1 <html devsite> 2 <head> 3 <title>Nexus - 2015 9 </title> 4 <meta name="project_path" value="/_project.yaml" /> 5 <meta name="book_path" value="/_book.yaml" /> 6 </head> 7 <body> 8 <!-- 9 Copyright 2017 The Android Open Source Project 10 11 Licensed under the Apache License, Version 2.0 (the "License"); 12 you may not use this file except in compliance with the License. 13 You may obtain a copy of the License at 14 15 http://www.apache.org/licenses/LICENSE-2.0 16 17 Unless required by applicable law or agreed to in writing, software 18 distributed under the License is distributed on an "AS IS" BASIS, 19 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 20 See the License for the specific language governing permissions and 21 limitations under the License. 22 --> 23 24 25 26 <p> 27 <em> 28 2015 9 9 29 </em> 30 </p> 31 <p> 32 Google Android 33 ( LMY48M) (OTA) Nexus 34 Nexus 35 Android (AOSP) 36 37 38 </p> 39 <p> 40 Nexus 41 <a href="https://developers.google.com/android/nexus/images"> 42 Google 43 </a> 44 45 LMY48M 2015 8 13 46 47 </p> 48 <p> 49 50 (CVE-2015-3636) 51 <a href="http://source.android.com/security/enhancements/index.html"> 52 Android 53 </a> 54 ( SafetyNet) Android 55 56 <a href="http://source.android.com/security/bulletin/2015-09-01.html#mitigations"> 57 58 </a> 59 60 </p> 61 <p> 62 (CVE-2015-3864 63 CVE-2015-3686) 64 65 </p> 66 <h2 id="security_vulnerability_summary" style="margin-bottom:0px"> 67 68 </h2> 69 <hr/> 70 <p> 71 (CVE) 72 <a href="http://source.android.com/security/overview/updates-resources.html#severity"> 73 74 </a> 75 76 </p> 77 <table> 78 <tbody> 79 <tr> 80 <th> 81 82 </th> 83 <th> 84 CVE 85 </th> 86 <th> 87 88 </th> 89 </tr> 90 <tr> 91 <td> 92 93 </td> 94 <td> 95 CVE-2015-3864 96 </td> 97 <td> 98 99 </td> 100 </tr> 101 <tr> 102 <td> 103 104 </td> 105 <td> 106 CVE-2015-3636 107 </td> 108 <td> 109 110 </td> 111 </tr> 112 <tr> 113 <td> 114 115 </td> 116 <td> 117 CVE-2015-3845 118 <br/> 119 CVE-2015-1528 120 </td> 121 <td> 122 123 </td> 124 </tr> 125 <tr> 126 <td> 127 128 </td> 129 <td> 130 CVE-2015-3863 131 </td> 132 <td> 133 134 </td> 135 </tr> 136 <tr> 137 <td> 138 139 </td> 140 <td> 141 CVE-2015-3849 142 </td> 143 <td> 144 145 </td> 146 </tr> 147 <tr> 148 <td> 149 150 </td> 151 <td> 152 CVE-2015-3858 153 </td> 154 <td> 155 156 </td> 157 </tr> 158 <tr> 159 <td> 160 161 </td> 162 <td> 163 CVE-2015-3860 164 </td> 165 <td> 166 167 </td> 168 </tr> 169 <tr> 170 <td> 171 172 </td> 173 <td> 174 CVE-2015-3861 175 </td> 176 <td> 177 178 </td> 179 </tr> 180 </tbody> 181 </table> 182 <h2 id="mitigations" style="margin-bottom:0px"> 183 184 </h2> 185 <hr/> 186 <p> 187 188 <a href="http://source.android.com/security/enhancements"> 189 Android 190 </a> 191 SafetyNet 192 Android 193 194 </p> 195 <ul> 196 <li> 197 Android 198 Android 199 Android 200 </li> 201 <li> 202 Android SafetyNet 203 204 Google Play Root 205 Google Play 206 Root 207 208 209 210 211 </li> 212 <li> 213 Google Hangouts Messenger 214 215 </li> 216 </ul> 217 <h2 id="acknowledgements" style="margin-bottom:0px"> 218 219 </h2> 220 <hr/> 221 <p> 222 223 </p> 224 <ul> 225 <li> 226 Exodus Intelligence Jordan Gruskovnjak (@jgrusko)CVE-2015-3864 227 </li> 228 <li> 229 Micha BednarskiCVE-2015-3845 230 </li> 231 <li> 232 360 Guang Gong (@oldfresher)CVE-2015-1528 233 </li> 234 <li> 235 Brennan LautnerCVE-2015-3863 236 </li> 237 <li> 238 jgor (@indiecom)CVE-2015-3860 239 </li> 240 <li> 241 Wish Wu (@wish_wu)CVE-2015-3861 242 </li> 243 </ul> 244 <h2 id="security_vulnerability_details" style="margin-bottom:0px"> 245 246 </h2> 247 <hr/> 248 <p> 249 250 <a href="http://source.android.com/security/bulletin/2015-09-01.html#security_vulnerability_summary"> 251 252 </a> 253 254 255 CVE 256 AOSP commit 257 commit 258 AOSP 259 </p> 260 <h3 id="remote_code_execution_vulnerability_in_mediaserver"> 261 262 </h3> 263 <p> 264 265 266 267 </p> 268 <p> 269 270 271 272 </p> 273 <p> 274 275 276 277 278 </p> 279 <p> 280 CVE-2015-3824 (ANDROID-20923261) 281 282 283 </p> 284 <table> 285 <tbody> 286 <tr> 287 <th> 288 CVE 289 </th> 290 <th> 291 ( AOSP ) 292 </th> 293 <th> 294 295 </th> 296 <th> 297 298 </th> 299 </tr> 300 <tr> 301 <td> 302 CVE-2015-3864 303 </td> 304 <td> 305 <a href="https://android.googlesource.com/platform/frameworks/av/+/6fe85f7e15203e48df2cc3e8e1c4bc6ad49dc968"> 306 ANDROID-23034759 307 </a> 308 </td> 309 <td> 310 311 </td> 312 <td> 313 5.1 314 </td> 315 </tr> 316 </tbody> 317 </table> 318 <h3 id="elevation_privilege_vulnerability_in_kernel"> 319 320 </h3> 321 <p> 322 Linux (ping) (socket) 323 324 325 </p> 326 <p> 327 328 329 () 330 331 </p> 332 <p> 333 2015 5 1 Root 334 335 336 </p> 337 <table> 338 <tbody> 339 <tr> 340 <th> 341 CVE 342 </th> 343 <th> 344 ( AOSP ) 345 </th> 346 <th> 347 348 </th> 349 <th> 350 351 </th> 352 </tr> 353 <tr> 354 <td> 355 CVE-2015-3636 356 </td> 357 <td> 358 <a href="https://github.com/torvalds/linux/commit/a134f083e79f"> 359 ANDROID-20770158 360 </a> 361 </td> 362 <td> 363 364 </td> 365 <td> 366 5.1 367 </td> 368 </tr> 369 </tbody> 370 </table> 371 <h3 id="elevation_of_privilege_vulnerability_in_binder"> 372 373 </h3> 374 <p> 375 (Binder) 376 377 378 </p> 379 <p> 380 381 382 </p> 383 <table> 384 <tbody> 385 <tr> 386 <th> 387 CVE 388 </th> 389 <th> 390 ( AOSP ) 391 </th> 392 <th> 393 394 </th> 395 <th> 396 397 </th> 398 </tr> 399 <tr> 400 <td> 401 CVE-2015-3845 402 </td> 403 <td> 404 <a href="https://android.googlesource.com/platform/frameworks/native/+/e68cbc3e9e66df4231e70efa3e9c41abc12aea20"> 405 ANDROID-17312693 406 </a> 407 </td> 408 <td> 409 410 </td> 411 <td> 412 5.1 413 </td> 414 </tr> 415 <tr> 416 <td> 417 CVE-2015-1528 418 </td> 419 <td> 420 <a href="https://android.googlesource.com/platform/frameworks/native/+/7dcd0ec9c91688cfa3f679804ba6e132f9811254"> 421 ANDROID-19334482 422 </a> 423 [ 424 <a href="https://android.googlesource.com/platform/system/core/+/e8c62fb484151f76ab88b1d5130f38de24ac8c14"> 425 2 426 </a> 427 ] 428 </td> 429 <td> 430 431 </td> 432 <td> 433 5.1 434 </td> 435 </tr> 436 </tbody> 437 </table> 438 <h3 id="elevation_of_privilege_vulnerability_in_keystore"> 439 440 </h3> 441 <p> 442 (Keystore) 443 444 445 () 446 </p> 447 <p> 448 449 450 </p> 451 <table> 452 <tbody> 453 <tr> 454 <th> 455 CVE 456 </th> 457 <th> 458 ( AOSP ) 459 </th> 460 <th> 461 462 </th> 463 <th> 464 465 </th> 466 </tr> 467 <tr> 468 <td> 469 CVE-2015-3863 470 </td> 471 <td> 472 <a href="https://android.googlesource.com/platform/system/security/+/bb9f4392c2f1b11be3acdc1737828274ff1ec55b"> 473 ANDROID-22802399 474 </a> 475 </td> 476 <td> 477 478 </td> 479 <td> 480 5.1 481 </td> 482 </tr> 483 </tbody> 484 </table> 485 <h3 id="elevation_of_privilege_vulnerability_in_region"> 486 487 </h3> 488 <p> 489 (Region) 490 491 492 </p> 493 <p> 494 495 496 </p> 497 <table> 498 <tbody> 499 <tr> 500 <th> 501 CVE 502 </th> 503 <th> 504 ( AOSP ) 505 </th> 506 <th> 507 508 </th> 509 <th> 510 511 </th> 512 </tr> 513 <tr> 514 <td> 515 CVE-2015-3849 516 </td> 517 <td> 518 <a href="https://android.googlesource.com/platform/frameworks/base/+/4cff1f49ff95d990d6c2614da5d5a23d02145885"> 519 ANDROID-20883006 520 </a> 521 [ 522 <a href="https://android.googlesource.com/platform/frameworks/base/+/1e72dc7a3074cd0b44d89afbf39bbf5000ef7cc3"> 523 2 524 </a> 525 ] 526 </td> 527 <td> 528 529 </td> 530 <td> 531 5.1 532 </td> 533 </tr> 534 </tbody> 535 </table> 536 <h3 id="elevation_of_privilege_vulnerability_in_sms_enables_notification_bypass"> 537 538 </h3> 539 <p> 540 Android 541 542 543 </p> 544 <p> 545 546 547 </p> 548 <table> 549 <tbody> 550 <tr> 551 <th> 552 CVE 553 </th> 554 <th> 555 ( AOSP ) 556 </th> 557 <th> 558 559 </th> 560 <th> 561 562 </th> 563 </tr> 564 <tr> 565 <td> 566 CVE-2015-3858 567 </td> 568 <td> 569 <a href="https://android.googlesource.com/platform/frameworks/opt/telephony/+/df31d37d285dde9911b699837c351aed2320b586"> 570 ANDROID-22314646 571 </a> 572 </td> 573 <td> 574 575 </td> 576 <td> 577 5.1 578 </td> 579 </tr> 580 </tbody> 581 </table> 582 <h3 id="elevation_of_privilege_vulnerability_in_lockscreen"> 583 584 </h3> 585 <p> 586 (Lockscreen) 587 588 Android 5.0 5.1 589 ( 4.4 ) 590 591 </p> 592 <p> 593 594 595 596 597 598 </p> 599 <table> 600 <tbody> 601 <tr> 602 <th> 603 CVE 604 </th> 605 <th> 606 ( AOSP ) 607 </th> 608 <th> 609 610 </th> 611 <th> 612 613 </th> 614 </tr> 615 <tr> 616 <td> 617 CVE-2015-3860 618 </td> 619 <td> 620 <a href="https://android.googlesource.com/platform/frameworks/base/+/8fba7e6931245a17215e0e740e78b45f6b66d590"> 621 ANDROID-22214934 622 </a> 623 </td> 624 <td> 625 626 </td> 627 <td> 628 5.1 5.0 629 </td> 630 </tr> 631 </tbody> 632 </table> 633 <h3 id="denial_of_service_vulnerability_in_mediaserver"> 634 635 </h3> 636 <p> 637 638 639 </p> 640 <p> 641 642 643 644 645 646 </p> 647 <table> 648 <tbody> 649 <tr> 650 <th> 651 CVE 652 </th> 653 <th> 654 ( AOSP ) 655 </th> 656 <th> 657 658 </th> 659 <th> 660 661 </th> 662 </tr> 663 <tr> 664 <td> 665 CVE-2015-3861 666 </td> 667 <td> 668 <a href="https://android.googlesource.com/platform/frameworks/av/+/304ef91624e12661e7e35c2c0c235da84a73e9c0"> 669 ANDROID-21296336 670 </a> 671 </td> 672 <td> 673 674 </td> 675 <td> 676 5.1 677 </td> 678 </tr> 679 </tbody> 680 </table> 681 </div> 682 <div class="content-footer-sac" itemscope="" itemtype="http://schema.org/SiteNavigationElement"> 683 <div class="layout-content-col col-9" style="padding-top:4px"> 684 </div> 685 <div class="paging-links layout-content-col col-4"> 686 </div> 687 </div> 688 </div> 689 690 </body> 691 </html> 692