1 <html devsite> 2 <head> 3 <title>Nexus - 2016 4 </title> 4 <meta name="project_path" value="/_project.yaml" /> 5 <meta name="book_path" value="/_book.yaml" /> 6 </head> 7 <body> 8 <!-- 9 Copyright 2017 The Android Open Source Project 10 11 Licensed under the Apache License, Version 2.0 (the "License"); 12 you may not use this file except in compliance with the License. 13 You may obtain a copy of the License at 14 15 http://www.apache.org/licenses/LICENSE-2.0 16 17 Unless required by applicable law or agreed to in writing, software 18 distributed under the License is distributed on an "AS IS" BASIS, 19 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 20 See the License for the specific language governing permissions and 21 limitations under the License. 22 --> 23 24 25 26 27 28 <p><em>2016 4 4 | 2016 4 6 </em></p> 29 <p>Google Android OTA Nexus 30 Nexus <a href="https://developers.google.com/android/nexus/images">Google Developers </a> 31 2016 4 2 ( <a href="https://support.google.com/nexus/answer/4457705">Nexus </a>)</p> 32 <p> 2016 3 16 Android (AOSP) </p> 33 <p></p> 34 <p><a href="/security/advisory/2016-03-18.html"> 35 Android 2016-03-18</a> ( Root ) <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1805">CVE-2015-1805</a> <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1805">CVE-2015-1805</a> <a href="/security/enhancements/index.html">Android </a> ( SafetyNet) Android <a href="#mitigations"></a></p> 36 <h2 id="security_vulnerability_summary"></h2> 37 <p> (CVE) 38 39 <a href="/security/overview/updates-resources.html#severity"></a></p> 40 <table> 41 <tr> 42 <th></th> 43 <th>CVE</th> 44 <th></th> 45 </tr> 46 <tr> 47 <td>DHCPCD </td> 48 <td>CVE-2016-1503<br/> 49 CVE-2014-6060</td> 50 <td></td> 51 </tr> 52 <tr> 53 <td></td> 54 <td>CVE-2016-0834</td> 55 <td></td> 56 </tr> 57 <tr> 58 <td></td> 59 <td>CVE-2016-0835<br/> 60 CVE-2016-0836<br/> 61 CVE-2016-0837<br/> 62 CVE-2016-0838<br/> 63 CVE-2016-0839<br/> 64 CVE-2016-0840<br/> 65 CVE-2016-0841</td> 66 <td></td> 67 </tr> 68 <tr> 69 <td>libstagefright </td> 70 <td>CVE-2016-0842</td> 71 <td></td> 72 </tr> 73 <tr> 74 <td></td> 75 <td>CVE-2015-1805</td> 76 <td></td> 77 </tr> 78 <tr> 79 <td>Qualcomm <br/> 80 </td> 81 <td>CVE-2016-0843</td> 82 <td></td> 83 </tr> 84 <tr> 85 <td>Qualcomm RF </td> 86 <td>CVE-2016-0844</td> 87 <td></td> 88 </tr> 89 <tr> 90 <td></td> 91 <td>CVE-2014-9322</td> 92 <td></td> 93 </tr> 94 <tr> 95 <td>IMemory Native Interface </td> 96 <td>CVE-2016-0846</td> 97 <td></td> 98 </tr> 99 <tr> 100 <td>Telecom </td> 101 <td>CVE-2016-0847</td> 102 <td></td> 103 </tr> 104 <tr> 105 <td></td> 106 <td>CVE-2016-0848</td> 107 <td></td> 108 </tr> 109 <tr> 110 <td></td> 111 <td>CVE-2016-0849</td> 112 <td></td> 113 </tr> 114 <tr> 115 <td></td> 116 <td>CVE-2016-0850</td> 117 <td></td> 118 </tr> 119 <tr> 120 <td>Texas Instruments </td> 121 <td>CVE-2016-2409</td> 122 <td></td> 123 </tr> 124 <tr> 125 <td></td> 126 <td>CVE-2016-2410</td> 127 <td></td> 128 </tr> 129 <tr> 130 <td>Qualcomm <br/> 131 </td> 132 <td>CVE-2016-2411</td> 133 <td></td> 134 </tr> 135 <tr> 136 <td>System_server </td> 137 <td>CVE-2016-2412</td> 138 <td></td> 139 </tr> 140 <tr> 141 <td></td> 142 <td>CVE-2016-2413</td> 143 <td></td> 144 </tr> 145 <tr> 146 <td>Minikin </td> 147 <td>CVE-2016-2414</td> 148 <td></td> 149 </tr> 150 <tr> 151 <td>Exchange ActiveSync </td> 152 <td>CVE-2016-2415</td> 153 <td></td> 154 </tr> 155 <tr> 156 <td></td> 157 <td>CVE-2016-2416<br/> 158 CVE-2016-2417<br/> 159 CVE-2016-2418<br/> 160 CVE-2016-2419</td> 161 <td></td> 162 </tr> 163 <tr> 164 <td>Debuggerd </td> 165 <td>CVE-2016-2420</td> 166 <td></td> 167 </tr> 168 <tr> 169 <td></td> 170 <td>CVE-2016-2421</td> 171 <td></td> 172 </tr> 173 <tr> 174 <td>Wi-Fi </td> 175 <td>CVE-2016-2422</td> 176 <td></td> 177 </tr> 178 <tr> 179 <td></td> 180 <td>CVE-2016-2423</td> 181 <td></td> 182 </tr> 183 <tr> 184 <td>SyncStorageEngine </td> 185 <td>CVE-2016-2424</td> 186 <td></td> 187 </tr> 188 <tr> 189 <td>AOSP Mail </td> 190 <td>CVE-2016-2425</td> 191 <td></td> 192 </tr> 193 <tr> 194 <td></td> 195 <td>CVE-2016-2426</td> 196 <td></td> 197 </tr> 198 <tr> 199 <td>BouncyCastle </td> 200 <td>CVE-2016-2427</td> 201 <td></td> 202 </tr> 203 </table> 204 <h2 id="mitigations"></h2> 205 <p> <a href="/security/enhancements/index.html">Android </a> SafetyNet Android </p> 206 <ul> 207 <li>Android Android Android 208 </li><li>Android SafetyNet Google Play Root Google Play ( Root ) 209 </li><li>Google Hangouts Messenger 210 </li></ul> 211 <h2 id="acknowledgements"></h2> 212 <p>Android </p> 213 <ul> 214 <li>Google Chrome Abhishek AryaOliver Chang 215 Martin BarbellaCVE-2016-0834CVE-2016-0841CVE-2016-0840CVE-2016-0839CVE-2016-0838 216 </li><li>CENSUS S.A. Anestis Bechtsoudis 217 (<a href="https://twitter.com/anestisb">@anestisb</a>)CVE-2016-0842CVE-2016-0836CVE-2016-0835 218 </li><li>Google Brad Ebinger Santos CordonCVE-2016-0847 219 </li><li><a href="https://www.ibr.cs.tu-bs.de"> 220 </a> Dominik SchrmannCVE-2016-2425 221 </li><li> 360 IceSword 222 Gengjia Chen (<a href="https://twitter.com/chengjia4574">@chengjia4574</a>) 223 <a href="http://weibo.com/jfpan ">pjf</a>Jianqiang Zhao 224 (<a href="https://twitter.com/jianqiangzhao ">@jianqiangzhao</a>)CVE-2016-0844 225 </li><li> <a href="https://www.epfl.ch"></a> 226 <a href="mailto:gpiskas (a] gmail.com">George Piskas</a>CVE-2016-2426 227 </li><li><a href="http://www.360.com/"> 360 </a> 228 Guang Gong () (<a href="https://twitter.com/oldfresher">@oldfresher</a>)CVE-2016-2412CVE-2016-2416 229 </li><li>Google Project Zero James ForshawCVE-2016-2417CVE-2016-0846 230 </li><li> 360 IceSword 231 Jianqiang Zhao (<a href="https://twitter.com/jianqiangzhao ">@jianqiangzhao</a>) 232 <a href="http://weibo.com/jfpan ">pjf</a> Gengjia Chen (<a href="https://twitter.com/chengjia4574">@chengjia4574</a>) 233 CVE-2016-2410CVE-2016-2411 234 </li><li> 360 IceSword 235 Jianqiang Zhao (<a href="https://twitter.com/jianqiangzhao ">@jianqiangzhao</a>) <a href="http://weibo.com/jfpan ">pjf</a>CVE-2016-2409 236 </li><li>Vertu Corporation LTD Nancy WangCVE-2016-0837 237 </li><li> <a href="mailto:nasim (a] zamir.ca">Nasim Zamir</a>CVE-2016-2409 238 </li><li>Qualcomm Product Security Initiative 239 Nico Golde (<a href="https://twitter.com/iamnion">@iamnion</a>)CVE-2016-2420CVE-2016-0849 240 </li><li> Peter Pi 241 (<a href="https://twitter.com/heisecode">@heisecode</a>)CVE-2016-2418CVE-2016-2413CVE-2016-2419 242 </li><li>Google Quan NguyenCVE-2016-2427 243 </li><li>Richard ShupakCVE-2016-2415 244 </li><li><a href="https://labs.mwrinfosecurity.com/">MWR Labs</a> Romain Trouv 245 (<a href="https://twitter.com/bouuntyyy">@bouuntyyy)</a>CVE-2016-0850 246 </li><li>Stuart HendersonCVE-2016-2422 247 </li><li>Android Vishwath MohanCVE-2016-2424 248 </li><li> Weichao Sun 249 (<a href="https://twitter.com/sunblate">@sunblate</a>)CVE-2016-2414 250 </li><li> 251 Wish Wu (<a href="https://twitter.com/wish_wu">@wish_wu</a>)CVE-2016-0843 252 </li><li> 253 <a href="mailto:luc2yj (a] gmail.com">Yeonjoon Lee</a> <a href="mailto:xw7 (a] indiana.edu">Xiaofeng Wang</a> 254 <a href="mailto:litongxin1991 (a] gmail.com">Tongxin Li</a> 255 <a href="mailto:hanxinhui (a] pku.edu.cn">Xinhui Han</a>CVE-2016-0848 256 </li></ul> 257 <p>Android 258 <a href="http://c0reteam.org">C0RE </a> 259 <a href="mailto:computernik (a] gmail.com">Yuan-Tsung Lo</a> 260 <a href="mailto:vancouverdou (a] gmail.com">Wenke Dou</a> 261 Chiachih Wu (<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>) 262 Xuxian Jiang 263 <a href="https://www.zimperium.com/">Zimperium</a> CVE-2015-1805 </p> 264 <h2 id="security_vulnerability_details"></h2> 265 <p><a href="#security_vulnerability_summary"></a> CVE 266 AOSP AOSP </p> 267 <h3 id="remote_code_execution_vulnerability_in_dhcpcd">DHCPCD </h3> 268 <p> (Dynamic Host Configuration Protocol) DHCP DHCP </p> 269 <table> 270 <tr> 271 <th>CVE</th> 272 <th> ( AOSP )</th> 273 <th></th> 274 <th></th> 275 <th></th> 276 </tr> 277 <tr> 278 <td>CVE-2014-6060</td> 279 <td><a href="https://android.googlesource.com/platform/external/dhcpcd/+/38cb7a7feff88d58fb4a565ba7f12cd4469af243"> 280 ANDROID-15268738</a></td> 281 <td></td> 282 <td>4.4.4</td> 283 <td>2014 7 30 </td> 284 </tr> 285 <tr> 286 <td>CVE-2014-6060</td> 287 <td><a href="https://android.googlesource.com/platform/external/dhcpcd/+/de806dfdb6dd3b9dec5d1d23c9029fb300799cf8"> 288 ANDROID-16677003</a></td> 289 <td></td> 290 <td>4.4.4</td> 291 <td>2014 7 30 </td> 292 </tr> 293 <tr> 294 <td>CVE-2016-1503</td> 295 <td><a href="https://android.googlesource.com/platform/external/dhcpcd/+/1390ace71179f04a09c300ee8d0300aa69d9db09"> 296 ANDROID-26461634</a></td> 297 <td></td> 298 <td>4.4.45.0.25.1.16.06.0.1</td> 299 <td>2016 1 4 </td> 300 </tr> 301 </table> 302 <h3 id="remote_code_execution_vulnerability_in_media_codec"></h3> 303 <p></p> 304 <p></p> 305 <p></p> 306 <table> 307 <tr> 308 <th>CVE</th> 309 <th></th> 310 <th></th> 311 <th></th> 312 <th></th> 313 </tr> 314 <tr> 315 <td>CVE-2016-0834</td> 316 <td>ANDROID-26220548*</td> 317 <td></td> 318 <td>6.06.0.1</td> 319 <td>2015 12 16 </td> 320 </tr> 321 </table> 322 <p>* AOSP Nexus <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a></p> 323 <h3 id="remote_code_execution_vulnerability_in_mediaserver"></h3> 324 <p></p> 325 <p></p> 326 <p></p> 327 <table> 328 <tr> 329 <th>CVE</th> 330 <th> ( AOSP )</th> 331 <th></th> 332 <th></th> 333 <th></th> 334 </tr> 335 <tr> 336 <td>CVE-2016-0835</td> 337 <td><a href="https://android.googlesource.com/platform/external/libmpeg2/+/ba604d336b40fd4bde1622f64d67135bdbd61301"> 338 ANDROID-26070014</a> 339 [<a href="https://android.googlesource.com/platform/external/libmpeg2/+/58a6822d7140137ce957c6d2fc20bae1374186c1">2</a>] 340 </td> 341 <td></td> 342 <td>6.06.0.1</td> 343 <td>2015 12 6 </td> 344 </tr> 345 <tr> 346 <td>CVE-2016-0836</td> 347 <td><a href="https://android.googlesource.com/platform/external/libmpeg2/+/8b4ed5a23175b7ffa56eea4678db7287f825e985"> 348 ANDROID-25812590</a></td> 349 <td></td> 350 <td>6.06.0.1</td> 351 <td>2015 11 19 </td> 352 </tr> 353 <tr> 354 <td>CVE-2016-0837</td> 355 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/7a282fb64fef25349e9d341f102d9cea3bf75baf"> 356 ANDROID-27208621</a></td> 357 <td></td> 358 <td>4.4.45.0.25.1.16.06.0.1</td> 359 <td>2016 2 11 </td> 360 </tr> 361 <tr> 362 <td>CVE-2016-0838</td> 363 <td><a href="https://android.googlesource.com/platform/external/sonivox/+/3ac044334c3ff6a61cb4238ff3ddaf17c7efcf49"> 364 ANDROID-26366256</a> 365 [<a href="https://android.googlesource.com/platform/external/sonivox/+/24d7c408c52143bce7b49de82f3913fd8d1219cf">2</a>]</td> 366 <td></td> 367 <td>4.4.45.0.25.1.16.06.0.1</td> 368 <td>Google </td> 369 </tr> 370 <tr> 371 <td>CVE-2016-0839</td> 372 <td><a href="https://android.googlesource.com/platform/hardware/qcom/audio/+/ebbb82365172337c6c250c6cac4e326970a9e351"> 373 ANDROID-25753245</a></td> 374 <td></td> 375 <td>6.06.0.1</td> 376 <td>Google </td> 377 </tr> 378 <tr> 379 <td>CVE-2016-0840</td> 380 <td><a href="https://android.googlesource.com/platform/external/libavc/+/c57fc3703ae2e0d41b1f6580c50015937f2d23c1"> 381 ANDROID-26399350</a></td> 382 <td></td> 383 <td>6.06.0.1</td> 384 <td>Google </td> 385 </tr> 386 <tr> 387 <td>CVE-2016-0841</td> 388 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/3097f364237fb552871f7639d37a7afa4563e252"> 389 ANDROID-26040840</a></td> 390 <td></td> 391 <td>4.4.45.0.25.1.16.06.0.1</td> 392 <td>Google </td> 393 </tr> 394 </table> 395 <h3 id="remote_code_execution_vulnerability_in_libstagefright">libstagefright </h3> 396 <p> libstagefright </p> 397 <p></p> 398 <p></p> 399 <table> 400 <tr> 401 <th>CVE</th> 402 <th> ( AOSP )</th> 403 <th></th> 404 <th></th> 405 <th></th> 406 </tr> 407 <tr> 408 <td>CVE-2016-0842</td> 409 <td><a href="https://android.googlesource.com/platform/external/libavc/+/943323f1d9d3dd5c2634deb26cbe72343ca6b3db"> 410 ANDROID-25818142</a></td> 411 <td></td> 412 <td>6.06.0.1</td> 413 <td>2015 11 23 </td> 414 </tr> 415 </table> 416 <h3 id="elevation_of_privilege_vulnerability_in_kernel"></h3> 417 <p> (Re-flash) <a href="/security/advisory/2016-03-18.html">Android 2016-03-18</a></p> 418 <table> 419 <tr> 420 <th>CVE</th> 421 <th></th> 422 <th></th> 423 <th></th> 424 <th></th> 425 </tr> 426 <tr> 427 <td>CVE-2015-1805</td> 428 <td>ANDROID-27275324*</td> 429 <td></td> 430 <td>4.4.45.0.25.1.16.06.0.1</td> 431 <td>2016 2 19 </td> 432 </tr> 433 </table> 434 <p>* AOSP 435 <a href="https://android.googlesource.com/kernel/common/+/bf010e99c9bc48002f6bfa1ad801a59bf996270f">3.14</a> 436 <a href="https://android.googlesource.com/kernel/common/+/4a5a45669796c5b4617109182e25b321f9f00beb">3.10</a> 437 <a href="https://android.googlesource.com/kernel/common/+/f7ebfe91b806501808413c8473a300dff58ddbb5">3.4</a></p> 438 <h3 id="elevation_of_privilege_vulnerability_in_qualcomm_performance_module">Qualcomm </h3> 439 <p>Qualcomm ARM (Re-flash) </p> 440 <table> 441 <tr> 442 <th>CVE</th> 443 <th></th> 444 <th></th> 445 <th></th> 446 <th></th> 447 </tr> 448 <tr> 449 <td>CVE-2016-0843</td> 450 <td>ANDROID-25801197*</td> 451 <td></td> 452 <td>4.4.45.0.25.1.16.06.0.1</td> 453 <td>2015 11 19 </td> 454 </tr> 455 </table> 456 <p>* AOSP Nexus <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a></p> 457 <h3 id="elevation_of_privilege_in_qualcomm_rf_component">Qualcomm RF </h3> 458 <p> Qualcomm RF (Re-flash) </p> 459 <table> 460 <tr> 461 <th>CVE</th> 462 <th></th> 463 <th></th> 464 <th></th> 465 <th></th> 466 </tr> 467 <tr> 468 <td>CVE-2016-0844</td> 469 <td>ANDROID-26324307*</td> 470 <td></td> 471 <td>6.06.0.1</td> 472 <td>2015 12 25 </td> 473 </tr> 474 </table> 475 <p>* AOSP <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.18/commit/?id=90a9da2ea95e86b4f0ff493cd891a11da0ee67aa"> Linux </a></p> 476 <h3 id="elevation_of_privilege_vulnerability_in_kernel12"></h3> 477 <p> (Re-flash) </p> 478 <table> 479 <tr> 480 <th>CVE</th> 481 <th> ( AOSP )</th> 482 <th></th> 483 <th></th> 484 <th></th> 485 </tr> 486 <tr> 487 <td>CVE-2014-9322</td> 488 <td><a href="https://android.googlesource.com/kernel/common/+/c22e479e335628ce8766cfbf06e2ba17e8f9a1bb">ANDROID-26927260</a> 489 [<a href="https://android.googlesource.com/kernel/common/+/1b627d4e5e61e89b840f77abb3ca6711ad6ffbeb">2</a>] 490 [<a href="https://android.googlesource.com/kernel/common/+/4c941665c7368a34b146929b31949555e680a4ee">3</a>]<br/> 491 [<a href="https://android.googlesource.com/kernel/common/+/758f0dac9104b46016af98304656a0268ac3e105">4</a>] 492 [<a href="https://android.googlesource.com/kernel/common/+/44d057a37868a60bc2eb6e7d1dcea701f234d56a">5</a>] 493 [<a href="https://android.googlesource.com/kernel/common/+/b9b9f908c8ae82b73b9d75181982028b6bc06c2b">6</a>] 494 [<a href="https://android.googlesource.com/kernel/common/+/e068734f9e7344997a61022629b92d142a985ab3">7</a>] 495 [<a href="https://android.googlesource.com/kernel/common/+/fdc6c1052bc7d89a5826904fbb4318677e8442ce">8</a>] 496 [<a href="https://android.googlesource.com/kernel/common/+/211d59c0034ec9d88690c750ccd6da27f6952dc5">9</a>] 497 [<a href="https://android.googlesource.com/kernel/common/+/c9e31d5a4747e9967ace6d05896c78516c4c0850">10</a>] 498 [<a href="https://android.googlesource.com/kernel/common/+/e01834bfbafd25fd392bf10014451c4e5f34f829">11</a>]</td> 499 <td></td> 500 <td>6.06.0.1</td> 501 <td>2015 12 25 </td> 502 </tr> 503 </table> 504 <h3 id="elevation_of_privilege_in_imemory_native_interface"> 505 IMemory Native Interface </h3> 506 <p>IMemory Native Interface ( <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> )</p> 507 <table> 508 <tr> 509 <th>CVE</th> 510 <th> ( AOSP )</th> 511 <th></th> 512 <th></th> 513 <th></th> 514 </tr> 515 <tr> 516 <td>CVE-2016-0846</td> 517 <td><a href="https://android.googlesource.com/platform/frameworks/native/+/f3199c228aced7858b75a8070b8358c155ae0149"> 518 ANDROID-26877992</a></td> 519 <td></td> 520 <td>4.4.45.0.25.1.16.06.0.1</td> 521 <td>2016 1 29 </td> 522 </tr> 523 </table> 524 <h3 id="elevation_of_privilege_vulnerability_in_telecom_component"> 525 Telecom </h3> 526 <p>Telecom ( <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> ) </p> 527 <table> 528 <tr> 529 <th>CVE</th> 530 <th> ( AOSP )</th> 531 <th></th> 532 <th></th> 533 <th></th> 534 </tr> 535 <tr> 536 <td>CVE-2016-0847</td> 537 <td><a href="https://android.googlesource.com/platform/packages/services/Telecomm/+/2750faaa1ec819eed9acffea7bd3daf867fda444"> 538 ANDROID-26864502</a> 539 [<a href="https://android.googlesource.com/platform/packages/services/Telephony/+/a294ae5342410431a568126183efe86261668b5d">2</a>] 540 </td> 541 <td></td> 542 <td>5.0.25.1.16.06.0.1</td> 543 <td>Google </td> 544 </tr> 545 </table> 546 <h3 id="elevation_of_privilege_vulnerability_in_download_manager"> 547 </h3> 548 <p> ( <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> 549 <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> ) </p> 550 <table> 551 <tr> 552 <th>CVE</th> 553 <th> ( AOSP )</th> 554 <th></th> 555 <th></th> 556 <th></th> 557 </tr> 558 <tr> 559 <td>CVE-2016-0848</td> 560 <td><a href="https://android.googlesource.com/platform/packages/providers/DownloadProvider/+/bdc831357e7a116bc561d51bf2ddc85ff11c01a9"> 561 ANDROID-26211054</a></td> 562 <td></td> 563 <td>4.4.45.0.25.1.16.06.0.1</td> 564 <td>2015 12 14 </td> 565 </tr> 566 </table> 567 <h3 id="elevation_of_privilege_in_recovery_procedure"> 568 </h3> 569 <p> 570 ( <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> )</p> 571 <table> 572 <tr> 573 <th>CVE</th> 574 <th> ( AOSP )</th> 575 <th></th> 576 <th></th> 577 <th></th> 578 </tr> 579 <tr> 580 <td>CVE-2016-0849</td> 581 <td><a href="https://android.googlesource.com/platform/bootable/recovery/+/28a566f7731b4cb76d2a9ba16d997ac5aeb07dad"> 582 ANDROID-26960931</a></td> 583 <td></td> 584 <td>5.0.25.1.16.06.0.1</td> 585 <td>2016 2 3 </td> 586 </tr> 587 </table> 588 <h3 id="elevation_of_privilege_in_bluetooth"> 589 </h3> 590 <p> () </p> 591 <table> 592 <tr> 593 <th>CVE</th> 594 <th> ( AOSP )</th> 595 <th></th> 596 <th></th> 597 <th></th> 598 </tr> 599 <tr> 600 <td>CVE-2016-0850</td> 601 <td><a href="https://android.googlesource.com/platform/external/bluetooth/bluedroid/+/c677ee92595335233eb0e7b59809a1a94e7a678a"> 602 ANDROID-26551752</a></td> 603 <td></td> 604 <td>4.4.45.0.25.1.16.06.0.1</td> 605 <td>2016 1 13 </td> 606 </tr> 607 </table> 608 <h3 id="elevation_of_privilege_in_texas_instruments_haptic_driver"> 609 Texas Instruments </h3> 610 <p>Texas Instruments </p> 611 <table> 612 <tr> 613 <th>CVE</th> 614 <th></th> 615 <th></th> 616 <th></th> 617 <th></th> 618 </tr> 619 <tr> 620 <td>CVE-2016-2409</td> 621 <td>ANDROID-25981545*</td> 622 <td></td> 623 <td>6.06.0.1</td> 624 <td>2015 12 25 </td> 625 </tr> 626 </table> 627 <p>* AOSP Nexus <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a></p> 628 <h3 id="elevation_of_privilege_vulnerability_in_qualcomm_video_kernel_driver"> 629 Qualcomm </h3> 630 <p>Qualcomm </p> 631 <table> 632 <tr> 633 <th>CVE</th> 634 <th></th> 635 <th></th> 636 <th></th> 637 <th></th> 638 </tr> 639 <tr> 640 <td>CVE-2016-2410</td> 641 <td>ANDROID-26291677*</td> 642 <td></td> 643 <td>6.06.0.1</td> 644 <td>2015 12 21 </td> 645 </tr> 646 </table> 647 <p>* AOSP Nexus <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a></p> 648 <h3 id="elevation_of_privilege_vulnerability_in_qualcomm_power_management_component"> 649 Qualcomm </h3> 650 <p>Qualcomm Root </p> 651 <table> 652 <tr> 653 <th>CVE</th> 654 <th></th> 655 <th></th> 656 <th></th> 657 <th></th> 658 </tr> 659 <tr> 660 <td>CVE-2016-2411</td> 661 <td>ANDROID-26866053*</td> 662 <td></td> 663 <td>6.06.0.1</td> 664 <td>2016 1 28 </td> 665 </tr> 666 </table> 667 <p>* AOSP Nexus <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a></p> 668 <h3 id="elevation_of_privilege_vulnerability_in_system_server"> 669 System_server </h3> 670 <p>System_server ( <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> )</p> 671 <table> 672 <tr> 673 <th>CVE</th> 674 <th> ( AOSP )</th> 675 <th></th> 676 <th></th> 677 <th></th> 678 </tr> 679 <tr> 680 <td>CVE-2016-2412</td> 681 <td><a href="https://android.googlesource.com/platform/external/skia/+/b36c23b3e6b0b316075cc43e466d44c62508fcac"> 682 ANDROID-26593930</a></td> 683 <td></td> 684 <td>4.4.45.0.25.1.16.06.0.1</td> 685 <td>2016 1 15 </td> 686 </tr> 687 </table> 688 <h3 id="elevation_of_privilege_vulnerability_in_mediaserver"> 689 </h3> 690 <p> ( <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> )</p> 691 <table> 692 <tr> 693 <th>CVE</th> 694 <th> ( AOSP )</th> 695 <th></th> 696 <th></th> 697 <th></th> 698 </tr> 699 <tr> 700 <td>CVE-2016-2413</td> 701 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/25be9ac20db51044e1b09ca67906355e4f328d48"> 702 ANDROID-26403627</a></td> 703 <td></td> 704 <td>5.0.25.1.16.06.0.1</td> 705 <td>2016 1 5 </td> 706 </tr> 707 </table> 708 <h3 id="denial_of_service_vulnerability_in_minikin">Minikin </h3> 709 <p>Minikin Minikin </p> 710 <table> 711 <tr> 712 <th>CVE</th> 713 <th> ( AOSP )</th> 714 <th></th> 715 <th></th> 716 <th></th> 717 </tr> 718 <tr> 719 <td>CVE-2016-2414</td> 720 <td><a href="https://android.googlesource.com/platform/frameworks/minikin/+/ca8ac8acdad662230ae37998c6c4091bb39402b6"> 721 ANDROID-26413177</a> 722 [<a href="https://android.googlesource.com/platform/frameworks/minikin/+/f4785aa1947b8d22d5b19559ef1ca526d98e0e73">2</a>] 723 </td> 724 <td></td> 725 <td>5.0.25.1.16.06.0.1</td> 726 <td>2015 11 3 </td> 727 </tr> 728 </table> 729 <h3 id="information_disclosure_vulnerability_in_exchange_activesync"> 730 Exchange ActiveSync </h3> 731 <p>Exchange ActiveSync 732 </p> 733 <table> 734 <tr> 735 <th>CVE</th> 736 <th> ( AOSP )</th> 737 <th></th> 738 <th></th> 739 <th></th> 740 </tr> 741 <tr> 742 <td>CVE-2016-2415</td> 743 <td><a href="https://android.googlesource.com/platform/packages/apps/Exchange/+/0d1a38b1755efe7ed4e8d7302a24186616bba9b2"> 744 ANDROID-26488455</a></td> 745 <td></td> 746 <td>5.0.25.1.16.06.0.1</td> 747 <td>2016 1 11 </td> 748 </tr> 749 </table> 750 <h3 id="information_disclosure_vulnerability_in_mediaserver"></h3> 751 <p> ( <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> )</p> 752 <table> 753 <tr> 754 <th>CVE</th> 755 <th> ( AOSP )</th> 756 <th></th> 757 <th></th> 758 <th></th> 759 </tr> 760 <tr> 761 <td>CVE-2016-2416</td> 762 <td><a href="https://android.googlesource.com/platform/frameworks/native/+/85d253fab5e2c01bd90990667c6de25c282fc5cd"> 763 ANDROID-27046057</a> 764 [<a href="https://android.googlesource.com/platform/frameworks/native/+/a40b30f5c43726120bfe69d41ff5aeb31fe1d02a">2</a>] 765 </td> 766 <td></td> 767 <td>4.4.45.0.25.1.16.06.0.1</td> 768 <td>2016 2 5 </td> 769 </tr> 770 <tr> 771 <td>CVE-2016-2417</td> 772 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/1171e7c047bf79e7c93342bb6a812c9edd86aa84"> 773 ANDROID-26914474</a></td> 774 <td></td> 775 <td>4.4.45.0.25.1.16.06.0.1</td> 776 <td>2016 2 1 </td> 777 </tr> 778 <tr> 779 <td>CVE-2016-2418</td> 780 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/8d87321b704cb3f88e8cae668937d001fd63d5e3"> 781 ANDROID-26324358</a></td> 782 <td></td> 783 <td>6.06.0.1</td> 784 <td>2015 12 24 </td> 785 </tr> 786 <tr> 787 <td>CVE-2016-2419</td> 788 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/5a856f2092f7086aa0fea9ae06b9255befcdcd34"> 789 ANDROID-26323455</a></td> 790 <td></td> 791 <td>6.06.0.1</td> 792 <td>2015 12 24 </td> 793 </tr> 794 </table> 795 <h3 id="elevation_of_privilege_vulnerability_in_debuggerd_component"> 796 Debuggerd </h3> 797 <p>Debuggerd (Re-flash) Android 4.4.4 Root Android 5.0 SELinux 798 </p> 799 <table> 800 <tr> 801 <th>CVE</th> 802 <th> ( AOSP )</th> 803 <th></th> 804 <th></th> 805 <th></th> 806 </tr> 807 <tr> 808 <td>CVE-2016-2420</td> 809 <td><a href="https://android.googlesource.com/platform/system/core/+/669ecc2f5e80ff924fa20ce7445354a7c5bcfd98"> 810 ANDROID-26403620</a> 811 [<a href="https://android.googlesource.com/platform/system/core/+/81df1cc77722000f8d0025c1ab00ced123aa573c">2</a>] 812 </td> 813 <td></td> 814 <td>4.4.45.0.25.1.16.06.0.1</td> 815 <td>2016 1 5 </td> 816 </tr> 817 </table> 818 <h3 id="elevation_of_privilege_vulnerability_in_setup_wizard"> 819 </h3> 820 <p></p> 821 <table> 822 <tr> 823 <th>CVE</th> 824 <th></th> 825 <th></th> 826 <th></th> 827 <th></th> 828 </tr> 829 <tr> 830 <td>CVE-2016-2421</td> 831 <td>ANDROID-26154410*</td> 832 <td></td> 833 <td>5.1.16.06.0.1</td> 834 <td>Google </td> 835 </tr> 836 </table> 837 <p>* AOSP Nexus <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a></p> 838 <h3 id="elevation_of_privilege_in_wi-fi">Wi-Fi </h3> 839 <p>Wi-Fi ( <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> )</p> 840 <table> 841 <tr> 842 <th>CVE</th> 843 <th> ( AOSP )</th> 844 <th></th> 845 <th></th> 846 <th></th> 847 </tr> 848 <tr> 849 <td>CVE-2016-2422</td> 850 <td><a href="https://android.googlesource.com/platform/packages/apps/CertInstaller/+/70dde9870e9450e10418a32206ac1bb30f036b2c"> 851 ANDROID-26324357</a></td> 852 <td></td> 853 <td>4.4.45.0.25.1.16.06.0.1</td> 854 <td>2015 12 23 </td> 855 </tr> 856 </table> 857 <h3 id="elevation_of_privilege_in_telephony"></h3> 858 <p></p> 859 <table> 860 <tr> 861 <th>CVE</th> 862 <th> ( AOSP )</th> 863 <th></th> 864 <th></th> 865 <th></th> 866 </tr> 867 <tr> 868 <td>CVE-2016-2423</td> 869 <td><a href="https://android.googlesource.com/platform/packages/services/Telecomm/+/a06c9a4aef69ae27b951523cf72bf72412bf48fa"> 870 ANDROID-26303187</a></td> 871 <td></td> 872 <td>4.4.45.0.25.1.16.06.0.1</td> 873 <td>Google </td> 874 </tr> 875 </table> 876 <h3 id="denial_of_service_in_syncstorageengine">SyncStorageEngine </h3> 877 <p>SyncStorageEngine </p> 878 <table> 879 <tr> 880 <th>CVE</th> 881 <th> ( AOSP )</th> 882 <th></th> 883 <th></th> 884 <th></th> 885 </tr> 886 <tr> 887 <td>CVE-2016-2424</td> 888 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/d3383d5bfab296ba3adbc121ff8a7b542bde4afb"> 889 ANDROID-26513719</a></td> 890 <td></td> 891 <td>4.4.45.0.25.1.16.06.0.1</td> 892 <td>Google </td> 893 </tr> 894 </table> 895 <h3 id="information_disclosure_vulnerability_in_aosp_mail">AOSP Mail </h3> 896 <p>AOSP Mail </p> 897 <table> 898 <tr> 899 <th>CVE</th> 900 <th> ( AOSP )</th> 901 <th></th> 902 <th></th> 903 <th></th> 904 </tr> 905 <tr> 906 <td>CVE-2016-2425</td> 907 <td><a href="https://android.googlesource.com/platform/packages/apps/UnifiedEmail/+/0d9dfd649bae9c181e3afc5d571903f1eb5dc46f"> 908 ANDROID-26989185</a></td> 909 <td></td> 910 <td>4.4.45.1.16.06.0.1</td> 911 <td>2016 1 29 </td> 912 </tr> 913 <tr> 914 <td>CVE-2016-2425</td> 915 <td>ANDROID-7154234*</td> 916 <td></td> 917 <td>5.0.2</td> 918 <td>2016 1 29 </td> 919 </tr> 920 </table> 921 <p>* AOSP Nexus <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a></p> 922 <h3 id="information_disclosure_vulnerability_in_framework"></h3> 923 <p></p> 924 <table> 925 <tr> 926 <th>CVE</th> 927 <th> ( AOSP )</th> 928 <th></th> 929 <th></th> 930 <th></th> 931 </tr> 932 <tr> 933 <td>CVE-2016-2426</td> 934 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/63363af721650e426db5b0bdfb8b2d4fe36abdb0"> 935 ANDROID-26094635</a></td> 936 <td></td> 937 <td>4.4.45.0.25.1.16.06.0.1</td> 938 <td>2015 12 8 </td> 939 </tr> 940 </table> 941 <h3 id="information_disclosure_vulnerability_in_bouncycastle">BouncyCastle </h3> 942 <p>BouncyCastle </p> 943 <table> 944 <tr> 945 <th>CVE</th> 946 <th> ( AOSP )</th> 947 <th></th> 948 <th></th> 949 <th></th> 950 </tr> 951 <tr> 952 <td>CVE-2016-2427</td> 953 <td><a href="https://android.googlesource.com/platform/libcore/+/efd369d996fd38c50a50ea0de8f20507253cb6de"> 954 ANDROID-26234568</a> 955 [<a href="https://android.googlesource.com/platform/external/bouncycastle/+/b3bddea0f33c0459293c6419569ad151b4a7b44b">2</a>] 956 </td> 957 <td></td> 958 <td>5.0.25.1.16.06.0.1</td> 959 <td>Google </td> 960 </tr> 961 </table> 962 <h2 id="common_questions_and_answers"></h2> 963 <p> 964 </p> 965 <p><strong>1. </strong></p> 966 <p>2016 4 2 ( <a href="https://support.google.com/nexus/answer/4457705">Nexus </a>) 967 [ro.build.version.security_patch]:[2016-04-02]</p> 968 <p><strong>2. 2016 4 2 </strong></p> 969 <p> 1 2016 4 1 970 ( <a href="/security/advisory/2016-03-18.html">Android 2016-03-18</a> ) CVE-2015-1805 2016 4 2 971 ( <a href="/security/advisory/2016-03-18.html">Android 2016-03-18</a> ) CVE-2015-1805</p> 972 <h2 id="revisions"></h2> 973 <ul> 974 <li>2016 4 4 975 </li><li>2016 4 6 AOSP 976 </li></ul> 977 978 </body> 979 </html> 980
