Home | History | Annotate | Download | only in bulletin
      1 <html devsite>
      2   <head>
      3     <title>Nexus  - 2015  9 </title>
      4     <meta name="project_path" value="/_project.yaml" />
      5     <meta name="book_path" value="/_book.yaml" />
      6   </head>
      7   <body>
      8   <!--
      9       Copyright 2017 The Android Open Source Project
     10 
     11       Licensed under the Apache License, Version 2.0 (the "License");
     12       you may not use this file except in compliance with the License.
     13       You may obtain a copy of the License at
     14 
     15           http://www.apache.org/licenses/LICENSE-2.0
     16 
     17       Unless required by applicable law or agreed to in writing, software
     18       distributed under the License is distributed on an "AS IS" BASIS,
     19       WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     20       See the License for the specific language governing permissions and
     21       limitations under the License.
     22   -->
     23 
     24 
     25 
     26   <p>
     27    <em>
     28     2015  9  9 
     29    </em>
     30   </p>
     31   <p>
     32    Google  Android  
     33 ( LMY48M)  (OTA)  Nexus 
     34 Nexus 
     35  Android  (AOSP) 
     36 
     37 
     38   </p>
     39   <p>
     40    Nexus 
     41    <a href="https://developers.google.com/android/nexus/images">
     42     Google 
     43    </a>
     44    
     45 LMY48M  2015  8  13 
     46 
     47   </p>
     48   <p>
     49    
     50  (CVE-2015-3636)
     51    <a href="http://source.android.com/security/enhancements/index.html">
     52     Android 
     53    </a>
     54     ( SafetyNet)  Android 
     55 
     56    <a href="http://source.android.com/security/bulletin/2015-09-01.html#mitigations">
     57     
     58    </a>
     59    
     60   </p>
     61   <p>
     62     (CVE-2015-3864 
     63 CVE-2015-3686) 
     64 
     65   </p>
     66   <h2 id="security_vulnerability_summary" style="margin-bottom:0px">
     67    
     68   </h2>
     69   <hr/>
     70   <p>
     71     (CVE) 
     72    <a href="http://source.android.com/security/overview/updates-resources.html#severity">
     73     
     74    </a>
     75    
     76   </p>
     77   <table>
     78    <tbody>
     79     <tr>
     80      <th>
     81       
     82      </th>
     83      <th>
     84       CVE
     85      </th>
     86      <th>
     87       
     88      </th>
     89     </tr>
     90     <tr>
     91      <td>
     92       
     93      </td>
     94      <td>
     95       CVE-2015-3864
     96      </td>
     97      <td>
     98       
     99      </td>
    100     </tr>
    101     <tr>
    102      <td>
    103       
    104      </td>
    105      <td>
    106       CVE-2015-3636
    107      </td>
    108      <td>
    109       
    110      </td>
    111     </tr>
    112     <tr>
    113      <td>
    114       
    115      </td>
    116      <td>
    117       CVE-2015-3845
    118       <br/>
    119       CVE-2015-1528
    120      </td>
    121      <td>
    122       
    123      </td>
    124     </tr>
    125     <tr>
    126      <td>
    127       
    128      </td>
    129      <td>
    130       CVE-2015-3863
    131      </td>
    132      <td>
    133       
    134      </td>
    135     </tr>
    136     <tr>
    137      <td>
    138       
    139      </td>
    140      <td>
    141       CVE-2015-3849
    142      </td>
    143      <td>
    144       
    145      </td>
    146     </tr>
    147     <tr>
    148      <td>
    149       
    150      </td>
    151      <td>
    152       CVE-2015-3858
    153      </td>
    154      <td>
    155       
    156      </td>
    157     </tr>
    158     <tr>
    159      <td>
    160       
    161      </td>
    162      <td>
    163       CVE-2015-3860
    164      </td>
    165      <td>
    166       
    167      </td>
    168     </tr>
    169     <tr>
    170      <td>
    171       
    172      </td>
    173      <td>
    174       CVE-2015-3861
    175      </td>
    176      <td>
    177       
    178      </td>
    179     </tr>
    180    </tbody>
    181   </table>
    182   <h2 id="mitigations" style="margin-bottom:0px">
    183    
    184   </h2>
    185   <hr/>
    186   <p>
    187    
    188    <a href="http://source.android.com/security/enhancements">
    189     Android 
    190    </a>
    191     SafetyNet 
    192  Android 
    193 
    194   </p>
    195   <ul>
    196    <li>
    197     Android 
    198  Android 
    199  Android
    200    </li>
    201    <li>
    202     Android  SafetyNet 
    203 
    204 Google Play  Root 
    205  Google Play 
    206  Root 
    207 
    208 
    209 
    210 
    211    </li>
    212    <li>
    213     Google Hangouts  Messenger 
    214 
    215    </li>
    216   </ul>
    217   <h2 id="acknowledgements" style="margin-bottom:0px">
    218    
    219   </h2>
    220   <hr/>
    221   <p>
    222    
    223   </p>
    224   <ul>
    225    <li>
    226     Exodus Intelligence  Jordan Gruskovnjak (@jgrusko)CVE-2015-3864
    227    </li>
    228    <li>
    229     Micha BednarskiCVE-2015-3845
    230    </li>
    231    <li>
    232      360   Guang Gong (@oldfresher)CVE-2015-1528
    233    </li>
    234    <li>
    235     Brennan LautnerCVE-2015-3863
    236    </li>
    237    <li>
    238     jgor (@indiecom)CVE-2015-3860
    239    </li>
    240    <li>
    241       Wish Wu (@wish_wu)CVE-2015-3861
    242    </li>
    243   </ul>
    244   <h2 id="security_vulnerability_details" style="margin-bottom:0px">
    245    
    246   </h2>
    247   <hr/>
    248   <p>
    249    
    250    <a href="http://source.android.com/security/bulletin/2015-09-01.html#security_vulnerability_summary">
    251     
    252    </a>
    253    
    254 
    255  CVE
    256  AOSP  commit
    257  commit 
    258  AOSP  
    259   </p>
    260   <h3 id="remote_code_execution_vulnerability_in_mediaserver">
    261    
    262   </h3>
    263   <p>
    264    
    265 
    266 
    267   </p>
    268   <p>
    269    
    270 
    271 
    272   </p>
    273   <p>
    274    
    275 
    276 
    277 
    278   </p>
    279   <p>
    280     CVE-2015-3824 (ANDROID-20923261) 
    281 
    282 
    283   </p>
    284   <table>
    285    <tbody>
    286     <tr>
    287      <th>
    288       CVE
    289      </th>
    290      <th>
    291        ( AOSP )
    292      </th>
    293      <th>
    294       
    295      </th>
    296      <th>
    297       
    298      </th>
    299     </tr>
    300     <tr>
    301      <td>
    302       CVE-2015-3864
    303      </td>
    304      <td>
    305       <a href="https://android.googlesource.com/platform/frameworks/av/+/6fe85f7e15203e48df2cc3e8e1c4bc6ad49dc968">
    306        ANDROID-23034759
    307       </a>
    308      </td>
    309      <td>
    310       
    311      </td>
    312      <td>
    313       5.1 
    314      </td>
    315     </tr>
    316    </tbody>
    317   </table>
    318   <h3 id="elevation_privilege_vulnerability_in_kernel">
    319    
    320   </h3>
    321   <p>
    322    Linux  (ping)  (socket) 
    323 
    324 
    325   </p>
    326   <p>
    327    
    328 
    329  () 
    330 
    331   </p>
    332   <p>
    333     2015  5  1  Root 
    334 
    335 
    336   </p>
    337   <table>
    338    <tbody>
    339     <tr>
    340      <th>
    341       CVE
    342      </th>
    343      <th>
    344        ( AOSP )
    345      </th>
    346      <th>
    347       
    348      </th>
    349      <th>
    350       
    351      </th>
    352     </tr>
    353     <tr>
    354      <td>
    355       CVE-2015-3636
    356      </td>
    357      <td>
    358       <a href="https://github.com/torvalds/linux/commit/a134f083e79f">
    359        ANDROID-20770158
    360       </a>
    361      </td>
    362      <td>
    363       
    364      </td>
    365      <td>
    366       5.1 
    367      </td>
    368     </tr>
    369    </tbody>
    370   </table>
    371   <h3 id="elevation_of_privilege_vulnerability_in_binder">
    372    
    373   </h3>
    374   <p>
    375     (Binder) 
    376 
    377 
    378   </p>
    379   <p>
    380    
    381 
    382   </p>
    383   <table>
    384    <tbody>
    385     <tr>
    386      <th>
    387       CVE
    388      </th>
    389      <th>
    390        ( AOSP )
    391      </th>
    392      <th>
    393       
    394      </th>
    395      <th>
    396       
    397      </th>
    398     </tr>
    399     <tr>
    400      <td>
    401       CVE-2015-3845
    402      </td>
    403      <td>
    404       <a href="https://android.googlesource.com/platform/frameworks/native/+/e68cbc3e9e66df4231e70efa3e9c41abc12aea20">
    405        ANDROID-17312693
    406       </a>
    407      </td>
    408      <td>
    409       
    410      </td>
    411      <td>
    412       5.1 
    413      </td>
    414     </tr>
    415     <tr>
    416      <td>
    417       CVE-2015-1528
    418      </td>
    419      <td>
    420       <a href="https://android.googlesource.com/platform/frameworks/native/+/7dcd0ec9c91688cfa3f679804ba6e132f9811254">
    421        ANDROID-19334482
    422       </a>
    423       [
    424       <a href="https://android.googlesource.com/platform/system/core/+/e8c62fb484151f76ab88b1d5130f38de24ac8c14">
    425        2
    426       </a>
    427       ]
    428      </td>
    429      <td>
    430       
    431      </td>
    432      <td>
    433       5.1 
    434      </td>
    435     </tr>
    436    </tbody>
    437   </table>
    438   <h3 id="elevation_of_privilege_vulnerability_in_keystore">
    439    
    440   </h3>
    441   <p>
    442     (Keystore) 
    443 
    444 
    445  ()
    446   </p>
    447   <p>
    448    
    449 
    450   </p>
    451   <table>
    452    <tbody>
    453     <tr>
    454      <th>
    455       CVE
    456      </th>
    457      <th>
    458        ( AOSP )
    459      </th>
    460      <th>
    461       
    462      </th>
    463      <th>
    464       
    465      </th>
    466     </tr>
    467     <tr>
    468      <td>
    469       CVE-2015-3863
    470      </td>
    471      <td>
    472       <a href="https://android.googlesource.com/platform/system/security/+/bb9f4392c2f1b11be3acdc1737828274ff1ec55b">
    473        ANDROID-22802399
    474       </a>
    475      </td>
    476      <td>
    477       
    478      </td>
    479      <td>
    480       5.1 
    481      </td>
    482     </tr>
    483    </tbody>
    484   </table>
    485   <h3 id="elevation_of_privilege_vulnerability_in_region">
    486    
    487   </h3>
    488   <p>
    489     (Region) 
    490 
    491 
    492   </p>
    493   <p>
    494    
    495 
    496   </p>
    497   <table>
    498    <tbody>
    499     <tr>
    500      <th>
    501       CVE
    502      </th>
    503      <th>
    504        ( AOSP )
    505      </th>
    506      <th>
    507       
    508      </th>
    509      <th>
    510       
    511      </th>
    512     </tr>
    513     <tr>
    514      <td>
    515       CVE-2015-3849
    516      </td>
    517      <td>
    518       <a href="https://android.googlesource.com/platform/frameworks/base/+/4cff1f49ff95d990d6c2614da5d5a23d02145885">
    519        ANDROID-20883006
    520       </a>
    521       [
    522       <a href="https://android.googlesource.com/platform/frameworks/base/+/1e72dc7a3074cd0b44d89afbf39bbf5000ef7cc3">
    523        2
    524       </a>
    525       ]
    526      </td>
    527      <td>
    528       
    529      </td>
    530      <td>
    531       5.1 
    532      </td>
    533     </tr>
    534    </tbody>
    535   </table>
    536   <h3 id="elevation_of_privilege_vulnerability_in_sms_enables_notification_bypass">
    537    
    538   </h3>
    539   <p>
    540     Android 
    541 
    542 
    543   </p>
    544   <p>
    545    
    546 
    547   </p>
    548   <table>
    549    <tbody>
    550     <tr>
    551      <th>
    552       CVE
    553      </th>
    554      <th>
    555        ( AOSP )
    556      </th>
    557      <th>
    558       
    559      </th>
    560      <th>
    561       
    562      </th>
    563     </tr>
    564     <tr>
    565      <td>
    566       CVE-2015-3858
    567      </td>
    568      <td>
    569       <a href="https://android.googlesource.com/platform/frameworks/opt/telephony/+/df31d37d285dde9911b699837c351aed2320b586">
    570        ANDROID-22314646
    571       </a>
    572      </td>
    573      <td>
    574       
    575      </td>
    576      <td>
    577       5.1 
    578      </td>
    579     </tr>
    580    </tbody>
    581   </table>
    582   <h3 id="elevation_of_privilege_vulnerability_in_lockscreen">
    583    
    584   </h3>
    585   <p>
    586     (Lockscreen) 
    587 
    588  Android 5.0  5.1 
    589  ( 4.4 )
    590 
    591   </p>
    592   <p>
    593    
    594 
    595 
    596 
    597 
    598   </p>
    599   <table>
    600    <tbody>
    601     <tr>
    602      <th>
    603       CVE
    604      </th>
    605      <th>
    606        ( AOSP )
    607      </th>
    608      <th>
    609       
    610      </th>
    611      <th>
    612       
    613      </th>
    614     </tr>
    615     <tr>
    616      <td>
    617       CVE-2015-3860
    618      </td>
    619      <td>
    620       <a href="https://android.googlesource.com/platform/frameworks/base/+/8fba7e6931245a17215e0e740e78b45f6b66d590">
    621        ANDROID-22214934
    622       </a>
    623      </td>
    624      <td>
    625       
    626      </td>
    627      <td>
    628       5.1  5.0
    629      </td>
    630     </tr>
    631    </tbody>
    632   </table>
    633   <h3 id="denial_of_service_vulnerability_in_mediaserver">
    634    
    635   </h3>
    636   <p>
    637    
    638 
    639   </p>
    640   <p>
    641    
    642 
    643 
    644 
    645 
    646   </p>
    647   <table>
    648    <tbody>
    649     <tr>
    650      <th>
    651       CVE
    652      </th>
    653      <th>
    654        ( AOSP )
    655      </th>
    656      <th>
    657       
    658      </th>
    659      <th>
    660       
    661      </th>
    662     </tr>
    663     <tr>
    664      <td>
    665       CVE-2015-3861
    666      </td>
    667      <td>
    668       <a href="https://android.googlesource.com/platform/frameworks/av/+/304ef91624e12661e7e35c2c0c235da84a73e9c0">
    669        ANDROID-21296336
    670       </a>
    671      </td>
    672      <td>
    673       
    674      </td>
    675      <td>
    676       5.1 
    677      </td>
    678     </tr>
    679    </tbody>
    680   </table>
    681  </div>
    682  <div class="content-footer-sac" itemscope="" itemtype="http://schema.org/SiteNavigationElement">
    683   <div class="layout-content-col col-9" style="padding-top:4px">
    684   </div>
    685   <div class="paging-links layout-content-col col-4">
    686   </div>
    687  </div>
    688 </div>
    689 
    690   </body>
    691 </html>
    692