1 <html devsite> 2 <head> 3 <title>Android 2016 5 </title> 4 <meta name="project_path" value="/_project.yaml" /> 5 <meta name="book_path" value="/_book.yaml" /> 6 </head> 7 <body> 8 <!-- 9 Copyright 2017 The Android Open Source Project 10 11 Licensed under the Apache License, Version 2.0 (the "License"); 12 you may not use this file except in compliance with the License. 13 You may obtain a copy of the License at 14 15 http://www.apache.org/licenses/LICENSE-2.0 16 17 Unless required by applicable law or agreed to in writing, software 18 distributed under the License is distributed on an "AS IS" BASIS, 19 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 20 See the License for the specific language governing permissions and 21 limitations under the License. 22 --> 23 24 25 26 <p><em>2016 5 2 | 2016 5 4 </em></p> 27 28 <p>Android Android Google OTA Nexus Nexus <a href="https://developers.google.com/android/nexus/images">Google Developers </a> 29 2016 5 1 ( <a href="https://support.google.com/nexus/answer/4457705">Nexus </a>)</p> 30 31 <p> 2016 4 4 () Android (AOSP) </p> 32 33 <p></p> 34 35 <p> <a href="/security/enhancements/index.html">Android </a> ( SafetyNet) Android <a href="#mitigations">Android Google </a></p> 36 37 <p></p> 38 39 <h2 id="announcements"></h2> 40 41 42 <ul> 43 <li>Google () Android Android ( Nexus )</li> 44 <li> Android <a href="/security/overview/updates-resources.html#severity"></a></li> 45 </ul> 46 47 <h2 id="security_vulnerability_summary"></h2> 48 49 50 <p> (CVE) Nexus 51 <a href="/security/overview/updates-resources.html#severity"></a></p> 52 <table> 53 <col width="55%"> 54 <col width="20%"> 55 <col width="13%"> 56 <col width="12%"> 57 <tr> 58 <th></th> 59 <th>CVE</th> 60 <th></th> 61 <th> Nexus </th> 62 </tr> 63 <tr> 64 <td></td> 65 <td>CVE-2016-2428<br> 66 CVE-2016-2429</td> 67 <td></td> 68 <td></td> 69 </tr> 70 <tr> 71 <td>Debuggerd </td> 72 <td>CVE-2016-2430</td> 73 <td></td> 74 <td></td> 75 </tr> 76 <tr> 77 <td>Qualcomm TrustZone </td> 78 <td>CVE-2016-2431<br> 79 CVE-2016-2432</td> 80 <td></td> 81 <td></td> 82 </tr> 83 <tr> 84 <td>Qualcomm Wi-Fi </td> 85 <td>CVE-2015-0569<br> 86 CVE-2015-0570</td> 87 <td></td> 88 <td></td> 89 </tr> 90 <tr> 91 <td>NVIDIA </td> 92 <td>CVE-2016-2434<br> 93 CVE-2016-2435<br> 94 CVE-2016-2436<br> 95 CVE-2016-2437</td> 96 <td></td> 97 <td></td> 98 </tr> 99 <tr> 100 <td></td> 101 <td>CVE-2015-1805</td> 102 <td></td> 103 <td></td> 104 </tr> 105 <tr> 106 <td></td> 107 <td>CVE-2016-2438</td> 108 <td></td> 109 <td></td> 110 </tr> 111 <tr> 112 <td>Qualcomm </td> 113 <td>CVE-2016-2060</td> 114 <td></td> 115 <td></td> 116 </tr> 117 <tr> 118 <td></td> 119 <td>CVE-2016-2439</td> 120 <td></td> 121 <td></td> 122 </tr> 123 <tr> 124 <td></td> 125 <td>CVE-2016-2440</td> 126 <td></td> 127 <td></td> 128 </tr> 129 <tr> 130 <td>Qualcomm Buspm </td> 131 <td>CVE-2016-2441<br> 132 CVE-2016-2442</td> 133 <td></td> 134 <td></td> 135 </tr> 136 <tr> 137 <td>Qualcomm MDP </td> 138 <td>CVE-2016-2443</td> 139 <td></td> 140 <td></td> 141 </tr> 142 <tr> 143 <td>Qualcomm Wi-Fi </td> 144 <td>CVE-2015-0571</td> 145 <td></td> 146 <td></td> 147 </tr> 148 <tr> 149 <td>NVIDIA </td> 150 <td>CVE-2016-2444<br> 151 CVE-2016-2445<br> 152 CVE-2016-2446</td> 153 <td></td> 154 <td></td> 155 </tr> 156 <tr> 157 <td>Wi-Fi </td> 158 <td>CVE-2016-4477</td> 159 <td></td> 160 <td></td> 161 </tr> 162 <tr> 163 <td></td> 164 <td>CVE-2016-2448<br> 165 CVE-2016-2449<br> 166 CVE-2016-2450<br> 167 CVE-2016-2451<br> 168 CVE-2016-2452</td> 169 <td></td> 170 <td></td> 171 </tr> 172 <tr> 173 <td>MediaTek Wi-Fi </td> 174 <td>CVE-2016-2453</td> 175 <td></td> 176 <td></td> 177 </tr> 178 <tr> 179 <td>Qualcomm </td> 180 <td>CVE-2016-2454</td> 181 <td></td> 182 <td></td> 183 </tr> 184 <tr> 185 <td>Conscrypt </td> 186 <td>CVE-2016-2461<br> 187 CVE-2016-2462</td> 188 <td></td> 189 <td></td> 190 </tr> 191 <tr> 192 <td>OpenSSL BoringSSL </td> 193 <td>CVE-2016-0705</td> 194 <td></td> 195 <td></td> 196 </tr> 197 <tr> 198 <td>MediaTek Wi-Fi </td> 199 <td>CVE-2016-2456</td> 200 <td></td> 201 <td></td> 202 </tr> 203 <tr> 204 <td>Wi-Fi </td> 205 <td>CVE-2016-2457</td> 206 <td></td> 207 <td></td> 208 </tr> 209 <tr> 210 <td>AOSP Mail </td> 211 <td>CVE-2016-2458</td> 212 <td></td> 213 <td></td> 214 </tr> 215 <tr> 216 <td></td> 217 <td>CVE-2016-2459<br> 218 CVE-2016-2460</td> 219 <td></td> 220 <td></td> 221 </tr> 222 <tr> 223 <td></td> 224 <td>CVE-2016-0774</td> 225 <td></td> 226 <td></td> 227 </tr> 228 </table> 229 230 231 <h2 id="android_and_google_service_mitigations">Android Google </h2> 232 233 234 <p> <a href="/security/enhancements/index.html">Android </a> SafetyNet Android </p> 235 236 <ul> 237 <li>Android Android Android</li> 238 <li>Android <a href="/security/reports/Google_Android_Security_2015_Report_Final.pdf"> SafetyNet</a> <a href="/security/reports/Google_Android_Security_PHA_classifications.pdf"></a> <a href="http://www.android.com/gms">Google </a> Google Play Google Play Root Root () </li> 239 <li>Google Hangouts Messenger </li> 240 </ul> 241 242 <h2 id="acknowledgements"></h2> 243 244 245 <p></p> 246 247 <ul> 248 <li>Google Chrome Abhishek AryaOliver Chang Martin BarbellaCVE-2016-2454 249 <li><a href="https://www.e2e-assure.com">e2e-assure</a> Andy Tyler (<a href="https://twitter.com/ticarpi">@ticarpi</a>)CVE-2016-2457 250 <li><a href="http://c0reteam.org">C0RE </a> Chiachih Wu (<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>) Xuxian JiangCVE-2016-2441CVE-2016-2442 251 <li>Dzmitry Lukyanenka (<a href="http://www.linkedin.com/in/dzima">www.linkedin.com/in/dzima</a>)CVE-2016-2458 252 <li>Gal BeniaminiCVE-2016-2431 253 <li> 360 Vulpecker Hao ChenCVE-2016-2456 254 <li>Mandiant ( FireEye) Jake VallettaCVE-2016-2060 255 <li> 360 IceSword Jianqiang Zhao (<a href="https://twitter.com/jianqiangzhao ">@jianqiangzhao</a>) pjf (<a href="http://weibo.com/jfpan ">weibo.com/jfpan</a>)CVE-2016-2434CVE-2016-2435CVE-2016-2436CVE-2016-2441CVE-2016-2442CVE-2016-2444CVE-2016-2445CVE-2016-2446 256 <li><a href="http://www.search-lab.hu">Search-Lab Ltd.</a> Imre RadCVE-2016-4477 257 <li>Google Jeremy C. JoslinCVE-2016-2461 258 <li>Google Kenny RootCVE-2016-2462 259 <li> KeenLab (<a href="https://twitter.com/keen_lab">@keen_lab</a>) Marco Grassi (<a href="https://twitter.com/marcograss">@marcograss</a>)CVE-2016-2443 260 <li>Micha Bednarski (<a href="https://github.com/michalbednarski">https://github.com/michalbednarski</a>)CVE-2016-2440 261 <li><a href="http://c0reteam.org">C0RE </a> Mingjian Zhou (<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>)Chiachih Wu (<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>) Xuxian JiangCVE-2016-2450CVE-2016-2448CVE-2016-2449CVE-2016-2451CVE-2016-2452 262 <li> Peter Pi (<a href="https://twitter.com/heisecode">@heisecode</a>)CVE-2016-2459CVE-2016-2460 263 <li> Weichao Sun (<a href="https://twitter.com/sunblate">@sunblate</a>)CVE-2016-2428CVE-2016-2429 264 <li> <a href="http://c0reteam.org">C0RE </a> <a href="mailto:computernik (a] gmail.com">Yuan-Tsung Lo</a><a href="mailto:zlbzlb815 (a] 163.com">Lubo Zhang</a>Chiachih Wu (<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>) Xuxian JiangCVE-2016-2437 265 <li> X- Yulong Zhang Tao (Lenx) WeiCVE-2016-2439 266 <li>Android Zach Riggle (<a href="https://twitter.com/ebeip90">@ebeip90</a>)CVE-2016-0821 267 </li></li></li></li></li></li></li></li></li></li></li></li></li></li></li></li></li></li></li></ul> 268 269 <h2 id="security_vulnerability_details"></h2> 270 271 272 <p><a href="#security_vulnerability_summary"></a> CVE Nexus AOSP () 273 AOSP AOSP </p> 274 275 <h3 id="remote_code_execution_vulnerability_in_mediaserver"> 276 </h3> 277 278 279 <p></p> 280 281 <p></p> 282 283 <p></p> 284 <table> 285 <col width="19%"> 286 <col width="16%"> 287 <col width="10%"> 288 <col width="19%"> 289 <col width="18%"> 290 <col width="16%"> 291 <tr> 292 <th>CVE</th> 293 <th>Android </th> 294 <th></th> 295 <th> Nexus </th> 296 <th> AOSP </th> 297 <th></th> 298 </tr> 299 <tr> 300 <td>CVE-2016-2428</td> 301 <td><a href="https://android.googlesource.com/platform/external/aac/+/5d4405f601fa11a8955fd7611532c982420e4206"> 302 26751339</a></td> 303 <td></td> 304 <td><a href="#nexus_devices"> Nexus </a></td> 305 <td>4.4.45.0.25.1.16.06.0.1</td> 306 <td>2016 1 22 </td> 307 </tr> 308 <tr> 309 <td>CVE-2016-2429</td> 310 <td><a href="https://android.googlesource.com/platform/external/flac/+/b499389da21d89d32deff500376c5ee4f8f0b04c"> 311 27211885</a></td> 312 <td></td> 313 <td><a href="#nexus_devices"> Nexus </a></td> 314 <td>4.4.45.0.25.1.16.06.0.1</td> 315 <td>2016 2 16 </td> 316 </tr> 317 </table> 318 319 320 <h3 id="elevation_of_privilege_vulnerability_in_debuggerd"> 321 Debuggerd </h3> 322 323 324 <p> Android Android (Re-flash) </p> 325 <table> 326 <col width="19%"> 327 <col width="16%"> 328 <col width="10%"> 329 <col width="19%"> 330 <col width="18%"> 331 <col width="16%"> 332 <tr> 333 <th>CVE</th> 334 <th>Android </th> 335 <th></th> 336 <th> Nexus </th> 337 <th> AOSP </th> 338 <th></th> 339 </tr> 340 <tr> 341 <td>CVE-2016-2430</td> 342 <td><a href="https://android.googlesource.com/platform/system/core/+/ad54cfed4516292654c997910839153264ae00a0"> 343 27299236</a></td> 344 <td></td> 345 <td><a href="#nexus_devices"> Nexus </a></td> 346 <td>4.4.45.0.25.1.16.06.0.1</td> 347 <td>2016 2 22 </td> 348 </tr> 349 </table> 350 351 352 <h3 id="elevation_of_privilege_vulnerability_in_qualcomm_trustzone"> 353 Qualcomm TrustZone </h3> 354 355 356 <p>Qualcomm TrustZone TrustZone (Re-flash) </p> 357 <table> 358 <col width="19%"> 359 <col width="16%"> 360 <col width="10%"> 361 <col width="27%"> 362 <col width="16%"> 363 <tr> 364 <th>CVE</th> 365 <th>Android </th> 366 <th></th> 367 <th> Nexus </th> 368 <th></th> 369 </tr> 370 <tr> 371 <td>CVE-2016-2431</td> 372 <td>24968809*</td> 373 <td></td> 374 <td>Nexus 5Nexus 6Nexus 7 (2013)Android One</td> 375 <td>2015 10 15 </td> 376 </tr> 377 <tr> 378 <td>CVE-2016-2432</td> 379 <td>25913059*</td> 380 <td></td> 381 <td>Nexus 6Android One</td> 382 <td>2015 11 28 </td> 383 </tr> 384 </table> 385 <p>* AOSP Nexus <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a></p> 386 387 <h3 id="elevation_of_privilege_vulnerability_in_qualcomm_wi-fi_driver"> 388 Qualcomm Wi-Fi </h3> 389 390 391 <p>Qualcomm Wi-Fi </p> 392 <table> 393 <col width="19%"> 394 <col width="16%"> 395 <col width="10%"> 396 <col width="27%"> 397 <col width="16%"> 398 <tr> 399 <th>CVE</th> 400 <th>Android </th> 401 <th></th> 402 <th> Nexus </th> 403 <th></th> 404 </tr> 405 <tr> 406 <td>CVE-2015-0569</td> 407 <td>26754117*</td> 408 <td></td> 409 <td>Nexus 5XNexus 7 (2013)</td> 410 <td>2016 1 23 </td> 411 </tr> 412 <tr> 413 <td>CVE-2015-0570</td> 414 <td>26764809*</td> 415 <td></td> 416 <td>Nexus 5XNexus 7 (2013)</td> 417 <td>2016 1 25 </td> 418 </tr> 419 </table> 420 <p>* AOSP Nexus <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a></p> 421 422 <h3 id="elevation_of_privilege_vulnerability_in_nvidia_video_driver"> 423 NVIDIA </h3> 424 425 426 <p>NVIDIA (Re-flash) </p> 427 <table> 428 <col width="19%"> 429 <col width="16%"> 430 <col width="10%"> 431 <col width="27%"> 432 <col width="16%"> 433 <tr> 434 <th>CVE</th> 435 <th>Android </th> 436 <th></th> 437 <th> Nexus </th> 438 <th></th> 439 </tr> 440 <tr> 441 <td>CVE-2016-2434</td> 442 <td>27251090*</td> 443 <td></td> 444 <td>Nexus 9</td> 445 <td>2016 2 17 </td> 446 </tr> 447 <tr> 448 <td>CVE-2016-2435</td> 449 <td>27297988*</td> 450 <td></td> 451 <td>Nexus 9</td> 452 <td>2016 2 20 </td> 453 </tr> 454 <tr> 455 <td>CVE-2016-2436</td> 456 <td>27299111*</td> 457 <td></td> 458 <td>Nexus 9</td> 459 <td>2016 2 22 </td> 460 </tr> 461 <tr> 462 <td>CVE-2016-2437</td> 463 <td>27436822*</td> 464 <td></td> 465 <td>Nexus 9</td> 466 <td>2016 3 1 </td> 467 </tr> 468 </table> 469 <p>* AOSP Nexus <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a></p> 470 471 <h3 id="elevation_of_privilege_vulnerability_in_kernel"> 472 </h3> 473 474 475 <p> (Re-flash) <a href="/security/advisory/2016-03-18.html">Android 2016-03-18</a></p> 476 <table> 477 <col width="19%"> 478 <col width="16%"> 479 <col width="10%"> 480 <col width="27%"> 481 <col width="16%"> 482 <tr> 483 <th>CVE</th> 484 <th>Android </th> 485 <th></th> 486 <th> Nexus </th> 487 <th></th> 488 </tr> 489 <tr> 490 <td>CVE-2015-1805</td> 491 <td>27275324*</td> 492 <td></td> 493 <td>Nexus 5Nexus 5XNexus 6Nexus 6PNexus 7 (2013)Nexus 9</td> 494 <td>2016 2 19 </td> 495 </tr> 496 </table> 497 <p>* AOSP <a href="https://android.googlesource.com/kernel/common/+/bf010e99c9bc48002f6bfa1ad801a59bf996270f">3.14</a><a href="https://android.googlesource.com/kernel/common/+/4a5a45669796c5b4617109182e25b321f9f00beb">3.10</a> <a href="https://android.googlesource.com/kernel/common/+/f7ebfe91b806501808413c8473a300dff58ddbb5">3.4</a></p> 498 499 <h3 id="remote_code_execution_vulnerability_in_kernel"> 500 </h3> 501 502 503 <p></p> 504 <table> 505 <col width="19%"> 506 <col width="16%"> 507 <col width="10%"> 508 <col width="27%"> 509 <col width="16%"> 510 <tr> 511 <th>CVE</th> 512 <th>Android </th> 513 <th></th> 514 <th> Nexus </th> 515 <th></th> 516 </tr> 517 <tr> 518 <td>CVE-2016-2438</td> 519 <td>26636060*</td> 520 <td></td> 521 <td>Nexus 9 </td> 522 <td>Google </td> 523 </tr> 524 </table> 525 <p>* <a href="https://github.com/torvalds/linux/commit/b5a663aa426f4884c71cd8580adae73f33570f0d">Linux </a></p> 526 527 <h3 id="information_disclosure_vulnerability_in_qualcomm_tethering_controller"> 528 Qualcomm </h3> 529 530 531 <p>Qualcomm ( <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> )</p> 532 <table> 533 <col width="19%"> 534 <col width="16%"> 535 <col width="10%"> 536 <col width="27%"> 537 <col width="16%"> 538 <tr> 539 <th>CVE</th> 540 <th>Android </th> 541 <th></th> 542 <th> Nexus </th> 543 <th></th> 544 </tr> 545 <tr> 546 <td>CVE-2016-2060</td> 547 <td>27942588*</td> 548 <td></td> 549 <td></td> 550 <td>2016 3 23 </td> 551 </tr> 552 </table> 553 <p>* AOSP </p> 554 555 <h3 id="remote_code_execution_vulnerability_in_bluetooth"> 556 </h3> 557 558 559 <p></p> 560 <table> 561 <col width="19%"> 562 <col width="16%"> 563 <col width="10%"> 564 <col width="19%"> 565 <col width="18%"> 566 <col width="16%"> 567 <tr> 568 <th>CVE</th> 569 <th>Android </th> 570 <th></th> 571 <th> Nexus </th> 572 <th> AOSP </th> 573 <th></th> 574 </tr> 575 <tr> 576 <td>CVE-2016-2439</td> 577 <td><a href="https://android.googlesource.com/platform/system/bt/+/9b534de2aca5d790c2a1c4d76b545f16137d95dd"> 578 27411268</a></td> 579 <td></td> 580 <td><a href="#nexus_devices"> Nexus </a></td> 581 <td>4.4.45.0.25.1.16.06.0.1</td> 582 <td>2016 2 28 </td> 583 </tr> 584 </table> 585 586 587 <h3 id="elevation_of_privilege_vulnerability_in_binder"> 588 </h3> 589 590 591 <p> (Binder) </p> 592 <table> 593 <col width="19%"> 594 <col width="16%"> 595 <col width="10%"> 596 <col width="19%"> 597 <col width="18%"> 598 <col width="16%"> 599 <tr> 600 <th>CVE</th> 601 <th>Android </th> 602 <th></th> 603 <th> Nexus </th> 604 <th> AOSP </th> 605 <th></th> 606 </tr> 607 <tr> 608 <td>CVE-2016-2440</td> 609 <td><a href="https://android.googlesource.com/platform/frameworks/native/+/a59b827869a2ea04022dd225007f29af8d61837a"> 610 27252896</a></td> 611 <td></td> 612 <td><a href="#nexus_devices"> Nexus </a></td> 613 <td>4.4.45.0.25.1.16.06.0.1</td> 614 <td>2016 2 18 </td> 615 </tr> 616 </table> 617 618 619 <h3 id="elevation_of_privilege_vulnerability_in_qualcomm_buspm_driver"> 620 Qualcomm Buspm </h3> 621 622 623 <p>Qualcomm Buspm </p> 624 <table> 625 <col width="19%"> 626 <col width="16%"> 627 <col width="10%"> 628 <col width="27%"> 629 <col width="16%"> 630 <tr> 631 <th>CVE</th> 632 <th>Android </th> 633 <th></th> 634 <th> Nexus </th> 635 <th></th> 636 </tr> 637 <tr> 638 <td>CVE-2016-2441</td> 639 <td>26354602*</td> 640 <td></td> 641 <td>Nexus 5XNexus 6Nexus 6P</td> 642 <td>2015 12 30 </td> 643 </tr> 644 <tr> 645 <td>CVE-2016-2442</td> 646 <td>26494907*</td> 647 <td></td> 648 <td>Nexus 5XNexus 6Nexus 6P</td> 649 <td>2015 12 30 </td> 650 </tr> 651 </table> 652 <p>* AOSP Nexus <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a></p> 653 654 <h3 id="elevation_of_privilege_vulnerability_in_qualcomm_mdp_driver"> 655 Qualcomm MDP </h3> 656 657 658 <p>Qualcomm MDP </p> 659 <table> 660 <col width="19%"> 661 <col width="16%"> 662 <col width="10%"> 663 <col width="27%"> 664 <col width="16%"> 665 <tr> 666 <th>CVE</th> 667 <th>Android </th> 668 <th></th> 669 <th> Nexus </th> 670 <th></th> 671 </tr> 672 <tr> 673 <td>CVE-2016-2443</td> 674 <td>26404525*</td> 675 <td></td> 676 <td>Nexus 5Nexus 7 (2013)</td> 677 <td>2016 1 5 </td> 678 </tr> 679 </table> 680 <p>* AOSP Nexus <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a></p> 681 682 <h3 id="elevation_of_privilege_vulnerability_in_qualcomm_wi-fi_driver"> 683 Qualcomm Wi-Fi </h3> 684 685 686 <p>Qualcomm Wi-Fi ( <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> ) </p> 687 <table> 688 <col width="19%"> 689 <col width="16%"> 690 <col width="10%"> 691 <col width="27%"> 692 <col width="16%"> 693 <tr> 694 <th>CVE</th> 695 <th>Android </th> 696 <th></th> 697 <th> Nexus </th> 698 <th></th> 699 </tr> 700 <tr> 701 <td>CVE-2015-0571</td> 702 <td>26763920*</td> 703 <td></td> 704 <td>Nexus 5XNexus 7 (2013)</td> 705 <td>2016 1 25 </td> 706 </tr> 707 </table> 708 <p>* AOSP Nexus <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a></p> 709 710 <h3 id="elevation_of_privilege_vulnerability_in_nvidia_video_driver"> 711 NVIDIA </h3> 712 713 714 <p>NVIDIA </p> 715 <table> 716 <col width="19%"> 717 <col width="16%"> 718 <col width="10%"> 719 <col width="27%"> 720 <col width="16%"> 721 <tr> 722 <th>CVE</th> 723 <th>Android </th> 724 <th></th> 725 <th> Nexus </th> 726 <th></th> 727 </tr> 728 <tr> 729 <td>CVE-2016-2444</td> 730 <td>27208332*</td> 731 <td></td> 732 <td>Nexus 9</td> 733 <td>2016 2 16 </td> 734 </tr> 735 <tr> 736 <td>CVE-2016-2445</td> 737 <td>27253079*</td> 738 <td></td> 739 <td>Nexus 9</td> 740 <td>2016 2 17 </td> 741 </tr> 742 <tr> 743 <td>CVE-2016-2446</td> 744 <td>27441354*</td> 745 <td></td> 746 <td>Nexus 9</td> 747 <td>2016 3 1 </td> 748 </tr> 749 </table> 750 <p>* AOSP Nexus <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a></p> 751 752 <h3 id="elevation_of_privilege_vulnerability_in_wi-fi"> 753 Wi-Fi </h3> 754 755 756 <p>Wi-Fi ( <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> )</p> 757 758 <p><strong></strong> MITRE CVE CVE-2016-2447 CVE-2016-4477</p> 759 760 <table> 761 <col width="19%"> 762 <col width="16%"> 763 <col width="10%"> 764 <col width="19%"> 765 <col width="18%"> 766 <col width="16%"> 767 <tr> 768 <th>CVE</th> 769 <th>Android </th> 770 <th></th> 771 <th> Nexus </th> 772 <th> AOSP </th> 773 <th></th> 774 </tr> 775 <tr> 776 <td>CVE-2016-4477</td> 777 <td><a href="https://android.googlesource.com/platform/external/wpa_supplicant_8/+/b79e09574e50e168dd5f19d540ae0b9a05bd1535"> 778 27371366</a> 779 [<a href="https://android.googlesource.com/platform/external/wpa_supplicant_8/+/b845b81ec6d724bd359cdb77f515722dd4066cf8">2</a>] 780 </td> 781 <td></td> 782 <td><a href="#nexus_devices"> Nexus </a></td> 783 <td>4.4.45.0.25.1.16.06.0.1</td> 784 <td>2016 2 24 </td> 785 </tr> 786 </table> 787 788 789 <h3 id="elevation_of_privilege_vulnerability_in_mediaserver"> 790 </h3> 791 792 793 <p> ( <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> )</p> 794 <table> 795 <col width="19%"> 796 <col width="16%"> 797 <col width="10%"> 798 <col width="19%"> 799 <col width="18%"> 800 <col width="16%"> 801 <tr> 802 <th>CVE</th> 803 <th>Android </th> 804 <th></th> 805 <th> Nexus </th> 806 <th> AOSP </th> 807 <th></th> 808 </tr> 809 <tr> 810 <td>CVE-2016-2448</td> 811 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/a2d1d85726aa2a3126e9c331a8e00a8c319c9e2b"> 812 27533704</a></td> 813 <td></td> 814 <td><a href="#nexus_devices"> Nexus </a></td> 815 <td>4.4.45.0.25.1.16.06.0.1</td> 816 <td>2016 3 7 </td> 817 </tr> 818 <tr> 819 <td>CVE-2016-2449</td> 820 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/b04aee833c5cfb6b31b8558350feb14bb1a0f353"> 821 27568958</a></td> 822 <td></td> 823 <td><a href="#nexus_devices"> Nexus </a></td> 824 <td>4.4.45.0.25.1.16.06.0.1</td> 825 <td>2016 3 9 </td> 826 </tr> 827 <tr> 828 <td>CVE-2016-2450</td> 829 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/7fd96ebfc4c9da496c59d7c45e1f62be178e626d"> 830 27569635</a></td> 831 <td></td> 832 <td><a href="#nexus_devices"> Nexus </a></td> 833 <td>4.4.45.0.25.1.16.06.0.1</td> 834 <td>2016 3 9 </td> 835 </tr> 836 <tr> 837 <td>CVE-2016-2451</td> 838 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/f9ed2fe6d61259e779a37d4c2d7edb33a1c1f8ba"> 839 27597103</a></td> 840 <td></td> 841 <td><a href="#nexus_devices"> Nexus </a></td> 842 <td>4.4.45.0.25.1.16.06.0.1</td> 843 <td>2016 3 10 </td> 844 </tr> 845 <tr> 846 <td>CVE-2016-2452</td> 847 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/44749eb4f273f0eb681d0fa013e3beef754fa687"> 848 27662364</a> 849 [<a href="https://android.googlesource.com/platform/frameworks/av/+/65756b4082cd79a2d99b2ccb5b392291fd53703f">2</a>] 850 [<a href="https://android.googlesource.com/platform/frameworks/av/+/daa85dac2055b22dabbb3b4e537597e6ab73a866">3</a>] 851 </td> 852 <td></td> 853 <td><a href="#nexus_devices"> Nexus </a></td> 854 <td>4.4.45.0.25.1.16.06.0.1</td> 855 <td>2016 3 14 </td> 856 </tr> 857 </table> 858 859 860 <h3 id="elevation_of_privilege_vulnerability_in_mediatek_wi-fi_driver"> 861 MediaTek Wi-Fi </h3> 862 863 864 <p>MediaTek Wi-Fi </p> 865 <table> 866 <col width="19%"> 867 <col width="16%"> 868 <col width="10%"> 869 <col width="27%"> 870 <col width="16%"> 871 <tr> 872 <th>CVE</th> 873 <th>Android </th> 874 <th></th> 875 <th> Nexus </th> 876 <th></th> 877 </tr> 878 <tr> 879 <td>CVE-2016-2453</td> 880 <td>27549705*</td> 881 <td></td> 882 <td>Android One</td> 883 <td>2016 3 8 </td> 884 </tr> 885 </table> 886 <p>* AOSP Nexus <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a></p> 887 888 <h3 id="remote_denial_of_service_vulnerability_in_qualcomm_hardware_codec"> 889 Qualcomm </h3> 890 891 892 <p> Qualcomm </p> 893 <table> 894 <col width="19%"> 895 <col width="16%"> 896 <col width="10%"> 897 <col width="27%"> 898 <col width="16%"> 899 <tr> 900 <th>CVE</th> 901 <th>Android </th> 902 <th></th> 903 <th> Nexus </th> 904 <th></th> 905 </tr> 906 <tr> 907 <td>CVE-2016-2454</td> 908 <td>26221024*</td> 909 <td></td> 910 <td>Nexus 5</td> 911 <td>2015 12 16 </td> 912 </tr> 913 </table> 914 <p>* AOSP Nexus <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a></p> 915 916 <h3 id="elevation_of_privilege_vulnerability_in_conscrypt"> 917 Conscrypt </h3> 918 919 920 <p>Conscrypt </p> 921 <table> 922 <col width="19%"> 923 <col width="16%"> 924 <col width="10%"> 925 <col width="19%"> 926 <col width="18%"> 927 <col width="16%"> 928 <tr> 929 <th>CVE</th> 930 <th>Android </th> 931 <th></th> 932 <th> Nexus </th> 933 <th> AOSP </th> 934 <th></th> 935 </tr> 936 <tr> 937 <td>CVE-2016-2461</td> 938 <td><a href="https://android.googlesource.com/platform/external/conscrypt/+/50d0447566db4a77d78d592f1c1b5d31096fac8f"> 939 27324690</a> 940 [<a href="https://android.googlesource.com/platform/external/conscrypt/+/1638945d4ed9403790962ec7abed1b7a232a9ff8">2</a>] 941 </td> 942 <td></td> 943 <td><a href="#nexus_devices"> Nexus </a></td> 944 <td>6.06.0.1</td> 945 <td>Google </td> 946 </tr> 947 <tr> 948 <td>CVE-2016-2462</td> 949 <td><a href="https://android.googlesource.com/platform/external/conscrypt/+/8bec47d2184fca7e8b7337d2a65b2b75a9bc8f54"> 950 27371173</a></td> 951 <td></td> 952 <td><a href="#nexus_devices"> Nexus </a></td> 953 <td>6.06.0.1</td> 954 <td>Google </td> 955 </tr> 956 </table> 957 958 959 <h3 id="elevation_of_privilege_vulnerability_in_openssl_&_boringssl"> 960 OpenSSL BoringSSL </h3> 961 962 963 <p>OpenSSL BoringSSL </p> 964 <table> 965 <col width="19%"> 966 <col width="16%"> 967 <col width="10%"> 968 <col width="19%"> 969 <col width="18%"> 970 <col width="16%"> 971 <tr> 972 <th>CVE</th> 973 <th>Android </th> 974 <th></th> 975 <th> Nexus </th> 976 <th> AOSP </th> 977 <th></th> 978 </tr> 979 <tr> 980 <td>CVE-2016-0705</td> 981 <td><a href="https://android.googlesource.com/platform/external/boringssl/+/591be84e89682622957c8f103ca4be3a5ed0f800"> 982 27449871</a></td> 983 <td></td> 984 <td><a href="#nexus_devices"> Nexus </a></td> 985 <td>4.4.45.0.25.1.16.06.0.1</td> 986 <td>2016 2 7 </td> 987 </tr> 988 </table> 989 990 991 <h3 id="elevation_of_privilege_vulnerability_in_mediatek_wi-fi_driver"> 992 MediaTek Wi-Fi </h3> 993 994 995 <p>MediaTek Wi-Fi </p> 996 <table> 997 <col width="19%"> 998 <col width="16%"> 999 <col width="10%"> 1000 <col width="27%"> 1001 <col width="16%"> 1002 <tr> 1003 <th>CVE</th> 1004 <th>Android </th> 1005 <th></th> 1006 <th> Nexus </th> 1007 <th></th> 1008 </tr> 1009 <tr> 1010 <td>CVE-2016-2456</td> 1011 <td>27275187*</td> 1012 <td></td> 1013 <td>Android One</td> 1014 <td>2016 2 19 </td> 1015 </tr> 1016 </table> 1017 <p>* AOSP Nexus <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a></p> 1018 1019 <h3 id="elevation_of_privilege_vulnerability_in_wi-fi"> 1020 Wi-Fi </h3> 1021 1022 1023 <p>Wi-Fi Wi-Fi <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel"></a></p> 1024 <table> 1025 <col width="19%"> 1026 <col width="16%"> 1027 <col width="10%"> 1028 <col width="19%"> 1029 <col width="18%"> 1030 <col width="16%"> 1031 <tr> 1032 <th>CVE</th> 1033 <th>Android </th> 1034 <th></th> 1035 <th> Nexus </th> 1036 <th> AOSP </th> 1037 <th></th> 1038 </tr> 1039 <tr> 1040 <td>CVE-2016-2457</td> 1041 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/12332e05f632794e18ea8c4ac52c98e82532e5db"> 1042 27411179</a></td> 1043 <td></td> 1044 <td><a href="#nexus_devices"> Nexus </a></td> 1045 <td>5.0.25.1.16.06.0.1</td> 1046 <td>2016 2 29 </td> 1047 </tr> 1048 </table> 1049 1050 1051 <h3 id="information_disclosure_vulnerability_in_aosp_mail"> 1052 AOSP Mail </h3> 1053 1054 1055 <p>AOSP Mail </p> 1056 <table> 1057 <col width="19%"> 1058 <col width="16%"> 1059 <col width="10%"> 1060 <col width="19%"> 1061 <col width="18%"> 1062 <col width="16%"> 1063 <tr> 1064 <th>CVE</th> 1065 <th>Android </th> 1066 <th></th> 1067 <th> Nexus </th> 1068 <th> AOSP </th> 1069 <th></th> 1070 </tr> 1071 <tr> 1072 <td>CVE-2016-2458</td> 1073 <td><a href="https://android.googlesource.com/platform/packages/apps/UnifiedEmail/+/a55168330d9326ff2120285763c818733590266a"> 1074 27335139</a> 1075 [<a href="https://android.googlesource.com/platform/packages/apps/Email/+/2791f0b33b610247ef87278862e66c6045f89693">2</a>] 1076 </td> 1077 <td></td> 1078 <td><a href="#nexus_devices"> Nexus </a></td> 1079 <td>5.0.25.1.16.06.0.1</td> 1080 <td>2016 2 23 </td> 1081 </tr> 1082 </table> 1083 1084 1085 <h3 id="information_disclosure_vulnerability_in_mediaserver"> 1086 </h3> 1087 1088 1089 <p></p> 1090 <table> 1091 <col width="19%"> 1092 <col width="16%"> 1093 <col width="10%"> 1094 <col width="19%"> 1095 <col width="18%"> 1096 <col width="16%"> 1097 <tr> 1098 <th>CVE</th> 1099 <th>Android </th> 1100 <th></th> 1101 <th> Nexus </th> 1102 <th> AOSP </th> 1103 <th></th> 1104 </tr> 1105 <tr> 1106 <td>CVE-2016-2459</td> 1107 <td><a href="https://android.googlesource.com/platform/frameworks/native/+/a30d7d90c4f718e46fb41a99b3d52800e1011b73"> 1108 27556038</a></td> 1109 <td></td> 1110 <td><a href="#nexus_devices"> Nexus </a></td> 1111 <td>4.4.45.0.25.1.16.06.0.1</td> 1112 <td>2016 3 7 </td> 1113 </tr> 1114 <tr> 1115 <td>CVE-2016-2460</td> 1116 <td><a href="https://android.googlesource.com/platform/frameworks/native/+/a30d7d90c4f718e46fb41a99b3d52800e1011b73"> 1117 27555981</a></td> 1118 <td></td> 1119 <td><a href="#nexus_devices"> Nexus </a></td> 1120 <td>4.4.45.0.25.1.16.06.0.1</td> 1121 <td>2016 3 7 </td> 1122 </tr> 1123 </table> 1124 1125 1126 <h3 id="denial_of_service_vulnerability_in_kernel"> 1127 </h3> 1128 1129 1130 <p></p> 1131 <table> 1132 <col width="19%"> 1133 <col width="16%"> 1134 <col width="10%"> 1135 <col width="27%"> 1136 <col width="16%"> 1137 <tr> 1138 <th>CVE</th> 1139 <th>Android </th> 1140 <th></th> 1141 <th> Nexus </th> 1142 <th></th> 1143 </tr> 1144 <tr> 1145 <td>CVE-2016-0774</td> 1146 <td>27721803*</td> 1147 <td></td> 1148 <td><a href="#nexus_devices"> Nexus </a></td> 1149 <td>2016 3 17 </td> 1150 </tr> 1151 </table> 1152 <p>* <a href="https://git.kernel.org/cgit/linux/kernel/git/stable/linux-stable.git/commit/fs/pipe.c?id=b381fbc509052d07ccf8641fd7560a25d46aaf1e">Linux </a></p> 1153 1154 <h2 id="common_questions_and_answers"></h2> 1155 1156 1157 <p></p> 1158 1159 <p><strong>1. </strong></p> 1160 1161 <p>2016 5 1 ( <a href="https://support.google.com/nexus/answer/4457705">Nexus </a>)[ro.build.version.security_patch]:[2016-05-01]</p> 1162 1163 <p id="nexus_devices"><strong>2. Nexus </strong></p> 1164 1165 <p><a href="security_vulnerability_details"></a> Nexus Nexus </p> 1166 1167 <ul> 1168 <li> <strong> Nexus </strong> Nexus Nexus <em></em> Nexus Nexus <a href="https://support.google.com/nexus/answer/4457705#nexus_devices"></a>Nexus 5Nexus 5XNexus 6Nexus 6PNexus 7 (2013)Nexus 9Android OneNexus Player Pixel C 1169 <li> <strong> Nexus </strong> Nexus Nexus <em></em> Nexus </li> 1170 <li> <strong> Nexus </strong> Nexus Nexus <em></em></li> 1171 </li></ul> 1172 1173 <p><strong>3. CVE-2015-1805 </strong></p> 1174 <p><a href="/security/advisory/2016-03-18.html">Android 2016-03-18</a> CVE-2015-1805 2016 4 1 <a href="2016-04-02.html">Nexus 2016 4 </a> CVE-2015-1805 2016 5 1 </p> 1175 <h2 id="revisions"></h2> 1176 1177 1178 <ul> 1179 <li>2016 5 2 </li> 1180 <li>2016 5 4 1181 <ul> 1182 <li> AOSP 1183 <li> Nexus ( Nexus Player Pixel C) 1184 <li> MITRE CVE-2016-2447 CVE-2016-4477 1185 </li></li></li></ul> 1186 </li> 1187 </ul> 1188 1189 </body> 1190 </html> 1191