1 <html devsite> 2 <head> 3 <title> Nexus 2016.</title> 4 <meta name="project_path" value="/_project.yaml" /> 5 <meta name="book_path" value="/_book.yaml" /> 6 </head> 7 <body> 8 <!-- 9 Copyright 2017 The Android Open Source Project 10 11 Licensed under the Apache License, Version 2.0 (the "License"); 12 you may not use this file except in compliance with the License. 13 You may obtain a copy of the License at 14 15 http://www.apache.org/licenses/LICENSE-2.0 16 17 Unless required by applicable law or agreed to in writing, software 18 distributed under the License is distributed on an "AS IS" BASIS, 19 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 20 See the License for the specific language governing permissions and 21 limitations under the License. 22 --> 23 24 25 26 <p><em> 72016. | 8 2016.</em></p> 27 28 <p> Android 29 Nexus 30 31 Nexus <a href="https://developers.google.com/android/nexus/images"> </a>. 32 33 LMY49H , 34 AndroidM 1 2016 . , 35 36 , <a href="https://support.google.com/nexus/answer/4457705"> Nexus</a>.</p> 37 38 <p> 1 2016 . 39 40 Android Open Source Project (AOSP) 48. 41 AOSP .</p> 42 43 <p> 44 (, 45 , 46 MMS).</p> 47 48 <p> . <a href="#mitigations"> </a> 49 , <a href="/security/enhancements/index.html"> </a> , 50 SafetyNet, Android. 51 .</p> 52 53 <h2 id="security_vulnerability_summary"> </h2> 54 55 <p> , (CVE) 56 . <a href="/security/overview/updates-resources.html#severity"></a> , 57 , 58 .</p> 59 <table> 60 <tr> 61 <th></th> 62 <th>CVE</th> 63 <th> </th> 64 </tr> 65 <tr> 66 <td> mediaserver </td> 67 <td>CVE-2016-0815<br> 68 CVE-2016-0816</td> 69 <td></td> 70 </tr> 71 <tr> 72 <td> libvpx</td> 73 <td>CVE-2016-1621</td> 74 <td></td> 75 </tr> 76 <tr> 77 <td> Conscrypt</td> 78 <td>CVE-2016-0818</td> 79 <td></td> 80 </tr> 81 <tr> 82 <td> <br> 83 Qualcomm</td> 84 <td>CVE-2016-0819</td> 85 <td></td> 86 </tr> 87 <tr> 88 <td> Wi-Fi- MediaTek</td> 89 <td>CVE-2016-0820</td> 90 <td></td> 91 </tr> 92 <tr> 93 <td> Keyring</td> 94 <td>CVE-2016-0728</td> 95 <td></td> 96 </tr> 97 <tr> 98 <td> </td> 99 <td>CVE-2016-0821</td> 100 <td></td> 101 </tr> 102 <tr> 103 <td> MediaTek </td> 104 <td>CVE-2016-0822</td> 105 <td></td> 106 </tr> 107 <tr> 108 <td> </td> 109 <td>CVE-2016-0823</td> 110 <td></td> 111 </tr> 112 <tr> 113 <td> libstagefright</td> 114 <td>CVE-2016-0824</td> 115 <td></td> 116 </tr> 117 <tr> 118 <td> Widevine</td> 119 <td>CVE-2016-0825</td> 120 <td></td> 121 </tr> 122 <tr> 123 <td> mediaserver</td> 124 <td>CVE-2016-0826<br> 125 CVE-2016-0827</td> 126 <td></td> 127 </tr> 128 <tr> 129 <td> mediaserver</td> 130 <td>CVE-2016-0828<br> 131 CVE-2016-0829</td> 132 <td></td> 133 </tr> 134 <tr> 135 <td> Bluetooth</td> 136 <td>CVE-2016-0830</td> 137 <td></td> 138 </tr> 139 <tr> 140 <td> </td> 141 <td>CVE-2016-0831</td> 142 <td></td> 143 </tr> 144 <tr> 145 <td> </td> 146 <td>CVE-2016-0832</td> 147 <td></td> 148 </tr> 149 </table> 150 151 152 <h3 id="mitigations"> </h3> 153 154 155 <p> , <a href="/security/enhancements/index.html"> </a> , 156 SafetyNet, Android.</p> 157 158 <ul> 159 <li> Android, 160 . 161 <li> , Android, 162 SafetyNet. 163 . Google Play . 164 , 165 , " " . 166 - 167 . , 168 , , 169 . , 170 . 171 <li> Google Hangouts Messenger 172 , mediaserver, . 173 </li></li></li></ul> 174 175 <h3 id="acknowledgements"></h3> 176 177 178 <p> , :</p> 179 180 <ul> 181 <li> , 182 Google Chrome: CVE-2016-0815 183 <li> (<a href="https://twitter.com/anestisb">@anestisb</a>) CENSUS S.A.: CVE-2016-0816, CVE-2016-0824 184 <li> Android: CVE-2016-0818 185 <li> Google Project Zero: CVE-2016-0820 186 <li> (<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>), (<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>) <a href="http://c0reteam.org">C0RE Team</a>, <a href="http://www.360safe.com">Qihoo 360</a>: CVE-2016-0826 187 <li> (<a href="https://twitter.com/heisecode">@heisecode</a>) Trend Micro: CVE-2016-0827, CVE-2016-0828, CVE-2016-0829 188 <li> (<a href="mailto:sbauer (a] eng.utah.edu">sbauer (a] eng.utah.edu</a>, <a href="mailto:sbauer (a] plzdonthack.me">sbauer (a] plzdonthack.me</a>): CVE-2016-0822 189 <li> (<a href="https://twitter.com/@wish_wu">@wish_wu</a>) Trend Micro Inc.: CVE-2016-0819 190 <li> Huawei: CVE-2016-0831 191 <li> : CVE-2016-0831 192 <li> (<a href="https://twitter.com/@ebeip90">@ebeip90</a>) Android: CVE-2016-0821 193 </li></li></li></li></li></li></li></li></li></li></li></ul> 194 195 <h2 id="security_vulnerability_details"> </h2> 196 197 198 <p> <a href="#security_vulnerability_summary"> </a> 199 : , , CVE, 200 , , 201 . 202 , AOSP, 203 , 204 .</p> 205 206 <h3 id="remote_code_execution_vulnerability_in_mediaserver"> mediaserver</h3> 207 208 209 <p> 210 mediaserver, 211 mediaserver.</p> 212 213 <p> . 214 , MMS- 215 , .</p> 216 217 <p> - 218 mediaserver. - 219 , , .</p> 220 <table> 221 <tr> 222 <th>CVE</th> 223 <th> AOSP</th> 224 <th> </th> 225 <th>, </th> 226 <th> </th> 227 </tr> 228 <tr> 229 <td>CVE-2016-0815</td> 230 <td><a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/5403587a74aee2fb57076528c3927851531c8afb">ANDROID-26365349</a> 231 </td> 232 <td></td> 233 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 234 <td> Google</td> 235 </tr> 236 <tr> 237 <td>CVE-2016-0816</td> 238 <td><a href="https://android.googlesource.com/platform/external/libavc/+/4a524d3a8ae9aa20c36430008e6bd429443f8f1d">ANDROID-25928803</a> 239 </td> 240 <td></td> 241 <td>6.0, 6.0.1</td> 242 <td> Google</td> 243 </tr> 244 </table> 245 246 247 <h3 id="remote_code_execution_vulnerabilities_in_libvpx"> libvpx</h3> 248 249 250 <p> 251 mediaserver, 252 253 mediaserver.</p> 254 255 <p> . 256 , MMS- 257 , .</p> 258 259 <p> - 260 mediaserver. - 261 , , .</p> 262 <table> 263 <tr> 264 <th>CVE</th> 265 <th> AOSP</th> 266 <th> </th> 267 <th>, </th> 268 <th> </th> 269 </tr> 270 <tr> 271 <td>CVE-2016-1621</td> 272 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/5a6788730acfc6fd8f4a6ef89d2c376572a26b55">ANDROID-23452792</a> 273 <a href="https://android.googlesource.com/platform/external/libvpx/+/04839626ed859623901ebd3a5fd483982186b59d">[2]</a> 274 <a href="https://android.googlesource.com/platform/external/libvpx/+/5a9753fca56f0eeb9f61e342b2fccffc364f9426">[3]</a> 275 </td> 276 <td></td> 277 <td>4.4.4, 5.0.2, 5.1.1, 6.0</td> 278 <td> Google</td> 279 </tr> 280 </table> 281 282 283 <h3 id="elevation_of_privilege_in_conscrypt"> Conscrypt</h3> 284 285 <p> Conscrypt 286 , , 287 . " ". 288 - 289 .</p> 290 291 <table> 292 <tr> 293 <th>CVE</th> 294 <th> AOSP</th> 295 <th> </th> 296 <th>, </th> 297 <th> </th> 298 </tr> 299 <tr> 300 <td>CVE-2016-0818</td> 301 <td><a href="https://android.googlesource.com/platform/external/conscrypt/+/c4ab1b959280413fb11bf4fd7f6b4c2ba38bd779">ANDROID-26232830</a> 302 <a href="https://android.googlesource.com/platform/external/conscrypt/+/4c9f9c2201116acf790fca25af43995d29980ee0">[2]</a> 303 </td> 304 <td></td> 305 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 306 <td> Google</td> 307 </tr> 308 </table> 309 310 311 <h3 id="elevation_of_privilege_vulnerability_in_the_qualcomm_performance_component"> Qualcomm</h3> 312 313 314 <p> 315 . , - 316 . 317 .</p> 318 <table> 319 <tr> 320 <th>CVE</th> 321 <th></th> 322 <th> </th> 323 <th>, </th> 324 <th> </th> 325 </tr> 326 <tr> 327 <td>CVE-2016-0819</td> 328 <td>ANDROID-25364034*</td> 329 <td></td> 330 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 331 <td>29 2015.</td> 332 </tr> 333 </table> 334 335 336 <p>* AOSP. 337 Nexus, 338 <a href="https://developers.google.com/android/nexus/drivers"> </a>.</p> 339 340 <h3 id="elevation_of_privilege_vulnerability_in_mediatek_wi-fi_kernel_driver"> Wi-Fi- MediaTek</h3> 341 342 343 <p> 344 . - 345 .</p> 346 <table> 347 <tr> 348 <th>CVE</th> 349 <th></th> 350 <th> </th> 351 <th>, </th> 352 <th> </th> 353 </tr> 354 <tr> 355 <td>CVE-2016-0820</td> 356 <td>ANDROID-26267358*</td> 357 <td></td> 358 <td>6.0.1</td> 359 <td>18 2015.</td> 360 </tr> 361 </table> 362 363 364 <p>* AOSP. 365 Nexus, 366 <a href="https://developers.google.com/android/nexus/drivers"> </a>.</p> 367 368 <h3 id="elevation_of_privilege_vulnerability_in_kernel_keyring_component"> Keyring</h3> 369 370 371 <p> 372 . , - 373 . 374 . Android5.0 SELinux 375 .</p> 376 377 <p><strong>.</strong> AOSP : 378 <a href="https://android.googlesource.com/kernel/common/+/8a8431507f8f5910db5ac85b72dbdc4ed8f6b308">4.1</a> 379 <a href="https://android.googlesource.com/kernel/common/+/ba8bb5774ca7b1acc314c98638cf678ce0beb19a">3.18</a> 380 <a href="https://android.googlesource.com/kernel/common/+/93faf7ad3d603c33b33e49318e81cf00f3a24a73">3.14</a> 381 <a href="https://android.googlesource.com/kernel/common/+/9fc5f368bb89b65b591c4f800dfbcc7432e49de5">3.10</a></p> 382 <table> 383 <tr> 384 <th>CVE</th> 385 <th></th> 386 <th> </th> 387 <th>, </th> 388 <th> </th> 389 </tr> 390 <tr> 391 <td>CVE-2016-0728</td> 392 <td>ANDROID-26636379 </td> 393 <td></td> 394 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1 </td> 395 <td>11 2016.</td> 396 </tr> 397 </table> 398 399 400 <h3 id="mitigation_bypass_vulnerability_in_the_kernel"> </h3> 401 402 403 <p> , 404 . .</p> 405 406 <p><strong>.</strong> 407 <a href="https://github.com/torvalds/linux/commit/a134f083e79f"> Linux</a>.</p> 408 409 <table> 410 <tr> 411 <th>CVE</th> 412 <th></th> 413 <th> </th> 414 <th>, </th> 415 <th> </th> 416 </tr> 417 <tr> 418 <td>CVE-2016-0821</td> 419 <td>ANDROID-26186802</td> 420 <td></td> 421 <td>6.0.1</td> 422 <td> Google</td> 423 </tr> 424 </table> 425 426 427 <h3 id="elevation_of_privilege_in_mediatek_connectivity_kernel_driver"> MediaTek </h3> 428 429 430 <p> MediaTek . 431 432 . , 433 , 434 conn_launcher, . 435 </p> 436 <table> 437 <tr> 438 <th>CVE</th> 439 <th></th> 440 <th> </th> 441 <th>, </th> 442 <th> </th> 443 </tr> 444 <tr> 445 <td>CVE-2016-0822</td> 446 <td>ANDROID-25873324*</td> 447 <td></td> 448 <td>6.0.1</td> 449 <td>24 2015.</td> 450 </tr> 451 </table> 452 453 454 <p>* AOSP. 455 Nexus, 456 <a href="https://developers.google.com/android/nexus/drivers"> </a>.</p> 457 458 <h3 id="information_disclosure_vulnerability_in_kernel"> </h3> 459 460 461 <p> , 462 , . 463 - , ASLR, 464 .</p> 465 466 <p><strong>.</strong> 467 <a href="https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ab676b7d6fbf4b294bf198fb27ade5b0e865c7ce"> Linux</a>.</p> 468 <table> 469 <tr> 470 <th>CVE</th> 471 <th></th> 472 <th> </th> 473 <th>, </th> 474 <th> </th> 475 </tr> 476 <tr> 477 <td>CVE-2016-0823</td> 478 <td>ANDROID-25739721*</td> 479 <td></td> 480 <td>6.0.1</td> 481 <td> Google</td> 482 </tr> 483 </table> 484 <p>* AOSP. 485 Nexus, 486 <a href="https://developers.google.com/android/nexus/drivers"> </a>.</p> 487 488 <h3 id="information_disclosure_vulnerability_in_libstagefright"> libstagefright</h3> 489 490 491 <p> , , 492 . 493 , 494 , (, <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> 495 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a>).</p> 496 <table> 497 <tr> 498 <th>CVE</th> 499 <th> AOSP</th> 500 <th> </th> 501 <th>, </th> 502 <th> </th> 503 </tr> 504 <tr> 505 <td>CVE-2016-0824</td> 506 <td><a href="https://android.googlesource.com/platform/external/libmpeg2/+/ffab15eb80630dc799eb410855c93525b75233c3">ANDROID-25765591</a> 507 </td> 508 <td></td> 509 <td>6.0, 6.0.1</td> 510 <td>18 2015.</td> 511 </tr> 512 </table> 513 514 515 <h3 id="information_disclosure_vulnerability_in_widevine"> Widevine</h3> 516 517 518 <p> Widevine Trusted Application , 519 , TrustZone. 520 , 521 , 522 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> 523 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a>.</p> 524 <table> 525 <tr> 526 <th>CVE</th> 527 <th></th> 528 <th> </th> 529 <th>, </th> 530 <th> </th> 531 </tr> 532 <tr> 533 <td>CVE-2016-0825</td> 534 <td>ANDROID-20860039*</td> 535 <td></td> 536 <td>6.0.1</td> 537 <td> Google</td> 538 </tr> 539 </table> 540 541 542 <p>* AOSP. 543 Nexus, 544 <a href="https://developers.google.com/android/nexus/drivers"> </a>.</p> 545 546 <h3 id="elevation_of_privilege_vulnerability_in_mediaserver"> mediaserver </h3> 547 548 549 <p> 550 551 . , 552 , 553 (, <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a>).</p> 554 <table> 555 <tr> 556 <th>CVE</th> 557 <th> AOSP</th> 558 <th> </th> 559 <th>, </th> 560 <th> </th> 561 </tr> 562 <tr> 563 <td>CVE-2016-0826</td> 564 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/c9ab2b0bb05a7e19fb057e79b36e232809d70122">ANDROID-26265403</a> 565 <a href="https://android.googlesource.com/platform/frameworks/av/+/899823966e78552bb6dfd7772403a4f91471d2b0">[2]</a> 566 </td> 567 <td></td> 568 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 569 <td>17 2015.</td> 570 </tr> 571 <tr> 572 <td>CVE-2016-0827</td> 573 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/9e29523b9537983b4c4b205ff868d0b3bca0383b">ANDROID-26347509</a></td> 574 <td></td> 575 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 576 <td>28 2015.</td> 577 </tr> 578 </table> 579 580 581 <h3 id="information_disclosure_vulnerability_in_mediaserver"> mediaserver </h3> 582 583 584 <p> , 585 , . 586 , 587 , (, 588 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a>).</p> 589 <table> 590 <tr> 591 <th>CVE</th> 592 <th> AOSP</th> 593 <th> </th> 594 <th>, </th> 595 <th> </th> 596 </tr> 597 <tr> 598 <td>CVE-2016-0828</td> 599 <td><a href="https://android.googlesource.com/platform/frameworks/native/+/dded8fdbb700d6cc498debc69a780915bc34d755">ANDROID-26338113</a> 600 </td> 601 <td></td> 602 <td>5.0.2, 5.1.1, 6.0, 6.0.1</td> 603 <td>27 2015.</td> 604 </tr> 605 <tr> 606 <td>CVE-2016-0829</td> 607 <td><a href="https://android.googlesource.com/platform/frameworks/native/+/d06421fd37fbb7fd07002e6738fac3a223cb1a62">ANDROID-26338109</a></td> 608 <td></td> 609 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 610 <td>27 2015.</td> 611 </tr> 612 </table> 613 614 615 <h3 id="remote_denial_of_service_vulnerability_in_bluetooth"> Bluetooth</h3> 616 617 618 <p> 619 . Bluetooth 620 , 621 . , 622 - . 623 .</p> 624 <table> 625 <tr> 626 <th>CVE</th> 627 <th> AOSP</th> 628 <th> </th> 629 <th>, </th> 630 <th> </th> 631 </tr> 632 <tr> 633 <td>CVE-2016-0830</td> 634 <td><a href="https://android.googlesource.com/platform/system/bt/+/d77f1999ecece56c1cbb333f4ddc26f0b5bac2c5">ANDROID-26071376</a></td> 635 <td></td> 636 <td>6.0, 6.0.1</td> 637 <td> Google</td> 638 </tr> 639 </table> 640 641 642 <h3 id="information_disclosure_vulnerability_in_telephony"> </h3> 643 644 645 <p> 646 . - 647 .</p> 648 <table> 649 <tr> 650 <th>CVE</th> 651 <th> AOSP</th> 652 <th> </th> 653 <th>, </th> 654 <th> </th> 655 </tr> 656 <tr> 657 <td>CVE-2016-0831</td> 658 <td><a href="https://android.googlesource.com/platform/frameworks/opt/telephony/+/79eecef63f3ea99688333c19e22813f54d4a31b1">ANDROID-25778215</a></td> 659 <td></td> 660 <td>5.0.2, 5.1.1, 6.0, 6.0.1</td> 661 <td>16 2015.</td> 662 </tr> 663 </table> 664 665 666 <h3 id="elevation_of_privilege_vulnerability_in_setup_wizard"> </h3> 667 668 669 <p> , 670 , 671 . , 672 .</p> 673 <table> 674 <tr> 675 <th>CVE</th> 676 <th></th> 677 <th> </th> 678 <th>, </th> 679 <th> </th> 680 </tr> 681 <tr> 682 <td>CVE-2016-0832</td> 683 <td>ANDROID-25955042*</td> 684 <td></td> 685 <td>5.1.1, 6.0, 6.0.1</td> 686 <td> Google</td> 687 </tr> 688 </table> 689 690 691 <p>* .</p> 692 693 <h2 id="common_questions_and_answers"> </h2> 694 695 696 <p> , 697 .</p> 698 699 <p><strong>1. , , ? </strong></p> 700 701 <p> LMY49H , 702 Android6.0 1 2016 . , 703 , 704 <a href="https://support.google.com/nexus/answer/4457705"> Nexus</a>. , 705 , 706 [ro.build.version.security_patch]:[2016-03-01].</p> 707 708 <h2 id="revisions"></h2> 709 710 711 <ul> 712 <li> 7 2016. . 713 <li> 8 2016. AOSP. 714 </li></li></ul> 715 716 </body> 717 </html> 718
