1 <html devsite> 2 <head> 3 <title>Android 2016 6 </title> 4 <meta name="project_path" value="/_project.yaml" /> 5 <meta name="book_path" value="/_book.yaml" /> 6 </head> 7 <body> 8 <!-- 9 Copyright 2017 The Android Open Source Project 10 11 Licensed under the Apache License, Version 2.0 (the "License"); 12 you may not use this file except in compliance with the License. 13 You may obtain a copy of the License at 14 15 http://www.apache.org/licenses/LICENSE-2.0 16 17 Unless required by applicable law or agreed to in writing, software 18 distributed under the License is distributed on an "AS IS" BASIS, 19 WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 20 See the License for the specific language governing permissions and 21 limitations under the License. 22 --> 23 24 25 26 <p><em>2016 6 6 | 2016 6 8 </em></p> 27 28 <p>Android Android Google OTA Nexus Nexus <a href="https://developers.google.com/android/nexus/images">Google </a> 29 2016 6 1 <a href="https://support.google.com/nexus/answer/4457705#nexus_devices">Nexus </a></p> 30 31 <p> 2016 5 2 () Android (AOSP) </p> 32 33 <p></p> 34 35 <p> <a href="/security/enhancements/index.html">Android </a> ( SafetyNet) Android <a href="#mitigations">Android Google </a></p> 36 37 <p></p> 38 39 <h2 id="security_vulnerability_summary"></h2> 40 41 42 <p> (CVE) Nexus <a href="/security/overview/updates-resources.html#severity"></a></p> 43 <table> 44 <col width="55%"> 45 <col width="20%"> 46 <col width="13%"> 47 <col width="12%"> 48 <tr> 49 <th></th> 50 <th>CVE</th> 51 <th></th> 52 <th> Nexus </th> 53 </tr> 54 <tr> 55 <td></td> 56 <td>CVE-2016-2463</td> 57 <td></td> 58 <td></td> 59 </tr> 60 <tr> 61 <td>libwebm </td> 62 <td>CVE-2016-2464</td> 63 <td></td> 64 <td></td> 65 </tr> 66 <tr> 67 <td>Qualcomm </td> 68 <td>CVE-2016-2465</td> 69 <td></td> 70 <td></td> 71 </tr> 72 <tr> 73 <td>Qualcomm </td> 74 <td>CVE-2016-2466<br> 75 CVE-2016-2467</td> 76 <td></td> 77 <td></td> 78 </tr> 79 <tr> 80 <td>Qualcomm GPU </td> 81 <td>CVE-2016-2468<br> 82 CVE-2016-2062</td> 83 <td></td> 84 <td></td> 85 </tr> 86 <tr> 87 <td>Qualcomm Wi-Fi </td> 88 <td>CVE-2016-2474</td> 89 <td></td> 90 <td></td> 91 </tr> 92 <tr> 93 <td>Broadcom Wi-Fi </td> 94 <td>CVE-2016-2475</td> 95 <td></td> 96 <td></td> 97 </tr> 98 <tr> 99 <td>Qualcomm </td> 100 <td>CVE-2016-2066<br> 101 CVE-2016-2469</td> 102 <td></td> 103 <td></td> 104 </tr> 105 <tr> 106 <td></td> 107 <td>CVE-2016-2476<br> 108 CVE-2016-2477<br> 109 CVE-2016-2478<br> 110 CVE-2016-2479<br> 111 CVE-2016-2480<br> 112 CVE-2016-2481<br> 113 CVE-2016-2482<br> 114 CVE-2016-2483<br> 115 CVE-2016-2484<br> 116 CVE-2016-2485<br> 117 CVE-2016-2486<br> 118 CVE-2016-2487</td> 119 <td></td> 120 <td></td> 121 </tr> 122 <tr> 123 <td>Qualcomm </td> 124 <td>CVE-2016-2061<br> 125 CVE-2016-2488</td> 126 <td></td> 127 <td></td> 128 </tr> 129 <tr> 130 <td>Qualcomm </td> 131 <td>CVE-2016-2489</td> 132 <td></td> 133 <td></td> 134 </tr> 135 <tr> 136 <td>NVIDIA </td> 137 <td>CVE-2016-2490<br> 138 CVE-2016-2491</td> 139 <td></td> 140 <td></td> 141 </tr> 142 <tr> 143 <td>Qualcomm Wi-Fi </td> 144 <td>CVE-2016-2470<br> 145 CVE-2016-2471<br> 146 CVE-2016-2472<br> 147 CVE-2016-2473</td> 148 <td></td> 149 <td></td> 150 </tr> 151 <tr> 152 <td>MediaTek </td> 153 <td>CVE-2016-2492</td> 154 <td></td> 155 <td></td> 156 </tr> 157 <tr> 158 <td>SD </td> 159 <td>CVE-2016-2494</td> 160 <td></td> 161 <td></td> 162 </tr> 163 <tr> 164 <td>Broadcom Wi-Fi </td> 165 <td>CVE-2016-2493</td> 166 <td></td> 167 <td></td> 168 </tr> 169 <tr> 170 <td></td> 171 <td>CVE-2016-2495</td> 172 <td></td> 173 <td></td> 174 </tr> 175 <tr> 176 <td></td> 177 <td>CVE-2016-2496</td> 178 <td></td> 179 <td></td> 180 </tr> 181 <tr> 182 <td>Qualcomm Wi-Fi </td> 183 <td>CVE-2016-2498</td> 184 <td></td> 185 <td></td> 186 </tr> 187 <tr> 188 <td></td> 189 <td>CVE-2016-2499</td> 190 <td></td> 191 <td></td> 192 </tr> 193 <tr> 194 <td></td> 195 <td>CVE-2016-2500</td> 196 <td></td> 197 <td></td> 198 </tr> 199 </table> 200 201 202 <h2 id="mitigations">Android Google </h2> 203 204 205 <p> <a href="/security/enhancements/index.html">Android </a> SafetyNet Android </p> 206 207 <ul> 208 <li>Android Android Android 209 <li>Android <a href="/security/reports/Google_Android_Security_2015_Report_Final.pdf"> SafetyNet</a> <a href="/security/reports/Google_Android_Security_PHA_classifications.pdf"></a> <a href="http://www.android.com/gms">Google </a> Google Play Google Play Root Root () 210 <li>Google Hangouts Messenger 211 </li></li></li></ul> 212 213 <h2 id="acknowledgements"></h2> 214 215 216 <p></p> 217 218 <ul> 219 <li> KeenLab (<a href="https://twitter.com/keen_lab">@keen_lab</a>) Di Shen (<a href="https://twitter.com/returnsme">@returnsme</a>)CVE-2016-2468 220 <li> <a href="http://bits-please.blogspot.com">Gal Beniamini</a> (<a href="https://twitter.com/laginimaineb">@laginimaineb</a>)CVE-2016-2476 221 <li> 360 IceSword Gengjia Chen (<a href="https://twitter.com/chengjia4574">@chengjia4574</a>)pjf (<a href="http://weibo.com/jfpan ">weibo.com/jfpan</a>)CVE-2016-2492 222 <li> 360 Hao ChenGuang Gong Wenlin YangCVE-2016-2470CVE-2016-2471CVE-2016-2472CVE-2016-2473CVE-2016-2498 223 <li> <a href="http://www.iwobanas.com">Iwo Banas</a>CVE-2016-2496 224 <li> 360 IceSword Jianqiang Zhao (<a href="https://twitter.com/jianqiangzhao ">@jianqiangzhao</a>) pjf (<a href="http://weibo.com/jfpan ">weibo.com/jfpan</a>)CVE-2016-2490CVE-2016-2491 225 <li>Google Lee CampbellCVE-2016-2500 226 <li>Google Maciej SzawowskiCVE-2016-2474 227 <li>Google Marco Nelissen Max SpectorCVE-2016-2487 228 <li>Google Project Zero Mark BrandCVE-2016-2494 229 <li><a href="http://c0reteam.org">C0RE </a> Mingjian Zhou (<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>)Chiachih Wu (<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>) Xuxian JiangCVE-2016-2477CVE-2016-2478CVE-2016-2479CVE-2016-2480CVE-2016-2481CVE-2016-2482CVE-2016-2483CVE-2016-2484CVE-2016-2485CVE-2016-2486 230 <li> <a href="mailto:sbauer (a] plzdonthack.me">Scott Bauer</a> (<a href="https://twitter.com/ScottyBauer1">@ScottyBauer1</a>)CVE-2016-2066CVE-2016-2061CVE-2016-2465CVE-2016-2469CVE-2016-2489 231 <li>Vasily VasilevCVE-2016-2463 232 <li> Weichao Sun (<a href="https://twitter.com/sunblate">@sunblate</a>)CVE-2016-2495 233 <li> Xiling GongCVE-2016-2499 234 <li>Android Zach Riggle (<a href="https://twitter.com/ebeip90">@ebeip90</a>)CVE-2016-2493 235 </li></li></li></li></li></li></li></li></li></li></li></li></li></li></li></li></ul> 236 237 <h2 id="security_vulnerability_details"></h2> 238 239 240 <p><a href="#security_vulnerability_summary"></a> CVE Android Nexus AOSP () AOSP AOSP </p> 241 242 <h3 id="remote_code_execution_vulnerability_in_mediaserver"> 243 </h3> 244 245 246 <p></p> 247 248 <p></p> 249 <table> 250 <col width="19%"> 251 <col width="16%"> 252 <col width="10%"> 253 <col width="19%"> 254 <col width="18%"> 255 <col width="16%"> 256 <tr> 257 <th>CVE</th> 258 <th>Android </th> 259 <th></th> 260 <th> Nexus </th> 261 <th> AOSP </th> 262 <th></th> 263 </tr> 264 <tr> 265 <td>CVE-2016-2463</td> 266 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/2b6f22dc64d456471a1dc6df09d515771d1427c8">27855419</a></td> 267 <td></td> 268 <td><a href="#nexus_devices"> Nexus </a></td> 269 <td>4.4.45.0.25.1.16.06.0.1</td> 270 <td>2016 3 25 </td> 271 </tr> 272 </table> 273 274 275 <h3 id="remote_code_execution_vulnerabilities_in_libwebm"> 276 libwebm </h3> 277 278 279 <p>libwebm </p> 280 281 <p></p> 282 <table> 283 <col width="19%"> 284 <col width="16%"> 285 <col width="10%"> 286 <col width="19%"> 287 <col width="18%"> 288 <col width="16%"> 289 <tr> 290 <th>CVE</th> 291 <th>Android </th> 292 <th></th> 293 <th> Nexus </th> 294 <th> AOSP </th> 295 <th></th> 296 </tr> 297 <tr> 298 <td>CVE-2016-2464</td> 299 <td><a href="https://android.googlesource.com/platform/external/libvpx/+/cc274e2abe8b2a6698a5c47d8aa4bb45f1f9538d">23167726</a> 300 [<a href="https://android.googlesource.com/platform/external/libvpx/+/65c49d5b382de4085ee5668732bcb0f6ecaf7148">2</a>] 301 </td> 302 <td></td> 303 <td><a href="#nexus_devices"> Nexus </a></td> 304 <td>4.4.45.0.25.1.16.06.0.1</td> 305 <td>Google </td> 306 </tr> 307 </table> 308 309 310 <h3 id="elevation_of_privilege_vulnerability_in_qualcomm_video_driver"> 311 Qualcomm </h3> 312 313 314 <p>Qualcomm (Re-flash) </p> 315 <table> 316 <col width="19%"> 317 <col width="16%"> 318 <col width="10%"> 319 <col width="27%"> 320 <col width="16%"> 321 <tr> 322 <th>CVE</th> 323 <th>Android </th> 324 <th></th> 325 <th> Nexus </th> 326 <th></th> 327 </tr> 328 <tr> 329 <td>CVE-2016-2465</td> 330 <td>27407865*</td> 331 <td></td> 332 <td>Nexus 5Nexus 5XNexus 6Nexus 6P</td> 333 <td>2016 2 21 </td> 334 </tr> 335 </table> 336 <p>* AOSP Nexus <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> 337 </p> 338 339 <h3 id="elevation_of_privilege_vulnerability_in_qualcomm_sound_driver"> 340 Qualcomm </h3> 341 342 <p>Qualcomm (Re-flash) </p> 343 344 <table> 345 <col width="19%"> 346 <col width="16%"> 347 <col width="10%"> 348 <col width="27%"> 349 <col width="16%"> 350 <tr> 351 <th>CVE</th> 352 <th>Android </th> 353 <th></th> 354 <th> Nexus </th> 355 <th></th> 356 </tr> 357 <tr> 358 <td>CVE-2016-2466</td> 359 <td>27947307*</td> 360 <td></td> 361 <td>Nexus 6</td> 362 <td>2016 2 27 </td> 363 </tr> 364 <tr> 365 <td>CVE-2016-2467</td> 366 <td>28029010*</td> 367 <td></td> 368 <td>Nexus 5</td> 369 <td>2014 3 13 </td> 370 </tr> 371 </table> 372 <p>* AOSP Nexus <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> 373 </p> 374 375 <h3 id="elevation_of_privilege_vulnerability_in_qualcomm_gpu_driver"> 376 Qualcomm GPU </h3> 377 378 379 <p>Qualcomm GPU (Re-flash) </p> 380 381 <table> 382 <col width="19%"> 383 <col width="16%"> 384 <col width="10%"> 385 <col width="27%"> 386 <col width="16%"> 387 <tr> 388 <th>CVE</th> 389 <th>Android </th> 390 <th></th> 391 <th> Nexus </th> 392 <th></th> 393 </tr> 394 <tr> 395 <td>CVE-2016-2468</td> 396 <td>27475454*</td> 397 <td></td> 398 <td>Nexus 5Nexus 5XNexus 6Nexus 6PNexus 7</td> 399 <td>2016 3 2 </td> 400 </tr> 401 <tr> 402 <td>CVE-2016-2062</td> 403 <td>27364029*</td> 404 <td></td> 405 <td>Nexus 5XNexus 6P</td> 406 <td>2016 3 6 </td> 407 </tr> 408 </table> 409 <p>* AOSP Nexus <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> 410 </p> 411 412 413 <h3 id="elevation_of_privilege_vulnerability_in_qualcomm_wi-fi_driver"> 414 Qualcomm Wi-Fi </h3> 415 416 417 <p>Qualcomm Wi-Fi (Re-flash) </p> 418 <table> 419 <col width="19%"> 420 <col width="16%"> 421 <col width="10%"> 422 <col width="27%"> 423 <col width="16%"> 424 <tr> 425 <th>CVE</th> 426 <th>Android </th> 427 <th></th> 428 <th> Nexus </th> 429 <th></th> 430 </tr> 431 <tr> 432 <td>CVE-2016-2474</td> 433 <td>27424603*</td> 434 <td></td> 435 <td>Nexus 5X</td> 436 <td>Google </td> 437 </tr> 438 </table> 439 <p>* AOSP Nexus <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> 440 </p> 441 442 443 <h3 id="elevation_of_privilege_vulnerability_in_broadcom_wi-fi_driver"> 444 Broadcom Wi-Fi </h3> 445 446 447 <p>Broadcom Wi-Fi </p> 448 <table> 449 <col width="19%"> 450 <col width="16%"> 451 <col width="10%"> 452 <col width="27%"> 453 <col width="16%"> 454 <tr> 455 <th>CVE</th> 456 <th>Android </th> 457 <th></th> 458 <th> Nexus </th> 459 <th></th> 460 </tr> 461 <tr> 462 <td>CVE-2016-2475</td> 463 <td>26425765*</td> 464 <td></td> 465 <td>Nexus 5Nexus 6Nexus 6PNexus 7 (2013)Nexus 9Nexus PlayerPixel C</td> 466 <td>2016 1 6 </td> 467 </tr> 468 </table> 469 <p>* AOSP Nexus <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> 470 </p> 471 472 473 <h3 id="elevation_of_privilege_vulnerability_in_qualcomm_sound_driver"> 474 Qualcomm </h3> 475 476 477 <p>Qualcomm </p> 478 479 <table> 480 <col width="19%"> 481 <col width="16%"> 482 <col width="10%"> 483 <col width="27%"> 484 <col width="16%"> 485 <tr> 486 <th>CVE</th> 487 <th>Android </th> 488 <th></th> 489 <th> Nexus </th> 490 <th></th> 491 </tr> 492 <tr> 493 <td>CVE-2016-2066</td> 494 <td>26876409*</td> 495 <td></td> 496 <td>Nexus 5Nexus 5XNexus 6Nexus 6P</td> 497 <td>2016 1 29 </td> 498 </tr> 499 <tr> 500 <td>CVE-2016-2469</td> 501 <td>27531992*</td> 502 <td></td> 503 <td>Nexus 5Nexus 6Nexus 6P</td> 504 <td>2016 3 4 </td> 505 </tr> 506 </table> 507 <p>* AOSP Nexus <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> 508 </p> 509 510 511 <h3 id="elevation_of_privilege_vulnerability_in_mediaserver"> 512 </h3> 513 514 515 <p> ( <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> ) </p> 516 517 <table> 518 <col width="19%"> 519 <col width="16%"> 520 <col width="10%"> 521 <col width="19%"> 522 <col width="18%"> 523 <col width="16%"> 524 <tr> 525 <th>CVE</th> 526 <th>Android </th> 527 <th></th> 528 <th> Nexus </th> 529 <th> AOSP </th> 530 <th></th> 531 </tr> 532 <tr> 533 <td>CVE-2016-2476</td> 534 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/295c883fe3105b19bcd0f9e07d54c6b589fc5bff">27207275</a> 535 [<a href="https://android.googlesource.com/platform/frameworks/av/+/94d9e646454f6246bf823b6897bd6aea5f08eda3">2</a>] 536 [<a href="https://android.googlesource.com/platform/frameworks/av/+/0bb5ced60304da7f61478ffd359e7ba65d72f181">3</a>] 537 [<a href="https://android.googlesource.com/platform/frameworks/av/+/db829699d3293f254a7387894303451a91278986">4</a>] 538 </td> 539 <td></td> 540 <td><a href="#nexus_devices"> Nexus </a></td> 541 <td>4.4.45.0.25.1.16.06.0.1</td> 542 <td>2016 2 11 </td> 543 </tr> 544 <tr> 545 <td>CVE-2016-2477</td> 546 <td><a href="https://android.googlesource.com/platform/hardware/qcom/media/+/f22c2a0f0f9e030c240468d9d18b9297f001bcf0">27251096</a> 547 </td> 548 <td></td> 549 <td><a href="#nexus_devices"> Nexus </a></td> 550 <td>4.4.45.0.25.1.16.06.0.1</td> 551 <td>2016 2 17 </td> 552 </tr> 553 <tr> 554 <td>CVE-2016-2478</td> 555 <td><a href="https://android.googlesource.com/platform/hardware/qcom/media/+/f22c2a0f0f9e030c240468d9d18b9297f001bcf0">27475409</a> 556 </td> 557 <td></td> 558 <td><a href="#nexus_devices"> Nexus </a></td> 559 <td>4.4.45.0.25.1.16.06.0.1</td> 560 <td>2016 3 3 </td> 561 </tr> 562 <tr> 563 <td>CVE-2016-2479</td> 564 <td><a href="https://android.googlesource.com/platform/hardware/qcom/media/+/46e305be6e670a5a0041b0b4861122a0f1aabefa">27532282</a> 565 </td> 566 <td></td> 567 <td><a href="#nexus_devices"> Nexus </a></td> 568 <td>4.4.45.0.25.1.16.06.0.1</td> 569 <td>2016 3 6 </td> 570 </tr> 571 <tr> 572 <td>CVE-2016-2480</td> 573 <td><a href="https://android.googlesource.com/platform/hardware/qcom/media/+/560ccdb509a7b86186fac0fce1b25bd9a3e6a6e8">27532721</a> 574 </td> 575 <td></td> 576 <td><a href="#nexus_devices"> Nexus </a></td> 577 <td>4.4.45.0.25.1.16.06.0.1</td> 578 <td>2016 3 6 </td> 579 </tr> 580 <tr> 581 <td>CVE-2016-2481</td> 582 <td><a href="https://android.googlesource.com/platform/hardware/qcom/media/+/89913d7df36dbeb458ce165856bd6505a2ec647d">27532497</a> 583 </td> 584 <td></td> 585 <td><a href="#nexus_devices"> Nexus </a></td> 586 <td>4.4.45.0.25.1.16.06.0.1</td> 587 <td>2016 3 6 </td> 588 </tr> 589 <tr> 590 <td>CVE-2016-2482</td> 591 <td><a href="https://android.googlesource.com/platform/hardware/qcom/media/+/46e305be6e670a5a0041b0b4861122a0f1aabefa">27661749</a> 592 </td> 593 <td></td> 594 <td><a href="#nexus_devices"> Nexus </a></td> 595 <td>4.4.45.0.25.1.16.06.0.1</td> 596 <td>2016 3 14 </td> 597 </tr> 598 <tr> 599 <td>CVE-2016-2483</td> 600 <td><a href="https://android.googlesource.com/platform/hardware/qcom/media/+/89913d7df36dbeb458ce165856bd6505a2ec647d">27662502</a> 601 </td> 602 <td></td> 603 <td><a href="#nexus_devices"> Nexus </a></td> 604 <td>4.4.45.0.25.1.16.06.0.1</td> 605 <td>2016 3 14 </td> 606 </tr> 607 <tr> 608 <td>CVE-2016-2484</td> 609 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/7cea5cb64b83d690fe02bc210bbdf08f5a87636f">27793163</a> 610 </td> 611 <td></td> 612 <td><a href="#nexus_devices"> Nexus </a></td> 613 <td>4.4.45.0.25.1.16.06.0.1</td> 614 <td>2016 3 22 </td> 615 </tr> 616 <tr> 617 <td>CVE-2016-2485</td> 618 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/7cea5cb64b83d690fe02bc210bbdf08f5a87636f">27793367</a> 619 </td> 620 <td></td> 621 <td><a href="#nexus_devices"> Nexus </a></td> 622 <td>4.4.45.0.25.1.16.06.0.1</td> 623 <td>2016 3 22 </td> 624 </tr> 625 <tr> 626 <td>CVE-2016-2486</td> 627 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/ad40e57890f81a3cf436c5f06da66396010bd9e5">27793371</a> 628 </td> 629 <td></td> 630 <td><a href="#nexus_devices"> Nexus </a></td> 631 <td>4.4.45.0.25.1.16.06.0.1</td> 632 <td>2016 3 22 </td> 633 </tr> 634 <tr> 635 <td>CVE-2016-2487</td> 636 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/918eeaa29d99d257282fafec931b4bda0e3bae12">27833616</a> 637 [<a href="https://android.googlesource.com/platform/frameworks/av/+/d2f47191538837e796e2b10c1ff7e1ee35f6e0ab">2</a>] 638 [<a href="https://android.googlesource.com/platform/frameworks/av/+/4e32001e4196f39ddd0b86686ae0231c8f5ed944">3</a>] 639 </td> 640 <td></td> 641 <td><a href="#nexus_devices"> Nexus </a></td> 642 <td>4.4.45.0.25.1.16.06.0.1</td> 643 <td>Google </td> 644 </tr> 645 </table> 646 647 648 <h3 id="elevation_of_privilege_vulnerability_in_qualcomm_camera_driver"> 649 Qualcomm </h3> 650 651 652 <p>Qualcomm </p> 653 <table> 654 <col width="19%"> 655 <col width="16%"> 656 <col width="10%"> 657 <col width="27%"> 658 <col width="16%"> 659 <tr> 660 <th>CVE</th> 661 <th>Android </th> 662 <th></th> 663 <th> Nexus </th> 664 <th></th> 665 </tr> 666 <tr> 667 <td>CVE-2016-2061</td> 668 <td>27207747*</td> 669 <td></td> 670 <td>Nexus 5XNexus 6P</td> 671 <td>2016 2 15 </td> 672 </tr> 673 <tr> 674 <td>CVE-2016-2488</td> 675 <td>27600832*</td> 676 <td></td> 677 <td>Nexus 5Nexus 5XNexus 6Nexus 6PNexus 7 (2013)</td> 678 <td>Google </td> 679 </tr> 680 </table> 681 <p>* AOSP Nexus <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> 682 </p> 683 684 685 <h3 id="elevation_of_privilege_vulnerability_in_qualcomm_video_driver_2"> 686 Qualcomm </h3> 687 688 689 <p>Qualcomm </p> 690 <table> 691 <col width="19%"> 692 <col width="16%"> 693 <col width="10%"> 694 <col width="27%"> 695 <col width="16%"> 696 <tr> 697 <th>CVE</th> 698 <th>Android </th> 699 <th></th> 700 <th> Nexus </th> 701 <th></th> 702 </tr> 703 <tr> 704 <td>CVE-2016-2489</td> 705 <td>27407629*</td> 706 <td></td> 707 <td>Nexus 5Nexus 5XNexus 6Nexus 6P</td> 708 <td>2016 2 21 </td> 709 </tr> 710 </table> 711 <p>* AOSP Nexus <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> 712 </p> 713 714 715 <h3 id="elevation_of_privilege_vulnerability_in_nvidia_camera_driver"> 716 NVIDIA </h3> 717 718 719 <p>NVIDIA </p> 720 <table> 721 <col width="19%"> 722 <col width="16%"> 723 <col width="10%"> 724 <col width="27%"> 725 <col width="16%"> 726 <tr> 727 <th>CVE</th> 728 <th>Android </th> 729 <th></th> 730 <th> Nexus </th> 731 <th></th> 732 </tr> 733 <tr> 734 <td>CVE-2016-2490</td> 735 <td>27533373*</td> 736 <td></td> 737 <td>Nexus 9</td> 738 <td>2016 3 6 </td> 739 </tr> 740 <tr> 741 <td>CVE-2016-2491</td> 742 <td>27556408*</td> 743 <td></td> 744 <td>Nexus 9</td> 745 <td>2016 3 8 </td> 746 </tr> 747 </table> 748 <p>* AOSP Nexus <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> 749 </p> 750 751 752 <h3 id="elevation_of_privilege_vulnerability_in_qualcomm_wi-fi_driver_2"> 753 Qualcomm Wi-Fi </h3> 754 755 756 <p>Qualcomm Wi-Fi </p> 757 758 <table> 759 <col width="19%"> 760 <col width="16%"> 761 <col width="10%"> 762 <col width="27%"> 763 <col width="16%"> 764 <tr> 765 <th>CVE</th> 766 <th>Android </th> 767 <th></th> 768 <th> Nexus </th> 769 <th></th> 770 </tr> 771 <tr> 772 <td>CVE-2016-2470</td> 773 <td>27662174*</td> 774 <td></td> 775 <td>Nexus 7 (2013)</td> 776 <td>2016 3 13 </td> 777 </tr> 778 <tr> 779 <td>CVE-2016-2471</td> 780 <td>27773913*</td> 781 <td></td> 782 <td>Nexus 7 (2013)</td> 783 <td>2016 3 19 </td> 784 </tr> 785 <tr> 786 <td>CVE-2016-2472</td> 787 <td>27776888*</td> 788 <td></td> 789 <td>Nexus 7 (2013)</td> 790 <td>2016 3 20 </td> 791 </tr> 792 <tr> 793 <td>CVE-2016-2473</td> 794 <td>27777501*</td> 795 <td></td> 796 <td>Nexus 7 (2013)</td> 797 <td>2016 3 20 </td> 798 </tr> 799 </table> 800 <p>* AOSP Nexus <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> 801 </p> 802 803 804 <h3 id="elevation_of_privilege_vulnerability_in_mediatek_power_management_driver"> 805 MediaTek </h3> 806 807 808 <p>MediaTek Root </p> 809 810 <table> 811 <col width="19%"> 812 <col width="16%"> 813 <col width="10%"> 814 <col width="27%"> 815 <col width="16%"> 816 <tr> 817 <th>CVE</th> 818 <th>Android </th> 819 <th></th> 820 <th> Nexus </th> 821 <th></th> 822 </tr> 823 <tr> 824 <td>CVE-2016-2492</td> 825 <td>28085410*</td> 826 <td></td> 827 <td>Android One</td> 828 <td>2016 4 7 </td> 829 </tr> 830 </table> 831 <p>* AOSP Nexus <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> 832 </p> 833 834 835 <h3 id="elevation_of_privilege_vulnerability_in_sd_card_emulation_layer"> 836 SD </h3> 837 838 839 <p>SD ( <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> ) </p> 840 841 <table> 842 <col width="19%"> 843 <col width="16%"> 844 <col width="10%"> 845 <col width="19%"> 846 <col width="18%"> 847 <col width="16%"> 848 <tr> 849 <th>CVE</th> 850 <th>Android </th> 851 <th></th> 852 <th> Nexus </th> 853 <th> AOSP </th> 854 <th></th> 855 </tr> 856 <tr> 857 <td>CVE-2016-2494</td> 858 <td><a href="https://android.googlesource.com/platform/system/core/+/864e2e22fcd0cba3f5e67680ccabd0302dfda45d">28085658</a> 859 </td> 860 <td></td> 861 <td><a href="#nexus_devices"> Nexus </a></td> 862 <td>4.4.45.0.25.1.16.06.0.1</td> 863 <td>2016 4 7 </td> 864 </tr> 865 </table> 866 867 868 <h3 id="elevation_of_privilege_vulnerability_in_broadcom_wi-fi_driver_2"> 869 Broadcom Wi-Fi </h3> 870 871 872 <p>Broadcom Wi-Fi </p> 873 <table> 874 <col width="19%"> 875 <col width="16%"> 876 <col width="10%"> 877 <col width="27%"> 878 <col width="16%"> 879 <tr> 880 <th>CVE</th> 881 <th>Android </th> 882 <th></th> 883 <th> Nexus </th> 884 <th></th> 885 </tr> 886 <tr> 887 <td>CVE-2016-2493</td> 888 <td>26571522*</td> 889 <td></td> 890 <td>Nexus 5Nexus 6Nexus 6PNexus 7 (2013)Nexus PlayerPixel C</td> 891 <td>Google </td> 892 </tr> 893 </table> 894 <p>* AOSP Nexus <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> 895 </p> 896 897 <h3 id="remote_denial_of_service_vulnerability_in_mediaserver"> 898 </h3> 899 900 901 <p></p> 902 <table> 903 <col width="19%"> 904 <col width="16%"> 905 <col width="10%"> 906 <col width="19%"> 907 <col width="18%"> 908 <col width="16%"> 909 <tr> 910 <th>CVE</th> 911 <th>Android </th> 912 <th></th> 913 <th> Nexus </th> 914 <th> AOSP </th> 915 <th></th> 916 </tr> 917 <tr> 918 <td>CVE-2016-2495</td> 919 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/45737cb776625f17384540523674761e6313e6d4">28076789</a> 920 [<a href="https://android.googlesource.com/platform/frameworks/av/+/b57b3967b1a42dd505dbe4fcf1e1d810e3ae3777">2</a>] 921 </td> 922 <td></td> 923 <td><a href="#nexus_devices"> Nexus </a></td> 924 <td>4.4.45.0.25.1.16.06.0.1</td> 925 <td>2016 4 6 </td> 926 </tr> 927 </table> 928 929 <h3 id="elevation_of_privilege_vulnerability_in_framework_ui"> 930 </h3> 931 932 933 <p><a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel"></a></p> 934 <table> 935 <col width="19%"> 936 <col width="16%"> 937 <col width="10%"> 938 <col width="19%"> 939 <col width="18%"> 940 <col width="16%"> 941 <tr> 942 <th>CVE</th> 943 <th>Android </th> 944 <th></th> 945 <th> Nexus </th> 946 <th> AOSP </th> 947 <th></th> 948 </tr> 949 <tr> 950 <td>CVE-2016-2496</td> 951 <td><a href="https://android.googlesource.com/platform/frameworks/native/+/03a53d1c7765eeb3af0bc34c3dff02ada1953fbf">26677796</a> 952 [<a href="https://android.googlesource.com/platform/frameworks/base/+/613f63b938145bb86cd64fe0752eaf5e99b5f628">2</a>] 953 [<a href="https://android.googlesource.com/platform/packages/apps/PackageInstaller/+/2068c7997265011ddc5e4dfa3418407881f7f81e">3</a>] 954 </td> 955 <td></td> 956 <td><a href="#nexus_devices"> Nexus </a></td> 957 <td>6.06.1</td> 958 <td>2015 5 26 </td> 959 </tr> 960 </table> 961 962 <h3 id="information_disclosure_vulnerability_in_qualcomm_wi-fi_driver"> 963 Qualcomm Wi-Fi </h3> 964 965 966 <p>Qualcomm Wi-Fi </p> 967 <table> 968 <col width="19%"> 969 <col width="16%"> 970 <col width="10%"> 971 <col width="27%"> 972 <col width="16%"> 973 <tr> 974 <th>CVE</th> 975 <th>Android </th> 976 <th></th> 977 <th> Nexus </th> 978 <th></th> 979 </tr> 980 <tr> 981 <td>CVE-2016-2498</td> 982 <td>27777162*</td> 983 <td></td> 984 <td>Nexus 7 (2013)</td> 985 <td>2016 3 20 </td> 986 </tr> 987 </table> 988 <p>* AOSP Nexus <a href="https://developers.google.com/android/nexus/drivers">Google Developers </a> 989 </p> 990 991 992 <h3 id="information_disclosure_vulnerability_in_mediaserver"> 993 </h3> 994 995 996 <p></p> 997 <table> 998 <col width="19%"> 999 <col width="16%"> 1000 <col width="10%"> 1001 <col width="19%"> 1002 <col width="18%"> 1003 <col width="16%"> 1004 <tr> 1005 <th>CVE</th> 1006 <th>Android </th> 1007 <th></th> 1008 <th> Nexus </th> 1009 <th> AOSP </th> 1010 <th></th> 1011 </tr> 1012 <tr> 1013 <td>CVE-2016-2499</td> 1014 <td><a href="https://android.googlesource.com/platform/frameworks/av/+/dd3546765710ce8dd49eb23901d90345dec8282f">27855172</a> 1015 </td> 1016 <td></td> 1017 <td><a href="#nexus_devices"> Nexus </a></td> 1018 <td>4.4.45.0.25.1.16.06.0.1</td> 1019 <td>2016 3 24 </td> 1020 </tr> 1021 </table> 1022 1023 1024 <h3 id="information_disclosure_vulnerability_in_activity_manager"> 1025 </h3> 1026 1027 1028 <p></p> 1029 <table> 1030 <col width="19%"> 1031 <col width="16%"> 1032 <col width="10%"> 1033 <col width="19%"> 1034 <col width="18%"> 1035 <col width="16%"> 1036 <tr> 1037 <th>CVE</th> 1038 <th>Android </th> 1039 <th></th> 1040 <th> Nexus </th> 1041 <th> AOSP </th> 1042 <th></th> 1043 </tr> 1044 <tr> 1045 <td>CVE-2016-2500</td> 1046 <td><a href="https://android.googlesource.com/platform/frameworks/base/+/9878bb99b77c3681f0fda116e2964bac26f349c3">19285814</a> 1047 </td> 1048 <td></td> 1049 <td><a href="#nexus_devices"> Nexus </a></td> 1050 <td>5.0.25.1.16.06.0.1</td> 1051 <td>Google </td> 1052 </tr> 1053 </table> 1054 1055 1056 <h2 id="common_questions_and_answers"></h2> 1057 1058 1059 <p></p> 1060 1061 <p><strong>1. </strong></p> 1062 1063 <p>2016 6 1 ( <a href="https://support.google.com/nexus/answer/4457705">Nexus </a>)[ro.build.version.security_patch]:[2016-06-01]</p> 1064 1065 <p id="nexus_devices"><strong>2. Nexus </strong></p> 1066 1067 <p><a href="#security_vulnerability_summary"></a> Nexus Nexus </p> 1068 1069 <ul> 1070 <li> <strong> Nexus </strong> Nexus Nexus <em></em> Nexus Nexus <a href="https://support.google.com/nexus/answer/4457705#nexus_devices"></a>Nexus 5Nexus 5XNexus 6Nexus 6PNexus 7 (2013)Nexus 9Android OneNexus Player Pixel C</li> 1071 <li> <strong> Nexus </strong> Nexus Nexus <em></em> Nexus </li> 1072 <li> <strong> Nexus </strong> Nexus Nexus <em></em></li> 1073 </ul> 1074 1075 <h2 id="revisions"></h2> 1076 1077 1078 <ul> 1079 <li>2016 6 6 </li> 1080 <li>2016 6 7 1081 <ul> 1082 <li> AOSP 1083 <li> CVE-2016-2496 1084 </li></li></ul> 1085 </li> 1086 <li>2016 6 8 CVE-2016-2496 </li> 1087 </ul> 1088 1089 </body> 1090 </html> 1091
