1 <html devsite> 2 <head> 3 <title>Nexus - 2016 2 </title> 4 <meta name="project_path" value="/_project.yaml" /> 5 <meta name="book_path" value="/_book.yaml" /> 6 </head> 7 <body> 8 <!-- 9 Copyright 2017 The Android Open Source Project 10 11 Licensed under the Apache License, Version 2.0 (the "License"); 12 you may not use this file except in compliance with the License. 13 You may obtain a copy of the License at 14 15 http://www.apache.org/licenses/LICENSE-2.0 16 17 Unless required by applicable law or agreed to in writing, software 18 distributed under the License is distributed on an "AS IS" BASIS, 19 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 20 See the License for the specific language governing permissions and 21 limitations under the License. 22 --> 23 24 25 26 <p><em>2016 2 1 | 2016 3 7 </em></p> 27 28 <p>Google Android 29 OTA Nexus 30 Nexus 31 <a href="https://developers.google.com/android/nexus/images">Google Developers </a> 32 LMY49G Android M ( 2016 2 1 ) 33 34 <a href="https://support.google.com/nexus/answer/4457705">Nexus </a> 35 </p> 36 37 <p> 2016 1 4 38 39 Android 40 (AOSP) </p> 41 42 <p> 43 44 Broadcom Wi-Fi 45 46 </p> 47 48 <p> 49 <a href="/security/enhancements/index.html">Android </a> 50 ( SafetyNet) Android 51 <a href="#mitigations"></a></p> 52 53 <h2 id="security_vulnerability_summary"></h2> 54 55 56 <p> (CVE) 57 <a href="/security/overview/updates-resources.html#severity"></a> 58 59 60 </p> 61 <table> 62 <tr> 63 <th></th> 64 <th>CVE</th> 65 <th></th> 66 </tr> 67 <tr> 68 <td>Broadcom Wi-Fi </td> 69 <td>CVE-2016-0801<br> 70 CVE-2016-0802</td> 71 <td></td> 72 </tr> 73 <tr> 74 <td></td> 75 <td>CVE-2016-0803<br> 76 CVE-2016-0804</td> 77 <td></td> 78 </tr> 79 <tr> 80 <td>Qualcomm </td> 81 <td>CVE-2016-0805</td> 82 <td></td> 83 </tr> 84 <tr> 85 <td>Qualcomm Wi-Fi </td> 86 <td>CVE-2016-0806</td> 87 <td></td> 88 </tr> 89 <tr> 90 <td>Debugger Daemon </td> 91 <td>CVE-2016-0807</td> 92 <td></td> 93 </tr> 94 <tr> 95 <td>Minikin </td> 96 <td>CVE-2016-0808</td> 97 <td></td> 98 </tr> 99 <tr> 100 <td>Wi-Fi </td> 101 <td>CVE-2016-0809</td> 102 <td></td> 103 </tr> 104 <tr> 105 <td></td> 106 <td>CVE-2016-0810</td> 107 <td></td> 108 </tr> 109 <tr> 110 <td>libmediaplayerservice </td> 111 <td>CVE-2016-0811</td> 112 <td></td> 113 </tr> 114 <tr> 115 <td></td> 116 <td>CVE-2016-0812<br> 117 CVE-2016-0813</td> 118 <td></td> 119 </tr> 120 </table> 121 122 123 <h3 id="mitigations"></h3> 124 125 126 <p> <a href="https://source.android.com/security/enhancements/index.html">Android </a> SafetyNet 127 Android 128 </p> 129 130 <ul> 131 <li>Android 132 Android 133 Android 134 <li>Android SafetyNet 135 136 Google Play Root 137 Google Play 138 Root 139 140 141 142 <li>Google Hangouts Messenger 143 144 </li></li></li></ul> 145 146 <h3 id="acknowledgements"></h3> 147 148 149 <p></p> 150 151 <ul> 152 <li> Android Chrome CVE-2016-0809CVE-2016-0810 153 <li>Broadgate CVE-2016-0801CVE-2015-0802 154 <li> <a href="http://www.360safe.com/"> 360</a> <a href="http://c0reteam.org">C0RE </a> Chiachih Wu (<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>) 155 Mingjian Zhou (<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>) Xuxian JiangCVE-2016-0804 156 <li>Google Pixel C David RileyCVE-2016-0812 157 <li> 360 IceSword 158 Gengjia Chen (<a href="https://twitter.com/@chengjia4574">@chengjia4574</a>)CVE-2016-0805 159 <li> KeenLab (<a href="https://twitter.com/keen_lab">@keen_lab</a>) 160 Qidan He (<a href="https://twitter.com/@Flanker_hqd">@Flanker_hqd</a>)CVE-2016-0811 161 <li> (<a href="http://www.trendmicro.com">www.trendmicro.com</a>) 162 Seven Shen (<a href="https://twitter.com/@lingtongshen">@lingtongshen</a>)CVE-2016-0803 163 <li> Weichao Sun (<a href="https://twitter.com/sunblate">@sunblate</a>)CVE-2016-0808 164 <li> Android Zach Riggle (<a href="https://twitter.com/@ebeip90">@ebeip90</a>)CVE-2016-0807 165 </li></li></li></li></li></li></li></li></li></li></li></ul> 166 167 <h2 id="security_vulnerability_details"></h2> 168 169 170 <p><a href="#security_vulnerability_summary"></a> 171 172 173 CVE 174 AOSP 175 AOSP 176 </p> 177 178 <h3 id="remote_code_execution_vulnerability_in_broadcom_wi-fi_driver">Broadcom Wi-Fi </h3> 179 180 181 <p>Broadcom Wi-Fi 182 183 184 185 186 187 </p> 188 <table> 189 <tr> 190 <th>CVE</th> 191 <th></th> 192 <th></th> 193 <th></th> 194 <th></th> 195 </tr> 196 <tr> 197 <td>CVE-2016-0801</td> 198 <td><a href="https://android.googlesource.com/kernel/msm/+/68cdc8df1cb6622980b791ce03e99c255c9888af^!">ANDROID-25662029</a><br> 199 <a href="https://android.googlesource.com/kernel/msm/+/68cdc8df1cb6622980b791ce03e99c255c9888af^!">ANDROID-25662233</a></td> 200 <td></td> 201 <td>4.4.4, 5.0, 5.1.1, 6.0, 6.0.1</td> 202 <td>2015 10 25 </td> 203 </tr> 204 <tr> 205 <td>CVE-2016-0802</td> 206 <td><a href="https://android.googlesource.com/kernel/msm/+/3fffc78f70dc101add8b82af878d53457713d005^%21/">ANDROID-25306181</a></td> 207 <td></td> 208 <td>4.4.4, 5.0, 5.1.1, 6.0, 6.0.1</td> 209 <td>2015 10 26 </td> 210 </tr> 211 </table> 212 213 <h3 id="remote_code_execution_vulnerability_in_mediaserver"></h3> 214 215 <p> 216 217 </p> 218 219 <p> 220 221 </p> 222 223 <p> 224 225 226 </p> 227 <table> 228 <tr> 229 <th>CVE</th> 230 <th> ( AOSP )</th> 231 <th></th> 232 <th></th> 233 <th></th> 234 </tr> 235 <tr> 236 <td>CVE-2016-0803</td> 237 <td><a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/50270d98e26fa18b20ca88216c3526667b724ba7">ANDROID-25812794</a></td> 238 <td></td> 239 <td>4.4.4, 5.0, 5.1.1, 6.0, 6.0.1</td> 240 <td>2015 11 19 </td> 241 </tr> 242 <tr> 243 <td>CVE-2016-0804</td> 244 <td><a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/224858e719d045c8554856b12c4ab73d2375cf33">ANDROID-25070434</a></td> 245 <td></td> 246 <td>5.0, 5.1.1, 6.0, 6.0.1</td> 247 <td>2015 10 12 </td> 248 </tr> 249 </table> 250 251 252 <h3 id="elevation_of_privilege_vulnerability_in_qualcomm_performance_module">Qualcomm </h3> 253 254 255 <p>Qualcomm ARM 256 257 258 (Re-flash) 259 </p> 260 <table> 261 <tr> 262 <th>CVE</th> 263 <th></th> 264 <th></th> 265 <th></th> 266 <th></th> 267 </tr> 268 <tr> 269 <td>CVE-2016-0805</td> 270 <td>ANDROID-25773204*</td> 271 <td></td> 272 <td>4.4.4, 5.0, 5.1.1, 6.0, 6.0.1</td> 273 <td>2015 11 15 </td> 274 </tr> 275 </table> 276 277 <p>* AOSP Nexus <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a></p> 278 279 <h3 id="elevation_of_privilege_vulnerability_in_qualcomm_wifi_driver">Qualcomm Wi-Fi </h3> 280 281 282 <p> Qualcomm Wi-Fi 283 284 285 (Re-flash) 286 </p> 287 <table> 288 <tr> 289 <th>CVE</th> 290 <th></th> 291 <th></th> 292 <th></th> 293 <th></th> 294 </tr> 295 <tr> 296 <td>CVE-2016-0806</td> 297 <td>ANDROID-25344453*</td> 298 <td></td> 299 <td>4.4.4, 5.0, 5.1.1, 6.0, 6.0.1</td> 300 <td>2015 11 15 </td> 301 </tr> 302 </table> 303 304 <p>* AOSP Nexus <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a></p> 305 306 <h3 id="elevation_of_privilege_vulnerability_in_the_debuggerd">Debuggerd </h3> 307 308 309 <p>Debuggerd 310 311 312 (Re-flash) 313 </p> 314 <table> 315 <tr> 316 <th>CVE</th> 317 <th> ( AOSP )</th> 318 <th></th> 319 <th></th> 320 <th></th> 321 </tr> 322 <tr> 323 <td>CVE-2016-0807</td> 324 <td><a href="https://android.googlesource.com/platform%2Fsystem%2Fcore/+/d917514bd6b270df431ea4e781a865764d406120">ANDROID-25187394</a></td> 325 <td></td> 326 <td>6.0 6.0.1</td> 327 <td>Google </td> 328 </tr> 329 </table> 330 331 332 <h3 id="denial_of_service_vulnerability_in_minikin">Minikin </h3> 333 334 335 <p>Minikin 336 337 Minikin 338 339 </p> 340 <table> 341 <tr> 342 <th>CVE</th> 343 <th> ( AOSP )</th> 344 <th></th> 345 <th></th> 346 <th></th> 347 </tr> 348 <tr> 349 <td>CVE-2016-0808</td> 350 <td><a href="https://android.googlesource.com/platform/frameworks/minikin/+/ed4c8d79153baab7f26562afb8930652dfbf853b">ANDROID-25645298</a></td> 351 <td></td> 352 <td>5.05.1.16.06.0.1</td> 353 <td>2015 11 3 </td> 354 </tr> 355 </table> 356 357 358 <h3 id="elevation_of_privilege_vulnerability_in_wi-fi">Wi-Fi </h3> 359 360 361 <p>Wi-Fi 362 363 364 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel"></a> 365 </p> 366 <table> 367 <tr> 368 <th>CVE</th> 369 <th> ( AOSP )</th> 370 <th></th> 371 <th></th> 372 <th></th> 373 </tr> 374 <tr> 375 <td>CVE-2016-0809</td> 376 <td><a href="https://android.googlesource.com/platform/hardware/broadcom/wlan/+/2c5a4fac8bc8198f6a2635ede776f8de40a0c3e1^%21/#F0">ANDROID-25753768</a></td> 377 <td></td> 378 <td>6.06.0.1</td> 379 <td>Google </td> 380 </tr> 381 </table> 382 383 384 <h3 id="elevation_of_privilege_vulnerability_in_mediaserver"></h3> 385 386 387 <p> 388 389 390 ( <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> )</p> 391 <table> 392 <tr> 393 <th>CVE</th> 394 <th> ( AOSP )</th> 395 <th></th> 396 <th></th> 397 <th></th> 398 </tr> 399 <tr> 400 <td>CVE-2016-0810</td> 401 <td><a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/19c47afbc402542720ddd280e1bbde3b2277b586">ANDROID-25781119</a></td> 402 <td></td> 403 <td>4.4.4, 5.0, 5.1.1, 6.0, 6.0.1</td> 404 <td>Google </td> 405 </tr> 406 </table> 407 408 409 <h3 id="information_disclosure_vulnerability_in_libmediaplayerservice">libmediaplayerservice </h3> 410 411 412 <p>libmediaplayerservice 413 414 415 ( <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> )</p> 416 <table> 417 <tr> 418 <th>CVE</th> 419 <th> ( AOSP )</th> 420 <th></th> 421 <th></th> 422 <th></th> 423 </tr> 424 <tr> 425 <td>CVE-2016-0811</td> 426 <td><a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/22f824feac43d5758f9a70b77f2aca840ba62c3b">ANDROID-25800375</a></td> 427 <td></td> 428 <td>6.0, 6.0.1</td> 429 <td>2015 11 16 </td> 430 </tr> 431 </table> 432 433 434 <h3 id="elevation_of_privilege_vulnerability_in_setup_wizard"></h3> 435 436 437 <p> 438 439 440 441 </p> 442 <table> 443 <tr> 444 <th>CVE</th> 445 <th> ( AOSP )</th> 446 <th></th> 447 <th></th> 448 <th></th> 449 </tr> 450 <tr> 451 <td>CVE-2016-0812</td> 452 <td><a href="https://android.googlesource.com/platform%2Fframeworks%2Fbase/+/84669ca8de55d38073a0dcb01074233b0a417541">ANDROID-25229538</a></td> 453 <td></td> 454 <td>5.1.16.0</td> 455 <td>Google </td> 456 </tr> 457 <tr> 458 <td>CVE-2016-0813</td> 459 <td><a href="https://android.googlesource.com/platform%2Fframeworks%2Fbase/+/16a76dadcc23a13223e9c2216dad1fe5cad7d6e1">ANDROID-25476219</a></td> 460 <td></td> 461 <td>5.1.16.06.0.1</td> 462 <td>Google </td> 463 </tr> 464 </table> 465 466 <h3 id="common_questions_and_answers"></h3> 467 468 <p> 469 </p> 470 471 <p><strong>1. </strong></p> 472 473 <p>LMY49G Android 6.0 ( 2016 2 1 ) 474 <a href="https://support.google.com/nexus/answer/4457705">Nexus </a> 475 476 [ro.build.version.security_patch]:[2016-02-01]</p> 477 478 <h2 id="revisions"></h2> 479 480 481 <ul> 482 <li> 2016 2 1 483 <li> 2016 2 2 AOSP 484 <li> 2016 3 7 AOSP 485 486 </li></li></li></ul> 487 488 </body> 489 </html> 490
