1 <html devsite> 2 <head> 3 <title>Nexus - 2016 4 </title> 4 <meta name="project_path" value="/_project.yaml" /> 5 <meta name="book_path" value="/_book.yaml" /> 6 </head> 7 <body> 8 <!-- 9 Copyright 2017 The Android Open Source Project 10 11 Licensed under the Apache License, Version 2.0 (the "License"); 12 you may not use this file except in compliance with the License. 13 You may obtain a copy of the License at 14 15 http://www.apache.org/licenses/LICENSE-2.0 16 17 Unless required by applicable law or agreed to in writing, software 18 distributed under the License is distributed on an "AS IS" BASIS, 19 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 20 See the License for the specific language governing permissions and 21 limitations under the License. 22 --> 23 24 25 26 27 28 <p><em>2016 4 4 | 2016 4 6 </em></p> 29 <p> Android (OTA) Nexus <a href="https://developers.google.com/android/nexus/images">Google Developers </a> Nexus 2016 4 2 <a href="https://support.google.com/nexus/answer/4457705">Nexus </a></p> 30 <p> 2016 3 16 Android (AOSP) </p> 31 <p></p> 32 <p><a href="/security/advisory/2016-03-18.html">Android - 2016 3 18 </a> Root <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1805">CVE-2015-1805</a> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1805">CVE-2015-1805</a> <a href="#mitigations"></a> <a href="/security/enhancements/index.html">Android </a> SafetyNet Android </p> 33 <h2 id="security_vulnerability_summary"></h2> 34 <p> CVE<a href="/security/overview/updates-resources.html#severity"></a></p> 35 <table> 36 <tr> 37 <th></th> 38 <th>CVE</th> 39 <th></th> 40 </tr> 41 <tr> 42 <td>DHCPCD </td> 43 <td>CVE-2016-1503<br/>CVE-2014-6060</td> 44 <td></td> 45 </tr> 46 <tr> 47 <td></td> 48 <td>CVE-2016-0834</td> 49 <td></td> 50 </tr> 51 <tr> 52 <td>Mediaserver </td> 53 <td>CVE-2016-0835<br/>CVE-2016-0836<br/>CVE-2016-0837<br/>CVE-2016-0838<br/>CVE-2016-0839<br/>CVE-2016-0840<br/>CVE-2016-0841</td> 54 <td></td> 55 </tr> 56 <tr> 57 <td>libstagefright </td> 58 <td>CVE-2016-0842</td> 59 <td></td> 60 </tr> 61 <tr> 62 <td></td> 63 <td>CVE-2015-1805</td> 64 <td></td> 65 </tr> 66 <tr> 67 <td>Qualcomm <br/></td> 68 <td>CVE-2016-0843</td> 69 <td></td> 70 </tr> 71 <tr> 72 <td>Qualcomm RF </td> 73 <td>CVE-2016-0844</td> 74 <td></td> 75 </tr> 76 <tr> 77 <td></td> 78 <td>CVE-2014-9322</td> 79 <td></td> 80 </tr> 81 <tr> 82 <td>IMemory </td> 83 <td>CVE-2016-0846</td> 84 <td></td> 85 </tr> 86 <tr> 87 <td>Telecom </td> 88 <td>CVE-2016-0847</td> 89 <td></td> 90 </tr> 91 <tr> 92 <td></td> 93 <td>CVE-2016-0848</td> 94 <td></td> 95 </tr> 96 <tr> 97 <td></td> 98 <td>CVE-2016-0849</td> 99 <td></td> 100 </tr> 101 <tr> 102 <td></td> 103 <td>CVE-2016-0850</td> 104 <td></td> 105 </tr> 106 <tr> 107 <td></td> 108 <td>CVE-2016-2409</td> 109 <td></td> 110 </tr> 111 <tr> 112 <td></td> 113 <td>CVE-2016-2410</td> 114 <td></td> 115 </tr> 116 <tr> 117 <td>Qualcomm <br/></td> 118 <td>CVE-2016-2411</td> 119 <td></td> 120 </tr> 121 <tr> 122 <td>System_server </td> 123 <td>CVE-2016-2412</td> 124 <td></td> 125 </tr> 126 <tr> 127 <td>Mediaserver </td> 128 <td>CVE-2016-2413</td> 129 <td></td> 130 </tr> 131 <tr> 132 <td>Minikin </td> 133 <td>CVE-2016-2414</td> 134 <td></td> 135 </tr> 136 <tr> 137 <td>Exchange ActiveSync </td> 138 <td>CVE-2016-2415</td> 139 <td></td> 140 </tr> 141 <tr> 142 <td>Mediaserver </td> 143 <td>CVE-2016-2416<br/>CVE-2016-2417<br/>CVE-2016-2418<br/>CVE-2016-2419</td> 144 <td></td> 145 </tr> 146 <tr> 147 <td>Debuggerd </td> 148 <td>CVE-2016-2420</td> 149 <td></td> 150 </tr> 151 <tr> 152 <td></td> 153 <td>CVE-2016-2421</td> 154 <td></td> 155 </tr> 156 <tr> 157 <td>WLAN </td> 158 <td>CVE-2016-2422</td> 159 <td></td> 160 </tr> 161 <tr> 162 <td>Telephony </td> 163 <td>CVE-2016-2423</td> 164 <td></td> 165 </tr> 166 <tr> 167 <td>SyncStorageEngine </td> 168 <td>CVE-2016-2424</td> 169 <td></td> 170 </tr> 171 <tr> 172 <td>AOSP </td> 173 <td>CVE-2016-2425</td> 174 <td></td> 175 </tr> 176 <tr> 177 <td>Framework </td> 178 <td>CVE-2016-2426</td> 179 <td></td> 180 </tr> 181 <tr> 182 <td>BouncyCastle </td> 183 <td>CVE-2016-2427</td> 184 <td></td> 185 </tr> 186 </table> 187 <h2 id="mitigations"></h2> 188 <p> <a href="/security/enhancements/index.html">Android </a> SafetyNet Android </p> 189 <ul> 190 <li> Android Android Android 191 </li><li>Android SafetyNet Google Play Root Google Play Root 192 </li><li> Google Messenger mediaserver 193 </li></ul> 194 <h2 id="acknowledgements"></h2> 195 <p>Android </p> 196 <ul> 197 <li>Google Chrome Abhishek AryaOliver Chang Martin BarbellaCVE-2016-0834CVE-2016-0841CVE-2016-0840CVE-2016-0839CVE-2016-0838</li><li>CENSUS S.A. Anestis Bechtsoudis (<a href="https://twitter.com/anestisb">@anestisb</a>)CVE-2016-0842CVE-2016-0836CVE-2016-0835</li><li>Google Telecom Brad Ebinger Santos CordonCVE-2016-0847</li><li><a href="https://www.ibr.cs.tu-bs.de"></a> Dominik SchrmannCVE-2016-2425</li><li> 360 IceSword Gengjia Chen (<a href="https://twitter.com/chengjia4574">@chengjia4574</a>)<a href="http://weibo.com/jfpan">pjf</a> Jianqiang Zhao (<a href="https://twitter.com/jianqiangzhao">@jianqiangzhao</a>)CVE-2016-0844</li><li> <a href="https://www.epfl.ch">cole polytechnique fdrale de Lausanne</a> <a href="mailto:gpiskas (a] gmail.com">George Piskas</a>CVE-2016-2426</li><li><a href="http://www.360.com/"> 360 </a> (<a href="https://twitter.com/oldfresher">@oldfresher</a>)CVE-2016-2412CVE-2016-2416</li><li>Google Project Zero James ForshawCVE-2016-2417CVE-2016-0846</li><li> 360 IceSword Jianqiang Zhao (<a href="https://twitter.com/jianqiangzhao">@jianqiangzhao</a>)<a href="http://weibo.com/jfpan">pjf</a> Gengjia Chen (<a href="https://twitter.com/chengjia4574">@chengjia4574</a>)CVE-2016-2410CVE-2016-2411</li><li> 360 IceSword Jianqiang Zhao (<a href="https://twitter.com/jianqiangzhao">@jianqiangzhao</a>) <a href="http://weibo.com/jfpan">pjf</a>CVE-2016-2409</li><li>Vertu Corporation LTD Nancy WangCVE-2016-0837</li><li> <a href="mailto:nasim (a] zamir.ca">Nasim Zamir</a>CVE-2016-2409</li><li>Qualcomm Nico Golde (<a href="https://twitter.com/iamnion">@iamnion</a>)CVE-2016-2420CVE-2016-0849</li><li> Peter Pi (<a href="https://twitter.com/heisecode">@heisecode</a>)CVE-2016-2418CVE-2016-2413CVE-2016-2419</li><li>Google Quan NguyenCVE-2016-2427</li><li>Richard ShupakCVE-2016-2415</li><li><a href="https://labs.mwrinfosecurity.com/">MWR </a> Romain Trouv (<a href="https://twitter.com/bouuntyyy">@bouuntyyy)</a>CVE-2016-0850</li><li>Stuart HendersonCVE-2016-2422</li><li>Android Vishwath MohanCVE-2016-2424</li><li> Weichao Sun (<a href="https://twitter.com/sunblate">@sunblate</a>)CVE-2016-2414</li><li> (<a href="https://twitter.com/wish_wu">@wish_wu</a>)CVE-2016-0843</li><li> <a href="mailto:luc2yj (a] gmail.com">Yeonjoon Lee</a> <a href="mailto:xw7 (a] indiana.edu">Xiaofeng Wang</a> <a href="mailto:litongxin1991 (a] gmail.com">Tongxin Li</a> <a href="mailto:hanxinhui (a] pku.edu.cn">Xinhui Han</a>CVE-2016-0848</li></ul> 198 <p>Android <a href="http://c0reteam.org">C0RE </a> <a href="mailto:computernik (a] gmail.com">Yuan-Tsung Lo</a><a href="mailto:vancouverdou (a] gmail.com">Wenke Dou</a>Chiachih Wu (<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>) Xuxian Jiang <a href="https://www.zimperium.com/">Zimperium</a> CVE-2015-1805 </p> 199 <h2 id="security_vulnerability_details"></h2> 200 <p><a href="#security_vulnerability_summary"></a> CVE Bug Bug ID AOSP Bug Bug ID AOSP </p> 201 <h3 id="remote_code_execution_vulnerability_in_dhcpcd">DHCPCD </h3> 202 <p> DHCP DHCP </p> 203 <table> 204 <tr> 205 <th>CVE</th> 206 <th>Bug AOSP </th> 207 <th></th> 208 <th></th> 209 <th></th> 210 </tr> 211 <tr> 212 <td>CVE-2014-6060</td> 213 <td><a href="https://android.googlesource.com/platform/external/dhcpcd/+/38cb7a7feff88d58fb4a565ba7f12cd4469af243">ANDROID-15268738</a></td> 214 <td></td> 215 <td>4.4.4</td> 216 <td>2014 7 30 </td> 217 </tr> 218 <tr> 219 <td>CVE-2014-6060</td> 220 <td><a href="https://android.googlesource.com/platform/external/dhcpcd/+/de806dfdb6dd3b9dec5d1d23c9029fb300799cf8">ANDROID-16677003</a></td> 221 <td></td> 222 <td>4.4.4</td> 223 <td>2014 7 30 </td> 224 </tr> 225 <tr> 226 <td>CVE-2016-1503</td> 227 <td><a href="https://android.googlesource.com/platform/external/dhcpcd/+/1390ace71179f04a09c300ee8d0300aa69d9db09">ANDROID-26461634</a></td> 228 <td></td> 229 <td>4.4.45.0.25.1.16.06.0.1</td> 230 <td>2016 1 4 </td> 231 </tr> 232 </table> 233 <h3 id="remote_code_execution_vulnerability_in_media_codec"></h3> 234 <p> mediaserver mediaserver </p> 235 <p></p> 236 <p> mediaserver mediaserver </p> 237 <table> 238 <tr> 239 <th>CVE</th> 240 <th>Bug</th> 241 <th></th> 242 <th></th> 243 <th></th> 244 </tr> 245 <tr> 246 <td>CVE-2016-0834</td> 247 <td>ANDROID-26220548*</td> 248 <td></td> 249 <td>6.06.0.1</td> 250 <td>2015 12 16 </td> 251 </tr> 252 </table> 253 <p>* AOSP <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> Nexus </p> 254 <h3 id="remote_code_execution_vulnerability_in_mediaserver">Mediaserver </h3> 255 <p> mediaserver mediaserver </p> 256 <p></p> 257 <p> mediaserver mediaserver </p> 258 <table> 259 <tr> 260 <th>CVE</th> 261 <th>Bug AOSP </th> 262 <th></th> 263 <th></th> 264 <th></th> 265 </tr> 266 <tr> 267 <td>CVE-2016-0835</td> 268 <td><a href="https://android.googlesource.com/platform/external/libmpeg2/+/ba604d336b40fd4bde1622f64d67135bdbd61301">ANDROID-26070014</a>[<a href="https://android.googlesource.com/platform/external/libmpeg2/+/58a6822d7140137ce957c6d2fc20bae1374186c1">2</a>]</td> 269 <td></td> 270 <td>6.06.0.1</td> 271 <td>2015 12 6 </td> 272 </tr> 273 <tr> 274 <td>CVE-2016-0836</td> 275 <td><a href="https://android.googlesource.com/platform/external/libmpeg2/+/8b4ed5a23175b7ffa56eea4678db7287f825e985">ANDROID-25812590</a></td> 276 <td></td> 277 <td>6.06.0.1</td> 278 <td>2015 11 19 </td> 279 </tr> 280 <tr> 281 <td>CVE-2016-0837</td> 282 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/7a282fb64fef25349e9d341f102d9cea3bf75baf">ANDROID-27208621</a></td> 283 <td></td> 284 <td>4.4.45.0.25.1.16.06.0.1</td> 285 <td>2016 2 11 </td> 286 </tr> 287 <tr> 288 <td>CVE-2016-0838</td> 289 <td><a href="https://android.googlesource.com/platform/external/sonivox/+/3ac044334c3ff6a61cb4238ff3ddaf17c7efcf49">ANDROID-26366256</a>[<a href="https://android.googlesource.com/platform/external/sonivox/+/24d7c408c52143bce7b49de82f3913fd8d1219cf">2</a>]</td> 290 <td></td> 291 <td>4.4.45.0.25.1.16.06.0.1</td> 292 <td>Google </td> 293 </tr> 294 <tr> 295 <td>CVE-2016-0839</td> 296 <td><a href="https://android.googlesource.com/platform/hardware/qcom/audio/+/ebbb82365172337c6c250c6cac4e326970a9e351">ANDROID-25753245</a></td> 297 <td></td> 298 <td>6.06.0.1</td> 299 <td>Google </td> 300 </tr> 301 <tr> 302 <td>CVE-2016-0840</td> 303 <td><a href="https://android.googlesource.com/platform/external/libavc/+/c57fc3703ae2e0d41b1f6580c50015937f2d23c1">ANDROID-26399350</a></td> 304 <td></td> 305 <td>6.06.0.1</td> 306 <td>Google </td> 307 </tr> 308 <tr> 309 <td>CVE-2016-0841</td> 310 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/3097f364237fb552871f7639d37a7afa4563e252">ANDROID-26040840</a></td> 311 <td></td> 312 <td>4.4.45.0.25.1.16.06.0.1</td> 313 <td>Google </td> 314 </tr> 315 </table> 316 <h3 id="remote_code_execution_vulnerability_in_libstagefright">libstagefright </h3> 317 <p> libstagefright mediaserver </p> 318 <p></p> 319 <p> mediaserver mediaserver </p> 320 <table> 321 <tr> 322 <th>CVE</th> 323 <th>Bug AOSP </th> 324 <th></th> 325 <th></th> 326 <th></th> 327 </tr> 328 <tr> 329 <td>CVE-2016-0842</td> 330 <td><a href="https://android.googlesource.com/platform/external/libavc/+/943323f1d9d3dd5c2634deb26cbe72343ca6b3db">ANDROID-25818142</a></td> 331 <td></td> 332 <td>6.06.0.1</td> 333 <td>2015 11 23 </td> 334 </tr> 335 </table> 336 <h3 id="elevation_of_privilege_vulnerability_in_kernel"></h3> 337 <p><a href="/security/advisory/2016-03-18.html">Android - 2016 3 18 </a></p> 338 <table> 339 <tr> 340 <th>CVE</th> 341 <th>Bug</th> 342 <th></th> 343 <th></th> 344 <th></th> 345 </tr> 346 <tr> 347 <td>CVE-2015-1805</td> 348 <td>ANDROID-27275324*</td> 349 <td></td> 350 <td>4.4.45.0.25.1.16.06.0.1</td> 351 <td>2016 2 19 </td> 352 </tr> 353 </table> 354 <p>* AOSP <a href="https://android.googlesource.com/kernel/common/+/bf010e99c9bc48002f6bfa1ad801a59bf996270f">3.14</a><a href="https://android.googlesource.com/kernel/common/+/4a5a45669796c5b4617109182e25b321f9f00beb">3.10</a> <a href="https://android.googlesource.com/kernel/common/+/f7ebfe91b806501808413c8473a300dff58ddbb5">3.4</a></p> 355 <h3 id="elevation_of_privilege_vulnerability_in_qualcomm_performance_module">Qualcomm </h3> 356 <p>Qualcomm ARM </p> 357 <table> 358 <tr> 359 <th>CVE</th> 360 <th>Bug</th> 361 <th></th> 362 <th></th> 363 <th></th> 364 </tr> 365 <tr> 366 <td>CVE-2016-0843</td> 367 <td>ANDROID-25801197*</td> 368 <td></td> 369 <td>4.4.45.0.25.1.16.06.0.1</td> 370 <td>2015 11 19 </td> 371 </tr> 372 </table> 373 <p>* AOSP <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> Nexus </p> 374 <h3 id="elevation_of_privilege_in_qualcomm_rf_component">Qualcomm RF </h3> 375 <p>Qualcomm RF </p> 376 <table> 377 <tr> 378 <th>CVE</th> 379 <th>Bug</th> 380 <th></th> 381 <th></th> 382 <th></th> 383 </tr> 384 <tr> 385 <td>CVE-2016-0844</td> 386 <td>ANDROID-26324307*</td> 387 <td></td> 388 <td>6.06.0.1</td> 389 <td>2015 12 25 </td> 390 </tr> 391 </table> 392 <p>* AOSP <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.18/commit/?id=90a9da2ea95e86b4f0ff493cd891a11da0ee67aa"> Linux Upstream </a></p> 393 <h3 id="elevation_of_privilege_vulnerability_in_kernel12"></h3> 394 <p></p> 395 <table> 396 <tr> 397 <th>CVE</th> 398 <th>Bug AOSP </th> 399 <th></th> 400 <th></th> 401 <th></th> 402 </tr> 403 <tr> 404 <td>CVE-2014-9322</td> 405 <td><a href="https://android.googlesource.com/kernel/common/+/c22e479e335628ce8766cfbf06e2ba17e8f9a1bb">ANDROID-26927260</a>[<a href="https://android.googlesource.com/kernel/common/+/1b627d4e5e61e89b840f77abb3ca6711ad6ffbeb">2</a>][<a href="https://android.googlesource.com/kernel/common/+/4c941665c7368a34b146929b31949555e680a4ee">3</a>]<br/>[<a href="https://android.googlesource.com/kernel/common/+/758f0dac9104b46016af98304656a0268ac3e105">4</a>][<a href="https://android.googlesource.com/kernel/common/+/44d057a37868a60bc2eb6e7d1dcea701f234d56a">5</a>][<a href="https://android.googlesource.com/kernel/common/+/b9b9f908c8ae82b73b9d75181982028b6bc06c2b">6</a>][<a href="https://android.googlesource.com/kernel/common/+/e068734f9e7344997a61022629b92d142a985ab3">7</a>][<a href="https://android.googlesource.com/kernel/common/+/fdc6c1052bc7d89a5826904fbb4318677e8442ce">8</a>][<a href="https://android.googlesource.com/kernel/common/+/211d59c0034ec9d88690c750ccd6da27f6952dc5">9</a>][<a href="https://android.googlesource.com/kernel/common/+/c9e31d5a4747e9967ace6d05896c78516c4c0850">10</a>][<a href="https://android.googlesource.com/kernel/common/+/e01834bfbafd25fd392bf10014451c4e5f34f829">11</a>]</td> 406 <td></td> 407 <td>6.06.0.1</td> 408 <td>2015 12 25 </td> 409 </tr> 410 </table> 411 <h3 id="elevation_of_privilege_in_imemory_native_interface">IMemory </h3> 412 <p>IMemory <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> </p> 413 <table> 414 <tr> 415 <th>CVE</th> 416 <th>Bug AOSP </th> 417 <th></th> 418 <th></th> 419 <th></th> 420 </tr> 421 <tr> 422 <td>CVE-2016-0846</td> 423 <td><a href="https://android.googlesource.com/platform/frameworks/native/+/f3199c228aced7858b75a8070b8358c155ae0149">ANDROID-26877992</a></td> 424 <td></td> 425 <td>4.4.45.0.25.1.16.06.0.1</td> 426 <td>2016 1 29 </td> 427 </tr> 428 </table> 429 <h3 id="elevation_of_privilege_vulnerability_in_telecom_component">Telecom </h3> 430 <p>Telecom <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> </p> 431 <table> 432 <tr> 433 <th>CVE</th> 434 <th>Bug AOSP </th> 435 <th></th> 436 <th></th> 437 <th></th> 438 </tr> 439 <tr> 440 <td>CVE-2016-0847</td> 441 <td><a href="https://android.googlesource.com/platform/packages/services/Telecomm/+/2750faaa1ec819eed9acffea7bd3daf867fda444">ANDROID-26864502</a>[<a href="https://android.googlesource.com/platform/packages/services/Telephony/+/a294ae5342410431a568126183efe86261668b5d">2</a>]</td> 442 <td></td> 443 <td>5.0.25.1.16.06.0.1</td> 444 <td>Google </td> 445 </tr> 446 </table> 447 <h3 id="elevation_of_privilege_vulnerability_in_download_manager"></h3> 448 <p> <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> </p> 449 <table> 450 <tr> 451 <th>CVE</th> 452 <th>Bug AOSP </th> 453 <th></th> 454 <th></th> 455 <th></th> 456 </tr> 457 <tr> 458 <td>CVE-2016-0848</td> 459 <td><a href="https://android.googlesource.com/platform/packages/providers/DownloadProvider/+/bdc831357e7a116bc561d51bf2ddc85ff11c01a9">ANDROID-26211054</a></td> 460 <td></td> 461 <td>4.4.45.0.25.1.16.06.0.1</td> 462 <td>2015 12 14 </td> 463 </tr> 464 </table> 465 <h3 id="elevation_of_privilege_in_recovery_procedure"></h3> 466 <p> <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> </p> 467 <table> 468 <tr> 469 <th>CVE</th> 470 <th>Bug AOSP </th> 471 <th></th> 472 <th></th> 473 <th></th> 474 </tr> 475 <tr> 476 <td>CVE-2016-0849</td> 477 <td><a href="https://android.googlesource.com/platform/bootable/recovery/+/28a566f7731b4cb76d2a9ba16d997ac5aeb07dad">ANDROID-26960931</a></td> 478 <td></td> 479 <td>5.0.25.1.16.06.0.1</td> 480 <td>2016 2 3 </td> 481 </tr> 482 </table> 483 <h3 id="elevation_of_privilege_in_bluetooth"></h3> 484 <p></p> 485 <table> 486 <tr> 487 <th>CVE</th> 488 <th>Bug AOSP </th> 489 <th></th> 490 <th></th> 491 <th></th> 492 </tr> 493 <tr> 494 <td>CVE-2016-0850</td> 495 <td><a href="https://android.googlesource.com/platform/external/bluetooth/bluedroid/+/c677ee92595335233eb0e7b59809a1a94e7a678a">ANDROID-26551752</a></td> 496 <td></td> 497 <td>4.4.45.0.25.1.16.06.0.1</td> 498 <td>2016 1 13 </td> 499 </tr> 500 </table> 501 <h3 id="elevation_of_privilege_in_texas_instruments_haptic_driver"></h3> 502 <p> Bug </p> 503 <table> 504 <tr> 505 <th>CVE</th> 506 <th>Bug</th> 507 <th></th> 508 <th></th> 509 <th></th> 510 </tr> 511 <tr> 512 <td>CVE-2016-2409</td> 513 <td>ANDROID-25981545*</td> 514 <td></td> 515 <td>6.06.0.1</td> 516 <td>2015 12 25 </td> 517 </tr> 518 </table> 519 <p>* AOSP <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> Nexus </p> 520 <h3 id="elevation_of_privilege_vulnerability_in_qualcomm_video_kernel_driver">Qualcomm </h3> 521 <p>Qualcomm </p> 522 <table> 523 <tr> 524 <th>CVE</th> 525 <th>Bug</th> 526 <th></th> 527 <th></th> 528 <th></th> 529 </tr> 530 <tr> 531 <td>CVE-2016-2410</td> 532 <td>ANDROID-26291677*</td> 533 <td></td> 534 <td>6.06.0.1</td> 535 <td>2015 12 21 </td> 536 </tr> 537 </table> 538 <p>* AOSP <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> Nexus </p> 539 <h3 id="elevation_of_privilege_vulnerability_in_qualcomm_power_management_component">Qualcomm </h3> 540 <p>Qualcomm Bug root</p> 541 <table> 542 <tr> 543 <th>CVE</th> 544 <th>Bug</th> 545 <th></th> 546 <th></th> 547 <th></th> 548 </tr> 549 <tr> 550 <td>CVE-2016-2411</td> 551 <td>ANDROID-26866053*</td> 552 <td></td> 553 <td>6.06.0.1</td> 554 <td>2016 1 28 </td> 555 </tr> 556 </table> 557 <p>* AOSP <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> Nexus </p> 558 <h3 id="elevation_of_privilege_vulnerability_in_system_server">System_server </h3> 559 <p>System_server <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> </p> 560 <table> 561 <tr> 562 <th>CVE</th> 563 <th>Bug AOSP </th> 564 <th></th> 565 <th></th> 566 <th></th> 567 </tr> 568 <tr> 569 <td>CVE-2016-2412</td> 570 <td><a href="https://android.googlesource.com/platform/external/skia/+/b36c23b3e6b0b316075cc43e466d44c62508fcac">ANDROID-26593930</a></td> 571 <td></td> 572 <td>4.4.45.0.25.1.16.06.0.1</td> 573 <td>2016 1 15 </td> 574 </tr> 575 </table> 576 <h3 id="elevation_of_privilege_vulnerability_in_mediaserver">Mediaserver </h3> 577 <p>Mediaserver <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> </p> 578 <table> 579 <tr> 580 <th>CVE</th> 581 <th>Bug AOSP </th> 582 <th></th> 583 <th></th> 584 <th></th> 585 </tr> 586 <tr> 587 <td>CVE-2016-2413</td> 588 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/25be9ac20db51044e1b09ca67906355e4f328d48">ANDROID-26403627</a></td> 589 <td></td> 590 <td>5.0.25.1.16.06.0.1</td> 591 <td>2016 1 5 </td> 592 </tr> 593 </table> 594 <h3 id="denial_of_service_vulnerability_in_minikin">Minikin </h3> 595 <p>Minikin Minikin </p> 596 <table> 597 <tr> 598 <th>CVE</th> 599 <th>Bug AOSP </th> 600 <th></th> 601 <th></th> 602 <th></th> 603 </tr> 604 <tr> 605 <td>CVE-2016-2414</td> 606 <td><a href="https://android.googlesource.com/platform/frameworks/minikin/+/ca8ac8acdad662230ae37998c6c4091bb39402b6">ANDROID-26413177</a>[<a href="https://android.googlesource.com/platform/frameworks/minikin/+/f4785aa1947b8d22d5b19559ef1ca526d98e0e73">2</a>]</td> 607 <td></td> 608 <td>5.0.25.1.16.06.0.1</td> 609 <td>2015 11 3 </td> 610 </tr> 611 </table> 612 <h3 id="information_disclosure_vulnerability_in_exchange_activesync">Exchange ActiveSync </h3> 613 <p>Exchange ActiveSync </p> 614 <table> 615 <tr> 616 <th>CVE</th> 617 <th>Bug AOSP </th> 618 <th></th> 619 <th></th> 620 <th></th> 621 </tr> 622 <tr> 623 <td>CVE-2016-2415</td> 624 <td><a href="https://android.googlesource.com/platform/packages/apps/Exchange/+/0d1a38b1755efe7ed4e8d7302a24186616bba9b2">ANDROID-26488455</a></td> 625 <td></td> 626 <td>5.0.25.1.16.06.0.1</td> 627 <td>2016 1 11 </td> 628 </tr> 629 </table> 630 <h3 id="information_disclosure_vulnerability_in_mediaserver">Mediaserver </h3> 631 <p>Mediaserver <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> </p> 632 <table> 633 <tr> 634 <th>CVE</th> 635 <th>Bug AOSP </th> 636 <th></th> 637 <th></th> 638 <th></th> 639 </tr> 640 <tr> 641 <td>CVE-2016-2416</td> 642 <td><a href="https://android.googlesource.com/platform/frameworks/native/+/85d253fab5e2c01bd90990667c6de25c282fc5cd">ANDROID-27046057</a>[<a href="https://android.googlesource.com/platform/frameworks/native/+/a40b30f5c43726120bfe69d41ff5aeb31fe1d02a">2</a>]</td> 643 <td></td> 644 <td>4.4.45.0.25.1.16.06.0.1</td> 645 <td>2016 2 5 </td> 646 </tr> 647 <tr> 648 <td>CVE-2016-2417</td> 649 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/1171e7c047bf79e7c93342bb6a812c9edd86aa84">ANDROID-26914474</a></td> 650 <td></td> 651 <td>4.4.45.0.25.1.16.06.0.1</td> 652 <td>2016 2 1 </td> 653 </tr> 654 <tr> 655 <td>CVE-2016-2418</td> 656 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/8d87321b704cb3f88e8cae668937d001fd63d5e3">ANDROID-26324358</a></td> 657 <td></td> 658 <td>6.06.0.1</td> 659 <td>2015 12 24 </td> 660 </tr> 661 <tr> 662 <td>CVE-2016-2419</td> 663 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/5a856f2092f7086aa0fea9ae06b9255befcdcd34">ANDROID-26323455</a></td> 664 <td></td> 665 <td>6.06.0.1</td> 666 <td>2015 12 24 </td> 667 </tr> 668 </table> 669 <h3 id="elevation_of_privilege_vulnerability_in_debuggerd_component">Debuggerd </h3> 670 <p>Debuggerd Bug Android 4.4.4 system root Android 5.0 SELinux </p> 671 <table> 672 <tr> 673 <th>CVE</th> 674 <th>Bug AOSP </th> 675 <th></th> 676 <th></th> 677 <th></th> 678 </tr> 679 <tr> 680 <td>CVE-2016-2420</td> 681 <td><a href="https://android.googlesource.com/platform/system/core/+/669ecc2f5e80ff924fa20ce7445354a7c5bcfd98">ANDROID-26403620</a>[<a href="https://android.googlesource.com/platform/system/core/+/81df1cc77722000f8d0025c1ab00ced123aa573c">2</a>]</td> 682 <td></td> 683 <td>4.4.45.0.25.1.16.06.0.1</td> 684 <td>2016 1 5 </td> 685 </tr> 686 </table> 687 <h3 id="elevation_of_privilege_vulnerability_in_setup_wizard"></h3> 688 <p></p> 689 <table> 690 <tr> 691 <th>CVE</th> 692 <th>Bug</th> 693 <th></th> 694 <th></th> 695 <th></th> 696 </tr> 697 <tr> 698 <td>CVE-2016-2421</td> 699 <td>ANDROID-26154410*</td> 700 <td></td> 701 <td>5.1.16.06.0.1</td> 702 <td>Google </td> 703 </tr> 704 </table> 705 <p>* AOSP <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> Nexus </p> 706 <h3 id="elevation_of_privilege_in_wi-fi">WLAN </h3> 707 <p>WLAN <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> </p> 708 <table> 709 <tr> 710 <th>CVE</th> 711 <th>Bug AOSP </th> 712 <th></th> 713 <th></th> 714 <th></th> 715 </tr> 716 <tr> 717 <td>CVE-2016-2422</td> 718 <td><a href="https://android.googlesource.com/platform/packages/apps/CertInstaller/+/70dde9870e9450e10418a32206ac1bb30f036b2c">ANDROID-26324357</a></td> 719 <td></td> 720 <td>4.4.45.0.25.1.16.06.0.1</td> 721 <td>2015 12 23 </td> 722 </tr> 723 </table> 724 <h3 id="elevation_of_privilege_in_telephony">Telephony </h3> 725 <p>Telephony </p> 726 <table> 727 <tr> 728 <th>CVE</th> 729 <th>Bug AOSP </th> 730 <th></th> 731 <th></th> 732 <th></th> 733 </tr> 734 <tr> 735 <td>CVE-2016-2423</td> 736 <td><a href="https://android.googlesource.com/platform/packages/services/Telecomm/+/a06c9a4aef69ae27b951523cf72bf72412bf48fa">ANDROID-26303187</a></td> 737 <td></td> 738 <td>4.4.45.0.25.1.16.06.0.1</td> 739 <td>Google </td> 740 </tr> 741 </table> 742 <h3 id="denial_of_service_in_syncstorageengine">SyncStorageEngine </h3> 743 <p> SyncStorageEngine </p> 744 <table> 745 <tr> 746 <th>CVE</th> 747 <th>Bug AOSP </th> 748 <th></th> 749 <th></th> 750 <th></th> 751 </tr> 752 <tr> 753 <td>CVE-2016-2424</td> 754 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/d3383d5bfab296ba3adbc121ff8a7b542bde4afb">ANDROID-26513719</a></td> 755 <td></td> 756 <td>4.4.45.0.25.1.16.06.0.1</td> 757 <td>Google </td> 758 </tr> 759 </table> 760 <h3 id="information_disclosure_vulnerability_in_aosp_mail">AOSP </h3> 761 <p>AOSP dangerous</p> 762 <table> 763 <tr> 764 <th>CVE</th> 765 <th>Bug AOSP </th> 766 <th></th> 767 <th></th> 768 <th></th> 769 </tr> 770 <tr> 771 <td>CVE-2016-2425</td> 772 <td><a href="https://android.googlesource.com/platform/packages/apps/UnifiedEmail/+/0d9dfd649bae9c181e3afc5d571903f1eb5dc46f">ANDROID-26989185</a></td> 773 <td></td> 774 <td>4.4.45.1.16.06.0.1</td> 775 <td>2016 1 29 </td> 776 </tr> 777 <tr> 778 <td>CVE-2016-2425</td> 779 <td>ANDROID-7154234*</td> 780 <td></td> 781 <td>5.0.2</td> 782 <td>2016 1 29 </td> 783 </tr> 784 </table> 785 <p>* AOSP <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> Nexus </p> 786 <h3 id="information_disclosure_vulnerability_in_framework">Framework </h3> 787 <p>Framework </p> 788 <table> 789 <tr> 790 <th>CVE</th> 791 <th>Bug AOSP </th> 792 <th></th> 793 <th></th> 794 <th></th> 795 </tr> 796 <tr> 797 <td>CVE-2016-2426</td> 798 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/63363af721650e426db5b0bdfb8b2d4fe36abdb0">ANDROID-26094635</a></td> 799 <td></td> 800 <td>4.4.45.0.25.1.16.06.0.1</td> 801 <td>2015 12 8 </td> 802 </tr> 803 </table> 804 <h3 id="information_disclosure_vulnerability_in_bouncycastle">BouncyCastle </h3> 805 <p>BouncyCastle dangerous</p> 806 <table> 807 <tr> 808 <th>CVE</th> 809 <th>Bug AOSP </th> 810 <th></th> 811 <th></th> 812 <th></th> 813 </tr> 814 <tr> 815 <td>CVE-2016-2427</td> 816 <td><a href="https://android.googlesource.com/platform/libcore/+/efd369d996fd38c50a50ea0de8f20507253cb6de">ANDROID-26234568</a>[<a href="https://android.googlesource.com/platform/external/bouncycastle/+/b3bddea0f33c0459293c6419569ad151b4a7b44b">2</a>]</td> 817 <td></td> 818 <td>5.0.25.1.16.06.0.1</td> 819 <td>Google </td> 820 </tr> 821 </table> 822 <h2 id="common_questions_and_answers"></h2> 823 <p></p> 824 <p><strong>1. </strong></p> 825 <p>2016 4 2 <a href="https://support.google.com/nexus/answer/4457705">Nexus </a> [ro.build.version.security_patch]:[2016-04-02]</p> 826 <p><strong>2. 2016 4 2 827 </strong></p> 828 <p> 4 2016 4 1 CVE-2015-1805 <a href="/security/advisory/2016-03-18.html">Android - 2016 3 18 </a>2016 4 2 CVE-2015-1805 <a href="/security/advisory/2016-03-18.html">Android - 2016 3 18 </a></p> 829 <h2 id="revisions"></h2> 830 <ul> 831 <li>2016 4 4 832 </li><li>2016 4 6 AOSP 833 </li></ul> 834 835 </body> 836 </html> 837