1 <html devsite> 2 <head> 3 <title> Android 2016.</title> 4 <meta name="project_path" value="/_project.yaml" /> 5 <meta name="book_path" value="/_book.yaml" /> 6 </head> 7 <body> 8 <!-- 9 Copyright 2017 The Android Open Source Project 10 11 Licensed under the Apache License, Version 2.0 (the "License"); 12 you may not use this file except in compliance with the License. 13 You may obtain a copy of the License at 14 15 http://www.apache.org/licenses/LICENSE-2.0 16 17 Unless required by applicable law or agreed to in writing, software 18 distributed under the License is distributed on an "AS IS" BASIS, 19 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 20 See the License for the specific language governing permissions and 21 limitations under the License. 22 --> 23 24 25 26 <p><em> 2 2016. | 4 2016.</em></p> 27 28 <p> 29 Android. 30 Nexus Nexus 31 <a href="https://developers.google.com/android/nexus/images"> </a>. 32 33 1 2016 . , 34 , <a href="https://support.google.com/nexus/answer/4457705"> Nexus</a>.</p> 35 36 <p> 4 2016 . 37 Android Open Source Project (AOSP).</p> 38 39 <p> 40 (, 41 , 42 MMS).</p> 43 44 <p> . <a href="#mitigations"> </a> 45 , <a href="/security/enhancements/index.html"> </a> , 46 SafetyNet, Android.</p> 47 48 <p> .</p> 49 50 <h2 id="announcements"></h2> 51 52 53 <ul> 54 <li> Nexus 55 Android. 56 , Android, 57 Nexus.</li> 58 <li> , 6, 59 <a href="/security/overview/updates-resources.html#severity"> </a> . 60 61 .</li> 62 </ul> 63 64 <h2 id="security_vulnerability_summary"> </h2> 65 66 67 <p> , (CVE) 68 , , Nexus. 69 70 <a href="/security/overview/updates-resources.html#severity"> </a> , 71 , 72 .</p> 73 <table> 74 <col width="55%"> 75 <col width="20%"> 76 <col width="13%"> 77 <col width="12%"> 78 <tr> 79 <th></th> 80 <th>CVE</th> 81 <th> </th> 82 <th> Nexus?</th> 83 </tr> 84 <tr> 85 <td> mediaserver</td> 86 <td>CVE-2016-2428<br> 87 CVE-2016-2429</td> 88 <td></td> 89 <td></td> 90 </tr> 91 <tr> 92 <td> Debuggerd</td> 93 <td>CVE-2016-2430</td> 94 <td></td> 95 <td></td> 96 </tr> 97 <tr> 98 <td> TrustZone Qualcomm </td> 99 <td>CVE-2016-2431<br> 100 CVE-2016-2432</td> 101 <td></td> 102 <td></td> 103 </tr> 104 <tr> 105 <td> Wi-Fi- Qualcomm</td> 106 <td>CVE-2015-0569<br> 107 CVE-2015-0570</td> 108 <td></td> 109 <td></td> 110 </tr> 111 <tr> 112 <td> NVIDIA </td> 113 <td>CVE-2016-2434<br> 114 CVE-2016-2435<br> 115 CVE-2016-2436<br> 116 CVE-2016-2437</td> 117 <td></td> 118 <td></td> 119 </tr> 120 <tr> 121 <td> </td> 122 <td>CVE-2015-1805</td> 123 <td></td> 124 <td></td> 125 </tr> 126 <tr> 127 <td> </td> 128 <td>CVE-2016-2438</td> 129 <td></td> 130 <td></td> 131 </tr> 132 <tr> 133 <td> Qualcomm</td> 134 <td>CVE-2016-2060</td> 135 <td></td> 136 <td></td> 137 </tr> 138 <tr> 139 <td> Bluetooth</td> 140 <td>CVE-2016-2439</td> 141 <td></td> 142 <td></td> 143 </tr> 144 <tr> 145 <td> Binder</td> 146 <td>CVE-2016-2440</td> 147 <td></td> 148 <td></td> 149 </tr> 150 <tr> 151 <td> Buspm- Qualcomm</td> 152 <td>CVE-2016-2441<br> 153 CVE-2016-2442</td> 154 <td></td> 155 <td></td> 156 </tr> 157 <tr> 158 <td> MDP- Qualcomm</td> 159 <td>CVE-2016-2443</td> 160 <td></td> 161 <td></td> 162 </tr> 163 <tr> 164 <td> Wi-Fi- Qualcomm</td> 165 <td>CVE-2015-0571</td> 166 <td></td> 167 <td></td> 168 </tr> 169 <tr> 170 <td> NVIDIA</td> 171 <td>CVE-2016-2444<br> 172 CVE-2016-2445<br> 173 CVE-2016-2446</td> 174 <td></td> 175 <td></td> 176 </tr> 177 <tr> 178 <td> Wi-Fi</td> 179 <td>CVE-2016-4477</td> 180 <td></td> 181 <td></td> 182 </tr> 183 <tr> 184 <td> mediaserver</td> 185 <td>CVE-2016-2448<br> 186 CVE-2016-2449<br> 187 CVE-2016-2450<br> 188 CVE-2016-2451<br> 189 CVE-2016-2452</td> 190 <td></td> 191 <td></td> 192 </tr> 193 <tr> 194 <td> Wi-Fi- MediaTek</td> 195 <td>CVE-2016-2453</td> 196 <td></td> 197 <td></td> 198 </tr> 199 <tr> 200 <td> Qualcomm</td> 201 <td>CVE-2016-2454</td> 202 <td></td> 203 <td></td> 204 </tr> 205 <tr> 206 <td> Conscrypt</td> 207 <td>CVE-2016-2461<br> 208 CVE-2016-2462</td> 209 <td></td> 210 <td></td> 211 </tr> 212 <tr> 213 <td> OpenSSL BoringSSL</td> 214 <td>CVE-2016-0705</td> 215 <td></td> 216 <td></td> 217 </tr> 218 <tr> 219 <td> Wi-Fi- MediaTek</td> 220 <td>CVE-2016-2456</td> 221 <td></td> 222 <td></td> 223 </tr> 224 <tr> 225 <td> Wi-Fi</td> 226 <td>CVE-2016-2457</td> 227 <td></td> 228 <td></td> 229 </tr> 230 <tr> 231 <td> AOSP </td> 232 <td>CVE-2016-2458</td> 233 <td></td> 234 <td></td> 235 </tr> 236 <tr> 237 <td> mediaserver</td> 238 <td>CVE-2016-2459<br> 239 CVE-2016-2460</td> 240 <td></td> 241 <td></td> 242 </tr> 243 <tr> 244 <td> </td> 245 <td>CVE-2016-0774</td> 246 <td></td> 247 <td></td> 248 </tr> 249 </table> 250 251 252 <h2 id="android_and_google_service_mitigations"> </h2> 253 254 255 <p> , <a href="/security/enhancements/index.html"> </a> , 256 SafetyNet, Android.</p> 257 258 <ul> 259 <li> Android, 260 261 .</li> 262 <li> , Android, 263 <a href="/security/reports/Google_Android_Security_2015_Report_Final.pdf"> SafetyNet</a>. 264 265 <a href="/security/reports/Google_Android_Security_PHA_classifications.pdf"> </a>. 266 <a href="http://www.android.com/gms"> Google</a>. 267 , 268 . Google Play , 269 . 270 , . 271 , , 272 , 273 . , 274 .</li> 275 <li> Google Hangouts Messenger 276 , mediaserver, .</li> 277 </ul> 278 279 <h2 id="acknowledgements"></h2> 280 281 282 <p> , :</p> 283 284 <ul> 285 <li> , 286 Google Chrome: CVE-2016-2454 287 <li> (<a href="https://twitter.com/ticarpi">@ticarpi</a>) 288 <a href="https://www.e2e-assure.com">e2e-assure</a>: CVE-2016-2457 289 <li> (<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>) 290 <a href="http://c0reteam.org">C0RE Team</a>: CVE-2016-2441, 291 CVE-2016-2442 292 <li> 293 (<a href="http://www.linkedin.com/in/dzima">www.linkedin.com/in/dzima</a>): CVE-2016-2458 294 <li> : CVE-2016-2431 295 <li> Vulpecker Team, Qihoo360 Technology Co. Ltd: CVE-2016-2456 296 <li> Mandiant, FireEye: CVE-2016-2060 297 <li> (<a href="https://twitter.com/jianqiangzhao">@jianqiangzhao</a>) 298 pjf (<a href="http://weibo.com/jfpan">weibo.com/jfpan</a>) IceSword Lab, 299 Qihoo360 Technology Co. Ltd: CVE-2016-2434, CVE-2016-2435, CVE-2016-2436, 300 CVE-2016-2441, CVE-2016-2442, CVE-2016-2444, CVE-2016-2445, CVE-2016-2446 301 <li> <a href="http://www.search-lab.hu">Search-Lab Ltd.</a>: CVE-2016-4477 302 <li> Google: CVE-2016-2461 303 <li> Google: CVE-2016-2462 304 <li> (<a href="https://twitter.com/marcograss">@marcograss</a>) KeenLab 305 (<a href="https://twitter.com/keen_lab">@keen_lab</a>), Tencent: CVE-2016-2443 306 <li> 307 (<a href="https://github.com/michalbednarski">https://github.com/michalbednarski</a>): CVE-2016-2440 308 <li> (<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>), 309 (<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>) 310 <a href="http://c0reteam.org">C0RE Team</a>: CVE-2016-2450, CVE-2016-2448, 311 CVE-2016-2449, CVE-2016-2451, CVE-2016-2452 312 <li> (<a href="https://twitter.com/heisecode">@heisecode</a>) Trend Micro: 313 CVE-2016-2459, CVE-2016-2460 314 <li> (<a href="https://twitter.com/sunblate">@sunblate</a>) Alibaba Inc.: 315 CVE-2016-2428, CVE-2016-2429 316 <li> <a href="mailto:computernik (a] gmail.com">- </a>, 317 <a href="mailto:zlbzlb815 (a] 163.com"> </a>, (<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>) 318 <a href="http://c0reteam.org">C0RE Team</a>: CVE-2016-2437 319 <li> () Baidu X-Lab: CVE-2016-2439 320 <li> (<a href="https://twitter.com/ebeip90">@ebeip90</a>) 321 Android: CVE-2016-2430 322 </li></li></li></li></li></li></li></li></li></li></li></li></li></li></li></li></li></li></li></ul> 323 324 <h2 id="security_vulnerability_details"> </h2> 325 326 327 <p> <a href="#security_vulnerability_summary"> </a> 328 : , , CVE, 329 , , Nexus AOSP 330 ( ) . 331 , 332 AOSP, , 333 .</p> 334 335 <h3 id="remote_code_execution_vulnerability_in_mediaserver"> 336 mediaserver</h3> 337 338 339 <p> 340 341 mediaserver.</p> 342 343 <p> . 344 , MMS- 345 , .</p> 346 347 <p> - 348 mediaserver. 349 - , , 350 .</p> 351 <table> 352 <col width="19%"> 353 <col width="16%"> 354 <col width="10%"> 355 <col width="19%"> 356 <col width="18%"> 357 <col width="16%"> 358 <tr> 359 <th>CVE</th> 360 <th> Android</th> 361 <th> </th> 362 <th> Nexus</th> 363 <th> AOSP</th> 364 <th> </th> 365 </tr> 366 <tr> 367 <td>CVE-2016-2428</td> 368 <td><a href="https://android.googlesource.com/platform/external/aac/+/5d4405f601fa11a8955fd7611532c982420e4206"> 369 26751339</a></td> 370 <td></td> 371 <td><a href="#nexus_devices"> </a></td> 372 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 373 <td>22 2016.</td> 374 </tr> 375 <tr> 376 <td>CVE-2016-2429</td> 377 <td><a href="https://android.googlesource.com/platform/external/flac/+/b499389da21d89d32deff500376c5ee4f8f0b04c"> 378 27211885</a></td> 379 <td></td> 380 <td><a href="#nexus_devices"> </a></td> 381 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 382 <td>16 2016.</td> 383 </tr> 384 </table> 385 386 387 <h3 id="elevation_of_privilege_vulnerability_in_debuggerd"> 388 Debuggerd</h3> 389 390 391 <p> 392 Android. , 393 - . , 394 .</p> 395 <table> 396 <col width="19%"> 397 <col width="16%"> 398 <col width="10%"> 399 <col width="19%"> 400 <col width="18%"> 401 <col width="16%"> 402 <tr> 403 <th>CVE</th> 404 <th> Android</th> 405 <th> </th> 406 <th> Nexus</th> 407 <th> AOSP</th> 408 <th> </th> 409 </tr> 410 <tr> 411 <td>CVE-2016-2430</td> 412 <td><a href="https://android.googlesource.com/platform/system/core/+/ad54cfed4516292654c997910839153264ae00a0"> 413 27299236</a></td> 414 <td></td> 415 <td><a href="#nexus_devices"> </a></td> 416 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 417 <td>22 2016.</td> 418 </tr> 419 </table> 420 421 422 <h3 id="elevation_of_privilege_vulnerability_in_qualcomm_trustzone"> 423 TrustZone Qualcomm </h3> 424 425 426 <p> 427 TrustZone. , 428 - . , 429 .</p> 430 <table> 431 <col width="19%"> 432 <col width="16%"> 433 <col width="10%"> 434 <col width="27%"> 435 <col width="16%"> 436 <tr> 437 <th>CVE</th> 438 <th> Android</th> 439 <th> </th> 440 <th> Nexus</th> 441 <th> </th> 442 </tr> 443 <tr> 444 <td>CVE-2016-2431</td> 445 <td>24968809*</td> 446 <td></td> 447 <td>Nexus5, Nexus6, Nexus7 (2013), AndroidOne</td> 448 <td>15 2015.</td> 449 </tr> 450 <tr> 451 <td>CVE-2016-2432</td> 452 <td>25913059*</td> 453 <td></td> 454 <td>Nexus6, AndroidOne</td> 455 <td>28 2015.</td> 456 </tr> 457 </table> 458 <p>* AOSP. 459 Nexus, 460 <a href="https://developers.google.com/android/nexus/drivers"> </a>.</p> 461 462 <h3 id="elevation_of_privilege_vulnerability_in_qualcomm_wi-fi_driver"> 463 Wi-Fi- Qualcomm</h3> 464 465 466 <p> 467 . 468 , - 469 . , 470 .</p> 471 <table> 472 <col width="19%"> 473 <col width="16%"> 474 <col width="10%"> 475 <col width="27%"> 476 <col width="16%"> 477 <tr> 478 <th>CVE</th> 479 <th> Android</th> 480 <th> </th> 481 <th> Nexus</th> 482 <th> </th> 483 </tr> 484 <tr> 485 <td>CVE-2015-0569</td> 486 <td>26754117*</td> 487 <td></td> 488 <td>Nexus5X, Nexus7 (2013)</td> 489 <td>23 2016.</td> 490 </tr> 491 <tr> 492 <td>CVE-2015-0570</td> 493 <td>26764809*</td> 494 <td></td> 495 <td>Nexus5X, Nexus7 (2013)</td> 496 <td>25 2016.</td> 497 </tr> 498 </table> 499 <p>* AOSP. 500 Nexus, 501 <a href="https://developers.google.com/android/nexus/drivers"> </a>.</p> 502 503 <h3 id="elevation_of_privilege_vulnerability_in_nvidia_video_driver"> 504 NVIDIA</h3> 505 506 507 <p> 508 . , 509 - . , 510 .</p> 511 <table> 512 <col width="19%"> 513 <col width="16%"> 514 <col width="10%"> 515 <col width="27%"> 516 <col width="16%"> 517 <tr> 518 <th>CVE</th> 519 <th> Android</th> 520 <th> </th> 521 <th> Nexus</th> 522 <th> </th> 523 </tr> 524 <tr> 525 <td>CVE-2016-2434</td> 526 <td>27251090*</td> 527 <td></td> 528 <td>Nexus9</td> 529 <td>17 2016.</td> 530 </tr> 531 <tr> 532 <td>CVE-2016-2435</td> 533 <td>27297988*</td> 534 <td></td> 535 <td>Nexus9</td> 536 <td>20 2016.</td> 537 </tr> 538 <tr> 539 <td>CVE-2016-2436</td> 540 <td>27299111*</td> 541 <td></td> 542 <td>Nexus9</td> 543 <td>22 2016.</td> 544 </tr> 545 <tr> 546 <td>CVE-2016-2437</td> 547 <td>27436822*</td> 548 <td></td> 549 <td>Nexus9</td> 550 <td>1 2016.</td> 551 </tr> 552 </table> 553 <p>* AOSP. 554 Nexus, 555 <a href="https://developers.google.com/android/nexus/drivers"> </a>.</p> 556 557 <h3 id="elevation_of_privilege_vulnerability_in_kernel"> 558 </h3> 559 560 561 <p> 562 . 563 , - 564 . , 565 . 566 <a href="/security/advisory/2016-03-18.html"> Android</a> 18 2016.</p> 567 <table> 568 <col width="19%"> 569 <col width="16%"> 570 <col width="10%"> 571 <col width="27%"> 572 <col width="16%"> 573 <tr> 574 <th>CVE</th> 575 <th> Android</th> 576 <th> </th> 577 <th> Nexus</th> 578 <th> </th> 579 </tr> 580 <tr> 581 <td>CVE-2015-1805</td> 582 <td>27275324*</td> 583 <td></td> 584 <td>Nexus5, Nexus5X, Nexus6, Nexus6P, Nexus7 (2013), Nexus9</td> 585 <td>19 2016.</td> 586 </tr> 587 </table> 588 <p>* AOSP : 589 <a href="https://android.googlesource.com/kernel/common/+/bf010e99c9bc48002f6bfa1ad801a59bf996270f">3.14</a> 590 <a href="https://android.googlesource.com/kernel/common/+/4a5a45669796c5b4617109182e25b321f9f00beb">3.10</a> 591 <a href="https://android.googlesource.com/kernel/common/+/f7ebfe91b806501808413c8473a300dff58ddbb5">3.4</a></p> 592 593 <h3 id="remote_code_execution_vulnerability_in_kernel"> 594 </h3> 595 596 597 <p> 598 . , 599 , 600 , , 601 .</p> 602 <table> 603 <col width="19%"> 604 <col width="16%"> 605 <col width="10%"> 606 <col width="27%"> 607 <col width="16%"> 608 <tr> 609 <th>CVE</th> 610 <th> Android</th> 611 <th> </th> 612 <th> Nexus</th> 613 <th> </th> 614 </tr> 615 <tr> 616 <td>CVE-2016-2438</td> 617 <td>26636060*</td> 618 <td></td> 619 <td>Nexus9 </td> 620 <td> Google</td> 621 </tr> 622 </table> 623 <p>* <a href="https://github.com/torvalds/linux/commit/b5a663aa426f4884c71cd8580adae73f33570f0d"> Linux</a>.</p> 624 625 <h3 id="information_disclosure_vulnerability_in_qualcomm_tethering_controller"> 626 Qualcomm</h3> 627 628 629 <p> 630 , . 631 , 632 , 633 (, <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a>).</p> 634 <table> 635 <col width="19%"> 636 <col width="16%"> 637 <col width="10%"> 638 <col width="27%"> 639 <col width="16%"> 640 <tr> 641 <th>CVE</th> 642 <th> Android</th> 643 <th> </th> 644 <th> Nexus</th> 645 <th> </th> 646 </tr> 647 <tr> 648 <td>CVE-2016-2060</td> 649 <td>27942588*</td> 650 <td></td> 651 <td></td> 652 <td>23 2016.</td> 653 </tr> 654 </table> 655 <p>* AOSP. 656 , .</p> 657 658 <h3 id="remote_code_execution_vulnerability_in_bluetooth"> 659 Bluetooth</h3> 660 661 662 <p> 663 Bluetooth. - 664 .</p> 665 <table> 666 <col width="19%"> 667 <col width="16%"> 668 <col width="10%"> 669 <col width="19%"> 670 <col width="18%"> 671 <col width="16%"> 672 <tr> 673 <th>CVE</th> 674 <th> Android</th> 675 <th> </th> 676 <th> Nexus</th> 677 <th> AOSP</th> 678 <th> </th> 679 </tr> 680 <tr> 681 <td>CVE-2016-2439</td> 682 <td><a href="https://android.googlesource.com/platform/system/bt/+/9b534de2aca5d790c2a1c4d76b545f16137d95dd"> 683 27411268</a></td> 684 <td></td> 685 <td><a href="#nexus_devices"> </a></td> 686 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 687 <td>28 2016.</td> 688 </tr> 689 </table> 690 691 692 <h3 id="elevation_of_privilege_vulnerability_in_binder"> 693 Binder</h3> 694 695 696 <p> 697 ( ). - 698 .</p> 699 <table> 700 <col width="19%"> 701 <col width="16%"> 702 <col width="10%"> 703 <col width="19%"> 704 <col width="18%"> 705 <col width="16%"> 706 <tr> 707 <th>CVE</th> 708 <th> Android</th> 709 <th> </th> 710 <th> Nexus</th> 711 <th> AOSP</th> 712 <th> </th> 713 </tr> 714 <tr> 715 <td>CVE-2016-2440</td> 716 <td><a href="https://android.googlesource.com/platform/frameworks/native/+/a59b827869a2ea04022dd225007f29af8d61837a"> 717 27252896</a></td> 718 <td></td> 719 <td><a href="#nexus_devices"> </a></td> 720 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 721 <td>18 2016.</td> 722 </tr> 723 </table> 724 725 726 <h3 id="elevation_of_privilege_vulnerability_in_qualcomm_buspm_driver"> 727 Buspm- Qualcomm</h3> 728 729 730 <p> 731 . , 732 , 733 , , .</p> 734 <table> 735 <col width="19%"> 736 <col width="16%"> 737 <col width="10%"> 738 <col width="27%"> 739 <col width="16%"> 740 <tr> 741 <th>CVE</th> 742 <th> Android</th> 743 <th> </th> 744 <th> Nexus</th> 745 <th> </th> 746 </tr> 747 <tr> 748 <td>CVE-2016-2441</td> 749 <td>26354602*</td> 750 <td></td> 751 <td>Nexus5X, Nexus6, Nexus6P</td> 752 <td>30 2015.</td> 753 </tr> 754 <tr> 755 <td>CVE-2016-2442</td> 756 <td>26494907*</td> 757 <td></td> 758 <td>Nexus5X, Nexus6, Nexus6P</td> 759 <td>30 2015.</td> 760 </tr> 761 </table> 762 <p>* AOSP. 763 Nexus, 764 <a href="https://developers.google.com/android/nexus/drivers"> </a>.</p> 765 766 <h3 id="elevation_of_privilege_vulnerability_in_qualcomm_mdp_driver"> 767 MDP- Qualcomm</h3> 768 769 770 <p> 771 . , 772 , 773 , , 774 .</p> 775 <table> 776 <col width="19%"> 777 <col width="16%"> 778 <col width="10%"> 779 <col width="27%"> 780 <col width="16%"> 781 <tr> 782 <th>CVE</th> 783 <th> Android</th> 784 <th> </th> 785 <th> Nexus</th> 786 <th> </th> 787 </tr> 788 <tr> 789 <td>CVE-2016-2443</td> 790 <td>26404525*</td> 791 <td></td> 792 <td>Nexus5, Nexus7 (2013)</td> 793 <td>5 2016.</td> 794 </tr> 795 </table> 796 <p>* AOSP. 797 Nexus, 798 <a href="https://developers.google.com/android/nexus/drivers"> </a>.</p> 799 800 <h3 id="elevation_of_privilege_vulnerability_in_qualcomm_wi-fi_driver"> 801 Wi-Fi- Qualcomm</h3> 802 803 804 <p> 805 806 . , 807 , 808 (, <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a>).</p> 809 <table> 810 <col width="19%"> 811 <col width="16%"> 812 <col width="10%"> 813 <col width="27%"> 814 <col width="16%"> 815 <tr> 816 <th>CVE</th> 817 <th> Android</th> 818 <th> </th> 819 <th> Nexus</th> 820 <th> </th> 821 </tr> 822 <tr> 823 <td>CVE-2015-0571</td> 824 <td>26763920*</td> 825 <td></td> 826 <td>Nexus5X, Nexus7 (2013)</td> 827 <td>25 2016.</td> 828 </tr> 829 </table> 830 <p>* AOSP. 831 Nexus, 832 <a href="https://developers.google.com/android/nexus/drivers"> </a>.</p> 833 834 <h3 id="elevation_of_privilege_vulnerability_in_nvidia_video_driver"> 835 NVIDIA</h3> 836 837 838 <p> 839 . , 840 , 841 , , 842 .</p> 843 <table> 844 <col width="19%"> 845 <col width="16%"> 846 <col width="10%"> 847 <col width="27%"> 848 <col width="16%"> 849 <tr> 850 <th>CVE</th> 851 <th> Android</th> 852 <th> </th> 853 <th> Nexus</th> 854 <th> </th> 855 </tr> 856 <tr> 857 <td>CVE-2016-2444</td> 858 <td>27208332*</td> 859 <td></td> 860 <td>Nexus9</td> 861 <td>16 2016.</td> 862 </tr> 863 <tr> 864 <td>CVE-2016-2445</td> 865 <td>27253079*</td> 866 <td></td> 867 <td>Nexus9</td> 868 <td>17 2016.</td> 869 </tr> 870 <tr> 871 <td>CVE-2016-2446</td> 872 <td>27441354*</td> 873 <td></td> 874 <td>Nexus9</td> 875 <td>1 2016.</td> 876 </tr> 877 </table> 878 <p>* AOSP. 879 Nexus, 880 <a href="https://developers.google.com/android/nexus/drivers"> </a>.</p> 881 882 <h3 id="elevation_of_privilege_vulnerability_in_wi-fi"> 883 Wi-Fi</h3> 884 885 886 <p> 887 . 888 , , 889 (, <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a>).</p> 890 891 <p><strong>.</strong> MITRE (CVE) CVE-2016-2447 CVE-2016-4477.</p> 892 893 <table> 894 <col width="19%"> 895 <col width="16%"> 896 <col width="10%"> 897 <col width="19%"> 898 <col width="18%"> 899 <col width="16%"> 900 <tr> 901 <th>CVE</th> 902 <th> Android</th> 903 <th> </th> 904 <th> Nexus</th> 905 <th> AOSP</th> 906 <th> </th> 907 </tr> 908 <tr> 909 <td>CVE-2016-4477</td> 910 <td><a href="https://android.googlesource.com/platform/external/wpa_supplicant_8/+/b79e09574e50e168dd5f19d540ae0b9a05bd1535"> 911 27371366</a> 912 [<a href="https://android.googlesource.com/platform/external/wpa_supplicant_8/+/b845b81ec6d724bd359cdb77f515722dd4066cf8">2</a>] 913 </td> 914 <td></td> 915 <td><a href="#nexus_devices"> </a></td> 916 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 917 <td>24 2016.</td> 918 </tr> 919 </table> 920 921 922 <h3 id="elevation_of_privilege_vulnerability_in_mediaserver"> 923 mediaserver</h3> 924 925 926 <p> 927 928 . , 929 , 930 (, <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a>).</p> 931 <table> 932 <col width="19%"> 933 <col width="16%"> 934 <col width="10%"> 935 <col width="19%"> 936 <col width="18%"> 937 <col width="16%"> 938 <tr> 939 <th>CVE</th> 940 <th> Android</th> 941 <th> </th> 942 <th> Nexus</th> 943 <th> AOSP</th> 944 <th> </th> 945 </tr> 946 <tr> 947 <td>CVE-2016-2448</td> 948 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/a2d1d85726aa2a3126e9c331a8e00a8c319c9e2b"> 949 27533704</a></td> 950 <td></td> 951 <td><a href="#nexus_devices"> </a></td> 952 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 953 <td>7 2016.</td> 954 </tr> 955 <tr> 956 <td>CVE-2016-2449</td> 957 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/b04aee833c5cfb6b31b8558350feb14bb1a0f353"> 958 27568958</a></td> 959 <td></td> 960 <td><a href="#nexus_devices"> </a></td> 961 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 962 <td>9 2016.</td> 963 </tr> 964 <tr> 965 <td>CVE-2016-2450</td> 966 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/7fd96ebfc4c9da496c59d7c45e1f62be178e626d"> 967 27569635</a></td> 968 <td></td> 969 <td><a href="#nexus_devices"> </a></td> 970 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 971 <td>9 2016.</td> 972 </tr> 973 <tr> 974 <td>CVE-2016-2451</td> 975 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/f9ed2fe6d61259e779a37d4c2d7edb33a1c1f8ba"> 976 27597103</a></td> 977 <td></td> 978 <td><a href="#nexus_devices"> </a></td> 979 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 980 <td>10 2016.</td> 981 </tr> 982 <tr> 983 <td>CVE-2016-2452</td> 984 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/44749eb4f273f0eb681d0fa013e3beef754fa687"> 985 27662364</a> 986 [<a href="https://android.googlesource.com/platform/frameworks/av/+/65756b4082cd79a2d99b2ccb5b392291fd53703f">2</a>] 987 [<a href="https://android.googlesource.com/platform/frameworks/av/+/daa85dac2055b22dabbb3b4e537597e6ab73a866">3</a>] 988 </td> 989 <td></td> 990 <td><a href="#nexus_devices"> </a></td> 991 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 992 <td>14 2016.</td> 993 </tr> 994 </table> 995 996 997 <h3 id="elevation_of_privilege_vulnerability_in_mediatek_wi-fi_driver"> 998 Wi-Fi- MediaTek</h3> 999 1000 1001 <p> 1002 . , 1003 , 1004 , , .</p> 1005 <table> 1006 <col width="19%"> 1007 <col width="16%"> 1008 <col width="10%"> 1009 <col width="27%"> 1010 <col width="16%"> 1011 <tr> 1012 <th>CVE</th> 1013 <th> Android</th> 1014 <th> </th> 1015 <th> Nexus</th> 1016 <th> </th> 1017 </tr> 1018 <tr> 1019 <td>CVE-2016-2453</td> 1020 <td>27549705*</td> 1021 <td></td> 1022 <td>AndroidOne</td> 1023 <td>8 2016.</td> 1024 </tr> 1025 </table> 1026 <p>* AOSP. 1027 Nexus, 1028 <a href="https://developers.google.com/android/nexus/drivers"> </a>.</p> 1029 1030 <h3 id="remote_denial_of_service_vulnerability_in_qualcomm_hardware_codec"> 1031 Qualcomm</h3> 1032 1033 1034 <p> 1035 , 1036 . , 1037 .</p> 1038 <table> 1039 <col width="19%"> 1040 <col width="16%"> 1041 <col width="10%"> 1042 <col width="27%"> 1043 <col width="16%"> 1044 <tr> 1045 <th>CVE</th> 1046 <th> Android</th> 1047 <th> </th> 1048 <th> Nexus</th> 1049 <th> </th> 1050 </tr> 1051 <tr> 1052 <td>CVE-2016-2454</td> 1053 <td>26221024*</td> 1054 <td></td> 1055 <td>Nexus5</td> 1056 <td>16 2015.</td> 1057 </tr> 1058 </table> 1059 <p>* AOSP. 1060 Nexus, 1061 <a href="https://developers.google.com/android/nexus/drivers"> </a>.</p> 1062 1063 <h3 id="elevation_of_privilege_vulnerability_in_conscrypt"> 1064 Conscrypt</h3> 1065 1066 1067 <p> . 1068 , 1069 .</p> 1070 <table> 1071 <col width="19%"> 1072 <col width="16%"> 1073 <col width="10%"> 1074 <col width="19%"> 1075 <col width="18%"> 1076 <col width="16%"> 1077 <tr> 1078 <th>CVE</th> 1079 <th> Android</th> 1080 <th> </th> 1081 <th> Nexus</th> 1082 <th> AOSP</th> 1083 <th> </th> 1084 </tr> 1085 <tr> 1086 <td>CVE-2016-2461</td> 1087 <td><a href="https://android.googlesource.com/platform/external/conscrypt/+/50d0447566db4a77d78d592f1c1b5d31096fac8f"> 1088 27324690</a> 1089 [<a href="https://android.googlesource.com/platform/external/conscrypt/+/1638945d4ed9403790962ec7abed1b7a232a9ff8">2</a>] 1090 </td> 1091 <td></td> 1092 <td><a href="#nexus_devices"> </a></td> 1093 <td>6.0, 6.0.1</td> 1094 <td> Google</td> 1095 </tr> 1096 <tr> 1097 <td>CVE-2016-2462</td> 1098 <td><a href="https://android.googlesource.com/platform/external/conscrypt/+/8bec47d2184fca7e8b7337d2a65b2b75a9bc8f54"> 1099 27371173</a></td> 1100 <td></td> 1101 <td><a href="#nexus_devices"> </a></td> 1102 <td>6.0, 6.0.1</td> 1103 <td> Google</td> 1104 </tr> 1105 </table> 1106 1107 1108 <h3 id="elevation_of_privilege_vulnerability_in_openssl_&_boringssl"> 1109 OpenSSL BoringSSL</h3> 1110 1111 1112 <p> 1113 . 1114 , 1115 , 1116 , . 1117 .</p> 1118 <table> 1119 <col width="19%"> 1120 <col width="16%"> 1121 <col width="10%"> 1122 <col width="19%"> 1123 <col width="18%"> 1124 <col width="16%"> 1125 <tr> 1126 <th>CVE</th> 1127 <th> Android</th> 1128 <th> </th> 1129 <th> Nexus</th> 1130 <th> AOSP</th> 1131 <th> </th> 1132 </tr> 1133 <tr> 1134 <td>CVE-2016-0705</td> 1135 <td><a href="https://android.googlesource.com/platform/external/boringssl/+/591be84e89682622957c8f103ca4be3a5ed0f800"> 1136 27449871</a></td> 1137 <td></td> 1138 <td><a href="#nexus_devices"> </a></td> 1139 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 1140 <td>7 2016.</td> 1141 </tr> 1142 </table> 1143 1144 1145 <h3 id="elevation_of_privilege_vulnerability_in_mediatek_wi-fi_driver"> 1146 Wi-Fi- MediaTek</h3> 1147 1148 1149 <p> . 1150 , , 1151 , 1152 .</p> 1153 <table> 1154 <col width="19%"> 1155 <col width="16%"> 1156 <col width="10%"> 1157 <col width="27%"> 1158 <col width="16%"> 1159 <tr> 1160 <th>CVE</th> 1161 <th> Android</th> 1162 <th> </th> 1163 <th> Nexus</th> 1164 <th> </th> 1165 </tr> 1166 <tr> 1167 <td>CVE-2016-2456</td> 1168 <td>27275187*</td> 1169 <td></td> 1170 <td>AndroidOne</td> 1171 <td>19 2016.</td> 1172 </tr> 1173 </table> 1174 <p>* AOSP. 1175 Nexus, 1176 <a href="https://developers.google.com/android/nexus/drivers"> </a>.</p> 1177 1178 <h3 id="elevation_of_privilege_vulnerability_in_wi-fi"> 1179 Wi-Fi</h3> 1180 1181 1182 <p> Wi-Fi 1183 . , 1184 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">dangerous</a> ().</p> 1185 <table> 1186 <col width="19%"> 1187 <col width="16%"> 1188 <col width="10%"> 1189 <col width="19%"> 1190 <col width="18%"> 1191 <col width="16%"> 1192 <tr> 1193 <th>CVE</th> 1194 <th> Android</th> 1195 <th> </th> 1196 <th> Nexus</th> 1197 <th> AOSP</th> 1198 <th> </th> 1199 </tr> 1200 <tr> 1201 <td>CVE-2016-2457</td> 1202 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/12332e05f632794e18ea8c4ac52c98e82532e5db"> 1203 27411179</a></td> 1204 <td></td> 1205 <td><a href="#nexus_devices"> </a></td> 1206 <td>5.0.2, 5.1.1, 6.0, 6.0.1</td> 1207 <td>29 2016.</td> 1208 </tr> 1209 </table> 1210 1211 1212 <h3 id="information_disclosure_vulnerability_in_aosp_mail"> 1213 AOSP</h3> 1214 1215 1216 <p> 1217 . - 1218 .</p> 1219 <table> 1220 <col width="19%"> 1221 <col width="16%"> 1222 <col width="10%"> 1223 <col width="19%"> 1224 <col width="18%"> 1225 <col width="16%"> 1226 <tr> 1227 <th>CVE</th> 1228 <th> Android</th> 1229 <th> </th> 1230 <th> Nexus</th> 1231 <th> AOSP</th> 1232 <th> </th> 1233 </tr> 1234 <tr> 1235 <td>CVE-2016-2458</td> 1236 <td><a href="https://android.googlesource.com/platform/packages/apps/UnifiedEmail/+/a55168330d9326ff2120285763c818733590266a"> 1237 27335139</a> 1238 [<a href="https://android.googlesource.com/platform/packages/apps/Email/+/2791f0b33b610247ef87278862e66c6045f89693">2</a>] 1239 </td> 1240 <td></td> 1241 <td><a href="#nexus_devices"> </a></td> 1242 <td>5.0.2, 5.1.1, 6.0, 6.0.1</td> 1243 <td>23 2016.</td> 1244 </tr> 1245 </table> 1246 1247 1248 <h3 id="information_disclosure_vulnerability_in_mediaserver"> 1249 mediaserver</h3> 1250 1251 1252 <p> 1253 . - 1254 .</p> 1255 <table> 1256 <col width="19%"> 1257 <col width="16%"> 1258 <col width="10%"> 1259 <col width="19%"> 1260 <col width="18%"> 1261 <col width="16%"> 1262 <tr> 1263 <th>CVE</th> 1264 <th> Android</th> 1265 <th> </th> 1266 <th> Nexus</th> 1267 <th> AOSP</th> 1268 <th> </th> 1269 </tr> 1270 <tr> 1271 <td>CVE-2016-2459</td> 1272 <td><a href="https://android.googlesource.com/platform/frameworks/native/+/a30d7d90c4f718e46fb41a99b3d52800e1011b73"> 1273 27556038</a></td> 1274 <td></td> 1275 <td><a href="#nexus_devices"> </a></td> 1276 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 1277 <td>7 2016.</td> 1278 </tr> 1279 <tr> 1280 <td>CVE-2016-2460</td> 1281 <td><a href="https://android.googlesource.com/platform/frameworks/native/+/a30d7d90c4f718e46fb41a99b3d52800e1011b73"> 1282 27555981</a></td> 1283 <td></td> 1284 <td><a href="#nexus_devices"> </a></td> 1285 <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> 1286 <td>7 2016.</td> 1287 </tr> 1288 </table> 1289 1290 1291 <h3 id="denial_of_service_vulnerability_in_kernel"> 1292 </h3> 1293 1294 1295 <p> 1296 . , 1297 .</p> 1298 <table> 1299 <col width="19%"> 1300 <col width="16%"> 1301 <col width="10%"> 1302 <col width="27%"> 1303 <col width="16%"> 1304 <tr> 1305 <th>CVE</th> 1306 <th> Android</th> 1307 <th> </th> 1308 <th> Nexus</th> 1309 <th> </th> 1310 </tr> 1311 <tr> 1312 <td>CVE-2016-0774</td> 1313 <td>27721803*</td> 1314 <td></td> 1315 <td><a href="#nexus_devices"> </a></td> 1316 <td>17 2016.</td> 1317 </tr> 1318 </table> 1319 <p>* <a href="https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/fs/pipe.c?id=b381fbc509052d07ccf8641fd7560a25d46aaf1e"> Linux</a>.</p> 1320 1321 <h2 id="common_questions_and_answers"> </h2> 1322 1323 1324 <p> , 1325 .</p> 1326 1327 <p><strong>1. , , ?</strong></p> 1328 1329 <p> 1 2016 1330 . , 1331 , <a href="https://support.google.com/nexus/answer/4457705"> Nexus</a>. 1332 , , 1333 [ro.build.version.security_patch]:[2016-05-01].</p> 1334 1335 <p id="nexus_devices"><strong>2. , Nexus ?</strong></p> 1336 1337 <p> <a href="security_vulnerability_details"> </a> " Nexus". , .</p> 1338 1339 <ul> 1340 <li> <strong> .</strong> <em></em> 1341 1342 <a href="https://support.google.com/nexus/answer/4457705#nexus_devices"> Nexus</a>: Nexus5, Nexus5X, Nexus6, 1343 Nexus6P, Nexus7 (2013), Nexus9, AndroidOne, Nexus Player 1344 PixelC. 1345 <li> <strong> .</strong> <em></em> , 1346 .</li> 1347 <li> <strong>.</strong> Nexus.<em></em></li> 1348 </li></ul> 1349 1350 <p><strong>3. CVE-2015-1805?</strong></p> 1351 <p><a href="/security/advisory/2016-03-18.html"> Android</a> 18 2016 <a href="2016-04-02.html"> Nexus</a>. - , 1 2016, , CVE-2015-1805. , 1 2016.</p> 1352 <h2 id="revisions"></h2> 1353 1354 1355 <ul> 1356 <li> 2 2016. .</li> 1357 <li> 4 2016. 1358 <ul> 1359 <li> AOSP. 1360 <li> , Nexus Player PixelC. 1361 <li> MITRE CVE-2016-2447 CVE-2016-4477. 1362 </li></li></li></ul> 1363 </li> 1364 </ul> 1365 1366 </body> 1367 </html> 1368
