1 <html devsite> 2 <head> 3 <title>Nexus - 2016 3</title> 4 <meta name="project_path" value="/_project.yaml" /> 5 <meta name="book_path" value="/_book.yaml" /> 6 </head> 7 <body> 8 <!-- 9 Copyright 2017 The Android Open Source Project 10 11 Licensed under the Apache License, Version 2.0 (the "License"); 12 you may not use this file except in compliance with the License. 13 You may obtain a copy of the License at 14 15 http://www.apache.org/licenses/LICENSE-2.0 16 17 Unless required by applicable law or agreed to in writing, software 18 distributed under the License is distributed on an "AS IS" BASIS, 19 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 20 See the License for the specific language governing permissions and 21 limitations under the License. 22 --> 23 24 25 26 <p><em>2016 3 7 | 2016 3 8 </em></p> 27 28 <p>Google Android 29 Nexus . 30 Nexus <a href="https://developers.google.com/android/nexus/images">Google </a> . 31 LMY49H 2016 3 1 Android M 32 . <a href="https://support.google.com/nexus/answer/4457705">Nexus </a> .</p> 33 34 <p> 2016 2 1 35 . 48 36 Android (AOSP) . 37 AOSP .</p> 38 39 <p> 40 , MMS 41 .</p> 42 43 <p> 44 . SafetyNet Android <a href="#mitigations">Android </a> 45 <a href="/security/enhancements/index.html"></a> . 46 .</p> 47 48 <h2 id="security_vulnerability_summary"> </h2> 49 50 <p> , ID(CVE), 51 . <a href="/security/overview/updates-resources.html#severity"> </a> 52 53 .</p> 54 <table> 55 <tr> 56 <th></th> 57 <th>CVE</th> 58 <th></th> 59 </tr> 60 <tr> 61 <td> </td> 62 <td>CVE-2016-0815<br> 63 CVE-2016-0816</td> 64 <td></td> 65 </tr> 66 <tr> 67 <td>libvpx </td> 68 <td>CVE-2016-1621</td> 69 <td></td> 70 </tr> 71 <tr> 72 <td>Conscrypt </td> 73 <td>CVE-2016-0818</td> 74 <td></td> 75 </tr> 76 <tr> 77 <td>Qualcomm <br> 78 </td> 79 <td>CVE-2016-0819</td> 80 <td></td> 81 </tr> 82 <tr> 83 <td>MediaTek Wi-Fi </td> 84 <td>CVE-2016-0820</td> 85 <td></td> 86 </tr> 87 <tr> 88 <td>Keyring </td> 89 <td>CVE-2016-0728</td> 90 <td></td> 91 </tr> 92 <tr> 93 <td> </td> 94 <td>CVE-2016-0821</td> 95 <td></td> 96 </tr> 97 <tr> 98 <td>MediaTek </td> 99 <td>CVE-2016-0822</td> 100 <td></td> 101 </tr> 102 <tr> 103 <td> </td> 104 <td>CVE-2016-0823</td> 105 <td></td> 106 </tr> 107 <tr> 108 <td>libstagefright </td> 109 <td>CVE-2016-0824</td> 110 <td></td> 111 </tr> 112 <tr> 113 <td>Widevine </td> 114 <td>CVE-2016-0825</td> 115 <td></td> 116 </tr> 117 <tr> 118 <td> </td> 119 <td>CVE-2016-0826<br> 120 CVE-2016-0827</td> 121 <td></td> 122 </tr> 123 <tr> 124 <td> </td> 125 <td>CVE-2016-0828<br> 126 CVE-2016-0829</td> 127 <td></td> 128 </tr> 129 <tr> 130 <td> </td> 131 <td>CVE-2016-0830</td> 132 <td></td> 133 </tr> 134 <tr> 135 <td> </td> 136 <td>CVE-2016-0831</td> 137 <td></td> 138 </tr> 139 <tr> 140 <td> </td> 141 <td>CVE-2016-0832</td> 142 <td></td> 143 </tr> 144 </table> 145 146 147 <h3 id="mitigations"></h3> 148 149 150 <p> SafetyNet <a href="/security/enhancements/index.html">Android </a> . 151 Android 152 .</p> 153 154 <ul> 155 <li> Android Android 156 . 157 Android . 158 <li> Android 159 SafetyNet 160 . Google Play . 161 Google Play 162 . 163 164 . 165 166 . 167 <li> Google 168 . 169 </li></li></li></ul> 170 171 <h3 id="acknowledgements"></h3> 172 173 174 <p> .</p> 175 176 <ul> 177 <li> Chrome Abhishek Arya, Oliver Chang, Martin Barbella 178 : CVE-2016-0815 179 <li> CENSUS S.A Anestis Bechtsoudis(<a href="https://twitter.com/anestisb">@anestisb</a>): CVE-2016-0816, CVE-2016-0824 180 <li> Android Chad Brubaker: CVE-2016-0818 181 <li> Google Project Zero Mark Brand: CVE-2016-0820 182 <li> <a href="http://www.360safe.com">Qihoo 360</a> <a href="http://c0reteam.org">C0RE</a> Mingjian Zhou(<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>), Chiachih Wu(<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>), Xuxian Jiang: CVE-2016-0826 183 <li> Trend Micro Peter Pi(<a href="https://twitter.com/heisecode">@heisecode</a>): CVE-2016-0827, CVE-2016-0828, CVE-2016-0829 184 <li> Scott Bauer(<a href="mailto:sbauer (a] eng.utah.edu">sbauer (a] eng.utah.edu</a>, <a href="mailto:sbauer (a] plzdonthack.me">sbauer (a] plzdonthack.me</a>): CVE-2016-0822 185 <li> Trend Micro Inc. Wish Wu(<a href="https://twitter.com/@wish_wu">@wish_wu</a>): CVE-2016-0819 186 <li> Huawei Yongzheng Wu, Tieyan Li: CVE-2016-0831 187 <li> Su Mon Kywe, Yingjiu Li: CVE-2016-0831 188 <li> Android Zach Riggle(<a href="https://twitter.com/@ebeip90">@ebeip90</a>): CVE-2016-0821 189 </li></li></li></li></li></li></li></li></li></li></li></ul> 190 191 <h2 id="security_vulnerability_details"> </h2> 192 193 194 <p> <a href="#security_vulnerability_summary"> </a> 195 . , CVE, , , 196 . 197 AOSP ID . 198 199 AOSP ID .</p> 200 201 <h3 id="remote_code_execution_vulnerability_in_mediaserver"> </h3> 202 203 204 <p> 205 206 .</p> 207 208 <p> , 209 , MMS 210 .</p> 211 212 <p> 213 . 214 215 .</p> 216 <table> 217 <tr> 218 <th>CVE</th> 219 <th>AOSP </th> 220 <th></th> 221 <th> </th> 222 <th> </th> 223 </tr> 224 <tr> 225 <td>CVE-2016-0815</td> 226 <td><a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/5403587a74aee2fb57076528c3927851531c8afb">ANDROID-26365349</a> 227 </td> 228 <td></td> 229 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 230 <td>Google </td> 231 </tr> 232 <tr> 233 <td>CVE-2016-0816</td> 234 <td><a href="https://android.googlesource.com/platform/external/libavc/+/4a524d3a8ae9aa20c36430008e6bd429443f8f1d">ANDROID-25928803</a> 235 </td> 236 <td></td> 237 <td>6.0, 6.0.1</td> 238 <td>Google </td> 239 </tr> 240 </table> 241 242 243 <h3 id="remote_code_execution_vulnerabilities_in_libvpx">libvpx </h3> 244 245 246 <p> 247 248 .</p> 249 250 <p> , 251 , MMS 252 .</p> 253 254 <p> 255 . 256 257 .</p> 258 <table> 259 <tr> 260 <th>CVE</th> 261 <th>AOSP </th> 262 <th></th> 263 <th> </th> 264 <th> </th> 265 </tr> 266 <tr> 267 <td>CVE-2016-1621</td> 268 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/5a6788730acfc6fd8f4a6ef89d2c376572a26b55">ANDROID-23452792</a> 269 <a href="https://android.googlesource.com/platform/external/libvpx/+/04839626ed859623901ebd3a5fd483982186b59d">[2]</a> 270 <a href="https://android.googlesource.com/platform/external/libvpx/+/5a9753fca56f0eeb9f61e342b2fccffc364f9426">[3]</a> 271 </td> 272 <td></td> 273 <td>4.4.4, 5.0.2, 5.1.1, 6.0</td> 274 <td>Google </td> 275 </tr> 276 </table> 277 278 279 <h3 id="elevation_of_privilege_in_conscrypt">Conscrypt </h3> 280 281 <p>Conscrypt (CA) . . .</p> 282 283 <table> 284 <tr> 285 <th>CVE</th> 286 <th>AOSP </th> 287 <th></th> 288 <th> </th> 289 <th> </th> 290 </tr> 291 <tr> 292 <td>CVE-2016-0818</td> 293 <td><a href="https://android.googlesource.com/platform/external/conscrypt/+/c4ab1b959280413fb11bf4fd7f6b4c2ba38bd779">ANDROID-26232830</a> 294 <a href="https://android.googlesource.com/platform/external/conscrypt/+/4c9f9c2201116acf790fca25af43995d29980ee0">[2]</a> 295 </td> 296 <td></td> 297 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 298 <td>Google </td> 299 </tr> 300 </table> 301 302 303 <h3 id="elevation_of_privilege_vulnerability_in_the_qualcomm_performance_component">Qualcomm </h3> 304 305 306 <p>Qualcomm 307 308 . 309 310 .</p> 311 <table> 312 <tr> 313 <th>CVE</th> 314 <th></th> 315 <th></th> 316 <th> </th> 317 <th> </th> 318 </tr> 319 <tr> 320 <td>CVE-2016-0819</td> 321 <td>ANDROID-25364034*</td> 322 <td></td> 323 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 324 <td>2015 10 29</td> 325 </tr> 326 </table> 327 328 329 <p>* AOSP . <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus .</p> 330 331 <h3 id="elevation_of_privilege_vulnerability_in_mediatek_wi-fi_kernel_driver">MediaTek Wi-Fi </h3> 332 333 334 <p>MediaTek Wi-Fi 335 336 . 337 338 .</p> 339 <table> 340 <tr> 341 <th>CVE</th> 342 <th></th> 343 <th></th> 344 <th> </th> 345 <th> </th> 346 </tr> 347 <tr> 348 <td>CVE-2016-0820</td> 349 <td>ANDROID-26267358*</td> 350 <td></td> 351 <td>6.0.1</td> 352 <td>2015 12 18</td> 353 </tr> 354 </table> 355 356 357 <p>* AOSP . <a href="https://developers.google.com/android/nexus/drivers">Google </a> 358 Nexus .</p> 359 360 <h3 id="elevation_of_privilege_vulnerability_in_kernel_keyring_component"> Keyring </h3> 361 362 363 <p> Keyring 364 365 . 366 367 . Android version 5.0 368 SELinux 369 .</p> 370 371 <p><strong>:</strong> AOSP . 372 <a href="https://android.googlesource.com/kernel/common/+/8a8431507f8f5910db5ac85b72dbdc4ed8f6b308">4.1</a>, 373 <a href="https://android.googlesource.com/kernel/common/+/ba8bb5774ca7b1acc314c98638cf678ce0beb19a">3.18</a>, 374 <a href="https://android.googlesource.com/kernel/common/+/93faf7ad3d603c33b33e49318e81cf00f3a24a73">3.14</a>, 375 <a href="https://android.googlesource.com/kernel/common/+/9fc5f368bb89b65b591c4f800dfbcc7432e49de5">3.10</a></p> 376 <table> 377 <tr> 378 <th>CVE</th> 379 <th></th> 380 <th></th> 381 <th> </th> 382 <th> </th> 383 </tr> 384 <tr> 385 <td>CVE-2016-0728</td> 386 <td>ANDROID-26636379 </td> 387 <td></td> 388 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 </td> 389 <td>2016 1 11</td> 390 </tr> 391 </table> 392 393 394 <h3 id="mitigation_bypass_vulnerability_in_the_kernel"> </h3> 395 396 397 <p> 398 399 . 400 401 .</p> 402 403 <p><strong>:</strong> 404 <a href="https://github.com/torvalds/linux/commit/8a5e5e02fc83aaf67053ab53b359af08c6c49aaf">Linux </a>.</p> 405 406 <table> 407 <tr> 408 <th>CVE</th> 409 <th></th> 410 <th></th> 411 <th> </th> 412 <th> </th> 413 </tr> 414 <tr> 415 <td>CVE-2016-0821</td> 416 <td>ANDROID-26186802</td> 417 <td></td> 418 <td>6.0.1</td> 419 <td>Google </td> 420 </tr> 421 </table> 422 423 424 <h3 id="elevation_of_privilege_in_mediatek_connectivity_kernel_driver">MediaTek </h3> 425 426 427 <p>MediaTek 428 429 . 430 conn_launcher 431 . 432 </p> 433 <table> 434 <tr> 435 <th>CVE</th> 436 <th></th> 437 <th></th> 438 <th> </th> 439 <th> </th> 440 </tr> 441 <tr> 442 <td>CVE-2016-0822</td> 443 <td>ANDROID-25873324*</td> 444 <td></td> 445 <td>6.0.1</td> 446 <td>2015 11 24</td> 447 </tr> 448 </table> 449 450 451 <p>* AOSP . <a href="https://developers.google.com/android/nexus/drivers">Google </a> 452 Nexus .</p> 453 454 <h3 id="information_disclosure_vulnerability_in_kernel"> </h3> 455 456 457 <p> 458 459 . ASLR 460 461 .</p> 462 463 <p><strong>:</strong> 464 <a href="https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ab676b7d6fbf4b294bf198fb27ade5b0e865c7ce">Linux </a>.</p> 465 <table> 466 <tr> 467 <th>CVE</th> 468 <th></th> 469 <th></th> 470 <th> </th> 471 <th> </th> 472 </tr> 473 <tr> 474 <td>CVE-2016-0823</td> 475 <td>ANDROID-25739721*</td> 476 <td></td> 477 <td>6.0.1</td> 478 <td>Google </td> 479 </tr> 480 </table> 481 <p>* AOSP . <a href="https://developers.google.com/android/nexus/drivers">Google </a> 482 Nexus .</p> 483 484 <h3 id="information_disclosure_vulnerability_in_libstagefright">libstagefright </h3> 485 486 487 <p>libstagefright 488 489 . <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel"></a> <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> 490 .</p> 491 <table> 492 <tr> 493 <th>CVE</th> 494 <th>AOSP </th> 495 <th></th> 496 <th> </th> 497 <th> </th> 498 </tr> 499 <tr> 500 <td>CVE-2016-0824</td> 501 <td><a href="https://android.googlesource.com/platform/external/libmpeg2/+/ffab15eb80630dc799eb410855c93525b75233c3">ANDROID-25765591</a> 502 </td> 503 <td></td> 504 <td>6.0, 6.0.1</td> 505 <td>2015 11 18</td> 506 </tr> 507 </table> 508 509 510 <h3 id="information_disclosure_vulnerability_in_widevine">Widevine </h3> 511 512 513 <p>Widevine 514 TrustZone 515 . 516 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel"></a> 517 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> 518 .</p> 519 <table> 520 <tr> 521 <th>CVE</th> 522 <th></th> 523 <th></th> 524 <th> </th> 525 <th> </th> 526 </tr> 527 <tr> 528 <td>CVE-2016-0825</td> 529 <td>ANDROID-20860039*</td> 530 <td></td> 531 <td>6.0.1</td> 532 <td>Google </td> 533 </tr> 534 </table> 535 536 537 <p>* AOSP . <a href="https://developers.google.com/android/nexus/drivers">Google </a> 538 Nexus .</p> 539 540 <h3 id="elevation_of_privilege_vulnerability_in_mediaserver"> </h3> 541 542 543 <p> . <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel"></a> <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> 544 .</p> 545 <table> 546 <tr> 547 <th>CVE</th> 548 <th>AOSP </th> 549 <th></th> 550 <th> </th> 551 <th> </th> 552 </tr> 553 <tr> 554 <td>CVE-2016-0826</td> 555 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/c9ab2b0bb05a7e19fb057e79b36e232809d70122">ANDROID-26265403</a> 556 <a href="https://android.googlesource.com/platform/frameworks/av/+/899823966e78552bb6dfd7772403a4f91471d2b0">[2]</a> 557 </td> 558 <td></td> 559 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 560 <td>2015 12 17</td> 561 </tr> 562 <tr> 563 <td>CVE-2016-0827</td> 564 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/9e29523b9537983b4c4b205ff868d0b3bca0383b">ANDROID-26347509</a></td> 565 <td></td> 566 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 567 <td>2015 12 28</td> 568 </tr> 569 </table> 570 571 572 <h3 id="information_disclosure_vulnerability_in_mediaserver"> </h3> 573 574 575 <p> 576 577 . 578 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel"></a> <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> 579 .</p> 580 <table> 581 <tr> 582 <th>CVE</th> 583 <th>AOSP </th> 584 <th></th> 585 <th> </th> 586 <th> </th> 587 </tr> 588 <tr> 589 <td>CVE-2016-0828</td> 590 <td><a href="https://android.googlesource.com/platform/frameworks/native/+/dded8fdbb700d6cc498debc69a780915bc34d755">ANDROID-26338113</a> 591 </td> 592 <td></td> 593 <td>5.0.2, 5.1.1, 6.0, 6.0.1</td> 594 <td>2015 12 27</td> 595 </tr> 596 <tr> 597 <td>CVE-2016-0829</td> 598 <td><a href="https://android.googlesource.com/platform/frameworks/native/+/d06421fd37fbb7fd07002e6738fac3a223cb1a62">ANDROID-26338109</a></td> 599 <td></td> 600 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 601 <td>2015 12 27</td> 602 </tr> 603 </table> 604 605 606 <h3 id="remote_denial_of_service_vulnerability_in_bluetooth"> </h3> 607 608 609 <p> 610 . 611 612 . 613 614 .</p> 615 <table> 616 <tr> 617 <th>CVE</th> 618 <th>AOSP </th> 619 <th></th> 620 <th> </th> 621 <th> </th> 622 </tr> 623 <tr> 624 <td>CVE-2016-0830</td> 625 <td><a href="https://android.googlesource.com/platform/system/bt/+/d77f1999ecece56c1cbb333f4ddc26f0b5bac2c5">ANDROID-26071376</a></td> 626 <td></td> 627 <td>6.0, 6.0.1</td> 628 <td>Google </td> 629 </tr> 630 </table> 631 632 633 <h3 id="information_disclosure_vulnerability_in_telephony"> </h3> 634 635 636 <p> 637 . 638 .</p> 639 <table> 640 <tr> 641 <th>CVE</th> 642 <th>AOSP </th> 643 <th></th> 644 <th> </th> 645 <th> </th> 646 </tr> 647 <tr> 648 <td>CVE-2016-0831</td> 649 <td><a href="https://android.googlesource.com/platform/frameworks/opt/telephony/+/79eecef63f3ea99688333c19e22813f54d4a31b1">ANDROID-25778215</a></td> 650 <td></td> 651 <td>5.0.2, 5.1.1, 6.0, 6.0.1</td> 652 <td>2015 11 16</td> 653 </tr> 654 </table> 655 656 657 <h3 id="elevation_of_privilege_vulnerability_in_setup_wizard"> </h3> 658 659 660 <p> 661 . 662 .</p> 663 <table> 664 <tr> 665 <th>CVE</th> 666 <th></th> 667 <th></th> 668 <th> </th> 669 <th> </th> 670 </tr> 671 <tr> 672 <td>CVE-2016-0832</td> 673 <td>ANDROID-25955042*</td> 674 <td></td> 675 <td>5.1.1, 6.0, 6.0.1</td> 676 <td>Google </td> 677 </tr> 678 </table> 679 680 681 <p>* .</p> 682 683 <h2 id="common_questions_and_answers"> </h2> 684 685 686 <p> 687 .</p> 688 689 <p><strong>1. ? </strong></p> 690 691 <p> LMY49H 2016 3 1 692 Android 6.0 . <a href="https://support.google.com/nexus/answer/4457705">Nexus </a> . 693 . 694 [ro.build.version.security_patch]:[2016-03-01]</p> 695 696 <h2 id="revisions"></h2> 697 698 699 <ul> 700 <li> 2016 3 7: 701 <li> 2016 3 8: AOSP 702 </li></li></ul> 703 704 </body> 705 </html> 706
