1 <html devsite> 2 <head> 3 <title> Nexus 2015.</title> 4 <meta name="project_path" value="/_project.yaml" /> 5 <meta name="book_path" value="/_book.yaml" /> 6 </head> 7 <body> 8 <!-- 9 Copyright 2017 The Android Open Source Project 10 11 Licensed under the Apache License, Version 2.0 (the "License"); 12 you may not use this file except in compliance with the License. 13 You may obtain a copy of the License at 14 15 http://www.apache.org/licenses/LICENSE-2.0 16 17 Unless required by applicable law or agreed to in writing, software 18 distributed under the License is distributed on an "AS IS" BASIS, 19 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 20 See the License for the specific language governing permissions and 21 limitations under the License. 22 --> 23 24 25 26 <p> 27 <em> 28 9 2015 29 </em> 30 </p> 31 <p> 32 Android 33 Nexus 34 ( LMY48M). , , 35 Android Open Source Project (AOSP). 36 37 . 38 </p> 39 <p> 40 Nexus 41 <a href="https://developers.google.com/android/nexus/images"> 42 43 </a> 44 . 45 46 LMY48M . 47 13 2015 . 48 </p> 49 <p> 50 , CVE-2015-3636, . 51 52 <a href="http://source.android.com/security/bulletin/2015-09-01.html#mitigations"> 53 54 </a> 55 , 56 <a href="http://source.android.com/security/enhancements/index.html"> 57 58 </a> 59 , SafetyNet, 60 Android. 61 </p> 62 <p> 63 , , 64 (CVE-2015-3864 CVE-2015-3686), . 65 . 66 . 67 </p> 68 <h2 id="security_vulnerability_summary" style="margin-bottom:0px"> 69 70 </h2> 71 <hr/> 72 <p> 73 , (CVE) 74 . 75 <a href="http://source.android.com/security/overview/updates-resources.html#severity"> 76 77 </a> 78 , 79 , 80 . 81 </p> 82 <table> 83 <tbody> 84 <tr> 85 <th> 86 87 </th> 88 <th> 89 CVE 90 </th> 91 <th> 92 93 </th> 94 </tr> 95 <tr> 96 <td> 97 mediaserver 98 </td> 99 <td> 100 CVE-2015-3864 101 </td> 102 <td> 103 104 </td> 105 </tr> 106 <tr> 107 <td> 108 109 </td> 110 <td> 111 CVE-2015-3636 112 </td> 113 <td> 114 115 </td> 116 </tr> 117 <tr> 118 <td> 119 Binder 120 </td> 121 <td> 122 CVE-2015-3845 123 <br/> 124 CVE-2015-1528 125 </td> 126 <td> 127 128 </td> 129 </tr> 130 <tr> 131 <td> 132 Keystore 133 </td> 134 <td> 135 CVE-2015-3863 136 </td> 137 <td> 138 139 </td> 140 </tr> 141 <tr> 142 <td> 143 Region 144 </td> 145 <td> 146 CVE-2015-3849 147 </td> 148 <td> 149 150 </td> 151 </tr> 152 <tr> 153 <td> 154 SMS 155 </td> 156 <td> 157 CVE-2015-3858 158 </td> 159 <td> 160 161 </td> 162 </tr> 163 <tr> 164 <td> 165 166 </td> 167 <td> 168 CVE-2015-3860 169 </td> 170 <td> 171 172 </td> 173 </tr> 174 <tr> 175 <td> 176 mediaserver 177 </td> 178 <td> 179 CVE-2015-3861 180 </td> 181 <td> 182 183 </td> 184 </tr> 185 </tbody> 186 </table> 187 <h2 id="mitigations" style="margin-bottom:0px"> 188 189 </h2> 190 <hr/> 191 <p> 192 , 193 <a href="http://source.android.com/security/enhancements"> 194 195 </a> 196 , 197 SafetyNet, Android. 198 </p> 199 <ul> 200 <li> 201 Android, 202 . 203 </li> 204 <li> 205 , Android, 206 SafetyNet. 207 . Google Play . 208 , 209 , " " . 210 - 211 . , 212 , , 213 . , 214 . 215 </li> 216 <li> 217 Google Hangouts Messenger 218 , mediaserver, . 219 </li> 220 </ul> 221 <h2 id="acknowledgements" style="margin-bottom:0px"> 222 223 </h2> 224 <hr/> 225 <p> 226 , : 227 </p> 228 <ul> 229 <li> 230 (@jgrusko) Exodus Intelligence: CVE-2015-3864. 231 </li> 232 <li> 233 : CVE-2015-3845. 234 </li> 235 <li> 236 (@oldfresher) Qihoo 360 Technology Co. Ltd: CVE-2015-1528. 237 </li> 238 <li> 239 : CVE-2015-3863. 240 </li> 241 <li> 242 jgor (@indiecom): CVE-2015-3860. 243 </li> 244 <li> 245 (@wish_wu) Trend Micro Inc.: CVE-2015-3861. 246 </li> 247 </ul> 248 <h2 id="security_vulnerability_details" style="margin-bottom:0px"> 249 250 </h2> 251 <hr/> 252 <p> 253 254 <a href="http://source.android.com/security/bulletin/2015-09-01.html#security_vulnerability_summary"> 255 256 </a> 257 : , , CVE, 258 , , 259 . 260 , AOSP, 261 , 262 . 263 </p> 264 <h3 id="remote_code_execution_vulnerability_in_mediaserver"> 265 mediaserver 266 </h3> 267 <p> 268 269 mediaserver, 270 271 mediaserver. 272 </p> 273 <p> 274 . 275 , MMS- 276 , . 277 </p> 278 <p> 279 - 280 mediaserver. - 281 , , . 282 </p> 283 <p> 284 CVE-2015-3824 (ANDROID 285 -20923261). 286 287 . 288 </p> 289 <table> 290 <tbody> 291 <tr> 292 <th> 293 CVE 294 </th> 295 <th> 296 AOSP 297 </th> 298 <th> 299 300 </th> 301 <th> 302 303 </th> 304 </tr> 305 <tr> 306 <td> 307 CVE-2015-3864 308 </td> 309 <td> 310 <a href="https://android.googlesource.com/platform/frameworks/av/+/6fe85f7e15203e48df2cc3e8e1c4bc6ad49dc968"> 311 ANDROID-23034759 312 </a> 313 </td> 314 <td> 315 316 </td> 317 <td> 318 5.1 319 </td> 320 </tr> 321 </tbody> 322 </table> 323 <h3 id="elevation_privilege_vulnerability_in_kernel"> 324 325 </h3> 326 <p> 327 - Linux. 328 329 . 330 </p> 331 <p> 332 - 333 . 334 (.. 335 ) . 336 </p> 337 <p> 338 1 2015. 339 -, 340 . 341 </p> 342 <table> 343 <tbody> 344 <tr> 345 <th> 346 CVE 347 </th> 348 <th> 349 AOSP 350 </th> 351 <th> 352 353 </th> 354 <th> 355 356 </th> 357 </tr> 358 <tr> 359 <td> 360 CVE-2015-3636 361 </td> 362 <td> 363 <a href="https://github.com/torvalds/linux/commit/a134f083e79f"> 364 ANDROID-20770158 365 </a> 366 </td> 367 <td> 368 369 </td> 370 <td> 371 5.1 372 </td> 373 </tr> 374 </tbody> 375 </table> 376 <h3 id="elevation_of_privilege_vulnerability_in_binder"> 377 Binder 378 </h3> 379 <p> 380 Binder 381 . 382 </p> 383 <p> 384 , 385 , . 386 </p> 387 <table> 388 <tbody> 389 <tr> 390 <th> 391 CVE 392 </th> 393 <th> 394 AOSP 395 </th> 396 <th> 397 398 </th> 399 <th> 400 401 </th> 402 </tr> 403 <tr> 404 <td> 405 CVE-2015-3845 406 </td> 407 <td> 408 <a href="https://android.googlesource.com/platform/frameworks/native/+/e68cbc3e9e66df4231e70efa3e9c41abc12aea20"> 409 ANDROID-17312693 410 </a> 411 </td> 412 <td> 413 414 </td> 415 <td> 416 5.1 417 </td> 418 </tr> 419 <tr> 420 <td> 421 CVE-2015-1528 422 </td> 423 <td> 424 <a href="https://android.googlesource.com/platform/frameworks/native/+/7dcd0ec9c91688cfa3f679804ba6e132f9811254"> 425 ANDROID-19334482 426 </a> 427 [ 428 <a href="https://android.googlesource.com/platform/system/core/+/e8c62fb484151f76ab88b1d5130f38de24ac8c14"> 429 2 430 </a> 431 ] 432 </td> 433 <td> 434 435 </td> 436 <td> 437 5.1 438 </td> 439 </tr> 440 </tbody> 441 </table> 442 <h3 id="elevation_of_privilege_vulnerability_in_keystore"> 443 Keystore 444 </h3> 445 <p> 446 Keystore 447 . 448 Keystore ( ). 449 </p> 450 <p> 451 , 452 , . 453 </p> 454 <table> 455 <tbody> 456 <tr> 457 <th> 458 CVE 459 </th> 460 <th> 461 AOSP 462 </th> 463 <th> 464 465 </th> 466 <th> 467 468 </th> 469 </tr> 470 <tr> 471 <td> 472 CVE-2015-3863 473 </td> 474 <td> 475 <a href="https://android.googlesource.com/platform/system/security/+/bb9f4392c2f1b11be3acdc1737828274ff1ec55b"> 476 ANDROID-22802399 477 </a> 478 </td> 479 <td> 480 481 </td> 482 <td> 483 5.1 484 </td> 485 </tr> 486 </tbody> 487 </table> 488 <h3 id="elevation_of_privilege_vulnerability_in_region"> 489 Region 490 </h3> 491 <p> 492 Region 493 , . 494 </p> 495 <p> 496 , 497 , . 498 </p> 499 <table> 500 <tbody> 501 <tr> 502 <th> 503 CVE 504 </th> 505 <th> 506 AOSP 507 </th> 508 <th> 509 510 </th> 511 <th> 512 513 </th> 514 </tr> 515 <tr> 516 <td> 517 CVE-2015-3849 518 </td> 519 <td> 520 <a href="https://android.googlesource.com/platform/frameworks/base/+/4cff1f49ff95d990d6c2614da5d5a23d02145885"> 521 ANDROID-20883006 522 </a> 523 [ 524 <a href="https://android.googlesource.com/platform/frameworks/base/+/1e72dc7a3074cd0b44d89afbf39bbf5000ef7cc3"> 525 2 526 </a> 527 ] 528 </td> 529 <td> 530 531 </td> 532 <td> 533 5.1 534 </td> 535 </tr> 536 </tbody> 537 </table> 538 <h3 id="elevation_of_privilege_vulnerability_in_sms_enables_notification_bypass"> 539 SMS 540 </h3> 541 <p> 542 SMS 543 . 544 </p> 545 <p> 546 , 547 , . 548 </p> 549 <table> 550 <tbody> 551 <tr> 552 <th> 553 CVE 554 </th> 555 <th> 556 AOSP 557 </th> 558 <th> 559 560 </th> 561 <th> 562 563 </th> 564 </tr> 565 <tr> 566 <td> 567 CVE-2015-3858 568 </td> 569 <td> 570 <a href="https://android.googlesource.com/platform/frameworks/opt/telephony/+/df31d37d285dde9911b699837c351aed2320b586"> 571 ANDROID-22314646 572 </a> 573 </td> 574 <td> 575 576 </td> 577 <td> 578 5.1 579 </td> 580 </tr> 581 </tbody> 582 </table> 583 <h3 id="elevation_of_privilege_vulnerability_in_lockscreen"> 584 585 </h3> 586 <p> 587 , 588 . Android5.0 5.1. Android4.4 589 , 590 , 591 . 592 </p> 593 <p> 594 , 595 , , 596 ( 597 ). , 598 , SMS , 599 dangerous (). 600 </p> 601 <table> 602 <tbody> 603 <tr> 604 <th> 605 CVE 606 </th> 607 <th> 608 AOSP 609 </th> 610 <th> 611 612 </th> 613 <th> 614 615 </th> 616 </tr> 617 <tr> 618 <td> 619 CVE-2015-3860 620 </td> 621 <td> 622 <a href="https://android.googlesource.com/platform/frameworks/base/+/8fba7e6931245a17215e0e740e78b45f6b66d590"> 623 ANDROID-22214934 624 </a> 625 </td> 626 <td> 627 628 </td> 629 <td> 630 5.1 5.0 631 </td> 632 </tr> 633 </tbody> 634 </table> 635 <h3 id="denial_of_service_vulnerability_in_mediaserver"> 636 mediaserver 637 </h3> 638 <p> 639 mediaserver 640 . 641 </p> 642 <p> 643 , 644 , . 645 , , mediaserver 646 ( MMS). 647 mediaserver, , . 648 </p> 649 <table> 650 <tbody> 651 <tr> 652 <th> 653 CVE 654 </th> 655 <th> 656 AOSP 657 </th> 658 <th> 659 660 </th> 661 <th> 662 663 </th> 664 </tr> 665 <tr> 666 <td> 667 CVE-2015-3861 668 </td> 669 <td> 670 <a href="https://android.googlesource.com/platform/frameworks/av/+/304ef91624e12661e7e35c2c0c235da84a73e9c0"> 671 ANDROID-21296336 672 </a> 673 </td> 674 <td> 675 676 </td> 677 <td> 678 5.1 679 </td> 680 </tr> 681 </tbody> 682 </table> 683 </div> 684 <div class="content-footer-sac" itemscope="" itemtype="http://schema.org/SiteNavigationElement"> 685 <div class="layout-content-col col-9" style="padding-top:4px"> 686 </div> 687 <div class="paging-links layout-content-col col-4"> 688 </div> 689 </div> 690 </div> 691 692 </body> 693 </html> 694
