Home | History | Annotate | Download | only in bulletin
      1 <html devsite>
      2   <head>
      3     <title>Nexus  - 2016  1 </title>
      4     <meta name="project_path" value="/_project.yaml" />
      5     <meta name="book_path" value="/_book.yaml" />
      6   </head>
      7   <body>
      8   <!--
      9       Copyright 2017 The Android Open Source Project
     10 
     11       Licensed under the Apache License, Version 2.0 (the "License");
     12       you may not use this file except in compliance with the License.
     13       You may obtain a copy of the License at
     14 
     15           http://www.apache.org/licenses/LICENSE-2.0
     16 
     17       Unless required by applicable law or agreed to in writing, software
     18       distributed under the License is distributed on an "AS IS" BASIS,
     19       WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
     20       See the License for the specific language governing permissions and
     21       limitations under the License.
     22   -->
     23 
     24 
     25 
     26   <p>
     27    Google  Android  (OTA) 
     28  Nexus 
     29 Nexus 
     30    <a href="https://developers.google.com/android/nexus/images">
     31     Google 
     32    </a>
     33    LMY49F 
     34  Android 6.0 ( 2016  1  1 ) 
     35 
     36    <a href="http://source.android.com/security/bulletin/2016-01-01.html#common_questions_and_answers">
     37     
     38    </a>
     39    
     40   </p>
     41   <p>
     42     2015  12  7 
     43 
     44  Android  (AOSP) 
     45   </p>
     46   <p>
     47    
     48 
     49 
     50   </p>
     51   <p>
     52    
     53    <a href="https://source.android.com/security/enhancements/">
     54     Android 
     55    </a>
     56     ( SafetyNet)  Android 
     57    <a href="http://source.android.com/security/bulletin/2016-01-01.html#mitigations">
     58     
     59    </a>
     60    
     61   </p>
     62   <h2 id="security_vulnerability_summary" style="margin-bottom:0px">
     63    
     64   </h2>
     65   <hr/>
     66   <p>
     67     (CVE) 
     68 
     69    <a href="https://source.android.com/security/overview/updates-resources.html#severity">
     70     
     71    </a>
     72    
     73   </p>
     74   <table>
     75    <tbody>
     76     <tr>
     77      <th>
     78       
     79      </th>
     80      <th>
     81       CVE
     82      </th>
     83      <th>
     84       
     85      </th>
     86     </tr>
     87     <tr>
     88      <td>
     89       
     90      </td>
     91      <td>
     92       CVE-2015-6636
     93      </td>
     94      <td>
     95       
     96      </td>
     97     </tr>
     98     <tr>
     99      <td>
    100       misc-sd 
    101      </td>
    102      <td>
    103       CVE-2015-6637
    104      </td>
    105      <td>
    106       
    107      </td>
    108     </tr>
    109     <tr>
    110      <td>
    111       Imagination Technologies 
    112      </td>
    113      <td>
    114       CVE-2015-6638
    115      </td>
    116      <td>
    117       
    118      </td>
    119     </tr>
    120     <tr>
    121      <td>
    122       Trustzone 
    123      </td>
    124      <td>
    125       CVE-2015-6639<br />
    126       CVE-2015-6647
    127      </td>
    128      <td>
    129       
    130      </td>
    131     </tr>
    132     <tr>
    133      <td>
    134       
    135      </td>
    136      <td>
    137       CVE-2015-6640
    138      </td>
    139      <td>
    140       
    141      </td>
    142     </tr>
    143     <tr>
    144      <td>
    145       
    146      </td>
    147      <td>
    148       CVE-2015-6641
    149      </td>
    150      <td>
    151       
    152      </td>
    153     </tr>
    154     <tr>
    155      <td>
    156       
    157      </td>
    158      <td>
    159       CVE-2015-6642
    160      </td>
    161      <td>
    162       
    163      </td>
    164     </tr>
    165     <tr>
    166      <td>
    167       
    168      </td>
    169      <td>
    170       CVE-2015-6643
    171      </td>
    172      <td>
    173       
    174      </td>
    175     </tr>
    176     <tr>
    177      <td>
    178       Wi-Fi 
    179      </td>
    180      <td>
    181       CVE-2015-5310
    182      </td>
    183      <td>
    184       
    185      </td>
    186     </tr>
    187     <tr>
    188      <td>
    189       Bouncy Castle 
    190      </td>
    191      <td>
    192       CVE-2015-6644
    193      </td>
    194      <td>
    195       
    196      </td>
    197     </tr>
    198     <tr>
    199      <td>
    200       SyncManager 
    201      </td>
    202      <td>
    203       CVE-2015-6645
    204      </td>
    205      <td>
    206       
    207      </td>
    208     </tr>
    209     <tr>
    210      <td>
    211        Nexus 
    212      </td>
    213      <td>
    214       CVE-2015-6646
    215      </td>
    216      <td>
    217       
    218      </td>
    219     </tr>
    220    </tbody>
    221   </table>
    222   <h2 id="mitigations" style="margin-bottom:0px">
    223    
    224   </h2>
    225   <hr/>
    226   <p>
    227    
    228    <a href="https://source.android.com/security/enhancements/index.html">
    229     Android 
    230    </a>
    231     SafetyNet 
    232  Android 
    233 
    234   </p>
    235   <ul>
    236    <li>
    237     Android 
    238  Android 
    239  Android
    240    </li>
    241    <li>
    242     Android  SafetyNet 
    243 
    244 Google Play  Root 
    245  Google Play 
    246  Root 
    247 
    248 
    249 
    250 
    251    </li>
    252    <li>
    253     Google Hangouts  Messenger 
    254 
    255    </li>
    256   </ul>
    257   <h2 id="acknowledgements" style="margin-bottom:0px">
    258    
    259   </h2>
    260   <hr/>
    261   <p>
    262    
    263   </p>
    264   <ul>
    265    <li>
    266     Google Chrome  Abhishek AryaOliver Chang  Martin Barbella
    267 CVE-2015-6636
    268    </li>
    269    <li>
    270      (
    271     <a href="https://twitter.com/k33nteam"> @K33nTeam </a>
    272     ) KEEN  Sen Nie (
    273     <a href="https://twitter.com/@nforest_"> @nforest_ </a>
    274     )  jfangCVE-2015-6637
    275    </li>
    276    <li>
    277     Android Bionic  Yabin CuiCVE-2015-6640
    278    </li>
    279    <li>
    280     Google X  Tom CraigCVE-2015-6641
    281    </li>
    282    <li>
    283     Jann Horn (
    284     <a href="https://thejh.net/">
    285      https://thejh.net
    286     </a>
    287     )CVE-2015-6642
    288    </li>
    289    <li>
    290     Jouni Malinen PGP  EFC895FACVE-2015-5310
    291    </li>
    292    <li>
    293     Google  Quan NguyenCVE-2015-6644
    294    </li>
    295    <li>
    296     Gal Beniamini (
    297     <a href="https://twitter.com/@laginimaineb"> @laginimaineb </a>
    298     
    299     <a href="http://bits-please.blogspot.com/">
    300      http://bits-please.blogspot.com
    301     </a>
    302     )CVE-2015-6639
    303    </li>
    304   </ul>
    305   <h2 id="security_vulnerability_details" style="margin-bottom:0px">
    306    
    307   </h2>
    308   <hr/>
    309   <p>
    310    
    311    <a href="http://source.android.com/security/bulletin/2016-01-01.html#security_vulnerability_summary">
    312     
    313    </a>
    314    
    315 
    316  CVE
    317  AOSP 
    318  AOSP 
    319 
    320   </p>
    321   <h3 id="remote_code_execution_vulnerability_in_mediaserver">
    322    
    323   </h3>
    324   <p>
    325    
    326 
    327 
    328   </p>
    329   <p>
    330    
    331 
    332 
    333   </p>
    334   <p>
    335    
    336 
    337 
    338 
    339   </p>
    340   <table>
    341    <tbody>
    342     <tr>
    343      <th>
    344       CVE
    345      </th>
    346      <th>
    347        ( AOSP )
    348      </th>
    349      <th>
    350       
    351      </th>
    352      <th>
    353       
    354      </th>
    355      <th>
    356       
    357      </th>
    358     </tr>
    359     <tr>
    360      <td rowspan="2">
    361       CVE-2015-6636
    362      </td>
    363      <td>
    364       <a href="https://android.googlesource.com/platform%2Fexternal%2Flibhevc/+/b9f7c2c45c6fe770b7daffb9a4e61522d1f12d51#">
    365        ANDROID-25070493
    366       </a>
    367      </td>
    368      <td>
    369       
    370      </td>
    371      <td>
    372       5.05.1.16.06.0.1
    373      </td>
    374      <td>
    375       Google 
    376      </td>
    377     </tr>
    378     <tr>
    379      <td>
    380       <a href="https://android.googlesource.com/platform%2Fexternal%2Flibhevc/+/e8bfec1fa41eafa1fd8e05d0fdc53ea0f2379518">
    381        ANDROID-24686670
    382       </a>
    383      </td>
    384      <td>
    385       
    386      </td>
    387      <td>
    388       5.05.1.16.06.0.1
    389      </td>
    390      <td>
    391       Google 
    392      </td>
    393     </tr>
    394    </tbody>
    395   </table>
    396   <h3 id="elevation_of_privilege_vulnerability_in_misc-sd_driver">
    397    misc-sd 
    398   </h3>
    399   <p>
    400    MediaTek  misc-sd 
    401 
    402 
    403  (Re-flash) 
    404 
    405   </p>
    406   <table>
    407    <tbody>
    408     <tr>
    409      <th>
    410       CVE
    411      </th>
    412      <th>
    413       
    414      </th>
    415      <th>
    416       
    417      </th>
    418      <th>
    419       
    420      </th>
    421      <th>
    422       
    423      </th>
    424     </tr>
    425     <tr>
    426      <td>
    427       CVE-2015-6637
    428      </td>
    429      <td>
    430       ANDROID-25307013*
    431      </td>
    432      <td>
    433       
    434      </td>
    435      <td>
    436       4.4.45.05.1.16.06.0.1
    437      </td>
    438      <td>
    439       2015  10  26 
    440      </td>
    441     </tr>
    442    </tbody>
    443   </table>
    444   <p>
    445    * AOSP 
    446 
    447    <a href="https://developers.google.com/android/nexus/drivers">
    448     Google 
    449    </a>
    450     Nexus 
    451   </p>
    452   <h3 id="elevation_of_privilege_vulnerability_in_the_imagination_technologies_driver">
    453    Imagination Technologies 
    454   </h3>
    455   <p>
    456    Imagination Technologies 
    457 
    458 
    459  (Re-flash) 
    460 
    461   </p>
    462   <table>
    463    <tbody>
    464     <tr>
    465      <th>
    466       CVE
    467      </th>
    468      <th>
    469       
    470      </th>
    471      <th>
    472       
    473      </th>
    474      <th>
    475       
    476      </th>
    477      <th>
    478       
    479      </th>
    480     </tr>
    481     <tr>
    482      <td>
    483       CVE-2015-6638
    484      </td>
    485      <td>
    486       ANDROID-24673908*
    487      </td>
    488      <td>
    489       
    490      </td>
    491      <td>
    492       5.05.1.16.06.0.1
    493      </td>
    494      <td>
    495       Google 
    496      </td>
    497     </tr>
    498    </tbody>
    499   </table>
    500   <p>
    501    * AOSP 
    502 
    503    <a href="https://developers.google.com/android/nexus/drivers">
    504     Google 
    505    </a>
    506     Nexus 
    507   </p>
    508   <h3 id="elevation_of_privilege_vulnerabilities_in_trustzone">
    509    Trustzone 
    510   </h3>
    511   <p>
    512    Widevine QSEE TrustZone 
    513  QSEECOM 
    514  Trustzone 
    515 
    516  (Re-flash) 
    517 
    518   </p>
    519   <table>
    520    <tbody>
    521     <tr>
    522      <th>
    523       CVE
    524      </th>
    525      <th>
    526       
    527      </th>
    528      <th>
    529       
    530      </th>
    531      <th>
    532       
    533      </th>
    534      <th>
    535       
    536      </th>
    537     </tr>
    538     <tr>
    539      <td>
    540       CVE-2015-6639
    541      </td>
    542      <td>
    543       ANDROID-24446875*
    544      </td>
    545      <td>
    546       
    547      </td>
    548      <td>
    549       5.05.1.16.06.0.1
    550      </td>
    551      <td>
    552       2015  9  23 
    553      </td>
    554     </tr>
    555     <tr>
    556      <td>
    557       CVE-2015-6647
    558      </td>
    559      <td>
    560       ANDROID-24441554*
    561      </td>
    562      <td>
    563       
    564      </td>
    565      <td>
    566       5.05.1.16.06.0.1
    567      </td>
    568      <td>
    569       2015  9  27 
    570      </td>
    571     </tr>
    572    </tbody>
    573   </table>
    574   <p>
    575    * AOSP 
    576 
    577    <a href="https://developers.google.com/android/nexus/drivers">
    578     Google 
    579    </a>
    580     Nexus 
    581   </p>
    582   <h3 id="elevation_of_privilege_vulnerability_in_kernel">
    583    
    584   </h3>
    585   <p>
    586    
    587 
    588 
    589  (Re-flash) 
    590 
    591   </p>
    592   <table>
    593    <tbody>
    594     <tr>
    595      <th>
    596       CVE
    597      </th>
    598      <th>
    599        ( AOSP )
    600      </th>
    601      <th>
    602       
    603      </th>
    604      <th>
    605       
    606      </th>
    607      <th>
    608       
    609      </th>
    610     </tr>
    611     <tr>
    612      <td>
    613       CVE-2015-6640
    614      </td>
    615      <td>
    616       <a href="https://android.googlesource.com/kernel%2Fcommon/+/69bfe2d957d903521d32324190c2754cb073be15">
    617        ANDROID-20017123
    618       </a>
    619      </td>
    620      <td>
    621       
    622      </td>
    623      <td>
    624       4.4.45.05.1.16.0
    625      </td>
    626      <td>
    627       Google 
    628      </td>
    629     </tr>
    630    </tbody>
    631   </table>
    632   <h3 id="elevation_of_privilege_vulnerability_in_bluetooth">
    633    
    634   </h3>
    635   <p>
    636    
    637  () 
    638 
    639 
    640    <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">
    641     
    642    </a>
    643     (
    644 )
    645   </p>
    646   <table>
    647    <tbody>
    648     <tr>
    649      <th>
    650       CVE
    651      </th>
    652      <th>
    653        ( AOSP )
    654      </th>
    655      <th>
    656       
    657      </th>
    658      <th>
    659       
    660      </th>
    661      <th>
    662       
    663      </th>
    664     </tr>
    665     <tr>
    666      <td>
    667       CVE-2015-6641
    668      </td>
    669      <td>
    670       <a href="https://android.googlesource.com/platform%2Fpackages%2Fapps%2FSettings/+/98f11fd1a4752beed56b5fe7a4097ec0ae0c74b3">
    671        ANDROID-23607427
    672       </a>
    673       [
    674       <a href="https://android.googlesource.com/platform%2Fframeworks%2Fbase/+/ccbe7383e63d7d23bac6bccc8e4094fe474645ec">
    675        2
    676       </a>
    677       ]
    678      </td>
    679      <td>
    680       
    681      </td>
    682      <td>
    683       6.06.0.1
    684      </td>
    685      <td>
    686       Google 
    687      </td>
    688     </tr>
    689    </tbody>
    690   </table>
    691   <h3 id="information_disclosure_vulnerability_in_kernel">
    692    
    693   </h3>
    694   <p>
    695    
    696 
    697 
    698  (
    699    <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">
    700     Signature
    701    </a>
    702    
    703    <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">
    704     SignatureOrSystem
    705    </a>
    706    )
    707   </p>
    708   <table>
    709    <tbody>
    710     <tr>
    711      <th>
    712       CVE
    713      </th>
    714      <th>
    715       
    716      </th>
    717      <th>
    718       
    719      </th>
    720      <th>
    721       
    722      </th>
    723      <th>
    724       
    725      </th>
    726     </tr>
    727     <tr>
    728      <td>
    729       CVE-2015-6642
    730      </td>
    731      <td>
    732       ANDROID-24157888*
    733      </td>
    734      <td>
    735       
    736      </td>
    737      <td>
    738       4.4.45.05.1.16.0
    739      </td>
    740      <td>
    741       2015  9  12 
    742      </td>
    743     </tr>
    744    </tbody>
    745   </table>
    746   <p>
    747    * AOSP 
    748 
    749    <a href="https://developers.google.com/android/nexus/drivers">
    750     Google 
    751    </a>
    752     Nexus 
    753 
    754   </p>
    755   <h3 id="elevation_of_privilege_vulnerability_in_setup_wizard">
    756    
    757   </h3>
    758   <p>
    759    
    760 
    761 
    762 
    763 
    764   </p>
    765   <table>
    766    <tbody>
    767     <tr>
    768      <th>
    769       CVE
    770      </th>
    771      <th>
    772        ( AOSP )
    773      </th>
    774      <th>
    775       
    776      </th>
    777      <th>
    778       
    779      </th>
    780      <th>
    781       
    782      </th>
    783     </tr>
    784     <tr>
    785      <td>
    786       CVE-2015-6643
    787      </td>
    788      <td>
    789       <a href="https://android.googlesource.com/platform/packages/apps/Settings/+/665ac7bc29396fd5af2ecfdfda2b9de7a507daa0">
    790        ANDROID-25290269
    791       </a>
    792       [
    793       <a href="https://android.googlesource.com/platform/packages/apps/Settings/+/a7ff2e955d2509ed28deeef984347e093794f92b">
    794        2
    795       </a>
    796       ]
    797      </td>
    798      <td>
    799       
    800      </td>
    801      <td>
    802       5.1.16.06.0.1
    803      </td>
    804      <td>
    805       Google 
    806      </td>
    807     </tr>
    808    </tbody>
    809   </table>
    810   <h3 id="elevation_of_privilege_vulnerability_in_wi-fi">
    811    Wi-Fi 
    812   </h3>
    813   <p>
    814    Wi-Fi 
    815  Wi-Fi 
    816 
    817 
    818    <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">
    819     
    820    </a>
    821     ()
    822 
    823   </p>
    824   <table>
    825    <tbody>
    826     <tr>
    827      <th>
    828       CVE
    829      </th>
    830      <th>
    831        ( AOSP )
    832      </th>
    833      <th>
    834       
    835      </th>
    836      <th>
    837       
    838      </th>
    839      <th>
    840       
    841      </th>
    842     </tr>
    843     <tr>
    844      <td>
    845       CVE-2015-5310
    846      </td>
    847      <td>
    848       <a href="https://android.googlesource.com/platform%2Fexternal%2Fwpa_supplicant_8/+/1e9857b5f1dd84ac5a0ada0150b1b9c87d44d99d">
    849        ANDROID-25266660
    850       </a>
    851      </td>
    852      <td>
    853       
    854      </td>
    855      <td>
    856       4.4.45.05.1.16.06.0.1
    857      </td>
    858      <td>
    859       2015  10  25 
    860      </td>
    861     </tr>
    862    </tbody>
    863   </table>
    864   <h3 id="information_disclosure_vulnerability_in_bouncy_castle">
    865    Bouncy Castle 
    866   </h3>
    867   <p>
    868    Bouncy Castle 
    869 
    870 
    871    <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">
    872     
    873    </a>
    874    
    875   </p>
    876   <table>
    877    <tbody>
    878     <tr>
    879      <th>
    880       CVE
    881      </th>
    882      <th>
    883        ( AOSP )
    884      </th>
    885      <th>
    886       
    887      </th>
    888      <th>
    889       
    890      </th>
    891      <th>
    892       
    893      </th>
    894     </tr>
    895     <tr>
    896      <td>
    897       CVE-2015-6644
    898      </td>
    899      <td>
    900       <a href="https://android.googlesource.com/platform/external/bouncycastle/+/3e128c5fea3a0ca2d372aa09c4fd4bb0eadfbd3f">
    901        ANDROID-24106146
    902       </a>
    903      </td>
    904      <td>
    905       
    906      </td>
    907      <td>
    908       4.4.45.05.1.16.06.0.1
    909      </td>
    910      <td>
    911       Google 
    912      </td>
    913     </tr>
    914    </tbody>
    915   </table>
    916   <h3 id="denial_of_service_vulnerability_in_syncmanager">
    917    SyncManager 
    918   </h3>
    919   <p>
    920    SyncManager 
    921 
    922 
    923 
    924   </p>
    925   <table>
    926    <tbody>
    927     <tr>
    928      <th>
    929       CVE
    930      </th>
    931      <th>
    932        ( AOSP )
    933      </th>
    934      <th>
    935       
    936      </th>
    937      <th>
    938       
    939      </th>
    940      <th>
    941       
    942      </th>
    943     </tr>
    944     <tr>
    945      <td>
    946       CVE-2015-6645
    947      </td>
    948      <td>
    949       <a href="https://android.googlesource.com/platform%2Fframeworks%2Fbase/+/c0f39c1ece72a05c796f7ba30b7a2b5b580d5025">
    950        ANDROID-23591205
    951       </a>
    952      </td>
    953      <td>
    954       
    955      </td>
    956      <td>
    957       4.4.45.05.1.16.0
    958      </td>
    959      <td>
    960       Google 
    961      </td>
    962     </tr>
    963    </tbody>
    964   </table>
    965   <h3 id="attack_surface_reduction_for_nexus_kernels">
    966     Nexus 
    967   </h3>
    968   <p>
    969     Android  SysV IPC
    970 
    971 System V
    972 IPC  Android 
    973 
    974  CVE-2015-7613 
    975   </p>
    976   <table>
    977    <tbody>
    978     <tr>
    979      <th>
    980       CVE
    981      </th>
    982      <th>
    983       
    984      </th>
    985      <th>
    986       
    987      </th>
    988      <th>
    989       
    990      </th>
    991      <th>
    992       
    993      </th>
    994     </tr>
    995     <tr>
    996      <td>
    997       CVE-2015-6646
    998      </td>
    999      <td>
   1000       ANDROID-22300191*
   1001      </td>
   1002      <td>
   1003       
   1004      </td>
   1005      <td>
   1006       6.0
   1007      </td>
   1008      <td>
   1009       Google 
   1010      </td>
   1011     </tr>
   1012    </tbody>
   1013   </table>
   1014   <p>
   1015    * AOSP 
   1016 
   1017    <a href="https://developers.google.com/android/nexus/drivers">
   1018     Google 
   1019    </a>
   1020     Nexus 
   1021 
   1022   </p>
   1023   <h3 id="common_questions_and_answers">
   1024    
   1025   </h3>
   1026   <p>
   1027    
   1028 
   1029   </p>
   1030   <p>
   1031    <strong>
   1032     1. 
   1033    </strong>
   1034   </p>
   1035   <p>
   1036    LMY49F  Android 6.0 
   1037 ( 2016  1  1 ) 
   1038 
   1039    <a href="https://support.google.com/nexus/answer/4457705">
   1040     Nexus 
   1041    </a>
   1042    
   1043 
   1044 [ro.build.version.security_patch]:[2016-01-01]
   1045   </p>
   1046   <h2 id="revisions" style="margin-bottom:0px">
   1047    
   1048   </h2>
   1049   <hr/>
   1050   <ul>
   1051    <li>
   1052     2016  1  4 
   1053    </li>
   1054    <li>
   1055     2016  1  6  AOSP 
   1056    </li>
   1057   </ul>
   1058 
   1059   </body>
   1060 </html>
   1061