1 <html devsite> 2 <head> 3 <title>Nexus - 2016 4</title> 4 <meta name="project_path" value="/_project.yaml" /> 5 <meta name="book_path" value="/_book.yaml" /> 6 </head> 7 <body> 8 <!-- 9 Copyright 2017 The Android Open Source Project 10 11 Licensed under the Apache License, Version 2.0 (the "License"); 12 you may not use this file except in compliance with the License. 13 You may obtain a copy of the License at 14 15 http://www.apache.org/licenses/LICENSE-2.0 16 17 Unless required by applicable law or agreed to in writing, software 18 distributed under the License is distributed on an "AS IS" BASIS, 19 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 20 See the License for the specific language governing permissions and 21 limitations under the License. 22 --> 23 24 25 26 27 28 <p><em>2016 4 4 | 2016 4 6 </em></p> 29 <p>Google Android 30 Nexus . 31 Nexus <a href="https://developers.google.com/android/nexus/images">Google </a> . 32 2016 4 2 33 34 ( <a href="https://support.google.com/nexus/answer/4457705">Nexus </a> 35 ).</p> 36 <p> 2016 3 16 37 . , 38 Android (AOSP) .</p> 39 <p> 40 , MMS 41 .</p> 42 <p><a href="/security/advisory/2016-03-18.html"> 43 Android 2016-03-18</a> 44 <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1805">CVE-2015-1805</a> . <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1805">CVE-2015-1805</a> 45 . 46 47 . SafetyNet Android 48 <a href="/security/enhancements/index.html"> 49 Android </a> 50 <a href="#mitigations"></a> .</p> 51 <h2 id="security_vulnerability_summary"> </h2> 52 <p> , ID(CVE), 53 . <a href="/security/overview/updates-resources.html#severity"> 54 </a> 55 56 .</p> 57 <table> 58 <tr> 59 <th></th> 60 <th>CVE</th> 61 <th></th> 62 </tr> 63 <tr> 64 <td>DHCPCD </td> 65 <td>CVE-2016-1503<br/> 66 CVE-2014-6060</td> 67 <td></td> 68 </tr> 69 <tr> 70 <td> </td> 71 <td>CVE-2016-0834</td> 72 <td></td> 73 </tr> 74 <tr> 75 <td> </td> 76 <td>CVE-2016-0835<br/> 77 CVE-2016-0836<br/> 78 CVE-2016-0837<br/> 79 CVE-2016-0838<br/> 80 CVE-2016-0839<br/> 81 CVE-2016-0840<br/> 82 CVE-2016-0841</td> 83 <td></td> 84 </tr> 85 <tr> 86 <td>libstagefright </td> 87 <td>CVE-2016-0842</td> 88 <td></td> 89 </tr> 90 <tr> 91 <td> </td> 92 <td>CVE-2015-1805</td> 93 <td></td> 94 </tr> 95 <tr> 96 <td>Qualcomm <br/> 97 </td> 98 <td>CVE-2016-0843</td> 99 <td></td> 100 </tr> 101 <tr> 102 <td>Qualcomm RF </td> 103 <td>CVE-2016-0844</td> 104 <td></td> 105 </tr> 106 <tr> 107 <td> </td> 108 <td>CVE-2014-9322</td> 109 <td></td> 110 </tr> 111 <tr> 112 <td>IMemory </td> 113 <td>CVE-2016-0846</td> 114 <td></td> 115 </tr> 116 <tr> 117 <td>Telecom </td> 118 <td>CVE-2016-0847</td> 119 <td></td> 120 </tr> 121 <tr> 122 <td> </td> 123 <td>CVE-2016-0848</td> 124 <td></td> 125 </tr> 126 <tr> 127 <td> </td> 128 <td>CVE-2016-0849</td> 129 <td></td> 130 </tr> 131 <tr> 132 <td> </td> 133 <td>CVE-2016-0850</td> 134 <td></td> 135 </tr> 136 <tr> 137 <td>Texas Instruments Haptic </td> 138 <td>CVE-2016-2409</td> 139 <td></td> 140 </tr> 141 <tr> 142 <td> </td> 143 <td>CVE-2016-2410</td> 144 <td></td> 145 </tr> 146 <tr> 147 <td>Qualcomm <br/> 148 </td> 149 <td>CVE-2016-2411</td> 150 <td></td> 151 </tr> 152 <tr> 153 <td> </td> 154 <td>CVE-2016-2412</td> 155 <td></td> 156 </tr> 157 <tr> 158 <td> </td> 159 <td>CVE-2016-2413</td> 160 <td></td> 161 </tr> 162 <tr> 163 <td>Minikin (DoS) </td> 164 <td>CVE-2016-2414</td> 165 <td></td> 166 </tr> 167 <tr> 168 <td>Exchange ActiveSync </td> 169 <td>CVE-2016-2415</td> 170 <td></td> 171 </tr> 172 <tr> 173 <td> </td> 174 <td>CVE-2016-2416<br/> 175 CVE-2016-2417<br/> 176 CVE-2016-2418<br/> 177 CVE-2016-2419</td> 178 <td></td> 179 </tr> 180 <tr> 181 <td>Debuggered </td> 182 <td>CVE-2016-2420</td> 183 <td></td> 184 </tr> 185 <tr> 186 <td> </td> 187 <td>CVE-2016-2421</td> 188 <td></td> 189 </tr> 190 <tr> 191 <td>Wi-Fi </td> 192 <td>CVE-2016-2422</td> 193 <td></td> 194 </tr> 195 <tr> 196 <td> </td> 197 <td>CVE-2016-2423</td> 198 <td></td> 199 </tr> 200 <tr> 201 <td>SyncStorageEngine (DoS) </td> 202 <td>CVE-2016-2424</td> 203 <td></td> 204 </tr> 205 <tr> 206 <td>AOSP </td> 207 <td>CVE-2016-2425</td> 208 <td></td> 209 </tr> 210 <tr> 211 <td> </td> 212 <td>CVE-2016-2426</td> 213 <td></td> 214 </tr> 215 <tr> 216 <td>BouncyCastle </td> 217 <td>CVE-2016-2427</td> 218 <td></td> 219 </tr> 220 </table> 221 <h2 id="mitigations"></h2> 222 <p> SafetyNet <a href="/security/enhancements/index.html">Android </a> . 223 Android 224 .</p> 225 <ul> 226 <li> Android Android 227 . 228 Android . 229 </li><li> Android 230 SafetyNet 231 . Google Play 232 . Google Play 233 234 . 235 . 236 237 . 238 </li><li> Google 239 . 240 </li></ul> 241 <h2 id="acknowledgements"></h2> 242 <p>Android 243 .</p> 244 <ul> 245 <li> Chrome Abhishek Arya, Oliver Chang, Martin Barbella: CVE-2016-0834, CVE-2016-0841, CVE-2016-0840, CVE-2016-0839, CVE-2016-0838 246 </li><li> CENSUS S.A Anestis Bechtsoudis(<a href="https://twitter.com/anestisb">@anestisb</a>) 247 : CVE-2016-0842, CVE-2016-0836, CVE-2016-0835 248 </li><li> Google Telecom Brad Ebinger, Santos Cordon: CVE-2016-0847 249 </li><li> TU Braunschweig <a href="https://www.ibr.cs.tu-bs.de"> 250 </a> Dominik Schrmann: CVE-2016-2425 251 </li><li> Qihoo 360 IceSword Gengjia Chen(<a href="https://twitter.com/chengjia4574">@chengjia4574</a>), 252 <a href="http://weibo.com/jfpan">pjf</a>, Jianqiang Zhao 253 (<a href="https://twitter.com/jianqiangzhao">@jianqiangzhao</a>) 254 :CVE-2016-0844 255 </li><li> <a href="mailto:gpiskas (a] gmail.com">cole polytechnique fdrale de Lausanne</a> <a href="https://www.epfl.ch"> 256 George Piskas</a>: CVE-2016-2426 257 </li><li> <a href="http://www.360.com/">Qihoo 360 Technology Co.Ltd</a> 258 Guang Gong()(<a href="https://twitter.com/oldfresher">@oldfresher</a>): CVE-2016-2412, CVE-2016-2416 259 </li><li> Google Project Zero James Forshaw: CVE-2016-2417, CVE-2016-0846 260 </li><li> Qihoo 360 IceSword Lab Jianqiang Zhao(<a href="https://twitter.com/jianqiangzhao">@jianqiangzhao</a>), 261 <a href="http://weibo.com/jfpan">pjf</a>, Gengjia Chen 262 (<a href="https://twitter.com/chengjia4574">@chengjia4574</a>) 263 : CVE-2016-2410, CVE-2016-2411 264 </li><li> Qihoo 360 IceSword Lab Jianqiang Zhao(<a href="https://twitter.com/jianqiangzhao">@jianqiangzhao</a>) 265 <a href="http://weibo.com/jfpan">pjf</a>: CVE-2016-2409 266 </li><li> Vertu Corporation LTD Nancy Wang: CVE-2016-0837 267 </li><li> <a href="mailto:nasim (a] zamir.ca">Nasim Zamir</a>: CVE-2016-2409 268 </li><li> Qualcomm 269 Nico Golde(<a href="https://twitter.com/iamnion">@iamnion</a>): CVE-2016-2420, CVE-2016-0849 270 </li><li> Trend Micro 271 Peter Pi(<a href="https://twitter.com/heisecode">@heisecode</a>): CVE-2016-2418, CVE-2016-2413, CVE-2016-2419 272 </li><li> Google Quan Nguyen: CVE-2016-2427 273 </li><li> Richard Shupak: CVE-2016-2415 274 </li><li> <a href="https://labs.mwrinfosecurity.com/">MWR Labs</a> 275 Romain Trouv(<a href="https://twitter.com/bouuntyyy">@bouuntyyy)</a>: CVE-2016-0850 276 </li><li> Stuart Henderson: CVE-2016-2422 277 </li><li> Android Vishwath Mohan: CVE-2016-2424 278 </li><li> Alibaba Inc. 279 Weichao Sun(<a href="https://twitter.com/sunblate">@sunblate</a>): CVE-2016-2414 280 </li><li> Trend Micro Inc. 281 Wish Wu(<a href="https://twitter.com/wish_wu">@wish_wu</a>): CVE-2016-0843 282 </li><li> 283 <a href="mailto:luc2yj (a] gmail.com">Yeonjoon Lee</a>, <a href="mailto:xw7 (a] indiana.edu">Xiaofeng Wang</a>, 284 <a href="mailto:litongxin1991 (a] gmail.com">Tongxin Li</a> 285 <a href="mailto:hanxinhui (a] pku.edu.cn">Xinhui Han</a>: CVE-2016-0848 286 </li></ul> 287 <p>Android . 288 <a href="http://c0reteam.org">C0RE Team</a> <a href="mailto:computernik (a] gmail.com">Yuan-Tsung Lo</a>, 289 <a href="mailto:vancouverdou (a] gmail.com">Wenke Dou</a>, 290 Chiachih Wu(<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>), 291 Xuxian Jiang, 292 <a href="https://www.zimperium.com/">Zimperium</a> 293 CVE-2015-1805 .</p> 294 <h2 id="security_vulnerability_details"> </h2> 295 <p> <a href="#security_vulnerability_summary"> </a> 296 297 . , CVE, , , 298 . 299 AOSP ID . 300 301 AOSP ID .</p> 302 <h3 id="remote_code_execution_vulnerability_in_dhcpcd">DHCPCD </h3> 303 <p>DHCP(Dynamic Host Configuration Protocol) 304 . DHCP 305 . DHCP 306 .</p> 307 <table> 308 <tr> 309 <th>CVE</th> 310 <th>AOSP </th> 311 <th></th> 312 <th> </th> 313 <th> </th> 314 </tr> 315 <tr> 316 <td>CVE-2014-6060</td> 317 <td><a href="https://android.googlesource.com/platform/external/dhcpcd/+/38cb7a7feff88d58fb4a565ba7f12cd4469af243"> 318 ANDROID-15268738</a></td> 319 <td></td> 320 <td>4.4.4</td> 321 <td>2014 7 30</td> 322 </tr> 323 <tr> 324 <td>CVE-2014-6060</td> 325 <td><a href="https://android.googlesource.com/platform/external/dhcpcd/+/de806dfdb6dd3b9dec5d1d23c9029fb300799cf8"> 326 ANDROID-16677003</a></td> 327 <td></td> 328 <td>4.4.4</td> 329 <td>2014 7 30</td> 330 </tr> 331 <tr> 332 <td>CVE-2016-1503</td> 333 <td><a href="https://android.googlesource.com/platform/external/dhcpcd/+/1390ace71179f04a09c300ee8d0300aa69d9db09"> 334 ANDROID-26461634</a></td> 335 <td></td> 336 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 337 <td>2016 1 4</td> 338 </tr> 339 </table> 340 <h3 id="remote_code_execution_vulnerability_in_media_codec"> </h3> 341 <p> 342 343 .</p> 344 <p> , 345 , MMS 346 .</p> 347 <p> 348 . 349 350 .</p> 351 <table> 352 <tr> 353 <th>CVE</th> 354 <th></th> 355 <th></th> 356 <th> </th> 357 <th> </th> 358 </tr> 359 <tr> 360 <td>CVE-2016-0834</td> 361 <td>ANDROID-26220548*</td> 362 <td></td> 363 <td>6.0, 6.0.1</td> 364 <td>2015 12 16</td> 365 </tr> 366 </table> 367 <p>* AOSP . <a href="https://developers.google.com/android/nexus/drivers">Google </a> 368 Nexus .</p> 369 <h3 id="remote_code_execution_vulnerability_in_mediaserver"> </h3> 370 <p> 371 372 .</p> 373 <p> , 374 , MMS 375 .</p> 376 <p> 377 . 378 379 .</p> 380 <table> 381 <tr> 382 <th>CVE</th> 383 <th>AOSP </th> 384 <th></th> 385 <th> </th> 386 <th> </th> 387 </tr> 388 <tr> 389 <td>CVE-2016-0835</td> 390 <td><a href="https://android.googlesource.com/platform/external/libmpeg2/+/ba604d336b40fd4bde1622f64d67135bdbd61301"> 391 ANDROID-26070014</a> 392 [<a href="https://android.googlesource.com/platform/external/libmpeg2/+/58a6822d7140137ce957c6d2fc20bae1374186c1">2</a>] 393 </td> 394 <td></td> 395 <td>6.0, 6.0.1</td> 396 <td>2015 12 6</td> 397 </tr> 398 <tr> 399 <td>CVE-2016-0836</td> 400 <td><a href="https://android.googlesource.com/platform/external/libmpeg2/+/8b4ed5a23175b7ffa56eea4678db7287f825e985"> 401 ANDROID-25812590</a></td> 402 <td></td> 403 <td>6.0, 6.0.1</td> 404 <td>2015 11 19</td> 405 </tr> 406 <tr> 407 <td>CVE-2016-0837</td> 408 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/7a282fb64fef25349e9d341f102d9cea3bf75baf"> 409 ANDROID-27208621</a></td> 410 <td></td> 411 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 412 <td>2016 2 11</td> 413 </tr> 414 <tr> 415 <td>CVE-2016-0838</td> 416 <td><a href="https://android.googlesource.com/platform/external/sonivox/+/3ac044334c3ff6a61cb4238ff3ddaf17c7efcf49"> 417 ANDROID-26366256</a> 418 [<a href="https://android.googlesource.com/platform/external/sonivox/+/24d7c408c52143bce7b49de82f3913fd8d1219cf">2</a>]</td> 419 <td></td> 420 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 421 <td>Google </td> 422 </tr> 423 <tr> 424 <td>CVE-2016-0839</td> 425 <td><a href="https://android.googlesource.com/platform/hardware/qcom/audio/+/ebbb82365172337c6c250c6cac4e326970a9e351"> 426 ANDROID-25753245</a></td> 427 <td></td> 428 <td>6.0, 6.0.1</td> 429 <td>Google </td> 430 </tr> 431 <tr> 432 <td>CVE-2016-0840</td> 433 <td><a href="https://android.googlesource.com/platform/external/libavc/+/c57fc3703ae2e0d41b1f6580c50015937f2d23c1"> 434 ANDROID-26399350</a></td> 435 <td></td> 436 <td>6.0, 6.0.1</td> 437 <td>Google </td> 438 </tr> 439 <tr> 440 <td>CVE-2016-0841</td> 441 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/3097f364237fb552871f7639d37a7afa4563e252"> 442 ANDROID-26040840</a></td> 443 <td></td> 444 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 445 <td>Google </td> 446 </tr> 447 </table> 448 <h3 id="remote_code_execution_vulnerability_in_libstagefright">libstagefright </h3> 449 <p> 450 libstagefright 451 .</p> 452 <p> , 453 , MMS 454 .</p> 455 <p> 456 . 457 458 .</p> 459 <table> 460 <tr> 461 <th>CVE</th> 462 <th>AOSP </th> 463 <th></th> 464 <th> </th> 465 <th> </th> 466 </tr> 467 <tr> 468 <td>CVE-2016-0842</td> 469 <td><a href="https://android.googlesource.com/platform/external/libavc/+/943323f1d9d3dd5c2634deb26cbe72343ca6b3db"> 470 ANDROID-25818142</a></td> 471 <td></td> 472 <td>6.0, 6.0.1</td> 473 <td>2015 11 23</td> 474 </tr> 475 </table> 476 <h3 id="elevation_of_privilege_vulnerability_in_kernel"> </h3> 477 <p> 478 . 479 480 481 . <a href="/security/advisory/2016-03-18.html">Android 2016-03-18</a> .</p> 482 <table> 483 <tr> 484 <th>CVE</th> 485 <th></th> 486 <th></th> 487 <th> </th> 488 <th> </th> 489 </tr> 490 <tr> 491 <td>CVE-2015-1805</td> 492 <td>ANDROID-27275324*</td> 493 <td></td> 494 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 495 <td>2016 2 19</td> 496 </tr> 497 </table> 498 <p>* AOSP . 499 <a href="https://android.googlesource.com/kernel/common/+/bf010e99c9bc48002f6bfa1ad801a59bf996270f">3.14</a>, 500 <a href="https://android.googlesource.com/kernel/common/+/4a5a45669796c5b4617109182e25b321f9f00beb">3.10</a>, 501 <a href="https://android.googlesource.com/kernel/common/+/f7ebfe91b806501808413c8473a300dff58ddbb5">3.4</a></p> 502 <h3 id="elevation_of_privilege_vulnerability_in_qualcomm_performance_module">Qualcomm </h3> 503 <p>Qualcomm ARM 504 505 . 506 507 508 .</p> 509 <table> 510 <tr> 511 <th>CVE</th> 512 <th></th> 513 <th></th> 514 <th> </th> 515 <th> </th> 516 </tr> 517 <tr> 518 <td>CVE-2016-0843</td> 519 <td>ANDROID-25801197*</td> 520 <td></td> 521 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 522 <td>2015 11 19</td> 523 </tr> 524 </table> 525 <p>* AOSP . <a href="https://developers.google.com/android/nexus/drivers">Google </a> 526 Nexus .</p> 527 <h3 id="elevation_of_privilege_in_qualcomm_rf_component">Qualcomm RF </h3> 528 <p>Qualcomm RF 529 530 . 531 532 .</p> 533 <table> 534 <tr> 535 <th>CVE</th> 536 <th></th> 537 <th></th> 538 <th> </th> 539 <th> </th> 540 </tr> 541 <tr> 542 <td>CVE-2016-0844</td> 543 <td>ANDROID-26324307*</td> 544 <td></td> 545 <td>6.0, 6.0.1</td> 546 <td>2015 12 25</td> 547 </tr> 548 </table> 549 <p>* AOSP . 550 <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.18/commit/?id=90a9da2ea95e86b4f0ff493cd891a11da0ee67aa"> 551 Linux </a> .</p> 552 <h3 id="elevation_of_privilege_vulnerability_in_kernel12"> </h3> 553 <p> 554 . 555 556 557 .</p> 558 <table> 559 <tr> 560 <th>CVE</th> 561 <th>AOSP </th> 562 <th></th> 563 <th> </th> 564 <th> </th> 565 </tr> 566 <tr> 567 <td>CVE-2014-9322</td> 568 <td><a href="https://android.googlesource.com/kernel/common/+/c22e479e335628ce8766cfbf06e2ba17e8f9a1bb">ANDROID-26927260</a> 569 [<a href="https://android.googlesource.com/kernel/common/+/1b627d4e5e61e89b840f77abb3ca6711ad6ffbeb">2</a>] 570 [<a href="https://android.googlesource.com/kernel/common/+/4c941665c7368a34b146929b31949555e680a4ee">3</a>]<br/> 571 [<a href="https://android.googlesource.com/kernel/common/+/758f0dac9104b46016af98304656a0268ac3e105">4</a>] 572 [<a href="https://android.googlesource.com/kernel/common/+/44d057a37868a60bc2eb6e7d1dcea701f234d56a">5</a>] 573 [<a href="https://android.googlesource.com/kernel/common/+/b9b9f908c8ae82b73b9d75181982028b6bc06c2b">6</a>] 574 [<a href="https://android.googlesource.com/kernel/common/+/e068734f9e7344997a61022629b92d142a985ab3">7</a>] 575 [<a href="https://android.googlesource.com/kernel/common/+/fdc6c1052bc7d89a5826904fbb4318677e8442ce">8</a>] 576 [<a href="https://android.googlesource.com/kernel/common/+/211d59c0034ec9d88690c750ccd6da27f6952dc5">9</a>] 577 [<a href="https://android.googlesource.com/kernel/common/+/c9e31d5a4747e9967ace6d05896c78516c4c0850">10</a>] 578 [<a href="https://android.googlesource.com/kernel/common/+/e01834bfbafd25fd392bf10014451c4e5f34f829">11</a>]</td> 579 <td></td> 580 <td>6.0, 6.0.1</td> 581 <td>2015 12 25</td> 582 </tr> 583 </table> 584 <h3 id="elevation_of_privilege_in_imemory_native_interface"> 585 IMemory </h3> 586 <p>IMemory 587 588 . 589 590 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel"></a> 591 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> 592 .</p> 593 <table> 594 <tr> 595 <th>CVE</th> 596 <th>AOSP </th> 597 <th></th> 598 <th> </th> 599 <th> </th> 600 </tr> 601 <tr> 602 <td>CVE-2016-0846</td> 603 <td><a href="https://android.googlesource.com/platform/frameworks/native/+/f3199c228aced7858b75a8070b8358c155ae0149"> 604 ANDROID-26877992</a></td> 605 <td></td> 606 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 607 <td>2016 1 29</td> 608 </tr> 609 </table> 610 <h3 id="elevation_of_privilege_vulnerability_in_telecom_component"> 611 Telecom </h3> 612 <p>Telecom 613 . 614 615 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel"></a> 616 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> 617 618 .</p> 619 <table> 620 <tr> 621 <th>CVE</th> 622 <th>AOSP </th> 623 <th></th> 624 <th> </th> 625 <th> </th> 626 </tr> 627 <tr> 628 <td>CVE-2016-0847</td> 629 <td><a href="https://android.googlesource.com/platform/packages/services/Telecomm/+/2750faaa1ec819eed9acffea7bd3daf867fda444"> 630 ANDROID-26864502</a> 631 [<a href="https://android.googlesource.com/platform/packages/services/Telephony/+/a294ae5342410431a568126183efe86261668b5d">2</a>] 632 </td> 633 <td></td> 634 <td>5.0.2, 5.1.1, 6.0, 6.0.1</td> 635 <td>Google </td> 636 </tr> 637 </table> 638 <h3 id="elevation_of_privilege_vulnerability_in_download_manager"> 639 </h3> 640 <p> 641 . 642 643 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel"></a> 644 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> 645 646 .</p> 647 <table> 648 <tr> 649 <th>CVE</th> 650 <th>AOSP </th> 651 <th></th> 652 <th> </th> 653 <th> </th> 654 </tr> 655 <tr> 656 <td>CVE-2016-0848</td> 657 <td><a href="https://android.googlesource.com/platform/packages/providers/DownloadProvider/+/bdc831357e7a116bc561d51bf2ddc85ff11c01a9"> 658 ANDROID-26211054</a></td> 659 <td></td> 660 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 661 <td>2015 12 14</td> 662 </tr> 663 </table> 664 <h3 id="elevation_of_privilege_in_recovery_procedure"> 665 </h3> 666 <p> 667 668 . 669 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel"></a> 670 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> 671 672 .</p> 673 <table> 674 <tr> 675 <th>CVE</th> 676 <th>AOSP </th> 677 <th></th> 678 <th> </th> 679 <th> </th> 680 </tr> 681 <tr> 682 <td>CVE-2016-0849</td> 683 <td><a href="https://android.googlesource.com/platform/bootable/recovery/+/28a566f7731b4cb76d2a9ba16d997ac5aeb07dad"> 684 ANDROID-26960931</a></td> 685 <td></td> 686 <td>5.0.2, 5.1.1, 6.0, 6.0.1</td> 687 <td>2016 2 3</td> 688 </tr> 689 </table> 690 <h3 id="elevation_of_privilege_in_bluetooth"> 691 </h3> 692 <p> 693 . 694 695 . 696 .</p> 697 <table> 698 <tr> 699 <th>CVE</th> 700 <th>AOSP </th> 701 <th></th> 702 <th> </th> 703 <th> </th> 704 </tr> 705 <tr> 706 <td>CVE-2016-0850</td> 707 <td><a href="https://android.googlesource.com/platform/external/bluetooth/bluedroid/+/c677ee92595335233eb0e7b59809a1a94e7a678a"> 708 ANDROID-26551752</a></td> 709 <td></td> 710 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 711 <td>2016 1 13</td> 712 </tr> 713 </table> 714 <h3 id="elevation_of_privilege_in_texas_instruments_haptic_driver"> 715 Texas Instruments Haptic </h3> 716 <p>Texas Instruments 717 718 . 719 720 721 .</p> 722 <table> 723 <tr> 724 <th>CVE</th> 725 <th></th> 726 <th></th> 727 <th> </th> 728 <th> </th> 729 </tr> 730 <tr> 731 <td>CVE-2016-2409</td> 732 <td>ANDROID-25981545*</td> 733 <td></td> 734 <td>6.0, 6.0.1</td> 735 <td>2015 12 25</td> 736 </tr> 737 </table> 738 <p>* AOSP . <a href="https://developers.google.com/android/nexus/drivers">Google </a> 739 Nexus .</p> 740 <h3 id="elevation_of_privilege_vulnerability_in_qualcomm_video_kernel_driver"> 741 Qualcomm </h3> 742 <p>Qualcomm 743 744 . 745 746 747 .</p> 748 <table> 749 <tr> 750 <th>CVE</th> 751 <th></th> 752 <th></th> 753 <th> </th> 754 <th> </th> 755 </tr> 756 <tr> 757 <td>CVE-2016-2410</td> 758 <td>ANDROID-26291677*</td> 759 <td></td> 760 <td>6.0, 6.0.1</td> 761 <td>2015 12 21</td> 762 </tr> 763 </table> 764 <p>* AOSP . <a href="https://developers.google.com/android/nexus/drivers">Google </a> 765 Nexus .</p> 766 <h3 id="elevation_of_privilege_vulnerability_in_qualcomm_power_management_component"> 767 Qualcomm </h3> 768 <p>Qualcomm 769 770 . 771 772 773 .</p> 774 <table> 775 <tr> 776 <th>CVE</th> 777 <th></th> 778 <th></th> 779 <th> </th> 780 <th> </th> 781 </tr> 782 <tr> 783 <td>CVE-2016-2411</td> 784 <td>ANDROID-26866053*</td> 785 <td></td> 786 <td>6.0, 6.0.1</td> 787 <td>2016 1 28</td> 788 </tr> 789 </table> 790 <p>* AOSP . <a href="https://developers.google.com/android/nexus/drivers">Google </a> 791 Nexus .</p> 792 <h3 id="elevation_of_privilege_vulnerability_in_system_server"> 793 </h3> 794 <p> 795 796 . 797 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel"></a> <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> .</p> 798 <table> 799 <tr> 800 <th>CVE</th> 801 <th>AOSP </th> 802 <th></th> 803 <th> </th> 804 <th> </th> 805 </tr> 806 <tr> 807 <td>CVE-2016-2412</td> 808 <td><a href="https://android.googlesource.com/platform/external/skia/+/b36c23b3e6b0b316075cc43e466d44c62508fcac"> 809 ANDROID-26593930</a></td> 810 <td></td> 811 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 812 <td>2016 1 15</td> 813 </tr> 814 </table> 815 <h3 id="elevation_of_privilege_vulnerability_in_mediaserver"> 816 </h3> 817 <p> . 818 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel"></a> 819 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> 820 821 .</p> 822 <table> 823 <tr> 824 <th>CVE</th> 825 <th>AOSP </th> 826 <th></th> 827 <th> </th> 828 <th> </th> 829 </tr> 830 <tr> 831 <td>CVE-2016-2413</td> 832 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/25be9ac20db51044e1b09ca67906355e4f328d48"> 833 ANDROID-26403627</a></td> 834 <td></td> 835 <td>5.0.2, 5.1.1, 6.0, 6.0.1</td> 836 <td>2016 1 5</td> 837 </tr> 838 </table> 839 <h3 id="denial_of_service_vulnerability_in_minikin">Minikin (DoS) </h3> 840 <p>Minikin 841 . 842 Minikin 843 . 844 .</p> 845 <table> 846 <tr> 847 <th>CVE</th> 848 <th>AOSP </th> 849 <th></th> 850 <th> </th> 851 <th> </th> 852 </tr> 853 <tr> 854 <td>CVE-2016-2414</td> 855 <td><a href="https://android.googlesource.com/platform/frameworks/minikin/+/ca8ac8acdad662230ae37998c6c4091bb39402b6"> 856 ANDROID-26413177</a> 857 [<a href="https://android.googlesource.com/platform/frameworks/minikin/+/f4785aa1947b8d22d5b19559ef1ca526d98e0e73">2</a>] 858 </td> 859 <td></td> 860 <td>5.0.2, 5.1.1, 6.0, 6.0.1</td> 861 <td>2015 11 3</td> 862 </tr> 863 </table> 864 <h3 id="information_disclosure_vulnerability_in_exchange_activesync"> 865 Exchange ActiveSync </h3> 866 <p>Exchange ActiveSync 867 . 868 869 .</p> 870 <table> 871 <tr> 872 <th>CVE</th> 873 <th>AOSP </th> 874 <th></th> 875 <th> </th> 876 <th> </th> 877 </tr> 878 <tr> 879 <td>CVE-2016-2415</td> 880 <td><a href="https://android.googlesource.com/platform/packages/apps/Exchange/+/0d1a38b1755efe7ed4e8d7302a24186616bba9b2"> 881 ANDROID-26488455</a></td> 882 <td></td> 883 <td>5.0.2, 5.1.1, 6.0, 6.0.1</td> 884 <td>2016 1 11</td> 885 </tr> 886 </table> 887 <h3 id="information_disclosure_vulnerability_in_mediaserver"> </h3> 888 <p> 889 890 . 891 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel"></a> 892 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> 893 894 .</p> 895 <table> 896 <tr> 897 <th>CVE</th> 898 <th>AOSP </th> 899 <th></th> 900 <th> </th> 901 <th> </th> 902 </tr> 903 <tr> 904 <td>CVE-2016-2416</td> 905 <td><a href="https://android.googlesource.com/platform/frameworks/native/+/85d253fab5e2c01bd90990667c6de25c282fc5cd"> 906 ANDROID-27046057</a> 907 [<a href="https://android.googlesource.com/platform/frameworks/native/+/a40b30f5c43726120bfe69d41ff5aeb31fe1d02a">2</a>] 908 </td> 909 <td></td> 910 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 911 <td>2016 2 5</td> 912 </tr> 913 <tr> 914 <td>CVE-2016-2417</td> 915 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/1171e7c047bf79e7c93342bb6a812c9edd86aa84"> 916 ANDROID-26914474</a></td> 917 <td></td> 918 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 919 <td>2016 2 1</td> 920 </tr> 921 <tr> 922 <td>CVE-2016-2418</td> 923 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/8d87321b704cb3f88e8cae668937d001fd63d5e3"> 924 ANDROID-26324358</a></td> 925 <td></td> 926 <td>6.0, 6.0.1</td> 927 <td>2015 12 24</td> 928 </tr> 929 <tr> 930 <td>CVE-2016-2419</td> 931 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/5a856f2092f7086aa0fea9ae06b9255befcdcd34"> 932 ANDROID-26323455</a></td> 933 <td></td> 934 <td>6.0, 6.0.1</td> 935 <td>2015 12 24</td> 936 </tr> 937 </table> 938 <h3 id="elevation_of_privilege_vulnerability_in_debuggerd_component"> 939 Debuggered </h3> 940 <p>Debuggerd 941 942 . 943 . 944 Android 4.4.4 945 946 . Android 5.0 SELinux 947 .</p> 948 <table> 949 <tr> 950 <th>CVE</th> 951 <th>AOSP </th> 952 <th></th> 953 <th> </th> 954 <th> </th> 955 </tr> 956 <tr> 957 <td>CVE-2016-2420</td> 958 <td><a href="https://android.googlesource.com/platform/system/core/+/669ecc2f5e80ff924fa20ce7445354a7c5bcfd98"> 959 ANDROID-26403620</a> 960 [<a href="https://android.googlesource.com/platform/system/core/+/81df1cc77722000f8d0025c1ab00ced123aa573c">2</a>] 961 </td> 962 <td></td> 963 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 964 <td>2016 1 5</td> 965 </tr> 966 </table> 967 <h3 id="elevation_of_privilege_vulnerability_in_setup_wizard"> 968 </h3> 969 <p> 970 . 971 972 973 .</p> 974 <table> 975 <tr> 976 <th>CVE</th> 977 <th></th> 978 <th></th> 979 <th> </th> 980 <th> </th> 981 </tr> 982 <tr> 983 <td>CVE-2016-2421</td> 984 <td>ANDROID-26154410*</td> 985 <td></td> 986 <td>5.1.1, 6.0, 6.0.1</td> 987 <td>Google </td> 988 </tr> 989 </table> 990 <p>* AOSP . 991 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 992 .</p> 993 <h3 id="elevation_of_privilege_in_wi-fi">Wi-Fi </h3> 994 <p>Wi-Fi 995 996 . 997 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel"></a> 998 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> 999 1000 .</p> 1001 <table> 1002 <tr> 1003 <th>CVE</th> 1004 <th>AOSP </th> 1005 <th></th> 1006 <th> </th> 1007 <th> </th> 1008 </tr> 1009 <tr> 1010 <td>CVE-2016-2422</td> 1011 <td><a href="https://android.googlesource.com/platform/packages/apps/CertInstaller/+/70dde9870e9450e10418a32206ac1bb30f036b2c"> 1012 ANDROID-26324357</a></td> 1013 <td></td> 1014 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 1015 <td>2015 12 23</td> 1016 </tr> 1017 </table> 1018 <h3 id="elevation_of_privilege_in_telephony"> </h3> 1019 <p> 1020 . 1021 1022 1023 .</p> 1024 <table> 1025 <tr> 1026 <th>CVE</th> 1027 <th>AOSP </th> 1028 <th></th> 1029 <th> </th> 1030 <th> </th> 1031 </tr> 1032 <tr> 1033 <td>CVE-2016-2423</td> 1034 <td><a href="https://android.googlesource.com/platform/packages/services/Telecomm/+/a06c9a4aef69ae27b951523cf72bf72412bf48fa"> 1035 ANDROID-26303187</a></td> 1036 <td></td> 1037 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 1038 <td>Google </td> 1039 </tr> 1040 </table> 1041 <h3 id="denial_of_service_in_syncstorageengine">SyncStorageEngine (DoS) </h3> 1042 <p>SyncStorageEngine 1043 . 1044 1045 .</p> 1046 <table> 1047 <tr> 1048 <th>CVE</th> 1049 <th>AOSP </th> 1050 <th></th> 1051 <th> </th> 1052 <th> </th> 1053 </tr> 1054 <tr> 1055 <td>CVE-2016-2424</td> 1056 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/d3383d5bfab296ba3adbc121ff8a7b542bde4afb"> 1057 ANDROID-26513719</a></td> 1058 <td></td> 1059 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 1060 <td>Google </td> 1061 </tr> 1062 </table> 1063 <h3 id="information_disclosure_vulnerability_in_aosp_mail">AOSP </h3> 1064 <p>AOSP 1065 . 1066 '' 1067 .</p> 1068 <table> 1069 <tr> 1070 <th>CVE</th> 1071 <th>AOSP </th> 1072 <th></th> 1073 <th> </th> 1074 <th> </th> 1075 </tr> 1076 <tr> 1077 <td>CVE-2016-2425</td> 1078 <td><a href="https://android.googlesource.com/platform/packages/apps/UnifiedEmail/+/0d9dfd649bae9c181e3afc5d571903f1eb5dc46f"> 1079 ANDROID-26989185</a></td> 1080 <td></td> 1081 <td>4.4.4, 5.1.1, 6.0, 6.0.1</td> 1082 <td>2016 1 29</td> 1083 </tr> 1084 <tr> 1085 <td>CVE-2016-2425</td> 1086 <td>ANDROID-7154234*</td> 1087 <td></td> 1088 <td>5.0.2</td> 1089 <td>2016 1 29</td> 1090 </tr> 1091 </table> 1092 <p>* AOSP . 1093 <a href="https://developers.google.com/android/nexus/drivers">Google </a> Nexus 1094 .</p> 1095 <h3 id="information_disclosure_vulnerability_in_framework"> </h3> 1096 <p> 1097 . 1098 1099 .</p> 1100 <table> 1101 <tr> 1102 <th>CVE</th> 1103 <th>AOSP </th> 1104 <th></th> 1105 <th> </th> 1106 <th> </th> 1107 </tr> 1108 <tr> 1109 <td>CVE-2016-2426</td> 1110 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/63363af721650e426db5b0bdfb8b2d4fe36abdb0"> 1111 ANDROID-26094635</a></td> 1112 <td></td> 1113 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 1114 <td>2015 12 8</td> 1115 </tr> 1116 </table> 1117 <h3 id="information_disclosure_vulnerability_in_bouncycastle">BouncyCastle </h3> 1118 <p>BouncyCastle 1119 . 1120 1121 .</p> 1122 <table> 1123 <tr> 1124 <th>CVE</th> 1125 <th>AOSP </th> 1126 <th></th> 1127 <th> </th> 1128 <th> </th> 1129 </tr> 1130 <tr> 1131 <td>CVE-2016-2427</td> 1132 <td><a href="https://android.googlesource.com/platform/libcore/+/efd369d996fd38c50a50ea0de8f20507253cb6de"> 1133 ANDROID-26234568</a> 1134 [<a href="https://android.googlesource.com/platform/external/bouncycastle/+/b3bddea0f33c0459293c6419569ad151b4a7b44b">2</a>] 1135 </td> 1136 <td></td> 1137 <td>5.0.2, 5.1.1, 6.0, 6.0.1</td> 1138 <td>Google </td> 1139 </tr> 1140 </table> 1141 <h2 id="common_questions_and_answers"> </h2> 1142 <p> 1143 .</p> 1144 <p><strong>1. ? </strong></p> 1145 <p>2016 4 2 ( <a href="https://support.google.com/nexus/answer/4457705">Nexus </a> 1146 ). 1147 . 1148 [ro.build.version.security_patch]:[2016-04-02]</p> 1149 <p><strong>2. 2016 4 2 ?</strong></p> 1150 <p> 1 . 4 2016 4 1 1151 <a href="/security/advisory/2016-03-18.html">Android 2016-03-18</a> 1152 CVE-2015-1805 1153 . 2016 4 2 1154 <a href="/security/advisory/2016-03-18.html">Android 2016-03-18</a> 1155 CVE-2015-1805 1156 .</p> 1157 <h2 id="revisions"></h2> 1158 <ul> 1159 <li> 2016 4 4: 1160 </li><li> 2016 4 6: AOSP 1161 </li></ul> 1162 1163 </body> 1164 </html> 1165
