1 <html devsite> 2 <head> 3 <title>Android - 2016 6 </title> 4 <meta name="project_path" value="/_project.yaml" /> 5 <meta name="book_path" value="/_book.yaml" /> 6 </head> 7 <body> 8 <!-- 9 Copyright 2017 The Android Open Source Project 10 11 Licensed under the Apache License, Version 2.0 (the "License"); 12 you may not use this file except in compliance with the License. 13 You may obtain a copy of the License at 14 15 http://www.apache.org/licenses/LICENSE-2.0 16 17 Unless required by applicable law or agreed to in writing, software 18 distributed under the License is distributed on an "AS IS" BASIS, 19 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 20 See the License for the specific language governing permissions and 21 limitations under the License. 22 --> 23 24 25 26 <p><em>2016 6 6 | 2016 6 8 </em></p> 27 28 <p>Android Android Nexus OTANexus <a href="https://developers.google.com/android/nexus/images">Google </a>2016 6 1 <a href="https://support.google.com/nexus/answer/4457705#nexus_devices">Nexus </a></p> 29 30 <p> 2016 5 2 Android AOSP</p> 31 32 <p>MMS </p> 33 34 <p><a href="#mitigations">Android </a> SafetyNet <a href="/security/enhancements/index.html">Android Google </a>Android </p> 35 36 <p></p> 37 38 <h2 id="security_vulnerability_summary"></h2> 39 40 41 <p>CVENexus <a href="/security/overview/updates-resources.html#severity"></a></p> 42 <table> 43 <col width="55%"> 44 <col width="20%"> 45 <col width="13%"> 46 <col width="12%"> 47 <tr> 48 <th></th> 49 <th>CVE</th> 50 <th></th> 51 <th>Nexus </th> 52 </tr> 53 <tr> 54 <td></td> 55 <td>CVE-2016-2463</td> 56 <td></td> 57 <td></td> 58 </tr> 59 <tr> 60 <td>libwebm </td> 61 <td>CVE-2016-2464</td> 62 <td></td> 63 <td></td> 64 </tr> 65 <tr> 66 <td>Qualcomm </td> 67 <td>CVE-2016-2465</td> 68 <td></td> 69 <td></td> 70 </tr> 71 <tr> 72 <td>Qualcomm </td> 73 <td>CVE-2016-2466<br>CVE-2016-2467</td> 74 <td></td> 75 <td></td> 76 </tr> 77 <tr> 78 <td>Qualcomm GPU </td> 79 <td>CVE-2016-2468<br>CVE-2016-2062</td> 80 <td></td> 81 <td></td> 82 </tr> 83 <tr> 84 <td>Qualcomm Wi-Fi </td> 85 <td>CVE-2016-2474</td> 86 <td></td> 87 <td></td> 88 </tr> 89 <tr> 90 <td>Broadcom Wi-Fi </td> 91 <td>CVE-2016-2475</td> 92 <td></td> 93 <td></td> 94 </tr> 95 <tr> 96 <td>Qualcomm </td> 97 <td>CVE-2016-2066<br>CVE-2016-2469</td> 98 <td></td> 99 <td></td> 100 </tr> 101 <tr> 102 <td></td> 103 <td>CVE-2016-2476<br>CVE-2016-2477<br>CVE-2016-2478<br>CVE-2016-2479<br>CVE-2016-2480<br>CVE-2016-2481<br>CVE-2016-2482<br>CVE-2016-2483<br>CVE-2016-2484<br>CVE-2016-2485<br>CVE-2016-2486<br>CVE-2016-2487</td> 104 <td></td> 105 <td></td> 106 </tr> 107 <tr> 108 <td>Qualcomm </td> 109 <td>CVE-2016-2061<br>CVE-2016-2488</td> 110 <td></td> 111 <td></td> 112 </tr> 113 <tr> 114 <td>Qualcomm </td> 115 <td>CVE-2016-2489</td> 116 <td></td> 117 <td></td> 118 </tr> 119 <tr> 120 <td>NVIDIA </td> 121 <td>CVE-2016-2490<br>CVE-2016-2491</td> 122 <td></td> 123 <td></td> 124 </tr> 125 <tr> 126 <td>Qualcomm Wi-Fi </td> 127 <td>CVE-2016-2470<br>CVE-2016-2471<br>CVE-2016-2472<br>CVE-2016-2473</td> 128 <td></td> 129 <td></td> 130 </tr> 131 <tr> 132 <td>MediaTek </td> 133 <td>CVE-2016-2492</td> 134 <td></td> 135 <td></td> 136 </tr> 137 <tr> 138 <td>SD </td> 139 <td>CVE-2016-2494</td> 140 <td></td> 141 <td></td> 142 </tr> 143 <tr> 144 <td>Broadcom Wi-Fi </td> 145 <td>CVE-2016-2493</td> 146 <td></td> 147 <td></td> 148 </tr> 149 <tr> 150 <td></td> 151 <td>CVE-2016-2495</td> 152 <td></td> 153 <td></td> 154 </tr> 155 <tr> 156 <td> UI </td> 157 <td>CVE-2016-2496</td> 158 <td></td> 159 <td></td> 160 </tr> 161 <tr> 162 <td>Qualcomm Wi-Fi </td> 163 <td>CVE-2016-2498</td> 164 <td></td> 165 <td></td> 166 </tr> 167 <tr> 168 <td></td> 169 <td>CVE-2016-2499</td> 170 <td></td> 171 <td></td> 172 </tr> 173 <tr> 174 <td> </td> 175 <td>CVE-2016-2500</td> 176 <td></td> 177 <td></td> 178 </tr> 179 </table> 180 181 182 <h2 id="mitigations">Android Google </h2> 183 184 185 <p><a href="/security/enhancements/index.html">Android </a> SafetyNet Android </p> 186 187 <ul> 188 <li>Android Android Google Android 189 <li>Android <a href="/security/reports/Google_Android_Security_2015_Report_Final.pdf"> SafetyNet</a> <a href="/security/reports/Google_Android_Security_PHA_classifications.pdf"></a><a href="http://www.android.com/gms">Google </a>Google Play Google Play 190 <li>Google 191 </li></li></li></ul> 192 193 <h2 id="acknowledgements"></h2> 194 195 196 <p></p> 197 198 <ul> 199 <li>KeenLab<a href="https://twitter.com/keen_lab">@keen_lab</a>Tencent Di Shen<a href="https://twitter.com/returnsme">@returnsme</a>: CVE-2016-2468<li> <a href="http://bits-please.blogspot.com">Gal Beniamini</a><a href="https://twitter.com/laginimaineb">@laginimaineb</a>: CVE-2016-2476<li>IceSword LabQihoo 360Technology Co. Ltd. Gengjia Chen<a href="https://twitter.com/chengjia4574">@chengjia4574</a>pjf<a href="http://weibo.com/jfpan">weibo.com/jfpan</a>: CVE-2016-2492<li>Mobile Safe TeamQihoo 360 Technology Co. Ltd. Hao ChenGuang GongWenlin Yang: CVE-2016-2470CVE-2016-2471CVE-2016-2472CVE-2016-2473CVE-2016-2498<li> <a href="http://www.iwobanas.com">Iwo Banas</a>: CVE-2016-2496<li>IceSword LabQihoo 360 Technology Co. Ltd. Jianqiang Zhao<a href="https://twitter.com/jianqiangzhao">@jianqiangzhao</a> pjf<a href="http://weibo.com/jfpan">weibo.com/jfpan</a>: CVE-2016-2490, CVE-2016-2491<li>Google Lee Campbell: CVE-2016-2500<li>Google Maciej Szawowski: CVE-2016-2474<li>Google Marco Nelissen Max Spector: CVE-2016-2487<li>Google Project Zero Mark Brand: CVE-2016-2494<li><a href="http://c0reteam.org">C0RE Team</a> Mingjian Zhou<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>Chiachih Wu<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>Xuxian Jiang: CVE-2016-2477CVE-2016-2478CVE-2016-2479CVE-2016-2480CVE-2016-2481CVE-2016-2482CVE-2016-2483CVE-2016-2484CVE-2016-2485CVE-2016-2486<li> <a href="mailto:sbauer (a] plzdonthack.me">Scott Bauer</a><a href="https://twitter.com/ScottyBauer1">@ScottyBauer1</a>: CVE-2016-2066CVE-2016-2061CVE-2016-2465CVE-2016-2469CVE-2016-2489<li>Vasily Vasilev: CVE-2016-2463<li>Alibaba Inc. Weichao Sun<a href="https://twitter.com/sunblate">@sunblate</a>: CVE-2016-2495<li>Tencent Security Platform Department Xiling Gong: CVE-2016-2499<li>Android Zach Riggle<a href="https://twitter.com/ebeip90">@ebeip90</a>: CVE-2016-2493</li></li></li></li></li></li></li></li></li></li></li></li></li></li></li></li></ul> 200 201 <h2 id="security_vulnerability_details"></h2> 202 203 204 <p><a href="#security_vulnerability_summary"></a>CVE Android Nexus AOSP ID AOSP ID AOSP </p> 205 206 <h3 id="remote_code_execution_vulnerability_in_mediaserver"></h3> 207 208 209 <p> </p> 210 211 <p> 212 MMS 213 </p> 214 <table> 215 <col width="19%"> 216 <col width="16%"> 217 <col width="10%"> 218 <col width="19%"> 219 <col width="18%"> 220 <col width="16%"> 221 <tr> 222 <th>CVE</th> 223 <th>Android </th> 224 <th></th> 225 <th> Nexus </th> 226 <th> AOSP </th> 227 <th></th> 228 </tr> 229 <tr> 230 <td>CVE-2016-2463</td> 231 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/2b6f22dc64d456471a1dc6df09d515771d1427c8">27855419</a></td> 232 <td></td> 233 <td><a href="#nexus_devices"> Nexus</a></td> 234 <td>4.4.45.0.25.1.16.06.0.1</td> 235 <td>2016 3 25 </td> 236 </tr> 237 </table> 238 239 240 <h3 id="remote_code_execution_vulnerabilities_in_libwebm">libwebm </h3> 241 242 243 <p>libwebm </p> 244 245 <p> 246 MMS 247 </p> 248 <table> 249 <col width="19%"> 250 <col width="16%"> 251 <col width="10%"> 252 <col width="19%"> 253 <col width="18%"> 254 <col width="16%"> 255 <tr> 256 <th>CVE</th> 257 <th>Android </th> 258 <th></th> 259 <th> Nexus </th> 260 <th> AOSP </th> 261 <th></th> 262 </tr> 263 <tr> 264 <td>CVE-2016-2464</td> 265 <td><a href="https://android.googlesource.com/platform/external/libvpx/+/cc274e2abe8b2a6698a5c47d8aa4bb45f1f9538d">23167726</a> 266 [<a href="https://android.googlesource.com/platform/external/libvpx/+/65c49d5b382de4085ee5668732bcb0f6ecaf7148">2</a>] 267 </td> 268 <td></td> 269 <td><a href="#nexus_devices"> Nexus</a></td> 270 <td>4.4.45.0.25.1.16.06.0.1</td> 271 <td>Google </td> 272 </tr> 273 </table> 274 275 276 <h3 id="elevation_of_privilege_vulnerability_in_qualcomm_video_driver">Qualcomm </h3> 277 278 279 <p>Qualcomm </p> 280 <table> 281 <col width="19%"> 282 <col width="16%"> 283 <col width="10%"> 284 <col width="27%"> 285 <col width="16%"> 286 <tr> 287 <th>CVE</th> 288 <th>Android </th> 289 <th></th> 290 <th> Nexus </th> 291 <th></th> 292 </tr> 293 <tr> 294 <td>CVE-2016-2465</td> 295 <td>27407865*</td> 296 <td></td> 297 <td>Nexus 5Nexus 5XNexus 6Nexus 6P</td> 298 <td>2016 2 21 </td> 299 </tr> 300 </table> 301 <p>* AOSP <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 302 </p> 303 304 <h3 id="elevation_of_privilege_vulnerability_in_qualcomm_sound_driver">Qualcomm </h3> 305 306 <p>Qualcomm </p> 307 308 <table> 309 <col width="19%"> 310 <col width="16%"> 311 <col width="10%"> 312 <col width="27%"> 313 <col width="16%"> 314 <tr> 315 <th>CVE</th> 316 <th>Android </th> 317 <th></th> 318 <th> Nexus </th> 319 <th></th> 320 </tr> 321 <tr> 322 <td>CVE-2016-2466</td> 323 <td>27947307*</td> 324 <td></td> 325 <td>Nexus 6</td> 326 <td>2016 2 27 </td> 327 </tr> 328 <tr> 329 <td>CVE-2016-2467</td> 330 <td>28029010*</td> 331 <td></td> 332 <td>Nexus 5</td> 333 <td>2014 3 13 </td> 334 </tr> 335 </table> 336 <p>* AOSP <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 337 </p> 338 339 <h3 id="elevation_of_privilege_vulnerability_in_qualcomm_gpu_driver">Qualcomm GPU </h3> 340 341 342 <p>Qualcomm GPU </p> 343 344 <table> 345 <col width="19%"> 346 <col width="16%"> 347 <col width="10%"> 348 <col width="27%"> 349 <col width="16%"> 350 <tr> 351 <th>CVE</th> 352 <th>Android </th> 353 <th></th> 354 <th> Nexus </th> 355 <th></th> 356 </tr> 357 <tr> 358 <td>CVE-2016-2468</td> 359 <td>27475454*</td> 360 <td></td> 361 <td>Nexus 5Nexus 5XNexus 6Nexus 6PNexus 7</td> 362 <td>2016 3 2 </td> 363 </tr> 364 <tr> 365 <td>CVE-2016-2062</td> 366 <td>27364029*</td> 367 <td></td> 368 <td>Nexus 5XNexus 6P</td> 369 <td>2016 3 6 </td> 370 </tr> 371 </table> 372 <p>* AOSP <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 373 </p> 374 375 376 <h3 id="elevation_of_privilege_vulnerability_in_qualcomm_wi-fi_driver"> 377 Qualcomm Wi-Fi </h3> 378 379 380 <p>Qualcomm Wi-Fi </p> 381 <table> 382 <col width="19%"> 383 <col width="16%"> 384 <col width="10%"> 385 <col width="27%"> 386 <col width="16%"> 387 <tr> 388 <th>CVE</th> 389 <th>Android </th> 390 <th></th> 391 <th> Nexus </th> 392 <th></th> 393 </tr> 394 <tr> 395 <td>CVE-2016-2474</td> 396 <td>27424603*</td> 397 <td></td> 398 <td>Nexus 5X</td> 399 <td>Google </td> 400 </tr> 401 </table> 402 <p>* AOSP <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 403 </p> 404 405 406 <h3 id="elevation_of_privilege_vulnerability_in_broadcom_wi-fi_driver">Broadcom Wi-Fi </h3> 407 408 409 <p>Broadcom Wi-Fi </p> 410 <table> 411 <col width="19%"> 412 <col width="16%"> 413 <col width="10%"> 414 <col width="27%"> 415 <col width="16%"> 416 <tr> 417 <th>CVE</th> 418 <th>Android </th> 419 <th></th> 420 <th> Nexus </th> 421 <th></th> 422 </tr> 423 <tr> 424 <td>CVE-2016-2475</td> 425 <td>26425765*</td> 426 <td></td> 427 <td>Nexus 5Nexus 6Nexus 6PNexus 72013Nexus 9Nexus PlayerPixel C</td> 428 <td>2016 6 6 </td> 429 </tr> 430 </table> 431 <p>* AOSP <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 432 </p> 433 434 435 <h3 id="elevation_of_privilege_vulnerability_in_qualcomm_sound_driver">Qualcomm </h3> 436 437 438 <p>Qualcomm </p> 439 440 <table> 441 <col width="19%"> 442 <col width="16%"> 443 <col width="10%"> 444 <col width="27%"> 445 <col width="16%"> 446 <tr> 447 <th>CVE</th> 448 <th>Android </th> 449 <th></th> 450 <th> Nexus </th> 451 <th></th> 452 </tr> 453 <tr> 454 <td>CVE-2016-2066</td> 455 <td>26876409*</td> 456 <td></td> 457 <td>Nexus 5Nexus 5XNexus 6Nexus 6P</td> 458 <td>2016 1 29 </td> 459 </tr> 460 <tr> 461 <td>CVE-2016-2469</td> 462 <td>27531992*</td> 463 <td></td> 464 <td>Nexus 5Nexus 6Nexus 6P</td> 465 <td>2016 3 4 </td> 466 </tr> 467 </table> 468 <p>* AOSP <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 469 </p> 470 471 472 <h3 id="elevation_of_privilege_vulnerability_in_mediaserver"> 473 </h3> 474 475 476 <p> <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">signature</a> <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">signatureOrSystem</a> </p> 477 478 <table> 479 <col width="19%"> 480 <col width="16%"> 481 <col width="10%"> 482 <col width="19%"> 483 <col width="18%"> 484 <col width="16%"> 485 <tr> 486 <th>CVE</th> 487 <th>Android </th> 488 <th></th> 489 <th> Nexus </th> 490 <th> AOSP </th> 491 <th></th> 492 </tr> 493 <tr> 494 <td>CVE-2016-2476</td> 495 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/295c883fe3105b19bcd0f9e07d54c6b589fc5bff">27207275</a> 496 [<a href="https://android.googlesource.com/platform/frameworks/av/+/94d9e646454f6246bf823b6897bd6aea5f08eda3">2</a>] 497 [<a href="https://android.googlesource.com/platform/frameworks/av/+/0bb5ced60304da7f61478ffd359e7ba65d72f181">3</a>] 498 [<a href="https://android.googlesource.com/platform/frameworks/av/+/db829699d3293f254a7387894303451a91278986">4</a>] 499 </td> 500 <td></td> 501 <td><a href="#nexus_devices"> Nexus</a></td> 502 <td>4.4.45.0.25.1.16.06.0.1</td> 503 <td>2016 2 11 </td> 504 </tr> 505 <tr> 506 <td>CVE-2016-2477</td> 507 <td><a href="https://android.googlesource.com/platform/hardware/qcom/media/+/f22c2a0f0f9e030c240468d9d18b9297f001bcf0">27251096</a> 508 </td> 509 <td></td> 510 <td><a href="#nexus_devices"> Nexus</a></td> 511 <td>4.4.45.0.25.1.16.06.0.1</td> 512 <td>2016 2 17 </td> 513 </tr> 514 <tr> 515 <td>CVE-2016-2478</td> 516 <td><a href="https://android.googlesource.com/platform/hardware/qcom/media/+/f22c2a0f0f9e030c240468d9d18b9297f001bcf0">27475409</a> 517 </td> 518 <td></td> 519 <td><a href="#nexus_devices"> Nexus</a></td> 520 <td>4.4.45.0.25.1.16.06.0.1</td> 521 <td>2016 3 3 </td> 522 </tr> 523 <tr> 524 <td>CVE-2016-2479</td> 525 <td><a href="https://android.googlesource.com/platform/hardware/qcom/media/+/46e305be6e670a5a0041b0b4861122a0f1aabefa">27532282</a> 526 </td> 527 <td></td> 528 <td><a href="#nexus_devices"> Nexus</a></td> 529 <td>4.4.45.0.25.1.16.06.0.1</td> 530 <td>2016 3 6 </td> 531 </tr> 532 <tr> 533 <td>CVE-2016-2480</td> 534 <td><a href="https://android.googlesource.com/platform/hardware/qcom/media/+/560ccdb509a7b86186fac0fce1b25bd9a3e6a6e8">27532721</a> 535 </td> 536 <td></td> 537 <td><a href="#nexus_devices"> Nexus</a></td> 538 <td>4.4.45.0.25.1.16.06.0.1</td> 539 <td>2016 3 6 </td> 540 </tr> 541 <tr> 542 <td>CVE-2016-2481</td> 543 <td><a href="https://android.googlesource.com/platform/hardware/qcom/media/+/89913d7df36dbeb458ce165856bd6505a2ec647d">27532497</a> 544 </td> 545 <td></td> 546 <td><a href="#nexus_devices"> Nexus</a></td> 547 <td>4.4.45.0.25.1.16.06.0.1</td> 548 <td>2016 3 6 </td> 549 </tr> 550 <tr> 551 <td>CVE-2016-2482</td> 552 <td><a href="https://android.googlesource.com/platform/hardware/qcom/media/+/46e305be6e670a5a0041b0b4861122a0f1aabefa">27661749</a> 553 </td> 554 <td></td> 555 <td><a href="#nexus_devices"> Nexus</a></td> 556 <td>4.4.45.0.25.1.16.06.0.1</td> 557 <td>2016 3 14 </td> 558 </tr> 559 <tr> 560 <td>CVE-2016-2483</td> 561 <td><a href="https://android.googlesource.com/platform/hardware/qcom/media/+/89913d7df36dbeb458ce165856bd6505a2ec647d">27662502</a> 562 </td> 563 <td></td> 564 <td><a href="#nexus_devices"> Nexus</a></td> 565 <td>4.4.45.0.25.1.16.06.0.1</td> 566 <td>2016 3 14 </td> 567 </tr> 568 <tr> 569 <td>CVE-2016-2484</td> 570 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/7cea5cb64b83d690fe02bc210bbdf08f5a87636f">27793163</a> 571 </td> 572 <td></td> 573 <td><a href="#nexus_devices"> Nexus</a></td> 574 <td>4.4.45.0.25.1.16.06.0.1</td> 575 <td>2016 3 22 </td> 576 </tr> 577 <tr> 578 <td>CVE-2016-2485</td> 579 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/7cea5cb64b83d690fe02bc210bbdf08f5a87636f">27793367</a> 580 </td> 581 <td></td> 582 <td><a href="#nexus_devices"> Nexus</a></td> 583 <td>4.4.45.0.25.1.16.06.0.1</td> 584 <td>2016 3 22 </td> 585 </tr> 586 <tr> 587 <td>CVE-2016-2486</td> 588 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/ad40e57890f81a3cf436c5f06da66396010bd9e5">27793371</a> 589 </td> 590 <td></td> 591 <td><a href="#nexus_devices"> Nexus</a></td> 592 <td>4.4.45.0.25.1.16.06.0.1</td> 593 <td>2016 3 22 </td> 594 </tr> 595 <tr> 596 <td>CVE-2016-2487</td> 597 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/918eeaa29d99d257282fafec931b4bda0e3bae12">27833616</a> 598 [<a href="https://android.googlesource.com/platform/frameworks/av/+/d2f47191538837e796e2b10c1ff7e1ee35f6e0ab">2</a>] 599 [<a href="https://android.googlesource.com/platform/frameworks/av/+/4e32001e4196f39ddd0b86686ae0231c8f5ed944">3</a>] 600 </td> 601 <td></td> 602 <td><a href="#nexus_devices"> Nexus</a></td> 603 <td>4.4.45.0.25.1.16.06.0.1</td> 604 <td>Google </td> 605 </tr> 606 </table> 607 608 609 <h3 id="elevation_of_privilege_vulnerability_in_qualcomm_camera_driver">Qualcomm </h3> 610 611 612 <p>Qualcomm </p> 613 <table> 614 <col width="19%"> 615 <col width="16%"> 616 <col width="10%"> 617 <col width="27%"> 618 <col width="16%"> 619 <tr> 620 <th>CVE</th> 621 <th>Android </th> 622 <th></th> 623 <th> Nexus </th> 624 <th></th> 625 </tr> 626 <tr> 627 <td>CVE-2016-2061</td> 628 <td>27207747*</td> 629 <td></td> 630 <td>Nexus 5XNexus 6P</td> 631 <td>2016 2 15 </td> 632 </tr> 633 <tr> 634 <td>CVE-2016-2488</td> 635 <td>27600832*</td> 636 <td></td> 637 <td>Nexus 5Nexus 5XNexus 6Nexus 6PNexus 72013</td> 638 <td>Google </td> 639 </tr> 640 </table> 641 <p>* AOSP <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 642 </p> 643 644 645 <h3 id="elevation_of_privilege_vulnerability_in_qualcomm_video_driver_2">Qualcomm </h3> 646 647 648 <p>Qualcomm </p> 649 <table> 650 <col width="19%"> 651 <col width="16%"> 652 <col width="10%"> 653 <col width="27%"> 654 <col width="16%"> 655 <tr> 656 <th>CVE</th> 657 <th>Android </th> 658 <th></th> 659 <th> Nexus </th> 660 <th></th> 661 </tr> 662 <tr> 663 <td>CVE-2016-2489</td> 664 <td>27407629*</td> 665 <td></td> 666 <td>Nexus 5Nexus 5XNexus 6Nexus 6P</td> 667 <td>2016 2 21 </td> 668 </tr> 669 </table> 670 <p>* AOSP <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 671 </p> 672 673 674 <h3 id="elevation_of_privilege_vulnerability_in_nvidia_camera_driver">NVIDIA </h3> 675 676 677 <p>NVIDIA </p> 678 <table> 679 <col width="19%"> 680 <col width="16%"> 681 <col width="10%"> 682 <col width="27%"> 683 <col width="16%"> 684 <tr> 685 <th>CVE</th> 686 <th>Android </th> 687 <th></th> 688 <th> Nexus </th> 689 <th></th> 690 </tr> 691 <tr> 692 <td>CVE-2016-2490</td> 693 <td>27533373*</td> 694 <td></td> 695 <td>Nexus 9</td> 696 <td>2016 3 6 </td> 697 </tr> 698 <tr> 699 <td>CVE-2016-2491</td> 700 <td>27556408*</td> 701 <td></td> 702 <td>Nexus 9</td> 703 <td>2016 3 8 </td> 704 </tr> 705 </table> 706 <p>* AOSP <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 707 </p> 708 709 710 <h3 id="elevation_of_privilege_vulnerability_in_qualcomm_wi-fi_driver_2"> 711 Qualcomm Wi-Fi </h3> 712 713 714 <p>Qualcomm Wi-Fi </p> 715 716 <table> 717 <col width="19%"> 718 <col width="16%"> 719 <col width="10%"> 720 <col width="27%"> 721 <col width="16%"> 722 <tr> 723 <th>CVE</th> 724 <th>Android </th> 725 <th></th> 726 <th> Nexus </th> 727 <th></th> 728 </tr> 729 <tr> 730 <td>CVE-2016-2470</td> 731 <td>27662174*</td> 732 <td></td> 733 <td>Nexus 72013</td> 734 <td>2016 3 13 </td> 735 </tr> 736 <tr> 737 <td>CVE-2016-2471</td> 738 <td>27773913*</td> 739 <td></td> 740 <td>Nexus 72013</td> 741 <td>2016 3 19 </td> 742 </tr> 743 <tr> 744 <td>CVE-2016-2472</td> 745 <td>27776888*</td> 746 <td></td> 747 <td>Nexus 72013</td> 748 <td>2016 3 20 </td> 749 </tr> 750 <tr> 751 <td>CVE-2016-2473</td> 752 <td>27777501*</td> 753 <td></td> 754 <td>Nexus 72013</td> 755 <td>2016 3 20 </td> 756 </tr> 757 </table> 758 <p>* AOSP <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 759 </p> 760 761 762 <h3 id="elevation_of_privilege_vulnerability_in_mediatek_power_management_driver">MediaTek </h3> 763 764 765 <p>MediaTek </p> 766 767 <table> 768 <col width="19%"> 769 <col width="16%"> 770 <col width="10%"> 771 <col width="27%"> 772 <col width="16%"> 773 <tr> 774 <th>CVE</th> 775 <th>Android </th> 776 <th></th> 777 <th> Nexus </th> 778 <th></th> 779 </tr> 780 <tr> 781 <td>CVE-2016-2492</td> 782 <td>28085410*</td> 783 <td></td> 784 <td>Android One</td> 785 <td>2016 4 7 </td> 786 </tr> 787 </table> 788 <p>* AOSP <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 789 </p> 790 791 792 <h3 id="elevation_of_privilege_vulnerability_in_sd_card_emulation_layer">SD </h3> 793 794 795 <p>SD <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">signature</a> <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">signatureOrSystem</a> </p> 796 797 <table> 798 <col width="19%"> 799 <col width="16%"> 800 <col width="10%"> 801 <col width="19%"> 802 <col width="18%"> 803 <col width="16%"> 804 <tr> 805 <th>CVE</th> 806 <th>Android </th> 807 <th></th> 808 <th> Nexus </th> 809 <th> AOSP </th> 810 <th></th> 811 </tr> 812 <tr> 813 <td>CVE-2016-2494</td> 814 <td><a href="https://android.googlesource.com/platform/system/core/+/864e2e22fcd0cba3f5e67680ccabd0302dfda45d">28085658</a> 815 </td> 816 <td></td> 817 <td><a href="#nexus_devices"> Nexus</a></td> 818 <td>4.4.45.0.25.1.16.06.0.1</td> 819 <td>2016 4 7 </td> 820 </tr> 821 </table> 822 823 824 <h3 id="elevation_of_privilege_vulnerability_in_broadcom_wi-fi_driver_2">Broadcom Wi-Fi </h3> 825 826 827 <p>Broadcom Wi-Fi </p> 828 <table> 829 <col width="19%"> 830 <col width="16%"> 831 <col width="10%"> 832 <col width="27%"> 833 <col width="16%"> 834 <tr> 835 <th>CVE</th> 836 <th>Android </th> 837 <th></th> 838 <th> Nexus </th> 839 <th></th> 840 </tr> 841 <tr> 842 <td>CVE-2016-2493</td> 843 <td>26571522*</td> 844 <td></td> 845 <td>Nexus 5Nexus 6Nexus 6PNexus 72013Nexus PlayerPixel C</td> 846 <td>Google </td> 847 </tr> 848 </table> 849 <p>* AOSP <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 850 </p> 851 852 <h3 id="remote_denial_of_service_vulnerability_in_mediaserver"></h3> 853 854 855 <p></p> 856 <table> 857 <col width="19%"> 858 <col width="16%"> 859 <col width="10%"> 860 <col width="19%"> 861 <col width="18%"> 862 <col width="16%"> 863 <tr> 864 <th>CVE</th> 865 <th>Android </th> 866 <th></th> 867 <th> Nexus </th> 868 <th> AOSP </th> 869 <th></th> 870 </tr> 871 <tr> 872 <td>CVE-2016-2495</td> 873 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/45737cb776625f17384540523674761e6313e6d4">28076789</a> 874 [<a href="https://android.googlesource.com/platform/frameworks/av/+/b57b3967b1a42dd505dbe4fcf1e1d810e3ae3777">2</a>] 875 </td> 876 <td></td> 877 <td><a href="#nexus_devices"> Nexus</a></td> 878 <td>4.4.45.0.25.1.16.06.0.1</td> 879 <td>2016 4 6 </td> 880 </tr> 881 </table> 882 883 <h3 id="elevation_of_privilege_vulnerability_in_framework_ui"> UI </h3> 884 885 886 <p> UI <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">dangerous</a></p> 887 <table> 888 <col width="19%"> 889 <col width="16%"> 890 <col width="10%"> 891 <col width="19%"> 892 <col width="18%"> 893 <col width="16%"> 894 <tr> 895 <th>CVE</th> 896 <th>Android </th> 897 <th></th> 898 <th> Nexus </th> 899 <th> AOSP </th> 900 <th></th> 901 </tr> 902 <tr> 903 <td>CVE-2016-2496</td> 904 <td><a href="https://android.googlesource.com/platform/frameworks/native/+/03a53d1c7765eeb3af0bc34c3dff02ada1953fbf">26677796</a> 905 [<a href="https://android.googlesource.com/platform/frameworks/base/+/613f63b938145bb86cd64fe0752eaf5e99b5f628">2</a>] 906 [<a href="https://android.googlesource.com/platform/packages/apps/PackageInstaller/+/2068c7997265011ddc5e4dfa3418407881f7f81e">3</a>] 907 </td> 908 <td></td> 909 <td><a href="#nexus_devices"> Nexus</a></td> 910 <td>6.06.1</td> 911 <td>2015 5 26 </td> 912 </tr> 913 </table> 914 915 <h3 id="information_disclosure_vulnerability_in_qualcomm_wi-fi_driver">Qualcomm Wi-Fi </h3> 916 917 918 <p>Qualcomm Wi-Fi </p> 919 <table> 920 <col width="19%"> 921 <col width="16%"> 922 <col width="10%"> 923 <col width="27%"> 924 <col width="16%"> 925 <tr> 926 <th>CVE</th> 927 <th>Android </th> 928 <th></th> 929 <th> Nexus </th> 930 <th></th> 931 </tr> 932 <tr> 933 <td>CVE-2016-2498</td> 934 <td>27777162*</td> 935 <td></td> 936 <td>Nexus 72013</td> 937 <td>2016 3 20 </td> 938 </tr> 939 </table> 940 <p>* AOSP <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 941 </p> 942 943 944 <h3 id="information_disclosure_vulnerability_in_mediaserver"> 945 </h3> 946 947 948 <p></p> 949 <table> 950 <col width="19%"> 951 <col width="16%"> 952 <col width="10%"> 953 <col width="19%"> 954 <col width="18%"> 955 <col width="16%"> 956 <tr> 957 <th>CVE</th> 958 <th>Android </th> 959 <th></th> 960 <th> Nexus </th> 961 <th> AOSP </th> 962 <th></th> 963 </tr> 964 <tr> 965 <td>CVE-2016-2499</td> 966 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/dd3546765710ce8dd49eb23901d90345dec8282f">27855172</a> 967 </td> 968 <td></td> 969 <td><a href="#nexus_devices"> Nexus</a></td> 970 <td>4.4.45.0.25.1.16.06.0.1</td> 971 <td>2016 3 24 </td> 972 </tr> 973 </table> 974 975 976 <h3 id="information_disclosure_vulnerability_in_activity_manager"> </h3> 977 978 979 <p> </p> 980 <table> 981 <col width="19%"> 982 <col width="16%"> 983 <col width="10%"> 984 <col width="19%"> 985 <col width="18%"> 986 <col width="16%"> 987 <tr> 988 <th>CVE</th> 989 <th>Android </th> 990 <th></th> 991 <th> Nexus </th> 992 <th> AOSP </th> 993 <th></th> 994 </tr> 995 <tr> 996 <td>CVE-2016-2500</td> 997 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/9878bb99b77c3681f0fda116e2964bac26f349c3">19285814</a> 998 </td> 999 <td></td> 1000 <td><a href="#nexus_devices"> Nexus</a></td> 1001 <td>5.0.25.1.16.06.0.1</td> 1002 <td>Google </td> 1003 </tr> 1004 </table> 1005 1006 1007 <h2 id="common_questions_and_answers"></h2> 1008 1009 1010 <p></p> 1011 1012 <p><strong>1. </strong></p> 1013 1014 <p>2016 6 1 <a href="https://support.google.com/nexus/answer/4457705">Nexus </a> [ro.build.version.security_patch]:[2016-06-01] </p> 1015 1016 <p id="nexus_devices"><strong>2. Nexus </strong></p> 1017 1018 <p><a href="#security_vulnerability_summary"></a> Nexus Nexus </p> 1019 1020 <ul> 1021 <li> <strong> Nexus </strong>: Nexus Nexus <em></em> Nexus Nexus<a href="https://support.google.com/nexus/answer/4457705#nexus_devices"></a>Nexus 5Nexus 5XNexus 6Nexus 6PNexus 72013Nexus 9Android OneNexus PlayerPixel C</li> 1022 <li> <strong> Nexus </strong>: Nexus Nexus Nexus <em></em></li> 1023 <li> <strong> Nexus </strong>: Nexus Nexus <em></em></li> 1024 </ul> 1025 1026 <h2 id="revisions"></h2> 1027 1028 1029 <ul> 1030 <li>2016 6 6 : </li> 1031 <li>2016 6 7 :<ul> 1032 <li> AOSP 1033 <li> CVE-2016-2496 1034 </li></li></ul> 1035 </li> 1036 <li>2016 6 8 : CVE-2016-2496 </li> 1037 </ul> 1038 1039 </body> 1040 </html> 1041
