Home | History | Annotate | Download | only in bulletin
      1 <html devsite>
      2   <head>
      3     <title>Nexus  - 2016  4 </title>
      4     <meta name="project_path" value="/_project.yaml" />
      5     <meta name="book_path" value="/_book.yaml" />
      6   </head>
      7   <body>
      8   <!--
      9       Copyright 2017 The Android Open Source Project
     10 
     11       Licensed under the Apache License, Version 2.0 (the "License");
     12       you may not use this file except in compliance with the License.
     13       You may obtain a copy of the License at
     14 
     15           http://www.apache.org/licenses/LICENSE-2.0
     16 
     17       Unless required by applicable law or agreed to in writing, software
     18       distributed under the License is distributed on an "AS IS" BASIS,
     19       WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     20       See the License for the specific language governing permissions and
     21       limitations under the License.
     22   -->
     23 
     24 
     25 
     26 
     27 
     28 <p><em>2016  4  4  | 2016  4  6 </em></p>
     29 <p> Android  (OTA)  Nexus  <a href="https://developers.google.com/android/nexus/images">Google Developers </a> Nexus  2016  4  2  <a href="https://support.google.com/nexus/answer/4457705">Nexus </a></p>
     30 <p> 2016  3  16  Android  (AOSP) </p>
     31 <p></p>
     32 <p><a href="/security/advisory/2016-03-18.html">Android  - 2016  3  18 </a> Root  <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1805">CVE-2015-1805</a> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1805">CVE-2015-1805</a> <a href="#mitigations"></a> <a href="/security/enhancements/index.html">Android </a> SafetyNet Android </p>
     33 <h2 id="security_vulnerability_summary"></h2>
     34 <p> CVE<a href="/security/overview/updates-resources.html#severity"></a></p>
     35 <table>
     36 <tr>
     37 <th></th>
     38 <th>CVE</th>
     39 <th></th>
     40 </tr>
     41 <tr>
     42 <td>DHCPCD </td>
     43 <td>CVE-2016-1503<br/>CVE-2014-6060</td>
     44 <td></td>
     45 </tr>
     46 <tr>
     47 <td></td>
     48 <td>CVE-2016-0834</td>
     49 <td></td>
     50 </tr>
     51 <tr>
     52 <td>Mediaserver </td>
     53 <td>CVE-2016-0835<br/>CVE-2016-0836<br/>CVE-2016-0837<br/>CVE-2016-0838<br/>CVE-2016-0839<br/>CVE-2016-0840<br/>CVE-2016-0841</td>
     54 <td></td>
     55 </tr>
     56 <tr>
     57 <td>libstagefright </td>
     58 <td>CVE-2016-0842</td>
     59 <td></td>
     60 </tr>
     61 <tr>
     62 <td></td>
     63 <td>CVE-2015-1805</td>
     64 <td></td>
     65 </tr>
     66 <tr>
     67 <td>Qualcomm <br/></td>
     68 <td>CVE-2016-0843</td>
     69 <td></td>
     70 </tr>
     71 <tr>
     72 <td>Qualcomm RF </td>
     73 <td>CVE-2016-0844</td>
     74 <td></td>
     75 </tr>
     76 <tr>
     77 <td></td>
     78 <td>CVE-2014-9322</td>
     79 <td></td>
     80 </tr>
     81 <tr>
     82 <td>IMemory </td>
     83 <td>CVE-2016-0846</td>
     84 <td></td>
     85 </tr>
     86 <tr>
     87 <td>Telecom </td>
     88 <td>CVE-2016-0847</td>
     89 <td></td>
     90 </tr>
     91 <tr>
     92 <td></td>
     93 <td>CVE-2016-0848</td>
     94 <td></td>
     95 </tr>
     96 <tr>
     97 <td></td>
     98 <td>CVE-2016-0849</td>
     99 <td></td>
    100 </tr>
    101 <tr>
    102 <td></td>
    103 <td>CVE-2016-0850</td>
    104 <td></td>
    105 </tr>
    106 <tr>
    107 <td></td>
    108 <td>CVE-2016-2409</td>
    109 <td></td>
    110 </tr>
    111 <tr>
    112 <td></td>
    113 <td>CVE-2016-2410</td>
    114 <td></td>
    115 </tr>
    116 <tr>
    117 <td>Qualcomm <br/></td>
    118 <td>CVE-2016-2411</td>
    119 <td></td>
    120 </tr>
    121 <tr>
    122 <td>System_server </td>
    123 <td>CVE-2016-2412</td>
    124 <td></td>
    125 </tr>
    126 <tr>
    127 <td>Mediaserver </td>
    128 <td>CVE-2016-2413</td>
    129 <td></td>
    130 </tr>
    131 <tr>
    132 <td>Minikin </td>
    133 <td>CVE-2016-2414</td>
    134 <td></td>
    135 </tr>
    136 <tr>
    137 <td>Exchange ActiveSync </td>
    138 <td>CVE-2016-2415</td>
    139 <td></td>
    140 </tr>
    141 <tr>
    142 <td>Mediaserver </td>
    143 <td>CVE-2016-2416<br/>CVE-2016-2417<br/>CVE-2016-2418<br/>CVE-2016-2419</td>
    144 <td></td>
    145 </tr>
    146 <tr>
    147 <td>Debuggerd </td>
    148 <td>CVE-2016-2420</td>
    149 <td></td>
    150 </tr>
    151 <tr>
    152 <td></td>
    153 <td>CVE-2016-2421</td>
    154 <td></td>
    155 </tr>
    156 <tr>
    157 <td>WLAN </td>
    158 <td>CVE-2016-2422</td>
    159 <td></td>
    160 </tr>
    161 <tr>
    162 <td>Telephony </td>
    163 <td>CVE-2016-2423</td>
    164 <td></td>
    165 </tr>
    166 <tr>
    167 <td>SyncStorageEngine </td>
    168 <td>CVE-2016-2424</td>
    169 <td></td>
    170 </tr>
    171 <tr>
    172 <td>AOSP </td>
    173 <td>CVE-2016-2425</td>
    174 <td></td>
    175 </tr>
    176 <tr>
    177 <td>Framework </td>
    178 <td>CVE-2016-2426</td>
    179 <td></td>
    180 </tr>
    181 <tr>
    182 <td>BouncyCastle </td>
    183 <td>CVE-2016-2427</td>
    184 <td></td>
    185 </tr>
    186 </table>
    187 <h2 id="mitigations"></h2>
    188 <p> <a href="/security/enhancements/index.html">Android </a> SafetyNet Android </p>
    189 <ul>
    190 <li> Android  Android  Android
    191   </li><li>Android  SafetyNet Google Play  Root  Google Play  Root 
    192   </li><li> Google  Messenger  mediaserver 
    193 </li></ul>
    194 <h2 id="acknowledgements"></h2>
    195 <p>Android </p>
    196 <ul>
    197 <li>Google Chrome  Abhishek AryaOliver Chang  Martin BarbellaCVE-2016-0834CVE-2016-0841CVE-2016-0840CVE-2016-0839CVE-2016-0838</li><li>CENSUS S.A.  Anestis Bechtsoudis (<a href="https://twitter.com/anestisb">@anestisb</a>)CVE-2016-0842CVE-2016-0836CVE-2016-0835</li><li>Google Telecom  Brad Ebinger  Santos CordonCVE-2016-0847</li><li><a href="https://www.ibr.cs.tu-bs.de"></a> Dominik SchrmannCVE-2016-2425</li><li> 360 IceSword  Gengjia Chen (<a href="https://twitter.com/chengjia4574">@chengjia4574</a>)<a href="http://weibo.com/jfpan">pjf</a>  Jianqiang Zhao (<a href="https://twitter.com/jianqiangzhao">@jianqiangzhao</a>)CVE-2016-0844</li><li> <a href="https://www.epfl.ch">cole polytechnique fdrale de Lausanne</a>  <a href="mailto:gpiskas (a] gmail.com">George Piskas</a>CVE-2016-2426</li><li><a href="http://www.360.com/"> 360 </a> (<a href="https://twitter.com/oldfresher">@oldfresher</a>)CVE-2016-2412CVE-2016-2416</li><li>Google Project Zero  James ForshawCVE-2016-2417CVE-2016-0846</li><li> 360 IceSword  Jianqiang Zhao (<a href="https://twitter.com/jianqiangzhao">@jianqiangzhao</a>)<a href="http://weibo.com/jfpan">pjf</a>  Gengjia Chen (<a href="https://twitter.com/chengjia4574">@chengjia4574</a>)CVE-2016-2410CVE-2016-2411</li><li> 360 IceSword  Jianqiang Zhao (<a href="https://twitter.com/jianqiangzhao">@jianqiangzhao</a>)  <a href="http://weibo.com/jfpan">pjf</a>CVE-2016-2409</li><li>Vertu Corporation LTD  Nancy WangCVE-2016-0837</li><li> <a href="mailto:nasim (a] zamir.ca">Nasim Zamir</a>CVE-2016-2409</li><li>Qualcomm  Nico Golde (<a href="https://twitter.com/iamnion">@iamnion</a>)CVE-2016-2420CVE-2016-0849</li><li> Peter Pi (<a href="https://twitter.com/heisecode">@heisecode</a>)CVE-2016-2418CVE-2016-2413CVE-2016-2419</li><li>Google  Quan NguyenCVE-2016-2427</li><li>Richard ShupakCVE-2016-2415</li><li><a href="https://labs.mwrinfosecurity.com/">MWR </a> Romain Trouv (<a href="https://twitter.com/bouuntyyy">@bouuntyyy)</a>CVE-2016-0850</li><li>Stuart HendersonCVE-2016-2422</li><li>Android  Vishwath MohanCVE-2016-2424</li><li> Weichao Sun (<a href="https://twitter.com/sunblate">@sunblate</a>)CVE-2016-2414</li><li> (<a href="https://twitter.com/wish_wu">@wish_wu</a>)CVE-2016-0843</li><li>  <a href="mailto:luc2yj (a] gmail.com">Yeonjoon Lee</a>  <a href="mailto:xw7 (a] indiana.edu">Xiaofeng Wang</a> <a href="mailto:litongxin1991 (a] gmail.com">Tongxin Li</a>  <a href="mailto:hanxinhui (a] pku.edu.cn">Xinhui Han</a>CVE-2016-0848</li></ul>
    198 <p>Android  <a href="http://c0reteam.org">C0RE </a> <a href="mailto:computernik (a] gmail.com">Yuan-Tsung Lo</a><a href="mailto:vancouverdou (a] gmail.com">Wenke Dou</a>Chiachih Wu (<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>)  Xuxian Jiang  <a href="https://www.zimperium.com/">Zimperium</a>  CVE-2015-1805 </p>
    199 <h2 id="security_vulnerability_details"></h2>
    200 <p><a href="#security_vulnerability_summary"></a> CVE Bug Bug ID  AOSP  Bug  Bug ID  AOSP </p>
    201 <h3 id="remote_code_execution_vulnerability_in_dhcpcd">DHCPCD </h3>
    202 <p> DHCP DHCP </p>
    203 <table>
    204 <tr>
    205 <th>CVE</th>
    206 <th>Bug AOSP </th>
    207 <th></th>
    208 <th></th>
    209 <th></th>
    210 </tr>
    211 <tr>
    212 <td>CVE-2014-6060</td>
    213 <td><a href="https://android.googlesource.com/platform/external/dhcpcd/+/38cb7a7feff88d58fb4a565ba7f12cd4469af243">ANDROID-15268738</a></td>
    214 <td></td>
    215 <td>4.4.4</td>
    216 <td>2014  7  30 </td>
    217 </tr>
    218 <tr>
    219 <td>CVE-2014-6060</td>
    220 <td><a href="https://android.googlesource.com/platform/external/dhcpcd/+/de806dfdb6dd3b9dec5d1d23c9029fb300799cf8">ANDROID-16677003</a></td>
    221 <td></td>
    222 <td>4.4.4</td>
    223 <td>2014  7  30 </td>
    224 </tr>
    225 <tr>
    226 <td>CVE-2016-1503</td>
    227 <td><a href="https://android.googlesource.com/platform/external/dhcpcd/+/1390ace71179f04a09c300ee8d0300aa69d9db09">ANDROID-26461634</a></td>
    228 <td></td>
    229 <td>4.4.45.0.25.1.16.06.0.1</td>
    230 <td>2016  1  4 </td>
    231 </tr>
    232 </table>
    233 <h3 id="remote_code_execution_vulnerability_in_media_codec"></h3>
    234 <p> mediaserver  mediaserver </p>
    235 <p></p>
    236 <p> mediaserver mediaserver </p>
    237 <table>
    238 <tr>
    239 <th>CVE</th>
    240 <th>Bug</th>
    241 <th></th>
    242 <th></th>
    243 <th></th>
    244 </tr>
    245 <tr>
    246 <td>CVE-2016-0834</td>
    247 <td>ANDROID-26220548*</td>
    248 <td></td>
    249 <td>6.06.0.1</td>
    250 <td>2015  12  16 </td>
    251 </tr>
    252 </table>
    253 <p>* AOSP <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> Nexus </p>
    254 <h3 id="remote_code_execution_vulnerability_in_mediaserver">Mediaserver </h3>
    255 <p> mediaserver  mediaserver </p>
    256 <p></p>
    257 <p> mediaserver mediaserver </p>
    258 <table>
    259 <tr>
    260 <th>CVE</th>
    261 <th>Bug AOSP </th>
    262 <th></th>
    263 <th></th>
    264 <th></th>
    265 </tr>
    266 <tr>
    267 <td>CVE-2016-0835</td>
    268 <td><a href="https://android.googlesource.com/platform/external/libmpeg2/+/ba604d336b40fd4bde1622f64d67135bdbd61301">ANDROID-26070014</a>[<a href="https://android.googlesource.com/platform/external/libmpeg2/+/58a6822d7140137ce957c6d2fc20bae1374186c1">2</a>]</td>
    269 <td></td>
    270 <td>6.06.0.1</td>
    271 <td>2015  12  6 </td>
    272 </tr>
    273 <tr>
    274 <td>CVE-2016-0836</td>
    275 <td><a href="https://android.googlesource.com/platform/external/libmpeg2/+/8b4ed5a23175b7ffa56eea4678db7287f825e985">ANDROID-25812590</a></td>
    276 <td></td>
    277 <td>6.06.0.1</td>
    278 <td>2015  11  19 </td>
    279 </tr>
    280 <tr>
    281 <td>CVE-2016-0837</td>
    282 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/7a282fb64fef25349e9d341f102d9cea3bf75baf">ANDROID-27208621</a></td>
    283 <td></td>
    284 <td>4.4.45.0.25.1.16.06.0.1</td>
    285 <td>2016  2  11 </td>
    286 </tr>
    287 <tr>
    288 <td>CVE-2016-0838</td>
    289 <td><a href="https://android.googlesource.com/platform/external/sonivox/+/3ac044334c3ff6a61cb4238ff3ddaf17c7efcf49">ANDROID-26366256</a>[<a href="https://android.googlesource.com/platform/external/sonivox/+/24d7c408c52143bce7b49de82f3913fd8d1219cf">2</a>]</td>
    290 <td></td>
    291 <td>4.4.45.0.25.1.16.06.0.1</td>
    292 <td>Google </td>
    293 </tr>
    294 <tr>
    295 <td>CVE-2016-0839</td>
    296 <td><a href="https://android.googlesource.com/platform/hardware/qcom/audio/+/ebbb82365172337c6c250c6cac4e326970a9e351">ANDROID-25753245</a></td>
    297 <td></td>
    298 <td>6.06.0.1</td>
    299 <td>Google </td>
    300 </tr>
    301 <tr>
    302 <td>CVE-2016-0840</td>
    303 <td><a href="https://android.googlesource.com/platform/external/libavc/+/c57fc3703ae2e0d41b1f6580c50015937f2d23c1">ANDROID-26399350</a></td>
    304 <td></td>
    305 <td>6.06.0.1</td>
    306 <td>Google </td>
    307 </tr>
    308 <tr>
    309 <td>CVE-2016-0841</td>
    310 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/3097f364237fb552871f7639d37a7afa4563e252">ANDROID-26040840</a></td>
    311 <td></td>
    312 <td>4.4.45.0.25.1.16.06.0.1</td>
    313 <td>Google </td>
    314 </tr>
    315 </table>
    316 <h3 id="remote_code_execution_vulnerability_in_libstagefright">libstagefright </h3>
    317 <p> libstagefright  mediaserver </p>
    318 <p></p>
    319 <p> mediaserver mediaserver </p>
    320 <table>
    321 <tr>
    322 <th>CVE</th>
    323 <th>Bug AOSP </th>
    324 <th></th>
    325 <th></th>
    326 <th></th>
    327 </tr>
    328 <tr>
    329 <td>CVE-2016-0842</td>
    330 <td><a href="https://android.googlesource.com/platform/external/libavc/+/943323f1d9d3dd5c2634deb26cbe72343ca6b3db">ANDROID-25818142</a></td>
    331 <td></td>
    332 <td>6.06.0.1</td>
    333 <td>2015  11  23 </td>
    334 </tr>
    335 </table>
    336 <h3 id="elevation_of_privilege_vulnerability_in_kernel"></h3>
    337 <p><a href="/security/advisory/2016-03-18.html">Android  - 2016  3  18 </a></p>
    338 <table>
    339 <tr>
    340 <th>CVE</th>
    341 <th>Bug</th>
    342 <th></th>
    343 <th></th>
    344 <th></th>
    345 </tr>
    346 <tr>
    347 <td>CVE-2015-1805</td>
    348 <td>ANDROID-27275324*</td>
    349 <td></td>
    350 <td>4.4.45.0.25.1.16.06.0.1</td>
    351 <td>2016  2  19 </td>
    352 </tr>
    353 </table>
    354 <p>* AOSP <a href="https://android.googlesource.com/kernel/common/+/bf010e99c9bc48002f6bfa1ad801a59bf996270f">3.14</a><a href="https://android.googlesource.com/kernel/common/+/4a5a45669796c5b4617109182e25b321f9f00beb">3.10</a>  <a href="https://android.googlesource.com/kernel/common/+/f7ebfe91b806501808413c8473a300dff58ddbb5">3.4</a></p>
    355 <h3 id="elevation_of_privilege_vulnerability_in_qualcomm_performance_module">Qualcomm </h3>
    356 <p>Qualcomm ARM </p>
    357 <table>
    358 <tr>
    359 <th>CVE</th>
    360 <th>Bug</th>
    361 <th></th>
    362 <th></th>
    363 <th></th>
    364 </tr>
    365 <tr>
    366 <td>CVE-2016-0843</td>
    367 <td>ANDROID-25801197*</td>
    368 <td></td>
    369 <td>4.4.45.0.25.1.16.06.0.1</td>
    370 <td>2015  11  19 </td>
    371 </tr>
    372 </table>
    373 <p>* AOSP <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> Nexus </p>
    374 <h3 id="elevation_of_privilege_in_qualcomm_rf_component">Qualcomm RF </h3>
    375 <p>Qualcomm RF </p>
    376 <table>
    377 <tr>
    378 <th>CVE</th>
    379 <th>Bug</th>
    380 <th></th>
    381 <th></th>
    382 <th></th>
    383 </tr>
    384 <tr>
    385 <td>CVE-2016-0844</td>
    386 <td>ANDROID-26324307*</td>
    387 <td></td>
    388 <td>6.06.0.1</td>
    389 <td>2015  12  25 </td>
    390 </tr>
    391 </table>
    392 <p>* AOSP <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.18/commit/?id=90a9da2ea95e86b4f0ff493cd891a11da0ee67aa"> Linux Upstream </a></p>
    393 <h3 id="elevation_of_privilege_vulnerability_in_kernel12"></h3>
    394 <p></p>
    395 <table>
    396 <tr>
    397 <th>CVE</th>
    398 <th>Bug AOSP </th>
    399 <th></th>
    400 <th></th>
    401 <th></th>
    402 </tr>
    403 <tr>
    404 <td>CVE-2014-9322</td>
    405 <td><a href="https://android.googlesource.com/kernel/common/+/c22e479e335628ce8766cfbf06e2ba17e8f9a1bb">ANDROID-26927260</a>[<a href="https://android.googlesource.com/kernel/common/+/1b627d4e5e61e89b840f77abb3ca6711ad6ffbeb">2</a>][<a href="https://android.googlesource.com/kernel/common/+/4c941665c7368a34b146929b31949555e680a4ee">3</a>]<br/>[<a href="https://android.googlesource.com/kernel/common/+/758f0dac9104b46016af98304656a0268ac3e105">4</a>][<a href="https://android.googlesource.com/kernel/common/+/44d057a37868a60bc2eb6e7d1dcea701f234d56a">5</a>][<a href="https://android.googlesource.com/kernel/common/+/b9b9f908c8ae82b73b9d75181982028b6bc06c2b">6</a>][<a href="https://android.googlesource.com/kernel/common/+/e068734f9e7344997a61022629b92d142a985ab3">7</a>][<a href="https://android.googlesource.com/kernel/common/+/fdc6c1052bc7d89a5826904fbb4318677e8442ce">8</a>][<a href="https://android.googlesource.com/kernel/common/+/211d59c0034ec9d88690c750ccd6da27f6952dc5">9</a>][<a href="https://android.googlesource.com/kernel/common/+/c9e31d5a4747e9967ace6d05896c78516c4c0850">10</a>][<a href="https://android.googlesource.com/kernel/common/+/e01834bfbafd25fd392bf10014451c4e5f34f829">11</a>]</td>
    406 <td></td>
    407 <td>6.06.0.1</td>
    408 <td>2015  12  25 </td>
    409 </tr>
    410 </table>
    411 <h3 id="elevation_of_privilege_in_imemory_native_interface">IMemory </h3>
    412 <p>IMemory  <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a>  <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> </p>
    413 <table>
    414 <tr>
    415 <th>CVE</th>
    416 <th>Bug AOSP </th>
    417 <th></th>
    418 <th></th>
    419 <th></th>
    420 </tr>
    421 <tr>
    422 <td>CVE-2016-0846</td>
    423 <td><a href="https://android.googlesource.com/platform/frameworks/native/+/f3199c228aced7858b75a8070b8358c155ae0149">ANDROID-26877992</a></td>
    424 <td></td>
    425 <td>4.4.45.0.25.1.16.06.0.1</td>
    426 <td>2016  1  29 </td>
    427 </tr>
    428 </table>
    429 <h3 id="elevation_of_privilege_vulnerability_in_telecom_component">Telecom </h3>
    430 <p>Telecom  <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a>  <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> </p>
    431 <table>
    432 <tr>
    433 <th>CVE</th>
    434 <th>Bug AOSP </th>
    435 <th></th>
    436 <th></th>
    437 <th></th>
    438 </tr>
    439 <tr>
    440 <td>CVE-2016-0847</td>
    441 <td><a href="https://android.googlesource.com/platform/packages/services/Telecomm/+/2750faaa1ec819eed9acffea7bd3daf867fda444">ANDROID-26864502</a>[<a href="https://android.googlesource.com/platform/packages/services/Telephony/+/a294ae5342410431a568126183efe86261668b5d">2</a>]</td>
    442 <td></td>
    443 <td>5.0.25.1.16.06.0.1</td>
    444 <td>Google </td>
    445 </tr>
    446 </table>
    447 <h3 id="elevation_of_privilege_vulnerability_in_download_manager"></h3>
    448 <p> <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a>  <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> </p>
    449 <table>
    450 <tr>
    451 <th>CVE</th>
    452 <th>Bug AOSP </th>
    453 <th></th>
    454 <th></th>
    455 <th></th>
    456 </tr>
    457 <tr>
    458 <td>CVE-2016-0848</td>
    459 <td><a href="https://android.googlesource.com/platform/packages/providers/DownloadProvider/+/bdc831357e7a116bc561d51bf2ddc85ff11c01a9">ANDROID-26211054</a></td>
    460 <td></td>
    461 <td>4.4.45.0.25.1.16.06.0.1</td>
    462 <td>2015  12  14 </td>
    463 </tr>
    464 </table>
    465 <h3 id="elevation_of_privilege_in_recovery_procedure"></h3>
    466 <p> <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a>  <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> </p>
    467 <table>
    468 <tr>
    469 <th>CVE</th>
    470 <th>Bug AOSP </th>
    471 <th></th>
    472 <th></th>
    473 <th></th>
    474 </tr>
    475 <tr>
    476 <td>CVE-2016-0849</td>
    477 <td><a href="https://android.googlesource.com/platform/bootable/recovery/+/28a566f7731b4cb76d2a9ba16d997ac5aeb07dad">ANDROID-26960931</a></td>
    478 <td></td>
    479 <td>5.0.25.1.16.06.0.1</td>
    480 <td>2016  2  3 </td>
    481 </tr>
    482 </table>
    483 <h3 id="elevation_of_privilege_in_bluetooth"></h3>
    484 <p></p>
    485 <table>
    486 <tr>
    487 <th>CVE</th>
    488 <th>Bug AOSP </th>
    489 <th></th>
    490 <th></th>
    491 <th></th>
    492 </tr>
    493 <tr>
    494 <td>CVE-2016-0850</td>
    495 <td><a href="https://android.googlesource.com/platform/external/bluetooth/bluedroid/+/c677ee92595335233eb0e7b59809a1a94e7a678a">ANDROID-26551752</a></td>
    496 <td></td>
    497 <td>4.4.45.0.25.1.16.06.0.1</td>
    498 <td>2016  1  13 </td>
    499 </tr>
    500 </table>
    501 <h3 id="elevation_of_privilege_in_texas_instruments_haptic_driver"></h3>
    502 <p> Bug </p>
    503 <table>
    504 <tr>
    505 <th>CVE</th>
    506 <th>Bug</th>
    507 <th></th>
    508 <th></th>
    509 <th></th>
    510 </tr>
    511 <tr>
    512 <td>CVE-2016-2409</td>
    513 <td>ANDROID-25981545*</td>
    514 <td></td>
    515 <td>6.06.0.1</td>
    516 <td>2015  12  25 </td>
    517 </tr>
    518 </table>
    519 <p>* AOSP <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> Nexus </p>
    520 <h3 id="elevation_of_privilege_vulnerability_in_qualcomm_video_kernel_driver">Qualcomm </h3>
    521 <p>Qualcomm </p>
    522 <table>
    523 <tr>
    524 <th>CVE</th>
    525 <th>Bug</th>
    526 <th></th>
    527 <th></th>
    528 <th></th>
    529 </tr>
    530 <tr>
    531 <td>CVE-2016-2410</td>
    532 <td>ANDROID-26291677*</td>
    533 <td></td>
    534 <td>6.06.0.1</td>
    535 <td>2015  12  21 </td>
    536 </tr>
    537 </table>
    538 <p>* AOSP <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> Nexus </p>
    539 <h3 id="elevation_of_privilege_vulnerability_in_qualcomm_power_management_component">Qualcomm </h3>
    540 <p>Qualcomm  Bug  root</p>
    541 <table>
    542 <tr>
    543 <th>CVE</th>
    544 <th>Bug</th>
    545 <th></th>
    546 <th></th>
    547 <th></th>
    548 </tr>
    549 <tr>
    550 <td>CVE-2016-2411</td>
    551 <td>ANDROID-26866053*</td>
    552 <td></td>
    553 <td>6.06.0.1</td>
    554 <td>2016  1  28 </td>
    555 </tr>
    556 </table>
    557 <p>* AOSP <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> Nexus </p>
    558 <h3 id="elevation_of_privilege_vulnerability_in_system_server">System_server </h3>
    559 <p>System_server  <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a>  <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> </p>
    560 <table>
    561 <tr>
    562 <th>CVE</th>
    563 <th>Bug AOSP </th>
    564 <th></th>
    565 <th></th>
    566 <th></th>
    567 </tr>
    568 <tr>
    569 <td>CVE-2016-2412</td>
    570 <td><a href="https://android.googlesource.com/platform/external/skia/+/b36c23b3e6b0b316075cc43e466d44c62508fcac">ANDROID-26593930</a></td>
    571 <td></td>
    572 <td>4.4.45.0.25.1.16.06.0.1</td>
    573 <td>2016  1  15 </td>
    574 </tr>
    575 </table>
    576 <h3 id="elevation_of_privilege_vulnerability_in_mediaserver">Mediaserver </h3>
    577 <p>Mediaserver  <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a>  <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> </p>
    578 <table>
    579 <tr>
    580 <th>CVE</th>
    581 <th>Bug AOSP </th>
    582 <th></th>
    583 <th></th>
    584 <th></th>
    585 </tr>
    586 <tr>
    587 <td>CVE-2016-2413</td>
    588 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/25be9ac20db51044e1b09ca67906355e4f328d48">ANDROID-26403627</a></td>
    589 <td></td>
    590 <td>5.0.25.1.16.06.0.1</td>
    591 <td>2016  1  5 </td>
    592 </tr>
    593 </table>
    594 <h3 id="denial_of_service_vulnerability_in_minikin">Minikin </h3>
    595 <p>Minikin  Minikin </p>
    596 <table>
    597 <tr>
    598 <th>CVE</th>
    599 <th>Bug AOSP </th>
    600 <th></th>
    601 <th></th>
    602 <th></th>
    603 </tr>
    604 <tr>
    605 <td>CVE-2016-2414</td>
    606 <td><a href="https://android.googlesource.com/platform/frameworks/minikin/+/ca8ac8acdad662230ae37998c6c4091bb39402b6">ANDROID-26413177</a>[<a href="https://android.googlesource.com/platform/frameworks/minikin/+/f4785aa1947b8d22d5b19559ef1ca526d98e0e73">2</a>]</td>
    607 <td></td>
    608 <td>5.0.25.1.16.06.0.1</td>
    609 <td>2015  11  3 </td>
    610 </tr>
    611 </table>
    612 <h3 id="information_disclosure_vulnerability_in_exchange_activesync">Exchange ActiveSync </h3>
    613 <p>Exchange ActiveSync </p>
    614 <table>
    615 <tr>
    616 <th>CVE</th>
    617 <th>Bug AOSP </th>
    618 <th></th>
    619 <th></th>
    620 <th></th>
    621 </tr>
    622 <tr>
    623 <td>CVE-2016-2415</td>
    624 <td><a href="https://android.googlesource.com/platform/packages/apps/Exchange/+/0d1a38b1755efe7ed4e8d7302a24186616bba9b2">ANDROID-26488455</a></td>
    625 <td></td>
    626 <td>5.0.25.1.16.06.0.1</td>
    627 <td>2016  1  11 </td>
    628 </tr>
    629 </table>
    630 <h3 id="information_disclosure_vulnerability_in_mediaserver">Mediaserver </h3>
    631 <p>Mediaserver  <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a>  <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> </p>
    632 <table>
    633 <tr>
    634 <th>CVE</th>
    635 <th>Bug AOSP </th>
    636 <th></th>
    637 <th></th>
    638 <th></th>
    639 </tr>
    640 <tr>
    641 <td>CVE-2016-2416</td>
    642 <td><a href="https://android.googlesource.com/platform/frameworks/native/+/85d253fab5e2c01bd90990667c6de25c282fc5cd">ANDROID-27046057</a>[<a href="https://android.googlesource.com/platform/frameworks/native/+/a40b30f5c43726120bfe69d41ff5aeb31fe1d02a">2</a>]</td>
    643 <td></td>
    644 <td>4.4.45.0.25.1.16.06.0.1</td>
    645 <td>2016  2  5 </td>
    646 </tr>
    647 <tr>
    648 <td>CVE-2016-2417</td>
    649 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/1171e7c047bf79e7c93342bb6a812c9edd86aa84">ANDROID-26914474</a></td>
    650 <td></td>
    651 <td>4.4.45.0.25.1.16.06.0.1</td>
    652 <td>2016  2  1 </td>
    653 </tr>
    654 <tr>
    655 <td>CVE-2016-2418</td>
    656 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/8d87321b704cb3f88e8cae668937d001fd63d5e3">ANDROID-26324358</a></td>
    657 <td></td>
    658 <td>6.06.0.1</td>
    659 <td>2015  12  24 </td>
    660 </tr>
    661 <tr>
    662 <td>CVE-2016-2419</td>
    663 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/5a856f2092f7086aa0fea9ae06b9255befcdcd34">ANDROID-26323455</a></td>
    664 <td></td>
    665 <td>6.06.0.1</td>
    666 <td>2015  12  24 </td>
    667 </tr>
    668 </table>
    669 <h3 id="elevation_of_privilege_vulnerability_in_debuggerd_component">Debuggerd </h3>
    670 <p>Debuggerd  Bug  Android 4.4.4  system  root Android 5.0 SELinux </p>
    671 <table>
    672 <tr>
    673 <th>CVE</th>
    674 <th>Bug AOSP </th>
    675 <th></th>
    676 <th></th>
    677 <th></th>
    678 </tr>
    679 <tr>
    680 <td>CVE-2016-2420</td>
    681 <td><a href="https://android.googlesource.com/platform/system/core/+/669ecc2f5e80ff924fa20ce7445354a7c5bcfd98">ANDROID-26403620</a>[<a href="https://android.googlesource.com/platform/system/core/+/81df1cc77722000f8d0025c1ab00ced123aa573c">2</a>]</td>
    682 <td></td>
    683 <td>4.4.45.0.25.1.16.06.0.1</td>
    684 <td>2016  1  5 </td>
    685 </tr>
    686 </table>
    687 <h3 id="elevation_of_privilege_vulnerability_in_setup_wizard"></h3>
    688 <p></p>
    689 <table>
    690 <tr>
    691 <th>CVE</th>
    692 <th>Bug</th>
    693 <th></th>
    694 <th></th>
    695 <th></th>
    696 </tr>
    697 <tr>
    698 <td>CVE-2016-2421</td>
    699 <td>ANDROID-26154410*</td>
    700 <td></td>
    701 <td>5.1.16.06.0.1</td>
    702 <td>Google </td>
    703 </tr>
    704 </table>
    705 <p>* AOSP <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> Nexus </p>
    706 <h3 id="elevation_of_privilege_in_wi-fi">WLAN </h3>
    707 <p>WLAN  <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a>  <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> </p>
    708 <table>
    709 <tr>
    710 <th>CVE</th>
    711 <th>Bug AOSP </th>
    712 <th></th>
    713 <th></th>
    714 <th></th>
    715 </tr>
    716 <tr>
    717 <td>CVE-2016-2422</td>
    718 <td><a href="https://android.googlesource.com/platform/packages/apps/CertInstaller/+/70dde9870e9450e10418a32206ac1bb30f036b2c">ANDROID-26324357</a></td>
    719 <td></td>
    720 <td>4.4.45.0.25.1.16.06.0.1</td>
    721 <td>2015  12  23 </td>
    722 </tr>
    723 </table>
    724 <h3 id="elevation_of_privilege_in_telephony">Telephony </h3>
    725 <p>Telephony </p>
    726 <table>
    727 <tr>
    728 <th>CVE</th>
    729 <th>Bug AOSP </th>
    730 <th></th>
    731 <th></th>
    732 <th></th>
    733 </tr>
    734 <tr>
    735 <td>CVE-2016-2423</td>
    736 <td><a href="https://android.googlesource.com/platform/packages/services/Telecomm/+/a06c9a4aef69ae27b951523cf72bf72412bf48fa">ANDROID-26303187</a></td>
    737 <td></td>
    738 <td>4.4.45.0.25.1.16.06.0.1</td>
    739 <td>Google </td>
    740 </tr>
    741 </table>
    742 <h3 id="denial_of_service_in_syncstorageengine">SyncStorageEngine </h3>
    743 <p> SyncStorageEngine </p>
    744 <table>
    745 <tr>
    746 <th>CVE</th>
    747 <th>Bug AOSP </th>
    748 <th></th>
    749 <th></th>
    750 <th></th>
    751 </tr>
    752 <tr>
    753 <td>CVE-2016-2424</td>
    754 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/d3383d5bfab296ba3adbc121ff8a7b542bde4afb">ANDROID-26513719</a></td>
    755 <td></td>
    756 <td>4.4.45.0.25.1.16.06.0.1</td>
    757 <td>Google </td>
    758 </tr>
    759 </table>
    760 <h3 id="information_disclosure_vulnerability_in_aosp_mail">AOSP </h3>
    761 <p>AOSP dangerous</p>
    762 <table>
    763 <tr>
    764 <th>CVE</th>
    765 <th>Bug AOSP </th>
    766 <th></th>
    767 <th></th>
    768 <th></th>
    769 </tr>
    770 <tr>
    771 <td>CVE-2016-2425</td>
    772 <td><a href="https://android.googlesource.com/platform/packages/apps/UnifiedEmail/+/0d9dfd649bae9c181e3afc5d571903f1eb5dc46f">ANDROID-26989185</a></td>
    773 <td></td>
    774 <td>4.4.45.1.16.06.0.1</td>
    775 <td>2016  1  29 </td>
    776 </tr>
    777 <tr>
    778 <td>CVE-2016-2425</td>
    779 <td>ANDROID-7154234*</td>
    780 <td></td>
    781 <td>5.0.2</td>
    782 <td>2016  1  29 </td>
    783 </tr>
    784 </table>
    785 <p>* AOSP <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> Nexus </p>
    786 <h3 id="information_disclosure_vulnerability_in_framework">Framework </h3>
    787 <p>Framework </p>
    788 <table>
    789 <tr>
    790 <th>CVE</th>
    791 <th>Bug AOSP </th>
    792 <th></th>
    793 <th></th>
    794 <th></th>
    795 </tr>
    796 <tr>
    797 <td>CVE-2016-2426</td>
    798 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/63363af721650e426db5b0bdfb8b2d4fe36abdb0">ANDROID-26094635</a></td>
    799 <td></td>
    800 <td>4.4.45.0.25.1.16.06.0.1</td>
    801 <td>2015  12  8 </td>
    802 </tr>
    803 </table>
    804 <h3 id="information_disclosure_vulnerability_in_bouncycastle">BouncyCastle </h3>
    805 <p>BouncyCastle dangerous</p>
    806 <table>
    807 <tr>
    808 <th>CVE</th>
    809 <th>Bug AOSP </th>
    810 <th></th>
    811 <th></th>
    812 <th></th>
    813 </tr>
    814 <tr>
    815 <td>CVE-2016-2427</td>
    816 <td><a href="https://android.googlesource.com/platform/libcore/+/efd369d996fd38c50a50ea0de8f20507253cb6de">ANDROID-26234568</a>[<a href="https://android.googlesource.com/platform/external/bouncycastle/+/b3bddea0f33c0459293c6419569ad151b4a7b44b">2</a>]</td>
    817 <td></td>
    818 <td>5.0.25.1.16.06.0.1</td>
    819 <td>Google </td>
    820 </tr>
    821 </table>
    822 <h2 id="common_questions_and_answers"></h2>
    823 <p></p>
    824 <p><strong>1. </strong></p>
    825 <p>2016  4  2  <a href="https://support.google.com/nexus/answer/4457705">Nexus </a> [ro.build.version.security_patch]:[2016-04-02]</p>
    826 <p><strong>2.  2016  4  2 
    827 </strong></p>
    828 <p> 4 2016  4  1 CVE-2015-1805  <a href="/security/advisory/2016-03-18.html">Android  - 2016  3  18 </a>2016  4  2  CVE-2015-1805 <a href="/security/advisory/2016-03-18.html">Android  - 2016  3  18 </a></p>
    829 <h2 id="revisions"></h2>
    830 <ul>
    831 <li>2016  4  4 
    832   </li><li>2016  4  6  AOSP 
    833 </li></ul>
    834 
    835   </body>
    836 </html>
    837