td> 1065 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/d3383d5bfab296ba3adbc121ff8a7b542bde4afb"> 1066 ANDROID-26513719</a></td> 1067 <td></td> 1068 <td>4.4.45.0.25.1.16.06.0.1</td> 1069 <td>Google </td> 1070 </tr> 1071 </table> 1072 <h3 id="information_disclosure_vulnerability_in_aosp_mail">AOSP </h3> 1073 <p>AOSP 1074 1075 dangerous 1076 </p> 1077 <table> 1078 <tr> 1079 <th>CVE</th> 1080 <th> AOSP </th> 1081 <th></th> 1082 <th></th> 1083 <th></th> 1084 </tr> 1085 <tr> 1086 <td>CVE-2016-2425</td> 1087 <td><a href="https://android.googlesource.com/platform/packages/apps/UnifiedEmail/+/0d9dfd649bae9c181e3afc5d571903f1eb5dc46f"> 1088 ANDROID-26989185</a></td> 1089 <td></td> 1090 <td>4.4.45.1.16.06.0.1</td> 1091 <td>2016 1 29 </td> 1092 </tr> 1093 <tr> 1094 <td>CVE-2016-2425</td> 1095 <td>ANDROID-7154234*</td> 1096 <td></td> 1097 <td>5.0.2</td> 1098 <td>2016 1 29 </td> 1099 </tr> 1100 </table> 1101 <p>* AOSP <a href="https://developers.google.com/android/nexus/drivers">Google </a> 1102 Nexus 1103 </p> 1104 <h3 id="information_disclosure_vulnerability_in_framework"></h3> 1105 <p> 1106 1107 1108 </p> 1109 <table> 1110 <tr> 1111 <th>CVE</th> 1112 <th> AOSP </th> 1113 <th></th> 1114 <th></th> 1115 <th></th> 1116 </tr> 1117 <tr> 1118 <td>CVE-2016-2426</td> 1119 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/63363af721650e426db5b0bdfb8b2d4fe36abdb0"> 1120 ANDROID-26094635</a></td> 1121 <td></td> 1122 <td>4.4.45.0.25.1.16.06.0.1</td> 1123 <td>2015 12 8 </td> 1124 </tr> 1125 </table> 1126 <h3 id="information_disclosure_vulnerability_in_bouncycastle">BouncyCastle </h3> 1127 <p>BouncyCastle 1128 1129 dangerous 1130 </p> 1131 <table> 1132 <tr> 1133 <th>CVE</th> 1134 <th> AOSP </th> 1135 <th>Severity</th> 1136 <th></th> 1137 <th></th> 1138 </tr> 1139 <tr> 1140 <td>CVE-2016-2427</td> 1141 <td><a href="https://android.googlesource.com/platform/libcore/+/efd369d996fd38c50a50ea0de8f20507253cb6de"> 1142 ANDROID-26234568</a> 1143 [<a href="https://android.googlesource.com/platform/external/bouncycastle/+/b3bddea0f33c0459293c6419569ad151b4a7b44b">2</a>] 1144 </td> 1145 <td></td> 1146 <td>5.0.25.1.16.06.0.1</td> 1147 <td>Google </td> 1148 </tr> 1149 </table> 1150 <h2 id="common_questions_and_answers"></h2> 1151 <p></p> 1152 <p><strong>1. </strong></p> 1153 <p> 2016 4 2 1154 1155 <a href="https://support.google.com/nexus/answer/4457705">Nexus </a> 1156 [ro.build.version.security_patch]:[2016-04-02] 1157 </p> 1158 <p><strong>2. 2016 4 2 </strong></p> 1159 <p> 1 1160 4 2016 4 1 1161 CVE-2015-1805<a href="/security/advisory/2016-03-18.html">2016 3 18 Android </a> 1162 1163 2016 4 2 1164 CVE-2015-1805<a href="/security/advisory/2016-03-18.html">2016 3 18 Android </a> 1165 1166 </p> 1167 <h2 id="revisions"></h2> 1168 <ul> 1169 <li> 2016 4 4 : 1170 </li><li> 2016 4 6 : AOSP 1171 </li></ul> 1172 1173 </body> 1174 </html> 1175
