1 <html devsite> 2 <head> 3 <title>Android 2016 6</title> 4 <meta name="project_path" value="/_project.yaml" /> 5 <meta name="book_path" value="/_book.yaml" /> 6 </head> 7 <body> 8 <!-- 9 Copyright 2017 The Android Open Source Project 10 11 Licensed under the Apache License, Version 2.0 (the "License"); 12 you may not use this file except in compliance with the License. 13 You may obtain a copy of the License at 14 15 http://www.apache.org/licenses/LICENSE-2.0 16 17 Unless required by applicable law or agreed to in writing, software 18 distributed under the License is distributed on an "AS IS" BASIS, 19 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 20 See the License for the specific language governing permissions and 21 limitations under the License. 22 --> 23 24 25 26 <p><em>2016 6 6 | 2016 6 8 </em></p> 27 28 <p>Android Android 29 . 30 Nexus . 31 Nexus <a href="https://developers.google.com/android/nexus/images">Google </a> 32 . 33 2016 6 1 . 34 <a href="https://support.google.com/nexus/answer/4457705#nexus_devices"> 35 Nexus </a> .</p> 36 37 <p> 2016 5 2 38 . , Android 39 (AOSP) .</p> 40 41 <p> 42 , , MMS 43 .</p> 44 45 <p> 46 . SafetyNet 47 Android <a href="/security/enhancements/index.html">Android </a> 48 49 50 51 <a href="#mitigations">Android Google </a> .</p> 52 53 <p> .</p> 54 55 <h2 id="security_vulnerability_summary"> </h2> 56 57 58 <p> , ID(CVE), 59 Nexus 60 . <a href="/security/overview/updates-resources.html#severity"> </a> 61 62 63 64 .</p> 65 <table> 66 <col width="55%"> 67 <col width="20%"> 68 <col width="13%"> 69 <col width="12%"> 70 <tr> 71 <th></th> 72 <th>CVE</th> 73 <th></th> 74 <th>Nexus </th> 75 </tr> 76 <tr> 77 <td> </td> 78 <td>CVE-2016-2463</td> 79 <td></td> 80 <td></td> 81 </tr> 82 <tr> 83 <td>libwebm </td> 84 <td>CVE-2016-2464</td> 85 <td></td> 86 <td></td> 87 </tr> 88 <tr> 89 <td>Qualcomm </td> 90 <td>CVE-2016-2465</td> 91 <td></td> 92 <td></td> 93 </tr> 94 <tr> 95 <td>Qualcomm </td> 96 <td>CVE-2016-2466<br> 97 CVE-2016-2467</td> 98 <td></td> 99 <td></td> 100 </tr> 101 <tr> 102 <td>Qualcomm GPU </td> 103 <td>CVE-2016-2468<br> 104 CVE-2016-2062</td> 105 <td></td> 106 <td></td> 107 </tr> 108 <tr> 109 <td>Qualcomm Wi-Fi </td> 110 <td>CVE-2016-2474</td> 111 <td></td> 112 <td></td> 113 </tr> 114 <tr> 115 <td>Broadcom Wi-Fi </td> 116 <td>CVE-2016-2475</td> 117 <td></td> 118 <td></td> 119 </tr> 120 <tr> 121 <td>Qualcomm </td> 122 <td>CVE-2016-2066<br> 123 CVE-2016-2469</td> 124 <td></td> 125 <td></td> 126 </tr> 127 <tr> 128 <td> </td> 129 <td>CVE-2016-2476<br> 130 CVE-2016-2477<br> 131 CVE-2016-2478<br> 132 CVE-2016-2479<br> 133 CVE-2016-2480<br> 134 CVE-2016-2481<br> 135 CVE-2016-2482<br> 136 CVE-2016-2483<br> 137 CVE-2016-2484<br> 138 CVE-2016-2485<br> 139 CVE-2016-2486<br> 140 CVE-2016-2487</td> 141 <td></td> 142 <td></td> 143 </tr> 144 <tr> 145 <td>Qualcomm </td> 146 <td>CVE-2016-2061<br> 147 CVE-2016-2488</td> 148 <td></td> 149 <td></td> 150 </tr> 151 <tr> 152 <td>Qualcomm </td> 153 <td>CVE-2016-2489</td> 154 <td></td> 155 <td></td> 156 </tr> 157 <tr> 158 <td>NVIDIA </td> 159 <td>CVE-2016-2490<br> 160 CVE-2016-2491</td> 161 <td></td> 162 <td></td> 163 </tr> 164 <tr> 165 <td>Qualcomm Wi-Fi </td> 166 <td>CVE-2016-2470<br> 167 CVE-2016-2471<br> 168 CVE-2016-2472<br> 169 CVE-2016-2473</td> 170 <td></td> 171 <td></td> 172 </tr> 173 <tr> 174 <td>MediaTek </td> 175 <td>CVE-2016-2492</td> 176 <td></td> 177 <td></td> 178 </tr> 179 <tr> 180 <td>SD </td> 181 <td>CVE-2016-2494</td> 182 <td></td> 183 <td></td> 184 </tr> 185 <tr> 186 <td>Broadcom Wi-Fi </td> 187 <td>CVE-2016-2493</td> 188 <td></td> 189 <td></td> 190 </tr> 191 <tr> 192 <td> </td> 193 <td>CVE-2016-2495</td> 194 <td></td> 195 <td></td> 196 </tr> 197 <tr> 198 <td> UI </td> 199 <td>CVE-2016-2496</td> 200 <td></td> 201 <td></td> 202 </tr> 203 <tr> 204 <td>Qualcomm Wi-Fi </td> 205 <td>CVE-2016-2498</td> 206 <td></td> 207 <td></td> 208 </tr> 209 <tr> 210 <td> </td> 211 <td>CVE-2016-2499</td> 212 <td></td> 213 <td></td> 214 </tr> 215 <tr> 216 <td> </td> 217 <td>CVE-2016-2500</td> 218 <td></td> 219 <td></td> 220 </tr> 221 </table> 222 223 224 <h2 id="mitigations">Android Google </h2> 225 226 227 <p> SafetyNet <a href="/security/enhancements/index.html">Android </a> 228 229 . 230 Android 231 .</p> 232 233 <ul> 234 <li> Android Android 235 . Android 236 . 237 <li> Android <a href="/security/reports/Google_Android_Security_PHA_classifications.pdf"> </a> 238 239 240 <a href="/security/reports/Google_Android_Security_2015_Report_Final.pdf"> 241 SafetyNet</a> 242 . <a href="http://www.android.com/gms">Google </a> 243 244 Google Play 245 . Google Play 246 247 . 248 249 . 250 251 . 252 <li> Google 253 . 254 </li></li></li></ul> 255 256 <h2 id="acknowledgements"></h2> 257 258 259 <p> .</p> 260 261 <ul> 262 <li> Tencent KeenLab(<a href="https://twitter.com/keen_lab">@keen_lab</a>) Di Shen(<a href="https://twitter.com/returnsme">@returnsme</a>): CVE-2016-2468 263 <li> <a href="http://bits-please.blogspot.com">Gal Beniamini</a>(<a href="https://twitter.com/laginimaineb">@laginimaineb</a>): CVE-2016-2476 264 <li> Qihoo 360 Technology Co. Ltd. IceSword Lab Gengjia Chen(<a href="https://twitter.com/chengjia4574">@chengjia4574</a>), pjf(<a href="http://weibo.com/jfpan">weibo.com/jfpan</a>): CVE-2016-2492 265 <li> Qihoo 360 Technology Co. Ltd. Mobile Safe Team Hao Chen, Guang Gong, Wenlin Yang: CVE-2016-2470, CVE-2016-2471, CVE-2016-2472, CVE-2016-2473, CVE-2016-2498 266 <li> <a href="http://www.iwobanas.com">Iwo Banas</a>: CVE-2016-2496 267 <li> Qihoo 360 Technology Co. Ltd. IceSword Lab Jianqiang Zhao(<a href="https://twitter.com/jianqiangzhao">@jianqiangzhao</a>), pjf(<a href="http://weibo.com/jfpan">weibo.com/jfpan</a>): CVE-2016-2490, CVE-2016-2491 268 <li> Google Lee Campbell : CVE-2016-2500 269 <li> Google Maciej Szawowski: CVE-2016-2474 270 <li> Google Marco Nelissen, Max Spector: CVE-2016-2487 271 <li> Google Project Zero Mark Brand: CVE-2016-2494 272 <li> <a href="http://c0reteam.org">C0RE </a> Mingjian Zhou(<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>), Chiachih Wu(<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>), Xuxian Jiang: CVE-2016-2477, CVE-2016-2478, 273 CVE-2016-2479, CVE-2016-2480, CVE-2016-2481, CVE-2016-2482, CVE-2016-2483, CVE-2016-2484, CVE-2016-2485, CVE-2016-2486 274 <li> <a href="mailto:sbauer (a] plzdonthack.me">Scott Bauer</a>(<a href="https://twitter.com/ScottyBauer1">@ScottyBauer1</a>): CVE-2016-2066, CVE-2016-2061, CVE-2016-2465, CVE-2016-2469, CVE-2016-2489 275 <li> Vasily Vasilev: CVE-2016-2463 276 <li> Alibaba Inc. Weichao Sun(<a href="https://twitter.com/sunblate">@sunblate</a>): CVE-2016-2495 277 <li> Tencent Security Platform Department Xiling Gong: CVE-2016-2499 278 <li> Android Zach Riggle(<a href="https://twitter.com/ebeip90">@ebeip90</a>): CVE-2016-2493 279 </li></li></li></li></li></li></li></li></li></li></li></li></li></li></li></li></ul> 280 281 <h2 id="security_vulnerability_details"> </h2> 282 283 284 <p> <a href="#security_vulnerability_summary"> </a> 285 . , 286 CVE, Android , , Nexus , 287 AOSP ( ), . 288 AOSP ID . 289 290 AOSP ID .</p> 291 292 <h3 id="remote_code_execution_vulnerability_in_mediaserver"> 293 </h3> 294 295 296 <p> 297 298 . 299 . 300 301 .</p> 302 303 <p> , 304 , MMS 305 .</p> 306 <table> 307 <col width="19%"> 308 <col width="16%"> 309 <col width="10%"> 310 <col width="19%"> 311 <col width="18%"> 312 <col width="16%"> 313 <tr> 314 <th>CVE</th> 315 <th>Android </th> 316 <th></th> 317 <th> Nexus </th> 318 <th> AOSP </th> 319 <th> </th> 320 </tr> 321 <tr> 322 <td>CVE-2016-2463</td> 323 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/2b6f22dc64d456471a1dc6df09d515771d1427c8">27855419</a></td> 324 <td></td> 325 <td><a href="#nexus_devices"> Nexus</a></td> 326 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 327 <td>2016 3 25</td> 328 </tr> 329 </table> 330 331 332 <h3 id="remote_code_execution_vulnerabilities_in_libwebm"> 333 libwebm </h3> 334 335 336 <p>libwebm 337 338 . 339 . 340 341 .</p> 342 343 <p> , 344 , MMS 345 .</p> 346 <table> 347 <col width="19%"> 348 <col width="16%"> 349 <col width="10%"> 350 <col width="19%"> 351 <col width="18%"> 352 <col width="16%"> 353 <tr> 354 <th>CVE</th> 355 <th>Android </th> 356 <th></th> 357 <th> Nexus </th> 358 <th> AOSP </th> 359 <th> </th> 360 </tr> 361 <tr> 362 <td>CVE-2016-2464</td> 363 <td><a href="https://android.googlesource.com/platform/external/libvpx/+/cc274e2abe8b2a6698a5c47d8aa4bb45f1f9538d">23167726</a> 364 [<a href="https://android.googlesource.com/platform/external/libvpx/+/65c49d5b382de4085ee5668732bcb0f6ecaf7148">2</a>] 365 </td> 366 <td></td> 367 <td><a href="#nexus_devices"> Nexus</a></td> 368 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 369 <td>Google </td> 370 </tr> 371 </table> 372 373 374 <h3 id="elevation_of_privilege_vulnerability_in_qualcomm_video_driver"> 375 Qualcomm </h3> 376 377 378 <p>Qualcomm 379 380 . 381 , 382 .</p> 383 <table> 384 <col width="19%"> 385 <col width="16%"> 386 <col width="10%"> 387 <col width="27%"> 388 <col width="16%"> 389 <tr> 390 <th>CVE</th> 391 <th>Android </th> 392 <th></th> 393 <th> Nexus </th> 394 <th> </th> 395 </tr> 396 <tr> 397 <td>CVE-2016-2465</td> 398 <td>27407865*</td> 399 <td></td> 400 <td>Nexus 5, Nexus 5X, Nexus 6, Nexus 6P</td> 401 <td>2016 2 21</td> 402 </tr> 403 </table> 404 <p> 405 * AOSP . <a href="https://developers.google.com/android/nexus/drivers">Google </a> 406 Nexus . 407 </p> 408 409 <h3 id="elevation_of_privilege_vulnerability_in_qualcomm_sound_driver"> 410 Qualcomm </h3> 411 412 <p>Qualcomm 413 414 . 415 , 416 .</p> 417 418 <table> 419 <col width="19%"> 420 <col width="16%"> 421 <col width="10%"> 422 <col width="27%"> 423 <col width="16%"> 424 <tr> 425 <th>CVE</th> 426 <th>Android </th> 427 <th></th> 428 <th> Nexus </th> 429 <th> </th> 430 </tr> 431 <tr> 432 <td>CVE-2016-2466</td> 433 <td>27947307*</td> 434 <td></td> 435 <td>Nexus 6</td> 436 <td>2016 2 27</td> 437 </tr> 438 <tr> 439 <td>CVE-2016-2467</td> 440 <td>28029010*</td> 441 <td></td> 442 <td>Nexus 5</td> 443 <td>2014 3 13</td> 444 </tr> 445 </table> 446 <p> 447 * AOSP . <a href="https://developers.google.com/android/nexus/drivers">Google </a> 448 Nexus . 449 </p> 450 451 <h3 id="elevation_of_privilege_vulnerability_in_qualcomm_gpu_driver"> 452 Qualcomm GPU </h3> 453 454 455 <p>Qualcomm GPU 456 457 . 458 , 459 .</p> 460 461 <table> 462 <col width="19%"> 463 <col width="16%"> 464 <col width="10%"> 465 <col width="27%"> 466 <col width="16%"> 467 <tr> 468 <th>CVE</th> 469 <th>Android </th> 470 <th></th> 471 <th> Nexus </th> 472 <th> </th> 473 </tr> 474 <tr> 475 <td>CVE-2016-2468</td> 476 <td>27475454*</td> 477 <td></td> 478 <td>Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, Nexus 7</td> 479 <td>2016 3 2</td> 480 </tr> 481 <tr> 482 <td>CVE-2016-2062</td> 483 <td>27364029*</td> 484 <td></td> 485 <td>Nexus 5X, Nexus 6P</td> 486 <td>2016 3 6</td> 487 </tr> 488 </table> 489 <p> 490 * AOSP . <a href="https://developers.google.com/android/nexus/drivers">Google </a> 491 Nexus . 492 </p> 493 494 495 <h3 id="elevation_of_privilege_vulnerability_in_qualcomm_wi-fi_driver"> 496 Qualcomm Wi-Fi </h3> 497 498 499 <p>Qualcomm Wi-Fi 500 501 . 502 , 503 .</p> 504 <table> 505 <col width="19%"> 506 <col width="16%"> 507 <col width="10%"> 508 <col width="27%"> 509 <col width="16%"> 510 <tr> 511 <th>CVE</th> 512 <th>Android </th> 513 <th></th> 514 <th> Nexus </th> 515 <th> </th> 516 </tr> 517 <tr> 518 <td>CVE-2016-2474</td> 519 <td>27424603*</td> 520 <td></td> 521 <td>Nexus 5X</td> 522 <td>Google </td> 523 </tr> 524 </table> 525 <p> 526 * AOSP . <a href="https://developers.google.com/android/nexus/drivers">Google </a> 527 Nexus . 528 </p> 529 530 531 <h3 id="elevation_of_privilege_vulnerability_in_broadcom_wi-fi_driver"> 532 Broadcom Wi-Fi </h3> 533 534 535 <p>Broadcom Wi-Fi 536 537 . 538 .</p> 539 <table> 540 <col width="19%"> 541 <col width="16%"> 542 <col width="10%"> 543 <col width="27%"> 544 <col width="16%"> 545 <tr> 546 <th>CVE</th> 547 <th>Android </th> 548 <th></th> 549 <th> Nexus </th> 550 <th> </th> 551 </tr> 552 <tr> 553 <td>CVE-2016-2475</td> 554 <td>26425765*</td> 555 <td></td> 556 <td>Nexus 5, Nexus 6, Nexus 6P, Nexus 7(2013), Nexus 9, Nexus Player, Pixel C</td> 557 <td>2016 1 6</td> 558 </tr> 559 </table> 560 <p> 561 * AOSP . <a href="https://developers.google.com/android/nexus/drivers">Google </a> 562 Nexus . 563 </p> 564 565 566 <h3 id="elevation_of_privilege_vulnerability_in_qualcomm_sound_driver"> 567 Qualcomm </h3> 568 569 570 <p>Qualcomm 571 572 . .</p> 573 574 <table> 575 <col width="19%"> 576 <col width="16%"> 577 <col width="10%"> 578 <col width="27%"> 579 <col width="16%"> 580 <tr> 581 <th>CVE</th> 582 <th>Android </th> 583 <th></th> 584 <th> Nexus </th> 585 <th> </th> 586 </tr> 587 <tr> 588 <td>CVE-2016-2066</td> 589 <td>26876409*</td> 590 <td></td> 591 <td>Nexus 5, Nexus 5X, Nexus 6, Nexus 6P</td> 592 <td>2016 1 29</td> 593 </tr> 594 <tr> 595 <td>CVE-2016-2469</td> 596 <td>27531992*</td> 597 <td></td> 598 <td>Nexus 5, Nexus 6, Nexus 6P</td> 599 <td>2016 3 4</td> 600 </tr> 601 </table> 602 <p> 603 * AOSP . <a href="https://developers.google.com/android/nexus/drivers">Google </a> 604 Nexus . 605 </p> 606 607 608 <h3 id="elevation_of_privilege_vulnerability_in_mediaserver"> 609 </h3> 610 611 612 <p> . 613 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel"></a> 614 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> 615 .</p> 616 617 <table> 618 <col width="19%"> 619 <col width="16%"> 620 <col width="10%"> 621 <col width="19%"> 622 <col width="18%"> 623 <col width="16%"> 624 <tr> 625 <th>CVE</th> 626 <th>Android </th> 627 <th></th> 628 <th> Nexus </th> 629 <th> AOSP </th> 630 <th> </th> 631 </tr> 632 <tr> 633 <td>CVE-2016-2476</td> 634 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/295c883fe3105b19bcd0f9e07d54c6b589fc5bff">27207275</a> 635 [<a href="https://android.googlesource.com/platform/frameworks/av/+/94d9e646454f6246bf823b6897bd6aea5f08eda3">2</a>] 636 [<a href="https://android.googlesource.com/platform/frameworks/av/+/0bb5ced60304da7f61478ffd359e7ba65d72f181">3</a>] 637 [<a href="https://android.googlesource.com/platform/frameworks/av/+/db829699d3293f254a7387894303451a91278986">4</a>] 638 </td> 639 <td></td> 640 <td><a href="#nexus_devices"> Nexus</a></td> 641 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 642 <td>2016 2 11</td> 643 </tr> 644 <tr> 645 <td>CVE-2016-2477</td> 646 <td><a href="https://android.googlesource.com/platform/hardware/qcom/media/+/f22c2a0f0f9e030c240468d9d18b9297f001bcf0">27251096</a> 647 </td> 648 <td></td> 649 <td><a href="#nexus_devices"> Nexus</a></td> 650 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 651 <td>2016 2 17</td> 652 </tr> 653 <tr> 654 <td>CVE-2016-2478</td> 655 <td><a href="https://android.googlesource.com/platform/hardware/qcom/media/+/f22c2a0f0f9e030c240468d9d18b9297f001bcf0">27475409</a> 656 </td> 657 <td></td> 658 <td><a href="#nexus_devices"> Nexus</a></td> 659 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 660 <td>2016 3 3</td> 661 </tr> 662 <tr> 663 <td>CVE-2016-2479</td> 664 <td><a href="https://android.googlesource.com/platform/hardware/qcom/media/+/46e305be6e670a5a0041b0b4861122a0f1aabefa">27532282</a> 665 </td> 666 <td></td> 667 <td><a href="#nexus_devices"> Nexus</a></td> 668 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 669 <td>2016 3 6</td> 670 </tr> 671 <tr> 672 <td>CVE-2016-2480</td> 673 <td><a href="https://android.googlesource.com/platform/hardware/qcom/media/+/560ccdb509a7b86186fac0fce1b25bd9a3e6a6e8">27532721</a> 674 </td> 675 <td></td> 676 <td><a href="#nexus_devices"> Nexus</a></td> 677 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 678 <td>2016 3 6</td> 679 </tr> 680 <tr> 681 <td>CVE-2016-2481</td> 682 <td><a href="https://android.googlesource.com/platform/hardware/qcom/media/+/89913d7df36dbeb458ce165856bd6505a2ec647d">27532497</a> 683 </td> 684 <td></td> 685 <td><a href="#nexus_devices"> Nexus</a></td> 686 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 687 <td>2016 3 6</td> 688 </tr> 689 <tr> 690 <td>CVE-2016-2482</td> 691 <td><a href="https://android.googlesource.com/platform/hardware/qcom/media/+/46e305be6e670a5a0041b0b4861122a0f1aabefa">27661749</a> 692 </td> 693 <td></td> 694 <td><a href="#nexus_devices"> Nexus</a></td> 695 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 696 <td>2016 3 14</td> 697 </tr> 698 <tr> 699 <td>CVE-2016-2483</td> 700 <td><a href="https://android.googlesource.com/platform/hardware/qcom/media/+/89913d7df36dbeb458ce165856bd6505a2ec647d">27662502</a> 701 </td> 702 <td></td> 703 <td><a href="#nexus_devices"> Nexus</a></td> 704 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 705 <td>2016 3 14</td> 706 </tr> 707 <tr> 708 <td>CVE-2016-2484</td> 709 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/7cea5cb64b83d690fe02bc210bbdf08f5a87636f">27793163</a> 710 </td> 711 <td></td> 712 <td><a href="#nexus_devices"> Nexus</a></td> 713 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 714 <td>2016 3 22</td> 715 </tr> 716 <tr> 717 <td>CVE-2016-2485</td> 718 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/7cea5cb64b83d690fe02bc210bbdf08f5a87636f">27793367</a> 719 </td> 720 <td></td> 721 <td><a href="#nexus_devices"> Nexus</a></td> 722 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 723 <td>2016 3 22</td> 724 </tr> 725 <tr> 726 <td>CVE-2016-2486</td> 727 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/ad40e57890f81a3cf436c5f06da66396010bd9e5">27793371</a> 728 </td> 729 <td></td> 730 <td><a href="#nexus_devices"> Nexus</a></td> 731 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 732 <td>2016 3 22</td> 733 </tr> 734 <tr> 735 <td>CVE-2016-2487</td> 736 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/918eeaa29d99d257282fafec931b4bda0e3bae12">27833616</a> 737 [<a href="https://android.googlesource.com/platform/frameworks/av/+/d2f47191538837e796e2b10c1ff7e1ee35f6e0ab">2</a>] 738 [<a href="https://android.googlesource.com/platform/frameworks/av/+/4e32001e4196f39ddd0b86686ae0231c8f5ed944">3</a>] 739 </td> 740 <td></td> 741 <td><a href="#nexus_devices"> Nexus</a></td> 742 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 743 <td>Google </td> 744 </tr> 745 </table> 746 747 748 <h3 id="elevation_of_privilege_vulnerability_in_qualcomm_camera_driver"> 749 Qualcomm </h3> 750 751 752 <p>Qualcomm 753 754 . .</p> 755 <table> 756 <col width="19%"> 757 <col width="16%"> 758 <col width="10%"> 759 <col width="27%"> 760 <col width="16%"> 761 <tr> 762 <th>CVE</th> 763 <th>Android </th> 764 <th></th> 765 <th> Nexus </th> 766 <th> </th> 767 </tr> 768 <tr> 769 <td>CVE-2016-2061</td> 770 <td>27207747*</td> 771 <td></td> 772 <td>Nexus 5X, Nexus 6P</td> 773 <td>2016 2 15</td> 774 </tr> 775 <tr> 776 <td>CVE-2016-2488</td> 777 <td>27600832*</td> 778 <td></td> 779 <td>Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, Nexus 7(2013)</td> 780 <td>Google </td> 781 </tr> 782 </table> 783 <p> 784 * AOSP . <a href="https://developers.google.com/android/nexus/drivers">Google </a> 785 Nexus . 786 </p> 787 788 789 <h3 id="elevation_of_privilege_vulnerability_in_qualcomm_video_driver_2"> 790 Qualcomm </h3> 791 792 793 <p>Qualcomm 794 795 . .</p> 796 <table> 797 <col width="19%"> 798 <col width="16%"> 799 <col width="10%"> 800 <col width="27%"> 801 <col width="16%"> 802 <tr> 803 <th>CVE</th> 804 <th>Android </th> 805 <th></th> 806 <th> Nexus </th> 807 <th> </th> 808 </tr> 809 <tr> 810 <td>CVE-2016-2489</td> 811 <td>27407629*</td> 812 <td></td> 813 <td>Nexus 5, Nexus 5X, Nexus 6, Nexus 6P</td> 814 <td>2016 2 21</td> 815 </tr> 816 </table> 817 <p> 818 * AOSP . <a href="https://developers.google.com/android/nexus/drivers">Google </a> 819 Nexus . 820 </p> 821 822 823 <h3 id="elevation_of_privilege_vulnerability_in_nvidia_camera_driver"> 824 NVIDIA </h3> 825 826 827 <p>NVIDIA 828 829 . .</p> 830 <table> 831 <col width="19%"> 832 <col width="16%"> 833 <col width="10%"> 834 <col width="27%"> 835 <col width="16%"> 836 <tr> 837 <th>CVE</th> 838 <th>Android </th> 839 <th></th> 840 <th> Nexus </th> 841 <th> </th> 842 </tr> 843 <tr> 844 <td>CVE-2016-2490</td> 845 <td>27533373*</td> 846 <td></td> 847 <td>Nexus 9</td> 848 <td>2016 3 6</td> 849 </tr> 850 <tr> 851 <td>CVE-2016-2491</td> 852 <td>27556408*</td> 853 <td></td> 854 <td>Nexus 9</td> 855 <td>2016 3 8</td> 856 </tr> 857 </table> 858 <p> 859 * AOSP . <a href="https://developers.google.com/android/nexus/drivers">Google </a> 860 Nexus . 861 </p> 862 863 864 <h3 id="elevation_of_privilege_vulnerability_in_qualcomm_wi-fi_driver_2"> 865 Qualcomm Wi-Fi </h3> 866 867 868 <p>Qualcomm Wi-Fi 869 . .</p> 870 871 <table> 872 <col width="19%"> 873 <col width="16%"> 874 <col width="10%"> 875 <col width="27%"> 876 <col width="16%"> 877 <tr> 878 <th>CVE</th> 879 <th>Android </th> 880 <th></th> 881 <th> Nexus </th> 882 <th> </th> 883 </tr> 884 <tr> 885 <td>CVE-2016-2470</td> 886 <td>27662174*</td> 887 <td></td> 888 <td>Nexus 7(2013)</td> 889 <td>2016 3 13</td> 890 </tr> 891 <tr> 892 <td>CVE-2016-2471</td> 893 <td>27773913*</td> 894 <td></td> 895 <td>Nexus 7(2013)</td> 896 <td>2016 3 19</td> 897 </tr> 898 <tr> 899 <td>CVE-2016-2472</td> 900 <td>27776888*</td> 901 <td></td> 902 <td>Nexus 7(2013)</td> 903 <td>2016 3 20</td> 904 </tr> 905 <tr> 906 <td>CVE-2016-2473</td> 907 <td>27777501*</td> 908 <td></td> 909 <td>Nexus 7(2013)</td> 910 <td>2016 3 20</td> 911 </tr> 912 </table> 913 <p> 914 * AOSP . <a href="https://developers.google.com/android/nexus/drivers">Google </a> 915 Nexus . 916 </p> 917 918 919 <h3 id="elevation_of_privilege_vulnerability_in_mediatek_power_management_driver"> 920 MediaTek </h3> 921 922 923 <p>MediaTek 924 . .</p> 925 926 <table> 927 <col width="19%"> 928 <col width="16%"> 929 <col width="10%"> 930 <col width="27%"> 931 <col width="16%"> 932 <tr> 933 <th>CVE</th> 934 <th>Android </th> 935 <th></th> 936 <th> Nexus </th> 937 <th> </th> 938 </tr> 939 <tr> 940 <td>CVE-2016-2492</td> 941 <td>28085410*</td> 942 <td></td> 943 <td>Android One</td> 944 <td>2016 4 7</td> 945 </tr> 946 </table> 947 <p> 948 * AOSP . <a href="https://developers.google.com/android/nexus/drivers">Google </a> 949 Nexus . 950 </p> 951 952 953 <h3 id="elevation_of_privilege_vulnerability_in_sd_card_emulation_layer"> 954 SD </h3> 955 956 957 <p>SD . 958 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel"></a> 959 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> 960 .</p> 961 962 <table> 963 <col width="19%"> 964 <col width="16%"> 965 <col width="10%"> 966 <col width="19%"> 967 <col width="18%"> 968 <col width="16%"> 969 <tr> 970 <th>CVE</th> 971 <th>Android </th> 972 <th></th> 973 <th> Nexus </th> 974 <th> AOSP </th> 975 <th> </th> 976 </tr> 977 <tr> 978 <td>CVE-2016-2494</td> 979 <td><a href="https://android.googlesource.com/platform/system/core/+/864e2e22fcd0cba3f5e67680ccabd0302dfda45d">28085658</a> 980 </td> 981 <td></td> 982 <td><a href="#nexus_devices"> Nexus</a></td> 983 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 984 <td>2016 4 7</td> 985 </tr> 986 </table> 987 988 989 <h3 id="elevation_of_privilege_vulnerability_in_broadcom_wi-fi_driver_2"> 990 Broadcom Wi-Fi </h3> 991 992 993 <p>Broadcom Wi-Fi 994 995 . .</p> 996 <table> 997 <col width="19%"> 998 <col width="16%"> 999 <col width="10%"> 1000 <col width="27%"> 1001 <col width="16%"> 1002 <tr> 1003 <th>CVE</th> 1004 <th>Android </th> 1005 <th></th> 1006 <th> Nexus </th> 1007 <th> </th> 1008 </tr> 1009 <tr> 1010 <td>CVE-2016-2493</td> 1011 <td>26571522*</td> 1012 <td></td> 1013 <td>Nexus 5, Nexus 6, Nexus 6P, Nexus 7 (2013), Nexus Player, Pixel C</td> 1014 <td>Google </td> 1015 </tr> 1016 </table> 1017 <p> 1018 * AOSP . <a href="https://developers.google.com/android/nexus/drivers">Google </a> 1019 Nexus . 1020 </p> 1021 1022 <h3 id="remote_denial_of_service_vulnerability_in_mediaserver"> 1023 </h3> 1024 1025 1026 <p> 1027 . 1028 .</p> 1029 <table> 1030 <col width="19%"> 1031 <col width="16%"> 1032 <col width="10%"> 1033 <col width="19%"> 1034 <col width="18%"> 1035 <col width="16%"> 1036 <tr> 1037 <th>CVE</th> 1038 <th>Android </th> 1039 <th></th> 1040 <th> Nexus </th> 1041 <th> AOSP </th> 1042 <th> </th> 1043 </tr> 1044 <tr> 1045 <td>CVE-2016-2495</td> 1046 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/45737cb776625f17384540523674761e6313e6d4">28076789</a> 1047 [<a href="https://android.googlesource.com/platform/frameworks/av/+/b57b3967b1a42dd505dbe4fcf1e1d810e3ae3777">2</a>] 1048 </td> 1049 <td></td> 1050 <td><a href="#nexus_devices"> Nexus</a></td> 1051 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 1052 <td>2016 4 6</td> 1053 </tr> 1054 </table> 1055 1056 <h3 id="elevation_of_privilege_vulnerability_in_framework_ui"> 1057 UI </h3> 1058 1059 1060 <p> UI . '<a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel"></a>' .</p> 1061 <table> 1062 <col width="19%"> 1063 <col width="16%"> 1064 <col width="10%"> 1065 <col width="19%"> 1066 <col width="18%"> 1067 <col width="16%"> 1068 <tr> 1069 <th>CVE</th> 1070 <th>Android </th> 1071 <th></th> 1072 <th> Nexus </th> 1073 <th> AOSP </th> 1074 <th> </th> 1075 </tr> 1076 <tr> 1077 <td>CVE-2016-2496</td> 1078 <td><a href="https://android.googlesource.com/platform/frameworks/native/+/03a53d1c7765eeb3af0bc34c3dff02ada1953fbf">26677796</a> 1079 [<a href="https://android.googlesource.com/platform/frameworks/base/+/613f63b938145bb86cd64fe0752eaf5e99b5f628">2</a>] 1080 [<a href="https://android.googlesource.com/platform/packages/apps/PackageInstaller/+/2068c7997265011ddc5e4dfa3418407881f7f81e">3</a>] 1081 </td> 1082 <td></td> 1083 <td><a href="#nexus_devices"> Nexus</a></td> 1084 <td>6.0, 6.1</td> 1085 <td>2015 5 26</td> 1086 </tr> 1087 </table> 1088 1089 <h3 id="information_disclosure_vulnerability_in_qualcomm_wi-fi_driver"> 1090 Qualcomm Wi-Fi </h3> 1091 1092 1093 <p>Qualcomm Wi-Fi . 1094 .</p> 1095 <table> 1096 <col width="19%"> 1097 <col width="16%"> 1098 <col width="10%"> 1099 <col width="27%"> 1100 <col width="16%"> 1101 <tr> 1102 <th>CVE</th> 1103 <th>Android </th> 1104 <th></th> 1105 <th> Nexus </th> 1106 <th> </th> 1107 </tr> 1108 <tr> 1109 <td>CVE-2016-2498</td> 1110 <td>27777162*</td> 1111 <td></td> 1112 <td>Nexus 7(2013)</td> 1113 <td>2016 3 20</td> 1114 </tr> 1115 </table> 1116 <p> 1117 * AOSP . <a href="https://developers.google.com/android/nexus/drivers">Google </a> 1118 Nexus . 1119 </p> 1120 1121 1122 <h3 id="information_disclosure_vulnerability_in_mediaserver"> 1123 </h3> 1124 1125 1126 <p> 1127 . .</p> 1128 <table> 1129 <col width="19%"> 1130 <col width="16%"> 1131 <col width="10%"> 1132 <col width="19%"> 1133 <col width="18%"> 1134 <col width="16%"> 1135 <tr> 1136 <th>CVE</th> 1137 <th>Android </th> 1138 <th></th> 1139 <th> Nexus </th> 1140 <th> AOSP </th> 1141 <th> </th> 1142 </tr> 1143 <tr> 1144 <td>CVE-2016-2499</td> 1145 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/dd3546765710ce8dd49eb23901d90345dec8282f">27855172</a> 1146 </td> 1147 <td></td> 1148 <td><a href="#nexus_devices"> Nexus</a></td> 1149 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 1150 <td>2016 3 24</td> 1151 </tr> 1152 </table> 1153 1154 1155 <h3 id="information_disclosure_vulnerability_in_activity_manager"> 1156 </h3> 1157 1158 1159 <p> . .</p> 1160 <table> 1161 <col width="19%"> 1162 <col width="16%"> 1163 <col width="10%"> 1164 <col width="19%"> 1165 <col width="18%"> 1166 <col width="16%"> 1167 <tr> 1168 <th>CVE</th> 1169 <th>Android </th> 1170 <th></th> 1171 <th> Nexus </th> 1172 <th> AOSP </th> 1173 <th> </th> 1174 </tr> 1175 <tr> 1176 <td>CVE-2016-2500</td> 1177 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/9878bb99b77c3681f0fda116e2964bac26f349c3">19285814</a> 1178 </td> 1179 <td></td> 1180 <td><a href="#nexus_devices"> Nexus</a></td> 1181 <td>5.0.2, 5.1.1, 6.0, 6.0.1</td> 1182 <td>Google </td> 1183 </tr> 1184 </table> 1185 1186 1187 <h2 id="common_questions_and_answers"> </h2> 1188 1189 1190 <p> .</p> 1191 1192 <p><strong>1. ?</strong></p> 1193 1194 <p>2016 6 1 ( <a href="https://support.google.com/nexus/answer/4457705">Nexus </a> 1195 ). 1196 . 1197 [ro.build.version.security_patch]:[2016-06-01]</p> 1198 1199 <p id="nexus_devices"><strong>2. Nexus ?</strong></p> 1200 1201 <p><a href="#security_vulnerability_summary"> </a> 1202 Nexus 1203 Nexus . .</p> 1204 1205 <ul> 1206 <li> <strong> Nexus </strong>: Nexus 1207 <em> Nexus </em> ' Nexus' . ' Nexus' 1208 <a href="https://support.google.com/nexus/answer/4457705#nexus_devices"> 1209 </a> . Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, Nexus 7(2013), 1210 Nexus 9, Android One, Nexus Player, Pixel C</li> 1211 <li> <strong> Nexus </strong>: Nexus 1212 , Nexus 1213 <em> Nexus </em> .</li> 1214 <li> <strong>Nexus </strong>: Nexus 1215 <em> Nexus </em> '' .</li> 1216 </ul> 1217 1218 <h2 id="revisions"></h2> 1219 1220 1221 <ul> 1222 <li> 2016 6 6: </li> 1223 <li>2016 6 7: 1224 <ul> 1225 <li> AOSP 1226 <li>CVE-2016-2496 1227 </li></li></ul> 1228 </li> 1229 <li>2016 6 8: CVE-2016-2496 </li> 1230 </ul> 1231 1232 </body> 1233 </html> 1234
