1 <html devsite> 2 <head> 3 <title>Nexus - 2016 3 </title> 4 <meta name="project_path" value="/_project.yaml" /> 5 <meta name="book_path" value="/_book.yaml" /> 6 </head> 7 <body> 8 <!-- 9 Copyright 2017 The Android Open Source Project 10 11 Licensed under the Apache License, Version 2.0 (the "License"); 12 you may not use this file except in compliance with the License. 13 You may obtain a copy of the License at 14 15 http://www.apache.org/licenses/LICENSE-2.0 16 17 Unless required by applicable law or agreed to in writing, software 18 distributed under the License is distributed on an "AS IS" BASIS, 19 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 20 See the License for the specific language governing permissions and 21 limitations under the License. 22 --> 23 24 25 26 <p><em>2016 3 7 | 2016 3 8 </em></p> 27 28 <p>Google Android OTA 29 Nexus Nexus 30 <a href="https://developers.google.com/android/nexus/images">Google Developers </a> 31 LMY49H Android M ( 2016 3 1 ) 32 33 <a href="https://support.google.com/nexus/answer/4457705">Nexus </a> 34 </p> 35 36 <p> 2016 2 1 37 48 38 Android (AOSP) AOSP 39 </p> 40 41 <p> 42 43 </p> 44 45 <p> 46 <a href="/security/enhancements/index.html">Android </a> 47 ( SafetyNet) 48 Android <a href="#mitigations"></a> 49 </p> 50 51 <h2 id="security_vulnerability_summary"></h2> 52 53 <p> (CVE) 54 <a href="/security/overview/updates-resources.html#severity"></a> 55 56 57 </p> 58 <table> 59 <tr> 60 <th></th> 61 <th>CVE</th> 62 <th></th> 63 </tr> 64 <tr> 65 <td></td> 66 <td>CVE-2016-0815<br> 67 CVE-2016-0816</td> 68 <td></td> 69 </tr> 70 <tr> 71 <td>libvpx </td> 72 <td>CVE-2016-1621</td> 73 <td></td> 74 </tr> 75 <tr> 76 <td>Conscrypt </td> 77 <td>CVE-2016-0818</td> 78 <td></td> 79 </tr> 80 <tr> 81 <td>Qualcomm <br> 82 </td> 83 <td>CVE-2016-0819</td> 84 <td></td> 85 </tr> 86 <tr> 87 <td>MediaTek Wi-Fi </td> 88 <td>CVE-2016-0820</td> 89 <td></td> 90 </tr> 91 <tr> 92 <td>Keyring </td> 93 <td>CVE-2016-0728</td> 94 <td></td> 95 </tr> 96 <tr> 97 <td></td> 98 <td>CVE-2016-0821</td> 99 <td></td> 100 </tr> 101 <tr> 102 <td>MediaTek </td> 103 <td>CVE-2016-0822</td> 104 <td></td> 105 </tr> 106 <tr> 107 <td></td> 108 <td>CVE-2016-0823</td> 109 <td></td> 110 </tr> 111 <tr> 112 <td>libstagefright </td> 113 <td>CVE-2016-0824</td> 114 <td></td> 115 </tr> 116 <tr> 117 <td>Widevine </td> 118 <td>CVE-2016-0825</td> 119 <td></td> 120 </tr> 121 <tr> 122 <td></td> 123 <td>CVE-2016-0826<br> 124 CVE-2016-0827</td> 125 <td></td> 126 </tr> 127 <tr> 128 <td></td> 129 <td>CVE-2016-0828<br> 130 CVE-2016-0829</td> 131 <td></td> 132 </tr> 133 <tr> 134 <td></td> 135 <td>CVE-2016-0830</td> 136 <td></td> 137 </tr> 138 <tr> 139 <td></td> 140 <td>CVE-2016-0831</td> 141 <td></td> 142 </tr> 143 <tr> 144 <td></td> 145 <td>CVE-2016-0832</td> 146 <td></td> 147 </tr> 148 </table> 149 150 151 <h3 id="mitigations"></h3> 152 153 154 <p> <a href="/security/enhancements/index.html">Android </a> SafetyNet 155 156 Android 157 158 </p> 159 160 <ul> 161 <li>Android 162 Android 163 Android 164 <li>Android SafetyNet 165 166 Google Play Root 167 Google Play 168 Root 169 170 171 172 <li>Google Hangouts Messenger 173 174 </li></li></li></ul> 175 176 <h3 id="acknowledgements"></h3> 177 178 179 <p></p> 180 181 <ul> 182 <li> Google Chrome Abhishek AryaOliver Chang Martin Barbella 183 CVE-2016-0815 184 <li> CENSUS S.A. Anestis Bechtsoudis (<a href="https://twitter.com/anestisb">@anestisb</a>)CVE-2016-0816CVE-2016-0824 185 <li> Android Chad BrubakerCVE-2016-0818 186 <li> Google Project Zero Mark BrandCVE-2016-0820 187 <li> <a href="http://www.360safe.com"> 360</a> <a href="http://c0reteam.org">C0RE </a> Mingjian Zhou (<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>)Chiachih Wu (<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>) Xuxian JiangCVE-2016-0826 188 <li> Peter Pi (<a href="https://twitter.com/heisecode">@heisecode</a>)CVE-2016-0827CVE-2016-0828CVE-2016-0829 189 <li> Scott Bauer (<a href="mailto:sbauer (a] eng.utah.edu">sbauer (a] eng.utah.edu</a><a href="mailto:sbauer (a] plzdonthack.me">sbauer (a] plzdonthack.me</a>)CVE-2016-0822 190 <li> Wish Wu (<a href="https://twitter.com/@wish_wu">@wish_wu</a>)CVE-2016-0819 191 <li> Yongzheng Wu Tieyan LiCVE-2016-0831 192 <li> Su Mon Kywe Yingjiu LiCVE-2016-0831 193 <li> Android Zach Riggle (<a href="https://twitter.com/@ebeip90">@ebeip90</a>)CVE-2016-0821 194 </li></li></li></li></li></li></li></li></li></li></li></ul> 195 196 <h2 id="security_vulnerability_details"></h2> 197 198 199 <p><a href="#security_vulnerability_summary"></a> 200 201 CVE 202 AOSP 203 204 AOSP </p> 205 206 <h3 id="remote_code_execution_vulnerability_in_mediaserver"></h3> 207 208 209 <p> 210 211 </p> 212 213 <p> 214 215 </p> 216 217 <p> 218 219 220 </p> 221 <table> 222 <tr> 223 <th>CVE</th> 224 <th> ( AOSP )</th> 225 <th></th> 226 <th></th> 227 <th></th> 228 </tr> 229 <tr> 230 <td>CVE-2016-0815</td> 231 <td><a href="https://android.googlesource.com/platform%2Fframeworks%2Fav/+/5403587a74aee2fb57076528c3927851531c8afb">ANDROID-26365349</a> 232 </td> 233 <td></td> 234 <td>4.4.45.0.25.1.16.06.0.1</td> 235 <td>Google </td> 236 </tr> 237 <tr> 238 <td>CVE-2016-0816</td> 239 <td><a href="https://android.googlesource.com/platform/external/libavc/+/4a524d3a8ae9aa20c36430008e6bd429443f8f1d">ANDROID-25928803</a> 240 </td> 241 <td></td> 242 <td>6.06.0.1</td> 243 <td>Google </td> 244 </tr> 245 </table> 246 247 248 <h3 id="remote_code_execution_vulnerabilities_in_libvpx">libvpx </h3> 249 250 251 <p> 252 253 </p> 254 255 <p> 256 257 </p> 258 259 <p> 260 261 262 </p> 263 <table> 264 <tr> 265 <th>CVE</th> 266 <th> ( AOSP )</th> 267 <th></th> 268 <th></th> 269 <th></th> 270 </tr> 271 <tr> 272 <td>CVE-2016-1621</td> 273 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/5a6788730acfc6fd8f4a6ef89d2c376572a26b55">ANDROID-23452792</a> 274 <a href="https://android.googlesource.com/platform/external/libvpx/+/04839626ed859623901ebd3a5fd483982186b59d">[2]</a> 275 <a href="https://android.googlesource.com/platform/external/libvpx/+/5a9753fca56f0eeb9f61e342b2fccffc364f9426">[3]</a> 276 </td> 277 <td></td> 278 <td>4.4.45.0.25.1.16.0</td> 279 <td>Google </td> 280 </tr> 281 </table> 282 283 284 <h3 id="elevation_of_privilege_in_conscrypt">Conscrypt </h3> 285 286 <p>Conscrypt (CA) </p> 287 288 <table> 289 <tr> 290 <th>CVE</th> 291 <th> ( AOSP )</th> 292 <th></th> 293 <th></th> 294 <th></th> 295 </tr> 296 <tr> 297 <td>CVE-2016-0818</td> 298 <td><a href="https://android.googlesource.com/platform/external/conscrypt/+/c4ab1b959280413fb11bf4fd7f6b4c2ba38bd779">ANDROID-26232830</a> 299 <a href="https://android.googlesource.com/platform/external/conscrypt/+/4c9f9c2201116acf790fca25af43995d29980ee0">[2]</a> 300 </td> 301 <td></td> 302 <td>4.4.45.0.25.1.16.06.0.1</td> 303 <td>Google </td> 304 </tr> 305 </table> 306 307 308 <h3 id="elevation_of_privilege_vulnerability_in_the_qualcomm_performance_component">Qualcomm </h3> 309 310 311 <p>Qualcomm 312 313 (Re-flash) 314 </p> 315 <table> 316 <tr> 317 <th>CVE</th> 318 <th></th> 319 <th></th> 320 <th></th> 321 <th></th> 322 </tr> 323 <tr> 324 <td>CVE-2016-0819</td> 325 <td>ANDROID-25364034*</td> 326 <td></td> 327 <td>4.4.45.0.25.1.16.06.0.1</td> 328 <td>2015 10 29 </td> 329 </tr> 330 </table> 331 332 333 <p>* AOSP Nexus <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a></p> 334 335 <h3 id="elevation_of_privilege_vulnerability_in_mediatek_wi-fi_kernel_driver">MediaTek Wi-Fi </h3> 336 337 338 <p> MediaTek Wi-Fi 339 340 341 </p> 342 <table> 343 <tr> 344 <th>CVE</th> 345 <th></th> 346 <th></th> 347 <th></th> 348 <th></th> 349 </tr> 350 <tr> 351 <td>CVE-2016-0820</td> 352 <td>ANDROID-26267358*</td> 353 <td></td> 354 <td>6.0.1</td> 355 <td>2015 12 18 </td> 356 </tr> 357 </table> 358 359 360 <p>* AOSP Nexus <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a></p> 361 362 <h3 id="elevation_of_privilege_vulnerability_in_kernel_keyring_component"> Keyring </h3> 363 364 365 <p> Keyring 366 367 368 (Re-flash) 369 Android 5.0 370 SELinux 371 </p> 372 373 <p><strong></strong>AOSP 374 <a href="https://android.googlesource.com/kernel/common/+/8a8431507f8f5910db5ac85b72dbdc4ed8f6b308">4.1</a> 375 <a href="https://android.googlesource.com/kernel/common/+/ba8bb5774ca7b1acc314c98638cf678ce0beb19a">3.18</a> 376 <a href="https://android.googlesource.com/kernel/common/+/93faf7ad3d603c33b33e49318e81cf00f3a24a73">3.14</a> 377 <a href="https://android.googlesource.com/kernel/common/+/9fc5f368bb89b65b591c4f800dfbcc7432e49de5">3.10</a></p> 378 <table> 379 <tr> 380 <th>CVE</th> 381 <th></th> 382 <th></th> 383 <th></th> 384 <th></th> 385 </tr> 386 <tr> 387 <td>CVE-2016-0728</td> 388 <td>ANDROID-26636379 </td> 389 <td></td> 390 <td>4.4.45.0.25.1.16.06.0.1</td> 391 <td>2016 1 11 </td> 392 </tr> 393 </table> 394 395 396 <h3 id="mitigation_bypass_vulnerability_in_the_kernel"></h3> 397 398 399 <p> 400 401 402 403 </p> 404 405 <p><strong></strong> 406 <a href="https://github.com/torvalds/linux/commit/8a5e5e02fc83aaf67053ab53b359af08c6c49aaf"> Linux Upstream</a> </p> 407 408 <table> 409 <tr> 410 <th>CVE</th> 411 <th></th> 412 <th></th> 413 <th></th> 414 <th></th> 415 </tr> 416 <tr> 417 <td>CVE-2016-0821</td> 418 <td>ANDROID-26186802</td> 419 <td></td> 420 <td>6.0.1</td> 421 <td>Google </td> 422 </tr> 423 </table> 424 425 426 <h3 id="elevation_of_privilege_in_mediatek_connectivity_kernel_driver">MediaTek </h3> 427 428 429 <p>MediaTek 430 431 432 433 conn_launcher 434 </p> 435 <table> 436 <tr> 437 <th>CVE</th> 438 <th></th> 439 <th></th> 440 <th></th> 441 <th></th> 442 </tr> 443 <tr> 444 <td>CVE-2016-0822</td> 445 <td>ANDROID-25873324*</td> 446 <td></td> 447 <td>6.0.1</td> 448 <td>2015 11 24 </td> 449 </tr> 450 </table> 451 452 453 <p>* AOSP Nexus <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a></p> 454 455 <h3 id="information_disclosure_vulnerability_in_kernel"></h3> 456 457 458 <p> 459 460 461 ( ASLR) 462 </p> 463 464 <p><strong></strong> 465 <a href="https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=ab676b7d6fbf4b294bf198fb27ade5b0e865c7ce"> Linux Upstream</a> </p> 466 <table> 467 <tr> 468 <th>CVE</th> 469 <th></th> 470 <th></th> 471 <th></th> 472 <th></th> 473 </tr> 474 <tr> 475 <td>CVE-2016-0823</td> 476 <td>ANDROID-25739721*</td> 477 <td></td> 478 <td>6.0.1</td> 479 <td>Google </td> 480 </tr> 481 </table> 482 <p>* AOSP Nexus <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a></p> 483 484 <h3 id="information_disclosure_vulnerability_in_libstagefright">libstagefright </h3> 485 486 487 <p>libstagefright 488 489 490 ( <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> )</p> 491 <table> 492 <tr> 493 <th>CVE</th> 494 <th> ( AOSP )</th> 495 <th></th> 496 <th></th> 497 <th></th> 498 </tr> 499 <tr> 500 <td>CVE-2016-0824</td> 501 <td><a href="https://android.googlesource.com/platform/external/libmpeg2/+/ffab15eb80630dc799eb410855c93525b75233c3">ANDROID-25765591</a> 502 </td> 503 <td></td> 504 <td>6.06.0.1</td> 505 <td>2015 11 18 </td> 506 </tr> 507 </table> 508 509 510 <h3 id="information_disclosure_vulnerability_in_widevine">Widevine </h3> 511 512 513 <p>Widevine Trusted Application 514 TrustZone 515 516 ( 517 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> 518 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> 519 )</p> 520 <table> 521 <tr> 522 <th>CVE</th> 523 <th></th> 524 <th></th> 525 <th></th> 526 <th></th> 527 </tr> 528 <tr> 529 <td>CVE-2016-0825</td> 530 <td>ANDROID-20860039*</td> 531 <td></td> 532 <td>6.0.1</td> 533 <td>Google </td> 534 </tr> 535 </table> 536 537 538 <p>* AOSP Nexus <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a></p> 539 540 <h3 id="elevation_of_privilege_vulnerability_in_mediaserver"></h3> 541 542 543 <p> 544 545 546 ( <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> )</p> 547 <table> 548 <tr> 549 <th>CVE</th> 550 <th> ( AOSP )</th> 551 <th></th> 552 <th></th> 553 <th></th> 554 </tr> 555 <tr> 556 <td>CVE-2016-0826</td> 557 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/c9ab2b0bb05a7e19fb057e79b36e232809d70122">ANDROID-26265403</a> 558 <a href="https://android.googlesource.com/platform/frameworks/av/+/899823966e78552bb6dfd7772403a4f91471d2b0">[2]</a> 559 </td> 560 <td></td> 561 <td>4.4.45.0.25.1.16.06.0.1</td> 562 <td>2015 12 17 </td> 563 </tr> 564 <tr> 565 <td>CVE-2016-0827</td> 566 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/9e29523b9537983b4c4b205ff868d0b3bca0383b">ANDROID-26347509</a></td> 567 <td></td> 568 <td>4.4.45.0.25.1.16.06.0.1</td> 569 <td>2015 12 28 </td> 570 </tr> 571 </table> 572 573 574 <h3 id="information_disclosure_vulnerability_in_mediaserver"></h3> 575 576 577 <p> 578 579 580 ( <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> )</p> 581 <table> 582 <tr> 583 <th>CVE</th> 584 <th> ( AOSP )</th> 585 <th></th> 586 <th></th> 587 <th></th> 588 </tr> 589 <tr> 590 <td>CVE-2016-0828</td> 591 <td><a href="https://android.googlesource.com/platform/frameworks/native/+/dded8fdbb700d6cc498debc69a780915bc34d755">ANDROID-26338113</a> 592 </td> 593 <td></td> 594 <td>5.0.25.1.16.06.0.1</td> 595 <td>2015 12 27 </td> 596 </tr> 597 <tr> 598 <td>CVE-2016-0829</td> 599 <td><a href="https://android.googlesource.com/platform/frameworks/native/+/d06421fd37fbb7fd07002e6738fac3a223cb1a62">ANDROID-26338109</a></td> 600 <td></td> 601 <td>4.4.45.0.25.1.16.06.0.1</td> 602 <td>2015 12 27 </td> 603 </tr> 604 </table> 605 606 607 <h3 id="remote_denial_of_service_vulnerability_in_bluetooth"></h3> 608 609 610 <p> 611 612 613 614 615 (Flash) </p> 616 <table> 617 <tr> 618 <th>CVE</th> 619 <th> ( AOSP )</th> 620 <th></th> 621 <th></th> 622 <th></th> 623 </tr> 624 <tr> 625 <td>CVE-2016-0830</td> 626 <td><a href="https://android.googlesource.com/platform/system/bt/+/d77f1999ecece56c1cbb333f4ddc26f0b5bac2c5">ANDROID-26071376</a></td> 627 <td></td> 628 <td>6.06.0.1</td> 629 <td>Google </td> 630 </tr> 631 </table> 632 633 634 <h3 id="information_disclosure_vulnerability_in_telephony"></h3> 635 636 637 <p> 638 639 640 </p> 641 <table> 642 <tr> 643 <th>CVE</th> 644 <th> ( AOSP )</th> 645 <th></th> 646 <th></th> 647 <th></th> 648 </tr> 649 <tr> 650 <td>CVE-2016-0831</td> 651 <td><a href="https://android.googlesource.com/platform/frameworks/opt/telephony/+/79eecef63f3ea99688333c19e22813f54d4a31b1">ANDROID-25778215</a></td> 652 <td></td> 653 <td>5.0.25.1.16.06.0.1</td> 654 <td>2015 11 16 </td> 655 </tr> 656 </table> 657 658 659 <h3 id="elevation_of_privilege_vulnerability_in_setup_wizard"></h3> 660 661 662 <p> 663 664 665 </p> 666 <table> 667 <tr> 668 <th>CVE</th> 669 <th></th> 670 <th></th> 671 <th></th> 672 <th></th> 673 </tr> 674 <tr> 675 <td>CVE-2016-0832</td> 676 <td>ANDROID-25955042*</td> 677 <td></td> 678 <td>5.1.16.06.0.1</td> 679 <td>Google </td> 680 </tr> 681 </table> 682 683 684 <p>* </p> 685 686 <h2 id="common_questions_and_answers"></h2> 687 688 689 <p> 690 </p> 691 692 <p><strong>1. </strong></p> 693 694 <p>LMY49H Android 6.0 ( 2016 3 695 1 ) <a href="https://support.google.com/nexus/answer/4457705">Nexus </a> 696 697 [ro.build.version.security_patch]:[2016-03-01]</p> 698 699 <h2 id="revisions"></h2> 700 701 702 <ul> 703 <li> 2016 3 7 704 <li> 2016 3 8 AOSP 705 </li></li></ul> 706 707 </body> 708 </html> 709