1 <html devsite> 2 <head> 3 <title>Android - 2016 5 </title> 4 <meta name="project_path" value="/_project.yaml" /> 5 <meta name="book_path" value="/_book.yaml" /> 6 </head> 7 <body> 8 <!-- 9 Copyright 2017 The Android Open Source Project 10 11 Licensed under the Apache License, Version 2.0 (the "License"); 12 you may not use this file except in compliance with the License. 13 You may obtain a copy of the License at 14 15 http://www.apache.org/licenses/LICENSE-2.0 16 17 Unless required by applicable law or agreed to in writing, software 18 distributed under the License is distributed on an "AS IS" BASIS, 19 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 20 See the License for the specific language governing permissions and 21 limitations under the License. 22 --> 23 24 25 26 <p><em>2016 5 2 | 2016 5 4 </em></p> 27 28 <p>Android Android (OTA) Nexus <a href="https://developers.google.com/android/nexus/images">Google Developers </a> Nexus 2016 5 1 <a href="https://support.google.com/nexus/answer/4457705">Nexus </a></p> 29 30 <p> 2016 4 4 Android (AOSP) </p> 31 32 <p></p> 33 34 <p> <a href="#mitigations">Android Google </a> <a href="/security/enhancements/index.html">Android </a> SafetyNet Android </p> 35 36 <p></p> 37 38 <h2 id="announcements"></h2> 39 40 41 <ul> 42 <li>Android Android Nexus </li> 43 <li> Android <a href="/security/overview/updates-resources.html#severity"></a> 6 </li> 44 </ul> 45 46 <h2 id="security_vulnerability_summary"></h2> 47 48 49 <p> CVE Nexus <a href="/security/overview/updates-resources.html#severity"></a></p> 50 <table> 51 <col width="55%"> 52 <col width="20%"> 53 <col width="13%"> 54 <col width="12%"> 55 <tr> 56 <th></th> 57 <th>CVE</th> 58 <th></th> 59 <th> Nexus </th> 60 </tr> 61 <tr> 62 <td>Mediaserver </td> 63 <td>CVE-2016-2428<br>CVE-2016-2429</td> 64 <td></td> 65 <td></td> 66 </tr> 67 <tr> 68 <td>Debuggerd </td> 69 <td>CVE-2016-2430</td> 70 <td></td> 71 <td></td> 72 </tr> 73 <tr> 74 <td>Qualcomm TrustZone </td> 75 <td>CVE-2016-2431<br>CVE-2016-2432</td> 76 <td></td> 77 <td></td> 78 </tr> 79 <tr> 80 <td>Qualcomm WLAN </td> 81 <td>CVE-2015-0569<br>CVE-2015-0570</td> 82 <td></td> 83 <td></td> 84 </tr> 85 <tr> 86 <td>NVIDIA </td> 87 <td>CVE-2016-2434<br>CVE-2016-2435<br>CVE-2016-2436<br>CVE-2016-2437</td> 88 <td></td> 89 <td></td> 90 </tr> 91 <tr> 92 <td></td> 93 <td>CVE-2015-1805</td> 94 <td></td> 95 <td></td> 96 </tr> 97 <tr> 98 <td></td> 99 <td>CVE-2016-2438</td> 100 <td></td> 101 <td></td> 102 </tr> 103 <tr> 104 <td>Qualcomm </td> 105 <td>CVE-2016-2060</td> 106 <td></td> 107 <td></td> 108 </tr> 109 <tr> 110 <td></td> 111 <td>CVE-2016-2439</td> 112 <td></td> 113 <td></td> 114 </tr> 115 <tr> 116 <td>Binder </td> 117 <td>CVE-2016-2440</td> 118 <td></td> 119 <td></td> 120 </tr> 121 <tr> 122 <td>Qualcomm Buspm </td> 123 <td>CVE-2016-2441<br>CVE-2016-2442</td> 124 <td></td> 125 <td></td> 126 </tr> 127 <tr> 128 <td>Qualcomm MDP </td> 129 <td>CVE-2016-2443</td> 130 <td></td> 131 <td></td> 132 </tr> 133 <tr> 134 <td>Qualcomm WLAN </td> 135 <td>CVE-2015-0571</td> 136 <td></td> 137 <td></td> 138 </tr> 139 <tr> 140 <td>NVIDIA </td> 141 <td>CVE-2016-2444<br>CVE-2016-2445<br>CVE-2016-2446</td> 142 <td></td> 143 <td></td> 144 </tr> 145 <tr> 146 <td>WLAN </td> 147 <td>CVE-2016-4477</td> 148 <td></td> 149 <td></td> 150 </tr> 151 <tr> 152 <td>Mediaserver </td> 153 <td>CVE-2016-2448<br>CVE-2016-2449<br>CVE-2016-2450<br>CVE-2016-2451<br>CVE-2016-2452</td> 154 <td></td> 155 <td></td> 156 </tr> 157 <tr> 158 <td>MediaTek WLAN </td> 159 <td>CVE-2016-2453</td> 160 <td></td> 161 <td></td> 162 </tr> 163 <tr> 164 <td>Qualcomm </td> 165 <td>CVE-2016-2454</td> 166 <td></td> 167 <td></td> 168 </tr> 169 <tr> 170 <td>Conscrypt </td> 171 <td>CVE-2016-2461<br>CVE-2016-2462</td> 172 <td></td> 173 <td></td> 174 </tr> 175 <tr> 176 <td>OpenSSL BoringSSL </td> 177 <td>CVE-2016-0705</td> 178 <td></td> 179 <td></td> 180 </tr> 181 <tr> 182 <td>MediaTek WLAN </td> 183 <td>CVE-2016-2456</td> 184 <td></td> 185 <td></td> 186 </tr> 187 <tr> 188 <td>WLAN </td> 189 <td>CVE-2016-2457</td> 190 <td></td> 191 <td></td> 192 </tr> 193 <tr> 194 <td>AOSP </td> 195 <td>CVE-2016-2458</td> 196 <td></td> 197 <td></td> 198 </tr> 199 <tr> 200 <td>Mediaserver </td> 201 <td>CVE-2016-2459<br>CVE-2016-2460</td> 202 <td></td> 203 <td></td> 204 </tr> 205 <tr> 206 <td></td> 207 <td>CVE-2016-0774</td> 208 <td></td> 209 <td></td> 210 </tr> 211 </table> 212 213 214 <h2 id="android_and_google_service_mitigations">Android Google </h2> 215 216 217 <p> <a href="/security/enhancements/index.html">Android </a> SafetyNet Android </p> 218 219 <ul> 220 <li> Android Android Android</li> 221 <li>Android <a href="/security/reports/Google_Android_Security_2015_Report_Final.pdf"> SafetyNet</a> <a href="/security/reports/Google_Android_Security_PHA_classifications.pdf"></a> <a href="http://www.android.com/gms">Google </a> Google Play Google Play Root Root </li> 222 <li> Google Messenger mediaserver </li> 223 </ul> 224 225 <h2 id="acknowledgements"></h2> 226 227 228 <p></p> 229 230 <ul> 231 <li>Google Chrome Abhishek AryaOliver Chang Martin BarbellaCVE-2016-2454<li><a href="https://www.e2e-assure.com">e2e-assure</a> Andy Tyler (<a href="https://twitter.com/ticarpi">@ticarpi</a>)CVE-2016-2457<li><a href="http://c0reteam.org">C0RE </a> Chiachih Wu (<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>) Xuxian JiangCVE-2016-2441CVE-2016-2442<li>Dzmitry Lukyanenka (<a href="http://www.linkedin.com/in/dzima">www.linkedin.com/in/dzima</a>)CVE-2016-2458<li>Gal BeniaminiCVE-2016-2431<li> 360 Vulpecker Hao ChenCVE-2016-2456<li>MandiantFireEye Jake VallettaCVE-2016-2060<li> 360 IceSword Jianqiang Zhao (<a href="https://twitter.com/jianqiangzhao">@jianqiangzhao</a>) pjf (<a href="http://weibo.com/jfpan">weibo.com/jfpan</a>)CVE-2016-2434CVE-2016-2435CVE-2016-2436CVE-2016-2441CVE-2016-2442CVE-2016-2444CVE-2016-2445CVE-2016-2446<li><a href="http://www.search-lab.hu">Search-Lab Ltd.</a> Imre RadCVE-2016-4477<li>Google Jeremy C. JoslinCVE-2016-2461<li>Google Kenny RootCVE-2016-2462<li> KeenLab (<a href="https://twitter.com/keen_lab">@keen_lab</a>) Marco Grassi (<a href="https://twitter.com/marcograss">@marcograss</a>)CVE-2016-2443<li>Micha Bednarski (<a href="https://github.com/michalbednarski">https://github.com/michalbednarski</a>)CVE-2016-2440<li><a href="http://c0reteam.org">C0RE </a> Mingjian Zhou (<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>)Chiachih Wu (<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>) Xuxian JiangCVE-2016-2450CVE-2016-2448CVE-2016-2449CVE-2016-2451CVE-2016-2452<li> Peter Pi (<a href="https://twitter.com/heisecode">@heisecode</a>)CVE-2016-2459CVE-2016-2460<li> Weichao Sun (<a href="https://twitter.com/sunblate">@sunblate</a>)CVE-2016-2428CVE-2016-2429<li> <a href="http://c0reteam.org">C0RE </a> <a href="mailto:computernik (a] gmail.com">Yuan-Tsung Lo</a><a href="mailto:zlbzlb815 (a] 163.com">Lubo Zhang</a>Chiachih Wu (<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>) Xuxian JiangCVE-2016-2437<li> X-Lab Yulong Zhang Tao (Lenx) WeiCVE-2016-2439<li>Android Zach Riggle (<a href="https://twitter.com/ebeip90">@ebeip90</a>)CVE-2016-2430</li></li></li></li></li></li></li></li></li></li></li></li></li></li></li></li></li></li></li></ul> 232 233 <h2 id="security_vulnerability_details"></h2> 234 235 236 <p><a href="#security_vulnerability_summary"></a> CVE Bug Nexus AOSP Bug ID AOSP Bug Bug ID AOSP </p> 237 238 <h3 id="remote_code_execution_vulnerability_in_mediaserver"> 239 Mediaserver </h3> 240 241 242 <p> mediaserver mediaserver </p> 243 244 <p></p> 245 246 <p> mediaserver mediaserver </p> 247 <table> 248 <col width="19%"> 249 <col width="16%"> 250 <col width="10%"> 251 <col width="19%"> 252 <col width="18%"> 253 <col width="16%"> 254 <tr> 255 <th>CVE</th> 256 <th>Android Bug</th> 257 <th></th> 258 <th> Nexus </th> 259 <th> AOSP </th> 260 <th></th> 261 </tr> 262 <tr> 263 <td>CVE-2016-2428</td> 264 <td><a href="https://android.googlesource.com/platform/external/aac/+/5d4405f601fa11a8955fd7611532c982420e4206">26751339</a></td> 265 <td></td> 266 <td><a href="#nexus_devices"> Nexus </a></td> 267 <td>4.4.45.0.25.1.16.06.0.1</td> 268 <td>2016 1 22 </td> 269 </tr> 270 <tr> 271 <td>CVE-2016-2429</td> 272 <td><a href="https://android.googlesource.com/platform/external/flac/+/b499389da21d89d32deff500376c5ee4f8f0b04c">27211885</a></td> 273 <td></td> 274 <td><a href="#nexus_devices"> Nexus </a></td> 275 <td>4.4.45.0.25.1.16.06.0.1</td> 276 <td>2016 2 16 </td> 277 </tr> 278 </table> 279 280 281 <h3 id="elevation_of_privilege_vulnerability_in_debuggerd"> 282 Debuggerd </h3> 283 284 285 <p> Android Android </p> 286 <table> 287 <col width="19%"> 288 <col width="16%"> 289 <col width="10%"> 290 <col width="19%"> 291 <col width="18%"> 292 <col width="16%"> 293 <tr> 294 <th>CVE</th> 295 <th>Android Bug</th> 296 <th></th> 297 <th> Nexus </th> 298 <th> AOSP </th> 299 <th></th> 300 </tr> 301 <tr> 302 <td>CVE-2016-2430</td> 303 <td><a href="https://android.googlesource.com/platform/system/core/+/ad54cfed4516292654c997910839153264ae00a0">27299236</a></td> 304 <td></td> 305 <td><a href="#nexus_devices"> Nexus </a></td> 306 <td>4.4.45.0.25.1.16.06.0.1</td> 307 <td>2016 2 22 </td> 308 </tr> 309 </table> 310 311 312 <h3 id="elevation_of_privilege_vulnerability_in_qualcomm_trustzone"> 313 Qualcomm TrustZone </h3> 314 315 316 <p>Qualcomm TrustZone TrustZone </p> 317 <table> 318 <col width="19%"> 319 <col width="16%"> 320 <col width="10%"> 321 <col width="27%"> 322 <col width="16%"> 323 <tr> 324 <th>CVE</th> 325 <th>Android Bug</th> 326 <th></th> 327 <th> Nexus </th> 328 <th></th> 329 </tr> 330 <tr> 331 <td>CVE-2016-2431</td> 332 <td>24968809*</td> 333 <td></td> 334 <td>Nexus 5Nexus 6Nexus 7 (2013)Android One</td> 335 <td>2015 10 15 </td> 336 </tr> 337 <tr> 338 <td>CVE-2016-2432</td> 339 <td>25913059*</td> 340 <td></td> 341 <td>Nexus 6Android One</td> 342 <td>2015 11 28 </td> 343 </tr> 344 </table> 345 <p>* AOSP <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> Nexus </p> 346 347 <h3 id="elevation_of_privilege_vulnerability_in_qualcomm_wi-fi_driver"> 348 Qualcomm WLAN </h3> 349 350 351 <p>Qualcomm WLAN </p> 352 <table> 353 <col width="19%"> 354 <col width="16%"> 355 <col width="10%"> 356 <col width="27%"> 357 <col width="16%"> 358 <tr> 359 <th>CVE</th> 360 <th>Android Bug</th> 361 <th></th> 362 <th> Nexus </th> 363 <th></th> 364 </tr> 365 <tr> 366 <td>CVE-2015-0569</td> 367 <td>26754117*</td> 368 <td></td> 369 <td>Nexus 5XNexus 7 (2013)</td> 370 <td>2016 1 23 </td> 371 </tr> 372 <tr> 373 <td>CVE-2015-0570</td> 374 <td>26764809*</td> 375 <td></td> 376 <td>Nexus 5XNexus 7 (2013)</td> 377 <td>2016 1 25 </td> 378 </tr> 379 </table> 380 <p>* AOSP <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> Nexus </p> 381 382 <h3 id="elevation_of_privilege_vulnerability_in_nvidia_video_driver"> 383 NVIDIA </h3> 384 385 386 <p>NVIDIA </p> 387 <table> 388 <col width="19%"> 389 <col width="16%"> 390 <col width="10%"> 391 <col width="27%"> 392 <col width="16%"> 393 <tr> 394 <th>CVE</th> 395 <th>Android Bug</th> 396 <th></th> 397 <th> Nexus </th> 398 <th></th> 399 </tr> 400 <tr> 401 <td>CVE-2016-2434</td> 402 <td>27251090*</td> 403 <td></td> 404 <td>Nexus 9</td> 405 <td>2016 2 17 </td> 406 </tr> 407 <tr> 408 <td>CVE-2016-2435</td> 409 <td>27297988*</td> 410 <td></td> 411 <td>Nexus 9</td> 412 <td>2016 2 20 </td> 413 </tr> 414 <tr> 415 <td>CVE-2016-2436</td> 416 <td>27299111*</td> 417 <td></td> 418 <td>Nexus 9</td> 419 <td>2016 2 22 </td> 420 </tr> 421 <tr> 422 <td>CVE-2016-2437</td> 423 <td>27436822*</td> 424 <td></td> 425 <td>Nexus 9</td> 426 <td>2016 3 1 </td> 427 </tr> 428 </table> 429 <p>* AOSP <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> Nexus </p> 430 431 <h3 id="elevation_of_privilege_vulnerability_in_kernel"> 432 </h3> 433 434 435 <p><a href="/security/advisory/2016-03-18.html">Android - 2016 3 18 </a></p> 436 <table> 437 <col width="19%"> 438 <col width="16%"> 439 <col width="10%"> 440 <col width="27%"> 441 <col width="16%"> 442 <tr> 443 <th>CVE</th> 444 <th>Android Bug</th> 445 <th></th> 446 <th> Nexus </th> 447 <th></th> 448 </tr> 449 <tr> 450 <td>CVE-2015-1805</td> 451 <td>27275324*</td> 452 <td></td> 453 <td>Nexus 5Nexus 5XNexus 6Nexus 6PNexus 7 (2013)Nexus 9</td> 454 <td>2016 2 19 </td> 455 </tr> 456 </table> 457 <p>*AOSP <a href="https://android.googlesource.com/kernel/common/+/bf010e99c9bc48002f6bfa1ad801a59bf996270f">3.14</a><a href="https://android.googlesource.com/kernel/common/+/4a5a45669796c5b4617109182e25b321f9f00beb">3.10</a> <a href="https://android.googlesource.com/kernel/common/+/f7ebfe91b806501808413c8473a300dff58ddbb5">3.4</a></p> 458 459 <h3 id="remote_code_execution_vulnerability_in_kernel"> 460 </h3> 461 462 463 <p> Bug </p> 464 <table> 465 <col width="19%"> 466 <col width="16%"> 467 <col width="10%"> 468 <col width="27%"> 469 <col width="16%"> 470 <tr> 471 <th>CVE</th> 472 <th>Android Bug</th> 473 <th></th> 474 <th> Nexus </th> 475 <th></th> 476 </tr> 477 <tr> 478 <td>CVE-2016-2438</td> 479 <td>26636060*</td> 480 <td></td> 481 <td>Nexus 9</td> 482 <td>Google </td> 483 </tr> 484 </table> 485 <p>* <a href="https://github.com/torvalds/linux/commit/b5a663aa426f4884c71cd8580adae73f33570f0d">Linux </a></p> 486 487 <h3 id="information_disclosure_vulnerability_in_qualcomm_tethering_controller"> 488 Qualcomm </h3> 489 490 491 <p>Qualcomm <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> </p> 492 <table> 493 <col width="19%"> 494 <col width="16%"> 495 <col width="10%"> 496 <col width="27%"> 497 <col width="16%"> 498 <tr> 499 <th>CVE</th> 500 <th>Android Bug</th> 501 <th></th> 502 <th> Nexus </th> 503 <th></th> 504 </tr> 505 <tr> 506 <td>CVE-2016-2060</td> 507 <td>27942588*</td> 508 <td></td> 509 <td></td> 510 <td>2016 3 23 </td> 511 </tr> 512 </table> 513 <p>* AOSP </p> 514 515 <h3 id="remote_code_execution_vulnerability_in_bluetooth"> 516 </h3> 517 518 519 <p></p> 520 <table> 521 <col width="19%"> 522 <col width="16%"> 523 <col width="10%"> 524 <col width="19%"> 525 <col width="18%"> 526 <col width="16%"> 527 <tr> 528 <th>CVE</th> 529 <th>Android Bug</th> 530 <th></th> 531 <th> Nexus </th> 532 <th> AOSP </th> 533 <th></th> 534 </tr> 535 <tr> 536 <td>CVE-2016-2439</td> 537 <td><a href="https://android.googlesource.com/platform/system/bt/+/9b534de2aca5d790c2a1c4d76b545f16137d95dd">27411268</a></td> 538 <td></td> 539 <td><a href="#nexus_devices"> Nexus </a></td> 540 <td>4.4.45.0.25.1.16.06.0.1</td> 541 <td>2016 2 28 </td> 542 </tr> 543 </table> 544 545 546 <h3 id="elevation_of_privilege_vulnerability_in_binder"> 547 Binder </h3> 548 549 550 <p>Binder Binder Binder </p> 551 <table> 552 <col width="19%"> 553 <col width="16%"> 554 <col width="10%"> 555 <col width="19%"> 556 <col width="18%"> 557 <col width="16%"> 558 <tr> 559 <th>CVE</th> 560 <th>Android Bug</th> 561 <th></th> 562 <th> Nexus </th> 563 <th> AOSP </th> 564 <th></th> 565 </tr> 566 <tr> 567 <td>CVE-2016-2440</td> 568 <td><a href="https://android.googlesource.com/platform/frameworks/native/+/a59b827869a2ea04022dd225007f29af8d61837a">27252896</a></td> 569 <td></td> 570 <td><a href="#nexus_devices"> Nexus </a></td> 571 <td>4.4.45.0.25.1.16.06.0.1</td> 572 <td>2016 2 18 </td> 573 </tr> 574 </table> 575 576 577 <h3 id="elevation_of_privilege_vulnerability_in_qualcomm_buspm_driver"> 578 Qualcomm Buspm </h3> 579 580 581 <p>Qualcomm buspm Bug </p> 582 <table> 583 <col width="19%"> 584 <col width="16%"> 585 <col width="10%"> 586 <col width="27%"> 587 <col width="16%"> 588 <tr> 589 <th>CVE</th> 590 <th>Android Bug</th> 591 <th></th> 592 <th> Nexus </th> 593 <th></th> 594 </tr> 595 <tr> 596 <td>CVE-2016-2441</td> 597 <td>26354602*</td> 598 <td></td> 599 <td>Nexus 5XNexus 6Nexus 6P</td> 600 <td>2015 12 30 </td> 601 </tr> 602 <tr> 603 <td>CVE-2016-2442</td> 604 <td>26494907*</td> 605 <td></td> 606 <td>Nexus 5XNexus 6Nexus 6P</td> 607 <td>2015 12 30 </td> 608 </tr> 609 </table> 610 <p>* AOSP <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> Nexus </p> 611 612 <h3 id="elevation_of_privilege_vulnerability_in_qualcomm_mdp_driver"> 613 Qualcomm MDP </h3> 614 615 616 <p>Qualcomm MDP Bug </p> 617 <table> 618 <col width="19%"> 619 <col width="16%"> 620 <col width="10%"> 621 <col width="27%"> 622 <col width="16%"> 623 <tr> 624 <th>CVE</th> 625 <th>Android Bug</th> 626 <th></th> 627 <th> Nexus </th> 628 <th></th> 629 </tr> 630 <tr> 631 <td>CVE-2016-2443</td> 632 <td>26404525*</td> 633 <td></td> 634 <td>Nexus 5Nexus 7 (2013)</td> 635 <td>2016 1 5 </td> 636 </tr> 637 </table> 638 <p>* AOSP <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> Nexus </p> 639 640 <h3 id="elevation_of_privilege_vulnerability_in_qualcomm_wi-fi_driver"> 641 Qualcomm WLAN </h3> 642 643 644 <p>Qualcomm WLAN <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> </p> 645 <table> 646 <col width="19%"> 647 <col width="16%"> 648 <col width="10%"> 649 <col width="27%"> 650 <col width="16%"> 651 <tr> 652 <th>CVE</th> 653 <th>Android Bug</th> 654 <th></th> 655 <th> Nexus </th> 656 <th></th> 657 </tr> 658 <tr> 659 <td>CVE-2015-0571</td> 660 <td>26763920*</td> 661 <td></td> 662 <td>Nexus 5XNexus 7 (2013)</td> 663 <td>2016 1 25 </td> 664 </tr> 665 </table> 666 <p>* AOSP <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> Nexus </p> 667 668 <h3 id="elevation_of_privilege_vulnerability_in_nvidia_video_driver"> 669 NVIDIA </h3> 670 671 672 <p>NVIDIA Bug </p> 673 <table> 674 <col width="19%"> 675 <col width="16%"> 676 <col width="10%"> 677 <col width="27%"> 678 <col width="16%"> 679 <tr> 680 <th>CVE</th> 681 <th>Android Bug</th> 682 <th></th> 683 <th> Nexus </th> 684 <th></th> 685 </tr> 686 <tr> 687 <td>CVE-2016-2444</td> 688 <td>27208332*</td> 689 <td></td> 690 <td>Nexus 9</td> 691 <td>2016 2 16 </td> 692 </tr> 693 <tr> 694 <td>CVE-2016-2445</td> 695 <td>27253079*</td> 696 <td></td> 697 <td>Nexus 9</td> 698 <td>2016 2 17 </td> 699 </tr> 700 <tr> 701 <td>CVE-2016-2446</td> 702 <td>27441354*</td> 703 <td></td> 704 <td>Nexus 9</td> 705 <td>2016 3 1 </td> 706 </tr> 707 </table> 708 <p>* AOSP <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> Nexus </p> 709 710 <h3 id="elevation_of_privilege_vulnerability_in_wi-fi"> 711 WLAN </h3> 712 713 714 <p>WLAN <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> </p> 715 716 <p><strong></strong> MITRE CVE CVE-2016-2447 CVE-2016-4477</p> 717 718 <table> 719 <col width="19%"> 720 <col width="16%"> 721 <col width="10%"> 722 <col width="19%"> 723 <col width="18%"> 724 <col width="16%"> 725 <tr> 726 <th>CVE</th> 727 <th>Android Bug</th> 728 <th></th> 729 <th> Nexus </th> 730 <th> AOSP </th> 731 <th></th> 732 </tr> 733 <tr> 734 <td>CVE-2016-4477</td> 735 <td><a href="https://android.googlesource.com/platform/external/wpa_supplicant_8/+/b79e09574e50e168dd5f19d540ae0b9a05bd1535">27371366</a>[<a href="https://android.googlesource.com/platform/external/wpa_supplicant_8/+/b845b81ec6d724bd359cdb77f515722dd4066cf8">2</a>]</td> 736 <td></td> 737 <td><a href="#nexus_devices"> Nexus </a></td> 738 <td>4.4.45.0.25.1.16.06.0.1</td> 739 <td>2016 2 24 </td> 740 </tr> 741 </table> 742 743 744 <h3 id="elevation_of_privilege_vulnerability_in_mediaserver"> 745 Mediaserver </h3> 746 747 748 <p>Mediaserver <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> </p> 749 <table> 750 <col width="19%"> 751 <col width="16%"> 752 <col width="10%"> 753 <col width="19%"> 754 <col width="18%"> 755 <col width="16%"> 756 <tr> 757 <th>CVE</th> 758 <th>Android Bug</th> 759 <th></th> 760 <th> Nexus </th> 761 <th> AOSP </th> 762 <th></th> 763 </tr> 764 <tr> 765 <td>CVE-2016-2448</td> 766 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/a2d1d85726aa2a3126e9c331a8e00a8c319c9e2b">27533704</a></td> 767 <td></td> 768 <td><a href="#nexus_devices"> Nexus </a></td> 769 <td>4.4.45.0.25.1.16.06.0.1</td> 770 <td>2016 3 7 </td> 771 </tr> 772 <tr> 773 <td>CVE-2016-2449</td> 774 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/b04aee833c5cfb6b31b8558350feb14bb1a0f353">27568958</a></td> 775 <td></td> 776 <td><a href="#nexus_devices"> Nexus </a></td> 777 <td>4.4.45.0.25.1.16.06.0.1</td> 778 <td>2016 3 9 </td> 779 </tr> 780 <tr> 781 <td>CVE-2016-2450</td> 782 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/7fd96ebfc4c9da496c59d7c45e1f62be178e626d">27569635</a></td> 783 <td></td> 784 <td><a href="#nexus_devices"> Nexus </a></td> 785 <td>4.4.45.0.25.1.16.06.0.1</td> 786 <td>2016 3 9 </td> 787 </tr> 788 <tr> 789 <td>CVE-2016-2451</td> 790 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/f9ed2fe6d61259e779a37d4c2d7edb33a1c1f8ba">27597103</a></td> 791 <td></td> 792 <td><a href="#nexus_devices"> Nexus </a></td> 793 <td>4.4.45.0.25.1.16.06.0.1</td> 794 <td>2016 3 10 </td> 795 </tr> 796 <tr> 797 <td>CVE-2016-2452</td> 798 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/44749eb4f273f0eb681d0fa013e3beef754fa687">27662364</a>[<a href="https://android.googlesource.com/platform/frameworks/av/+/65756b4082cd79a2d99b2ccb5b392291fd53703f">2</a>][<a href="https://android.googlesource.com/platform/frameworks/av/+/daa85dac2055b22dabbb3b4e537597e6ab73a866">3</a>]</td> 799 <td></td> 800 <td><a href="#nexus_devices"> Nexus </a></td> 801 <td>4.4.45.0.25.1.16.06.0.1</td> 802 <td>2016 3 14 </td> 803 </tr> 804 </table> 805 806 807 <h3 id="elevation_of_privilege_vulnerability_in_mediatek_wi-fi_driver"> 808 MediaTek WLAN </h3> 809 810 811 <p>MediaTek WLAN Bug </p> 812 <table> 813 <col width="19%"> 814 <col width="16%"> 815 <col width="10%"> 816 <col width="27%"> 817 <col width="16%"> 818 <tr> 819 <th>CVE</th> 820 <th>Android Bug</th> 821 <th></th> 822 <th> Nexus </th> 823 <th></th> 824 </tr> 825 <tr> 826 <td>CVE-2016-2453</td> 827 <td>27549705*</td> 828 <td></td> 829 <td>Android One</td> 830 <td>2016 3 8 </td> 831 </tr> 832 </table> 833 <p>* AOSP <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> Nexus </p> 834 835 <h3 id="remote_denial_of_service_vulnerability_in_qualcomm_hardware_codec"> 836 Qualcomm </h3> 837 838 839 <p>Qualcomm </p> 840 <table> 841 <col width="19%"> 842 <col width="16%"> 843 <col width="10%"> 844 <col width="27%"> 845 <col width="16%"> 846 <tr> 847 <th>CVE</th> 848 <th>Android Bug</th> 849 <th></th> 850 <th> Nexus </th> 851 <th></th> 852 </tr> 853 <tr> 854 <td>CVE-2016-2454</td> 855 <td>26221024*</td> 856 <td></td> 857 <td>Nexus 5</td> 858 <td>2015 12 16 </td> 859 </tr> 860 </table> 861 <p>* AOSP <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> Nexus </p> 862 863 <h3 id="elevation_of_privilege_vulnerability_in_conscrypt"> 864 Conscrypt </h3> 865 866 867 <p>Conscrypt </p> 868 <table> 869 <col width="19%"> 870 <col width="16%"> 871 <col width="10%"> 872 <col width="19%"> 873 <col width="18%"> 874 <col width="16%"> 875 <tr> 876 <th>CVE</th> 877 <th>Android Bug</th> 878 <th></th> 879 <th> Nexus </th> 880 <th> AOSP </th> 881 <th></th> 882 </tr> 883 <tr> 884 <td>CVE-2016-2461</td> 885 <td><a href="https://android.googlesource.com/platform/external/conscrypt/+/50d0447566db4a77d78d592f1c1b5d31096fac8f">27324690</a>[<a href="https://android.googlesource.com/platform/external/conscrypt/+/1638945d4ed9403790962ec7abed1b7a232a9ff8">2</a>]</td> 886 <td></td> 887 <td><a href="#nexus_devices"> Nexus </a></td> 888 <td>6.06.0.1</td> 889 <td>Google </td> 890 </tr> 891 <tr> 892 <td>CVE-2016-2462</td> 893 <td><a href="https://android.googlesource.com/platform/external/conscrypt/+/8bec47d2184fca7e8b7337d2a65b2b75a9bc8f54">27371173</a></td> 894 <td></td> 895 <td><a href="#nexus_devices"> Nexus </a></td> 896 <td>6.06.0.1</td> 897 <td>Google </td> 898 </tr> 899 </table> 900 901 902 <h3 id="elevation_of_privilege_vulnerability_in_openssl_&_boringssl"> 903 OpenSSL BoringSSL </h3> 904 905 906 <p>OpenSSL BoringSSL </p> 907 <table> 908 <col width="19%"> 909 <col width="16%"> 910 <col width="10%"> 911 <col width="19%"> 912 <col width="18%"> 913 <col width="16%"> 914 <tr> 915 <th>CVE</th> 916 <th>Android Bug</th> 917 <th></th> 918 <th> Nexus </th> 919 <th> AOSP </th> 920 <th></th> 921 </tr> 922 <tr> 923 <td>CVE-2016-0705</td> 924 <td><a href="https://android.googlesource.com/platform/external/boringssl/+/591be84e89682622957c8f103ca4be3a5ed0f800">27449871</a></td> 925 <td></td> 926 <td><a href="#nexus_devices"> Nexus </a></td> 927 <td>4.4.45.0.25.1.16.06.0.1</td> 928 <td>2016 2 7 </td> 929 </tr> 930 </table> 931 932 933 <h3 id="elevation_of_privilege_vulnerability_in_mediatek_wi-fi_driver"> 934 MediaTek WLAN </h3> 935 936 937 <p>MediaTek WLAN Bug </p> 938 <table> 939 <col width="19%"> 940 <col width="16%"> 941 <col width="10%"> 942 <col width="27%"> 943 <col width="16%"> 944 <tr> 945 <th>CVE</th> 946 <th>Android Bug</th> 947 <th></th> 948 <th> Nexus </th> 949 <th></th> 950 </tr> 951 <tr> 952 <td>CVE-2016-2456</td> 953 <td>27275187*</td> 954 <td></td> 955 <td>Android One</td> 956 <td>2016 2 19 </td> 957 </tr> 958 </table> 959 <p>* AOSP <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> Nexus </p> 960 961 <h3 id="elevation_of_privilege_vulnerability_in_wi-fi"> 962 WLAN </h3> 963 964 965 <p>WLAN WLAN <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">dangerous</a></p> 966 <table> 967 <col width="19%"> 968 <col width="16%"> 969 <col width="10%"> 970 <col width="19%"> 971 <col width="18%"> 972 <col width="16%"> 973 <tr> 974 <th>CVE</th> 975 <th>Android Bug</th> 976 <th></th> 977 <th> Nexus </th> 978 <th> AOSP </th> 979 <th></th> 980 </tr> 981 <tr> 982 <td>CVE-2016-2457</td> 983 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/12332e05f632794e18ea8c4ac52c98e82532e5db">27411179</a></td> 984 <td></td> 985 <td><a href="#nexus_devices"> Nexus </a></td> 986 <td>5.0.25.1.16.06.0.1</td> 987 <td>2016 2 29 </td> 988 </tr> 989 </table> 990 991 992 <h3 id="information_disclosure_vulnerability_in_aosp_mail"> 993 AOSP </h3> 994 995 996 <p>AOSP </p> 997 <table> 998 <col width="19%"> 999 <col width="16%"> 1000 <col width="10%"> 1001 <col width="19%"> 1002 <col width="18%"> 1003 <col width="16%"> 1004 <tr> 1005 <th>CVE</th> 1006 <th>Android Bug</th> 1007 <th></th> 1008 <th> Nexus </th> 1009 <th> AOSP </th> 1010 <th></th> 1011 </tr> 1012 <tr> 1013 <td>CVE-2016-2458</td> 1014 <td><a href="https://android.googlesource.com/platform/packages/apps/UnifiedEmail/+/a55168330d9326ff2120285763c818733590266a">27335139</a>[<a href="https://android.googlesource.com/platform/packages/apps/Email/+/2791f0b33b610247ef87278862e66c6045f89693">2</a>]</td> 1015 <td></td> 1016 <td><a href="#nexus_devices"> Nexus </a></td> 1017 <td>5.0.25.1.16.06.0.1</td> 1018 <td>2016 2 23 </td> 1019 </tr> 1020 </table> 1021 1022 1023 <h3 id="information_disclosure_vulnerability_in_mediaserver"> 1024 Mediaserver </h3> 1025 1026 1027 <p>Mediaserver </p> 1028 <table> 1029 <col width="19%"> 1030 <col width="16%"> 1031 <col width="10%"> 1032 <col width="19%"> 1033 <col width="18%"> 1034 <col width="16%"> 1035 <tr> 1036 <th>CVE</th> 1037 <th>Android Bug</th> 1038 <th></th> 1039 <th> Nexus </th> 1040 <th> AOSP </th> 1041 <th></th> 1042 </tr> 1043 <tr> 1044 <td>CVE-2016-2459</td> 1045 <td><a href="https://android.googlesource.com/platform/frameworks/native/+/a30d7d90c4f718e46fb41a99b3d52800e1011b73">27556038</a></td> 1046 <td></td> 1047 <td><a href="#nexus_devices"> Nexus </a></td> 1048 <td>4.4.45.0.25.1.16.06.0.1</td> 1049 <td>2016 3 7 </td> 1050 </tr> 1051 <tr> 1052 <td>CVE-2016-2460</td> 1053 <td><a href="https://android.googlesource.com/platform/frameworks/native/+/a30d7d90c4f718e46fb41a99b3d52800e1011b73">27555981</a></td> 1054 <td></td> 1055 <td><a href="#nexus_devices"> Nexus </a></td> 1056 <td>4.4.45.0.25.1.16.06.0.1</td> 1057 <td>2016 3 7 </td> 1058 </tr> 1059 </table> 1060 1061 1062 <h3 id="denial_of_service_vulnerability_in_kernel"> 1063 </h3> 1064 1065 1066 <p></p> 1067 <table> 1068 <col width="19%"> 1069 <col width="16%"> 1070 <col width="10%"> 1071 <col width="27%"> 1072 <col width="16%"> 1073 <tr> 1074 <th>CVE</th> 1075 <th>Android Bug</th> 1076 <th></th> 1077 <th> Nexus </th> 1078 <th></th> 1079 </tr> 1080 <tr> 1081 <td>CVE-2016-0774</td> 1082 <td>27721803*</td> 1083 <td></td> 1084 <td><a href="#nexus_devices"> Nexus </a></td> 1085 <td>2016 3 17 </td> 1086 </tr> 1087 </table> 1088 <p>* <a href="https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/fs/pipe.c?id=b381fbc509052d07ccf8641fd7560a25d46aaf1e">Linux </a></p> 1089 1090 <h2 id="common_questions_and_answers"></h2> 1091 1092 1093 <p></p> 1094 1095 <p><strong>1. </strong></p> 1096 1097 <p>2016 5 1 <a href="https://support.google.com/nexus/answer/4457705">Nexus </a> [ro.build.version.security_patch]:[2016-05-01]</p> 1098 1099 <p id="nexus_devices"><strong>2. Nexus </strong></p> 1100 1101 <p><a href="security_vulnerability_details"></a> Nexus Nexus </p> 1102 1103 <ul> 1104 <li> <strong> Nexus </strong> Nexus Nexus Nexus <em></em> Nexus <a href="https://support.google.com/nexus/answer/4457705#nexus_devices"></a>Nexus 5Nexus 5XNexus 6Nexus 6PNexus 7 (2013)Nexus 9Android OneNexus Player Pixel C<li> <strong> Nexus </strong> Nexus Nexus Nexus <em></em></li> 1105 <li> <strong> Nexus </strong> Nexus Nexus <em></em></li> 1106 </li></ul> 1107 1108 <p><strong>3. CVE-2015-1805</strong></p> 1109 <p>CVE-2015-1805 <a href="/security/advisory/2016-03-18.html">Android - 2016 3 18 </a> 4 <a href="2016-04-02.html">Nexus - 2016 4 </a> 2016 4 1 CVE-2015-1805 2016 5 1 </p> 1110 <h2 id="revisions"></h2> 1111 1112 1113 <ul> 1114 <li>2016 5 2 </li> 1115 <li>2016 5 4 <ul> 1116 <li> AOSP 1117 <li> Nexus Nexus Player Pixel C<li> MITRE CVE-2016-2447 CVE-2016-4477</li></li></li></ul> 1118 </li> 1119 </ul> 1120 1121 </body> 1122 </html> 1123
