1 <html devsite> 2 <head> 3 <title> Nexus 2016.</title> 4 <meta name="project_path" value="/_project.yaml" /> 5 <meta name="book_path" value="/_book.yaml" /> 6 </head> 7 <body> 8 <!-- 9 Copyright 2017 The Android Open Source Project 10 11 Licensed under the Apache License, Version 2.0 (the "License"); 12 you may not use this file except in compliance with the License. 13 You may obtain a copy of the License at 14 15 http://www.apache.org/licenses/LICENSE-2.0 16 17 Unless required by applicable law or agreed to in writing, software 18 distributed under the License is distributed on an "AS IS" BASIS, 19 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 20 See the License for the specific language governing permissions and 21 limitations under the License. 22 --> 23 24 25 26 <p> 27 Android 28 Nexus 29 30 Nexus 31 <a href="https://developers.google.com/android/nexus/images"> 32 33 </a> 34 . 35 LMY49F 36 , Android6.0 1 2016 37 . 38 <a href="http://source.android.com/security/bulletin/2016-01-01.html#common_questions_and_answers"> 39 40 </a> 41 </p> 42 <p> 43 44 7 2015 . 45 Android Open Source Project (AOSP). 46 </p> 47 <p> 48 49 (, 50 , 51 MMS). 52 </p> 53 <p> 54 . 55 <a href="http://source.android.com/security/bulletin/2016-01-01.html#mitigations"> 56 57 </a> 58 , 59 <a href="https://source.android.com/security/enhancements/"> 60 61 </a> 62 , 63 SafetyNet, Android. 64 . 65 </p> 66 <h2 id="security_vulnerability_summary" style="margin-bottom:0px"> 67 68 </h2> 69 <hr/> 70 <p> 71 , (CVE) 72 . 73 <a href="https://source.android.com/security/overview/updates-resources.html#severity"> 74 75 </a> 76 , 77 , 78 . 79 </p> 80 <table> 81 <tbody> 82 <tr> 83 <th> 84 85 </th> 86 <th> 87 CVE 88 </th> 89 <th> 90 91 </th> 92 </tr> 93 <tr> 94 <td> 95 mediaserver 96 </td> 97 <td> 98 CVE-2015-6636 99 </td> 100 <td> 101 102 </td> 103 </tr> 104 <tr> 105 <td> 106 misc-sd 107 </td> 108 <td> 109 CVE-2015-6637 110 </td> 111 <td> 112 113 </td> 114 </tr> 115 <tr> 116 <td> 117 Imagination Technologies 118 </td> 119 <td> 120 CVE-2015-6638 121 </td> 122 <td> 123 124 </td> 125 </tr> 126 <tr> 127 <td> 128 Trustzone 129 </td> 130 <td> 131 CVE-2015-6639<br /> 132 CVE-2015-6647 133 </td> 134 <td> 135 136 </td> 137 </tr> 138 <tr> 139 <td> 140 141 </td> 142 <td> 143 CVE-2015-6640 144 </td> 145 <td> 146 147 </td> 148 </tr> 149 <tr> 150 <td> 151 Bluetooth 152 </td> 153 <td> 154 CVE-2015-6641 155 </td> 156 <td> 157 158 </td> 159 </tr> 160 <tr> 161 <td> 162 163 </td> 164 <td> 165 CVE-2015-6642 166 </td> 167 <td> 168 169 </td> 170 </tr> 171 <tr> 172 <td> 173 174 </td> 175 <td> 176 CVE-2015-6643 177 </td> 178 <td> 179 180 </td> 181 </tr> 182 <tr> 183 <td> 184 Wi-Fi 185 </td> 186 <td> 187 CVE-2015-5310 188 </td> 189 <td> 190 191 </td> 192 </tr> 193 <tr> 194 <td> 195 Bouncy Castle 196 </td> 197 <td> 198 CVE-2015-6644 199 </td> 200 <td> 201 202 </td> 203 </tr> 204 <tr> 205 <td> 206 SyncManager 207 </td> 208 <td> 209 CVE-2015-6645 210 </td> 211 <td> 212 213 </td> 214 </tr> 215 <tr> 216 <td> 217 Nexus 218 </td> 219 <td> 220 CVE-2015-6646 221 </td> 222 <td> 223 224 </td> 225 </tr> 226 </tbody> 227 </table> 228 <h2 id="mitigations" style="margin-bottom:0px"> 229 230 </h2> 231 <hr/> 232 <p> 233 , 234 <a href="https://source.android.com/security/enhancements/index.html"> 235 236 </a> 237 , 238 SafetyNet, Android. 239 </p> 240 <ul> 241 <li> 242 Android, 243 . 244 </li> 245 <li> 246 , Android, 247 SafetyNet. 248 . Google Play . 249 , 250 , " " . 251 - 252 . , 253 , , 254 . , 255 . 256 </li> 257 <li> 258 Google Hangouts Messenger 259 , mediaserver, . 260 </li> 261 </ul> 262 <h2 id="acknowledgements" style="margin-bottom:0px"> 263 264 </h2> 265 <hr/> 266 <p> 267 , : 268 </p> 269 <ul> 270 <li> 271 , 272 Google Chrome: CVE-2015-6636. 273 </li> 274 <li> 275 ( 276 <a href="https://twitter.com/@nforest_"> @nforest_ </a> 277 ) jfang KEEN lab, Tencent ( 278 <a href="https://twitter.com/k33nteam"> @K33nTeam </a> 279 ): 280 CVE-2015-6637. 281 </li> 282 <li> 283 Android Bionic Team: CVE-2015-6640. 284 </li> 285 <li> 286 GoogleX: CVE-2015-6641. 287 </li> 288 <li> 289 ( 290 <a href="https://thejh.net/"> 291 https://thejh.net 292 </a> 293 ): CVE-2015-6642. 294 </li> 295 <li> 296 (PGP ID EFC895FA): CVE-2015-5310. 297 </li> 298 <li> 299 Google : CVE-2015-6644. 300 </li> 301 <li> 302 ( 303 <a href="https://twitter.com/@laginimaineb"> @laginimaineb </a> 304 , 305 <a href="http://bits-please.blogspot.com/"> 306 http://bits-please.blogspot.com 307 </a> 308 ): 309 CVE-2015-6639. 310 </li> 311 </ul> 312 <h2 id="security_vulnerability_details" style="margin-bottom:0px"> 313 314 </h2> 315 <hr/> 316 <p> 317 318 <a href="http://source.android.com/security/bulletin/2016-01-01.html#security_vulnerability_summary"> 319 320 </a> 321 : , , CVE, 322 , , , 323 . 324 , 325 AOSP, , 326 . 327 </p> 328 <h3 id="remote_code_execution_vulnerability_in_mediaserver"> 329 mediaserver 330 </h3> 331 <p> 332 333 mediaserver, 334 335 mediaserver. 336 </p> 337 <p> 338 . 339 , MMS- 340 , . 341 </p> 342 <p> 343 - 344 mediaserver. - 345 , , . 346 </p> 347 <table> 348 <tbody> 349 <tr> 350 <th> 351 CVE 352 </th> 353 <th> 354 AOSP 355 </th> 356 <th> 357 358 </th> 359 <th> 360 , 361 </th> 362 <th> 363 364 </th> 365 </tr> 366 <tr> 367 <td rowspan="2"> 368 CVE-2015-6636 369 </td> 370 <td> 371 <a href="https://android.googlesource.com/platform%2Fexternal%2Flibhevc/+/b9f7c2c45c6fe770b7daffb9a4e61522d1f12d51#"> 372 ANDROID-25070493 373 </a> 374 </td> 375 <td> 376 377 </td> 378 <td> 379 5.0, 5.1.1, 6.0, 6.0.1 380 </td> 381 <td> 382 Google 383 </td> 384 </tr> 385 <tr> 386 <td> 387 <a href="https://android.googlesource.com/platform%2Fexternal%2Flibhevc/+/e8bfec1fa41eafa1fd8e05d0fdc53ea0f2379518"> 388 ANDROID-24686670 389 </a> 390 </td> 391 <td> 392 393 </td> 394 <td> 395 5.0, 5.1.1, 6.0, 6.0.1 396 </td> 397 <td> 398 Google 399 </td> 400 </tr> 401 </tbody> 402 </table> 403 <h3 id="elevation_of_privilege_vulnerability_in_misc-sd_driver"> 404 misc-sd 405 </h3> 406 <p> 407 misc-sd MediaTek. 408 . 409 , - 410 . . 411 </p> 412 <table> 413 <tbody> 414 <tr> 415 <th> 416 CVE 417 </th> 418 <th> 419 420 </th> 421 <th> 422 423 </th> 424 <th> 425 , 426 </th> 427 <th> 428 429 </th> 430 </tr> 431 <tr> 432 <td> 433 CVE-2015-6637 434 </td> 435 <td> 436 ANDROID-25307013* 437 </td> 438 <td> 439 440 </td> 441 <td> 442 4.4.4, 5.0, 5.1.1, 6.0, 6.0.1 443 </td> 444 <td> 445 26 2015. 446 </td> 447 </tr> 448 </tbody> 449 </table> 450 <p> 451 * AOSP. 452 Nexus, 453 454 <a href="https://developers.google.com/android/nexus/drivers"> 455 456 </a> 457 . 458 </p> 459 <h3 id="elevation_of_privilege_vulnerability_in_the_imagination_technologies_driver"> 460 Imagination Technologies 461 </h3> 462 <p> 463 Imagination Technologies. 464 465 . , 466 - . 467 . 468 </p> 469 <table> 470 <tbody> 471 <tr> 472 <th> 473 CVE 474 </th> 475 <th> 476 477 </th> 478 <th> 479 480 </th> 481 <th> 482 , 483 </th> 484 <th> 485 486 </th> 487 </tr> 488 <tr> 489 <td> 490 CVE-2015-6638 491 </td> 492 <td> 493 ANDROID-24673908* 494 </td> 495 <td> 496 497 </td> 498 <td> 499 5.0, 5.1.1, 6.0, 6.0.1 500 </td> 501 <td> 502 Google 503 </td> 504 </tr> 505 </tbody> 506 </table> 507 <p> 508 * AOSP. 509 Nexus, 510 511 <a href="https://developers.google.com/android/nexus/drivers"> 512 513 </a> 514 . 515 </p> 516 <h3 id="elevation_of_privilege_vulnerabilities_in_trustzone"> 517 Trustzone 518 </h3> 519 <p> 520 Widevine QSEE TrustZone. 521 522 QSEECOM 523 Trustzone. , 524 - . 525 . 526 </p> 527 <table> 528 <tbody> 529 <tr> 530 <th> 531 CVE 532 </th> 533 <th> 534 535 </th> 536 <th> 537 538 </th> 539 <th> 540 , 541 </th> 542 <th> 543 544 </th> 545 </tr> 546 <tr> 547 <td> 548 CVE-2015-6639 549 </td> 550 <td> 551 ANDROID-24446875* 552 </td> 553 <td> 554 555 </td> 556 <td> 557 5.0, 5.1.1, 6.0, 6.0.1 558 </td> 559 <td> 560 23 2015. 561 </td> 562 </tr> 563 <tr> 564 <td> 565 CVE-2015-6647 566 </td> 567 <td> 568 ANDROID-24441554* 569 </td> 570 <td> 571 572 </td> 573 <td> 574 5.0, 5.1.1, 6.0, 6.0.1 575 </td> 576 <td> 577 27 2015. 578 </td> 579 </tr> 580 </tbody> 581 </table> 582 <p> 583 * AOSP. 584 Nexus, 585 586 <a href="https://developers.google.com/android/nexus/drivers"> 587 588 </a> 589 . 590 </p> 591 <h3 id="elevation_of_privilege_vulnerability_in_kernel"> 592 593 </h3> 594 <p> 595 596 . , 597 - . 598 . 599 </p> 600 <table> 601 <tbody> 602 <tr> 603 <th> 604 CVE 605 </th> 606 <th> 607 AOSP 608 </th> 609 <th> 610 611 </th> 612 <th> 613 , 614 </th> 615 <th> 616 617 </th> 618 </tr> 619 <tr> 620 <td> 621 CVE-2015-6640 622 </td> 623 <td> 624 <a href="https://android.googlesource.com/kernel%2Fcommon/+/69bfe2d957d903521d32324190c2754cb073be15"> 625 ANDROID-20017123 626 </a> 627 </td> 628 <td> 629 630 </td> 631 <td> 632 4.4.4, 5.0, 5.1.1, 6.0 633 </td> 634 <td> 635 Google 636 </td> 637 </tr> 638 </tbody> 639 </table> 640 <h3 id="elevation_of_privilege_vulnerability_in_bluetooth"> 641 Bluetooth 642 </h3> 643 <p> 644 Bluetooth. 645 , 646 Bluetooth. , 647 648 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel"> 649 dangerous 650 </a> 651 (). 652 . 653 </p> 654 <table> 655 <tbody> 656 <tr> 657 <th> 658 CVE 659 </th> 660 <th> 661 AOSP 662 </th> 663 <th> 664 665 </th> 666 <th> 667 , 668 </th> 669 <th> 670 671 </th> 672 </tr> 673 <tr> 674 <td> 675 CVE-2015-6641 676 </td> 677 <td> 678 <a href="https://android.googlesource.com/platform%2Fpackages%2Fapps%2FSettings/+/98f11fd1a4752beed56b5fe7a4097ec0ae0c74b3"> 679 ANDROID-23607427 680 </a> 681 [ 682 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fbase/+/ccbe7383e63d7d23bac6bccc8e4094fe474645ec"> 683 2 684 </a> 685 ] 686 </td> 687 <td> 688 689 </td> 690 <td> 691 6.0, 6.0.1 692 </td> 693 <td> 694 Google 695 </td> 696 </tr> 697 </tbody> 698 </table> 699 <h3 id="information_disclosure_vulnerability_in_kernel"> 700 701 </h3> 702 <p> 703 , 704 , . 705 , 706 , (, 707 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel"> 708 Signature 709 </a> 710 711 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel"> 712 SignatureOrSystem 713 </a> 714 ). 715 </p> 716 <table> 717 <tbody> 718 <tr> 719 <th> 720 CVE 721 </th> 722 <th> 723 724 </th> 725 <th> 726 727 </th> 728 <th> 729 , 730 </th> 731 <th> 732 733 </th> 734 </tr> 735 <tr> 736 <td> 737 CVE-2015-6642 738 </td> 739 <td> 740 ANDROID-24157888* 741 </td> 742 <td> 743 744 </td> 745 <td> 746 4.4.4, 5.0, 5.1.1, 6.0 747 </td> 748 <td> 749 12 2015. 750 </td> 751 </tr> 752 </tbody> 753 </table> 754 <p> 755 * AOSP. 756 Nexus, 757 758 <a href="https://developers.google.com/android/nexus/drivers"> 759 760 </a> 761 . 762 </p> 763 <h3 id="elevation_of_privilege_vulnerability_in_setup_wizard"> 764 765 </h3> 766 <p> 767 , 768 , . 769 , . 770 </p> 771 <table> 772 <tbody> 773 <tr> 774 <th> 775 CVE 776 </th> 777 <th> 778 AOSP 779 </th> 780 <th> 781 782 </th> 783 <th> 784 , 785 </th> 786 <th> 787 788 </th> 789 </tr> 790 <tr> 791 <td> 792 CVE-2015-6643 793 </td> 794 <td> 795 <a href="https://android.googlesource.com/platform/packages/apps/Settings/+/665ac7bc29396fd5af2ecfdfda2b9de7a507daa0"> 796 ANDROID-25290269 797 </a> 798 [ 799 <a href="https://android.googlesource.com/platform/packages/apps/Settings/+/a7ff2e955d2509ed28deeef984347e093794f92b"> 800 2 801 </a> 802 ] 803 </td> 804 <td> 805 806 </td> 807 <td> 808 5.1.1, 6.0, 6.0.1 809 </td> 810 <td> 811 Google 812 </td> 813 </tr> 814 </tbody> 815 </table> 816 <h3 id="elevation_of_privilege_vulnerability_in_wi-fi"> 817 Wi-Fi 818 </h3> 819 <p> 820 Wi-Fi , 821 , Wi-Fi. 822 , 823 824 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel"> 825 normal 826 </a> 827 (). 828 . 829 </p> 830 <table> 831 <tbody> 832 <tr> 833 <th> 834 CVE 835 </th> 836 <th> 837 AOSP 838 </th> 839 <th> 840 841 </th> 842 <th> 843 , 844 </th> 845 <th> 846 847 </th> 848 </tr> 849 <tr> 850 <td> 851 CVE-2015-5310 852 </td> 853 <td> 854 <a href="https://android.googlesource.com/platform%2Fexternal%2Fwpa_supplicant_8/+/1e9857b5f1dd84ac5a0ada0150b1b9c87d44d99d"> 855 ANDROID-25266660 856 </a> 857 </td> 858 <td> 859 860 </td> 861 <td> 862 4.4.4, 5.0, 5.1.1, 6.0, 6.0.1 863 </td> 864 <td> 865 25 2015. 866 </td> 867 </tr> 868 </tbody> 869 </table> 870 <h3 id="information_disclosure_vulnerability_in_bouncy_castle"> 871 Bouncy Castle 872 </h3> 873 <p> 874 Bouncy Castle 875 . 876 , 877 878 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel"> 879 dangerous 880 </a> 881 (). 882 </p> 883 <table> 884 <tbody> 885 <tr> 886 <th> 887 CVE 888 </th> 889 <th> 890 AOSP 891 </th> 892 <th> 893 894 </th> 895 <th> 896 , 897 </th> 898 <th> 899 900 </th> 901 </tr> 902 <tr> 903 <td> 904 CVE-2015-6644 905 </td> 906 <td> 907 <a href="https://android.googlesource.com/platform/external/bouncycastle/+/3e128c5fea3a0ca2d372aa09c4fd4bb0eadfbd3f"> 908 ANDROID-24106146 909 </a> 910 </td> 911 <td> 912 913 </td> 914 <td> 915 4.4.4, 5.0, 5.1.1, 6.0, 6.0.1 916 </td> 917 <td> 918 Google 919 </td> 920 </tr> 921 </tbody> 922 </table> 923 <h3 id="denial_of_service_vulnerability_in_syncmanager"> 924 SyncManager 925 </h3> 926 <p> 927 SyncManager 928 . 929 , - . 930 . 931 </p> 932 <table> 933 <tbody> 934 <tr> 935 <th> 936 CVE 937 </th> 938 <th> 939 AOSP 940 </th> 941 <th> 942 943 </th> 944 <th> 945 , 946 </th> 947 <th> 948 949 </th> 950 </tr> 951 <tr> 952 <td> 953 CVE-2015-6645 954 </td> 955 <td> 956 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fbase/+/c0f39c1ece72a05c796f7ba30b7a2b5b580d5025"> 957 ANDROID-23591205 958 </a> 959 </td> 960 <td> 961 962 </td> 963 <td> 964 4.4.4, 5.0, 5.1.1, 6.0 965 </td> 966 <td> 967 Google 968 </td> 969 </tr> 970 </tbody> 971 </table> 972 <h3 id="attack_surface_reduction_for_nexus_kernels"> 973 Nexus 974 </h3> 975 <p> 976 SysV IPC Android. 977 , , 978 . , 979 Android: 980 , 981 . , CVE-2015-7613. 982 </p> 983 <table> 984 <tbody> 985 <tr> 986 <th> 987 CVE 988 </th> 989 <th> 990 991 </th> 992 <th> 993 994 </th> 995 <th> 996 , 997 </th> 998 <th> 999 1000 </th> 1001 </tr> 1002 <tr> 1003 <td> 1004 CVE-2015-6646 1005 </td> 1006 <td> 1007 ANDROID-22300191* 1008 </td> 1009 <td> 1010 1011 </td> 1012 <td> 1013 6.0 1014 </td> 1015 <td> 1016 Google 1017 </td> 1018 </tr> 1019 </tbody> 1020 </table> 1021 <p> 1022 * AOSP. 1023 Nexus, 1024 1025 <a href="https://developers.google.com/android/nexus/drivers"> 1026 1027 </a> 1028 . 1029 </p> 1030 <h3 id="common_questions_and_answers"> 1031 1032 </h3> 1033 <p> 1034 , 1035 . 1036 </p> 1037 <p> 1038 <strong> 1039 1. , , ? 1040 </strong> 1041 </p> 1042 <p> 1043 LMY49F 1044 , Android6.0 1 2016 1045 . , 1046 , 1047 <a href="https://support.google.com/nexus/answer/4457705"> 1048 Nexus 1049 </a> 1050 . 1051 , , 1052 [ro.build.version.security_patch]:[2016-01-01]. 1053 </p> 1054 <h2 id="revisions" style="margin-bottom:0px"> 1055 1056 </h2> 1057 <hr/> 1058 <ul> 1059 <li> 1060 4 2016. . 1061 </li> 1062 <li> 1063 6 2016. AOSP. 1064 </li> 1065 </ul> 1066 1067 </body> 1068 </html> 1069
