1 <html devsite> 2 <head> 3 <title>Android - 2016 6 </title> 4 <meta name="project_path" value="/_project.yaml" /> 5 <meta name="book_path" value="/_book.yaml" /> 6 </head> 7 <body> 8 <!-- 9 Copyright 2017 The Android Open Source Project 10 11 Licensed under the Apache License, Version 2.0 (the "License"); 12 you may not use this file except in compliance with the License. 13 You may obtain a copy of the License at 14 15 http://www.apache.org/licenses/LICENSE-2.0 16 17 Unless required by applicable law or agreed to in writing, software 18 distributed under the License is distributed on an "AS IS" BASIS, 19 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 20 See the License for the specific language governing permissions and 21 limitations under the License. 22 --> 23 24 25 26 <p><em>2016 6 6 | 2016 6 8 </em></p> 27 28 <p>Android Android (OTA) Nexus <a href="https://developers.google.com/android/nexus/images">Google Developers </a> Nexus 2016 6 1 <a href="https://support.google.com/nexus/answer/4457705#nexus_devices">Nexus </a></p> 29 30 <p> 2016 5 2 Android (AOSP) </p> 31 32 <p></p> 33 34 <p> <a href="#mitigations">Android Google </a> <a href="/security/enhancements/index.html">Android </a> SafetyNet Android </p> 35 36 <p></p> 37 38 <h2 id="security_vulnerability_summary"></h2> 39 40 41 <p> CVE Nexus <a href="/security/overview/updates-resources.html#severity"></a></p> 42 <table> 43 <col width="55%"> 44 <col width="20%"> 45 <col width="13%"> 46 <col width="12%"> 47 <tr> 48 <th></th> 49 <th>CVE</th> 50 <th></th> 51 <th> Nexus </th> 52 </tr> 53 <tr> 54 <td>Mediaserver </td> 55 <td>CVE-2016-2463</td> 56 <td></td> 57 <td></td> 58 </tr> 59 <tr> 60 <td>libwebm </td> 61 <td>CVE-2016-2464</td> 62 <td></td> 63 <td></td> 64 </tr> 65 <tr> 66 <td>Qualcomm </td> 67 <td>CVE-2016-2465</td> 68 <td></td> 69 <td></td> 70 </tr> 71 <tr> 72 <td>Qualcomm </td> 73 <td>CVE-2016-2466<br>CVE-2016-2467</td> 74 <td></td> 75 <td></td> 76 </tr> 77 <tr> 78 <td>Qualcomm GUP </td> 79 <td>CVE-2016-2468<br>CVE-2016-2062</td> 80 <td></td> 81 <td></td> 82 </tr> 83 <tr> 84 <td>Qualcomm WLAN </td> 85 <td>CVE-2016-2474</td> 86 <td></td> 87 <td></td> 88 </tr> 89 <tr> 90 <td>Broadcom WLAN </td> 91 <td>CVE-2016-2475</td> 92 <td></td> 93 <td></td> 94 </tr> 95 <tr> 96 <td>Qualcomm </td> 97 <td>CVE-2016-2066<br>CVE-2016-2469</td> 98 <td></td> 99 <td></td> 100 </tr> 101 <tr> 102 <td>Mediaserver </td> 103 <td>CVE-2016-2476<br>CVE-2016-2477<br>CVE-2016-2478<br>CVE-2016-2479<br>CVE-2016-2480<br>CVE-2016-2481<br>CVE-2016-2482<br>CVE-2016-2483<br>CVE-2016-2484<br>CVE-2016-2485<br>CVE-2016-2486<br>CVE-2016-2487</td> 104 <td></td> 105 <td></td> 106 </tr> 107 <tr> 108 <td>Qualcomm </td> 109 <td>CVE-2016-2061<br>CVE-2016-2488</td> 110 <td></td> 111 <td></td> 112 </tr> 113 <tr> 114 <td>Qualcomm </td> 115 <td>CVE-2016-2489</td> 116 <td></td> 117 <td></td> 118 </tr> 119 <tr> 120 <td>NVIDIA </td> 121 <td>CVE-2016-2490<br>CVE-2016-2491</td> 122 <td></td> 123 <td></td> 124 </tr> 125 <tr> 126 <td>Qualcomm WLAN </td> 127 <td>CVE-2016-2470<br>CVE-2016-2471<br>CVE-2016-2472<br>CVE-2016-2473</td> 128 <td></td> 129 <td></td> 130 </tr> 131 <tr> 132 <td>MediaTek </td> 133 <td>CVE-2016-2492</td> 134 <td></td> 135 <td></td> 136 </tr> 137 <tr> 138 <td>SD </td> 139 <td>CVE-2016-2494</td> 140 <td></td> 141 <td></td> 142 </tr> 143 <tr> 144 <td>Broadcom WLAN </td> 145 <td>CVE-2016-2493</td> 146 <td></td> 147 <td></td> 148 </tr> 149 <tr> 150 <td>Mediaserver </td> 151 <td>CVE-2016-2495</td> 152 <td></td> 153 <td></td> 154 </tr> 155 <tr> 156 <td>Framework </td> 157 <td>CVE-2016-2496</td> 158 <td></td> 159 <td></td> 160 </tr> 161 <tr> 162 <td>Qualcomm WLAN </td> 163 <td>CVE-2016-2498</td> 164 <td></td> 165 <td></td> 166 </tr> 167 <tr> 168 <td>Mediaserver </td> 169 <td>CVE-2016-2499</td> 170 <td></td> 171 <td></td> 172 </tr> 173 <tr> 174 <td>Activity Manager </td> 175 <td>CVE-2016-2500</td> 176 <td></td> 177 <td></td> 178 </tr> 179 </table> 180 181 182 <h2 id="mitigations">Android Google </h2> 183 184 185 <p> <a href="/security/enhancements/index.html">Android </a> SafetyNet Android </p> 186 187 <ul> 188 <li> Android Android Android 189 <li>Android <a href="/security/reports/Google_Android_Security_2015_Report_Final.pdf"> SafetyNet</a> <a href="/security/reports/Google_Android_Security_PHA_classifications.pdf"></a> <a href="http://www.android.com/gms">Google </a> Google Play Google Play Root Root 190 <li> Google Messenger Mediaserver 191 </li></li></li></ul> 192 193 <h2 id="acknowledgements"></h2> 194 195 196 <p></p> 197 198 <ul> 199 <li> KeenLab (<a href="https://twitter.com/keen_lab">@keen_lab</a>) Di Shen (<a href="https://twitter.com/returnsme">@returnsme</a>)CVE-2016-2468<li> <a href="http://bits-please.blogspot.com">Gal Beniamini</a> (<a href="https://twitter.com/laginimaineb">@laginimaineb</a>)CVE-2016-2476<li> 360 IceSword Gengjia Chen (<a href="https://twitter.com/chengjia4574">@chengjia4574</a>)pjf (<a href="http://weibo.com/jfpan">weibo.com/jfpan</a>)CVE-2016-2492<li> 360 Hao ChenGuang Gong Wenlin YangCVE-2016-2470CVE-2016-2471CVE-2016-2472CVE-2016-2473CVE-2016-2498<li> <a href="http://www.iwobanas.com">Iwo Banas</a>CVE-2016-2496<li> 360 IceSword Jianqiang Zhao(<a href="https://twitter.com/jianqiangzhao">@jianqiangzhao</a>) pjf (<a href="http://weibo.com/jfpan">weibo.com/jfpan</a>)CVE-2016-2490CVE-2016-2491<li>Google Lee CampbellCVE-2016-2500<li>Google Maciej SzawowskiCVE-2016-2474<li>Google Marco Nelissen Max SpectorCVE-2016-2487<li>Google Project Zero Mark BrandCVE-2016-2494<li><a href="http://c0reteam.org">C0RE </a> Mingjian Zhou (<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>)Chiachih Wu (<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>) Xuxian JiangCVE-2016-2477CVE-2016-2478CVE-2016-2479CVE-2016-2480CVE-2016-2481CVE-2016-2482CVE-2016-2483CVE-2016-2484CVE-2016-2485CVE-2016-2486<li> <a href="mailto:sbauer (a] plzdonthack.me">Scott Bauer</a> (<a href="https://twitter.com/ScottyBauer1">@ScottyBauer1</a>)CVE-2016-2066CVE-2016-2061CVE-2016-2465CVE-2016-2469CVE-2016-2489<li>Vasily VasilevCVE-2016-2463<li> Weichao Sun (<a href="https://twitter.com/sunblate">@sunblate</a>)CVE-2016-2495<li> Xiling GongCVE-2016-2499<li>Android Zach Riggle (<a href="https://twitter.com/ebeip90">@ebeip90</a>)CVE-2016-2493</li></li></li></li></li></li></li></li></li></li></li></li></li></li></li></li></ul> 200 201 <h2 id="security_vulnerability_details"></h2> 202 203 204 <p><a href="#security_vulnerability_summary"></a> CVE Android Bug Nexus AOSP Bug ID AOSP Bug Bug ID AOSP </p> 205 206 <h3 id="remote_code_execution_vulnerability_in_mediaserver"> 207 Mediaserver </h3> 208 209 210 <p>Mediaserver Mediaserver Mediaserver </p> 211 212 <p></p> 213 <table> 214 <col width="19%"> 215 <col width="16%"> 216 <col width="10%"> 217 <col width="19%"> 218 <col width="18%"> 219 <col width="16%"> 220 <tr> 221 <th>CVE</th> 222 <th>Android Bug</th> 223 <th></th> 224 <th> Nexus </th> 225 <th> AOSP </th> 226 <th></th> 227 </tr> 228 <tr> 229 <td>CVE-2016-2463</td> 230 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/2b6f22dc64d456471a1dc6df09d515771d1427c8">27855419</a></td> 231 <td></td> 232 <td><a href="#nexus_devices"> Nexus </a></td> 233 <td>4.4.45.0.25.1.16.06.0.1</td> 234 <td>2016 3 25 </td> 235 </tr> 236 </table> 237 238 239 <h3 id="remote_code_execution_vulnerabilities_in_libwebm"> 240 libwebm </h3> 241 242 243 <p>libwebm Mediaserver Mediaserver </p> 244 245 <p></p> 246 <table> 247 <col width="19%"> 248 <col width="16%"> 249 <col width="10%"> 250 <col width="19%"> 251 <col width="18%"> 252 <col width="16%"> 253 <tr> 254 <th>CVE</th> 255 <th>Android Bug</th> 256 <th></th> 257 <th> Nexus </th> 258 <th> AOSP </th> 259 <th></th> 260 </tr> 261 <tr> 262 <td>CVE-2016-2464</td> 263 <td><a href="https://android.googlesource.com/platform/external/libvpx/+/cc274e2abe8b2a6698a5c47d8aa4bb45f1f9538d">23167726</a> 264 [<a href="https://android.googlesource.com/platform/external/libvpx/+/65c49d5b382de4085ee5668732bcb0f6ecaf7148">2</a>] 265 </td> 266 <td></td> 267 <td><a href="#nexus_devices"> Nexus </a></td> 268 <td>4.4.45.0.25.1.16.06.0.1</td> 269 <td>Google </td> 270 </tr> 271 </table> 272 273 274 <h3 id="elevation_of_privilege_vulnerability_in_qualcomm_video_driver"> 275 Qualcomm </h3> 276 277 278 <p>Qualcomm </p> 279 <table> 280 <col width="19%"> 281 <col width="16%"> 282 <col width="10%"> 283 <col width="27%"> 284 <col width="16%"> 285 <tr> 286 <th>CVE</th> 287 <th>Android Bug</th> 288 <th></th> 289 <th> Nexus </th> 290 <th></th> 291 </tr> 292 <tr> 293 <td>CVE-2016-2465</td> 294 <td>27407865*</td> 295 <td></td> 296 <td>Nexus 5Nexus 5XNexus 6Nexus 6P</td> 297 <td>2016 2 21 </td> 298 </tr> 299 </table> 300 <p> 301 * AOSP <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> Nexus 302 </p> 303 304 <h3 id="elevation_of_privilege_vulnerability_in_qualcomm_sound_driver"> 305 Qualcomm </h3> 306 307 <p>Qualcomm </p> 308 309 <table> 310 <col width="19%"> 311 <col width="16%"> 312 <col width="10%"> 313 <col width="27%"> 314 <col width="16%"> 315 <tr> 316 <th>CVE</th> 317 <th>Android Bug</th> 318 <th></th> 319 <th> Nexus </th> 320 <th></th> 321 </tr> 322 <tr> 323 <td>CVE-2016-2466</td> 324 <td>27947307*</td> 325 <td></td> 326 <td>Nexus 6</td> 327 <td>2016 2 27 </td> 328 </tr> 329 <tr> 330 <td>CVE-2016-2467</td> 331 <td>28029010*</td> 332 <td></td> 333 <td>Nexus 5</td> 334 <td>2014 3 13 </td> 335 </tr> 336 </table> 337 <p> 338 * AOSP <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> Nexus 339 </p> 340 341 <h3 id="elevation_of_privilege_vulnerability_in_qualcomm_gpu_driver"> 342 Qualcomm GPU </h3> 343 344 345 <p>Qualcomm GPU </p> 346 347 <table> 348 <col width="19%"> 349 <col width="16%"> 350 <col width="10%"> 351 <col width="27%"> 352 <col width="16%"> 353 <tr> 354 <th>CVE</th> 355 <th>Android Bug</th> 356 <th></th> 357 <th> Nexus </th> 358 <th></th> 359 </tr> 360 <tr> 361 <td>CVE-2016-2468</td> 362 <td>27475454*</td> 363 <td></td> 364 <td>Nexus 5Nexus 5XNexus 6Nexus 6PNexus 7</td> 365 <td>2016 3 2 </td> 366 </tr> 367 <tr> 368 <td>CVE-2016-2062</td> 369 <td>27364029*</td> 370 <td></td> 371 <td>Nexus 5XNexus 6P</td> 372 <td>2016 3 6 </td> 373 </tr> 374 </table> 375 <p> 376 * AOSP <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> Nexus 377 </p> 378 379 380 <h3 id="elevation_of_privilege_vulnerability_in_qualcomm_wi-fi_driver"> 381 Qualcomm WLAN </h3> 382 383 384 <p>Qualcomm WLAN </p> 385 <table> 386 <col width="19%"> 387 <col width="16%"> 388 <col width="10%"> 389 <col width="27%"> 390 <col width="16%"> 391 <tr> 392 <th>CVE</th> 393 <th>Android Bug</th> 394 <th></th> 395 <th> Nexus </th> 396 <th></th> 397 </tr> 398 <tr> 399 <td>CVE-2016-2474</td> 400 <td>27424603*</td> 401 <td></td> 402 <td>Nexus 5X</td> 403 <td>Google </td> 404 </tr> 405 </table> 406 <p> 407 * AOSP <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> Nexus 408 </p> 409 410 411 <h3 id="elevation_of_privilege_vulnerability_in_broadcom_wi-fi_driver"> 412 Broadcom WLAN </h3> 413 414 415 <p>Broadcom WLAN </p> 416 <table> 417 <col width="19%"> 418 <col width="16%"> 419 <col width="10%"> 420 <col width="27%"> 421 <col width="16%"> 422 <tr> 423 <th>CVE</th> 424 <th>Android Bug</th> 425 <th></th> 426 <th> Nexus </th> 427 <th></th> 428 </tr> 429 <tr> 430 <td>CVE-2016-2475</td> 431 <td>26425765*</td> 432 <td></td> 433 <td>Nexus 5Nexus 6Nexus 6PNexus 7 (2013)Nexus 9Nexus PlayerPixel C</td> 434 <td>2016 1 6 </td> 435 </tr> 436 </table> 437 <p> 438 * AOSP <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> Nexus 439 </p> 440 441 442 <h3 id="elevation_of_privilege_vulnerability_in_qualcomm_sound_driver"> 443 Qualcomm </h3> 444 445 446 <p>Qualcomm </p> 447 448 <table> 449 <col width="19%"> 450 <col width="16%"> 451 <col width="10%"> 452 <col width="27%"> 453 <col width="16%"> 454 <tr> 455 <th>CVE</th> 456 <th>Android Bug</th> 457 <th></th> 458 <th> Nexus </th> 459 <th></th> 460 </tr> 461 <tr> 462 <td>CVE-2016-2066</td> 463 <td>26876409*</td> 464 <td></td> 465 <td>Nexus 5Nexus 5XNexus 6Nexus 6P</td> 466 <td>2016 1 29 </td> 467 </tr> 468 <tr> 469 <td>CVE-2016-2469</td> 470 <td>27531992*</td> 471 <td></td> 472 <td>Nexus 5Nexus 6Nexus 6P</td> 473 <td>2016 3 4 </td> 474 </tr> 475 </table> 476 <p> 477 * AOSP <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> Nexus 478 </p> 479 480 481 <h3 id="elevation_of_privilege_vulnerability_in_mediaserver"> 482 Mediaserver </h3> 483 484 485 <p>Mediaserver <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> </p> 486 487 <table> 488 <col width="19%"> 489 <col width="16%"> 490 <col width="10%"> 491 <col width="19%"> 492 <col width="18%"> 493 <col width="16%"> 494 <tr> 495 <th>CVE</th> 496 <th>Android Bug</th> 497 <th></th> 498 <th> Nexus </th> 499 <th> AOSP </th> 500 <th></th> 501 </tr> 502 <tr> 503 <td>CVE-2016-2476</td> 504 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/295c883fe3105b19bcd0f9e07d54c6b589fc5bff">27207275</a> 505 [<a href="https://android.googlesource.com/platform/frameworks/av/+/94d9e646454f6246bf823b6897bd6aea5f08eda3">2</a>] 506 [<a href="https://android.googlesource.com/platform/frameworks/av/+/0bb5ced60304da7f61478ffd359e7ba65d72f181">3</a>] 507 [<a href="https://android.googlesource.com/platform/frameworks/av/+/db829699d3293f254a7387894303451a91278986">4</a>] 508 </td> 509 <td></td> 510 <td><a href="#nexus_devices"> Nexus </a></td> 511 <td>4.4.45.0.25.1.16.06.0.1</td> 512 <td>2016 2 11 </td> 513 </tr> 514 <tr> 515 <td>CVE-2016-2477</td> 516 <td><a href="https://android.googlesource.com/platform/hardware/qcom/media/+/f22c2a0f0f9e030c240468d9d18b9297f001bcf0">27251096</a> 517 </td> 518 <td></td> 519 <td><a href="#nexus_devices"> Nexus </a></td> 520 <td>4.4.45.0.25.1.16.06.0.1</td> 521 <td>2016 2 17 </td> 522 </tr> 523 <tr> 524 <td>CVE-2016-2478</td> 525 <td><a href="https://android.googlesource.com/platform/hardware/qcom/media/+/f22c2a0f0f9e030c240468d9d18b9297f001bcf0">27475409</a> 526 </td> 527 <td></td> 528 <td><a href="#nexus_devices"> Nexus </a></td> 529 <td>4.4.45.0.25.1.16.06.0.1</td> 530 <td>2016 3 3 </td> 531 </tr> 532 <tr> 533 <td>CVE-2016-2479</td> 534 <td><a href="https://android.googlesource.com/platform/hardware/qcom/media/+/46e305be6e670a5a0041b0b4861122a0f1aabefa">27532282</a> 535 </td> 536 <td></td> 537 <td><a href="#nexus_devices"> Nexus </a></td> 538 <td>4.4.45.0.25.1.16.06.0.1</td> 539 <td>2016 3 6 </td> 540 </tr> 541 <tr> 542 <td>CVE-2016-2480</td> 543 <td><a href="https://android.googlesource.com/platform/hardware/qcom/media/+/560ccdb509a7b86186fac0fce1b25bd9a3e6a6e8">27532721</a> 544 </td> 545 <td></td> 546 <td><a href="#nexus_devices"> Nexus </a></td> 547 <td>4.4.45.0.25.1.16.06.0.1</td> 548 <td>2016 3 6 </td> 549 </tr> 550 <tr> 551 <td>CVE-2016-2481</td> 552 <td><a href="https://android.googlesource.com/platform/hardware/qcom/media/+/89913d7df36dbeb458ce165856bd6505a2ec647d">27532497</a> 553 </td> 554 <td></td> 555 <td><a href="#nexus_devices"> Nexus </a></td> 556 <td>4.4.45.0.25.1.16.06.0.1</td> 557 <td>2016 3 6 </td> 558 </tr> 559 <tr> 560 <td>CVE-2016-2482</td> 561 <td><a href="https://android.googlesource.com/platform/hardware/qcom/media/+/46e305be6e670a5a0041b0b4861122a0f1aabefa">27661749</a> 562 </td> 563 <td></td> 564 <td><a href="#nexus_devices"> Nexus </a></td> 565 <td>4.4.45.0.25.1.16.06.0.1</td> 566 <td>2016 3 14 </td> 567 </tr> 568 <tr> 569 <td>CVE-2016-2483</td> 570 <td><a href="https://android.googlesource.com/platform/hardware/qcom/media/+/89913d7df36dbeb458ce165856bd6505a2ec647d">27662502</a> 571 </td> 572 <td></td> 573 <td><a href="#nexus_devices"> Nexus </a></td> 574 <td>4.4.45.0.25.1.16.06.0.1</td> 575 <td>2016 3 14 </td> 576 </tr> 577 <tr> 578 <td>CVE-2016-2484</td> 579 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/7cea5cb64b83d690fe02bc210bbdf08f5a87636f">27793163</a> 580 </td> 581 <td></td> 582 <td><a href="#nexus_devices"> Nexus </a></td> 583 <td>4.4.45.0.25.1.16.06.0.1</td> 584 <td>2016 3 22 </td> 585 </tr> 586 <tr> 587 <td>CVE-2016-2485</td> 588 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/7cea5cb64b83d690fe02bc210bbdf08f5a87636f">27793367</a> 589 </td> 590 <td></td> 591 <td><a href="#nexus_devices"> Nexus </a></td> 592 <td>4.4.45.0.25.1.16.06.0.1</td> 593 <td>2016 3 22 </td> 594 </tr> 595 <tr> 596 <td>CVE-2016-2486</td> 597 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/ad40e57890f81a3cf436c5f06da66396010bd9e5">27793371</a> 598 </td> 599 <td></td> 600 <td><a href="#nexus_devices"> Nexus </a></td> 601 <td>4.4.45.0.25.1.16.06.0.1</td> 602 <td>2016 3 22 </td> 603 </tr> 604 <tr> 605 <td>CVE-2016-2487</td> 606 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/918eeaa29d99d257282fafec931b4bda0e3bae12">27833616</a> 607 [<a href="https://android.googlesource.com/platform/frameworks/av/+/d2f47191538837e796e2b10c1ff7e1ee35f6e0ab">2</a>] 608 [<a href="https://android.googlesource.com/platform/frameworks/av/+/4e32001e4196f39ddd0b86686ae0231c8f5ed944">3</a>] 609 </td> 610 <td></td> 611 <td><a href="#nexus_devices"> Nexus </a></td> 612 <td>4.4.45.0.25.1.16.06.0.1</td> 613 <td>Google </td> 614 </tr> 615 </table> 616 617 618 <h3 id="elevation_of_privilege_vulnerability_in_qualcomm_camera_driver"> 619 Qualcomm </h3> 620 621 622 <p>Qualcomm </p> 623 <table> 624 <col width="19%"> 625 <col width="16%"> 626 <col width="10%"> 627 <col width="27%"> 628 <col width="16%"> 629 <tr> 630 <th>CVE</th> 631 <th>Android Bug</th> 632 <th></th> 633 <th> Nexus </th> 634 <th></th> 635 </tr> 636 <tr> 637 <td>CVE-2016-2061</td> 638 <td>27207747*</td> 639 <td></td> 640 <td>Nexus 5XNexus 6P</td> 641 <td>2016 2 15 </td> 642 </tr> 643 <tr> 644 <td>CVE-2016-2488</td> 645 <td>27600832*</td> 646 <td></td> 647 <td>Nexus 5Nexus 5XNexus 6Nexus 6PNexus 7 (2013)</td> 648 <td>Google </td> 649 </tr> 650 </table> 651 <p> 652 * AOSP <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> Nexus 653 </p> 654 655 656 <h3 id="elevation_of_privilege_vulnerability_in_qualcomm_video_driver_2"> 657 Qualcomm </h3> 658 659 660 <p>Qualcomm </p> 661 <table> 662 <col width="19%"> 663 <col width="16%"> 664 <col width="10%"> 665 <col width="27%"> 666 <col width="16%"> 667 <tr> 668 <th>CVE</th> 669 <th>Android Bug</th> 670 <th></th> 671 <th> Nexus </th> 672 <th></th> 673 </tr> 674 <tr> 675 <td>CVE-2016-2489</td> 676 <td>27407629*</td> 677 <td></td> 678 <td>Nexus 5Nexus 5XNexus 6Nexus 6P</td> 679 <td>2016 2 21 </td> 680 </tr> 681 </table> 682 <p> 683 * AOSP <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> Nexus 684 </p> 685 686 687 <h3 id="elevation_of_privilege_vulnerability_in_nvidia_camera_driver"> 688 NVIDIA </h3> 689 690 691 <p>NVIDIA </p> 692 <table> 693 <col width="19%"> 694 <col width="16%"> 695 <col width="10%"> 696 <col width="27%"> 697 <col width="16%"> 698 <tr> 699 <th>CVE</th> 700 <th>Android Bug</th> 701 <th></th> 702 <th> Nexus </th> 703 <th></th> 704 </tr> 705 <tr> 706 <td>CVE-2016-2490</td> 707 <td>27533373*</td> 708 <td></td> 709 <td>Nexus 9</td> 710 <td>2016 3 6 </td> 711 </tr> 712 <tr> 713 <td>CVE-2016-2491</td> 714 <td>27556408*</td> 715 <td></td> 716 <td>Nexus 9</td> 717 <td>2016 3 8 </td> 718 </tr> 719 </table> 720 <p> 721 * AOSP <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> Nexus 722 </p> 723 724 725 <h3 id="elevation_of_privilege_vulnerability_in_qualcomm_wi-fi_driver_2"> 726 Qualcomm WLAN </h3> 727 728 729 <p>Qualcomm WLAN </p> 730 731 <table> 732 <col width="19%"> 733 <col width="16%"> 734 <col width="10%"> 735 <col width="27%"> 736 <col width="16%"> 737 <tr> 738 <th>CVE</th> 739 <th>Android Bug</th> 740 <th></th> 741 <th> Nexus </th> 742 <th></th> 743 </tr> 744 <tr> 745 <td>CVE-2016-2470</td> 746 <td>27662174*</td> 747 <td></td> 748 <td>Nexus 7 (2013)</td> 749 <td>2016 3 13 </td> 750 </tr> 751 <tr> 752 <td>CVE-2016-2471</td> 753 <td>27773913*</td> 754 <td></td> 755 <td>Nexus 7 (2013)</td> 756 <td>2016 3 19 </td> 757 </tr> 758 <tr> 759 <td>CVE-2016-2472</td> 760 <td>27776888*</td> 761 <td></td> 762 <td>Nexus 7 (2013)</td> 763 <td>2016 3 20 </td> 764 </tr> 765 <tr> 766 <td>CVE-2016-2473</td> 767 <td>27777501*</td> 768 <td></td> 769 <td>Nexus 7 (2013)</td> 770 <td>2016 3 20 </td> 771 </tr> 772 </table> 773 <p> 774 * AOSP <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> Nexus 775 </p> 776 777 778 <h3 id="elevation_of_privilege_vulnerability_in_mediatek_power_management_driver"> 779 MediaTek </h3> 780 781 782 <p>MediaTek root </p> 783 784 <table> 785 <col width="19%"> 786 <col width="16%"> 787 <col width="10%"> 788 <col width="27%"> 789 <col width="16%"> 790 <tr> 791 <th>CVE</th> 792 <th>Android Bug</th> 793 <th></th> 794 <th> Nexus </th> 795 <th></th> 796 </tr> 797 <tr> 798 <td>CVE-2016-2492</td> 799 <td>28085410*</td> 800 <td></td> 801 <td>Android One</td> 802 <td>2016 4 7 </td> 803 </tr> 804 </table> 805 <p> 806 * AOSP <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> Nexus 807 </p> 808 809 810 <h3 id="elevation_of_privilege_vulnerability_in_sd_card_emulation_layer"> 811 SD </h3> 812 813 814 <p>SD <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> </p> 815 816 <table> 817 <col width="19%"> 818 <col width="16%"> 819 <col width="10%"> 820 <col width="19%"> 821 <col width="18%"> 822 <col width="16%"> 823 <tr> 824 <th>CVE</th> 825 <th>Android Bug</th> 826 <th></th> 827 <th> Nexus </th> 828 <th> AOSP </th> 829 <th></th> 830 </tr> 831 <tr> 832 <td>CVE-2016-2494</td> 833 <td><a href="https://android.googlesource.com/platform/system/core/+/864e2e22fcd0cba3f5e67680ccabd0302dfda45d">28085658</a> 834 </td> 835 <td></td> 836 <td><a href="#nexus_devices"> Nexus </a></td> 837 <td>4.4.45.0.25.1.16.06.0.1</td> 838 <td>2016 4 7 </td> 839 </tr> 840 </table> 841 842 843 <h3 id="elevation_of_privilege_vulnerability_in_broadcom_wi-fi_driver_2"> 844 Broadcom WLAN </h3> 845 846 847 <p>Broadcom WLAN </p> 848 <table> 849 <col width="19%"> 850 <col width="16%"> 851 <col width="10%"> 852 <col width="27%"> 853 <col width="16%"> 854 <tr> 855 <th>CVE</th> 856 <th>Android Bug</th> 857 <th></th> 858 <th> Nexus </th> 859 <th></th> 860 </tr> 861 <tr> 862 <td>CVE-2016-2493</td> 863 <td>26571522*</td> 864 <td></td> 865 <td>Nexus 5Nexus 6Nexus 6PNexus 7 (2013)Nexus PlayerPixel C</td> 866 <td>Google </td> 867 </tr> 868 </table> 869 <p> 870 * AOSP <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> Nexus 871 </p> 872 873 <h3 id="remote_denial_of_service_vulnerability_in_mediaserver"> 874 Mediaserver </h3> 875 876 877 <p>Mediaserver </p> 878 <table> 879 <col width="19%"> 880 <col width="16%"> 881 <col width="10%"> 882 <col width="19%"> 883 <col width="18%"> 884 <col width="16%"> 885 <tr> 886 <th>CVE</th> 887 <th>Android Bug</th> 888 <th></th> 889 <th> Nexus </th> 890 <th> AOSP </th> 891 <th></th> 892 </tr> 893 <tr> 894 <td>CVE-2016-2495</td> 895 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/45737cb776625f17384540523674761e6313e6d4">28076789</a> 896 [<a href="https://android.googlesource.com/platform/frameworks/av/+/b57b3967b1a42dd505dbe4fcf1e1d810e3ae3777">2</a>] 897 </td> 898 <td></td> 899 <td><a href="#nexus_devices"> Nexus </a></td> 900 <td>4.4.45.0.25.1.16.06.0.1</td> 901 <td>2016 4 6 </td> 902 </tr> 903 </table> 904 905 <h3 id="elevation_of_privilege_vulnerability_in_framework_ui"> 906 Framework </h3> 907 908 909 <p>Framework <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">dangerous</a></p> 910 <table> 911 <col width="19%"> 912 <col width="16%"> 913 <col width="10%"> 914 <col width="19%"> 915 <col width="18%"> 916 <col width="16%"> 917 <tr> 918 <th>CVE</th> 919 <th>Android Bug</th> 920 <th></th> 921 <th> Nexus </th> 922 <th> AOSP </th> 923 <th></th> 924 </tr> 925 <tr> 926 <td>CVE-2016-2496</td> 927 <td><a href="https://android.googlesource.com/platform/frameworks/native/+/03a53d1c7765eeb3af0bc34c3dff02ada1953fbf">26677796</a> 928 [<a href="https://android.googlesource.com/platform/frameworks/base/+/613f63b938145bb86cd64fe0752eaf5e99b5f628">2</a>] 929 [<a href="https://android.googlesource.com/platform/packages/apps/PackageInstaller/+/2068c7997265011ddc5e4dfa3418407881f7f81e">3</a>] 930 </td> 931 <td></td> 932 <td><a href="#nexus_devices"> Nexus </a></td> 933 <td>6.06.1</td> 934 <td>2015 5 26 </td> 935 </tr> 936 </table> 937 938 <h3 id="information_disclosure_vulnerability_in_qualcomm_wi-fi_driver"> 939 Qualcomm WLAN </h3> 940 941 942 <p>Qualcomm WLAN </p> 943 <table> 944 <col width="19%"> 945 <col width="16%"> 946 <col width="10%"> 947 <col width="27%"> 948 <col width="16%"> 949 <tr> 950 <th>CVE</th> 951 <th>Android Bug</th> 952 <th></th> 953 <th> Nexus </th> 954 <th></th> 955 </tr> 956 <tr> 957 <td>CVE-2016-2498</td> 958 <td>27777162*</td> 959 <td></td> 960 <td>Nexus 7 (2013)</td> 961 <td>2016 3 20 </td> 962 </tr> 963 </table> 964 <p> 965 * AOSP <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> Nexus 966 </p> 967 968 969 <h3 id="information_disclosure_vulnerability_in_mediaserver"> 970 Mediaserver </h3> 971 972 973 <p>Mediaserver </p> 974 <table> 975 <col width="19%"> 976 <col width="16%"> 977 <col width="10%"> 978 <col width="19%"> 979 <col width="18%"> 980 <col width="16%"> 981 <tr> 982 <th>CVE</th> 983 <th>Android Bug</th> 984 <th></th> 985 <th> Nexus </th> 986 <th> AOSP </th> 987 <th></th> 988 </tr> 989 <tr> 990 <td>CVE-2016-2499</td> 991 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/dd3546765710ce8dd49eb23901d90345dec8282f">27855172</a> 992 </td> 993 <td></td> 994 <td><a href="#nexus_devices"> Nexus </a></td> 995 <td>4.4.45.0.25.1.16.06.0.1</td> 996 <td>2016 3 24 </td> 997 </tr> 998 </table> 999 1000 1001 <h3 id="information_disclosure_vulnerability_in_activity_manager"> 1002 Activity Manager </h3> 1003 1004 1005 <p>Activity Manager </p> 1006 <table> 1007 <col width="19%"> 1008 <col width="16%"> 1009 <col width="10%"> 1010 <col width="19%"> 1011 <col width="18%"> 1012 <col width="16%"> 1013 <tr> 1014 <th>CVE</th> 1015 <th>Android Bug</th> 1016 <th></th> 1017 <th> Nexus </th> 1018 <th> AOSP </th> 1019 <th></th> 1020 </tr> 1021 <tr> 1022 <td>CVE-2016-2500</td> 1023 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/9878bb99b77c3681f0fda116e2964bac26f349c3">19285814</a> 1024 </td> 1025 <td></td> 1026 <td><a href="#nexus_devices"> Nexus </a></td> 1027 <td>5.0.25.1.16.06.0.1</td> 1028 <td>Google </td> 1029 </tr> 1030 </table> 1031 1032 1033 <h2 id="common_questions_and_answers"></h2> 1034 1035 1036 <p></p> 1037 1038 <p><strong>1. </strong></p> 1039 1040 <p>2016 6 1 <a href="https://support.google.com/nexus/answer/4457705">Nexus </a> [ro.build.version.security_patch]:[2016-06-01]</p> 1041 1042 <p id="nexus_devices"><strong>2. Nexus </strong></p> 1043 1044 <p><a href="#security_vulnerability_summary"></a> Nexus Nexus </p> 1045 1046 <ul> 1047 <li> <strong> Nexus </strong> Nexus Nexus Nexus <em></em> Nexus <a href="https://support.google.com/nexus/answer/4457705#nexus_devices"></a>Nexus 5Nexus 5XNexus 6Nexus 6PNexus 7 (2013)Nexus 9Android OneNexus Player Pixel C</li> 1048 <li> <strong> Nexus </strong> Nexus Nexus Nexus <em></em></li> 1049 <li> <strong> Nexus </strong> Nexus Nexus <em></em></li> 1050 </ul> 1051 1052 <h2 id="revisions"></h2> 1053 1054 1055 <ul> 1056 <li>2016 6 6 </li> 1057 <li>2016 6 7 <ul> 1058 <li> AOSP 1059 <li> CVE-2016-2496 1060 </li></li></ul> 1061 </li> 1062 <li>2016 6 8 CVE-2016-2496 </li> 1063 </ul> 1064 1065 </body> 1066 </html> 1067
