| page.title=Nexus Security Bulletin—April 2016 |
| @jd:body |
| |
| <!-- |
| Copyright 2016 The Android Open Source Project |
| |
| Licensed under the Apache License, Version 2.0 (the "License"); |
| you may not use this file except in compliance with the License. |
| You may obtain a copy of the License at |
| |
| http://www.apache.org/licenses/LICENSE-2.0 |
| |
| Unless required by applicable law or agreed to in writing, software |
| distributed under the License is distributed on an "AS IS" BASIS, |
| WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| See the License for the specific language governing permissions and |
| limitations under the License. |
| --> |
| |
| <p><em>Published April 04, 2016</em></p> |
| |
| <p>We have released a security update to Nexus devices through an over-the-air |
| (OTA) update as part of our Android Security Bulletin Monthly Release process. |
| The Nexus firmware images have also been released to the |
| <a href="https://developers.google.com/android/nexus/images">Google Developer site</a>. |
| Security Patch Levels of April |
| 02, 2016 or later address these issues (refer to the |
| <a href="https://support.google.com/nexus/answer/4457705">Nexus documentation</a> |
| for instructions on how to check the security patch level).</p> |
| |
| <p>Partners were notified about the issues described in the bulletin on March 16, |
| 2016 or earlier. Source code patches for these issues will be released to the |
| Android Open Source Project (AOSP) repository over the next 48 hours. This |
| bulletin will be revised with the AOSP links when they are available.</p> |
| |
| <p>The most severe of these issues is a Critical security vulnerability that could |
| enable remote code execution on an affected device through multiple methods |
| such as email, web browsing, and MMS when processing media files.</p> |
| |
| <p><a href="{@docRoot}security/advisory/2016-03-18.html"> |
| Android Security Advisory 2016-03-18</a> previously discussed use of |
| <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1805">CVE-2015-1805</a> |
| by a rooting application. <a href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1805">CVE-2015-1805</a> |
| is resolved in this update. |
| There have been no reports of active customer exploitation or abuse of the other |
| newly reported issues. Refer to the <a href="#mitigations">Mitigations</a> section |
| for further details on the <a href="{@docRoot}security/enhancements/index.html"> |
| Android security platform protections</a> and service protections such as SafetyNet, |
| which improve the security of the Android platform.</p> |
| |
| <h2 id=security_vulnerability_summary>Security Vulnerability Summary</h2> |
| |
| |
| <p>The table below contains a list of security vulnerabilities, the Common |
| Vulnerability and Exposures ID (CVE), and their assessed severity. The |
| <a href="{@docRoot}security/overview/updates-resources.html#severity"> |
| severity assessment</a> is based on the effect that exploiting the vulnerability would possibly have |
| on an affected device, assuming the platform and service mitigations are |
| disabled for development purposes or if successfully bypassed.</p> |
| <table> |
| <tr> |
| <th>Issue</th> |
| <th>CVE</th> |
| <th>Severity</th> |
| </tr> |
| <tr> |
| <td>Remote Code Execution Vulnerability in DHCPCD</td> |
| <td>CVE-2016-1503<br /> |
| CVE-2014-6060</td> |
| <td>Critical</td> |
| </tr> |
| <tr> |
| <td>Remote Code Execution Vulnerability in Media Codec</td> |
| <td>CVE-2016-0834</td> |
| <td>Critical</td> |
| </tr> |
| <tr> |
| <td>Remote Code Execution Vulnerability in Mediaserver</td> |
| <td>CVE-2016-0835<br /> |
| CVE-2016-0836<br /> |
| CVE-2016-0837<br /> |
| CVE-2016-0838<br /> |
| CVE-2016-0839<br /> |
| CVE-2016-0840<br /> |
| CVE-2016-0841</td> |
| <td>Critical</td> |
| </tr> |
| <tr> |
| <td>Remote Code Execution Vulnerability in libstagefright</td> |
| <td>CVE-2016-0842</td> |
| <td>Critical</td> |
| </tr> |
| <tr> |
| <td>Elevation of Privilege Vulnerability in Kernel</td> |
| <td>CVE-2015-1805</td> |
| <td>Critical</td> |
| </tr> |
| <tr> |
| <td>Elevation of Privilege Vulnerability in Qualcomm<br /> |
| Performance Module</td> |
| <td>CVE-2016-0843</td> |
| <td>Critical</td> |
| </tr> |
| <tr> |
| <td>Elevation of Privilege Vulnerability in Qualcomm RF Component</td> |
| <td>CVE-2016-0844</td> |
| <td>Critical</td> |
| </tr> |
| <tr> |
| <td>Elevation of Privilege Vulnerability in Kernel</td> |
| <td>CVE-2014-9322</td> |
| <td>Critical</td> |
| </tr> |
| <tr> |
| <td>Elevation of Privilege Vulnerability in IMemory Native Interface</td> |
| <td>CVE-2016-0846</td> |
| <td>High</td> |
| </tr> |
| <tr> |
| <td>Elevation of Privilege Vulnerability in Telecom Component</td> |
| <td>CVE-2016-0847</td> |
| <td>High</td> |
| </tr> |
| <tr> |
| <td>Elevation of Privilege Vulnerability in Download Manager</td> |
| <td>CVE-2016-0848</td> |
| <td>High</td> |
| </tr> |
| <tr> |
| <td>Elevation of Privilege Vulnerability in Recovery Procedure</td> |
| <td>CVE-2016-0849</td> |
| <td>High</td> |
| </tr> |
| <tr> |
| <td>Elevation of Privilege Vulnerability in Bluetooth</td> |
| <td>CVE-2016-0850</td> |
| <td>High</td> |
| </tr> |
| <tr> |
| <td>Elevation of Privilege Vulnerability in Texas Instruments Haptic Driver</td> |
| <td>CVE-2016-2409</td> |
| <td>High</td> |
| </tr> |
| <tr> |
| <td>Elevation of Privilege Vulnerability in a Video Kernel Driver</td> |
| <td>CVE-2016-2410</td> |
| <td>High</td> |
| </tr> |
| <tr> |
| <td>Elevation of Privilege Vulnerability in Qualcomm<br /> |
| Power Management Component</td> |
| <td>CVE-2016-2411</td> |
| <td>High</td> |
| </tr> |
| <tr> |
| <td>Elevation of Privilege Vulnerability in System_server</td> |
| <td>CVE-2016-2412</td> |
| <td>High</td> |
| </tr> |
| <tr> |
| <td>Elevation of Privilege Vulnerability in Mediaserver</td> |
| <td>CVE-2016-2413</td> |
| <td>High</td> |
| </tr> |
| <tr> |
| <td>Denial of Service Vulnerability in Minikin</td> |
| <td>CVE-2016-2414</td> |
| <td>High</td> |
| </tr> |
| <tr> |
| <td>Information Disclosure Vulnerability in Exchange ActiveSync</td> |
| <td>CVE-2016-2415</td> |
| <td>High</td> |
| </tr> |
| <tr> |
| <td>Information Disclosure Vulnerability in Mediaserver</td> |
| <td>CVE-2016-2416<br /> |
| CVE-2016-2417<br /> |
| CVE-2016-2418<br /> |
| CVE-2016-2419</td> |
| <td>High</td> |
| </tr> |
| <tr> |
| <td>Elevation of Privilege Vulnerability in Debuggerd Component</td> |
| <td>CVE-2016-2420</td> |
| <td>Moderate</td> |
| </tr> |
| <tr> |
| <td>Elevation of Privilege Vulnerability in Setup Wizard</td> |
| <td>CVE-2016-2421</td> |
| <td>Moderate</td> |
| </tr> |
| <tr> |
| <td>Elevation of Privilege Vulnerability in Wi-Fi</td> |
| <td>CVE-2016-2422</td> |
| <td>Moderate</td> |
| </tr> |
| <tr> |
| <td>Elevation of Privilege Vulnerability in Telephony</td> |
| <td>CVE-2016-2423</td> |
| <td>Moderate</td> |
| </tr> |
| <tr> |
| <td>Denial of Service Vulnerability in SyncStorageEngine</td> |
| <td>CVE-2016-2424</td> |
| <td>Moderate</td> |
| </tr> |
| <tr> |
| <td>Information Disclosure Vulnerability in AOSP Mail</td> |
| <td>CVE-2016-2425</td> |
| <td>Moderate</td> |
| </tr> |
| <tr> |
| <td>Information Disclosure Vulnerability in Framework</td> |
| <td>CVE-2016-2426</td> |
| <td>Moderate</td> |
| </tr> |
| <tr> |
| <td>Information Disclosure Vulnerability in BouncyCastle</td> |
| <td>CVE-2016-2427</td> |
| <td>Moderate</td> |
| </tr> |
| </table> |
| |
| |
| <h2 id=mitigations>Mitigations</h2> |
| |
| |
| <p>This is a summary of the mitigations provided by the <a href="{@docRoot}security/enhancements/index.html">Android security platform</a> and service protections such as SafetyNet. These capabilities reduce the |
| likelihood that security vulnerabilities could be successfully exploited on |
| Android.</p> |
| |
| <ul> |
| <li> Exploitation for many issues on Android is made more difficult by enhancements |
| in newer versions of the Android platform. We encourage all users to update to |
| the latest version of Android where possible. |
| <li> The Android Security team is actively monitoring for abuse with Verify Apps and |
| SafetyNet, which will warn the user about detected potentially harmful |
| applications about to be installed. Device rooting tools are prohibited within |
| Google Play. To protect users who install applications from outside of Google |
| Play, Verify Apps is enabled by default and will warn users about known rooting |
| applications. Verify Apps attempts to identify and block installation of known |
| malicious applications that exploit a privilege escalation vulnerability. If |
| such an application has already been installed, Verify Apps will notify the |
| user and attempt to remove any such applications. |
| <li> As appropriate, Google Hangouts and Messenger applications do not automatically |
| pass media to processes such as mediaserver. |
| </ul> |
| |
| <h2 id=acknowledgements>Acknowledgements</h2> |
| |
| |
| <p>The Android Security team would like to thank these researchers for their |
| contributions:</p> |
| |
| <ul> |
| <li> Abhishek Arya, Oliver Chang, and Martin Barbella of Google Chrome Security |
| Team: CVE-2016-0834, CVE-2016-0841, CVE-2016-0840, CVE-2016-0839, CVE-2016-0838 |
| <li> Anestis Bechtsoudis (<a href="https://twitter.com/anestisb">@anestisb</a>) |
| of CENSUS S.A.: CVE-2016-0842, CVE-2016-0836, CVE-2016-0835 |
| <li> Brad Ebinger and Santos Cordon of Google Telecom Team: CVE-2016-0847 |
| <li> Dominik Schürmann of <a href="https://www.ibr.cs.tu-bs.de">Institute for |
| Operating Systems and Computer Networks</a>, TU Braunschweig: CVE-2016-2425 |
| <li> Gengjia Chen (<a href="https://twitter.com/chengjia4574">@chengjia4574</a>), |
| <a href="http://weibo.com/jfpan">pjf</a>, Jianqiang Zhao |
| (<a href="https://twitter.com/jianqiangzhao">@jianqiangzhao</a>) of IceSword Lab, |
| Qihoo 360: CVE-2016-0844 |
| <li> <a href="mailto:gpiskas@gmail.com">George Piskas</a> of <a href="https://www.epfl.ch"> |
| École polytechnique fédérale de Lausanne</a>: CVE-2016-2426 |
| <li> Guang Gong (龚广) (<a href="https://twitter.com/oldfresher">@oldfresher</a>) |
| of <a href="http://www.360.com/">Qihoo 360 Technology Co.Ltd</a>: CVE-2016-2412, CVE-2016-2416 |
| <li> James Forshaw of Google Project Zero: CVE-2016-2417, CVE-2016-0846 |
| <li> Jianqiang Zhao(<a href="https://twitter.com/jianqiangzhao">@jianqiangzhao</a>), |
| <a href="http://weibo.com/jfpan">pjf</a>, and Gengjia Chen |
| (<a href="https://twitter.com/chengjia4574">@chengjia4574</a>) of IceSword Lab, |
| Qihoo 360: CVE-2016-2410, CVE-2016-2411 |
| <li> Jianqiang Zhao (<a href="https://twitter.com/jianqiangzhao">@jianqiangzhao</a>) |
| and <a href="http://weibo.com/jfpan">pjf</a> of IceSword Lab, Qihoo 360: CVE-2016-2409 |
| <li> Nancy Wang of Vertu Corporation LTD: CVE-2016-0837 |
| <li> <a href="mailto:nasim@zamir.ca">Nasim Zamir</a>: CVE-2016-2409 |
| <li> Nico Golde (<a href="https://twitter.com/iamnion">@iamnion</a>) of Qualcomm |
| Product Security Initiative: CVE-2016-2420, CVE-2016-0849 |
| <li> Peter Pi (<a href="https://twitter.com/heisecode">@heisecode</a>) |
| of Trend Micro: CVE-2016-2418, CVE-2016-2413, CVE-2016-2419 |
| <li> Quan Nguyen of Google Information Security Team: CVE-2016-2427 |
| <li> Richard Shupak: CVE-2016-2415 |
| <li> Romain Trouvé (<a href="https://twitter.com/bouuntyyy">@bouuntyyy)</a> of |
| <a href="https://labs.mwrinfosecurity.com/">MWR Labs</a>: CVE-2016-0850 |
| <li> Stuart Henderson: CVE-2016-2422 |
| <li> Vishwath Mohan of Android Security: CVE-2016-2424 |
| <li> Weichao Sun (<a href="https://twitter.com/sunblate">@sunblate</a>) |
| of Alibaba Inc.: CVE-2016-2414 |
| <li> Wish Wu (<a href="https://twitter.com/wish_wu">@wish_wu</a>) |
| of Trend Micro Inc.: CVE-2016-0843 |
| <li> <a href="mailto:luc2yj@gmail.com">Yeonjoon Lee</a> and |
| <a href="mailto:xw7@indiana.edu">Xiaofeng Wang</a> of Indiana University Bloomington, |
| <a href="mailto:litongxin1991@gmail.com">Tongxin Li</a> and |
| <a href="mailto:hanxinhui@pku.edu.cn">Xinhui Han</a> of Peking University: CVE-2016-0848 |
| </ul> |
| |
| <p>The Android Security team also thanks |
| <a href="mailto:computernik@gmail.com">Yuan-Tsung Lo</a>, |
| <a href="mailto:vancouverdou@gmail.com">Wenke Dou</a>, |
| Chiachih Wu (<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>), |
| and Xuxian Jiang of <a href="http://c0reteam.org">C0RE Team</a> |
| and <a href="https://www.zimperium.com/">Zimperium</a> |
| for their contribution to CVE-2015-1805.</p> |
| |
| <h2 id=security_vulnerability_details>Security Vulnerability Details</h2> |
| |
| |
| <p>The sections below contain details for each of the security vulnerabilities |
| listed in the <a href="#security_vulnerability_summary">Security Vulnerability Summary</a> |
| above. There is a description of the issue, a severity rationale, and a table |
| with the CVE, associated bug, severity, affected versions, and date reported. |
| When available, we will link the AOSP commit that addressed the issue to the |
| bug ID. When multiple changes relate to a single bug, additional AOSP references |
| are linked to numbers following the bug ID.</p> |
| |
| <h3 id=remote_code_execution_vulnerability_in_dhcpcd>Remote Code Execution Vulnerability in DHCPCD</h3> |
| |
| |
| <p>A vulnerability in the Dynamic Host Configuration Protocol service could enable |
| an attacker to cause memory corruption, which could lead to remote code |
| execution. This issue is rated as Critical severity due to the possibility of |
| remote code execution within the context of the DHCP client. The DHCP service |
| has access to privileges that third-party apps could not normally access.</p> |
| <table> |
| <tr> |
| <th>CVE</th> |
| <th>Bugs</th> |
| <th>Severity</th> |
| <th>Updated versions</th> |
| <th>Date reported</th> |
| </tr> |
| <tr> |
| <td>CVE-2014-6060</td> |
| <td>ANDROID-15268738</td> |
| <td>Critical</td> |
| <td>4.4.4</td> |
| <td>July 30, 2014</td> |
| </tr> |
| <tr> |
| <td>CVE-2014-6060</td> |
| <td>ANDROID-16677003</td> |
| <td>Critical</td> |
| <td>4.4.4</td> |
| <td>July 30, 2014</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-1503</td> |
| <td>ANDROID-26461634</td> |
| <td>Critical</td> |
| <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> |
| <td>Jan 4, 2016</td> |
| </tr> |
| </table> |
| |
| |
| <h3 id=remote_code_execution_vulnerability_in_media_codec>Remote Code Execution Vulnerability in Media Codec</h3> |
| |
| |
| <p>During media file and data processing of a specially crafted file, |
| vulnerabilities in a media codec used by mediaserver could allow an attacker to |
| cause memory corruption and remote code execution as the mediaserver process.</p> |
| |
| <p>The affected functionality is provided as a core part of the operating system, |
| and there are multiple applications that allow it to be reached with remote |
| content, most notably MMS and browser playback of media.</p> |
| |
| <p>This issue is rated as Critical severity due to the possibility of remote code |
| execution within the context of the mediaserver service. The mediaserver |
| service has access to audio and video streams, as well as access to privileges |
| that third-party apps could not normally access.</p> |
| <table> |
| <tr> |
| <th>CVE</th> |
| <th>Bug</th> |
| <th>Severity</th> |
| <th>Updated versions</th> |
| <th>Date reported</th> |
| </tr> |
| <tr> |
| <td>CVE-2016-0834</td> |
| <td>ANDROID-26220548</td> |
| <td>Critical</td> |
| <td>6.0, 6.0.1</td> |
| <td>Dec 16, 2015</td> |
| </tr> |
| </table> |
| |
| |
| <h3 id=remote_code_execution_vulnerability_in_mediaserver>Remote Code Execution Vulnerability in Mediaserver</h3> |
| |
| |
| <p>During media file and data processing of a specially crafted file, |
| vulnerabilities in mediaserver could allow an attacker to cause memory |
| corruption and remote code execution as the mediaserver process.</p> |
| |
| <p>The affected functionality is provided as a core part of the operating system, |
| and there are multiple applications that allow it to be reached with remote |
| content, most notably MMS and browser playback of media.</p> |
| |
| <p>This issue is rated as Critical severity due to the possibility of remote code |
| execution within the context of the mediaserver service. The mediaserver |
| service has access to audio and video streams, as well as access to privileges |
| that third-party apps could not normally access.</p> |
| <table> |
| <tr> |
| <th>CVE</th> |
| <th>Bugs</th> |
| <th>Severity</th> |
| <th>Updated versions</th> |
| <th>Date reported</th> |
| </tr> |
| <tr> |
| <td>CVE-2016-0835</td> |
| <td>ANDROID-26070014</td> |
| <td>Critical</td> |
| <td>6.0, 6.0.1</td> |
| <td>Dec 6, 2015</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-0836</td> |
| <td>ANDROID-25812590</td> |
| <td>Critical</td> |
| <td>6.0, 6.0.1</td> |
| <td>Nov 19, 2015</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-0837</td> |
| <td>ANDROID-27208621</td> |
| <td>Critical</td> |
| <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> |
| <td>Feb 11, 2016</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-0838</td> |
| <td>ANDROID-26366256</td> |
| <td>Critical</td> |
| <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> |
| <td>Google Internal</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-0839</td> |
| <td>ANDROID-25753245</td> |
| <td>Critical</td> |
| <td>6.0, 6.0.1</td> |
| <td>Google Internal</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-0840</td> |
| <td>ANDROID-26399350</td> |
| <td>Critical</td> |
| <td>6.0, 6.0.1</td> |
| <td>Google Internal</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-0841</td> |
| <td>ANDROID-26040840</td> |
| <td>Critical</td> |
| <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> |
| <td>Google Internal</td> |
| </tr> |
| </table> |
| |
| |
| <h3 id=remote_code_execution_vulnerability_in_libstagefright>Remote Code Execution Vulnerability in libstagefright</h3> |
| |
| |
| <p>During media file and data processing of a specially crafted file, |
| vulnerabilities in libstagefright could allow an attacker to cause memory |
| corruption and remote code execution as the mediaserver process.</p> |
| |
| <p>The affected functionality is provided as a core part of the operating system, |
| and there are multiple applications that allow it to be reached with remote |
| content, most notably MMS and browser playback of media.</p> |
| |
| <p>This issue is rated as a Critical severity due to the possibility of remote |
| code execution within the context of the mediaserver service. The mediaserver |
| service has access to audio and video streams, as well as access to privileges |
| that third-party apps could not normally access.</p> |
| <table> |
| <tr> |
| <th>CVE</th> |
| <th>Bug</th> |
| <th>Severity</th> |
| <th>Updated versions</th> |
| <th>Date reported</th> |
| </tr> |
| <tr> |
| <td>CVE-2016-0842</td> |
| <td>ANDROID-25818142</td> |
| <td>Critical</td> |
| <td>6.0, 6.0.1</td> |
| <td>Nov 23, 2015</td> |
| </tr> |
| </table> |
| |
| |
| <h3 id=elevation_of_privilege_vulnerability_in_kernel>Elevation of Privilege Vulnerability in Kernel</h3> |
| |
| |
| <p>An elevation of privilege vulnerability in the kernel could enable a local |
| malicious application to execute arbitrary code within the kernel. This issue |
| is rated as Critical severity due to the possibility of a local permanent |
| device compromise, and the device would possibly need to be repaired by |
| re-flashing the operating system. This issue was described in <a href="{@docRoot}security/advisory/2016-03-18.html">Android Security Advisory 2016-03-18</a>.</p> |
| |
| <p><strong>Note</strong>: For reference, the patch in AOSP is available for specific kernel versions: |
| <a href="https://android.googlesource.com/kernel/common/+/bf010e99c9bc48002f6bfa1ad801a59bf996270f">3.14</a>, |
| <a href="https://android.googlesource.com/kernel/common/+/4a5a45669796c5b4617109182e25b321f9f00beb">3.10</a>, and |
| <a href="https://android.googlesource.com/kernel/common/+/f7ebfe91b806501808413c8473a300dff58ddbb5">3.4</a>.</p> |
| <table> |
| <tr> |
| <th>CVE</th> |
| <th>Bug</th> |
| <th>Severity</th> |
| <th>Updated versions</th> |
| <th>Date reported</th> |
| </tr> |
| <tr> |
| <td>CVE-2015-1805</td> |
| <td>ANDROID-27275324 </td> |
| <td>Critical</td> |
| <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> |
| <td>February 19, 2016</td> |
| </tr> |
| </table> |
| |
| |
| <h3 id=elevation_of_privilege_vulnerability_in_qualcomm_performance_module>Elevation of Privilege Vulnerability in Qualcomm Performance Module</h3> |
| |
| |
| <p>An elevation of privilege vulnerability in the performance event manager |
| component for ARM processors from Qualcomm could enable a local malicious |
| application to execute arbitrary code within the kernel. This issue is rated as |
| Critical severity due to the possibility of a local permanent device compromise, |
| and the device would possibly need to be repaired by re-flashing the operating |
| system.</p> |
| <table> |
| <tr> |
| <th>CVE</th> |
| <th>Bug</th> |
| <th>Severity</th> |
| <th>Updated versions</th> |
| <th>Date reported</th> |
| </tr> |
| <tr> |
| <td>CVE-2016-0843</td> |
| <td>ANDROID-25801197 </td> |
| <td>Critical</td> |
| <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> |
| <td>Nov 19, 2015</td> |
| </tr> |
| </table> |
| |
| |
| <h3 id=elevation_of_privilege_in_qualcomm_rf_component>Elevation of Privilege Vulnerability in Qualcomm RF component</h3> |
| |
| |
| <p>There is a vulnerability in the Qualcomm RF driver that could enable a local |
| malicious application to execute arbitrary code within the context of the |
| kernel. This issue is rated as Critical severity due to the possibility of a |
| local permanent device compromise, and the device would possibly need to be |
| repaired by re-flashing the operating system.</p> |
| |
| <p><strong>Note:</strong> The fix for this is <a href="https://us.codeaurora.org/cgit/quic/la/kernel/msm-3.18/commit/?id=90a9da2ea95e86b4f0ff493cd891a11da0ee67aa">located in Linux upstream</a>.</p> |
| <table> |
| <tr> |
| <th>CVE</th> |
| <th>Bug</th> |
| <th>Severity</th> |
| <th>Updated versions</th> |
| <th>Date reported</th> |
| </tr> |
| <tr> |
| <td>CVE-2016-0844</td> |
| <td>ANDROID-26324307</td> |
| <td>Critical</td> |
| <td>6.0, 6.0.1</td> |
| <td>Dec 25, 2015</td> |
| </tr> |
| </table> |
| |
| |
| <h3 id=elevation_of_privilege_vulnerability_in_kernel12>Elevation of Privilege Vulnerability in Kernel</h3> |
| |
| |
| <p>An elevation of privilege vulnerability in the common kernel could enable a |
| local malicious application to execute arbitrary code in the kernel. This issue |
| is rated as Critical severity due to the possibility of a local permanent |
| device compromise and the device would possibly need to be repaired by |
| re-flashing the operating system.</p> |
| <table> |
| <tr> |
| <th>CVE</th> |
| <th>Bug with AOSP links</th> |
| <th>Severity</th> |
| <th>Updated versions</th> |
| <th>Date reported</th> |
| </tr> |
| <tr> |
| <td>CVE-2014-9322</td> |
| <td><a href="https://android.googlesource.com/kernel/common/+/c22e479e335628ce8766cfbf06e2ba17e8f9a1bb">ANDROID-26927260</a> |
| [<a href="https://android.googlesource.com/kernel/common/+/1b627d4e5e61e89b840f77abb3ca6711ad6ffbeb">2</a>] |
| [<a href="https://android.googlesource.com/kernel/common/+/4c941665c7368a34b146929b31949555e680a4ee">3</a>]<br /> |
| [<a href="https://android.googlesource.com/kernel/common/+/758f0dac9104b46016af98304656a0268ac3e105">4</a>] |
| [<a href="https://android.googlesource.com/kernel/common/+/44d057a37868a60bc2eb6e7d1dcea701f234d56a">5</a>] |
| [<a href="https://android.googlesource.com/kernel/common/+/b9b9f908c8ae82b73b9d75181982028b6bc06c2b">6</a>] |
| [<a href="https://android.googlesource.com/kernel/common/+/e068734f9e7344997a61022629b92d142a985ab3">7</a>] |
| [<a href="https://android.googlesource.com/kernel/common/+/fdc6c1052bc7d89a5826904fbb4318677e8442ce">8</a>] |
| [<a href="https://android.googlesource.com/kernel/common/+/211d59c0034ec9d88690c750ccd6da27f6952dc5">9</a>] |
| [<a href="https://android.googlesource.com/kernel/common/+/c9e31d5a4747e9967ace6d05896c78516c4c0850">10</a>] |
| [<a href="https://android.googlesource.com/kernel/common/+/e01834bfbafd25fd392bf10014451c4e5f34f829">11</a>]</td> |
| <td>Critical</td> |
| <td>6.0, 6.0.1</td> |
| <td>Dec 25, 2015</td> |
| </tr> |
| </table> |
| |
| |
| <h3 id=elevation_of_privilege_in_imemory_native_interface> |
| Elevation of Privilege Vulnerability in IMemory Native Interface</h3> |
| |
| |
| <p>An elevation of privilege vulnerability in the IMemory Native Interface could |
| enable a local malicious application to execute arbitrary code within the |
| context of an elevated system application. This issue is rated as High severity |
| because it could be used to gain elevated capabilities, such as |
| <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> |
| or <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> |
| permissions privileges, which are not accessible to a third-party application.</p> |
| <table> |
| <tr> |
| <th>CVE</th> |
| <th>Bug</th> |
| <th>Severity</th> |
| <th>Updated versions</th> |
| <th>Date reported</th> |
| </tr> |
| <tr> |
| <td>CVE-2016-0846</td> |
| <td>ANDROID-26877992</td> |
| <td>High</td> |
| <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> |
| <td>Jan 29, 2016</td> |
| </tr> |
| </table> |
| |
| |
| <h3 id=elevation_of_privilege_vulnerability_in_telecom_component> |
| Elevation of Privilege Vulnerability in Telecom Component</h3> |
| |
| |
| <p>An elevation of privilege vulnerability in the Telecom Component could enable |
| an attacker to make calls appear to come from any arbitrary number. This issue |
| is rated as High severity because it could be used to gain local access to |
| elevated capabilities, such as |
| <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> |
| or <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> |
| permissions privileges, which are not accessible to a third-party application.</p> |
| <table> |
| <tr> |
| <th>CVE</th> |
| <th>Bug</th> |
| <th>Severity</th> |
| <th>Updated versions</th> |
| <th>Date reported</th> |
| </tr> |
| <tr> |
| <td>CVE-2016-0847</td> |
| <td>ANDROID-26864502</td> |
| <td>High</td> |
| <td>5.0.2, 5.1.1, 6.0, 6.0.1</td> |
| <td>Google Internal</td> |
| </tr> |
| </table> |
| |
| |
| <h3 id=elevation_of_privilege_vulnerability_in_download_manager> |
| Elevation of Privilege Vulnerability in Download Manager</h3> |
| |
| |
| <p>An elevation of privilege vulnerability in the Download Manager could enable an |
| attacker to gain access to unauthorized files in private storage. This issue is |
| rated as High severity because it could be used to gain local access to |
| elevated capabilities, such as |
| <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> |
| or <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> |
| permissions privileges, which are not accessible to a third-party application.</p> |
| |
| <table> |
| <tr> |
| <th>CVE</th> |
| <th>Bug</th> |
| <th>Severity</th> |
| <th>Updated versions</th> |
| <th>Date reported</th> |
| </tr> |
| <tr> |
| <td>CVE-2016-0848</td> |
| <td>ANDROID-26211054</td> |
| <td>High</td> |
| <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> |
| <td>Dec 14, 2015</td> |
| </tr> |
| </table> |
| |
| |
| <h3 id=elevation_of_privilege_in_recovery_procedure> |
| Elevation of Privilege Vulnerability in Recovery Procedure</h3> |
| |
| |
| <p>An elevation of privilege vulnerability in the Recovery Procedure could enable |
| a local malicious application to execute arbitrary code within the context of |
| an elevated system application. This issue is rated as High severity because it |
| could be used to gain elevated capabilities, such as |
| <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> |
| or <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> |
| permissions privileges, which are not accessible to a third-party application.</p> |
| <table> |
| <tr> |
| <th>CVE</th> |
| <th>Bug</th> |
| <th>Severity</th> |
| <th>Updated versions</th> |
| <th>Date reported</th> |
| </tr> |
| <tr> |
| <td>CVE-2016-0849</td> |
| <td>ANDROID-26960931</td> |
| <td>High</td> |
| <td>5.0.2, 5.1.1, 6.0, 6.0.1</td> |
| <td>Feb 3, 2016</td> |
| </tr> |
| </table> |
| |
| |
| <h3 id=elevation_of_privilege_in_bluetooth> |
| Elevation of Privilege Vulnerability in Bluetooth</h3> |
| |
| |
| <p>An elevation of privilege vulnerability in Bluetooth could enable an untrusted |
| device to pair with the phone during the initial pairing process. This could |
| lead to unauthorized access of the device resources, such as the Internet |
| connection. This issue is rated as High severity because it could be used to |
| gain elevated capabilities that are not accessible to untrusted devices.</p> |
| <table> |
| <tr> |
| <th>CVE</th> |
| <th>Bug</th> |
| <th>Severity</th> |
| <th>Updated versions</th> |
| <th>Date reported</th> |
| </tr> |
| <tr> |
| <td>CVE-2016-0850</td> |
| <td>ANDROID-26551752</td> |
| <td>High</td> |
| <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> |
| <td>Jan 13, 2016</td> |
| </tr> |
| </table> |
| |
| |
| <h3 id=elevation_of_privilege_in_texas_instruments_haptic_driver> |
| Elevation of Privilege Vulnerability in Texas Instruments Haptic Driver</h3> |
| |
| |
| <p>There is an elevation of privilege vulnerability in a Texas Instruments haptic |
| kernel driver that could enable a local malicious application to execute |
| arbitrary code within the context of the kernel. Normally a kernel code |
| execution bug like this would be rated Critical, but because it first requires |
| compromising a service that can call the driver, it is rated as High severity |
| instead.</p> |
| <table> |
| <tr> |
| <th>CVE</th> |
| <th>Bug</th> |
| <th>Severity</th> |
| <th>Updated versions</th> |
| <th>Date reported</th> |
| </tr> |
| <tr> |
| <td>CVE-2016-2409</td> |
| <td>ANDROID-25981545</td> |
| <td>High</td> |
| <td>6.0, 6.0.1</td> |
| <td>Dec 25, 2015</td> |
| </tr> |
| </table> |
| |
| |
| <h3 id=elevation_of_privilege_vulnerability_in_qualcomm_video_kernel_driver> |
| Elevation of Privilege Vulnerability in Qualcomm Video Kernel Driver</h3> |
| |
| |
| <p>There is an elevation of privilege vulnerability in a Qualcomm video kernel |
| driver that could enable a local malicious application to execute arbitrary |
| code within the context of the kernel. Normally a kernel code execution |
| vulnerability would be rated Critical, but because it requires first |
| compromising a service that can call the driver, it is rated as High severity |
| instead.</p> |
| <table> |
| <tr> |
| <th>CVE</th> |
| <th>Bug</th> |
| <th>Severity</th> |
| <th>Updated versions</th> |
| <th>Date reported</th> |
| </tr> |
| <tr> |
| <td>CVE-2016-2410</td> |
| <td>ANDROID-26291677</td> |
| <td>High</td> |
| <td>6.0, 6.0.1</td> |
| <td>Dec 21, 2015</td> |
| </tr> |
| </table> |
| |
| |
| <h3 id=elevation_of_privilege_vulnerability_in_qualcomm_power_management_component> |
| Elevation of Privilege Vulnerability in Qualcomm Power Management component</h3> |
| |
| |
| <p>There is an elevation of privilege vulnerability in a Qualcomm Power Management |
| kernel driver that could enable a local malicious application to execute |
| arbitrary code within the context of the kernel. Normally a kernel code |
| execution bug like this would be rated Critical, but because it requires first |
| compromising the device and elevation to root, it is rated as High severity |
| instead.</p> |
| <table> |
| <tr> |
| <th>CVE</th> |
| <th>Bug</th> |
| <th>Severity</th> |
| <th>Updated versions</th> |
| <th>Date reported</th> |
| </tr> |
| <tr> |
| <td>CVE-2016-2411</td> |
| <td>ANDROID-26866053</td> |
| <td>High</td> |
| <td>6.0, 6.0.1</td> |
| <td>Jan 28, 2016</td> |
| </tr> |
| </table> |
| |
| |
| <h3 id=elevation_of_privilege_vulnerability_in_system_server> |
| Elevation of Privilege Vulnerability in System_server</h3> |
| |
| |
| <p>An elevation of privilege vulnerability in System_server could enable a local |
| malicious application to execute arbitrary code within the context of an |
| elevated system application. This issue is rated as High severity because it |
| could be used to gain elevated capabilities, such as <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> or <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> permissions privileges, which are not accessible to a third-party application.</p> |
| <table> |
| <tr> |
| <th>CVE</th> |
| <th>Bug</th> |
| <th>Severity</th> |
| <th>Updated versions</th> |
| <th>Date reported</th> |
| </tr> |
| <tr> |
| <td>CVE-2016-2412</td> |
| <td>ANDROID-26593930</td> |
| <td>High</td> |
| <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> |
| <td>Jan 15, 2016</td> |
| </tr> |
| </table> |
| |
| |
| <h3 id=elevation_of_privilege_vulnerability_in_mediaserver> |
| Elevation of Privilege Vulnerability in Mediaserver</h3> |
| |
| |
| <p>An elevation of privilege vulnerability in mediaserver could enable a local |
| malicious application to execute arbitrary code within the context of an |
| elevated system application. This issue is rated as High severity because it |
| could be used to gain elevated capabilities, such as |
| <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> |
| or <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> |
| permissions privileges, which are not accessible to a third-party application.</p> |
| <table> |
| <tr> |
| <th>CVE</th> |
| <th>Bug</th> |
| <th>Severity</th> |
| <th>Updated versions</th> |
| <th>Date reported</th> |
| </tr> |
| <tr> |
| <td>CVE-2016-2413</td> |
| <td>ANDROID-26403627</td> |
| <td>High</td> |
| <td>5.0.2, 5.1.1, 6.0, 6.0.1</td> |
| <td>Jan 5, 2016</td> |
| </tr> |
| </table> |
| |
| |
| <h3 id=denial_of_service_vulnerability_in_minikin>Denial of Service Vulnerability in Minikin</h3> |
| |
| |
| <p>A denial of service vulnerability in the Minikin library could allow a local |
| attacker to temporarily block access to an affected device. An attacker could |
| cause an untrusted font to be loaded and cause an overflow in the Minikin |
| component, which leads to a crash. This is rated as High severity because |
| Denial of Service would lead to a continuous reboot loop.</p> |
| <table> |
| <tr> |
| <th>CVE</th> |
| <th>Bug</th> |
| <th>Severity</th> |
| <th>Updated versions</th> |
| <th>Date reported</th> |
| </tr> |
| <tr> |
| <td>CVE-2016-2414</td> |
| <td>ANDROID-26413177</td> |
| <td>High</td> |
| <td>5.0.2, 5.1.1, 6.0, 6.0.1</td> |
| <td>Nov 3, 2015</td> |
| </tr> |
| </table> |
| |
| |
| <h3 id=information_disclosure_vulnerability_in_exchange_activesync> |
| Information Disclosure Vulnerability in Exchange ActiveSync</h3> |
| |
| |
| <p>An information disclosure vulnerability in Exchange ActiveSync could enable a |
| local malicious application to gain access to a user’s private information. |
| This issue is rated as High severity because it allows remote access to |
| protected data.</p> |
| <table> |
| <tr> |
| <th>CVE</th> |
| <th>Bug</th> |
| <th>Severity</th> |
| <th>Updated versions</th> |
| <th>Date reported</th> |
| </tr> |
| <tr> |
| <td>CVE-2016-2415</td> |
| <td>ANDROID-26488455</td> |
| <td>High</td> |
| <td>5.0.2, 5.1.1, 6.0, 6.0.1</td> |
| <td>Jan 11, 2016</td> |
| </tr> |
| </table> |
| |
| |
| <h3 id=information_disclosure_vulnerability_in_mediaserver>Information Disclosure Vulnerability in Mediaserver</h3> |
| |
| |
| <p>An information disclosure vulnerability in Mediaserver could permit a bypass of |
| security measures in place to increase the difficulty of attackers exploiting |
| the platform. These issues are rated as High severity because they could also |
| be used to gain elevated capabilities, such as |
| <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> |
| or <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> |
| permissions privileges, which are not accessible to third-party applications.</p> |
| <table> |
| <tr> |
| <th>CVE</th> |
| <th>Bugs</th> |
| <th>Severity</th> |
| <th>Updated versions</th> |
| <th>Date reported</th> |
| </tr> |
| <tr> |
| <td>CVE-2016-2416</td> |
| <td>ANDROID-27046057</td> |
| <td>High</td> |
| <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> |
| <td>Feb 5, 2016</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-2417</td> |
| <td>ANDROID-26914474</td> |
| <td>High</td> |
| <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> |
| <td>Feb 1, 2016</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-2418</td> |
| <td>ANDROID-26324358</td> |
| <td>High</td> |
| <td>6.0, 6.0.1</td> |
| <td>Dec 24, 2015</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-2419</td> |
| <td>ANDROID-26323455</td> |
| <td>High</td> |
| <td>6.0, 6.0.1</td> |
| <td>Dec 24, 2015</td> |
| </tr> |
| </table> |
| |
| |
| <h3 id=elevation_of_privilege_vulnerability_in_debuggerd_component> |
| Elevation of Privilege Vulnerability in Debuggerd Component</h3> |
| |
| |
| <p>An elevation of privilege vulnerability in the Debuggerd component could enable |
| a local malicious application to execute arbitrary code that could lead to a |
| permanent device compromise. As a result, the device would possibly need to be |
| repaired by re-flashing the operating system. Normally a code execution bug |
| like this would be rated as Critical, but because it enables an elevation of |
| privilege from system to root only in Android version 4.4.4, it is rated as |
| Moderate instead. In Android versions 5.0 and above, SELinux rules prevent |
| third-party applications from reaching the affected code.</p> |
| <table> |
| <tr> |
| <th>CVE</th> |
| <th>Bug</th> |
| <th>Severity</th> |
| <th>Updated versions</th> |
| <th>Date reported</th> |
| </tr> |
| <tr> |
| <td>CVE-2016-2420</td> |
| <td>ANDROID-26403620</td> |
| <td>Moderate</td> |
| <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> |
| <td>Jan 5, 2016</td> |
| </tr> |
| </table> |
| |
| |
| <h3 id=elevation_of_privilege_vulnerability_in_setup_wizard> |
| Elevation of Privilege Vulnerability in Setup Wizard</h3> |
| |
| |
| <p>A vulnerability in the Setup Wizard could allow an attacker to bypass the |
| Factory Reset Protection and gain access to the device. This is rated as |
| Moderate severity because it potentially allows someone with physical access to |
| a device to bypass the Factory Reset Protection, which would enable an attacker |
| to successfully reset a device, erasing all data.</p> |
| <table> |
| <tr> |
| <th>CVE</th> |
| <th>Bug</th> |
| <th>Severity</th> |
| <th>Updated versions</th> |
| <th>Date reported</th> |
| </tr> |
| <tr> |
| <td>CVE-2016-2421</td> |
| <td>ANDROID-26154410</td> |
| <td>Moderate</td> |
| <td>5.1.1, 6.0, 6.0.1</td> |
| <td>Google Internal</td> |
| </tr> |
| </table> |
| |
| |
| <h3 id=elevation_of_privilege_in_wi-fi>Elevation of Privilege Vulnerability in Wi-Fi</h3> |
| |
| |
| <p>An elevation of privilege vulnerability in Wi-Fi could enable a local malicious |
| application to execute arbitrary code within the context of an elevated system |
| application. This issue is rated as Moderate severity because it could be used |
| to gain elevated capabilities, such as |
| <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> |
| or <a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a> |
| permissions privileges, which are not accessible to a third-party application.</p> |
| <table> |
| <tr> |
| <th>CVE</th> |
| <th>Bug</th> |
| <th>Severity</th> |
| <th>Updated versions</th> |
| <th>Date reported</th> |
| </tr> |
| <tr> |
| <td>CVE-2016-2422</td> |
| <td>ANDROID-26324357</td> |
| <td>Moderate</td> |
| <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> |
| <td>Dec 23, 2015</td> |
| </tr> |
| </table> |
| |
| |
| <h3 id=elevation_of_privilege_in_telephony>Elevation of Privilege Vulnerability in Telephony</h3> |
| |
| |
| <p>A vulnerability in Telephony could allow an attacker to bypass the Factory |
| Reset Protection and gain access to the device. This is rated as Moderate |
| severity because it potentially allows someone with physical access to a device |
| to bypass the Factory Reset Protection, which would enable an attacker to |
| successfully reset a device, erasing all data.</p> |
| <table> |
| <tr> |
| <th>CVE</th> |
| <th>Bug</th> |
| <th>Severity</th> |
| <th>Updated versions</th> |
| <th>Date reported</th> |
| </tr> |
| <tr> |
| <td>CVE-2016-2423</td> |
| <td>ANDROID-26303187</td> |
| <td>Moderate</td> |
| <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> |
| <td>Google Internal</td> |
| </tr> |
| </table> |
| |
| |
| <h3 id=denial_of_service_in_syncstorageengine>Denial of Service Vulnerability in SyncStorageEngine</h3> |
| |
| |
| <p>A denial of service vulnerability in SyncStorageEngine could enable a local |
| malicious application to cause a reboot loop. This issue is rated as Moderate |
| severity because it could be used to cause a local temporary denial of service |
| that would possibly need to be fixed though a factory reset.</p> |
| <table> |
| <tr> |
| <th>CVE</th> |
| <th>Bug</th> |
| <th>Severity</th> |
| <th>Updated versions</th> |
| <th>Date reported</th> |
| </tr> |
| <tr> |
| <td>CVE-2016-2424</td> |
| <td>ANDROID-26513719</td> |
| <td>Moderate</td> |
| <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> |
| <td>Google Internal</td> |
| </tr> |
| </table> |
| |
| |
| <h3 id=information_disclosure_vulnerability_in_aosp_mail>Information Disclosure Vulnerability in AOSP Mail</h3> |
| |
| |
| <p>An information disclosure vulnerability in AOSP Mail could enable a local |
| malicious application to gain access to a user’s private information. This |
| issue is rated as Moderate severity because it could be used to improperly gain |
| “dangerous” permissions.</p> |
| <table> |
| <tr> |
| <th>CVE</th> |
| <th>Bugs</th> |
| <th>Severity</th> |
| <th>Updated versions</th> |
| <th>Date reported</th> |
| </tr> |
| <tr> |
| <td>CVE-2016-2425</td> |
| <td>ANDROID-26989185 </td> |
| <td>Moderate</td> |
| <td>4.4.4, 5.1.1, 6.0, 6.0.1</td> |
| <td>Jan 29, 2016</td> |
| </tr> |
| <tr> |
| <td>CVE-2016-2425</td> |
| <td>ANDROID-7154234</td> |
| <td>Moderate</td> |
| <td>5.0.2</td> |
| <td>Jan 29, 2016</td> |
| </tr> |
| </table> |
| |
| |
| <h3 id=information_disclosure_vulnerability_in_framework>Information Disclosure Vulnerability in Framework</h3> |
| |
| |
| <p>An information disclosure vulnerability in the Framework component could allow |
| an application to access sensitive information. This issue is rated Moderate |
| severity because it could be used to improperly access to data without |
| permission.</p> |
| <table> |
| <tr> |
| <th>CVE</th> |
| <th>Bug</th> |
| <th>Severity</th> |
| <th>Updated versions</th> |
| <th>Date reported</th> |
| </tr> |
| <tr> |
| <td>CVE-2016-2426</td> |
| <td>ANDROID-26094635</td> |
| <td>Moderate</td> |
| <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td> |
| <td>Dec 8, 2015</td> |
| </tr> |
| </table> |
| |
| |
| <h3 id=information_disclosure_vulnerability_in_bouncycastle>Information Disclosure Vulnerability in BouncyCastle</h3> |
| |
| |
| <p>An information disclosure vulnerability in BouncyCastle could allow an |
| authentication key to be leaked. This issue is rated as Moderate severity |
| because it could be used to gain dangerous level data or capabilities without |
| permission with an app installed on the device.</p> |
| <table> |
| <tr> |
| <th>CVE</th> |
| <th>Bug</th> |
| <th>Severity</th> |
| <th>Updated versions</th> |
| <th>Date reported</th> |
| </tr> |
| <tr> |
| <td>CVE-2016-2427</td> |
| <td>ANDROID-26234568</td> |
| <td>Moderate</td> |
| <td>5.0.2, 5.1.1, 6.0, 6.0.1</td> |
| <td>Google Internal</td> |
| </tr> |
| </table> |
| |
| |
| <h2 id=common_questions_and_answers>Common Questions and Answers</h2> |
| |
| |
| <p>This section reviews answers to common questions that may occur after reading |
| this bulletin.</p> |
| |
| <p><strong>1. How do I determine if my device is updated to address these issues? </strong></p> |
| |
| <p>Security Patch Levels of April 2, 2016 or later address these issues (refer to the |
| <a href="https://support.google.com/nexus/answer/4457705">Nexus documentation</a> |
| for instructions on how to check the security patch level). Device |
| manufacturers that include these updates should set the patch string level to: |
| [ro.build.version.security_patch]:[2016-04-02]</p> |
| |
| <p><strong>2. Why is this Security Patch Level April 2, 2016?</strong></p> |
| |
| <p>The Security Patch Level for the monthly security update is normally set to the |
| first of the month. For April, a Security Patch Level of April 1, 2016 |
| indicates that all issues described in this bulletin with the exception of CVE-2015-1805, as described in |
| <a href="{@docRoot}security/advisory/2016-03-18.html">Android Security Advisory 2016-03-18</a> |
| have been addressed. A Security Patch Level of April 2, 2016 indicates that |
| all issues described in this bulletin including CVE-2015-1805, as described in |
| <a href="{@docRoot}security/advisory/2016-03-18.html">Android Security Advisory 2016-03-18</a> |
| have been addressed.</p> |
| |
| <h2 id=revisions>Revisions</h2> |
| |
| |
| <ul> |
| <li> April 04, 2016: Bulletin published. |
| |