1 <html devsite> 2 <head> 3 <title>Android 2016 5</title> 4 <meta name="project_path" value="/_project.yaml" /> 5 <meta name="book_path" value="/_book.yaml" /> 6 </head> 7 <body> 8 <!-- 9 Copyright 2017 The Android Open Source Project 10 11 Licensed under the Apache License, Version 2.0 (the "License"); 12 you may not use this file except in compliance with the License. 13 You may obtain a copy of the License at 14 15 http://www.apache.org/licenses/LICENSE-2.0 16 17 Unless required by applicable law or agreed to in writing, software 18 distributed under the License is distributed on an "AS IS" BASIS, 19 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 20 See the License for the specific language governing permissions and 21 limitations under the License. 22 --> 23 24 25 26 <p><em>2016 5 2 | 2016 5 4 </em></p> 27 28 <p>Android Android 29 . 30 Nexus . Nexus <a href="https://developers.google.com/android/nexus/images">Google </a> 31 . 32 2016 5 1 33 34 ( <a href="https://support.google.com/nexus/answer/4457705">Nexus </a> ).</p> 35 36 <p> 2016 4 4 37 . , 38 Android (AOSP) .</p> 39 40 <p> 41 , MMS 42 .</p> 43 44 <p> 45 . SafetyNet Android 46 <a href="#mitigations">Android </a> 47 48 <a href="/security/enhancements/index.html">Android Google </a> .</p> 49 50 <p> .</p> 51 52 <h2 id="announcements"></h2> 53 54 55 <ul> 56 <li> ( 57 ) Android . Nexus 58 Android 59 .</li> 60 <li> Android <a href="/security/overview/updates-resources.html#severity"> </a> 61 . 62 6 63 64 .</li> 65 </ul> 66 67 <h2 id="security_vulnerability_summary"> </h2> 68 69 70 <p> , ID(CVE), 71 Nexus 72 . 73 <a href="/security/overview/updates-resources.html#severity"> </a> 74 75 76 .</p> 77 <table> 78 <col width="55%"> 79 <col width="20%"> 80 <col width="13%"> 81 <col width="12%"> 82 <tr> 83 <th></th> 84 <th>CVE</th> 85 <th></th> 86 <th>Nexus </th> 87 </tr> 88 <tr> 89 <td> </td> 90 <td>CVE-2016-2428<br> 91 CVE-2016-2429</td> 92 <td></td> 93 <td></td> 94 </tr> 95 <tr> 96 <td>Debuggered </td> 97 <td>CVE-2016-2430</td> 98 <td></td> 99 <td></td> 100 </tr> 101 <tr> 102 <td>Qualcomm TrustZone </td> 103 <td>CVE-2016-2431<br> 104 CVE-2016-2432</td> 105 <td></td> 106 <td></td> 107 </tr> 108 <tr> 109 <td>Qualcomm Wi-Fi </td> 110 <td>CVE-2015-0569<br> 111 CVE-2015-0570</td> 112 <td></td> 113 <td></td> 114 </tr> 115 <tr> 116 <td>NVIDIA </td> 117 <td>CVE-2016-2434<br> 118 CVE-2016-2435<br> 119 CVE-2016-2436<br> 120 CVE-2016-2437</td> 121 <td></td> 122 <td></td> 123 </tr> 124 <tr> 125 <td> </td> 126 <td>CVE-2015-1805</td> 127 <td></td> 128 <td></td> 129 </tr> 130 <tr> 131 <td> </td> 132 <td>CVE-2016-2438</td> 133 <td></td> 134 <td></td> 135 </tr> 136 <tr> 137 <td>Qualcomm </td> 138 <td>CVE-2016-2060</td> 139 <td></td> 140 <td></td> 141 </tr> 142 <tr> 143 <td> </td> 144 <td>CVE-2016-2439</td> 145 <td></td> 146 <td></td> 147 </tr> 148 <tr> 149 <td>Binder </td> 150 <td>CVE-2016-2440</td> 151 <td></td> 152 <td></td> 153 </tr> 154 <tr> 155 <td>Qualcomm Buspm </td> 156 <td>CVE-2016-2441<br> 157 CVE-2016-2442</td> 158 <td></td> 159 <td></td> 160 </tr> 161 <tr> 162 <td>Qualcomm MDP </td> 163 <td>CVE-2016-2443</td> 164 <td></td> 165 <td></td> 166 </tr> 167 <tr> 168 <td>Qualcomm Wi-Fi </td> 169 <td>CVE-2015-0571</td> 170 <td></td> 171 <td></td> 172 </tr> 173 <tr> 174 <td>NVIDIA </td> 175 <td>CVE-2016-2444<br> 176 CVE-2016-2445<br> 177 CVE-2016-2446</td> 178 <td></td> 179 <td></td> 180 </tr> 181 <tr> 182 <td>Wi-Fi </td> 183 <td>CVE-2016-4477</td> 184 <td></td> 185 <td></td> 186 </tr> 187 <tr> 188 <td> </td> 189 <td>CVE-2016-2448<br> 190 CVE-2016-2449<br> 191 CVE-2016-2450<br> 192 CVE-2016-2451<br> 193 CVE-2016-2452</td> 194 <td></td> 195 <td></td> 196 </tr> 197 <tr> 198 <td>MediaTek Wi-Fi </td> 199 <td>CVE-2016-2453</td> 200 <td></td> 201 <td></td> 202 </tr> 203 <tr> 204 <td>Qualcomm </td> 205 <td>CVE-2016-2454</td> 206 <td></td> 207 <td></td> 208 </tr> 209 <tr> 210 <td>Conscrypt </td> 211 <td>CVE-2016-2461<br> 212 CVE-2016-2462</td> 213 <td></td> 214 <td></td> 215 </tr> 216 <tr> 217 <td>OpenSSL & BoringSSL </td> 218 <td>CVE-2016-0705</td> 219 <td></td> 220 <td></td> 221 </tr> 222 <tr> 223 <td>MediaTek Wi-Fi </td> 224 <td>CVE-2016-2456</td> 225 <td></td> 226 <td></td> 227 </tr> 228 <tr> 229 <td>Wi-Fi </td> 230 <td>CVE-2016-2457</td> 231 <td></td> 232 <td></td> 233 </tr> 234 <tr> 235 <td>AOSP </td> 236 <td>CVE-2016-2458</td> 237 <td></td> 238 <td></td> 239 </tr> 240 <tr> 241 <td> </td> 242 <td>CVE-2016-2459<br> 243 CVE-2016-2460</td> 244 <td></td> 245 <td></td> 246 </tr> 247 <tr> 248 <td> (DoS) </td> 249 <td>CVE-2016-0774</td> 250 <td></td> 251 <td></td> 252 </tr> 253 </table> 254 255 256 <h2 id="android_and_google_service_mitigations">Android Google </h2> 257 258 259 <p> SafetyNet <a href="/security/enhancements/index.html">Android </a> . 260 Android 261 .</p> 262 263 <ul> 264 <li> Android Android 265 . Android 266 .</li> 267 <li> Android <a href="/security/reports/Google_Android_Security_PHA_classifications.pdf"> </a> 268 269 270 <a href="/security/reports/Google_Android_Security_2015_Report_Final.pdf"> SafetyNet</a> 271 . <a href="http://www.android.com/gms">Google </a> 272 273 Google Play 274 . Google Play 275 276 . 277 278 . 279 280 .</li> 281 <li> Google 282 .</li> 283 </ul> 284 285 <h2 id="acknowledgements"></h2> 286 287 288 <p> .</p> 289 290 <ul> 291 <li> Chrome Abhishek Arya, Oliver Chang, Martin Barbella 292 : CVE-2016-2454 293 <li> <a href="https://www.e2e-assure.com">e2e-assure</a> Andy Tyler(<a href="https://twitter.com/ticarpi">@ticarpi</a>) 294 : CVE-2016-2457 295 <li> <a href="http://c0reteam.org">C0RE</a> Chiachih Wu(<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>), 296 Xuxian Jiang: CVE-2016-2441, 297 CVE-2016-2442 298 <li> Dzmitry Lukyanenka(<a href="http://www.linkedin.com/in/dzima"> 299 www.linkedin.com/in/dzima</a>): CVE-2016-2458 300 <li> Gal Beniamini: CVE-2016-2431 301 <li> Qihoo 360 Technology Co. Ltd. Vulpecker Hao Chen 302 : CVE-2016-2456 303 <li> FireEye , Mandiant Jake Valletta 304 : CVE-2016-2060 305 <li> Qihoo 360 Technology Co. Ltd. IceSword Lab Jianqiang Zhao(<a href="https://twitter.com/jianqiangzhao">@jianqiangzhao</a>), 306 pjf(<a href="http://weibo.com/jfpan">weibo.com/jfpan</a>) 307 : CVE-2016-2434, CVE-2016-2435, CVE-2016-2436, 308 CVE-2016-2441, CVE-2016-2442, CVE-2016-2444, CVE-2016-2445, CVE-2016-2446 309 <li> <a href="http://www.search-lab.hu">Search-Lab Ltd.</a> Imre Rad: CVE-2016-4477 310 <li> Google Jeremy C. Joslin: CVE-2016-2461 311 <li> Google Kenny Root: CVE-2016-2462 312 <li> Tencent, KeenLab(<a href="https://twitter.com/keen_lab">@keen_lab</a>) 313 Marco Grassi(<a href="https://twitter.com/marcograss">@marcograss</a>): CVE-2016-2443 314 <li> Micha Bednarski(<a href="https://github.com/michalbednarski"> 315 https://github.com/michalbednarski</a>): CVE-2016-2440 316 <li> <a href="http://c0reteam.org">C0RE</a> Mingjian Zhou(<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>), 317 Chiachih Wu(<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>), 318 Xuxian Jiang: CVE-2016-2450, CVE-2016-2448, 319 CVE-2016-2449, CVE-2016-2451, CVE-2016-2452 320 <li> Trend Micro Peter Pi(<a href="https://twitter.com/heisecode">@heisecode</a>) 321 : CVE-2016-2459, CVE-2016-2460 322 <li> Alibaba Inc. Weichao Sun(<a href="https://twitter.com/sunblate">@sunblate</a>) 323 : CVE-2016-2428, CVE-2016-2429 324 <li> <a href="http://c0reteam.org">C0RE</a> <a href="mailto:computernik (a] gmail.com">Yuan-Tsung Lo</a>, <a href="mailto:zlbzlb815 (a] 163.com"> 325 Lubo Zhang</a>, Chiachih Wu(<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>), 326 Xuxian Jiang: CVE-2016-2437 327 <li> Baidu X-Lab Yulong Zhang, Tao (Lenx) Wei: CVE-2016-2439 328 <li> Android Zach Riggle(<a href="https://twitter.com/ebeip90">@ebeip90</a>) 329 : CVE-2016-2430 330 </li></li></li></li></li></li></li></li></li></li></li></li></li></li></li></li></li></li></li></ul> 331 332 <h2 id="security_vulnerability_details"> </h2> 333 334 335 <p> <a href="#security_vulnerability_summary"> </a> 336 . , 337 CVE, , , Nexus , 338 AOSP ( ), . 339 AOSP ID . 340 341 AOSP ID .</p> 342 343 <h3 id="remote_code_execution_vulnerability_in_mediaserver"> 344 </h3> 345 346 347 <p> 348 349 .</p> 350 351 <p> , 352 , MMS 353 .</p> 354 355 <p> 356 . 357 358 .</p> 359 <table> 360 <col width="19%"> 361 <col width="16%"> 362 <col width="10%"> 363 <col width="19%"> 364 <col width="18%"> 365 <col width="16%"> 366 <tr> 367 <th>CVE</th> 368 <th>Android </th> 369 <th></th> 370 <th> Nexus </th> 371 <th> AOSP </th> 372 <th> </th> 373 </tr> 374 <tr> 375 <td>CVE-2016-2428</td> 376 <td><a href="https://android.googlesource.com/platform/external/aac/+/5d4405f601fa11a8955fd7611532c982420e4206"> 377 26751339</a></td> 378 <td></td> 379 <td><a href="#nexus_devices"> Nexus</a></td> 380 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 381 <td>2016 1 22</td> 382 </tr> 383 <tr> 384 <td>CVE-2016-2429</td> 385 <td><a href="https://android.googlesource.com/platform/external/flac/+/b499389da21d89d32deff500376c5ee4f8f0b04c"> 386 27211885</a></td> 387 <td></td> 388 <td><a href="#nexus_devices"> Nexus</a></td> 389 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 390 <td>2016 2 16</td> 391 </tr> 392 </table> 393 394 395 <h3 id="elevation_of_privilege_vulnerability_in_debuggerd"> 396 Debuggered </h3> 397 398 399 <p> Android 400 Android 401 . 402 , 403 .</p> 404 <table> 405 <col width="19%"> 406 <col width="16%"> 407 <col width="10%"> 408 <col width="19%"> 409 <col width="18%"> 410 <col width="16%"> 411 <tr> 412 <th>CVE</th> 413 <th>Android </th> 414 <th></th> 415 <th> Nexus </th> 416 <th> AOSP </th> 417 <th> </th> 418 </tr> 419 <tr> 420 <td>CVE-2016-2430</td> 421 <td><a href="https://android.googlesource.com/platform/system/core/+/ad54cfed4516292654c997910839153264ae00a0"> 422 27299236</a></td> 423 <td></td> 424 <td><a href="#nexus_devices"> Nexus</a></td> 425 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 426 <td>2016 2 22</td> 427 </tr> 428 </table> 429 430 431 <h3 id="elevation_of_privilege_vulnerability_in_qualcomm_trustzone"> 432 Qualcomm TrustZone </h3> 433 434 435 <p>Qualcomm TrustZone 436 TrustZone 437 . 438 , 439 .</p> 440 <table> 441 <col width="19%"> 442 <col width="16%"> 443 <col width="10%"> 444 <col width="27%"> 445 <col width="16%"> 446 <tr> 447 <th>CVE</th> 448 <th>Android </th> 449 <th></th> 450 <th> Nexus </th> 451 <th> </th> 452 </tr> 453 <tr> 454 <td>CVE-2016-2431</td> 455 <td>24968809*</td> 456 <td></td> 457 <td>Nexus 5, Nexus 6, Nexus 7(2013), Android One</td> 458 <td>2015 10 15</td> 459 </tr> 460 <tr> 461 <td>CVE-2016-2432</td> 462 <td>25913059*</td> 463 <td></td> 464 <td>Nexus 6, Android One</td> 465 <td>2015 11 28</td> 466 </tr> 467 </table> 468 <p>* AOSP . <a href="https://developers.google.com/android/nexus/drivers">Google </a> 469 Nexus .</p> 470 471 <h3 id="elevation_of_privilege_vulnerability_in_qualcomm_wi-fi_driver"> 472 Qualcomm Wi-Fi </h3> 473 474 475 <p>Qualcomm Wi-Fi 476 477 . 478 , 479 480 .</p> 481 <table> 482 <col width="19%"> 483 <col width="16%"> 484 <col width="10%"> 485 <col width="27%"> 486 <col width="16%"> 487 <tr> 488 <th>CVE</th> 489 <th>Android </th> 490 <th></th> 491 <th> Nexus </th> 492 <th> </th> 493 </tr> 494 <tr> 495 <td>CVE-2015-0569</td> 496 <td>26754117*</td> 497 <td></td> 498 <td>Nexus 5X, Nexus 7(2013)</td> 499 <td>2016 1 23</td> 500 </tr> 501 <tr> 502 <td>CVE-2015-0570</td> 503 <td>26764809*</td> 504 <td></td> 505 <td>Nexus 5X, Nexus 7(2013)</td> 506 <td>2016 1 25</td> 507 </tr> 508 </table> 509 <p>* AOSP . <a href="https://developers.google.com/android/nexus/drivers">Google </a> 510 Nexus .</p> 511 512 <h3 id="elevation_of_privilege_vulnerability_in_nvidia_video_driver"> 513 NVIDIA </h3> 514 515 516 <p>NVIDIA 517 518 . , 519 520 .</p> 521 <table> 522 <col width="19%"> 523 <col width="16%"> 524 <col width="10%"> 525 <col width="27%"> 526 <col width="16%"> 527 <tr> 528 <th>CVE</th> 529 <th>Android </th> 530 <th></th> 531 <th> Nexus </th> 532 <th> </th> 533 </tr> 534 <tr> 535 <td>CVE-2016-2434</td> 536 <td>27251090*</td> 537 <td></td> 538 <td>Nexus 9</td> 539 <td>2016 2 17</td> 540 </tr> 541 <tr> 542 <td>CVE-2016-2435</td> 543 <td>27297988*</td> 544 <td></td> 545 <td>Nexus 9</td> 546 <td>2016 2 20</td> 547 </tr> 548 <tr> 549 <td>CVE-2016-2436</td> 550 <td>27299111*</td> 551 <td></td> 552 <td>Nexus 9</td> 553 <td>2016 2 22</td> 554 </tr> 555 <tr> 556 <td>CVE-2016-2437</td> 557 <td>27436822*</td> 558 <td></td> 559 <td>Nexus 9</td> 560 <td>2016 3 1</td> 561 </tr> 562 </table> 563 <p>* AOSP . <a href="https://developers.google.com/android/nexus/drivers">Google </a> 564 Nexus .</p> 565 566 <h3 id="elevation_of_privilege_vulnerability_in_kernel"> 567 </h3> 568 569 570 <p> 571 572 . 573 574 . <a href="/security/advisory/2016-03-18.html">Android 2016-03-18</a> .</p> 575 <table> 576 <col width="19%"> 577 <col width="16%"> 578 <col width="10%"> 579 <col width="27%"> 580 <col width="16%"> 581 <tr> 582 <th>CVE</th> 583 <th>Android </th> 584 <th></th> 585 <th> Nexus </th> 586 <th> </th> 587 </tr> 588 <tr> 589 <td>CVE-2015-1805</td> 590 <td>27275324*</td> 591 <td></td> 592 <td>Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, Nexus 7(2013), Nexus 9</td> 593 <td>2016 2 19</td> 594 </tr> 595 </table> 596 <p>* AOSP . 597 <a href="https://android.googlesource.com/kernel/common/+/bf010e99c9bc48002f6bfa1ad801a59bf996270f">3.14</a>, 598 <a href="https://android.googlesource.com/kernel/common/+/4a5a45669796c5b4617109182e25b321f9f00beb">3.10</a>, 599 <a href="https://android.googlesource.com/kernel/common/+/f7ebfe91b806501808413c8473a300dff58ddbb5">3.4</a></p> 600 601 <h3 id="remote_code_execution_vulnerability_in_kernel"> 602 </h3> 603 604 605 <p> 606 607 . , 608 609 .</p> 610 <table> 611 <col width="19%"> 612 <col width="16%"> 613 <col width="10%"> 614 <col width="27%"> 615 <col width="16%"> 616 <tr> 617 <th>CVE</th> 618 <th>Android </th> 619 <th></th> 620 <th> Nexus </th> 621 <th> </th> 622 </tr> 623 <tr> 624 <td>CVE-2016-2438</td> 625 <td>26636060*</td> 626 <td></td> 627 <td>Nexus 9 </td> 628 <td>Google </td> 629 </tr> 630 </table> 631 <p>* 632 <a href="https://github.com/torvalds/linux/commit/b5a663aa426f4884c71cd8580adae73f33570f0d"> 633 Linux </a> .</p> 634 635 <h3 id="information_disclosure_vulnerability_in_qualcomm_tethering_controller"> 636 Qualcomm </h3> 637 638 639 <p>Qualcomm 640 641 . 3 642 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel"></a> 643 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> 644 .</p> 645 <table> 646 <col width="19%"> 647 <col width="16%"> 648 <col width="10%"> 649 <col width="27%"> 650 <col width="16%"> 651 <tr> 652 <th>CVE</th> 653 <th>Android </th> 654 <th></th> 655 <th> Nexus </th> 656 <th> </th> 657 </tr> 658 <tr> 659 <td>CVE-2016-2060</td> 660 <td>27942588*</td> 661 <td></td> 662 <td></td> 663 <td>2016 3 23</td> 664 </tr> 665 </table> 666 <p>* AOSP . 667 .</p> 668 669 <h3 id="remote_code_execution_vulnerability_in_bluetooth"> 670 </h3> 671 672 673 <p> 674 . 675 .</p> 676 <table> 677 <col width="19%"> 678 <col width="16%"> 679 <col width="10%"> 680 <col width="19%"> 681 <col width="18%"> 682 <col width="16%"> 683 <tr> 684 <th>CVE</th> 685 <th>Android </th> 686 <th></th> 687 <th> Nexus </th> 688 <th> AOSP </th> 689 <th> </th> 690 </tr> 691 <tr> 692 <td>CVE-2016-2439</td> 693 <td><a href="https://android.googlesource.com/platform/system/bt/+/9b534de2aca5d790c2a1c4d76b545f16137d95dd"> 694 27411268</a></td> 695 <td></td> 696 <td><a href="#nexus_devices"> Nexus</a></td> 697 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 698 <td>2016 2 28</td> 699 </tr> 700 </table> 701 702 703 <h3 id="elevation_of_privilege_vulnerability_in_binder"> 704 Binder </h3> 705 706 707 <p>Binder 708 . Binder 709 . Binder 710 .</p> 711 <table> 712 <col width="19%"> 713 <col width="16%"> 714 <col width="10%"> 715 <col width="19%"> 716 <col width="18%"> 717 <col width="16%"> 718 <tr> 719 <th>CVE</th> 720 <th>Android </th> 721 <th></th> 722 <th> Nexus </th> 723 <th> AOSP </th> 724 <th> </th> 725 </tr> 726 <tr> 727 <td>CVE-2016-2440</td> 728 <td><a href="https://android.googlesource.com/platform/frameworks/native/+/a59b827869a2ea04022dd225007f29af8d61837a"> 729 27252896</a></td> 730 <td></td> 731 <td><a href="#nexus_devices"> Nexus</a></td> 732 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 733 <td>2016 2 18</td> 734 </tr> 735 </table> 736 737 738 <h3 id="elevation_of_privilege_vulnerability_in_qualcomm_buspm_driver"> 739 Qualcomm Buspm </h3> 740 741 742 <p>Qualcomm Buspm 743 744 . 745 746 747 .</p> 748 <table> 749 <col width="19%"> 750 <col width="16%"> 751 <col width="10%"> 752 <col width="27%"> 753 <col width="16%"> 754 <tr> 755 <th>CVE</th> 756 <th>Android </th> 757 <th></th> 758 <th> Nexus </th> 759 <th> </th> 760 </tr> 761 <tr> 762 <td>CVE-2016-2441</td> 763 <td>26354602*</td> 764 <td></td> 765 <td>Nexus 5X, Nexus 6, Nexus 6P</td> 766 <td>2015 12 30</td> 767 </tr> 768 <tr> 769 <td>CVE-2016-2442</td> 770 <td>26494907*</td> 771 <td></td> 772 <td>Nexus 5X, Nexus 6, Nexus 6P</td> 773 <td>2015 12 30</td> 774 </tr> 775 </table> 776 <p>* AOSP . <a href="https://developers.google.com/android/nexus/drivers">Google </a> 777 Nexus .</p> 778 779 <h3 id="elevation_of_privilege_vulnerability_in_qualcomm_mdp_driver"> 780 Qualcomm MDP </h3> 781 782 783 <p>Qualcomm MDP 784 785 . 786 787 788 .</p> 789 <table> 790 <col width="19%"> 791 <col width="16%"> 792 <col width="10%"> 793 <col width="27%"> 794 <col width="16%"> 795 <tr> 796 <th>CVE</th> 797 <th>Android </th> 798 <th></th> 799 <th> Nexus </th> 800 <th> </th> 801 </tr> 802 <tr> 803 <td>CVE-2016-2443</td> 804 <td>26404525*</td> 805 <td></td> 806 <td>Nexus 5, Nexus 7(2013)</td> 807 <td>2016 1 5</td> 808 </tr> 809 </table> 810 <p>* AOSP . <a href="https://developers.google.com/android/nexus/drivers">Google </a> 811 Nexus .</p> 812 813 <h3 id="elevation_of_privilege_vulnerability_in_qualcomm_wi-fi_driver"> 814 Qualcomm Wi-Fi </h3> 815 816 817 <p>Qualcomm Wi-Fi 818 819 . 820 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel"></a> 821 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> 822 .</p> 823 <table> 824 <col width="19%"> 825 <col width="16%"> 826 <col width="10%"> 827 <col width="27%"> 828 <col width="16%"> 829 <tr> 830 <th>CVE</th> 831 <th>Android </th> 832 <th></th> 833 <th> Nexus </th> 834 <th> </th> 835 </tr> 836 <tr> 837 <td>CVE-2015-0571</td> 838 <td>26763920*</td> 839 <td></td> 840 <td>Nexus 5X, Nexus 7(2013)</td> 841 <td>2016 1 25</td> 842 </tr> 843 </table> 844 <p>* AOSP . <a href="https://developers.google.com/android/nexus/drivers">Google </a> 845 Nexus .</p> 846 847 <h3 id="elevation_of_privilege_vulnerability_in_nvidia_video_driver"> 848 NVIDIA </h3> 849 850 851 <p>NVIDIA 852 853 . , 854 855 .</p> 856 <table> 857 <col width="19%"> 858 <col width="16%"> 859 <col width="10%"> 860 <col width="27%"> 861 <col width="16%"> 862 <tr> 863 <th>CVE</th> 864 <th>Android </th> 865 <th></th> 866 <th> Nexus </th> 867 <th> </th> 868 </tr> 869 <tr> 870 <td>CVE-2016-2444</td> 871 <td>27208332*</td> 872 <td></td> 873 <td>Nexus 9</td> 874 <td>2016 2 16</td> 875 </tr> 876 <tr> 877 <td>CVE-2016-2445</td> 878 <td>27253079*</td> 879 <td></td> 880 <td>Nexus 9</td> 881 <td>2016 2 17</td> 882 </tr> 883 <tr> 884 <td>CVE-2016-2446</td> 885 <td>27441354*</td> 886 <td></td> 887 <td>Nexus 9</td> 888 <td>2016 3 1</td> 889 </tr> 890 </table> 891 <p>* AOSP . <a href="https://developers.google.com/android/nexus/drivers">Google </a> 892 Nexus .</p> 893 894 <h3 id="elevation_of_privilege_vulnerability_in_wi-fi"> 895 Wi-Fi </h3> 896 897 898 <p>Wi-Fi 899 900 . 901 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel"></a> 902 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> 903 .</p> 904 905 <p><strong></strong>: CVE CVE-2016-2447 CVE-2016-4477 906 MITRE .</p> 907 908 <table> 909 <col width="19%"> 910 <col width="16%"> 911 <col width="10%"> 912 <col width="19%"> 913 <col width="18%"> 914 <col width="16%"> 915 <tr> 916 <th>CVE</th> 917 <th>Android </th> 918 <th></th> 919 <th> Nexus </th> 920 <th> AOSP </th> 921 <th> </th> 922 </tr> 923 <tr> 924 <td>CVE-2016-4477</td> 925 <td><a href="https://android.googlesource.com/platform/external/wpa_supplicant_8/+/b79e09574e50e168dd5f19d540ae0b9a05bd1535"> 926 27371366</a> 927 [<a href="https://android.googlesource.com/platform/external/wpa_supplicant_8/+/b845b81ec6d724bd359cdb77f515722dd4066cf8">2</a>] 928 </td> 929 <td></td> 930 <td><a href="#nexus_devices"> Nexus</a></td> 931 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 932 <td>2016 2 24</td> 933 </tr> 934 </table> 935 936 937 <h3 id="elevation_of_privilege_vulnerability_in_mediaserver"> 938 </h3> 939 940 941 <p> . 942 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel"></a> 943 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> 944 .</p> 945 <table> 946 <col width="19%"> 947 <col width="16%"> 948 <col width="10%"> 949 <col width="19%"> 950 <col width="18%"> 951 <col width="16%"> 952 <tr> 953 <th>CVE</th> 954 <th>Android </th> 955 <th></th> 956 <th> Nexus </th> 957 <th> AOSP </th> 958 <th> </th> 959 </tr> 960 <tr> 961 <td>CVE-2016-2448</td> 962 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/a2d1d85726aa2a3126e9c331a8e00a8c319c9e2b"> 963 27533704</a></td> 964 <td></td> 965 <td><a href="#nexus_devices"> Nexus</a></td> 966 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 967 <td>2016 3 7</td> 968 </tr> 969 <tr> 970 <td>CVE-2016-2449</td> 971 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/b04aee833c5cfb6b31b8558350feb14bb1a0f353"> 972 27568958</a></td> 973 <td></td> 974 <td><a href="#nexus_devices"> Nexus</a></td> 975 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 976 <td>2016 3 9</td> 977 </tr> 978 <tr> 979 <td>CVE-2016-2450</td> 980 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/7fd96ebfc4c9da496c59d7c45e1f62be178e626d"> 981 27569635</a></td> 982 <td></td> 983 <td><a href="#nexus_devices"> Nexus</a></td> 984 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 985 <td>2016 3 9</td> 986 </tr> 987 <tr> 988 <td>CVE-2016-2451</td> 989 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/f9ed2fe6d61259e779a37d4c2d7edb33a1c1f8ba"> 990 27597103</a></td> 991 <td></td> 992 <td><a href="#nexus_devices"> Nexus</a></td> 993 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 994 <td>2016 3 10</td> 995 </tr> 996 <tr> 997 <td>CVE-2016-2452</td> 998 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/44749eb4f273f0eb681d0fa013e3beef754fa687"> 999 27662364</a> 1000 [<a href="https://android.googlesource.com/platform/frameworks/av/+/65756b4082cd79a2d99b2ccb5b392291fd53703f">2</a>] 1001 [<a href="https://android.googlesource.com/platform/frameworks/av/+/daa85dac2055b22dabbb3b4e537597e6ab73a866">3</a>] 1002 </td> 1003 <td></td> 1004 <td><a href="#nexus_devices"> Nexus</a></td> 1005 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 1006 <td>2016 3 14</td> 1007 </tr> 1008 </table> 1009 1010 1011 <h3 id="elevation_of_privilege_vulnerability_in_mediatek_wi-fi_driver"> 1012 MediaTek Wi-Fi </h3> 1013 1014 1015 <p>MediaTek Wi-Fi 1016 . 1017 1018 1019 .</p> 1020 <table> 1021 <col width="19%"> 1022 <col width="16%"> 1023 <col width="10%"> 1024 <col width="27%"> 1025 <col width="16%"> 1026 <tr> 1027 <th>CVE</th> 1028 <th>Android </th> 1029 <th></th> 1030 <th> Nexus </th> 1031 <th> </th> 1032 </tr> 1033 <tr> 1034 <td>CVE-2016-2453</td> 1035 <td>27549705*</td> 1036 <td></td> 1037 <td>Android One</td> 1038 <td>2016 3 8</td> 1039 </tr> 1040 </table> 1041 <p>* AOSP . <a href="https://developers.google.com/android/nexus/drivers">Google </a> 1042 Nexus .</p> 1043 1044 <h3 id="remote_denial_of_service_vulnerability_in_qualcomm_hardware_codec"> 1045 Qualcomm </h3> 1046 1047 1048 <p> 1049 Qualcomm 1050 1051 . .</p> 1052 <table> 1053 <col width="19%"> 1054 <col width="16%"> 1055 <col width="10%"> 1056 <col width="27%"> 1057 <col width="16%"> 1058 <tr> 1059 <th>CVE</th> 1060 <th>Android </th> 1061 <th></th> 1062 <th> Nexus </th> 1063 <th> </th> 1064 </tr> 1065 <tr> 1066 <td>CVE-2016-2454</td> 1067 <td>26221024*</td> 1068 <td></td> 1069 <td>Nexus 5</td> 1070 <td>2015 12 16</td> 1071 </tr> 1072 </table> 1073 <p>* AOSP . <a href="https://developers.google.com/android/nexus/drivers">Google </a> 1074 Nexus .</p> 1075 1076 <h3 id="elevation_of_privilege_vulnerability_in_conscrypt"> 1077 Conscrypt </h3> 1078 1079 1080 <p>Conscrypt 1081 . 1082 .</p> 1083 <table> 1084 <col width="19%"> 1085 <col width="16%"> 1086 <col width="10%"> 1087 <col width="19%"> 1088 <col width="18%"> 1089 <col width="16%"> 1090 <tr> 1091 <th>CVE</th> 1092 <th>Android </th> 1093 <th></th> 1094 <th> Nexus </th> 1095 <th> AOSP </th> 1096 <th> </th> 1097 </tr> 1098 <tr> 1099 <td>CVE-2016-2461</td> 1100 <td><a href="https://android.googlesource.com/platform/external/conscrypt/+/50d0447566db4a77d78d592f1c1b5d31096fac8f"> 1101 27324690</a> 1102 [<a href="https://android.googlesource.com/platform/external/conscrypt/+/1638945d4ed9403790962ec7abed1b7a232a9ff8">2</a>] 1103 </td> 1104 <td></td> 1105 <td><a href="#nexus_devices"> Nexus</a></td> 1106 <td>6.0, 6.0.1</td> 1107 <td>Google </td> 1108 </tr> 1109 <tr> 1110 <td>CVE-2016-2462</td> 1111 <td><a href="https://android.googlesource.com/platform/external/conscrypt/+/8bec47d2184fca7e8b7337d2a65b2b75a9bc8f54"> 1112 27371173</a></td> 1113 <td></td> 1114 <td><a href="#nexus_devices"> Nexus</a></td> 1115 <td>6.0, 6.0.1</td> 1116 <td>Google </td> 1117 </tr> 1118 </table> 1119 1120 1121 <h3 id="elevation_of_privilege_vulnerability_in_openssl_&_boringssl"> 1122 OpenSSL & BoringSSL </h3> 1123 1124 1125 <p>OpenSSL BoringSSL 1126 . 1127 , 1128 .</p> 1129 <table> 1130 <col width="19%"> 1131 <col width="16%"> 1132 <col width="10%"> 1133 <col width="19%"> 1134 <col width="18%"> 1135 <col width="16%"> 1136 <tr> 1137 <th>CVE</th> 1138 <th>Android </th> 1139 <th></th> 1140 <th> Nexus </th> 1141 <th> AOSP </th> 1142 <th> </th> 1143 </tr> 1144 <tr> 1145 <td>CVE-2016-0705</td> 1146 <td><a href="https://android.googlesource.com/platform/external/boringssl/+/591be84e89682622957c8f103ca4be3a5ed0f800"> 1147 27449871</a></td> 1148 <td></td> 1149 <td><a href="#nexus_devices"> Nexus</a></td> 1150 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 1151 <td>2016 2 7</td> 1152 </tr> 1153 </table> 1154 1155 1156 <h3 id="elevation_of_privilege_vulnerability_in_mediatek_wi-fi_driver"> 1157 MediaTek Wi-Fi </h3> 1158 1159 1160 <p>MediaTek Wi-Fi 1161 . , 1162 .</p> 1163 <table> 1164 <col width="19%"> 1165 <col width="16%"> 1166 <col width="10%"> 1167 <col width="27%"> 1168 <col width="16%"> 1169 <tr> 1170 <th>CVE</th> 1171 <th>Android </th> 1172 <th></th> 1173 <th> Nexus </th> 1174 <th> </th> 1175 </tr> 1176 <tr> 1177 <td>CVE-2016-2456</td> 1178 <td>27275187*</td> 1179 <td></td> 1180 <td>Android One</td> 1181 <td>2016 2 19</td> 1182 </tr> 1183 </table> 1184 <p>* AOSP . <a href="https://developers.google.com/android/nexus/drivers">Google </a> 1185 Nexus .</p> 1186 1187 <h3 id="elevation_of_privilege_vulnerability_in_wi-fi"> 1188 Wi-Fi </h3> 1189 1190 1191 <p>Wi-Fi 1192 Wi-Fi . 1193 '<a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel"></a>' .</p> 1194 <table> 1195 <col width="19%"> 1196 <col width="16%"> 1197 <col width="10%"> 1198 <col width="19%"> 1199 <col width="18%"> 1200 <col width="16%"> 1201 <tr> 1202 <th>CVE</th> 1203 <th>Android </th> 1204 <th></th> 1205 <th> Nexus </th> 1206 <th> AOSP </th> 1207 <th> </th> 1208 </tr> 1209 <tr> 1210 <td>CVE-2016-2457</td> 1211 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/12332e05f632794e18ea8c4ac52c98e82532e5db"> 1212 27411179</a></td> 1213 <td></td> 1214 <td><a href="#nexus_devices"> Nexus</a></td> 1215 <td>5.0.2, 5.1.1, 6.0, 6.0.1</td> 1216 <td>2016 2 29</td> 1217 </tr> 1218 </table> 1219 1220 1221 <h3 id="information_disclosure_vulnerability_in_aosp_mail"> 1222 AOSP </h3> 1223 1224 1225 <p>AOSP 1226 . 1227 .</p> 1228 <table> 1229 <col width="19%"> 1230 <col width="16%"> 1231 <col width="10%"> 1232 <col width="19%"> 1233 <col width="18%"> 1234 <col width="16%"> 1235 <tr> 1236 <th>CVE</th> 1237 <th>Android </th> 1238 <th></th> 1239 <th> Nexus </th> 1240 <th> AOSP </th> 1241 <th> </th> 1242 </tr> 1243 <tr> 1244 <td>CVE-2016-2458</td> 1245 <td><a href="https://android.googlesource.com/platform/packages/apps/UnifiedEmail/+/a55168330d9326ff2120285763c818733590266a"> 1246 27335139</a> 1247 [<a href="https://android.googlesource.com/platform/packages/apps/Email/+/2791f0b33b610247ef87278862e66c6045f89693">2</a>] 1248 </td> 1249 <td></td> 1250 <td><a href="#nexus_devices"> Nexus</a></td> 1251 <td>5.0.2, 5.1.1, 6.0, 6.0.1</td> 1252 <td>2016 2 23</td> 1253 </tr> 1254 </table> 1255 1256 1257 <h3 id="information_disclosure_vulnerability_in_mediaserver"> 1258 </h3> 1259 1260 1261 <p> 1262 . 1263 .</p> 1264 <table> 1265 <col width="19%"> 1266 <col width="16%"> 1267 <col width="10%"> 1268 <col width="19%"> 1269 <col width="18%"> 1270 <col width="16%"> 1271 <tr> 1272 <th>CVE</th> 1273 <th>Android </th> 1274 <th></th> 1275 <th> Nexus </th> 1276 <th> AOSP </th> 1277 <th> </th> 1278 </tr> 1279 <tr> 1280 <td>CVE-2016-2459</td> 1281 <td><a href="https://android.googlesource.com/platform/frameworks/native/+/a30d7d90c4f718e46fb41a99b3d52800e1011b73"> 1282 27556038</a></td> 1283 <td></td> 1284 <td><a href="#nexus_devices"> Nexus</a></td> 1285 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 1286 <td>2016 3 7</td> 1287 </tr> 1288 <tr> 1289 <td>CVE-2016-2460</td> 1290 <td><a href="https://android.googlesource.com/platform/frameworks/native/+/a30d7d90c4f718e46fb41a99b3d52800e1011b73"> 1291 27555981</a></td> 1292 <td></td> 1293 <td><a href="#nexus_devices"> Nexus</a></td> 1294 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 1295 <td>2016 3 7</td> 1296 </tr> 1297 </table> 1298 1299 1300 <h3 id="denial_of_service_vulnerability_in_kernel"> 1301 (DoS) </h3> 1302 1303 1304 <p> 1305 . 1306 .</p> 1307 <table> 1308 <col width="19%"> 1309 <col width="16%"> 1310 <col width="10%"> 1311 <col width="27%"> 1312 <col width="16%"> 1313 <tr> 1314 <th>CVE</th> 1315 <th>Android </th> 1316 <th></th> 1317 <th> Nexus </th> 1318 <th> </th> 1319 </tr> 1320 <tr> 1321 <td>CVE-2016-0774</td> 1322 <td>27721803*</td> 1323 <td></td> 1324 <td><a href="#nexus_devices"> Nexus</a></td> 1325 <td>2016 3 17</td> 1326 </tr> 1327 </table> 1328 <p>* 1329 <a href="https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/fs/pipe.c?id=b381fbc509052d07ccf8641fd7560a25d46aaf1e"> 1330 Linux </a> .</p> 1331 1332 <h2 id="common_questions_and_answers"> </h2> 1333 1334 1335 <p> 1336 .</p> 1337 1338 <p><strong>1. ?</strong></p> 1339 1340 <p>2016 5 1 ( <a href="https://support.google.com/nexus/answer/4457705">Nexus </a> 1341 ). 1342 . 1343 [ro.build.version.security_patch]:[2016-05-01]</p> 1344 1345 <p id="nexus_devices"><strong>2. Nexus ?</strong></p> 1346 1347 <p><a href="security_vulnerability_details"> </a> 1348 Nexus 1349 Nexus . .</p> 1350 1351 <ul> 1352 <li> <strong> Nexus </strong>: Nexus 1353 <em> Nexus </em> ' Nexus' . 1354 ' Nexus' 1355 <a href="https://support.google.com/nexus/answer/4457705#nexus_devices"> 1356 </a> . Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, Nexus 7(2013), 1357 Nexus 9, Android One, Nexus Player, Pixel C 1358 <li> <strong> Nexus </strong>: Nexus 1359 , Nexus <em> Nexus 1360 </em> .</li> 1361 <li> <strong>Nexus </strong>: Nexus 1362 <em> Nexus </em> '' .</li> 1363 </li></ul> 1364 1365 <p><strong>3. CVE-2015-1805 ?</strong></p> 1366 <p><a href="/security/advisory/2016-03-18.html">Android 2016-03-18</a> 1367 4 CVE-2015-1805 1368 . 2016 4 1 1369 CVE-2015-1805 <a href="2016-04-02.html">Nexus 2016 4</a> 1370 . 1371 2016 5 1 1372 .</p> 1373 <h2 id="revisions"></h2> 1374 1375 1376 <ul> 1377 <li> 2016 5 2: </li> 1378 <li> 2016 5 4: 1379 <ul> 1380 <li> AOSP 1381 <li> Nexus Nexus Player Pixel C 1382 <li> MITRE CVE-2016-2447 CVE-2016-4477 1383 </li></li></li></ul> 1384 </li> 1385 </ul> 1386 1387 </body> 1388 </html> 1389
