1 <html devsite> 2 <head> 3 <title>Nexus - 2015 10 </title> 4 <meta name="project_path" value="/_project.yaml" /> 5 <meta name="book_path" value="/_book.yaml" /> 6 </head> 7 <body> 8 <!-- 9 Copyright 2017 The Android Open Source Project 10 11 Licensed under the Apache License, Version 2.0 (the "License"); 12 you may not use this file except in compliance with the License. 13 You may obtain a copy of the License at 14 15 http://www.apache.org/licenses/LICENSE-2.0 16 17 Unless required by applicable law or agreed to in writing, software 18 distributed under the License is distributed on an "AS IS" BASIS, 19 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 20 See the License for the specific language governing permissions and 21 limitations under the License. 22 --> 23 24 25 26 <p> 27 <em> 28 2015 10 5 | 2015 10 12 29 </em> 30 </p> 31 <p> 32 Google Android (OTA) 33 Nexus 34 Nexus 35 <a href="https://developers.google.com/android/nexus/images"> 36 Google 37 </a> 38 LMY48T ( LMY48W) Android Marshmallow 2015 10 1 39 40 <a href="https://support.google.com/nexus/answer/4457705"> 41 Nexus 42 </a> 43 44 </p> 45 <p> 46 2015 9 10 47 Android 48 (AOSP) 49 </p> 50 <p> 51 52 53 54 </p> 55 <p> 56 57 58 <a href="http://source.android.com/security/bulletin/2015-10-01.html#mitigations"> 59 Android 60 </a> 61 ( SafetyNet) Android 62 <a href="http://source.android.com/security/enhancements/index.html "> 63 64 </a> 65 66 </p> 67 <h2 id="security_vulnerability_summary" style="margin-bottom:0px"> 68 69 </h2> 70 <hr/> 71 <p> 72 (CVE) 73 <a href="http://source.android.com/security/overview/updates-resources.html#severity"> 74 75 </a> 76 77 </p> 78 <table> 79 <tbody> 80 <tr> 81 <th> 82 83 </th> 84 <th> 85 CVE 86 </th> 87 <th> 88 89 </th> 90 </tr> 91 <tr> 92 <td> 93 libstagefright 94 </td> 95 <td> 96 CVE-2015-3873 97 <br/> 98 CVE-2015-3872 99 <br/> 100 CVE-2015-3871 101 <br/> 102 CVE-2015-3868 103 <br/> 104 CVE-2015-3867 105 <br/> 106 CVE-2015-3869 107 <br/> 108 CVE-2015-3870 109 <br/> 110 CVE-2015-3823 111 <br/> 112 CVE-2015-6598 113 <br/> 114 CVE-2015-6599 115 <br/> 116 CVE-2015-6600 117 <br/> 118 CVE-2015-6603 119 <br/> 120 CVE-2015-6601 121 <br/> 122 CVE-2015-3876 123 <br/> 124 CVE-2015-6604 125 </td> 126 <td> 127 128 </td> 129 </tr> 130 <tr> 131 <td> 132 Sonivox 133 </td> 134 <td> 135 CVE-2015-3874 136 </td> 137 <td> 138 139 </td> 140 </tr> 141 <tr> 142 <td> 143 libutils 144 </td> 145 <td> 146 CVE-2015-3875 147 <br/> 148 CVE-2015-6602 149 </td> 150 <td> 151 152 </td> 153 </tr> 154 <tr> 155 <td> 156 Skia 157 </td> 158 <td> 159 CVE-2015-3877 160 </td> 161 <td> 162 163 </td> 164 </tr> 165 <tr> 166 <td> 167 libFLAC 168 </td> 169 <td> 170 CVE-2014-9028 171 </td> 172 <td> 173 174 </td> 175 </tr> 176 <tr> 177 <td> 178 179 </td> 180 <td> 181 CVE-2015-3863 182 </td> 183 <td> 184 185 </td> 186 </tr> 187 <tr> 188 <td> 189 190 </td> 191 <td> 192 CVE-2015-3879 193 </td> 194 <td> 195 196 </td> 197 </tr> 198 <tr> 199 <td> 200 Android 201 </td> 202 <td> 203 CVE-2015-3865 204 </td> 205 <td> 206 207 </td> 208 </tr> 209 <tr> 210 <td> 211 212 </td> 213 <td> 214 CVE-2015-6596 215 </td> 216 <td> 217 218 </td> 219 </tr> 220 <tr> 221 <td> 222 223 </td> 224 <td> 225 CVE-2015-6606 226 </td> 227 <td> 228 229 </td> 230 </tr> 231 <tr> 232 <td> 233 234 </td> 235 <td> 236 CVE-2015-3878 237 </td> 238 <td> 239 240 </td> 241 </tr> 242 <tr> 243 <td> 244 245 </td> 246 <td> 247 CVE-2015-3847 248 </td> 249 <td> 250 251 </td> 252 </tr> 253 <tr> 254 <td> 255 SQLite 256 </td> 257 <td> 258 CVE-2015-6607 259 </td> 260 <td> 261 262 </td> 263 </tr> 264 <tr> 265 <td> 266 267 </td> 268 <td> 269 CVE-2015-6605 270 <br/> 271 CVE-2015-3862 272 </td> 273 <td> 274 275 </td> 276 </tr> 277 </tbody> 278 </table> 279 <h2 id="mitigations" style="margin-bottom:0px"> 280 281 </h2> 282 <hr/> 283 <p> 284 285 <a href="http://source.android.com/security/enhancements/index.html "> 286 Android 287 </a> 288 SafetyNet 289 Android 290 291 </p> 292 <ul> 293 <li> 294 Android 295 Android 296 Android 297 </li> 298 <li> 299 Android SafetyNet 300 301 Google Play Root 302 Google Play 303 Root 304 305 306 307 308 </li> 309 <li> 310 Google Hangouts Messenger 311 312 313 </li> 314 </ul> 315 <h2 id="acknowledgements" style="margin-bottom:0px"> 316 317 </h2> 318 <hr/> 319 <p> 320 321 </p> 322 <ul> 323 <li> 324 Brennan LautnerCVE-2015-3863 325 </li> 326 <li> 327 360 C0re Team Yajin ZhouLei Wu Xuxian JiangCVE-2015-3868 328 CVE-2015-3869CVE-2015-3865CVE-2015-3862 329 </li> 330 <li> 331 Copperhead Security Daniel Micay (daniel.micay (a] copperhead.co)CVE-2015-3875 332 </li> 333 <li> 334 dragonltxCVE-2015-6599 335 </li> 336 <li> 337 Google Project Zero Ian Beer Steven VittitoeCVE-2015-6604 338 </li> 339 <li> 340 Dr. Manuel Sadosky 341 Programa STIC Joaqun Rinaudo (@xeroxnir) Ivn Arce (@4Dgifts)CVE-2015-3870 342 </li> 343 <li> 344 Zimperium Josh DrakeCVE-2015-3876CVE-2015-6602 345 </li> 346 <li> 347 Exodus Intelligence Jordan Gruskovnjak (@jgrusko)CVE-2015-3867 348 </li> 349 <li> 350 Peter PiCVE-2015-3872CVE-2015-3871 351 </li> 352 <li> 353 360 Ping LiCVE-2015-3878 354 </li> 355 <li> 356 Seven ShenCVE-2015-6600CVE-2015-3847 357 </li> 358 <li> 359 X-Team Wangtao(neobyte)CVE-2015-6598 360 </li> 361 <li> 362 Wish Wu (@wish_wu)CVE-2015-3823 363 </li> 364 </ul> 365 <p> 366 Google 367 Chrome Google 368 Project Zero Google 369 </p> 370 <h2 id="security_vulnerability_details" style="margin-bottom:0px"> 371 372 </h2> 373 <hr/> 374 <p> 375 376 <a href="http://source.android.com/security/bulletin/2015-10-01.html#security_vulnerability_summary"> 377 378 </a> 379 380 381 CVE 382 AOSP commit 383 commit AOSP 384 385 </p> 386 <h3 id="remote_code_execution_vulnerabilities_in_libstagefright"> 387 libstagefright 388 </h3> 389 <p> 390 391 libstagefright 392 393 </p> 394 <p> 395 396 397 398 399 </p> 400 <table> 401 <tbody> 402 <tr> 403 <th> 404 CVE 405 </th> 406 <th> 407 ( AOSP ) 408 </th> 409 <th> 410 411 </th> 412 <th> 413 414 </th> 415 <th> 416 417 </th> 418 </tr> 419 <tr> 420 <td rowspan="14"> 421 CVE-2015-3873 422 </td> 423 <td> 424 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/c23e3dd8af7397f023aae040c4a03dd14091cbed"> 425 ANDROID-20674086 426 </a> 427 [ 428 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/9abb7401df730b5c510f6b8dac2716a0928d9623"> 429 2 430 </a> 431 , 432 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/b62a73b860757143d3b140b2985fdae71e18d675"> 433 3 434 </a> 435 , 436 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/b2ae4351539de9aa4667fcb3e02ba40d9c6bd094"> 437 4 438 </a> 439 ] 440 </td> 441 <td rowspan="13"> 442 443 </td> 444 <td rowspan="13"> 445 5.1 446 </td> 447 <td rowspan="13"> 448 Google 449 </td> 450 </tr> 451 <tr> 452 <td> 453 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/3fd96683850cf27648e036180acb149fac362242"> 454 ANDROID-20674674 455 </a> 456 [ 457 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/65842db06c2d77e53cc5ac61692160d844cc7d0a"> 458 2 459 </a> 460 , 461 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/38eff9af5c032bf12f89d6e94df05f65eef51afc"> 462 3 463 </a> 464 , 465 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/91860b89488b3ee4644c539e89e657fbb79fb6ad"> 466 4 467 </a> 468 ] 469 </td> 470 </tr> 471 <tr> 472 <td> 473 <a href="https://android.googlesource.com/platform%2Fexternal%2Ftremolo/+/2e941e40ce76eb13b273479a4ee8fb6e40d33795"> 474 ANDROID-20718524 475 </a> 476 </td> 477 </tr> 478 <tr> 479 <td> 480 <a href="https://android.googlesource.com/platform%2Fexternal%2Ftremolo/+/06ca06ac6107f88530cc67225c47537621bb41a5"> 481 ANDROID-21048776 482 </a> 483 </td> 484 </tr> 485 <tr> 486 <td> 487 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/dc5e47f013bfbb74c5c35ad976aa98d480cb351b"> 488 ANDROID-21443020 489 </a> 490 </td> 491 </tr> 492 <tr> 493 <td> 494 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/f11e95b21007f24e5ab77298370855f9f085b2d7"> 495 ANDROID-21814993 496 </a> 497 </td> 498 </tr> 499 <tr> 500 <td> 501 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/f810a8298aea13fa177060cdc10c8297eac69c49"> 502 ANDROID-22008959 503 </a> 504 </td> 505 </tr> 506 <tr> 507 <td> 508 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/7913508110c80da87fb085514208adbd874d7d54"> 509 ANDROID-22077698 510 </a> 511 </td> 512 </tr> 513 <tr> 514 <td> 515 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/073e4f6748f5d7deb095c42fad9271cb99e22d07"> 516 ANDROID-22388975 517 </a> 518 </td> 519 </tr> 520 <tr> 521 <td> 522 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/bf47eb9c67ed364f3c288954857aab9d9311db4c"> 523 ANDROID-22845824 524 </a> 525 </td> 526 </tr> 527 <tr> 528 <td> 529 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/b158a9a5bcfe21480f57bc58d45517f1a81cca39"> 530 ANDROID-23016072 531 </a> 532 </td> 533 </tr> 534 <tr> 535 <td> 536 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/5a132594b531f1f48098a790927f82080cc27f61"> 537 ANDROID-23247055 538 </a> 539 </td> 540 </tr> 541 <tr> 542 <td> 543 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/d2ebc0b9e147f9406db20ec4df61da50e3614ee4"> 544 ANDROID-23248776 545 </a> 546 </td> 547 </tr> 548 <tr> 549 <td> 550 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/3179e3b3531b5fe93dc7f5b2c378e27010a406d5"> 551 ANDROID-20721050 552 </a> 553 </td> 554 <td> 555 556 </td> 557 <td> 558 5.0 5.1 559 </td> 560 <td> 561 Google 562 </td> 563 </tr> 564 <tr> 565 <td> 566 CVE-2015-3823 567 </td> 568 <td> 569 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/407d475b797fdc595299d67151230dc6e3835ccd"> 570 ANDROID-21335999 571 </a> 572 </td> 573 <td> 574 575 </td> 576 <td> 577 5.1 578 </td> 579 <td> 580 2015 5 20 581 </td> 582 </tr> 583 <tr> 584 <td> 585 CVE-2015-6600 586 </td> 587 <td> 588 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/e6f5d47a7f9eab8a0009f8a563de473cd47d3110"> 589 ANDROID-22882938 590 </a> 591 </td> 592 <td> 593 594 </td> 595 <td> 596 5.1 597 </td> 598 <td> 599 2015 7 31 600 </td> 601 </tr> 602 <tr> 603 <td> 604 CVE-2015-6601 605 </td> 606 <td> 607 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/738a753a3ca7bf8f9f608ca941575626265294e4"> 608 ANDROID-22935234 609 </a> 610 </td> 611 <td> 612 613 </td> 614 <td> 615 5.1 616 </td> 617 <td> 618 2015 8 3 619 </td> 620 </tr> 621 <tr> 622 <td> 623 CVE-2015-3869 624 </td> 625 <td> 626 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/450e1015b7939292ca988dd1b4f0303a094478e9"> 627 ANDROID-23036083 628 </a> 629 </td> 630 <td> 631 632 </td> 633 <td> 634 5.1 635 </td> 636 <td> 637 2015 8 4 638 </td> 639 </tr> 640 <tr> 641 <td> 642 CVE-2015-3870 643 </td> 644 <td> 645 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/4bce636865bdf0e2a79fc9a5d9a69107649c850d"> 646 ANDROID-22771132 647 </a> 648 </td> 649 <td> 650 651 </td> 652 <td> 653 5.1 654 </td> 655 <td> 656 2015 8 5 657 </td> 658 </tr> 659 <tr> 660 <td> 661 CVE-2015-3871 662 </td> 663 <td> 664 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/c570778430a22b5488cae72982cf9fb8033dbda3"> 665 ANDROID-23031033 666 </a> 667 </td> 668 <td> 669 670 </td> 671 <td> 672 5.1 673 </td> 674 <td> 675 2015 8 6 676 </td> 677 </tr> 678 <tr> 679 <td> 680 CVE-2015-3868 681 </td> 682 <td> 683 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/937c6bedd4b6e5c6cb29a238eb459047dedd3486"> 684 ANDROID-23270724 685 </a> 686 </td> 687 <td> 688 689 </td> 690 <td> 691 5.1 692 </td> 693 <td> 694 2015 8 6 695 </td> 696 </tr> 697 <tr> 698 <td> 699 CVE-2015-6604 700 </td> 701 <td> 702 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/f51115bd8e44c2779b74477277c6f6046916e7cf"> 703 ANDROID-23129786 704 </a> 705 </td> 706 <td> 707 708 </td> 709 <td> 710 5.1 711 </td> 712 <td> 713 2015 8 11 714 </td> 715 </tr> 716 <tr> 717 <td> 718 CVE-2015-3867 719 </td> 720 <td> 721 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/7e9ac3509d72e8dc6f1316b5ce0a0066638b9737"> 722 ANDROID-23213430 723 </a> 724 </td> 725 <td> 726 727 </td> 728 <td> 729 5.1 730 </td> 731 <td> 732 2015 8 14 733 </td> 734 </tr> 735 <tr> 736 <td> 737 CVE-2015-6603 738 </td> 739 <td> 740 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/c37f7f6fa0cb7f55cdc5b2d4ccbf2c87c3bc6c3b"> 741 ANDROID-23227354 742 </a> 743 </td> 744 <td> 745 746 </td> 747 <td> 748 5.1 749 </td> 750 <td> 751 2015 8 15 752 </td> 753 </tr> 754 <tr> 755 <td> 756 CVE-2015-3876 757 </td> 758 <td> 759 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/c580c836c1941fb4912e1dd4e08626caf98a62c7"> 760 ANDROID-23285192 761 </a> 762 </td> 763 <td> 764 765 </td> 766 <td> 767 5.1 768 </td> 769 <td> 770 2015 8 15 771 </td> 772 </tr> 773 <tr> 774 <td> 775 CVE-2015-6598 776 </td> 777 <td> 778 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/ba6093a4c6997b9d36d9700ee8c974941bf82e3a"> 779 ANDROID-23306638 780 </a> 781 </td> 782 <td> 783 784 </td> 785 <td> 786 5.1 787 </td> 788 <td> 789 2015 8 18 790 </td> 791 </tr> 792 <tr> 793 <td> 794 CVE-2015-3872 795 </td> 796 <td> 797 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/4d46f6f18f5160b8992ec1e66ef1844212fc7d48"> 798 ANDROID-23346388 799 </a> 800 </td> 801 <td> 802 803 </td> 804 <td> 805 5.1 806 </td> 807 <td> 808 2015 8 19 809 </td> 810 </tr> 811 <tr> 812 <td> 813 CVE-2015-6599 814 </td> 815 <td> 816 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/af7e33f6043c0be1c0310d675884e3b263ca2438"> 817 ANDROID-23416608 818 </a> 819 </td> 820 <td> 821 822 </td> 823 <td> 824 5.1 825 </td> 826 <td> 827 2015 8 21 828 </td> 829 </tr> 830 </tbody> 831 </table> 832 <h3 id="remote_code_execution_vulnerabilities_in_sonivox"> 833 Sonivox 834 </h3> 835 <p> 836 837 Sonivox 838 839 840 841 842 843 </p> 844 <table> 845 <tbody> 846 <tr> 847 <th> 848 CVE 849 </th> 850 <th> 851 ( AOSP ) 852 </th> 853 <th> 854 855 </th> 856 <th> 857 858 </th> 859 <th> 860 861 </th> 862 </tr> 863 <tr> 864 <td rowspan="3"> 865 CVE-2015-3874 866 </td> 867 <td> 868 <a href="https://android.googlesource.com/platform%2Fexternal%2Fsonivox/+/8cbef48ba6e3d3f844b895f8ca1a1aee74414fff"> 869 ANDROID-23335715 870 </a> 871 </td> 872 <td rowspan="3"> 873 874 </td> 875 <td rowspan="3"> 876 5.1 877 </td> 878 <td rowspan="3"> 879 880 </td> 881 </tr> 882 <tr> 883 <td> 884 <a href="https://android.googlesource.com/platform%2Fexternal%2Fsonivox/+/5d2e7de37d4a28cf25cc5d0c64b3a29c1824dc0a"> 885 ANDROID-23307276 886 </a> 887 [ 888 <a href="https://android.googlesource.com/platform%2Fexternal%2Fsonivox/+/f333a822c38c3d92f40e8f1686348e6a62c291"> 889 2 890 </a> 891 ] 892 </td> 893 </tr> 894 <tr> 895 <td> 896 <a href="https://android.googlesource.com/platform%2Fexternal%2Fsonivox/+/8a9f53ee2c661e8b5b94d6e9fbb8af3baa34310d"> 897 ANDROID-23286323 898 </a> 899 </td> 900 </tr> 901 </tbody> 902 </table> 903 <h3 id="remote_code_execution_vulnerabilities_in_libutils"> 904 libutils 905 </h3> 906 <p> 907 libutils () 908 909 () 910 911 </p> 912 <p> 913 API 914 915 916 917 918 919 </p> 920 <table> 921 <tbody> 922 <tr> 923 <th> 924 CVE 925 </th> 926 <th> 927 ( AOSP ) 928 </th> 929 <th> 930 931 </th> 932 <th> 933 934 </th> 935 <th> 936 937 </th> 938 </tr> 939 <tr> 940 <td> 941 CVE-2015-3875 942 </td> 943 <td> 944 <a href="https://android.googlesource.com/platform%2Fsystem%2Fcore/+/0cc9a6e6e1f8e675c1238e5e05418cabcc699b52"> 945 ANDROID-22952485 946 </a> 947 </td> 948 <td> 949 950 </td> 951 <td> 952 5.1 953 </td> 954 <td> 955 2015 8 15 956 </td> 957 </tr> 958 <tr> 959 <td> 960 CVE-2015-6602 961 </td> 962 <td> 963 <a href="https://android.googlesource.com/platform%2Fsystem%2Fcore/+/e0dce90b0de2b2b7c2baae8035f810a55526effb"> 964 ANDROID-23290056 965 </a> 966 [ 967 <a href="https://android.googlesource.com/platform%2Fsystem%2Fcore/+/5b85b1d40d619c2064d321364f212ebfeb6ba185"> 968 2 969 </a> 970 ] 971 </td> 972 <td> 973 974 </td> 975 <td> 976 5.1 977 </td> 978 <td> 979 2015 8 15 980 </td> 981 </tr> 982 </tbody> 983 </table> 984 <h3 id="remote_code_execution_vulnerability_in_skia"> 985 Skia 986 </h3> 987 <p> 988 Skia 989 990 991 992 993 </p> 994 <table> 995 <tbody> 996 <tr> 997 <th> 998 CVE 999 </th> 1000 <th> 1001 ( AOSP ) 1002 </th> 1003 <th> 1004 1005 </th> 1006 <th> 1007 1008 </th> 1009 <th> 1010 1011 </th> 1012 </tr> 1013 <tr> 1014 <td> 1015 CVE-2015-3877 1016 </td> 1017 <td> 1018 <a href="https://android.googlesource.com/platform%2Fexternal%2Fskia/+/55ad31336a6de7037139820558c5de834797c09e"> 1019 ANDROID-20723696 1020 </a> 1021 </td> 1022 <td> 1023 1024 </td> 1025 <td> 1026 5.1 1027 </td> 1028 <td> 1029 2015 7 30 1030 </td> 1031 </tr> 1032 </tbody> 1033 </table> 1034 <h3 id="remote_code_execution_vulnerabilities_in_libflac"> 1035 libFLAC 1036 </h3> 1037 <p> 1038 libFLAC 1039 1040 1041 </p> 1042 <p> 1043 API 1044 1045 1046 1047 1048 </p> 1049 <table> 1050 <tbody> 1051 <tr> 1052 <th> 1053 CVE 1054 </th> 1055 <th> 1056 ( AOSP ) 1057 </th> 1058 <th> 1059 1060 </th> 1061 <th> 1062 1063 </th> 1064 <th> 1065 1066 </th> 1067 </tr> 1068 <tr> 1069 <td> 1070 CVE-2014-9028 1071 </td> 1072 <td> 1073 <a href="https://android.googlesource.com/platform%2Fexternal%2Fflac/+/fe03f73d86bb415f5d5145f0de091834d89ae3a9"> 1074 ANDROID-18872897 1075 </a> 1076 [ 1077 <a href="https://android.googlesource.com/platform%2Fexternal%2Fflac/+/5859ae22db0a2d16af3e3ca19d582de37daf5eb6"> 1078 2 1079 </a> 1080 ] 1081 </td> 1082 <td> 1083 1084 </td> 1085 <td> 1086 5.1 1087 </td> 1088 <td> 1089 2014 11 14 1090 </td> 1091 </tr> 1092 </tbody> 1093 </table> 1094 <p> 1095 </p> 1096 <h3 id="elevation_of_privilege_vulnerability_in_keystore"> 1097 1098 </h3> 1099 <p> 1100 API 1101 (KeyStore) 1102 1103 1104 1105 1106 </p> 1107 <table> 1108 <tbody> 1109 <tr> 1110 <th> 1111 CVE 1112 </th> 1113 <th> 1114 ( AOSP ) 1115 </th> 1116 <th> 1117 1118 </th> 1119 <th> 1120 1121 </th> 1122 <th> 1123 1124 </th> 1125 </tr> 1126 <tr> 1127 <td> 1128 CVE-2015-3863 1129 </td> 1130 <td> 1131 <a href="https://android.googlesource.com/platform%2Fsystem%2Fsecurity/+/0d5935262dbbcaf2cf6145529ffd71a728ef4609"> 1132 ANDROID-22802399 1133 </a> 1134 </td> 1135 <td> 1136 1137 </td> 1138 <td> 1139 5.1 1140 </td> 1141 <td> 1142 2015 7 28 1143 </td> 1144 </tr> 1145 </tbody> 1146 </table> 1147 <h3 id="elevation_of_privilege_vulnerability_in_media_player_framework"> 1148 1149 </h3> 1150 <p> 1151 1152 1153 1154 1155 1156 </p> 1157 <table> 1158 <tbody> 1159 <tr> 1160 <th> 1161 CVE 1162 </th> 1163 <th> 1164 ( AOSP ) 1165 </th> 1166 <th> 1167 1168 </th> 1169 <th> 1170 1171 </th> 1172 <th> 1173 1174 </th> 1175 </tr> 1176 <tr> 1177 <td> 1178 CVE-2015-3879 1179 </td> 1180 <td> 1181 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/aa4da6fa7ca2454f0713de0a5a583b5b8160166b"> 1182 ANDROID-23223325 1183 </a> 1184 [2]* 1185 </td> 1186 <td> 1187 1188 </td> 1189 <td> 1190 5.1 1191 </td> 1192 <td> 1193 2015 8 14 1194 </td> 1195 </tr> 1196 </tbody> 1197 </table> 1198 <p> 1199 * AOSP 1200 1201 <a href="https://developers.google.com/android/nexus/drivers"> 1202 Google 1203 </a> 1204 Nexus 1205 1206 </p> 1207 <h3 id="elevation_of_privilege_vulnerability_in_android_runtime"> 1208 Android 1209 </h3> 1210 <p> 1211 Android 1212 1213 1214 ( 1215 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel"> 1216 Signature 1217 </a> 1218 1219 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel"> 1220 SignatureOrSystem 1221 </a> 1222 ) 1223 </p> 1224 <table> 1225 <tbody> 1226 <tr> 1227 <th> 1228 CVE 1229 </th> 1230 <th> 1231 ( AOSP ) 1232 </th> 1233 <th> 1234 1235 </th> 1236 <th> 1237 1238 </th> 1239 <th> 1240 1241 </th> 1242 </tr> 1243 <tr> 1244 <td> 1245 CVE-2015-3865 1246 </td> 1247 <td> 1248 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fbase/+/ff8dc21278b19b22ed8dc9f9475850838336d351"> 1249 ANDROID-23050463 1250 </a> 1251 [ 1252 <a href="https://android.googlesource.com/platform%2Fcts/+/3f7334822ba4cc53f81f22f3519093bf4e1d7f89"> 1253 2 1254 </a> 1255 ] 1256 </td> 1257 <td> 1258 1259 </td> 1260 <td> 1261 5.1 1262 </td> 1263 <td> 1264 2015 8 8 1265 </td> 1266 </tr> 1267 </tbody> 1268 </table> 1269 <h3 id="elevation_of_privilege_vulnerabilities_in_mediaserver"> 1270 1271 </h3> 1272 <p> 1273 1274 1275 1276 1277 1278 </p> 1279 <table> 1280 <tbody> 1281 <tr> 1282 <th> 1283 CVE 1284 </th> 1285 <th> 1286 ( AOSP ) 1287 </th> 1288 <th> 1289 1290 </th> 1291 <th> 1292 1293 </th> 1294 <th> 1295 1296 </th> 1297 </tr> 1298 <tr> 1299 <td rowspan="3"> 1300 CVE-2015-6596 1301 </td> 1302 <td> 1303 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/b97ee930e4f7ed1587b869c92b4aa1dc90b641cc"> 1304 ANDROID-20731946 1305 </a> 1306 </td> 1307 <td rowspan="2"> 1308 1309 </td> 1310 <td rowspan="2"> 1311 5.1 1312 </td> 1313 <td rowspan="2"> 1314 1315 </td> 1316 </tr> 1317 <tr> 1318 <td> 1319 ANDROID-20719651* 1320 </td> 1321 </tr> 1322 <tr> 1323 <td> 1324 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/9ef830c6dbd4f6000b94abee3df14b9e27a38294"> 1325 ANDROID-19573085 1326 </a> 1327 </td> 1328 <td> 1329 1330 </td> 1331 <td> 1332 5.0 - 6.0 1333 </td> 1334 <td> 1335 Google 1336 </td> 1337 </tr> 1338 </tbody> 1339 </table> 1340 <p> 1341 * AOSP 1342 1343 <a href="https://developers.google.com/android/nexus/drivers"> 1344 Google 1345 </a> 1346 Nexus 1347 1348 </p> 1349 <h3 id="elevation_of_privilege_vulnerability_in_secure_element_evaluation_kit"> 1350 1351 </h3> 1352 <p> 1353 <a href="http://seek-for-android.github.io/"> 1354 SEEK 1355 </a> 1356 ( SmartCard API) 1357 1358 ( 1359 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel"> 1360 Signature 1361 </a> 1362 1363 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel"> 1364 SignatureOrSystem 1365 </a> 1366 1367 ) 1368 </p> 1369 <table> 1370 <tbody> 1371 <tr> 1372 <th> 1373 CVE 1374 </th> 1375 <th> 1376 ( AOSP ) 1377 </th> 1378 <th> 1379 1380 </th> 1381 <th> 1382 1383 </th> 1384 <th> 1385 1386 </th> 1387 </tr> 1388 <tr> 1389 <td> 1390 CVE-2015-6606 1391 </td> 1392 <td> 1393 ANDROID-22301786* 1394 </td> 1395 <td> 1396 1397 </td> 1398 <td> 1399 5.1 1400 </td> 1401 <td> 1402 2015 6 30 1403 </td> 1404 </tr> 1405 </tbody> 1406 </table> 1407 <p> 1408 * 1409 <a href="http://seek-for-android.github.io/"> 1410 SEEK for Android 1411 </a> 1412 1413 </p> 1414 <h3 id="elevation_of_privilege_vulnerability_in_media_projection"> 1415 1416 </h3> 1417 <p> 1418 1419 1420 1421 1422 1423 1424 </p> 1425 <table> 1426 <tbody> 1427 <tr> 1428 <th> 1429 CVE 1430 </th> 1431 <th> 1432 ( AOSP ) 1433 </th> 1434 <th> 1435 1436 </th> 1437 <th> 1438 1439 </th> 1440 <th> 1441 1442 </th> 1443 </tr> 1444 <tr> 1445 <td> 1446 CVE-2015-3878 1447 </td> 1448 <td> 1449 <a href="https://android.googlesource.com/platform/frameworks/base/+/b3145760db5d58a107fd1ffd8eeec67d983d45f3"> 1450 ANDROID-23345192 1451 </a> 1452 </td> 1453 <td> 1454 1455 </td> 1456 <td> 1457 5.0 - 6.0 1458 </td> 1459 <td> 1460 2015 8 18 1461 </td> 1462 </tr> 1463 </tbody> 1464 </table> 1465 <h3 id="elevation_of_privilege_vulnerability_in_bluetooth"> 1466 1467 </h3> 1468 <p> 1469 Android 1470 1471 1472 </p> 1473 <table> 1474 <tbody> 1475 <tr> 1476 <th> 1477 CVE 1478 </th> 1479 <th> 1480 ( AOSP ) 1481 </th> 1482 <th> 1483 1484 </th> 1485 <th> 1486 1487 </th> 1488 <th> 1489 1490 </th> 1491 </tr> 1492 <tr> 1493 <td> 1494 CVE-2015-3847 1495 </td> 1496 <td> 1497 <a href="https://android.googlesource.com/platform%2Fpackages%2Fapps%2FBluetooth/+/19004c751f36aa2b01d3e03d4f761d8897542bd2"> 1498 ANDROID-22343270 1499 </a> 1500 </td> 1501 <td> 1502 1503 </td> 1504 <td> 1505 5.1 1506 </td> 1507 <td> 1508 2015 7 8 1509 </td> 1510 </tr> 1511 </tbody> 1512 </table> 1513 <h3 id="elevation_of_privilege_vulnerabilities_in_sqlite"> 1514 SQLite 1515 </h3> 1516 <p> 1517 SQLite 1518 1519 SQL 1520 1521 1522 </p> 1523 <p> 1524 2015 4 8 AOSP SQLite 1525 3.8.9 1526 <a href="https://android-review.googlesource.com/#/c/145961/"> 1527 https://android-review.googlesource.com/#/c/145961/ 1528 </a> 1529 </p> 1530 <p> 1531 SQLite 1532 Android 4.4 (SQLite 3.7.11)Android 5.0 5.1 (SQLite 3.8.6) 1533 </p> 1534 <table> 1535 <tbody> 1536 <tr> 1537 <th> 1538 CVE 1539 </th> 1540 <th> 1541 ( AOSP ) 1542 </th> 1543 <th> 1544 1545 </th> 1546 <th> 1547 1548 </th> 1549 <th> 1550 1551 </th> 1552 </tr> 1553 <tr> 1554 <td> 1555 CVE-2015-6607 1556 </td> 1557 <td> 1558 <a href="https://android.googlesource.com/platform%2Fexternal%2Fsqlite/+/3fcd43a0f1ef02756029e12af3cb9ba9faa13364"> 1559 ANDROID-20099586 1560 </a> 1561 </td> 1562 <td> 1563 1564 </td> 1565 <td> 1566 5.1 1567 </td> 1568 <td> 1569 2015 4 7 1570 <br/> 1571 1572 </td> 1573 </tr> 1574 </tbody> 1575 </table> 1576 <h3 id="denial_of_service_vulnerabilities_in_mediaserver"> 1577 1578 </h3> 1579 <p> 1580 1581 1582 1583 1584 </p> 1585 <table> 1586 <tbody> 1587 <tr> 1588 <th> 1589 CVE 1590 </th> 1591 <th> 1592 ( AOSP ) 1593 </th> 1594 <th> 1595 1596 </th> 1597 <th> 1598 1599 </th> 1600 <th> 1601 1602 </th> 1603 </tr> 1604 <tr> 1605 <td rowspan="3"> 1606 CVE-2015-6605 1607 </td> 1608 <td> 1609 <a href="https://android.googlesource.com/platform%2Fexternal%2Ftremolo/+/36ec928f52271dd1feb4c86b18026564220629e9"> 1610 ANDROID-20915134 1611 </a> 1612 </td> 1613 <td rowspan="2"> 1614 1615 </td> 1616 <td rowspan="2"> 1617 5.1 1618 </td> 1619 <td rowspan="2"> 1620 Google 1621 </td> 1622 </tr> 1623 <tr> 1624 <td> 1625 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/3ce293842fed1b3abd2ff0aecd2a0c70a55086ee"> 1626 ANDROID-23142203 1627 </a> 1628 </td> 1629 </tr> 1630 <tr> 1631 <td> 1632 <a href="https://android.googlesource.com/platform%2Fexternal%2Flibhevc/+/2b67e532653b815e2341a0ac0b59d1b0ef82170d"> 1633 ANDROID-22278703 1634 </a> 1635 </td> 1636 <td> 1637 1638 </td> 1639 <td> 1640 5.0 - 6.0 1641 </td> 1642 <td> 1643 Google 1644 </td> 1645 </tr> 1646 <tr> 1647 <td> 1648 CVE-2015-3862 1649 </td> 1650 <td> 1651 <a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/f26400c9d01a0e2f71690d5ebc644270f098d590"> 1652 ANDROID-22954006 1653 </a> 1654 </td> 1655 <td> 1656 1657 </td> 1658 <td> 1659 5.1 1660 </td> 1661 <td> 1662 2015 8 2 1663 </td> 1664 </tr> 1665 </tbody> 1666 </table> 1667 <h2 id="revisions" style="margin-bottom:0px"> 1668 1669 </h2> 1670 <hr/> 1671 <ul> 1672 <li> 1673 2015 10 5 1674 </li> 1675 <li> 1676 2015 10 7 AOSP 1677 CVE-2014-9028 1678 </li> 1679 <li> 1680 2015 10 12 CVE-2015-3868CVE-2015-3869 1681 CVE-2015-3865CVE-2015-3862 1682 </li> 1683 </ul> 1684 </div> 1685 <div class="content-footer-sac" itemscope="" itemtype="http://schema.org/SiteNavigationElement"> 1686 <div class="layout-content-col col-9" style="padding-top:4px"> 1687 </div> 1688 <div class="paging-links layout-content-col col-4"> 1689 </div> 1690 </div> 1691 </div> 1692 1693 </body> 1694 </html> 1695
