1 <html devsite> 2 <head> 3 <title>Nexus - 2015 10 </title> 4 <meta name="project_path" value="/_project.yaml" /> 5 <meta name="book_path" value="/_book.yaml" /> 6 </head> 7 <body> 8 <!-- 9 Copyright 2017 The Android Open Source Project 10 11 Licensed under the Apache License, Version 2.0 (the "License"); 12 you may not use this file except in compliance with the License. 13 You may obtain a copy of the License at 14 15 http://www.apache.org/licenses/LICENSE-2.0 16 17 Unless required by applicable law or agreed to in writing, software 18 distributed under the License is distributed on an "AS IS" BASIS, 19 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 20 See the License for the specific language governing permissions and 21 limitations under the License. 22 --> 23 24 25 26 <p> 27 <em> 28 2015 10 5 | 2015 10 12 29 </em> 30 </p> 31 <p> 32 Android (OTA) Nexus 33 <a href="https://developers.google.com/android/nexus/images"> 34 Google Developers 35 </a> 36 Nexus 2015 10 1 LMY48T Android L Android M 37 <a href="https://support.google.com/nexus/answer/4457705"> 38 Nexus 39 </a> 40 41 </p> 42 <p> 43 2015 9 10 Android (AOSP) 44 </p> 45 <p> 46 47 </p> 48 <p> 49 50 <a href="http://source.android.com/security/bulletin/2015-10-01.html#mitigations"> 51 52 </a> 53 54 <a href="http://source.android.com/security/enhancements/index.html"> 55 Android 56 </a> 57 SafetyNet Android 58 </p> 59 <h2 id="security_vulnerability_summary" style="margin-bottom:0px"> 60 61 </h2> 62 <hr/> 63 <p> 64 CVE 65 <a href="http://source.android.com/security/overview/updates-resources.html#severity"> 66 67 </a> 68 69 </p> 70 <table> 71 <tbody> 72 <tr> 73 <th> 74 75 </th> 76 <th> 77 CVE 78 </th> 79 <th> 80 81 </th> 82 </tr> 83 <tr> 84 <td> 85 libstagefright 86 </td> 87 <td> 88 CVE-2015-3873 89 <br/> 90 CVE-2015-3872 91 <br/> 92 CVE-2015-3871 93 <br/> 94 CVE-2015-3868 95 <br/> 96 CVE-2015-3867 97 <br/> 98 CVE-2015-3869 99 <br/> 100 CVE-2015-3870 101 <br/> 102 CVE-2015-3823 103 <br/> 104 CVE-2015-6598 105 <br/> 106 CVE-2015-6599 107 <br/> 108 CVE-2015-6600 109 <br/> 110 CVE-2015-6603 111 <br/> 112 CVE-2015-6601 113 <br/> 114 CVE-2015-3876 115 <br/> 116 CVE-2015-6604 117 </td> 118 <td> 119 120 </td> 121 </tr> 122 <tr> 123 <td> 124 Sonivox 125 </td> 126 <td> 127 CVE-2015-3874 128 </td> 129 <td> 130 131 </td> 132 </tr> 133 <tr> 134 <td> 135 libutils 136 </td> 137 <td> 138 CVE-2015-3875 139 <br/> 140 CVE-2015-6602 141 </td> 142 <td> 143 144 </td> 145 </tr> 146 <tr> 147 <td> 148 Skia 149 </td> 150 <td> 151 CVE-2015-3877 152 </td> 153 <td> 154 155 </td> 156 </tr> 157 <tr> 158 <td> 159 libFLAC 160 </td> 161 <td> 162 CVE-2014-9028 163 </td> 164 <td> 165 166 </td> 167 </tr> 168 <tr> 169 <td> 170 KeyStore 171 </td> 172 <td> 173 CVE-2015-3863 174 </td> 175 <td> 176 177 </td> 178 </tr> 179 <tr> 180 <td> 181 Media Player Framework 182 </td> 183 <td> 184 CVE-2015-3879 185 </td> 186 <td> 187 188 </td> 189 </tr> 190 <tr> 191 <td> 192 Android Runtime 193 </td> 194 <td> 195 CVE-2015-3865 196 </td> 197 <td> 198 199 </td> 200 </tr> 201 <tr> 202 <td> 203 Mediaserver 204 </td> 205 <td> 206 CVE-2015-6596 207 </td> 208 <td> 209 210 </td> 211 </tr> 212 <tr> 213 <td> 214 Secure Element Evaluation Kit 215 </td> 216 <td> 217 CVE-2015-6606 218 </td> 219 <td> 220 221 </td> 222 </tr> 223 <tr> 224 <td> 225 Media Projection 226 </td> 227 <td> 228 CVE-2015-3878 229 </td> 230 <td> 231 232 </td> 233 </tr> 234 <tr> 235 <td> 236 237 </td> 238 <td> 239 CVE-2015-3847 240 </td> 241 <td> 242 243 </td> 244 </tr> 245 <tr> 246 <td> 247 SQLite 248 </td> 249 <td> 250 CVE-2015-6607 251 </td> 252 <td> 253 254 </td> 255 </tr> 256 <tr> 257 <td> 258 Mediaserver 259 </td> 260 <td> 261 CVE-2015-6605 262 <br/> 263 CVE-2015-3862 264 </td> 265 <td> 266 267 </td> 268 </tr> 269 </tbody> 270 </table> 271 <h2 id="mitigations" style="margin-bottom:0px"> 272 273 </h2> 274 <hr/> 275 <p> 276 277 <a href="http://source.android.com/security/enhancements/index.html"> 278 Android 279 </a> 280 SafetyNet Android 281 </p> 282 <ul> 283 <li> 284 Android Android Android 285 </li> 286 <li> 287 Android SafetyNet Google Play Root Google Play Root 288 </li> 289 <li> 290 Google Messenger mediaserver 291 </li> 292 </ul> 293 <h2 id="acknowledgements" style="margin-bottom:0px"> 294 295 </h2> 296 <hr/> 297 <p> 298 299 </p> 300 <ul> 301 <li> 302 Brennan LautnerCVE-2015-3863 303 </li> 304 <li> 305 360 C0re CVE-2015-3868CVE-2015-3869CVE-2015-3865CVE-2015-3862 306 </li> 307 <li> 308 Copperhead Security Daniel Micay (daniel.micay (a] copperhead.co)CVE-2015-3875 309 </li> 310 <li> 311 dragonltxCVE-2015-6599 312 </li> 313 <li> 314 Google Project Zero Ian Beer Steven VittitoeCVE-2015-6604 315 </li> 316 <li> 317 Fundacin Dr. Manuel Sadosky Programa STIC Joaqun Rinaudo (@xeroxnir) Ivan Arce (@4Dgifts)CVE-2015-3870 318 </li> 319 <li> 320 Zimperium Josh DrakeCVE-2015-3876CVE-2015-6602 321 </li> 322 <li> 323 Exodus Intelligence Jordan Gruskovnjak (@jgrusko)CVE-2015-3867 324 </li> 325 <li> 326 (Trend Micro) Peter PiCVE-2015-3872CVE-2015-3871 327 </li> 328 <li> 329 360 Ping LiCVE-2015-3878 330 </li> 331 <li> 332 Seven ShenCVE-2015-6600CVE-2015-3847 333 </li> 334 <li> 335 X-Team Wangtao (neobyte)CVE-2015-6598 336 </li> 337 <li> 338 (Trend Micro Inc.) (@wish_wu)CVE-2015-3823 339 </li> 340 </ul> 341 <p> 342 Chrome Google Project Zero Google 343 </p> 344 <h2 id="security_vulnerability_details" style="margin-bottom:0px"> 345 346 </h2> 347 <hr/> 348 <p> 349 350 <a href="http://source.android.com/security/bulletin/2015-10-01.html#security_vulnerability_summary"> 351 352 </a> 353 CVE Bug Bug ID AOSP Bug Bug ID AOSP 354 </p> 355 <h3 id="remote_code_execution_vulnerabilities_in_libstagefright"> 356 libstagefright 357 </h3> 358 <p> 359 libstagefright mediaserver 360 </p> 361 <p> 362 363 </p> 364 <table> 365 <tbody> 366 <tr> 367 <th> 368 CVE 369 </th> 370 <th> 371 Bug AOSP 372 </th> 373 <th> 374 375 </th> 376 <th> 377 378 </th> 379 <th> 380 381 </th> 382 </tr> 383 <tr> 384 <td rowspan="14"> 385 CVE-2015-3873 386 </td> 387 <td> 388 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/c23e3dd8af7397f023aae040c4a03dd14091cbed"> 389 ANDROID-20674086 390 </a> 391 [ 392 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/9abb7401df730b5c510f6b8dac2716a0928d9623"> 393 2 394 </a> 395 396 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/b62a73b860757143d3b140b2985fdae71e18d675"> 397 3 398 </a> 399 400 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/b2ae4351539de9aa4667fcb3e02ba40d9c6bd094"> 401 4 402 </a> 403 ] 404 </td> 405 <td rowspan="13"> 406 407 </td> 408 <td rowspan="13"> 409 5.1 410 </td> 411 <td rowspan="13"> 412 Google 413 </td> 414 </tr> 415 <tr> 416 <td> 417 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/3fd96683850cf27648e036180acb149fac362242"> 418 ANDROID-20674674 419 </a> 420 [ 421 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/65842db06c2d77e53cc5ac61692160d844cc7d0a"> 422 2 423 </a> 424 425 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/38eff9af5c032bf12f89d6e94df05f65eef51afc"> 426 3 427 </a> 428 429 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/91860b89488b3ee4644c539e89e657fbb79fb6ad"> 430 4 431 </a> 432 ] 433 </td> 434 </tr> 435 <tr> 436 <td> 437 <a href="https://android.googlesource.com/platform%2Fexternal%2Ftremolo/+/2e941e40ce76eb13b273479a4ee8fb6e40d33795"> 438 ANDROID-20718524 439 </a> 440 </td> 441 </tr> 442 <tr> 443 <td> 444 <a href="https://android.googlesource.com/platform%2Fexternal%2Ftremolo/+/06ca06ac6107f88530cc67225c47537621bb41a5"> 445 ANDROID-21048776 446 </a> 447 </td> 448 </tr> 449 <tr> 450 <td> 451 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/dc5e47f013bfbb74c5c35ad976aa98d480cb351b"> 452 ANDROID-21443020 453 </a> 454 </td> 455 </tr> 456 <tr> 457 <td> 458 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/f11e95b21007f24e5ab77298370855f9f085b2d7"> 459 ANDROID-21814993 460 </a> 461 </td> 462 </tr> 463 <tr> 464 <td> 465 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/f810a8298aea13fa177060cdc10c8297eac69c49"> 466 ANDROID-22008959 467 </a> 468 </td> 469 </tr> 470 <tr> 471 <td> 472 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/7913508110c80da87fb085514208adbd874d7d54"> 473 ANDROID-22077698 474 </a> 475 </td> 476 </tr> 477 <tr> 478 <td> 479 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/073e4f6748f5d7deb095c42fad9271cb99e22d07"> 480 ANDROID-22388975 481 </a> 482 </td> 483 </tr> 484 <tr> 485 <td> 486 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/bf47eb9c67ed364f3c288954857aab9d9311db4c"> 487 ANDROID-22845824 488 </a> 489 </td> 490 </tr> 491 <tr> 492 <td> 493 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/b158a9a5bcfe21480f57bc58d45517f1a81cca39"> 494 ANDROID-23016072 495 </a> 496 </td> 497 </tr> 498 <tr> 499 <td> 500 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/5a132594b531f1f48098a790927f82080cc27f61"> 501 ANDROID-23247055 502 </a> 503 </td> 504 </tr> 505 <tr> 506 <td> 507 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/d2ebc0b9e147f9406db20ec4df61da50e3614ee4"> 508 ANDROID-23248776 509 </a> 510 </td> 511 </tr> 512 <tr> 513 <td> 514 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/3179e3b3531b5fe93dc7f5b2c378e27010a406d5"> 515 ANDROID-20721050 516 </a> 517 </td> 518 <td> 519 520 </td> 521 <td> 522 5.0 5.1 523 </td> 524 <td> 525 Google 526 </td> 527 </tr> 528 <tr> 529 <td> 530 CVE-2015-3823 531 </td> 532 <td> 533 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/407d475b797fdc595299d67151230dc6e3835ccd"> 534 ANDROID-21335999 535 </a> 536 </td> 537 <td> 538 539 </td> 540 <td> 541 5.1 542 </td> 543 <td> 544 2015 5 20 545 </td> 546 </tr> 547 <tr> 548 <td> 549 CVE-2015-6600 550 </td> 551 <td> 552 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/e6f5d47a7f9eab8a0009f8a563de473cd47d3110"> 553 ANDROID-22882938 554 </a> 555 </td> 556 <td> 557 558 </td> 559 <td> 560 5.1 561 </td> 562 <td> 563 2015 7 31 564 </td> 565 </tr> 566 <tr> 567 <td> 568 CVE-2015-6601 569 </td> 570 <td> 571 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/738a753a3ca7bf8f9f608ca941575626265294e4"> 572 ANDROID-22935234 573 </a> 574 </td> 575 <td> 576 577 </td> 578 <td> 579 5.1 580 </td> 581 <td> 582 2015 8 3 583 </td> 584 </tr> 585 <tr> 586 <td> 587 CVE-2015-3869 588 </td> 589 <td> 590 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/450e1015b7939292ca988dd1b4f0303a094478e9"> 591 ANDROID-23036083 592 </a> 593 </td> 594 <td> 595 596 </td> 597 <td> 598 5.1 599 </td> 600 <td> 601 2015 8 4 602 </td> 603 </tr> 604 <tr> 605 <td> 606 CVE-2015-3870 607 </td> 608 <td> 609 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/4bce636865bdf0e2a79fc9a5d9a69107649c850d"> 610 ANDROID-22771132 611 </a> 612 </td> 613 <td> 614 615 </td> 616 <td> 617 5.1 618 </td> 619 <td> 620 2015 8 5 621 </td> 622 </tr> 623 <tr> 624 <td> 625 CVE-2015-3871 626 </td> 627 <td> 628 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/c570778430a22b5488cae72982cf9fb8033dbda3"> 629 ANDROID-23031033 630 </a> 631 </td> 632 <td> 633 634 </td> 635 <td> 636 5.1 637 </td> 638 <td> 639 2015 8 6 640 </td> 641 </tr> 642 <tr> 643 <td> 644 CVE-2015-3868 645 </td> 646 <td> 647 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/937c6bedd4b6e5c6cb29a238eb459047dedd3486"> 648 ANDROID-23270724 649 </a> 650 </td> 651 <td> 652 653 </td> 654 <td> 655 5.1 656 </td> 657 <td> 658 2015 8 6 659 </td> 660 </tr> 661 <tr> 662 <td> 663 CVE-2015-6604 664 </td> 665 <td> 666 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/f51115bd8e44c2779b74477277c6f6046916e7cf"> 667 ANDROID-23129786 668 </a> 669 </td> 670 <td> 671 672 </td> 673 <td> 674 5.1 675 </td> 676 <td> 677 2015 8 11 678 </td> 679 </tr> 680 <tr> 681 <td> 682 CVE-2015-3867 683 </td> 684 <td> 685 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/7e9ac3509d72e8dc6f1316b5ce0a0066638b9737"> 686 ANDROID-23213430 687 </a> 688 </td> 689 <td> 690 691 </td> 692 <td> 693 5.1 694 </td> 695 <td> 696 2015 8 14 697 </td> 698 </tr> 699 <tr> 700 <td> 701 CVE-2015-6603 702 </td> 703 <td> 704 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/c37f7f6fa0cb7f55cdc5b2d4ccbf2c87c3bc6c3b"> 705 ANDROID-23227354 706 </a> 707 </td> 708 <td> 709 710 </td> 711 <td> 712 5.1 713 </td> 714 <td> 715 2015 8 15 716 </td> 717 </tr> 718 <tr> 719 <td> 720 CVE-2015-3876 721 </td> 722 <td> 723 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/c580c836c1941fb4912e1dd4e08626caf98a62c7"> 724 ANDROID-23285192 725 </a> 726 </td> 727 <td> 728 729 </td> 730 <td> 731 5.1 732 </td> 733 <td> 734 2015 8 15 735 </td> 736 </tr> 737 <tr> 738 <td> 739 CVE-2015-6598 740 </td> 741 <td> 742 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/ba6093a4c6997b9d36d9700ee8c974941bf82e3a"> 743 ANDROID-23306638 744 </a> 745 </td> 746 <td> 747 748 </td> 749 <td> 750 5.1 751 </td> 752 <td> 753 2015 8 18 754 </td> 755 </tr> 756 <tr> 757 <td> 758 CVE-2015-3872 759 </td> 760 <td> 761 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/4d46f6f18f5160b8992ec1e66ef1844212fc7d48"> 762 ANDROID-23346388 763 </a> 764 </td> 765 <td> 766 767 </td> 768 <td> 769 5.1 770 </td> 771 <td> 772 2015 8 19 773 </td> 774 </tr> 775 <tr> 776 <td> 777 CVE-2015-6599 778 </td> 779 <td> 780 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/af7e33f6043c0be1c0310d675884e3b263ca2438"> 781 ANDROID-23416608 782 </a> 783 </td> 784 <td> 785 786 </td> 787 <td> 788 5.1 789 </td> 790 <td> 791 2015 8 21 792 </td> 793 </tr> 794 </tbody> 795 </table> 796 <h3 id="remote_code_execution_vulnerabilities_in_sonivox"> 797 Sonivox 798 </h3> 799 <p> 800 Sonivox mediaserver 801 </p> 802 <table> 803 <tbody> 804 <tr> 805 <th> 806 CVE 807 </th> 808 <th> 809 Bug AOSP 810 </th> 811 <th> 812 813 </th> 814 <th> 815 816 </th> 817 <th> 818 819 </th> 820 </tr> 821 <tr> 822 <td rowspan="3"> 823 CVE-2015-3874 824 </td> 825 <td> 826 <a href="https://android.googlesource.com/platform%2Fexternal%2Fsonivox/+/8cbef48ba6e3d3f844b895f8ca1a1aee74414fff"> 827 ANDROID-23335715 828 </a> 829 </td> 830 <td rowspan="3"> 831 832 </td> 833 <td rowspan="3"> 834 5.1 835 </td> 836 <td rowspan="3"> 837 838 </td> 839 </tr> 840 <tr> 841 <td> 842 <a href="https://android.googlesource.com/platform%2Fexternal%2Fsonivox/+/5d2e7de37d4a28cf25cc5d0c64b3a29c1824dc0a"> 843 ANDROID-23307276 844 </a> 845 [ 846 <a href="https://android.googlesource.com/platform%2Fexternal%2Fsonivox/+/f333a822c38c3d92f40e8f1686348e6a62c291"> 847 2 848 </a> 849 ] 850 </td> 851 </tr> 852 <tr> 853 <td> 854 <a href="https://android.googlesource.com/platform%2Fexternal%2Fsonivox/+/8a9f53ee2c661e8b5b94d6e9fbb8af3baa34310d"> 855 ANDROID-23286323 856 </a> 857 </td> 858 </tr> 859 </tbody> 860 </table> 861 <h3 id="remote_code_execution_vulnerabilities_in_libutils"> 862 libutils 863 </h3> 864 <p> 865 libutils mediaserver 866 </p> 867 <p> 868 API 869 </p> 870 <table> 871 <tbody> 872 <tr> 873 <th> 874 CVE 875 </th> 876 <th> 877 Bug AOSP 878 </th> 879 <th> 880 881 </th> 882 <th> 883 884 </th> 885 <th> 886 887 </th> 888 </tr> 889 <tr> 890 <td> 891 CVE-2015-3875 892 </td> 893 <td> 894 <a href="https://android.googlesource.com/platform%2Fsystem%2Fcore/+/0cc9a6e6e1f8e675c1238e5e05418cabcc699b52"> 895 ANDROID-22952485 896 </a> 897 </td> 898 <td> 899 900 </td> 901 <td> 902 5.1 903 </td> 904 <td> 905 2015 8 15 906 </td> 907 </tr> 908 <tr> 909 <td> 910 CVE-2015-6602 911 </td> 912 <td> 913 <a href="https://android.googlesource.com/platform%2Fsystem%2Fcore/+/e0dce90b0de2b2b7c2baae8035f810a55526effb"> 914 ANDROID-23290056 915 </a> 916 [ 917 <a href="https://android.googlesource.com/platform%2Fsystem%2Fcore/+/5b85b1d40d619c2064d321364f212ebfeb6ba185"> 918 2 919 </a> 920 ] 921 </td> 922 <td> 923 924 </td> 925 <td> 926 5.1 927 </td> 928 <td> 929 2015 8 15 930 </td> 931 </tr> 932 </tbody> 933 </table> 934 <h3 id="remote_code_execution_vulnerability_in_skia"> 935 Skia 936 </h3> 937 <p> 938 Skia 939 </p> 940 <table> 941 <tbody> 942 <tr> 943 <th> 944 CVE 945 </th> 946 <th> 947 Bug AOSP 948 </th> 949 <th> 950 951 </th> 952 <th> 953 954 </th> 955 <th> 956 957 </th> 958 </tr> 959 <tr> 960 <td> 961 CVE-2015-3877 962 </td> 963 <td> 964 <a href="https://android.googlesource.com/platform%2Fexternal%2Fskia/+/55ad31336a6de7037139820558c5de834797c09e"> 965 ANDROID-20723696 966 </a> 967 </td> 968 <td> 969 970 </td> 971 <td> 972 5.1 973 </td> 974 <td> 975 2015 7 30 976 </td> 977 </tr> 978 </tbody> 979 </table> 980 <h3 id="remote_code_execution_vulnerabilities_in_libflac"> 981 libFLAC 982 </h3> 983 <p> 984 libFLAC 985 </p> 986 <p> 987 API 988 </p> 989 <table> 990 <tbody> 991 <tr> 992 <th> 993 CVE 994 </th> 995 <th> 996 Bug AOSP 997 </th> 998 <th> 999 1000 </th> 1001 <th> 1002 1003 </th> 1004 <th> 1005 1006 </th> 1007 </tr> 1008 <tr> 1009 <td> 1010 CVE-2014-9028 1011 </td> 1012 <td> 1013 <a href="https://android.googlesource.com/platform%2Fexternal%2Fflac/+/fe03f73d86bb415f5d5145f0de091834d89ae3a9"> 1014 ANDROID-18872897 1015 </a> 1016 [ 1017 <a href="https://android.googlesource.com/platform%2Fexternal%2Fflac/+/5859ae22db0a2d16af3e3ca19d582de37daf5eb6"> 1018 2 1019 </a> 1020 ] 1021 </td> 1022 <td> 1023 1024 </td> 1025 <td> 1026 5.1 1027 </td> 1028 <td> 1029 2014 11 14 1030 </td> 1031 </tr> 1032 </tbody> 1033 </table> 1034 <p> 1035 </p> 1036 <h3 id="elevation_of_privilege_vulnerability_in_keystore"> 1037 KeyStore 1038 </h3> 1039 <p> 1040 KeyStore API KeyStore KeyStore 1041 </p> 1042 <table> 1043 <tbody> 1044 <tr> 1045 <th> 1046 CVE 1047 </th> 1048 <th> 1049 Bug AOSP 1050 </th> 1051 <th> 1052 1053 </th> 1054 <th> 1055 1056 </th> 1057 <th> 1058 1059 </th> 1060 </tr> 1061 <tr> 1062 <td> 1063 CVE-2015-3863 1064 </td> 1065 <td> 1066 <a href="https://android.googlesource.com/platform%2Fsystem%2Fsecurity/+/0d5935262dbbcaf2cf6145529ffd71a728ef4609"> 1067 ANDROID-22802399 1068 </a> 1069 </td> 1070 <td> 1071 1072 </td> 1073 <td> 1074 5.1 1075 </td> 1076 <td> 1077 2015 7 28 1078 </td> 1079 </tr> 1080 </tbody> 1081 </table> 1082 <h3 id="elevation_of_privilege_vulnerability_in_media_player_framework"> 1083 Media Player Framework 1084 </h3> 1085 <p> 1086 Media Player Framework mediaserver 1087 </p> 1088 <table> 1089 <tbody> 1090 <tr> 1091 <th> 1092 CVE 1093 </th> 1094 <th> 1095 Bug AOSP 1096 </th> 1097 <th> 1098 1099 </th> 1100 <th> 1101 1102 </th> 1103 <th> 1104 1105 </th> 1106 </tr> 1107 <tr> 1108 <td> 1109 CVE-2015-3879 1110 </td> 1111 <td> 1112 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/aa4da6fa7ca2454f0713de0a5a583b5b8160166b"> 1113 ANDROID-23223325 1114 </a> 1115 [2]* 1116 </td> 1117 <td> 1118 1119 </td> 1120 <td> 1121 5.1 1122 </td> 1123 <td> 1124 2015 8 14 1125 </td> 1126 </tr> 1127 </tbody> 1128 </table> 1129 <p> 1130 * AOSP 1131 <a href="https://developers.google.com/android/nexus/drivers"> 1132 Google Developers 1133 </a> 1134 Nexus 1135 </p> 1136 <h3 id="elevation_of_privilege_vulnerability_in_android_runtime"> 1137 Android Runtime 1138 </h3> 1139 <p> 1140 Android Runtime 1141 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel"> 1142 Signature 1143 </a> 1144 1145 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel"> 1146 SignatureOrSystem 1147 </a> 1148 1149 </p> 1150 <table> 1151 <tbody> 1152 <tr> 1153 <th> 1154 CVE 1155 </th> 1156 <th> 1157 Bug AOSP 1158 </th> 1159 <th> 1160 1161 </th> 1162 <th> 1163 1164 </th> 1165 <th> 1166 1167 </th> 1168 </tr> 1169 <tr> 1170 <td> 1171 CVE-2015-3865 1172 </td> 1173 <td> 1174 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fbase/+/ff8dc21278b19b22ed8dc9f9475850838336d351"> 1175 ANDROID-23050463 1176 </a> 1177 [ 1178 <a href="https://android.googlesource.com/platform%2Fcts/+/3f7334822ba4cc53f81f22f3519093bf4e1d7f89"> 1179 2 1180 </a> 1181 ] 1182 </td> 1183 <td> 1184 1185 </td> 1186 <td> 1187 5.1 1188 </td> 1189 <td> 1190 2015 8 8 1191 </td> 1192 </tr> 1193 </tbody> 1194 </table> 1195 <h3 id="elevation_of_privilege_vulnerabilities_in_mediaserver"> 1196 Mediaserver 1197 </h3> 1198 <p> 1199 Mediaserver 1200 </p> 1201 <table> 1202 <tbody> 1203 <tr> 1204 <th> 1205 CVE 1206 </th> 1207 <th> 1208 Bug AOSP 1209 </th> 1210 <th> 1211 1212 </th> 1213 <th> 1214 1215 </th> 1216 <th> 1217 1218 </th> 1219 </tr> 1220 <tr> 1221 <td rowspan="3"> 1222 CVE-2015-6596 1223 </td> 1224 <td> 1225 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/b97ee930e4f7ed1587b869c92b4aa1dc90b641cc"> 1226 ANDROID-20731946 1227 </a> 1228 </td> 1229 <td rowspan="2"> 1230 1231 </td> 1232 <td rowspan="2"> 1233 5.1 1234 </td> 1235 <td rowspan="2"> 1236 1237 </td> 1238 </tr> 1239 <tr> 1240 <td> 1241 ANDROID-20719651* 1242 </td> 1243 </tr> 1244 <tr> 1245 <td> 1246 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/9ef830c6dbd4f6000b94abee3df14b9e27a38294"> 1247 ANDROID-19573085 1248 </a> 1249 </td> 1250 <td> 1251 1252 </td> 1253 <td> 1254 5.0 6.0 1255 </td> 1256 <td> 1257 Google 1258 </td> 1259 </tr> 1260 </tbody> 1261 </table> 1262 <p> 1263 *AOSP 1264 <a href="https://developers.google.com/android/nexus/drivers"> 1265 Google Developers 1266 </a> 1267 Nexus 1268 </p> 1269 <h3 id="elevation_of_privilege_vulnerability_in_secure_element_evaluation_kit"> 1270 Secure Element Evaluation Kit 1271 </h3> 1272 <p> 1273 <a href="http://seek-for-android.github.io/"> 1274 SEEK 1275 </a> 1276 Secure Element Evaluation Kit SmartCard API 1277 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel"> 1278 Signature 1279 </a> 1280 1281 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel"> 1282 SignatureOrSystem 1283 </a> 1284 1285 </p> 1286 <table> 1287 <tbody> 1288 <tr> 1289 <th> 1290 CVE 1291 </th> 1292 <th> 1293 Bug AOSP 1294 </th> 1295 <th> 1296 1297 </th> 1298 <th> 1299 1300 </th> 1301 <th> 1302 1303 </th> 1304 </tr> 1305 <tr> 1306 <td> 1307 CVE-2015-6606 1308 </td> 1309 <td> 1310 ANDROID-22301786* 1311 </td> 1312 <td> 1313 1314 </td> 1315 <td> 1316 5.1 1317 </td> 1318 <td> 1319 2015 6 30 1320 </td> 1321 </tr> 1322 </tbody> 1323 </table> 1324 <p> 1325 * 1326 <a href="http://seek-for-android.github.io/"> 1327 SEEK for Android 1328 </a> 1329 1330 </p> 1331 <h3 id="elevation_of_privilege_vulnerability_in_media_projection"> 1332 Media Projection 1333 </h3> 1334 <p> 1335 Media Projection 1336 </p> 1337 <table> 1338 <tbody> 1339 <tr> 1340 <th> 1341 CVE 1342 </th> 1343 <th> 1344 Bug AOSP 1345 </th> 1346 <th> 1347 1348 </th> 1349 <th> 1350 1351 </th> 1352 <th> 1353 1354 </th> 1355 </tr> 1356 <tr> 1357 <td> 1358 CVE-2015-3878 1359 </td> 1360 <td> 1361 <a href="https://android.googlesource.com/platform/frameworks/base/+/b3145760db5d58a107fd1ffd8eeec67d983d45f3"> 1362 ANDROID-23345192 1363 </a> 1364 </td> 1365 <td> 1366 1367 </td> 1368 <td> 1369 5.0 6.0 1370 </td> 1371 <td> 1372 2015 8 18 1373 </td> 1374 </tr> 1375 </tbody> 1376 </table> 1377 <h3 id="elevation_of_privilege_vulnerability_in_bluetooth"> 1378 1379 </h3> 1380 <p> 1381 Android 1382 </p> 1383 <table> 1384 <tbody> 1385 <tr> 1386 <th> 1387 CVE 1388 </th> 1389 <th> 1390 Bug AOSP 1391 </th> 1392 <th> 1393 1394 </th> 1395 <th> 1396 1397 </th> 1398 <th> 1399 1400 </th> 1401 </tr> 1402 <tr> 1403 <td> 1404 CVE-2015-3847 1405 </td> 1406 <td> 1407 <a href="https://android.googlesource.com/platform%2Fpackages%2Fapps%2FBluetooth/+/19004c751f36aa2b01d3e03d4f761d8897542bd2"> 1408 ANDROID-22343270 1409 </a> 1410 </td> 1411 <td> 1412 1413 </td> 1414 <td> 1415 5.1 1416 </td> 1417 <td> 1418 2015 7 8 1419 </td> 1420 </tr> 1421 </tbody> 1422 </table> 1423 <h3 id="elevation_of_privilege_vulnerabilities_in_sqlite"> 1424 SQLite 1425 </h3> 1426 <p> 1427 SQLite SQL 1428 </p> 1429 <p> 1430 2015 4 8 AOSP SQLite 1431 3.8.9 1432 <a href="https://android-review.googlesource.com/#/c/145961/"> 1433 https://android-review.googlesource.com/#/c/145961/ 1434 </a> 1435 </p> 1436 <p> 1437 Android 4.4 (SQLite 1438 3.7.11) Android 5.0 5.1 (SQLite 3.8.6) SQLite 1439 </p> 1440 <table> 1441 <tbody> 1442 <tr> 1443 <th> 1444 CVE 1445 </th> 1446 <th> 1447 Bug AOSP 1448 </th> 1449 <th> 1450 1451 </th> 1452 <th> 1453 1454 </th> 1455 <th> 1456 1457 </th> 1458 </tr> 1459 <tr> 1460 <td> 1461 CVE-2015-6607 1462 </td> 1463 <td> 1464 <a href="https://android.googlesource.com/platform%2Fexternal%2Fsqlite/+/3fcd43a0f1ef02756029e12af3cb9ba9faa13364"> 1465 ANDROID-20099586 1466 </a> 1467 </td> 1468 <td> 1469 1470 </td> 1471 <td> 1472 5.1 1473 </td> 1474 <td> 1475 2015 4 7 1476 <br/> 1477 1478 </td> 1479 </tr> 1480 </tbody> 1481 </table> 1482 <h3 id="denial_of_service_vulnerabilities_in_mediaserver"> 1483 Mediaserver 1484 </h3> 1485 <p> 1486 Mediaserver mediaserver 1487 </p> 1488 <table> 1489 <tbody> 1490 <tr> 1491 <th> 1492 CVE 1493 </th> 1494 <th> 1495 Bug AOSP 1496 </th> 1497 <th> 1498 1499 </th> 1500 <th> 1501 1502 </th> 1503 <th> 1504 1505 </th> 1506 </tr> 1507 <tr> 1508 <td rowspan="3"> 1509 CVE-2015-6605 1510 </td> 1511 <td> 1512 <a href="https://android.googlesource.com/platform%2Fexternal%2Ftremolo/+/36ec928f52271dd1feb4c86b18026564220629e9"> 1513 ANDROID-20915134 1514 </a> 1515 </td> 1516 <td rowspan="2"> 1517 1518 </td> 1519 <td rowspan="2"> 1520 5.1 1521 </td> 1522 <td rowspan="2"> 1523 Google 1524 </td> 1525 </tr> 1526 <tr> 1527 <td> 1528 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/3ce293842fed1b3abd2ff0aecd2a0c70a55086ee"> 1529 ANDROID-23142203 1530 </a> 1531 </td> 1532 </tr> 1533 <tr> 1534 <td> 1535 <a href="https://android.googlesource.com/platform%2Fexternal%2Flibhevc/+/2b67e532653b815e2341a0ac0b59d1b0ef82170d"> 1536 ANDROID-22278703 1537 </a> 1538 </td> 1539 <td> 1540 1541 </td> 1542 <td> 1543 5.0 6.0 1544 </td> 1545 <td> 1546 Google 1547 </td> 1548 </tr> 1549 <tr> 1550 <td> 1551 CVE-2015-3862 1552 </td> 1553 <td> 1554 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/f26400c9d01a0e2f71690d5ebc644270f098d590"> 1555 ANDROID-22954006 1556 </a> 1557 </td> 1558 <td> 1559 1560 </td> 1561 <td> 1562 5.1 1563 </td> 1564 <td> 1565 2015 8 2 1566 </td> 1567 </tr> 1568 </tbody> 1569 </table> 1570 <h2 id="revisions" style="margin-bottom:0px"> 1571 1572 </h2> 1573 <hr/> 1574 <ul> 1575 <li> 1576 2015 10 5 1577 </li> 1578 <li> 1579 2015 10 7 AOSP CVE-2014-9028 1580 </li> 1581 <li> 1582 2015 10 12 CVE-2015-3868CVE-2015-3869CVE-2015-3865CVE-2015-3862 1583 </li> 1584 </ul> 1585 </div> 1586 <div class="content-footer-sac" itemscope="" itemtype="http://schema.org/SiteNavigationElement"> 1587 <div class="layout-content-col col-9" style="padding-top:4px"> 1588 </div> 1589 <div class="paging-links layout-content-col col-4"> 1590 </div> 1591 </div> 1592 </div> 1593 1594 </body> 1595 </html> 1596