Home | History | Annotate | Download | only in bulletin
      1 <html devsite>
      2   <head>
      3     <title>Nexus  - 2016  1 </title>
      4     <meta name="project_path" value="/_project.yaml" />
      5     <meta name="book_path" value="/_book.yaml" />
      6   </head>
      7   <body>
      8   <!--
      9       Copyright 2017 The Android Open Source Project
     10 
     11       Licensed under the Apache License, Version 2.0 (the "License");
     12       you may not use this file except in compliance with the License.
     13       You may obtain a copy of the License at
     14 
     15           http://www.apache.org/licenses/LICENSE-2.0
     16 
     17       Unless required by applicable law or agreed to in writing, software
     18       distributed under the License is distributed on an "AS IS" BASIS,
     19       WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     20       See the License for the specific language governing permissions and
     21       limitations under the License.
     22   -->
     23 
     24 
     25 
     26   <p>
     27     Android  (OTA)  Nexus 
     28    <a href="https://developers.google.com/android/nexus/images">
     29     Google Developers 
     30    </a>
     31     Nexus  2016  1  1  LMY49F  Android L  Android 6.0 
     32    <a href="http://source.android.com/security/bulletin/2016-01-01.html#common_questions_and_answers">
     33     
     34    </a>
     35    
     36   </p>
     37   <p>
     38     2015  12  7  Android  (AOSP) 
     39   </p>
     40   <p>
     41    
     42   </p>
     43   <p>
     44    
     45    <a href="http://source.android.com/security/bulletin/2016-01-01.html#mitigations">
     46     
     47    </a>
     48    
     49    <a href="https://source.android.com/security/enhancements/">
     50     Android 
     51    </a>
     52     SafetyNet Android 
     53   </p>
     54   <h2 id="security_vulnerability_summary" style="margin-bottom:0px">
     55    
     56   </h2>
     57   <hr/>
     58   <p>
     59     CVE
     60    <a href="https://source.android.com/security/overview/updates-resources.html#severity">
     61     
     62    </a>
     63    
     64   </p>
     65   <table>
     66    <tbody>
     67     <tr>
     68      <th>
     69       
     70      </th>
     71      <th>
     72       CVE
     73      </th>
     74      <th>
     75       
     76      </th>
     77     </tr>
     78     <tr>
     79      <td>
     80       Mediaserver 
     81      </td>
     82      <td>
     83       CVE-2015-6636
     84      </td>
     85      <td>
     86       
     87      </td>
     88     </tr>
     89     <tr>
     90      <td>
     91       misc-sd 
     92      </td>
     93      <td>
     94       CVE-2015-6637
     95      </td>
     96      <td>
     97       
     98      </td>
     99     </tr>
    100     <tr>
    101      <td>
    102       Imagination Technologies 
    103      </td>
    104      <td>
    105       CVE-2015-6638
    106      </td>
    107      <td>
    108       
    109      </td>
    110     </tr>
    111     <tr>
    112      <td>
    113       TrustZone 
    114      </td>
    115      <td>
    116       CVE-2015-6639<br />
    117       CVE-2015-6647
    118      </td>
    119      <td>
    120       
    121      </td>
    122     </tr>
    123     <tr>
    124      <td>
    125       
    126      </td>
    127      <td>
    128       CVE-2015-6640
    129      </td>
    130      <td>
    131       
    132      </td>
    133     </tr>
    134     <tr>
    135      <td>
    136       
    137      </td>
    138      <td>
    139       CVE-2015-6641
    140      </td>
    141      <td>
    142       
    143      </td>
    144     </tr>
    145     <tr>
    146      <td>
    147       
    148      </td>
    149      <td>
    150       CVE-2015-6642
    151      </td>
    152      <td>
    153       
    154      </td>
    155     </tr>
    156     <tr>
    157      <td>
    158       
    159      </td>
    160      <td>
    161       CVE-2015-6643
    162      </td>
    163      <td>
    164       
    165      </td>
    166     </tr>
    167     <tr>
    168      <td>
    169       WLAN 
    170      </td>
    171      <td>
    172       CVE-2015-5310
    173      </td>
    174      <td>
    175       
    176      </td>
    177     </tr>
    178     <tr>
    179      <td>
    180       Bouncy Castle 
    181      </td>
    182      <td>
    183       CVE-2015-6644
    184      </td>
    185      <td>
    186       
    187      </td>
    188     </tr>
    189     <tr>
    190      <td>
    191       SyncManager 
    192      </td>
    193      <td>
    194       CVE-2015-6645
    195      </td>
    196      <td>
    197       
    198      </td>
    199     </tr>
    200     <tr>
    201      <td>
    202        Nexus 
    203      </td>
    204      <td>
    205       CVE-2015-6646
    206      </td>
    207      <td>
    208       
    209      </td>
    210     </tr>
    211    </tbody>
    212   </table>
    213   <h2 id="mitigations" style="margin-bottom:0px">
    214    
    215   </h2>
    216   <hr/>
    217   <p>
    218    
    219    <a href="https://source.android.com/security/enhancements/index.html">
    220     Android 
    221    </a>
    222     SafetyNet Android 
    223   </p>
    224   <ul>
    225    <li>
    226      Android  Android  Android
    227    </li>
    228    <li>
    229     Android  SafetyNet Google Play  Root  Google Play  Root 
    230    </li>
    231    <li>
    232      Google  Messenger  mediaserver 
    233    </li>
    234   </ul>
    235   <h2 id="acknowledgements" style="margin-bottom:0px">
    236    
    237   </h2>
    238   <hr/>
    239   <p>
    240    
    241   </p>
    242   <ul>
    243    <li>
    244     Google Chrome  Abhishek AryaOliver Chang  Martin BarbellaCVE-2015-6636
    245    </li>
    246    <li>
    247      KEEN  (
    248     <a href="https://twitter.com/k33nteam"> @K33nTeam </a>
    249     )  Sen Nie (
    250     <a href="https://twitter.com/@nforest_"> @nforest_ </a>
    251     )  jfangCVE-2015-6637
    252    </li>
    253    <li>
    254     Android Bionic  Yabin CuiCVE-2015-6640
    255    </li>
    256    <li>
    257     Google X  Tom CraigCVE-2015-6641
    258    </li>
    259    <li>
    260     Jann Horn (
    261     <a href="https://thejh.net/">
    262      https://thejh.net
    263     </a>
    264     )CVE-2015-6642
    265    </li>
    266    <li>
    267     Jouni Malinen PGP id EFC895FACVE-2015-5310
    268    </li>
    269    <li>
    270     Google  Quan NguyenCVE-2015-6644
    271    </li>
    272    <li>
    273     Gal Beniamini (
    274     <a href="https://twitter.com/@laginimaineb"> @laginimaineb </a>
    275     
    276     <a href="http://bits-please.blogspot.com/">
    277      http://bits-please.blogspot.com
    278     </a>
    279     )CVE-2015-6639
    280    </li>
    281   </ul>
    282   <h2 id="security_vulnerability_details" style="margin-bottom:0px">
    283    
    284   </h2>
    285   <hr/>
    286   <p>
    287    
    288    <a href="http://source.android.com/security/bulletin/2016-01-01.html#security_vulnerability_summary">
    289     
    290    </a>
    291     CVE Bug Bug ID  AOSP  Bug  Bug ID  AOSP 
    292   </p>
    293   <h3 id="remote_code_execution_vulnerability_in_mediaserver">
    294    Mediaserver 
    295   </h3>
    296   <p>
    297     mediaserver  mediaserver 
    298   </p>
    299   <p>
    300    
    301   </p>
    302   <p>
    303     mediaserver mediaserver 
    304   </p>
    305   <table>
    306    <tbody>
    307     <tr>
    308      <th>
    309       CVE
    310      </th>
    311      <th>
    312       Bug AOSP 
    313      </th>
    314      <th>
    315       
    316      </th>
    317      <th>
    318       
    319      </th>
    320      <th>
    321       
    322      </th>
    323     </tr>
    324     <tr>
    325      <td rowspan="2">
    326       CVE-2015-6636
    327      </td>
    328      <td>
    329       <a href="https://android.googlesource.com/platform%2Fexternal%2Flibhevc/+/b9f7c2c45c6fe770b7daffb9a4e61522d1f12d51#">
    330        ANDROID-25070493
    331       </a>
    332      </td>
    333      <td>
    334       
    335      </td>
    336      <td>
    337       5.05.1.16.06.0.1
    338      </td>
    339      <td>
    340       Google 
    341      </td>
    342     </tr>
    343     <tr>
    344      <td>
    345       <a href="https://android.googlesource.com/platform%2Fexternal%2Flibhevc/+/e8bfec1fa41eafa1fd8e05d0fdc53ea0f2379518">
    346        ANDROID-24686670
    347       </a>
    348      </td>
    349      <td>
    350       
    351      </td>
    352      <td>
    353       5.05.1.16.06.0.1
    354      </td>
    355      <td>
    356       Google 
    357      </td>
    358     </tr>
    359    </tbody>
    360   </table>
    361   <h3 id="elevation_of_privilege_vulnerability_in_misc-sd_driver">
    362    misc-sd 
    363   </h3>
    364   <p>
    365    MediaTek  misc-sd 
    366   </p>
    367   <table>
    368    <tbody>
    369     <tr>
    370      <th>
    371       CVE
    372      </th>
    373      <th>
    374       Bug
    375      </th>
    376      <th>
    377       
    378      </th>
    379      <th>
    380       
    381      </th>
    382      <th>
    383       
    384      </th>
    385     </tr>
    386     <tr>
    387      <td>
    388       CVE-2015-6637
    389      </td>
    390      <td>
    391       ANDROID-25307013*
    392      </td>
    393      <td>
    394       
    395      </td>
    396      <td>
    397       4.4.45.05.1.16.06.0.1
    398      </td>
    399      <td>
    400       2015  10  26 
    401      </td>
    402     </tr>
    403    </tbody>
    404   </table>
    405   <p>
    406    * AOSP 
    407    <a href="https://developers.google.com/android/nexus/drivers">
    408     Google Developers 
    409    </a>
    410     Nexus 
    411   </p>
    412   <h3 id="elevation_of_privilege_vulnerability_in_the_imagination_technologies_driver">
    413    Imagination Technologies 
    414   </h3>
    415   <p>
    416    Imagination Technologies 
    417   </p>
    418   <table>
    419    <tbody>
    420     <tr>
    421      <th>
    422       CVE
    423      </th>
    424      <th>
    425       Bug
    426      </th>
    427      <th>
    428       
    429      </th>
    430      <th>
    431       
    432      </th>
    433      <th>
    434       
    435      </th>
    436     </tr>
    437     <tr>
    438      <td>
    439       CVE-2015-6638
    440      </td>
    441      <td>
    442       ANDROID-24673908*
    443      </td>
    444      <td>
    445       
    446      </td>
    447      <td>
    448       5.05.1.16.06.0.1
    449      </td>
    450      <td>
    451       Google 
    452      </td>
    453     </tr>
    454    </tbody>
    455   </table>
    456   <p>
    457    * AOSP 
    458    <a href="https://developers.google.com/android/nexus/drivers">
    459     Google Developers 
    460    </a>
    461     Nexus 
    462   </p>
    463   <h3 id="elevation_of_privilege_vulnerabilities_in_trustzone">
    464    TrustZone 
    465   </h3>
    466   <p>
    467    Widevine QSEE TrustZone  QSEECOM  Trustzone 
    468   </p>
    469   <table>
    470    <tbody>
    471     <tr>
    472      <th>
    473       CVE
    474      </th>
    475      <th>
    476       Bug
    477      </th>
    478      <th>
    479       
    480      </th>
    481      <th>
    482       
    483      </th>
    484      <th>
    485       
    486      </th>
    487     </tr>
    488     <tr>
    489      <td>
    490       CVE-2015-6639
    491      </td>
    492      <td>
    493       ANDROID-24446875*
    494      </td>
    495      <td>
    496       
    497      </td>
    498      <td>
    499       5.05.1.16.06.0.1
    500      </td>
    501      <td>
    502       2015  9  23 
    503      </td>
    504     </tr>
    505     <tr>
    506      <td>
    507       CVE-2015-6647
    508      </td>
    509      <td>
    510       ANDROID-24441554*
    511      </td>
    512      <td>
    513       
    514      </td>
    515      <td>
    516       5.05.1.16.06.0.1
    517      </td>
    518      <td>
    519       2015  9  27 
    520      </td>
    521     </tr>
    522    </tbody>
    523   </table>
    524   <p>
    525    * AOSP 
    526    <a href="https://developers.google.com/android/nexus/drivers">
    527     Google Developers 
    528    </a>
    529     Nexus 
    530   </p>
    531   <h3 id="elevation_of_privilege_vulnerability_in_kernel">
    532    
    533   </h3>
    534   <p>
    535    
    536   </p>
    537   <table>
    538    <tbody>
    539     <tr>
    540      <th>
    541       CVE
    542      </th>
    543      <th>
    544       Bug AOSP 
    545      </th>
    546      <th>
    547       
    548      </th>
    549      <th>
    550       
    551      </th>
    552      <th>
    553       
    554      </th>
    555     </tr>
    556     <tr>
    557      <td>
    558       CVE-2015-6640
    559      </td>
    560      <td>
    561       <a href="https://android.googlesource.com/kernel%2Fcommon/+/69bfe2d957d903521d32324190c2754cb073be15">
    562        ANDROID-20017123
    563       </a>
    564      </td>
    565      <td>
    566       
    567      </td>
    568      <td>
    569       4.4.45.05.1.16.0
    570      </td>
    571      <td>
    572       Google 
    573      </td>
    574     </tr>
    575    </tbody>
    576   </table>
    577   <h3 id="elevation_of_privilege_vulnerability_in_bluetooth">
    578    
    579   </h3>
    580   <p>
    581    
    582    <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">
    583     dangerous
    584    </a>
    585    
    586   </p>
    587   <table>
    588    <tbody>
    589     <tr>
    590      <th>
    591       CVE
    592      </th>
    593      <th>
    594       Bug AOSP 
    595      </th>
    596      <th>
    597       
    598      </th>
    599      <th>
    600       
    601      </th>
    602      <th>
    603       
    604      </th>
    605     </tr>
    606     <tr>
    607      <td>
    608       CVE-2015-6641
    609      </td>
    610      <td>
    611       <a href="https://android.googlesource.com/platform%2Fpackages%2Fapps%2FSettings/+/98f11fd1a4752beed56b5fe7a4097ec0ae0c74b3">
    612        ANDROID-23607427
    613       </a>
    614       [
    615       <a href="https://android.googlesource.com/platform%2Fframeworks%2Fbase/+/ccbe7383e63d7d23bac6bccc8e4094fe474645ec">
    616        2
    617       </a>
    618       ]
    619      </td>
    620      <td>
    621       
    622      </td>
    623      <td>
    624       6.06.0.1
    625      </td>
    626      <td>
    627       Google 
    628      </td>
    629     </tr>
    630    </tbody>
    631   </table>
    632   <h3 id="information_disclosure_vulnerability_in_kernel">
    633    
    634   </h3>
    635   <p>
    636    
    637    <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">
    638     Signature
    639    </a>
    640    
    641    <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">
    642     SignatureOrSystem
    643    </a>
    644    
    645   </p>
    646   <table>
    647    <tbody>
    648     <tr>
    649      <th>
    650       CVE
    651      </th>
    652      <th>
    653       Bug
    654      </th>
    655      <th>
    656       
    657      </th>
    658      <th>
    659       
    660      </th>
    661      <th>
    662       
    663      </th>
    664     </tr>
    665     <tr>
    666      <td>
    667       CVE-2015-6642
    668      </td>
    669      <td>
    670       ANDROID-24157888*
    671      </td>
    672      <td>
    673       
    674      </td>
    675      <td>
    676       4.4.45.05.1.16.0
    677      </td>
    678      <td>
    679       2015  9  12 
    680      </td>
    681     </tr>
    682    </tbody>
    683   </table>
    684   <p>
    685    * AOSP 
    686    <a href="https://developers.google.com/android/nexus/drivers">
    687     Google Developers 
    688    </a>
    689     Nexus 
    690   </p>
    691   <h3 id="elevation_of_privilege_vulnerability_in_setup_wizard">
    692    
    693   </h3>
    694   <p>
    695    
    696   </p>
    697   <table>
    698    <tbody>
    699     <tr>
    700      <th>
    701       CVE
    702      </th>
    703      <th>
    704       Bug AOSP 
    705      </th>
    706      <th>
    707       
    708      </th>
    709      <th>
    710       
    711      </th>
    712      <th>
    713       
    714      </th>
    715     </tr>
    716     <tr>
    717      <td>
    718       CVE-2015-6643
    719      </td>
    720      <td>
    721       <a href="https://android.googlesource.com/platform/packages/apps/Settings/+/665ac7bc29396fd5af2ecfdfda2b9de7a507daa0">
    722        ANDROID-25290269
    723       </a>
    724       [
    725       <a href="https://android.googlesource.com/platform/packages/apps/Settings/+/a7ff2e955d2509ed28deeef984347e093794f92b">
    726        2
    727       </a>
    728       ]
    729      </td>
    730      <td>
    731       
    732      </td>
    733      <td>
    734       5.1.16.06.0.1
    735      </td>
    736      <td>
    737       Google 
    738      </td>
    739     </tr>
    740    </tbody>
    741   </table>
    742   <h3 id="elevation_of_privilege_vulnerability_in_wi-fi">
    743    WLAN 
    744   </h3>
    745   <p>
    746    WLAN  WLAN 
    747    <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">
    748     normal
    749    </a>
    750    
    751   </p>
    752   <table>
    753    <tbody>
    754     <tr>
    755      <th>
    756       CVE
    757      </th>
    758      <th>
    759       Bug AOSP 
    760      </th>
    761      <th>
    762       
    763      </th>
    764      <th>
    765       
    766      </th>
    767      <th>
    768       
    769      </th>
    770     </tr>
    771     <tr>
    772      <td>
    773       CVE-2015-5310
    774      </td>
    775      <td>
    776       <a href="https://android.googlesource.com/platform%2Fexternal%2Fwpa_supplicant_8/+/1e9857b5f1dd84ac5a0ada0150b1b9c87d44d99d">
    777        ANDROID-25266660
    778       </a>
    779      </td>
    780      <td>
    781       
    782      </td>
    783      <td>
    784       4.4.45.05.1.16.06.0.1
    785      </td>
    786      <td>
    787       2015  10  25 
    788      </td>
    789     </tr>
    790    </tbody>
    791   </table>
    792   <h3 id="information_disclosure_vulnerability_in_bouncy_castle">
    793    Bouncy Castle 
    794   </h3>
    795   <p>
    796    Bouncy Castle 
    797    <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">
    798     dangerous
    799    </a>
    800    
    801   </p>
    802   <table>
    803    <tbody>
    804     <tr>
    805      <th>
    806       CVE
    807      </th>
    808      <th>
    809       Bug AOSP 
    810      </th>
    811      <th>
    812       
    813      </th>
    814      <th>
    815       
    816      </th>
    817      <th>
    818       
    819      </th>
    820     </tr>
    821     <tr>
    822      <td>
    823       CVE-2015-6644
    824      </td>
    825      <td>
    826       <a href="https://android.googlesource.com/platform/external/bouncycastle/+/3e128c5fea3a0ca2d372aa09c4fd4bb0eadfbd3f">
    827        ANDROID-24106146
    828       </a>
    829      </td>
    830      <td>
    831       
    832      </td>
    833      <td>
    834       4.4.45.05.1.16.06.0.1
    835      </td>
    836      <td>
    837       Google 
    838      </td>
    839     </tr>
    840    </tbody>
    841   </table>
    842   <h3 id="denial_of_service_vulnerability_in_syncmanager">
    843    SyncManager 
    844   </h3>
    845   <p>
    846     SyncManager 
    847   </p>
    848   <table>
    849    <tbody>
    850     <tr>
    851      <th>
    852       CVE
    853      </th>
    854      <th>
    855       Bug AOSP 
    856      </th>
    857      <th>
    858       
    859      </th>
    860      <th>
    861       
    862      </th>
    863      <th>
    864       
    865      </th>
    866     </tr>
    867     <tr>
    868      <td>
    869       CVE-2015-6645
    870      </td>
    871      <td>
    872       <a href="https://android.googlesource.com/platform%2Fframeworks%2Fbase/+/c0f39c1ece72a05c796f7ba30b7a2b5b580d5025">
    873        ANDROID-23591205
    874       </a>
    875      </td>
    876      <td>
    877       
    878      </td>
    879      <td>
    880       4.4.45.05.1.16.0
    881      </td>
    882      <td>
    883       Google 
    884      </td>
    885     </tr>
    886    </tbody>
    887   </table>
    888   <h3 id="attack_surface_reduction_for_nexus_kernels">
    889     Nexus 
    890   </h3>
    891   <p>
    892     Android  SysV IPC System V IPC  Android  CVE-2015-7613 
    893   </p>
    894   <table>
    895    <tbody>
    896     <tr>
    897      <th>
    898       CVE
    899      </th>
    900      <th>
    901       Bug
    902      </th>
    903      <th>
    904       
    905      </th>
    906      <th>
    907       
    908      </th>
    909      <th>
    910       
    911      </th>
    912     </tr>
    913     <tr>
    914      <td>
    915       CVE-2015-6646
    916      </td>
    917      <td>
    918       ANDROID-22300191*
    919      </td>
    920      <td>
    921       
    922      </td>
    923      <td>
    924       6.0
    925      </td>
    926      <td>
    927       Google 
    928      </td>
    929     </tr>
    930    </tbody>
    931   </table>
    932   <p>
    933    * AOSP 
    934    <a href="https://developers.google.com/android/nexus/drivers">
    935     Google Developers 
    936    </a>
    937     Nexus 
    938   </p>
    939   <h3 id="common_questions_and_answers">
    940    
    941   </h3>
    942   <p>
    943    
    944   </p>
    945   <p>
    946    <strong>
    947     1. 
    948    </strong>
    949   </p>
    950   <p>
    951     2016  1  1  LMY49F  Android L  Android 6.0 
    952    <a href="https://support.google.com/nexus/answer/4457705">
    953     Nexus 
    954    </a>
    955     [ro.build.version.security_patch]:[2016-01-01]
    956   </p>
    957   <h2 id="revisions" style="margin-bottom:0px">
    958    
    959   </h2>
    960   <hr/>
    961   <ul>
    962    <li>
    963     2016  1  4 
    964    </li>
    965    <li>
    966     2016  1  6  AOSP 
    967    </li>
    968   </ul>
    969 
    970   </body>
    971 </html>
    972