1 <html devsite> 2 <head> 3 <title>Nexus - 2016 1 </title> 4 <meta name="project_path" value="/_project.yaml" /> 5 <meta name="book_path" value="/_book.yaml" /> 6 </head> 7 <body> 8 <!-- 9 Copyright 2017 The Android Open Source Project 10 11 Licensed under the Apache License, Version 2.0 (the "License"); 12 you may not use this file except in compliance with the License. 13 You may obtain a copy of the License at 14 15 http://www.apache.org/licenses/LICENSE-2.0 16 17 Unless required by applicable law or agreed to in writing, software 18 distributed under the License is distributed on an "AS IS" BASIS, 19 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 20 See the License for the specific language governing permissions and 21 limitations under the License. 22 --> 23 24 25 26 <p> 27 Android (OTA) Nexus 28 <a href="https://developers.google.com/android/nexus/images"> 29 Google Developers 30 </a> 31 Nexus 2016 1 1 LMY49F Android L Android 6.0 32 <a href="http://source.android.com/security/bulletin/2016-01-01.html#common_questions_and_answers"> 33 34 </a> 35 36 </p> 37 <p> 38 2015 12 7 Android (AOSP) 39 </p> 40 <p> 41 42 </p> 43 <p> 44 45 <a href="http://source.android.com/security/bulletin/2016-01-01.html#mitigations"> 46 47 </a> 48 49 <a href="https://source.android.com/security/enhancements/"> 50 Android 51 </a> 52 SafetyNet Android 53 </p> 54 <h2 id="security_vulnerability_summary" style="margin-bottom:0px"> 55 56 </h2> 57 <hr/> 58 <p> 59 CVE 60 <a href="https://source.android.com/security/overview/updates-resources.html#severity"> 61 62 </a> 63 64 </p> 65 <table> 66 <tbody> 67 <tr> 68 <th> 69 70 </th> 71 <th> 72 CVE 73 </th> 74 <th> 75 76 </th> 77 </tr> 78 <tr> 79 <td> 80 Mediaserver 81 </td> 82 <td> 83 CVE-2015-6636 84 </td> 85 <td> 86 87 </td> 88 </tr> 89 <tr> 90 <td> 91 misc-sd 92 </td> 93 <td> 94 CVE-2015-6637 95 </td> 96 <td> 97 98 </td> 99 </tr> 100 <tr> 101 <td> 102 Imagination Technologies 103 </td> 104 <td> 105 CVE-2015-6638 106 </td> 107 <td> 108 109 </td> 110 </tr> 111 <tr> 112 <td> 113 TrustZone 114 </td> 115 <td> 116 CVE-2015-6639<br /> 117 CVE-2015-6647 118 </td> 119 <td> 120 121 </td> 122 </tr> 123 <tr> 124 <td> 125 126 </td> 127 <td> 128 CVE-2015-6640 129 </td> 130 <td> 131 132 </td> 133 </tr> 134 <tr> 135 <td> 136 137 </td> 138 <td> 139 CVE-2015-6641 140 </td> 141 <td> 142 143 </td> 144 </tr> 145 <tr> 146 <td> 147 148 </td> 149 <td> 150 CVE-2015-6642 151 </td> 152 <td> 153 154 </td> 155 </tr> 156 <tr> 157 <td> 158 159 </td> 160 <td> 161 CVE-2015-6643 162 </td> 163 <td> 164 165 </td> 166 </tr> 167 <tr> 168 <td> 169 WLAN 170 </td> 171 <td> 172 CVE-2015-5310 173 </td> 174 <td> 175 176 </td> 177 </tr> 178 <tr> 179 <td> 180 Bouncy Castle 181 </td> 182 <td> 183 CVE-2015-6644 184 </td> 185 <td> 186 187 </td> 188 </tr> 189 <tr> 190 <td> 191 SyncManager 192 </td> 193 <td> 194 CVE-2015-6645 195 </td> 196 <td> 197 198 </td> 199 </tr> 200 <tr> 201 <td> 202 Nexus 203 </td> 204 <td> 205 CVE-2015-6646 206 </td> 207 <td> 208 209 </td> 210 </tr> 211 </tbody> 212 </table> 213 <h2 id="mitigations" style="margin-bottom:0px"> 214 215 </h2> 216 <hr/> 217 <p> 218 219 <a href="https://source.android.com/security/enhancements/index.html"> 220 Android 221 </a> 222 SafetyNet Android 223 </p> 224 <ul> 225 <li> 226 Android Android Android 227 </li> 228 <li> 229 Android SafetyNet Google Play Root Google Play Root 230 </li> 231 <li> 232 Google Messenger mediaserver 233 </li> 234 </ul> 235 <h2 id="acknowledgements" style="margin-bottom:0px"> 236 237 </h2> 238 <hr/> 239 <p> 240 241 </p> 242 <ul> 243 <li> 244 Google Chrome Abhishek AryaOliver Chang Martin BarbellaCVE-2015-6636 245 </li> 246 <li> 247 KEEN ( 248 <a href="https://twitter.com/k33nteam"> @K33nTeam </a> 249 ) Sen Nie ( 250 <a href="https://twitter.com/@nforest_"> @nforest_ </a> 251 ) jfangCVE-2015-6637 252 </li> 253 <li> 254 Android Bionic Yabin CuiCVE-2015-6640 255 </li> 256 <li> 257 Google X Tom CraigCVE-2015-6641 258 </li> 259 <li> 260 Jann Horn ( 261 <a href="https://thejh.net/"> 262 https://thejh.net 263 </a> 264 )CVE-2015-6642 265 </li> 266 <li> 267 Jouni Malinen PGP id EFC895FACVE-2015-5310 268 </li> 269 <li> 270 Google Quan NguyenCVE-2015-6644 271 </li> 272 <li> 273 Gal Beniamini ( 274 <a href="https://twitter.com/@laginimaineb"> @laginimaineb </a> 275 276 <a href="http://bits-please.blogspot.com/"> 277 http://bits-please.blogspot.com 278 </a> 279 )CVE-2015-6639 280 </li> 281 </ul> 282 <h2 id="security_vulnerability_details" style="margin-bottom:0px"> 283 284 </h2> 285 <hr/> 286 <p> 287 288 <a href="http://source.android.com/security/bulletin/2016-01-01.html#security_vulnerability_summary"> 289 290 </a> 291 CVE Bug Bug ID AOSP Bug Bug ID AOSP 292 </p> 293 <h3 id="remote_code_execution_vulnerability_in_mediaserver"> 294 Mediaserver 295 </h3> 296 <p> 297 mediaserver mediaserver 298 </p> 299 <p> 300 301 </p> 302 <p> 303 mediaserver mediaserver 304 </p> 305 <table> 306 <tbody> 307 <tr> 308 <th> 309 CVE 310 </th> 311 <th> 312 Bug AOSP 313 </th> 314 <th> 315 316 </th> 317 <th> 318 319 </th> 320 <th> 321 322 </th> 323 </tr> 324 <tr> 325 <td rowspan="2"> 326 CVE-2015-6636 327 </td> 328 <td> 329 <a href="https://android.googlesource.com/platform%2Fexternal%2Flibhevc/+/b9f7c2c45c6fe770b7daffb9a4e61522d1f12d51#"> 330 ANDROID-25070493 331 </a> 332 </td> 333 <td> 334 335 </td> 336 <td> 337 5.05.1.16.06.0.1 338 </td> 339 <td> 340 Google 341 </td> 342 </tr> 343 <tr> 344 <td> 345 <a href="https://android.googlesource.com/platform%2Fexternal%2Flibhevc/+/e8bfec1fa41eafa1fd8e05d0fdc53ea0f2379518"> 346 ANDROID-24686670 347 </a> 348 </td> 349 <td> 350 351 </td> 352 <td> 353 5.05.1.16.06.0.1 354 </td> 355 <td> 356 Google 357 </td> 358 </tr> 359 </tbody> 360 </table> 361 <h3 id="elevation_of_privilege_vulnerability_in_misc-sd_driver"> 362 misc-sd 363 </h3> 364 <p> 365 MediaTek misc-sd 366 </p> 367 <table> 368 <tbody> 369 <tr> 370 <th> 371 CVE 372 </th> 373 <th> 374 Bug 375 </th> 376 <th> 377 378 </th> 379 <th> 380 381 </th> 382 <th> 383 384 </th> 385 </tr> 386 <tr> 387 <td> 388 CVE-2015-6637 389 </td> 390 <td> 391 ANDROID-25307013* 392 </td> 393 <td> 394 395 </td> 396 <td> 397 4.4.45.05.1.16.06.0.1 398 </td> 399 <td> 400 2015 10 26 401 </td> 402 </tr> 403 </tbody> 404 </table> 405 <p> 406 * AOSP 407 <a href="https://developers.google.com/android/nexus/drivers"> 408 Google Developers 409 </a> 410 Nexus 411 </p> 412 <h3 id="elevation_of_privilege_vulnerability_in_the_imagination_technologies_driver"> 413 Imagination Technologies 414 </h3> 415 <p> 416 Imagination Technologies 417 </p> 418 <table> 419 <tbody> 420 <tr> 421 <th> 422 CVE 423 </th> 424 <th> 425 Bug 426 </th> 427 <th> 428 429 </th> 430 <th> 431 432 </th> 433 <th> 434 435 </th> 436 </tr> 437 <tr> 438 <td> 439 CVE-2015-6638 440 </td> 441 <td> 442 ANDROID-24673908* 443 </td> 444 <td> 445 446 </td> 447 <td> 448 5.05.1.16.06.0.1 449 </td> 450 <td> 451 Google 452 </td> 453 </tr> 454 </tbody> 455 </table> 456 <p> 457 * AOSP 458 <a href="https://developers.google.com/android/nexus/drivers"> 459 Google Developers 460 </a> 461 Nexus 462 </p> 463 <h3 id="elevation_of_privilege_vulnerabilities_in_trustzone"> 464 TrustZone 465 </h3> 466 <p> 467 Widevine QSEE TrustZone QSEECOM Trustzone 468 </p> 469 <table> 470 <tbody> 471 <tr> 472 <th> 473 CVE 474 </th> 475 <th> 476 Bug 477 </th> 478 <th> 479 480 </th> 481 <th> 482 483 </th> 484 <th> 485 486 </th> 487 </tr> 488 <tr> 489 <td> 490 CVE-2015-6639 491 </td> 492 <td> 493 ANDROID-24446875* 494 </td> 495 <td> 496 497 </td> 498 <td> 499 5.05.1.16.06.0.1 500 </td> 501 <td> 502 2015 9 23 503 </td> 504 </tr> 505 <tr> 506 <td> 507 CVE-2015-6647 508 </td> 509 <td> 510 ANDROID-24441554* 511 </td> 512 <td> 513 514 </td> 515 <td> 516 5.05.1.16.06.0.1 517 </td> 518 <td> 519 2015 9 27 520 </td> 521 </tr> 522 </tbody> 523 </table> 524 <p> 525 * AOSP 526 <a href="https://developers.google.com/android/nexus/drivers"> 527 Google Developers 528 </a> 529 Nexus 530 </p> 531 <h3 id="elevation_of_privilege_vulnerability_in_kernel"> 532 533 </h3> 534 <p> 535 536 </p> 537 <table> 538 <tbody> 539 <tr> 540 <th> 541 CVE 542 </th> 543 <th> 544 Bug AOSP 545 </th> 546 <th> 547 548 </th> 549 <th> 550 551 </th> 552 <th> 553 554 </th> 555 </tr> 556 <tr> 557 <td> 558 CVE-2015-6640 559 </td> 560 <td> 561 <a href="https://android.googlesource.com/kernel%2Fcommon/+/69bfe2d957d903521d32324190c2754cb073be15"> 562 ANDROID-20017123 563 </a> 564 </td> 565 <td> 566 567 </td> 568 <td> 569 4.4.45.05.1.16.0 570 </td> 571 <td> 572 Google 573 </td> 574 </tr> 575 </tbody> 576 </table> 577 <h3 id="elevation_of_privilege_vulnerability_in_bluetooth"> 578 579 </h3> 580 <p> 581 582 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel"> 583 dangerous 584 </a> 585 586 </p> 587 <table> 588 <tbody> 589 <tr> 590 <th> 591 CVE 592 </th> 593 <th> 594 Bug AOSP 595 </th> 596 <th> 597 598 </th> 599 <th> 600 601 </th> 602 <th> 603 604 </th> 605 </tr> 606 <tr> 607 <td> 608 CVE-2015-6641 609 </td> 610 <td> 611 <a href="https://android.googlesource.com/platform%2Fpackages%2Fapps%2FSettings/+/98f11fd1a4752beed56b5fe7a4097ec0ae0c74b3"> 612 ANDROID-23607427 613 </a> 614 [ 615 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fbase/+/ccbe7383e63d7d23bac6bccc8e4094fe474645ec"> 616 2 617 </a> 618 ] 619 </td> 620 <td> 621 622 </td> 623 <td> 624 6.06.0.1 625 </td> 626 <td> 627 Google 628 </td> 629 </tr> 630 </tbody> 631 </table> 632 <h3 id="information_disclosure_vulnerability_in_kernel"> 633 634 </h3> 635 <p> 636 637 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel"> 638 Signature 639 </a> 640 641 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel"> 642 SignatureOrSystem 643 </a> 644 645 </p> 646 <table> 647 <tbody> 648 <tr> 649 <th> 650 CVE 651 </th> 652 <th> 653 Bug 654 </th> 655 <th> 656 657 </th> 658 <th> 659 660 </th> 661 <th> 662 663 </th> 664 </tr> 665 <tr> 666 <td> 667 CVE-2015-6642 668 </td> 669 <td> 670 ANDROID-24157888* 671 </td> 672 <td> 673 674 </td> 675 <td> 676 4.4.45.05.1.16.0 677 </td> 678 <td> 679 2015 9 12 680 </td> 681 </tr> 682 </tbody> 683 </table> 684 <p> 685 * AOSP 686 <a href="https://developers.google.com/android/nexus/drivers"> 687 Google Developers 688 </a> 689 Nexus 690 </p> 691 <h3 id="elevation_of_privilege_vulnerability_in_setup_wizard"> 692 693 </h3> 694 <p> 695 696 </p> 697 <table> 698 <tbody> 699 <tr> 700 <th> 701 CVE 702 </th> 703 <th> 704 Bug AOSP 705 </th> 706 <th> 707 708 </th> 709 <th> 710 711 </th> 712 <th> 713 714 </th> 715 </tr> 716 <tr> 717 <td> 718 CVE-2015-6643 719 </td> 720 <td> 721 <a href="https://android.googlesource.com/platform/packages/apps/Settings/+/665ac7bc29396fd5af2ecfdfda2b9de7a507daa0"> 722 ANDROID-25290269 723 </a> 724 [ 725 <a href="https://android.googlesource.com/platform/packages/apps/Settings/+/a7ff2e955d2509ed28deeef984347e093794f92b"> 726 2 727 </a> 728 ] 729 </td> 730 <td> 731 732 </td> 733 <td> 734 5.1.16.06.0.1 735 </td> 736 <td> 737 Google 738 </td> 739 </tr> 740 </tbody> 741 </table> 742 <h3 id="elevation_of_privilege_vulnerability_in_wi-fi"> 743 WLAN 744 </h3> 745 <p> 746 WLAN WLAN 747 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel"> 748 normal 749 </a> 750 751 </p> 752 <table> 753 <tbody> 754 <tr> 755 <th> 756 CVE 757 </th> 758 <th> 759 Bug AOSP 760 </th> 761 <th> 762 763 </th> 764 <th> 765 766 </th> 767 <th> 768 769 </th> 770 </tr> 771 <tr> 772 <td> 773 CVE-2015-5310 774 </td> 775 <td> 776 <a href="https://android.googlesource.com/platform%2Fexternal%2Fwpa_supplicant_8/+/1e9857b5f1dd84ac5a0ada0150b1b9c87d44d99d"> 777 ANDROID-25266660 778 </a> 779 </td> 780 <td> 781 782 </td> 783 <td> 784 4.4.45.05.1.16.06.0.1 785 </td> 786 <td> 787 2015 10 25 788 </td> 789 </tr> 790 </tbody> 791 </table> 792 <h3 id="information_disclosure_vulnerability_in_bouncy_castle"> 793 Bouncy Castle 794 </h3> 795 <p> 796 Bouncy Castle 797 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel"> 798 dangerous 799 </a> 800 801 </p> 802 <table> 803 <tbody> 804 <tr> 805 <th> 806 CVE 807 </th> 808 <th> 809 Bug AOSP 810 </th> 811 <th> 812 813 </th> 814 <th> 815 816 </th> 817 <th> 818 819 </th> 820 </tr> 821 <tr> 822 <td> 823 CVE-2015-6644 824 </td> 825 <td> 826 <a href="https://android.googlesource.com/platform/external/bouncycastle/+/3e128c5fea3a0ca2d372aa09c4fd4bb0eadfbd3f"> 827 ANDROID-24106146 828 </a> 829 </td> 830 <td> 831 832 </td> 833 <td> 834 4.4.45.05.1.16.06.0.1 835 </td> 836 <td> 837 Google 838 </td> 839 </tr> 840 </tbody> 841 </table> 842 <h3 id="denial_of_service_vulnerability_in_syncmanager"> 843 SyncManager 844 </h3> 845 <p> 846 SyncManager 847 </p> 848 <table> 849 <tbody> 850 <tr> 851 <th> 852 CVE 853 </th> 854 <th> 855 Bug AOSP 856 </th> 857 <th> 858 859 </th> 860 <th> 861 862 </th> 863 <th> 864 865 </th> 866 </tr> 867 <tr> 868 <td> 869 CVE-2015-6645 870 </td> 871 <td> 872 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fbase/+/c0f39c1ece72a05c796f7ba30b7a2b5b580d5025"> 873 ANDROID-23591205 874 </a> 875 </td> 876 <td> 877 878 </td> 879 <td> 880 4.4.45.05.1.16.0 881 </td> 882 <td> 883 Google 884 </td> 885 </tr> 886 </tbody> 887 </table> 888 <h3 id="attack_surface_reduction_for_nexus_kernels"> 889 Nexus 890 </h3> 891 <p> 892 Android SysV IPC System V IPC Android CVE-2015-7613 893 </p> 894 <table> 895 <tbody> 896 <tr> 897 <th> 898 CVE 899 </th> 900 <th> 901 Bug 902 </th> 903 <th> 904 905 </th> 906 <th> 907 908 </th> 909 <th> 910 911 </th> 912 </tr> 913 <tr> 914 <td> 915 CVE-2015-6646 916 </td> 917 <td> 918 ANDROID-22300191* 919 </td> 920 <td> 921 922 </td> 923 <td> 924 6.0 925 </td> 926 <td> 927 Google 928 </td> 929 </tr> 930 </tbody> 931 </table> 932 <p> 933 * AOSP 934 <a href="https://developers.google.com/android/nexus/drivers"> 935 Google Developers 936 </a> 937 Nexus 938 </p> 939 <h3 id="common_questions_and_answers"> 940 941 </h3> 942 <p> 943 944 </p> 945 <p> 946 <strong> 947 1. 948 </strong> 949 </p> 950 <p> 951 2016 1 1 LMY49F Android L Android 6.0 952 <a href="https://support.google.com/nexus/answer/4457705"> 953 Nexus 954 </a> 955 [ro.build.version.security_patch]:[2016-01-01] 956 </p> 957 <h2 id="revisions" style="margin-bottom:0px"> 958 959 </h2> 960 <hr/> 961 <ul> 962 <li> 963 2016 1 4 964 </li> 965 <li> 966 2016 1 6 AOSP 967 </li> 968 </ul> 969 970 </body> 971 </html> 972