1 <html devsite> 2 <head> 3 <title>Android - 2016 5 </title> 4 <meta name="project_path" value="/_project.yaml" /> 5 <meta name="book_path" value="/_book.yaml" /> 6 </head> 7 <body> 8 <!-- 9 Copyright 2017 The Android Open Source Project 10 11 Licensed under the Apache License, Version 2.0 (the "License"); 12 you may not use this file except in compliance with the License. 13 You may obtain a copy of the License at 14 15 http://www.apache.org/licenses/LICENSE-2.0 16 17 Unless required by applicable law or agreed to in writing, software 18 distributed under the License is distributed on an "AS IS" BASIS, 19 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 20 See the License for the specific language governing permissions and 21 limitations under the License. 22 --> 23 24 25 26 <p><em>2016 5 2 | 2016 5 4 </em></p> 27 28 <p>Android Android Nexus OTANexus <a href="https://developers.google.com/android/nexus/images">Google </a>2016 5 1 <a href="https://support.google.com/nexus/answer/4457705">Nexus </a></p> 29 30 <p> 2016 4 4 Android AOSP</p> 31 32 <p>MMS </p> 33 34 <p><a href="#mitigations">Android </a> SafetyNet <a href="/security/enhancements/index.html">Android Google </a>Android </p> 35 36 <p></p> 37 38 <h2 id="announcements"></h2> 39 40 41 <ul> 42 <li>Android Nexus Android </li> 43 <li>Android <a href="/security/overview/updates-resources.html#severity"></a> 6 </li> 44 </ul> 45 46 <h2 id="security_vulnerability_summary"></h2> 47 48 49 <p>CVENexus <a href="/security/overview/updates-resources.html#severity"></a></p> 50 <table> 51 <col width="55%"> 52 <col width="20%"> 53 <col width="13%"> 54 <col width="12%"> 55 <tr> 56 <th></th> 57 <th>CVE</th> 58 <th></th> 59 <th>Nexus </th> 60 </tr> 61 <tr> 62 <td></td> 63 <td>CVE-2016-2428<br> 64 CVE-2016-2429</td> 65 <td></td> 66 <td></td> 67 </tr> 68 <tr> 69 <td>Debuggerd </td> 70 <td>CVE-2016-2430</td> 71 <td></td> 72 <td></td> 73 </tr> 74 <tr> 75 <td>Qualcomm TrustZone </td> 76 <td>CVE-2016-2431<br> 77 CVE-2016-2432</td> 78 <td></td> 79 <td></td> 80 </tr> 81 <tr> 82 <td>Qualcomm Wi-Fi </td> 83 <td>CVE-2015-0569<br> 84 CVE-2015-0570</td> 85 <td></td> 86 <td></td> 87 </tr> 88 <tr> 89 <td>NVIDIA </td> 90 <td>CVE-2016-2434<br> 91 CVE-2016-2435<br> 92 CVE-2016-2436<br> 93 CVE-2016-2437</td> 94 <td></td> 95 <td></td> 96 </tr> 97 <tr> 98 <td></td> 99 <td>CVE-2015-1805</td> 100 <td></td> 101 <td></td> 102 </tr> 103 <tr> 104 <td></td> 105 <td>CVE-2016-2438</td> 106 <td></td> 107 <td></td> 108 </tr> 109 <tr> 110 <td>Qualcomm </td> 111 <td>CVE-2016-2060</td> 112 <td></td> 113 <td></td> 114 </tr> 115 <tr> 116 <td>Bluetooth </td> 117 <td>CVE-2016-2439</td> 118 <td></td> 119 <td></td> 120 </tr> 121 <tr> 122 <td>Binder </td> 123 <td>CVE-2016-2440</td> 124 <td></td> 125 <td></td> 126 </tr> 127 <tr> 128 <td>Qualcomm Buspm </td> 129 <td>CVE-2016-2441<br> 130 CVE-2016-2442</td> 131 <td></td> 132 <td></td> 133 </tr> 134 <tr> 135 <td>Qualcomm MDP </td> 136 <td>CVE-2016-2443</td> 137 <td></td> 138 <td></td> 139 </tr> 140 <tr> 141 <td>Qualcomm Wi-Fi </td> 142 <td>CVE-2015-0571</td> 143 <td></td> 144 <td></td> 145 </tr> 146 <tr> 147 <td>NVIDIA </td> 148 <td>CVE-2016-2444<br> 149 CVE-2016-2445<br> 150 CVE-2016-2446</td> 151 <td></td> 152 <td></td> 153 </tr> 154 <tr> 155 <td>Wi-Fi </td> 156 <td>CVE-2016-4477</td> 157 <td></td> 158 <td></td> 159 </tr> 160 <tr> 161 <td></td> 162 <td>CVE-2016-2448<br> 163 CVE-2016-2449<br> 164 CVE-2016-2450<br> 165 CVE-2016-2451<br> 166 CVE-2016-2452</td> 167 <td></td> 168 <td></td> 169 </tr> 170 <tr> 171 <td>MediaTek Wi-Fi </td> 172 <td>CVE-2016-2453</td> 173 <td></td> 174 <td></td> 175 </tr> 176 <tr> 177 <td>Qualcomm </td> 178 <td>CVE-2016-2454</td> 179 <td></td> 180 <td></td> 181 </tr> 182 <tr> 183 <td>Conscrypt </td> 184 <td>CVE-2016-2461<br> 185 CVE-2016-2462</td> 186 <td></td> 187 <td></td> 188 </tr> 189 <tr> 190 <td>OpenSSL BoringSSL </td> 191 <td>CVE-2016-0705</td> 192 <td></td> 193 <td></td> 194 </tr> 195 <tr> 196 <td>MediaTek Wi-Fi </td> 197 <td>CVE-2016-2456</td> 198 <td></td> 199 <td></td> 200 </tr> 201 <tr> 202 <td>Wi-Fi </td> 203 <td>CVE-2016-2457</td> 204 <td></td> 205 <td></td> 206 </tr> 207 <tr> 208 <td>AOSP </td> 209 <td>CVE-2016-2458</td> 210 <td></td> 211 <td></td> 212 </tr> 213 <tr> 214 <td></td> 215 <td>CVE-2016-2459<br> 216 CVE-2016-2460</td> 217 <td></td> 218 <td></td> 219 </tr> 220 <tr> 221 <td></td> 222 <td>CVE-2016-0774</td> 223 <td></td> 224 <td></td> 225 </tr> 226 </table> 227 228 229 <h2 id="android_and_google_service_mitigations">Android Google </h2> 230 231 232 <p><a href="/security/enhancements/index.html">Android </a> SafetyNet 233 Android </p> 234 235 <ul> 236 <li>Android Android Google Android </li> 237 <li>Android <a href="/security/reports/Google_Android_Security_2015_Report_Final.pdf"> SafetyNet</a> <a href="/security/reports/Google_Android_Security_PHA_classifications.pdf"></a><a href="http://www.android.com/gms">Google </a>Google Play Google Play </li> 238 <li>Google </li> 239 </ul> 240 241 <h2 id="acknowledgements"></h2> 242 243 244 <p></p> 245 246 <ul> 247 <li>Google Chrome Abhishek AryaOliver ChangMartin Barbella: CVE-2016-0815 248 <li><a href="https://www.e2e-assure.com">e2e-assure</a> Andy Tyler<a href="https://twitter.com/ticarpi">@ticarpi</a>: CVE-2016-2457 249 <li><a href="http://c0reteam.org">C0RE </a> Chiachih Wu<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a> Xuxian Jiang: CVE-2016-2441CVE-2016-2442 250 <li>Dzmitry Lukyanenka<a href="http://www.linkedin.com/in/dzima">www.linkedin.com/in/dzima</a>: CVE-2016-2458 251 <li>Gal Beniamini: CVE-2016-2431 252 <li>Vulpecker Qihoo 360 Technology Co. Ltd Hao Chen: CVE-2016-2456 253 <li>FireEye Mandiant Jake Valletta: CVE-2016-2060 254 <li>IceSword LabQihoo 360 Technology Co. Ltd Jianqiang Zhao<a href="https://twitter.com/jianqiangzhao">@jianqiangzhao</a> pjf<a href="http://weibo.com/jfpan">weibo.com/jfpan</a>: CVE-2016-2434CVE-2016-2435CVE-2016-2436CVE-2016-2441CVE-2016-2442CVE-2016-2444CVE-2016-2445CVE-2016-2446 255 <li><a href="http://www.search-lab.hu">Search-Lab Ltd.</a> Imre Rad: CVE-2016-4477 256 <li>Google Jeremy C. Joslin: CVE-2016-2461 257 <li>Google Kenny Root: CVE-2016-2462 258 <li>KeenLab<a href="https://twitter.com/keen_lab">@keen_lab</a>Tencent Marco Grassi<a href="https://twitter.com/marcograss">@marcograss</a>: CVE-2016-2443 259 <li>Micha Bednarski<a href="https://github.com/michalbednarski">https://github.com/michalbednarski</a>: CVE-2016-2440 260 <li><a href="http://c0reteam.org">C0RE </a> Mingjian Zhou<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>Chiachih Wu<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>Xuxian Jiang: CVE-2016-2450CVE-2016-2448CVE-2016-2449CVE-2016-2451CVE-2016-2452 261 <li>Trend Micro Peter Pi<a href="https://twitter.com/heisecode">@heisecode</a>: CVE-2016-2459CVE-2016-2460 262 <li>Alibaba Inc. Weichao Sun<a href="https://twitter.com/sunblate">@sunblate</a>: CVE-2016-2428, CVE-2016-2429 263 <li> <a href="http://c0reteam.org">C0RE </a> <a href="mailto:computernik (a] gmail.com">Yuan-Tsung Lo</a><a href="mailto:zlbzlb815 (a] 163.com">Lubo Zhang</a>Chiachih Wu<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>Xuxian Jiang: CVE-2016-2437 264 <li>Baidu X-Lab Yulong Zhang TaoLenxWei: CVE-2016-2439 265 <li>Android Zach Riggle<a href="https://twitter.com/ebeip90">@ebeip90</a>: CVE-2016-2430 266 </li></li></li></li></li></li></li></li></li></li></li></li></li></li></li></li></li></li></li></ul> 267 268 <h2 id="security_vulnerability_details"></h2> 269 270 271 <p><a href="#security_vulnerability_summary"></a>CVE Nexus AOSP ID AOSP ID AOSP </p> 272 273 <h3 id="remote_code_execution_vulnerability_in_mediaserver"></h3> 274 275 276 <p> </p> 277 278 <p> MMS </p> 279 280 <p> 281 282 </p> 283 <table> 284 <col width="19%"> 285 <col width="16%"> 286 <col width="10%"> 287 <col width="19%"> 288 <col width="18%"> 289 <col width="16%"> 290 <tr> 291 <th>CVE</th> 292 <th>Android </th> 293 <th></th> 294 <th> Nexus </th> 295 <th> AOSP </th> 296 <th></th> 297 </tr> 298 <tr> 299 <td>CVE-2016-2428</td> 300 <td><a href="https://android.googlesource.com/platform/external/aac/+/5d4405f601fa11a8955fd7611532c982420e4206"> 301 26751339</a></td> 302 <td></td> 303 <td><a href="#nexus_devices"> Nexus</a></td> 304 <td>4.4.45.0.25.1.16.06.0.1</td> 305 <td>2016 1 22 </td> 306 </tr> 307 <tr> 308 <td>CVE-2016-2429</td> 309 <td><a href="https://android.googlesource.com/platform/external/flac/+/b499389da21d89d32deff500376c5ee4f8f0b04c"> 310 27211885</a></td> 311 <td></td> 312 <td><a href="#nexus_devices"> Nexus</a></td> 313 <td>4.4.45.0.25.1.16.06.0.1</td> 314 <td>2016 2 16 </td> 315 </tr> 316 </table> 317 318 319 <h3 id="elevation_of_privilege_vulnerability_in_debuggerd"> 320 Debuggerd </h3> 321 322 323 <p> Android Android </p> 324 <table> 325 <col width="19%"> 326 <col width="16%"> 327 <col width="10%"> 328 <col width="19%"> 329 <col width="18%"> 330 <col width="16%"> 331 <tr> 332 <th>CVE</th> 333 <th>Android </th> 334 <th></th> 335 <th> Nexus </th> 336 <th> AOSP </th> 337 <th></th> 338 </tr> 339 <tr> 340 <td>CVE-2016-2430</td> 341 <td><a href="https://android.googlesource.com/platform/system/core/+/ad54cfed4516292654c997910839153264ae00a0"> 342 27299236</a></td> 343 <td></td> 344 <td><a href="#nexus_devices"> Nexus</a></td> 345 <td>4.4.45.0.25.1.16.06.0.1</td> 346 <td>2016 2 22 </td> 347 </tr> 348 </table> 349 350 351 <h3 id="elevation_of_privilege_vulnerability_in_qualcomm_trustzone"> 352 Qualcomm TrustZone </h3> 353 354 355 <p>Qualcomm TrustZone </p> 356 <table> 357 <col width="19%"> 358 <col width="16%"> 359 <col width="10%"> 360 <col width="27%"> 361 <col width="16%"> 362 <tr> 363 <th>CVE</th> 364 <th>Android </th> 365 <th></th> 366 <th> Nexus </th> 367 <th></th> 368 </tr> 369 <tr> 370 <td>CVE-2016-2431</td> 371 <td>24968809*</td> 372 <td></td> 373 <td>Nexus 5Nexus 6Nexus 72013Android One</td> 374 <td>2015 10 15 </td> 375 </tr> 376 <tr> 377 <td>CVE-2016-2432</td> 378 <td>25913059*</td> 379 <td></td> 380 <td>Nexus 6Android One</td> 381 <td>2015 11 28 </td> 382 </tr> 383 </table> 384 <p>* AOSP <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus </p> 385 386 <h3 id="elevation_of_privilege_vulnerability_in_qualcomm_wi-fi_driver"> 387 Qualcomm Wi-Fi </h3> 388 389 390 <p>Qualcomm Wi-Fi </p> 391 <table> 392 <col width="19%"> 393 <col width="16%"> 394 <col width="10%"> 395 <col width="27%"> 396 <col width="16%"> 397 <tr> 398 <th>CVE</th> 399 <th>Android </th> 400 <th></th> 401 <th> Nexus </th> 402 <th></th> 403 </tr> 404 <tr> 405 <td>CVE-2015-0569</td> 406 <td>26754117*</td> 407 <td></td> 408 <td>Nexus 5XNexus 72013</td> 409 <td>2016 1 23 </td> 410 </tr> 411 <tr> 412 <td>CVE-2015-0570</td> 413 <td>26764809*</td> 414 <td></td> 415 <td>Nexus 5XNexus 72013</td> 416 <td>2016 1 25 </td> 417 </tr> 418 </table> 419 <p>* AOSP <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus </p> 420 421 <h3 id="elevation_of_privilege_vulnerability_in_nvidia_video_driver"> 422 NVIDIA </h3> 423 424 425 <p>NVIDIA </p> 426 <table> 427 <col width="19%"> 428 <col width="16%"> 429 <col width="10%"> 430 <col width="27%"> 431 <col width="16%"> 432 <tr> 433 <th>CVE</th> 434 <th>Android </th> 435 <th></th> 436 <th> Nexus </th> 437 <th></th> 438 </tr> 439 <tr> 440 <td>CVE-2016-2434</td> 441 <td>27251090*</td> 442 <td></td> 443 <td>Nexus 9</td> 444 <td>2016 2 17 </td> 445 </tr> 446 <tr> 447 <td>CVE-2016-2435</td> 448 <td>27297988*</td> 449 <td></td> 450 <td>Nexus 9</td> 451 <td>2016 2 20 </td> 452 </tr> 453 <tr> 454 <td>CVE-2016-2436</td> 455 <td>27299111*</td> 456 <td></td> 457 <td>Nexus 9</td> 458 <td>2016 2 22 </td> 459 </tr> 460 <tr> 461 <td>CVE-2016-2437</td> 462 <td>27436822*</td> 463 <td></td> 464 <td>Nexus 9</td> 465 <td>2016 3 1 </td> 466 </tr> 467 </table> 468 <p>* AOSP <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus </p> 469 470 <h3 id="elevation_of_privilege_vulnerability_in_kernel"> 471 </h3> 472 473 474 <p> <a href="/security/advisory/2016-03-18.html">2016 3 18 Android </a></p> 475 <table> 476 <col width="19%"> 477 <col width="16%"> 478 <col width="10%"> 479 <col width="27%"> 480 <col width="16%"> 481 <tr> 482 <th>CVE</th> 483 <th>Android </th> 484 <th></th> 485 <th> Nexus </th> 486 <th></th> 487 </tr> 488 <tr> 489 <td>CVE-2015-1805</td> 490 <td>27275324*</td> 491 <td></td> 492 <td>Nexus 5Nexus 5XNexus 6Nexus 6PNexus 72013Nexus 9</td> 493 <td>2016 2 19 </td> 494 </tr> 495 </table> 496 <p>* AOSP <a href="https://android.googlesource.com/kernel/common/+/bf010e99c9bc48002f6bfa1ad801a59bf996270f">3.14</a><a href="https://android.googlesource.com/kernel/common/+/4a5a45669796c5b4617109182e25b321f9f00beb">3.10</a><a href="https://android.googlesource.com/kernel/common/+/f7ebfe91b806501808413c8473a300dff58ddbb5">3.4</a></p> 497 498 <h3 id="remote_code_execution_vulnerability_in_kernel"> 499 </h3> 500 501 502 <p> </p> 503 <table> 504 <col width="19%"> 505 <col width="16%"> 506 <col width="10%"> 507 <col width="27%"> 508 <col width="16%"> 509 <tr> 510 <th>CVE</th> 511 <th>Android </th> 512 <th></th> 513 <th> Nexus </th> 514 <th></th> 515 </tr> 516 <tr> 517 <td>CVE-2016-2438</td> 518 <td>26636060*</td> 519 <td></td> 520 <td>Nexus 9</td> 521 <td>Google </td> 522 </tr> 523 </table> 524 <p>* <a href="https://github.com/torvalds/linux/commit/b5a663aa426f4884c71cd8580adae73f33570f0d">Linux </a></p> 525 526 <h3 id="information_disclosure_vulnerability_in_qualcomm_tethering_controller"> 527 Qualcomm </h3> 528 529 530 <p>Qualcomm <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">signature</a> <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">signatureOrSystem</a> </p> 531 <table> 532 <col width="19%"> 533 <col width="16%"> 534 <col width="10%"> 535 <col width="27%"> 536 <col width="16%"> 537 <tr> 538 <th>CVE</th> 539 <th>Android </th> 540 <th></th> 541 <th> Nexus </th> 542 <th></th> 543 </tr> 544 <tr> 545 <td>CVE-2016-2060</td> 546 <td>27942588*</td> 547 <td></td> 548 <td></td> 549 <td>2016 3 23 </td> 550 </tr> 551 </table> 552 <p>* AOSP </p> 553 554 <h3 id="remote_code_execution_vulnerability_in_bluetooth"> 555 Bluetooth </h3> 556 557 558 <p>Bluetooth Bluetooth Bluetooth </p> 559 <table> 560 <col width="19%"> 561 <col width="16%"> 562 <col width="10%"> 563 <col width="19%"> 564 <col width="18%"> 565 <col width="16%"> 566 <tr> 567 <th>CVE</th> 568 <th>Android </th> 569 <th></th> 570 <th> Nexus </th> 571 <th> AOSP </th> 572 <th></th> 573 </tr> 574 <tr> 575 <td>CVE-2016-2439</td> 576 <td><a href="https://android.googlesource.com/platform/system/bt/+/9b534de2aca5d790c2a1c4d76b545f16137d95dd"> 577 27411268</a></td> 578 <td></td> 579 <td><a href="#nexus_devices"> Nexus</a></td> 580 <td>4.4.45.0.25.1.16.06.0.1</td> 581 <td>2016 2 28 </td> 582 </tr> 583 </table> 584 585 586 <h3 id="elevation_of_privilege_vulnerability_in_binder"> 587 Binder </h3> 588 589 590 <p>Binder Binder Binder </p> 591 <table> 592 <col width="19%"> 593 <col width="16%"> 594 <col width="10%"> 595 <col width="19%"> 596 <col width="18%"> 597 <col width="16%"> 598 <tr> 599 <th>CVE</th> 600 <th>Android </th> 601 <th></th> 602 <th> Nexus </th> 603 <th> AOSP </th> 604 <th></th> 605 </tr> 606 <tr> 607 <td>CVE-2016-2440</td> 608 <td><a href="https://android.googlesource.com/platform/frameworks/native/+/a59b827869a2ea04022dd225007f29af8d61837a"> 609 27252896</a></td> 610 <td></td> 611 <td><a href="#nexus_devices"> Nexus</a></td> 612 <td>4.4.45.0.25.1.16.06.0.1</td> 613 <td>2016 2 18 </td> 614 </tr> 615 </table> 616 617 618 <h3 id="elevation_of_privilege_vulnerability_in_qualcomm_buspm_driver"> 619 Qualcomm Buspm </h3> 620 621 622 <p>Qualcomm Buspm </p> 623 <table> 624 <col width="19%"> 625 <col width="16%"> 626 <col width="10%"> 627 <col width="27%"> 628 <col width="16%"> 629 <tr> 630 <th>CVE</th> 631 <th>Android </th> 632 <th></th> 633 <th> Nexus </th> 634 <th></th> 635 </tr> 636 <tr> 637 <td>CVE-2016-2441</td> 638 <td>26354602*</td> 639 <td></td> 640 <td>Nexus 5XNexus 6Nexus 6P</td> 641 <td>2015 12 30 </td> 642 </tr> 643 <tr> 644 <td>CVE-2016-2442</td> 645 <td>26494907*</td> 646 <td></td> 647 <td>Nexus 5XNexus 6Nexus 6P</td> 648 <td>2015 12 30 </td> 649 </tr> 650 </table> 651 <p>* AOSP <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus </p> 652 653 <h3 id="elevation_of_privilege_vulnerability_in_qualcomm_mdp_driver"> 654 Qualcomm MDP </h3> 655 656 657 <p>Qualcomm MDP </p> 658 <table> 659 <col width="19%"> 660 <col width="16%"> 661 <col width="10%"> 662 <col width="27%"> 663 <col width="16%"> 664 <tr> 665 <th>CVE</th> 666 <th>Android </th> 667 <th></th> 668 <th> Nexus </th> 669 <th></th> 670 </tr> 671 <tr> 672 <td>CVE-2016-2443</td> 673 <td>26404525*</td> 674 <td></td> 675 <td>Nexus 5Nexus 72013</td> 676 <td>2016 1 5 </td> 677 </tr> 678 </table> 679 <p>* AOSP <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus </p> 680 681 <h3 id="elevation_of_privilege_vulnerability_in_qualcomm_wi-fi_driver"> 682 Qualcomm Wi-Fi </h3> 683 684 685 <p>Qualcomm Wi-Fi <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">signature</a> <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">signatureOrSystem</a> </p> 686 <table> 687 <col width="19%"> 688 <col width="16%"> 689 <col width="10%"> 690 <col width="27%"> 691 <col width="16%"> 692 <tr> 693 <th>CVE</th> 694 <th>Android </th> 695 <th></th> 696 <th> Nexus </th> 697 <th></th> 698 </tr> 699 <tr> 700 <td>CVE-2015-0571</td> 701 <td>26763920*</td> 702 <td></td> 703 <td>Nexus 5XNexus 72013</td> 704 <td>2016 1 25 </td> 705 </tr> 706 </table> 707 <p>* AOSP <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus </p> 708 709 <h3 id="elevation_of_privilege_vulnerability_in_nvidia_video_driver"> 710 NVIDIA </h3> 711 712 713 <p>NVIDIA </p> 714 <table> 715 <col width="19%"> 716 <col width="16%"> 717 <col width="10%"> 718 <col width="27%"> 719 <col width="16%"> 720 <tr> 721 <th>CVE</th> 722 <th>Android </th> 723 <th></th> 724 <th> Nexus </th> 725 <th></th> 726 </tr> 727 <tr> 728 <td>CVE-2016-2444</td> 729 <td>27208332*</td> 730 <td></td> 731 <td>Nexus 9</td> 732 <td>2016 2 16 </td> 733 </tr> 734 <tr> 735 <td>CVE-2016-2445</td> 736 <td>27253079*</td> 737 <td></td> 738 <td>Nexus 9</td> 739 <td>2016 2 17 </td> 740 </tr> 741 <tr> 742 <td>CVE-2016-2446</td> 743 <td>27441354*</td> 744 <td></td> 745 <td>Nexus 9</td> 746 <td>2016 3 1 </td> 747 </tr> 748 </table> 749 <p>* AOSP <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus </p> 750 751 <h3 id="elevation_of_privilege_vulnerability_in_wi-fi"> 752 Wi-Fi </h3> 753 754 755 <p>Wi-Fi <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">signature</a> <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">signatureOrSystem</a> </p> 756 757 <p><strong></strong>: MITRE CVE CVE-2016-2447 CVE-2016-4477 </p> 758 759 <table> 760 <col width="19%"> 761 <col width="16%"> 762 <col width="10%"> 763 <col width="19%"> 764 <col width="18%"> 765 <col width="16%"> 766 <tr> 767 <th>CVE</th> 768 <th>Android </th> 769 <th></th> 770 <th> Nexus </th> 771 <th> AOSP </th> 772 <th></th> 773 </tr> 774 <tr> 775 <td>CVE-2016-4477</td> 776 <td><a href="https://android.googlesource.com/platform/external/wpa_supplicant_8/+/b79e09574e50e168dd5f19d540ae0b9a05bd1535"> 777 27371366</a> 778 [<a href="https://android.googlesource.com/platform/external/wpa_supplicant_8/+/b845b81ec6d724bd359cdb77f515722dd4066cf8">2</a>] 779 </td> 780 <td></td> 781 <td><a href="#nexus_devices"> Nexus</a></td> 782 <td>4.4.45.0.25.1.16.06.0.1</td> 783 <td>2016 2 24 </td> 784 </tr> 785 </table> 786 787 788 <h3 id="elevation_of_privilege_vulnerability_in_mediaserver"> 789 </h3> 790 791 792 <p> <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">signature</a> <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">signatureOrSystem</a> </p> 793 <table> 794 <col width="19%"> 795 <col width="16%"> 796 <col width="10%"> 797 <col width="19%"> 798 <col width="18%"> 799 <col width="16%"> 800 <tr> 801 <th>CVE</th> 802 <th>Android </th> 803 <th></th> 804 <th> Nexus </th> 805 <th> AOSP </th> 806 <th></th> 807 </tr> 808 <tr> 809 <td>CVE-2016-2448</td> 810 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/a2d1d85726aa2a3126e9c331a8e00a8c319c9e2b"> 811 27533704</a></td> 812 <td></td> 813 <td><a href="#nexus_devices"> Nexus</a></td> 814 <td>4.4.45.0.25.1.16.06.0.1</td> 815 <td>2016 3 7 </td> 816 </tr> 817 <tr> 818 <td>CVE-2016-2449</td> 819 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/b04aee833c5cfb6b31b8558350feb14bb1a0f353"> 820 27568958</a></td> 821 <td></td> 822 <td><a href="#nexus_devices"> Nexus</a></td> 823 <td>4.4.45.0.25.1.16.06.0.1</td> 824 <td>2016 3 9 </td> 825 </tr> 826 <tr> 827 <td>CVE-2016-2450</td> 828 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/7fd96ebfc4c9da496c59d7c45e1f62be178e626d"> 829 27569635</a></td> 830 <td></td> 831 <td><a href="#nexus_devices"> Nexus</a></td> 832 <td>4.4.45.0.25.1.16.06.0.1</td> 833 <td>2016 3 9 </td> 834 </tr> 835 <tr> 836 <td>CVE-2016-2451</td> 837 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/f9ed2fe6d61259e779a37d4c2d7edb33a1c1f8ba"> 838 27597103</a></td> 839 <td></td> 840 <td><a href="#nexus_devices"> Nexus</a></td> 841 <td>4.4.45.0.25.1.16.06.0.1</td> 842 <td>2016 3 10 </td> 843 </tr> 844 <tr> 845 <td>CVE-2016-2452</td> 846 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/44749eb4f273f0eb681d0fa013e3beef754fa687"> 847 27662364</a> 848 [<a href="https://android.googlesource.com/platform/frameworks/av/+/65756b4082cd79a2d99b2ccb5b392291fd53703f">2</a>] 849 [<a href="https://android.googlesource.com/platform/frameworks/av/+/daa85dac2055b22dabbb3b4e537597e6ab73a866">3</a>] 850 </td> 851 <td></td> 852 <td><a href="#nexus_devices"> Nexus</a></td> 853 <td>4.4.45.0.25.1.16.06.0.1</td> 854 <td>2016 3 14 </td> 855 </tr> 856 </table> 857 858 859 <h3 id="elevation_of_privilege_vulnerability_in_mediatek_wi-fi_driver"> 860 MediaTek Wi-Fi </h3> 861 862 863 <p>MediaTek Wi-Fi </p> 864 <table> 865 <col width="19%"> 866 <col width="16%"> 867 <col width="10%"> 868 <col width="27%"> 869 <col width="16%"> 870 <tr> 871 <th>CVE</th> 872 <th>Android </th> 873 <th></th> 874 <th> Nexus </th> 875 <th></th> 876 </tr> 877 <tr> 878 <td>CVE-2016-2453</td> 879 <td>27549705*</td> 880 <td></td> 881 <td>Android One</td> 882 <td>2016 3 8 </td> 883 </tr> 884 </table> 885 <p>* AOSP <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus </p> 886 887 <h3 id="remote_denial_of_service_vulnerability_in_qualcomm_hardware_codec"> 888 Qualcomm </h3> 889 890 891 <p> Qualcomm </p> 892 <table> 893 <col width="19%"> 894 <col width="16%"> 895 <col width="10%"> 896 <col width="27%"> 897 <col width="16%"> 898 <tr> 899 <th>CVE</th> 900 <th>Android </th> 901 <th></th> 902 <th> Nexus </th> 903 <th></th> 904 </tr> 905 <tr> 906 <td>CVE-2016-2454</td> 907 <td>26221024*</td> 908 <td></td> 909 <td>Nexus 5</td> 910 <td>2015 12 16 </td> 911 </tr> 912 </table> 913 <p>* AOSP <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus </p> 914 915 <h3 id="elevation_of_privilege_vulnerability_in_conscrypt"> 916 Conscrypt </h3> 917 918 919 <p>Conscrypt </p> 920 <table> 921 <col width="19%"> 922 <col width="16%"> 923 <col width="10%"> 924 <col width="19%"> 925 <col width="18%"> 926 <col width="16%"> 927 <tr> 928 <th>CVE</th> 929 <th>Android </th> 930 <th></th> 931 <th> Nexus </th> 932 <th> AOSP </th> 933 <th></th> 934 </tr> 935 <tr> 936 <td>CVE-2016-2461</td> 937 <td><a href="https://android.googlesource.com/platform/external/conscrypt/+/50d0447566db4a77d78d592f1c1b5d31096fac8f"> 938 27324690</a> 939 [<a href="https://android.googlesource.com/platform/external/conscrypt/+/1638945d4ed9403790962ec7abed1b7a232a9ff8">2</a>] 940 </td> 941 <td></td> 942 <td><a href="#nexus_devices"> Nexus</a></td> 943 <td>6.06.0.1</td> 944 <td>Google </td> 945 </tr> 946 <tr> 947 <td>CVE-2016-2462</td> 948 <td><a href="https://android.googlesource.com/platform/external/conscrypt/+/8bec47d2184fca7e8b7337d2a65b2b75a9bc8f54"> 949 27371173</a></td> 950 <td></td> 951 <td><a href="#nexus_devices"> Nexus</a></td> 952 <td>6.06.0.1</td> 953 <td>Google </td> 954 </tr> 955 </table> 956 957 958 <h3 id="elevation_of_privilege_vulnerability_in_openssl_&_boringssl"> 959 OpenSSL BoringSSL </h3> 960 961 962 <p>OpenSSL BoringSSL </p> 963 <table> 964 <col width="19%"> 965 <col width="16%"> 966 <col width="10%"> 967 <col width="19%"> 968 <col width="18%"> 969 <col width="16%"> 970 <tr> 971 <th>CVE</th> 972 <th>Android </th> 973 <th></th> 974 <th> Nexus </th> 975 <th> AOSP </th> 976 <th></th> 977 </tr> 978 <tr> 979 <td>CVE-2016-0705</td> 980 <td><a href="https://android.googlesource.com/platform/external/boringssl/+/591be84e89682622957c8f103ca4be3a5ed0f800"> 981 27449871</a></td> 982 <td></td> 983 <td><a href="#nexus_devices"> Nexus</a></td> 984 <td>4.4.45.0.25.1.16.06.0.1</td> 985 <td>2016 2 7 </td> 986 </tr> 987 </table> 988 989 990 <h3 id="elevation_of_privilege_vulnerability_in_mediatek_wi-fi_driver"> 991 MediaTek Wi-Fi </h3> 992 993 994 <p>MediaTek Wi-Fi </p> 995 <table> 996 <col width="19%"> 997 <col width="16%"> 998 <col width="10%"> 999 <col width="27%"> 1000 <col width="16%"> 1001 <tr> 1002 <th>CVE</th> 1003 <th>Android </th> 1004 <th></th> 1005 <th> Nexus </th> 1006 <th></th> 1007 </tr> 1008 <tr> 1009 <td>CVE-2016-2456</td> 1010 <td>27275187*</td> 1011 <td></td> 1012 <td>Android One</td> 1013 <td>2016 2 19 </td> 1014 </tr> 1015 </table> 1016 <p>* AOSP <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus </p> 1017 1018 <h3 id="elevation_of_privilege_vulnerability_in_wi-fi"> 1019 Wi-Fi </h3> 1020 1021 1022 <p>Wi-Fi Wi-Fi <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel"></a> </p> 1023 <table> 1024 <col width="19%"> 1025 <col width="16%"> 1026 <col width="10%"> 1027 <col width="19%"> 1028 <col width="18%"> 1029 <col width="16%"> 1030 <tr> 1031 <th>CVE</th> 1032 <th>Android </th> 1033 <th></th> 1034 <th> Nexus </th> 1035 <th> AOSP </th> 1036 <th></th> 1037 </tr> 1038 <tr> 1039 <td>CVE-2016-2457</td> 1040 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/12332e05f632794e18ea8c4ac52c98e82532e5db"> 1041 27411179</a></td> 1042 <td></td> 1043 <td><a href="#nexus_devices"> Nexus</a></td> 1044 <td>5.0.25.1.16.06.0.1</td> 1045 <td>2016 2 29 </td> 1046 </tr> 1047 </table> 1048 1049 1050 <h3 id="information_disclosure_vulnerability_in_aosp_mail"> 1051 AOSP </h3> 1052 1053 1054 <p>AOSP </p> 1055 <table> 1056 <col width="19%"> 1057 <col width="16%"> 1058 <col width="10%"> 1059 <col width="19%"> 1060 <col width="18%"> 1061 <col width="16%"> 1062 <tr> 1063 <th>CVE</th> 1064 <th>Android </th> 1065 <th></th> 1066 <th> Nexus </th> 1067 <th> AOSP </th> 1068 <th></th> 1069 </tr> 1070 <tr> 1071 <td>CVE-2016-2458</td> 1072 <td><a href="https://android.googlesource.com/platform/packages/apps/UnifiedEmail/+/a55168330d9326ff2120285763c818733590266a"> 1073 27335139</a> 1074 [<a href="https://android.googlesource.com/platform/packages/apps/Email/+/2791f0b33b610247ef87278862e66c6045f89693">2</a>] 1075 </td> 1076 <td></td> 1077 <td><a href="#nexus_devices"> Nexus</a></td> 1078 <td>5.0.25.1.16.06.0.1</td> 1079 <td>2016 2 23 </td> 1080 </tr> 1081 </table> 1082 1083 1084 <h3 id="information_disclosure_vulnerability_in_mediaserver"> 1085 </h3> 1086 1087 1088 <p></p> 1089 <table> 1090 <col width="19%"> 1091 <col width="16%"> 1092 <col width="10%"> 1093 <col width="19%"> 1094 <col width="18%"> 1095 <col width="16%"> 1096 <tr> 1097 <th>CVE</th> 1098 <th>Android </th> 1099 <th></th> 1100 <th> Nexus </th> 1101 <th> AOSP </th> 1102 <th></th> 1103 </tr> 1104 <tr> 1105 <td>CVE-2016-2459</td> 1106 <td><a href="https://android.googlesource.com/platform/frameworks/native/+/a30d7d90c4f718e46fb41a99b3d52800e1011b73"> 1107 27556038</a></td> 1108 <td></td> 1109 <td><a href="#nexus_devices"> Nexus</a></td> 1110 <td>4.4.45.0.25.1.16.06.0.1</td> 1111 <td>2016 3 7 </td> 1112 </tr> 1113 <tr> 1114 <td>CVE-2016-2460</td> 1115 <td><a href="https://android.googlesource.com/platform/frameworks/native/+/a30d7d90c4f718e46fb41a99b3d52800e1011b73"> 1116 27555981</a></td> 1117 <td></td> 1118 <td><a href="#nexus_devices"> Nexus</a></td> 1119 <td>4.4.45.0.25.1.16.06.0.1</td> 1120 <td>2016 3 7 </td> 1121 </tr> 1122 </table> 1123 1124 1125 <h3 id="denial_of_service_vulnerability_in_kernel"></h3> 1126 1127 1128 <p></p> 1129 <table> 1130 <col width="19%"> 1131 <col width="16%"> 1132 <col width="10%"> 1133 <col width="27%"> 1134 <col width="16%"> 1135 <tr> 1136 <th>CVE</th> 1137 <th>Android </th> 1138 <th></th> 1139 <th> Nexus </th> 1140 <th></th> 1141 </tr> 1142 <tr> 1143 <td>CVE-2016-0774</td> 1144 <td>27721803*</td> 1145 <td></td> 1146 <td><a href="#nexus_devices"> Nexus</a></td> 1147 <td>2016 3 17 </td> 1148 </tr> 1149 </table> 1150 <p>* <a href="https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/fs/pipe.c?id=b381fbc509052d07ccf8641fd7560a25d46aaf1e">Linux </a></p> 1151 1152 <h2 id="common_questions_and_answers"></h2> 1153 1154 1155 <p></p> 1156 1157 <p><strong>1. </strong></p> 1158 1159 <p> 2016 5 1 <a href="https://support.google.com/nexus/answer/4457705">Nexus </a> [ro.build.version.security_patch]:[2016-05-01] </p> 1160 1161 <p id="nexus_devices"><strong>2. Nexus </strong></p> 1162 1163 <p><a href="security_vulnerability_details"></a> Nexus Nexus </p> 1164 1165 <ul> 1166 <li> <strong> Nexus </strong>: Nexus Nexus <em></em> Nexus Nexus<a href="https://support.google.com/nexus/answer/4457705#nexus_devices"></a>Nexus 5Nexus 5XNexus 6Nexus 6PNexus 72013Nexus 9Android OneNexus PlayerPixel C<li> <strong> Nexus </strong>: Nexus Nexus Nexus <em></em></li> 1167 <li> <strong> Nexus </strong>: Nexus Nexus <em></em></li> 1168 </li></ul> 1169 1170 <p><strong>3. CVE-2015-1805 </strong></p> 1171 <p>CVE-2015-1805 <a href="/security/advisory/2016-03-18.html">Android - 2016 3 18 </a> 4 2016 4 1 CVE-2015-1805 <a href="2016-04-02.html">Nexus - 2016 4 </a>CVE-2015-1805 2016 5 1 </p> 1172 <h2 id="revisions"></h2> 1173 1174 1175 <ul> 1176 <li>2016 5 2 : </li> 1177 <li>2016 5 4 :<ul> 1178 <li> AOSP 1179 <li> Nexus Nexus Player Pixel C <li>MITRE CVE-2016-2447 CVE-2016-4477 </li></li></li></ul> 1180 </li> 1181 </ul> 1182 1183 </body> 1184 </html> 1185
