1 <html devsite> 2 <head> 3 <title>Nexus - 2015 9 </title> 4 <meta name="project_path" value="/_project.yaml" /> 5 <meta name="book_path" value="/_book.yaml" /> 6 </head> 7 <body> 8 <!-- 9 Copyright 2017 The Android Open Source Project 10 11 Licensed under the Apache License, Version 2.0 (the "License"); 12 you may not use this file except in compliance with the License. 13 You may obtain a copy of the License at 14 15 http://www.apache.org/licenses/LICENSE-2.0 16 17 Unless required by applicable law or agreed to in writing, software 18 distributed under the License is distributed on an "AS IS" BASIS, 19 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 20 See the License for the specific language governing permissions and 21 limitations under the License. 22 --> 23 24 25 26 <p> 27 <em> 28 2015 9 9 29 </em> 30 </p> 31 <p> 32 Android (OTA) Nexus LMY48M Android (AOSP) 33 </p> 34 <p> 35 36 <a href="https://developers.google.com/android/nexus/images"> 37 Google Developers 38 </a> 39 Nexus LMY48M 2015 8 13 40 </p> 41 <p> 42 CVE-2015-3636 43 <a href="http://source.android.com/security/bulletin/2015-09-01.html#mitigations"> 44 45 </a> 46 47 <a href="http://source.android.com/security/enhancements/index.html"> 48 Android 49 </a> 50 SafetyNet Android 51 </p> 52 <p> 53 CVE-2015-3864 CVE-2015-3686 54 </p> 55 <h2 id="security_vulnerability_summary" style="margin-bottom:0px"> 56 57 </h2> 58 <hr/> 59 <p> 60 CVE 61 <a href="http://source.android.com/security/overview/updates-resources.html#severity"> 62 63 </a> 64 65 </p> 66 <table> 67 <tbody> 68 <tr> 69 <th> 70 71 </th> 72 <th> 73 CVE 74 </th> 75 <th> 76 77 </th> 78 </tr> 79 <tr> 80 <td> 81 Mediaserver 82 </td> 83 <td> 84 CVE-2015-3864 85 </td> 86 <td> 87 88 </td> 89 </tr> 90 <tr> 91 <td> 92 93 </td> 94 <td> 95 CVE-2015-3636 96 </td> 97 <td> 98 99 </td> 100 </tr> 101 <tr> 102 <td> 103 Binder 104 </td> 105 <td> 106 CVE-2015-3845 107 <br/> 108 CVE-2015-1528 109 </td> 110 <td> 111 112 </td> 113 </tr> 114 <tr> 115 <td> 116 Keystore 117 </td> 118 <td> 119 CVE-2015-3863 120 </td> 121 <td> 122 123 </td> 124 </tr> 125 <tr> 126 <td> 127 Region 128 </td> 129 <td> 130 CVE-2015-3849 131 </td> 132 <td> 133 134 </td> 135 </tr> 136 <tr> 137 <td> 138 139 </td> 140 <td> 141 CVE-2015-3858 142 </td> 143 <td> 144 145 </td> 146 </tr> 147 <tr> 148 <td> 149 150 </td> 151 <td> 152 CVE-2015-3860 153 </td> 154 <td> 155 156 </td> 157 </tr> 158 <tr> 159 <td> 160 Mediaserver 161 </td> 162 <td> 163 CVE-2015-3861 164 </td> 165 <td> 166 167 </td> 168 </tr> 169 </tbody> 170 </table> 171 <h2 id="mitigations" style="margin-bottom:0px"> 172 173 </h2> 174 <hr/> 175 <p> 176 177 <a href="http://source.android.com/security/enhancements"> 178 Android 179 </a> 180 SafetyNet Android 181 </p> 182 <ul> 183 <li> 184 Android Android Android 185 </li> 186 <li> 187 Android SafetyNet Google Play Root Google Play Root 188 </li> 189 <li> 190 Google Messenger mediaserver 191 </li> 192 </ul> 193 <h2 id="acknowledgements" style="margin-bottom:0px"> 194 195 </h2> 196 <hr/> 197 <p> 198 199 </p> 200 <ul> 201 <li> 202 Exodus Intelligence Jordan Gruskovnjak (@jgrusko)CVE-2015-3864 203 </li> 204 <li> 205 Micha BednarskiCVE-2015-3845 206 </li> 207 <li> 208 360 CVE-2015-1528 209 </li> 210 <li> 211 Brennan LautnerCVE-2015-3863 212 </li> 213 <li> 214 jgor (@indiecom)CVE-2015-3860 215 </li> 216 <li> 217 (Trend Micro Inc.) (@wish_wu)CVE-2015-3861 218 </li> 219 </ul> 220 <h2 id="security_vulnerability_details" style="margin-bottom:0px"> 221 222 </h2> 223 <hr/> 224 <p> 225 226 <a href="http://source.android.com/security/bulletin/2015-09-01.html#security_vulnerability_summary"> 227 228 </a> 229 CVE Bug Bug ID AOSP Bug Bug ID AOSP 230 </p> 231 <h3 id="remote_code_execution_vulnerability_in_mediaserver"> 232 Mediaserver 233 </h3> 234 <p> 235 mediaserver mediaserver 236 </p> 237 <p> 238 239 </p> 240 <p> 241 mediaserver mediaserver 242 </p> 243 <p> 244 CVE-2015-3824 (ANDROID-20923261) 245 </p> 246 <table> 247 <tbody> 248 <tr> 249 <th> 250 CVE 251 </th> 252 <th> 253 Bug AOSP 254 </th> 255 <th> 256 257 </th> 258 <th> 259 260 </th> 261 </tr> 262 <tr> 263 <td> 264 CVE-2015-3864 265 </td> 266 <td> 267 <a href="https://android.googlesource.com/platform/frameworks/av/+/6fe85f7e15203e48df2cc3e8e1c4bc6ad49dc968"> 268 ANDROID-23034759 269 </a> 270 </td> 271 <td> 272 273 </td> 274 <td> 275 5.1 276 </td> 277 </tr> 278 </tbody> 279 </table> 280 <h3 id="elevation_privilege_vulnerability_in_kernel"> 281 282 </h3> 283 <p> 284 Linux ping Socket 285 </p> 286 <p> 287 288 </p> 289 <p> 290 2015 5 1 Root 291 </p> 292 <table> 293 <tbody> 294 <tr> 295 <th> 296 CVE 297 </th> 298 <th> 299 Bug AOSP 300 </th> 301 <th> 302 303 </th> 304 <th> 305 306 </th> 307 </tr> 308 <tr> 309 <td> 310 CVE-2015-3636 311 </td> 312 <td> 313 <a href="https://github.com/torvalds/linux/commit/a134f083e79f"> 314 ANDROID-20770158 315 </a> 316 </td> 317 <td> 318 319 </td> 320 <td> 321 5.1 322 </td> 323 </tr> 324 </tbody> 325 </table> 326 <h3 id="elevation_of_privilege_vulnerability_in_binder"> 327 Binder 328 </h3> 329 <p> 330 Binder 331 </p> 332 <p> 333 334 </p> 335 <table> 336 <tbody> 337 <tr> 338 <th> 339 CVE 340 </th> 341 <th> 342 Bug AOSP 343 </th> 344 <th> 345 346 </th> 347 <th> 348 349 </th> 350 </tr> 351 <tr> 352 <td> 353 CVE-2015-3845 354 </td> 355 <td> 356 <a href="https://android.googlesource.com/platform/frameworks/native/+/e68cbc3e9e66df4231e70efa3e9c41abc12aea20"> 357 ANDROID-17312693 358 </a> 359 </td> 360 <td> 361 362 </td> 363 <td> 364 5.1 365 </td> 366 </tr> 367 <tr> 368 <td> 369 CVE-2015-1528 370 </td> 371 <td> 372 <a href="https://android.googlesource.com/platform/frameworks/native/+/7dcd0ec9c91688cfa3f679804ba6e132f9811254"> 373 ANDROID-19334482 374 </a> 375 [ 376 <a href="https://android.googlesource.com/platform/system/core/+/e8c62fb484151f76ab88b1d5130f38de24ac8c14"> 377 2 378 </a> 379 ] 380 </td> 381 <td> 382 383 </td> 384 <td> 385 5.1 386 </td> 387 </tr> 388 </tbody> 389 </table> 390 <h3 id="elevation_of_privilege_vulnerability_in_keystore"> 391 Keystore 392 </h3> 393 <p> 394 Keystore Keystore Keystore 395 </p> 396 <p> 397 398 </p> 399 <table> 400 <tbody> 401 <tr> 402 <th> 403 CVE 404 </th> 405 <th> 406 Bug AOSP 407 </th> 408 <th> 409 410 </th> 411 <th> 412 413 </th> 414 </tr> 415 <tr> 416 <td> 417 CVE-2015-3863 418 </td> 419 <td> 420 <a href="https://android.googlesource.com/platform/system/security/+/bb9f4392c2f1b11be3acdc1737828274ff1ec55b"> 421 ANDROID-22802399 422 </a> 423 </td> 424 <td> 425 426 </td> 427 <td> 428 5.1 429 </td> 430 </tr> 431 </tbody> 432 </table> 433 <h3 id="elevation_of_privilege_vulnerability_in_region"> 434 Region 435 </h3> 436 <p> 437 Region 438 </p> 439 <p> 440 441 </p> 442 <table> 443 <tbody> 444 <tr> 445 <th> 446 CVE 447 </th> 448 <th> 449 Bug AOSP 450 </th> 451 <th> 452 453 </th> 454 <th> 455 456 </th> 457 </tr> 458 <tr> 459 <td> 460 CVE-2015-3849 461 </td> 462 <td> 463 <a href="https://android.googlesource.com/platform/frameworks/base/+/4cff1f49ff95d990d6c2614da5d5a23d02145885"> 464 ANDROID-20883006 465 </a> 466 [ 467 <a href="https://android.googlesource.com/platform/frameworks/base/+/1e72dc7a3074cd0b44d89afbf39bbf5000ef7cc3"> 468 2 469 </a> 470 ] 471 </td> 472 <td> 473 474 </td> 475 <td> 476 5.1 477 </td> 478 </tr> 479 </tbody> 480 </table> 481 <h3 id="elevation_of_privilege_vulnerability_in_sms_enables_notification_bypass"> 482 483 </h3> 484 <p> 485 Android 486 </p> 487 <p> 488 489 </p> 490 <table> 491 <tbody> 492 <tr> 493 <th> 494 CVE 495 </th> 496 <th> 497 Bug AOSP 498 </th> 499 <th> 500 501 </th> 502 <th> 503 504 </th> 505 </tr> 506 <tr> 507 <td> 508 CVE-2015-3858 509 </td> 510 <td> 511 <a href="https://android.googlesource.com/platform/frameworks/opt/telephony/+/df31d37d285dde9911b699837c351aed2320b586"> 512 ANDROID-22314646 513 </a> 514 </td> 515 <td> 516 517 </td> 518 <td> 519 5.1 520 </td> 521 </tr> 522 </tbody> 523 </table> 524 <h3 id="elevation_of_privilege_vulnerability_in_lockscreen"> 525 526 </h3> 527 <p> 528 Android 5.0 5.1 4.4 529 </p> 530 <p> 531 532 </p> 533 <table> 534 <tbody> 535 <tr> 536 <th> 537 CVE 538 </th> 539 <th> 540 Bug AOSP 541 </th> 542 <th> 543 544 </th> 545 <th> 546 547 </th> 548 </tr> 549 <tr> 550 <td> 551 CVE-2015-3860 552 </td> 553 <td> 554 <a href="https://android.googlesource.com/platform/frameworks/base/+/8fba7e6931245a17215e0e740e78b45f6b66d590"> 555 ANDROID-22214934 556 </a> 557 </td> 558 <td> 559 560 </td> 561 <td> 562 5.1 5.0 563 </td> 564 </tr> 565 </tbody> 566 </table> 567 <h3 id="denial_of_service_vulnerability_in_mediaserver"> 568 Mediaserver 569 </h3> 570 <p> 571 Mediaserver 572 </p> 573 <p> 574 mediaserver mediaserver 575 </p> 576 <table> 577 <tbody> 578 <tr> 579 <th> 580 CVE 581 </th> 582 <th> 583 Bug AOSP 584 </th> 585 <th> 586 587 </th> 588 <th> 589 590 </th> 591 </tr> 592 <tr> 593 <td> 594 CVE-2015-3861 595 </td> 596 <td> 597 <a href="https://android.googlesource.com/platform/frameworks/av/+/304ef91624e12661e7e35c2c0c235da84a73e9c0"> 598 ANDROID-21296336 599 </a> 600 </td> 601 <td> 602 603 </td> 604 <td> 605 5.1 606 </td> 607 </tr> 608 </tbody> 609 </table> 610 </div> 611 <div class="content-footer-sac" itemscope="" itemtype="http://schema.org/SiteNavigationElement"> 612 <div class="layout-content-col col-9" style="padding-top:4px"> 613 </div> 614 <div class="paging-links layout-content-col col-4"> 615 </div> 616 </div> 617 </div> 618 619 </body> 620 </html> 621
