1 <html devsite> 2 <head> 3 <title>Nexus - 2016 1 </title> 4 <meta name="project_path" value="/_project.yaml" /> 5 <meta name="book_path" value="/_book.yaml" /> 6 </head> 7 <body> 8 <!-- 9 Copyright 2017 The Android Open Source Project 10 11 Licensed under the Apache License, Version 2.0 (the "License"); 12 you may not use this file except in compliance with the License. 13 You may obtain a copy of the License at 14 15 http://www.apache.org/licenses/LICENSE-2.0 16 17 Unless required by applicable law or agreed to in writing, software 18 distributed under the License is distributed on an "AS IS" BASIS, 19 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 20 See the License for the specific language governing permissions and 21 limitations under the License. 22 --> 23 24 25 26 <p><em>2016 2 1 | 2016 3 7 </em></p> 27 28 <p> Android (OTA) Nexus <a href="https://developers.google.com/android/nexus/images">Google Developers </a> Nexus 2016 2 1 LMY49G Android L Android M <a href="https://support.google.com/nexus/answer/4457705">Nexus </a></p> 29 30 <p> 2016 1 4 Android (AOSP) </p> 31 32 <p>Broadcom WLAN </p> 33 34 <p><a href="#mitigations"></a> <a href="/security/enhancements/index.html">Android </a> SafetyNet Android </p> 35 36 <h2 id="security_vulnerability_summary"></h2> 37 38 39 <p> CVE<a href="/security/overview/updates-resources.html#severity"></a></p> 40 <table> 41 <tr> 42 <th></th> 43 <th>CVE</th> 44 <th></th> 45 </tr> 46 <tr> 47 <td>Broadcom WLAN </td> 48 <td>CVE-2016-0801<br>CVE-2016-0802</td> 49 <td></td> 50 </tr> 51 <tr> 52 <td>Mediaserver </td> 53 <td>CVE-2016-0803<br>CVE-2016-0804</td> 54 <td></td> 55 </tr> 56 <tr> 57 <td>Qualcomm </td> 58 <td>CVE-2016-0805</td> 59 <td></td> 60 </tr> 61 <tr> 62 <td>Qualcomm WLAN </td> 63 <td>CVE-2016-0806</td> 64 <td></td> 65 </tr> 66 <tr> 67 <td>Debugger Daemon </td> 68 <td>CVE-2016-0807</td> 69 <td></td> 70 </tr> 71 <tr> 72 <td>Minikin </td> 73 <td>CVE-2016-0808</td> 74 <td></td> 75 </tr> 76 <tr> 77 <td>WLAN </td> 78 <td>CVE-2016-0809</td> 79 <td></td> 80 </tr> 81 <tr> 82 <td>Mediaserver </td> 83 <td>CVE-2016-0810</td> 84 <td></td> 85 </tr> 86 <tr> 87 <td>libmediaplayerservice </td> 88 <td>CVE-2016-0811</td> 89 <td></td> 90 </tr> 91 <tr> 92 <td></td> 93 <td>CVE-2016-0812<br>CVE-2016-0813</td> 94 <td></td> 95 </tr> 96 </table> 97 98 99 <h3 id="mitigations"></h3> 100 101 102 <p> <a href="https://source.android.com/security/enhancements/index.html">Android </a> SafetyNet Android </p> 103 104 <ul> 105 <li> Android Android Android 106 <li>Android SafetyNet Google Play Root Google Play Root 107 <li> Google Messenger mediaserver 108 </li></li></li></ul> 109 110 <h3 id="acknowledgements"></h3> 111 112 113 <p></p> 114 115 <ul> 116 <li>Android Chrome CVE-2016-0809CVE-2016-0810</li> 117 <li>Broadgate CVE-2016-0801CVE-2015-0802</li> 118 <li><a href="http://www.360safe.com/"> 360</a> 119 <a href="http://c0reteam.org">C0RE </a> Chiachih Wu 120 (<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>)Mingjian Zhou 121 (<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>) Xuxian JiangCVE-2016-0804</li> 122 <li>Google Pixel C David RileyCVE-2016-0812</li> 123 <li> 360 IceSword Gengjia Chen (<a href="https://twitter.com/@chengjia4574">@chengjia4574</a>)CVE-2016-0805</li> 124 <li> KeenLab (<a href="https://twitter.com/keen_lab">@keen_lab</a>) Qidan He 125 (<a href="https://twitter.com/@Flanker_hqd">@Flanker_hqd</a>)CVE-2016-0811</li> 126 <li> (<a href="http://www.trendmicro.com">www.trendmicro.com</a>) Seven Shen 127 (<a href="https://twitter.com/@lingtongshen">@lingtongshen</a>)CVE-2016-0803</li> 128 <li> Weichao Sun (<a href="https://twitter.com/sunblate">@sunblate</a>)CVE-2016-0808</li> 129 <li>Android Zach Riggle (<a href="https://twitter.com/@ebeip90">@ebeip90</a>)CVE-2016-0807</li> 130 </ul> 131 132 <h2 id="security_vulnerability_details"></h2> 133 134 135 <p><a href="#security_vulnerability_summary"></a> CVE Bug Bug ID AOSP Bug Bug ID AOSP </p> 136 137 <h3 id="remote_code_execution_vulnerability_in_broadcom_wi-fi_driver">Broadcom WLAN </h3> 138 139 140 <p>Broadcom WLAN </p> 141 <table> 142 <tr> 143 <th>CVE</th> 144 <th>Bug</th> 145 <th></th> 146 <th></th> 147 <th></th> 148 </tr> 149 <tr> 150 <td>CVE-2016-0801</td> 151 <td><a href="https://android.googlesource.com/kernel/msm/+/68cdc8df1cb6622980b791ce03e99c255c9888af^!">ANDROID-25662029</a><br> 152 <a href="https://android.googlesource.com/kernel/msm/+/68cdc8df1cb6622980b791ce03e99c255c9888af^!">ANDROID-25662233</a></td> 153 <td></td> 154 <td>4.4.45.05.1.16.06.0.1</td> 155 <td>2015 10 25 </td> 156 </tr> 157 <tr> 158 <td>CVE-2016-0802</td> 159 <td><a href="https://android.googlesource.com/kernel/msm/+/3fffc78f70dc101add8b82af878d53457713d005^%21/">ANDROID-25306181</a></td> 160 <td></td> 161 <td>4.4.45.05.1.16.06.0.1</td> 162 <td>2015 10 26 </td> 163 </tr> 164 </table> 165 166 <h3 id="remote_code_execution_vulnerability_in_mediaserver">Mediaserver </h3> 167 168 <p> mediaserver mediaserver </p> 169 170 <p></p> 171 172 <p> mediaserver mediaserver </p> 173 <table> 174 <tr> 175 <th>CVE</th> 176 <th>Bug AOSP </th> 177 <th></th> 178 <th></th> 179 <th></th> 180 </tr> 181 <tr> 182 <td>CVE-2016-0803</td> 183 <td><a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/50270d98e26fa18b20ca88216c3526667b724ba7">ANDROID-25812794</a></td> 184 <td></td> 185 <td>4.4.45.05.1.16.06.0.1</td> 186 <td>2015 11 19 </td> 187 </tr> 188 <tr> 189 <td>CVE-2016-0804</td> 190 <td><a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/224858e719d045c8554856b12c4ab73d2375cf33">ANDROID-25070434</a></td> 191 <td></td> 192 <td>5.05.1.16.06.0.1</td> 193 <td>2015 10 12 </td> 194 </tr> 195 </table> 196 197 198 <h3 id="elevation_of_privilege_vulnerability_in_qualcomm_performance_module">Qualcomm </h3> 199 200 201 <p>Qualcomm ARM </p> 202 <table> 203 <tr> 204 <th>CVE</th> 205 <th>Bug</th> 206 <th></th> 207 <th></th> 208 <th></th> 209 </tr> 210 <tr> 211 <td>CVE-2016-0805</td> 212 <td>ANDROID-25773204*</td> 213 <td></td> 214 <td>4.4.45.05.1.16.06.0.1</td> 215 <td>2015 11 15 </td> 216 </tr> 217 </table> 218 219 <p>* AOSP <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> Nexus </p> 220 221 <h3 id="elevation_of_privilege_vulnerability_in_qualcomm_wifi_driver">Qualcomm WLAN </h3> 222 223 224 <p>Qualcomm WLAN </p> 225 <table> 226 <tr> 227 <th>CVE</th> 228 <th>Bug</th> 229 <th></th> 230 <th></th> 231 <th></th> 232 </tr> 233 <tr> 234 <td>CVE-2016-0806</td> 235 <td>ANDROID-25344453*</td> 236 <td></td> 237 <td>4.4.45.05.1.16.06.0.1</td> 238 <td>2015 11 15 </td> 239 </tr> 240 </table> 241 242 <p>* AOSP <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> Nexus </p> 243 244 <h3 id="elevation_of_privilege_vulnerability_in_the_debuggerd">Debuggerd </h3> 245 246 247 <p>Debuggerd Root </p> 248 <table> 249 <tr> 250 <th>CVE</th> 251 <th>Bug AOSP </th> 252 <th></th> 253 <th></th> 254 <th></th> 255 </tr> 256 <tr> 257 <td>CVE-2016-0807</td> 258 <td><a href="https://android.googlesource.com/platform%2Fsystem%2Fcore/+/d917514bd6b270df431ea4e781a865764d406120">ANDROID-25187394</a></td> 259 <td></td> 260 <td>6.0 6.0.1</td> 261 <td>Google </td> 262 </tr> 263 </table> 264 265 266 <h3 id="denial_of_service_vulnerability_in_minikin">Minikin </h3> 267 268 269 <p>Minikin Minikin </p> 270 <table> 271 <tr> 272 <th>CVE</th> 273 <th>Bug AOSP </th> 274 <th></th> 275 <th></th> 276 <th></th> 277 </tr> 278 <tr> 279 <td>CVE-2016-0808</td> 280 <td><a href="https://android.googlesource.com/platform/frameworks/minikin/+/ed4c8d79153baab7f26562afb8930652dfbf853b">ANDROID-25645298</a></td> 281 <td></td> 282 <td>5.05.1.16.06.0.1</td> 283 <td>2015 11 3 </td> 284 </tr> 285 </table> 286 287 288 <h3 id="elevation_of_privilege_vulnerability_in_wi-fi">WLAN </h3> 289 290 291 <p>WLAN <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">normal</a></p> 292 <table> 293 <tr> 294 <th>CVE</th> 295 <th>Bug AOSP </th> 296 <th></th> 297 <th></th> 298 <th></th> 299 </tr> 300 <tr> 301 <td>CVE-2016-0809</td> 302 <td><a href="https://android.googlesource.com/platform/hardware/broadcom/wlan/+/2c5a4fac8bc8198f6a2635ede776f8de40a0c3e1^%21/#F0">ANDROID-25753768</a></td> 303 <td></td> 304 <td>6.06.0.1</td> 305 <td>Google </td> 306 </tr> 307 </table> 308 309 310 <h3 id="elevation_of_privilege_vulnerability_in_mediaserver">Mediaserver </h3> 311 312 313 <p>Mediaserver <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> </p> 314 <table> 315 <tr> 316 <th>CVE</th> 317 <th>Bug AOSP </th> 318 <th></th> 319 <th></th> 320 <th></th> 321 </tr> 322 <tr> 323 <td>CVE-2016-0810</td> 324 <td><a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/19c47afbc402542720ddd280e1bbde3b2277b586">ANDROID-25781119</a></td> 325 <td></td> 326 <td>4.4.45.05.1.16.06.0.1</td> 327 <td>Google </td> 328 </tr> 329 </table> 330 331 332 <h3 id="information_disclosure_vulnerability_in_libmediaplayerservice">libmediaplayerservice </h3> 333 334 335 <p>libmediaplayerservice <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> </p> 336 <table> 337 <tr> 338 <th>CVE</th> 339 <th>Bug AOSP </th> 340 <th></th> 341 <th></th> 342 <th></th> 343 </tr> 344 <tr> 345 <td>CVE-2016-0811</td> 346 <td><a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/22f824feac43d5758f9a70b77f2aca840ba62c3b">ANDROID-25800375</a></td> 347 <td></td> 348 <td>6.06.0.1</td> 349 <td>2015 11 16 </td> 350 </tr> 351 </table> 352 353 354 <h3 id="elevation_of_privilege_vulnerability_in_setup_wizard"></h3> 355 356 357 <p></p> 358 <table> 359 <tr> 360 <th>CVE</th> 361 <th>Bug AOSP </th> 362 <th></th> 363 <th></th> 364 <th></th> 365 </tr> 366 <tr> 367 <td>CVE-2016-0812</td> 368 <td><a href="https://android.googlesource.com/platform%2Fframeworks%2Fbase/+/84669ca8de55d38073a0dcb01074233b0a417541">ANDROID-25229538</a></td> 369 <td></td> 370 <td>5.1.16.0</td> 371 <td>Google </td> 372 </tr> 373 <tr> 374 <td>CVE-2016-0813</td> 375 <td><a href="https://android.googlesource.com/platform%2Fframeworks%2Fbase/+/16a76dadcc23a13223e9c2216dad1fe5cad7d6e1">ANDROID-25476219</a></td> 376 <td></td> 377 <td>5.1.16.06.0.1</td> 378 <td>Google </td> 379 </tr> 380 </table> 381 382 <h3 id="common_questions_and_answers"></h3> 383 384 <p></p> 385 386 <p><strong>1. </strong></p> 387 388 <p> 2016 2 1 LMY49G Android L Android 6.0 <a href="https://support.google.com/nexus/answer/4457705">Nexus </a> [ro.build.version.security_patch]:[2016-02-01]</p> 389 390 <h2 id="revisions"></h2> 391 392 393 <ul> 394 <li>2016 2 1 395 <li>2016 2 2 AOSP 396 <li>2016 3 7 AOSP 397 398 </li></li></li></ul> 399 400 </body> 401 </html> 402
