Merge "Docs: May 2016 bulletin and updates"
diff --git a/src/security/bulletin/2015.jd b/src/security/bulletin/2015.jd
new file mode 100644
index 0000000..726511b
--- /dev/null
+++ b/src/security/bulletin/2015.jd
@@ -0,0 +1,92 @@
+page.title=2015 Nexus Security Bulletins
+@jd:body
+
+<!--
+ Copyright 2016 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+<p>This page contains all available 2015 Nexus Security Bulletins. For a list of all bulletins,
+please see the <a href="index.html">Nexus Security Bulletins</a> homepage.</p>
+
+
+<table>
+ <tr>
+ <th>Bulletin</th>
+ <th>Languages</th>
+ <th>Published Date</th>
+ <th>Android Security Patch Level</th>
+ </tr>
+ <tr>
+ <td><a href="2015-12-01.html">December 2015</a></td>
+ <td>
+ <a href="{@docRoot}intl/ja_ALL/security/bulletin/2015-12-01.html">日本語</a> /
+ <a href="{@docRoot}intl/ko_ALL/security/bulletin/2015-12-01.html">한국어</a> /
+ <a href="{@docRoot}intl/ru_ALL/security/bulletin/2015-12-01.html">ru</a> /<br />
+ <a href="{@docRoot}intl/zh-CN_ALL/security/bulletin/2015-12-01.html">中文 (中国)</a> /
+ <a href="{@docRoot}intl/zh-TW_ALL/security/bulletin/2015-12-01.html">中文 (台灣)</a>
+ </td>
+ <td>December 7, 2015</td>
+ <td>December 1, 2015: [2015-12-01]</td>
+</tr>
+<tr>
+ <td><a href="2015-11-01.html">November 2015</a></td>
+ <td>
+ <a href="{@docRoot}intl/ja_ALL/security/bulletin/2015-11-01.html">日本語</a> /
+ <a href="{@docRoot}intl/ko_ALL/security/bulletin/2015-11-01.html">한국어</a> /
+ <a href="{@docRoot}intl/ru_ALL/security/bulletin/2015-11-01.html">ru</a> /<br />
+ <a href="{@docRoot}intl/zh-CN_ALL/security/bulletin/2015-11-01.html">中文 (中国)</a> /
+ <a href="{@docRoot}intl/zh-TW_ALL/security/bulletin/2015-11-01.html">中文 (台灣)</a>
+ </td>
+ <td>November 2, 2015</td>
+ <td>November 1, 2015: [2015-11-01]</td>
+ </tr>
+ <tr>
+ <td><a href="2015-10-01.html">October 2015</a></td>
+ <td>
+ <a href="{@docRoot}intl/ja_ALL/security/bulletin/2015-10-01.html">日本語</a> /
+ <a href="{@docRoot}intl/ko_ALL/security/bulletin/2015-10-01.html">한국어</a> /
+ <a href="{@docRoot}intl/ru_ALL/security/bulletin/2015-10-01.html">ru</a> /<br />
+ <a href="{@docRoot}intl/zh-CN_ALL/security/bulletin/2015-10-01.html">中文 (中国)</a> /
+ <a href="{@docRoot}intl/zh-TW_ALL/security/bulletin/2015-10-01.html">中文 (台灣)</a>
+ </td>
+ <td>October 5, 2015</td>
+ <td>October 1, 2015: [2015-10-01]</td>
+ </tr>
+ <tr>
+ <td><a href="2015-09-01.html">September 2015</a></td>
+ <td>
+ <a href="{@docRoot}intl/ja_ALL/security/bulletin/2015-09-01.html">日本語</a> /
+ <a href="{@docRoot}intl/ko_ALL/security/bulletin/2015-09-01.html">한국어</a> /
+ <a href="{@docRoot}intl/ru_ALL/security/bulletin/2015-09-01.html">ru</a> /<br />
+ <a href="{@docRoot}intl/zh-CN_ALL/security/bulletin/2015-09-01.html">中文 (中国)</a> /
+ <a href="{@docRoot}intl/zh-TW_ALL/security/bulletin/2015-09-01.html">中文 (台灣)</a>
+ </td>
+ <td>September 9, 2015</td>
+ <td>N/A</td>
+ </tr>
+ <tr>
+ <td><a href="2015-08-01.html">August 2015</a></td>
+ <td>
+ <a href="{@docRoot}intl/ja_ALL/security/bulletin/2015-08-01.html">日本語</a> /
+ <a href="{@docRoot}intl/ko_ALL/security/bulletin/2015-08-01.html">한국어</a> /
+ <a href="{@docRoot}intl/ru_ALL/security/bulletin/2015-08-01.html">ru</a> /<br />
+ <a href="{@docRoot}intl/zh-CN_ALL/security/bulletin/2015-08-01.html">中文 (中国)</a> /
+ <a href="{@docRoot}intl/zh-TW_ALL/security/bulletin/2015-08-01.html">中文 (台灣)</a>
+ </td>
+ <td>August 13, 2015</td>
+ <td>N/A</td>
+ </tr>
+</table>
+
+
diff --git a/src/security/bulletin/2016-05-01.jd b/src/security/bulletin/2016-05-01.jd
new file mode 100644
index 0000000..759d2cf
--- /dev/null
+++ b/src/security/bulletin/2016-05-01.jd
@@ -0,0 +1,1347 @@
+page.title=Android Security Bulletin—May 2016
+@jd:body
+
+<!--
+ Copyright 2016 The Android Open Source Project
+
+ Licensed under the Apache License, Version 2.0 (the "License");
+ you may not use this file except in compliance with the License.
+ You may obtain a copy of the License at
+
+ http://www.apache.org/licenses/LICENSE-2.0
+
+ Unless required by applicable law or agreed to in writing, software
+ distributed under the License is distributed on an "AS IS" BASIS,
+ WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ See the License for the specific language governing permissions and
+ limitations under the License.
+-->
+
+<p><em>Published May 02, 2016</em></p>
+
+<p>The Android Security Bulletin contains details of security vulnerabilities
+affecting Android devices. Alongside with the bulletin, we have released a
+security update to Nexus devices through an over-the-air (OTA) update. The
+Nexus firmware images have also been released to the
+<a href="https://developers.google.com/android/nexus/images">Google Developer site</a>.
+Security Patch Levels of May 01, 2016 or later address these issues (refer to
+the <a href="https://support.google.com/nexus/answer/4457705">Nexus documentation</a>
+for instructions on how to check the security patch level).</p>
+
+<p>Partners were notified about the issues described in the bulletin on April 04,
+2016 or earlier. Source code patches for these issues will be released to the
+Android Open Source Project (AOSP) repository over the next 48 hours. We will
+revise this bulletin with the AOSP links when they are available.</p>
+
+<p>The most severe of these issues is a Critical security vulnerability that could
+enable remote code execution on an affected device through multiple methods
+such as email, web browsing, and MMS when processing media files.</p>
+
+<p>We have had no reports of active customer exploitation or abuse of these newly
+reported issues. Refer to the <a href="#mitigations">Android and Google Service Mitigations</a>
+section for details on the <a href="{@docRoot}security/enhancements/index.html">
+Android security platform protections</a> and service protections such as SafetyNet,
+which improve the security of the Android platform.</p>
+
+<p>We encourage all customers to accept these updates to their devices.</p>
+
+<h2 id=announcements>Announcements</h2>
+
+
+<ul>
+ <li> To reflect a broader focus, we renamed this bulletin (and all following in the
+ series) to the Android Security Bulletin. These bulletins encompass a broader
+ range of vulnerabilities that may affect Android devices, even if they do not
+ affect Nexus devices.</li>
+ <li> We updated the Android Security
+ <a href="{@docRoot}security/overview/updates-resources.html#severity">severity ratings</a>.
+ These changes were the result of data collected over the last six months on
+ reported security vulnerabilities and aim to align severities more closely with
+ real world impact to users.</li>
+</ul>
+
+<h2 id=security_vulnerability_summary>Security Vulnerability Summary</h2>
+
+
+<p>The table below contains a list of security vulnerabilities, the Common
+Vulnerability and Exposures ID (CVE), their assessed severity and whether or
+not Nexus devices are affected.
+The <a href="{@docRoot}security/overview/updates-resources.html#severity">severity assessment</a>
+is based on the effect that exploiting the vulnerability would possibly have
+on an affected device, assuming the platform and service mitigations are
+disabled for development purposes or if successfully bypassed.</p>
+<table>
+ <col width="55%">
+ <col width="20%">
+ <col width="13%">
+ <col width="12%">
+ <tr>
+ <th>Issue</th>
+ <th>CVE</th>
+ <th>Severity</th>
+ <th>Affects Nexus?</th>
+ </tr>
+ <tr>
+ <td>Remote Code Execution Vulnerability in Mediaserver</td>
+ <td>CVE-2016-2428<br />
+ CVE-2016-2429</td>
+ <td>Critical</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of Privilege Vulnerability in Debuggerd</td>
+ <td>CVE-2016-2430</td>
+ <td>Critical</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of Privilege Vulnerability in Qualcomm TrustZone </td>
+ <td>CVE-2016-2431<br />
+ CVE-2016-2432</td>
+ <td>Critical</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of Privilege Vulnerability in Qualcomm Wi-Fi Driver</td>
+ <td>CVE-2015-0569<br />
+ CVE-2015-0570</td>
+ <td>Critical</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of Privilege Vulnerability in NVIDIA Video Driver </td>
+ <td>CVE-2016-2434<br />
+ CVE-2016-2435<br />
+ CVE-2016-2436<br />
+ CVE-2016-2437</td>
+ <td>Critical</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of Privilege Vulnerability in Kernel</td>
+ <td>CVE-2015-1805</td>
+ <td>Critical</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Remote Code Execution Vulnerability in Kernel</td>
+ <td>CVE-2016-2438</td>
+ <td>High</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Information Disclosure Vulnerability in Qualcomm Tethering Controller</td>
+ <td>CVE-2016-2060</td>
+ <td>High</td>
+ <td>No</td>
+ </tr>
+ <tr>
+ <td>Remote Code Execution in Bluetooth</td>
+ <td>CVE-2016-2439</td>
+ <td>High</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of Privilege in Binder</td>
+ <td>CVE-2016-2440</td>
+ <td>High</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of Privilege Vulnerability in Qualcomm Buspm Driver</td>
+ <td>CVE-2016-2441<br />
+ CVE-2016-2442</td>
+ <td>High</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of Privilege Vulnerability in Qualcomm MDP Driver</td>
+ <td>CVE-2016-2443</td>
+ <td>High</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of Privilege Vulnerability in Qualcomm Wi-Fi Driver</td>
+ <td>CVE-2015-0571</td>
+ <td>High</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of Privilege Vulnerability in NVIDIA Video Driver</td>
+ <td>CVE-2016-2444<br />
+ CVE-2016-2445<br />
+ CVE-2016-2446</td>
+ <td>High</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of Privilege in Wi-Fi</td>
+ <td>CVE-2016-2447</td>
+ <td>High</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of Privilege Vulnerability in Mediaserver</td>
+ <td>CVE-2016-2448<br />
+ CVE-2016-2449<br />
+ CVE-2016-2450<br />
+ CVE-2016-2451<br />
+ CVE-2016-2452</td>
+ <td>High</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of Privilege Vulnerability in MediaTek Wi-Fi Driver</td>
+ <td>CVE-2016-2453</td>
+ <td>High</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Remote Denial of Service Vulnerability in Qualcomm Hardware Codec</td>
+ <td>CVE-2016-2454</td>
+ <td>High</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of Privilege in Conscrypt</td>
+ <td>CVE-2016-2461<br />
+ CVE-2016-2462</td>
+ <td>Moderate</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of Privilege Vulnerability in OpenSSL & BoringSSL</td>
+ <td>CVE-2016-0705</td>
+ <td>Moderate</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of Privilege Vulnerability in MediaTek Wi-Fi Driver</td>
+ <td>CVE-2016-2456</td>
+ <td>Moderate</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Elevation of Privilege in Wi-Fi</td>
+ <td>CVE-2016-2457</td>
+ <td>Moderate</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Information Disclosure Vulnerability in AOSP Mail </td>
+ <td>CVE-2016-2458</td>
+ <td>Moderate</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Information Disclosure Vulnerability in Mediaserver</td>
+ <td>CVE-2016-2459<br />
+ CVE-2016-2460</td>
+ <td>Moderate</td>
+ <td>Yes</td>
+ </tr>
+ <tr>
+ <td>Denial of Service Vulnerability in Kernel</td>
+ <td>CVE-2016-0774</td>
+ <td>Low</td>
+ <td>Yes</td>
+ </tr>
+</table>
+
+
+<h2 id=android_and_google_service_mitigations>Android and Google Service Mitigations</h2>
+
+
+<p>This is a summary of the mitigations provided by the
+<a href="{@docRoot}security/enhancements/index.html">Android security platform</a>
+and service protections such as SafetyNet. These capabilities reduce the
+likelihood that security vulnerabilities could be successfully exploited on
+Android.</p>
+
+<ul>
+ <li> Exploitation for many issues on Android is made more difficult by enhancements
+ in newer versions of the Android platform. We encourage all users to update to
+ the latest version of Android where possible.</li>
+ <li> The Android Security team actively monitors for abuse with
+ <a href="{@docRoot}security/reports/Google_Android_Security_2015_Report_Final.pdf">
+ Verify Apps and SafetyNet</a>, which are designed to warn users about
+ <a href="{@docRoot}security/reports/Google_Android_Security_PHA_classifications.pdf">
+ Potentially Harmful Applications</a>. Verify Apps is enabled by default on devices with
+ <a href="http://www.android.com/gms">Google Mobile Services</a>, and is especially
+ important for users who install applications from outside
+ of Google Play. Device rooting tools are prohibited within Google Play, but
+ Verify Apps warns users when they attempt to install a detected rooting
+ application—no matter where it comes from. Additionally, Verify Apps attempts
+ to identify and block installation of known malicious applications that exploit
+ a privilege escalation vulnerability. If such an application has already been
+ installed, Verify Apps will notify the user and attempt to remove the detected
+ application.</li>
+ <li> As appropriate, Google Hangouts and Messenger applications do not automatically
+ pass media to processes such as mediaserver.</li>
+</ul>
+
+<h2 id=acknowledgements>Acknowledgements</h2>
+
+
+<p>We would like to thank these researchers for their contributions:</p>
+
+<ul>
+ <li> Abhishek Arya, Oliver Chang, and Martin Barbella of Google Chrome Security
+ Team: CVE-2016-2454
+ <li> Andy Tyler (<a href="https://twitter.com/ticarpi">@ticarpi</a>) of
+ <a href="https://www.e2e-assure.com">e2e-assure</a>: CVE-2016-2457
+ <li> Chiachih Wu (<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>) and
+ Xuxian Jiang of <a href="http://c0reteam.org">C0RE Team</a>: CVE-2016-2441,
+ CVE-2016-2442
+ <li> Dzmitry Lukyanenka (<a href="http://www.linkedin.com/in/dzima">
+ www.linkedin.com/in/dzima</a>): CVE-2016-2458
+ <li> Gal Beniamini: CVE-2016-2431
+ <li> Hao Chen of Vulpecker Team, Qihoo 360 Technology Co. Ltd: CVE-2016-2456
+ <li> Jake Valletta of Mandiant, a FireEye company: CVE-2016-2060
+ <li> Jianqiang Zhao (<a href="https://twitter.com/jianqiangzhao">@jianqiangzhao</a>)
+ and pjf (<a href="http://weibo.com/jfpan">weibo.com/jfpan</a>) of IceSword Lab,
+ Qihoo 360 Technology Co. Ltd: CVE-2016-2434, CVE-2016-2435, CVE-2016-2436,
+ CVE-2016-2441, CVE-2016-2442, CVE-2016-2444, CVE-2016-2445, CVE-2016-2446
+ <li> Imre Rad of <a href="http://www.search-lab.hu">Search-Lab Ltd.</a>: CVE-2016-2447
+ <li> Jeremy C. Joslin of Google: CVE-2016-2461
+ <li> Kenny Root of Google: CVE-2016-2462
+ <li> Marco Grassi (<a href="https://twitter.com/marcograss">@marcograss</a>) of KeenLab
+ (<a href="https://twitter.com/keen_lab">@keen_lab</a>), Tencent: CVE-2016-2443
+ <li> Michał Bednarski (<a href="https://github.com/michalbednarski">
+ https://github.com/michalbednarski</a>): CVE-2016-2440
+ <li> Mingjian Zhou (<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>),
+ Chiachih Wu (<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>), and Xuxian
+ Jiang of <a href="http://c0reteam.org">C0RE Team</a>: CVE-2016-2450, CVE-2016-2448,
+ CVE-2016-2449, CVE-2016-2451, CVE-2016-2452
+ <li> Peter Pi (<a href="https://twitter.com/heisecode">@heisecode</a>) of Trend Micro:
+ CVE-2016-2459, CVE-2016-2460
+ <li> Weichao Sun (<a href="https://twitter.com/sunblate">@sunblate</a>) of Alibaba Inc.:
+ CVE-2016-2428, CVE-2016-2429
+ <li> <a href="mailto:computernik@gmail.com">Yuan-Tsung Lo</a>, <a href="mailto:zlbzlb815@163.com">
+ Lubo Zhang</a>, Chiachih Wu (<a href="https://twitter.com/chiachih_wu">@chiachih_wu</a>),
+ and Xuxian Jiang of <a href="http://c0reteam.org">C0RE Team</a>: CVE-2016-2437
+ <li> Yulong Zhang and Tao (Lenx) Wei of Baidu X-Lab: CVE-2016-2439
+ <li> Zach Riggle (<a href="https://twitter.com/ebeip90">@ebeip90</a>) of the Android
+ Security Team: CVE-2016-2430
+</ul>
+
+<h2 id=security_vulnerability_details>Security Vulnerability Details</h2>
+
+
+<p>In the sections below, we provide details for each of the security
+vulnerabilities listed in the <a href="#security_vulnerability_summary">
+Security Vulnerability Summary</a> above. There is a description of the issue,
+a severity rationale, and a table with the CVE, associated bug, severity,
+updated Nexus devices, updated AOSP versions (where applicable), and date reported.
+When available, we will link the AOSP change that addressed the issue to
+the bug ID. When multiple changes relate to a single bug, additional AOSP
+references are linked to numbers following the bug ID.</p>
+
+<h3 id=remote_code_execution_vulnerability_in_mediaserver>
+Remote Code Execution Vulnerability in Mediaserver</h3>
+
+
+<p>During media file and data processing of a specially crafted file, a
+vulnerability in mediaserver could allow an attacker to cause memory corruption
+and remote code execution as the mediaserver process.</p>
+
+<p>The affected functionality is provided as a core part of the operating system
+and there are multiple applications that allow it to be reached with remote
+content, most notably MMS and browser playback of media.</p>
+
+<p>This issue is rated as Critical severity due to the possibility of remote code
+execution within the context of the mediaserver service. The mediaserver
+service has access to audio and video streams, as well as access to privileges
+that third-party apps could not normally access.</p>
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="19%">
+ <col width="18%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>Android bugs</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Updated AOSP versions</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-2428</td>
+ <td>26751339</td>
+ <td>Critical</td>
+ <td><a href="#nexus_devices">All Nexus</a></td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td>
+ <td>Jan 22, 2016</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-2429</td>
+ <td>27211885</td>
+ <td>Critical</td>
+ <td><a href="#nexus_devices">All Nexus</a></td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td>
+ <td>Feb 16, 2016</td>
+ </tr>
+</table>
+
+
+<h3 id=elevation_of_privilege_vulnerability_in_debuggerd>
+Elevation of Privilege Vulnerability in Debuggerd</h3>
+
+
+<p>An elevation of privilege vulnerability in the integrated Android debugger
+could enable a local malicious application to execute arbitrary code within the
+context of the Android debugger. This issue is rated as Critical severity due
+to the possibility of a local permanent device compromise, which may require
+reflashing the operating system to repair the device.</p>
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="19%">
+ <col width="18%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>Android bugs</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Updated AOSP versions</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-2430</td>
+ <td>27299236</td>
+ <td>Critical</td>
+ <td><a href="#nexus_devices">All Nexus</a></td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td>
+ <td>Feb 22, 2016</td>
+ </tr>
+</table>
+
+
+<h3 id=elevation_of_privilege_vulnerability_in_qualcomm_trustzone>
+Elevation of Privilege Vulnerability in Qualcomm TrustZone </h3>
+
+
+<p>An elevation of privilege vulnerability in the Qualcomm TrustZone component
+could enable a secure local malicious application to execute arbitrary code
+within the context of the TrustZone kernel. This issue is rated as Critical
+severity due to the possibility of a local permanent device compromise, which
+may require reflashing the operating system to repair the device.</p>
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="27%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>Android bugs</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-2431</td>
+ <td>24968809</td>
+ <td>Critical</td>
+ <td>Nexus 5, Nexus 6, Nexus 7 (2013), Android One</td>
+ <td>Oct 15, 2015</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-2432</td>
+ <td>25913059</td>
+ <td>Critical</td>
+ <td>Nexus 6, Android One</td>
+ <td>Nov 28, 2015</td>
+ </tr>
+</table>
+
+
+<h3 id=elevation_of_privilege_vulnerability_in_qualcomm_wi-fi_driver>
+Elevation of Privilege Vulnerability in Qualcomm Wi-Fi Driver</h3>
+
+
+<p>An elevation of privilege vulnerability in the Qualcomm Wi-Fi driver could
+enable a local malicious application to execute arbitrary code within the
+context of the kernel. This issue is rated as Critical severity due to
+possibility of a local privilege escalation and arbitrary code execution
+leading to the possibility of a local permanent device compromise, which may
+require reflashing the operating system to repair the device.</p>
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="27%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>Android bugs</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2015-0569</td>
+ <td>26754117</td>
+ <td>Critical</td>
+ <td>Nexus 5X, Nexus 7 (2013)</td>
+ <td>Jan 23, 2016</td>
+ </tr>
+ <tr>
+ <td>CVE-2015-0570</td>
+ <td>26764809</td>
+ <td>Critical</td>
+ <td>Nexus 5X, Nexus 7 (2013)</td>
+ <td>Jan 25, 2016</td>
+ </tr>
+</table>
+
+
+<h3 id=elevation_of_privilege_vulnerability_in_nvidia_video_driver>
+Elevation of Privilege Vulnerability in NVIDIA Video Driver</h3>
+
+
+<p>An elevation of privilege vulnerability in the NVIDIA video driver could enable
+a local malicious application to execute arbitrary code within the context of
+the kernel. This issue is rated as Critical severity due to the possibility of
+a local permanent device compromise, which may require reflashing the operating
+system to repair the device.</p>
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="27%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>Android bugs</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-2434</td>
+ <td>27251090</td>
+ <td>Critical</td>
+ <td>Nexus 9</td>
+ <td>Feb 17, 2016</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-2435</td>
+ <td>27297988</td>
+ <td>Critical</td>
+ <td>Nexus 9</td>
+ <td>Feb 20, 2016</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-2436</td>
+ <td>27299111</td>
+ <td>Critical</td>
+ <td>Nexus 9</td>
+ <td>Feb 22, 2016</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-2437</td>
+ <td>27436822</td>
+ <td>Critical</td>
+ <td>Nexus 9</td>
+ <td>Mar 1, 2016</td>
+ </tr>
+</table>
+
+
+<h3 id=elevation_of_privilege_vulnerability_in_kernel>
+Elevation of Privilege Vulnerability in Kernel</h3>
+
+
+<p>An elevation of privilege vulnerability in the kernel could enable a local
+malicious application to execute arbitrary code within the context of the
+kernel. This issue is rated as Critical severity due to the possibility of a
+local privilege escalation and arbitrary code execution leading to the
+possibility of a local permanent device compromise, which may require
+reflashing the operating system to repair the device. This issue was described
+in <a href="{@docRoot}security/advisory/2016-03-18.html">Android Security Advisory 2016-03-18</a>.</p>
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="27%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>Android bugs</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2015-1805</td>
+ <td>27275324</td>
+ <td>Critical</td>
+ <td>Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, Nexus 7 (2013), Nexus 9</td>
+ <td>Feb 19, 2016</td>
+ </tr>
+</table>
+
+
+<p></p>
+
+<h3 id=remote_code_execution_vulnerability_in_kernel>
+Remote Code Execution Vulnerability in Kernel</h3>
+
+
+<p>A remote code execution vulnerability in the audio subsystem could enable a
+local malicious application to execute arbitrary code within the context of the
+kernel. Normally a kernel code execution bug like this would be rated Critical,
+but because it first requires compromising a privileged service in order to
+call the audio subsystem, it is rated High severity.</p>
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="27%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>Android bugs</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-2438</td>
+ <td>26636060</td>
+ <td>High</td>
+ <td>Nexus 9 </td>
+ <td>Google Internal</td>
+ </tr>
+</table>
+
+
+<h3 id=information_disclosure_vulnerability_in_qualcomm_tethering_controller>
+Information Disclosure Vulnerability in Qualcomm Tethering Controller</h3>
+
+
+<p>An information disclosure vulnerability in the Qualcomm Tethering controller
+could allow a local malicious application to access personal identifiable
+information without the privileges to do so. This issue is rated as High
+severity because it can be used to gain elevated capabilities, such as
+<a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> or
+<a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a>
+permissions privileges, which are not accessible to a third-party application.</p>
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="27%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>Android bugs</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-2060</td>
+ <td>27942588</td>
+ <td>High</td>
+ <td>None</td>
+ <td>Mar 23, 2016</td>
+ </tr>
+</table>
+
+
+<h3 id=remote_code_execution_vulnerability_in_bluetooth>
+Remote Code Execution Vulnerability in Bluetooth</h3>
+
+
+<p>During pairing of a Bluetooth device, a vulnerability in Bluetooth could allow
+a proximal attacker to execute arbitrary code during the pairing process. This
+issue is rated as High severity due to the possibility of remote code execution
+during the initialization of a Bluetooth device.</p>
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="19%">
+ <col width="18%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>Android bugs</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Updated AOSP versions</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-2439</td>
+ <td>27411268</td>
+ <td>High</td>
+ <td><a href="#nexus_devices">All Nexus</a></td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td>
+ <td>Feb 28, 2016</td>
+ </tr>
+</table>
+
+
+<h3 id=elevation_of_privilege_vulnerability_in_binder>
+Elevation of Privilege Vulnerability in Binder</h3>
+
+
+<p>An elevation of privilege vulnerability in Binder could allow a local malicious
+application to execute arbitrary code within the context of another app’s
+process. While freeing memory, a vulnerability in the Binder could allow an
+attacker to cause local code execution. This issue is rated as High severity
+due to the possibility of local code execution during free memory process in
+the Binder.</p>
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="19%">
+ <col width="18%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>Android bugs</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Updated AOSP versions</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-2440</td>
+ <td>27252896</td>
+ <td>High</td>
+ <td><a href="#nexus_devices">All Nexus</a></td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td>
+ <td>Feb 18, 2016</td>
+ </tr>
+</table>
+
+
+<h3 id=elevation_of_privilege_vulnerability_in_qualcomm_buspm_driver>
+Elevation of Privilege Vulnerability in Qualcomm Buspm Driver</h3>
+
+
+<p>An elevation of privilege vulnerability in the Qualcomm buspm driver could
+enable a local malicious application to execute arbitrary code within the
+context of the kernel. Normally a kernel code execution bug like this would be
+rated Critical, but because it first requires compromising a service that can
+call the driver, it is rated as High severity.</p>
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="27%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>Android bugs</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-2441</td>
+ <td>26354602</td>
+ <td>High</td>
+ <td>Nexus 5X, Nexus 6, Nexus 6P</td>
+ <td>Dec 30, 2015</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-2442</td>
+ <td>26494907</td>
+ <td>High</td>
+ <td>Nexus 5X, Nexus 6, Nexus 6P</td>
+ <td>Dec 30, 2015</td>
+ </tr>
+</table>
+
+
+<h3 id=elevation_of_privilege_vulnerability_in_qualcomm_mdp_driver>
+Elevation of Privilege Vulnerability in Qualcomm MDP Driver</h3>
+
+
+<p>An elevation of privilege vulnerability in the Qualcomm MDP driver could enable
+a local malicious application to execute arbitrary code within the context of
+the kernel. Normally a kernel code execution bug like this would be rated
+Critical, but because it first requires compromising a service that can call
+the driver, it is rated as High severity.</p>
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="27%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>Android bugs</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-2443</td>
+ <td>26404525</td>
+ <td>High</td>
+ <td>Nexus 5, Nexus 7 (2013)</td>
+ <td>Jan 5, 2016</td>
+ </tr>
+</table>
+
+
+<h3 id=elevation_of_privilege_vulnerability_in_qualcomm_wi-fi_driver>
+Elevation of Privilege Vulnerability in Qualcomm Wi-Fi Driver</h3>
+
+
+<p>An elevation of privilege vulnerability in the Qualcomm Wi-Fi component could
+enable a local malicious application to invoke system calls changing the device
+settings and behavior without the privileges to do so. This issue is rated as
+High severity because it could be used to gain local access to elevated
+capabilities, such as
+<a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> or
+<a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a>
+permissions privileges, which are not accessible to a third-party application.</p>
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="27%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>Android bugs</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2015-0571</td>
+ <td>26763920</td>
+ <td>High</td>
+ <td>Nexus 5X, Nexus 7 (2013)</td>
+ <td>Jan 25, 2016</td>
+ </tr>
+</table>
+
+
+<h3 id=elevation_of_privilege_vulnerability_in_nvidia_video_driver>
+Elevation of Privilege Vulnerability in NVIDIA Video Driver</h3>
+
+
+<p>An elevation of privilege vulnerability in the NVIDIA media driver could enable
+a local malicious application to execute arbitrary code within the context of
+the kernel. Normally a kernel code execution bug like this would be rated
+Critical, but because it first requires compromising a high privilege service
+to call the driver, it is rated High severity.</p>
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="27%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>Android bugs</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-2444</td>
+ <td>27208332</td>
+ <td>High</td>
+ <td>Nexus 9</td>
+ <td>Feb 16, 2016</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-2445</td>
+ <td>27253079</td>
+ <td>High</td>
+ <td>Nexus 9</td>
+ <td>Feb 17, 2016</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-2446</td>
+ <td>27441354</td>
+ <td>High</td>
+ <td>Nexus 9</td>
+ <td>Mar 1, 2016</td>
+ </tr>
+</table>
+
+
+<h3 id=elevation_of_privilege_vulnerability_in_wi-fi>
+Elevation of Privilege Vulnerability in Wi-Fi</h3>
+
+
+<p>An elevation of privilege vulnerability in Wi-Fi could enable a local malicious
+application to execute arbitrary code within the context of an elevated system
+application. This issue is rated as High severity because it could also be used
+to gain elevated capabilities, such as
+<a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> or
+<a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a>
+permissions privileges, which are not accessible to third-party applications.</p>
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="19%">
+ <col width="18%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>Android bugs</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Updated AOSP versions</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-2447</td>
+ <td>27371366</td>
+ <td>High</td>
+ <td><a href="#nexus_devices">All Nexus</a></td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td>
+ <td>Feb 24, 2016</td>
+ </tr>
+</table>
+
+
+<h3 id=elevation_of_privilege_vulnerability_in_mediaserver>
+Elevation of Privilege Vulnerability in Mediaserver</h3>
+
+
+<p>An elevation of privilege vulnerability in mediaserver could enable a local
+malicious application to execute arbitrary code within the context of an
+elevated system application. This issue is rated as High severity because it
+could be used to gain elevated capabilities, such as
+<a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">Signature</a> or
+<a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">SignatureOrSystem</a>
+permissions privileges, which are not accessible to a third-party application.</p>
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="19%">
+ <col width="18%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>Android bugs</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Updated AOSP versions</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-2448</td>
+ <td>27533704</td>
+ <td>High</td>
+ <td><a href="#nexus_devices">All Nexus</a></td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td>
+ <td>Mar 7, 2016</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-2449</td>
+ <td>27568958</td>
+ <td>High</td>
+ <td><a href="#nexus_devices">All Nexus</a></td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td>
+ <td>Mar 9, 2016</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-2450</td>
+ <td>27569635</td>
+ <td>High</td>
+ <td><a href="#nexus_devices">All Nexus</a></td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td>
+ <td>Mar 9, 2016</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-2451</td>
+ <td>27597103</td>
+ <td>High</td>
+ <td><a href="#nexus_devices">All Nexus</a></td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td>
+ <td>Mar 10, 2016</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-2452</td>
+ <td>27662364</td>
+ <td>High</td>
+ <td><a href="#nexus_devices">All Nexus</a></td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td>
+ <td>Mar 14, 2016</td>
+ </tr>
+</table>
+
+
+<h3 id=elevation_of_privilege_vulnerability_in_mediatek_wi-fi_driver>
+Elevation of Privilege Vulnerability in MediaTek Wi-Fi Driver</h3>
+
+
+<p>An elevation of privilege vulnerability in the MediaTek Wi-Fi driver could
+enable a local malicious application to execute arbitrary code within the
+context of the kernel. Normally a kernel code execution bug like this would be
+rated Critical, but because it first requires compromising a service that can
+call the driver, it is rated as High severity.</p>
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="27%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>Android bugs</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-2453</td>
+ <td>27549705</td>
+ <td>High</td>
+ <td>Android One</td>
+ <td>Mar 8, 2016</td>
+ </tr>
+</table>
+
+
+<h3 id=remote_denial_of_service_vulnerability_in_qualcomm_hardware_codec>
+Remote Denial of Service Vulnerability in Qualcomm Hardware Codec</h3>
+
+
+<p>During media file and data processing of a specially crafted file, a remote
+denial of service vulnerability in the Qualcomm hardware video codec could
+allow a remote attacker to block access to an affected device by causing a
+device reboot. This is rated as High severity due to the possibility of remote
+denial of service.</p>
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="27%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>Android bugs</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-2454</td>
+ <td>26221024</td>
+ <td>High</td>
+ <td>Nexus 5</td>
+ <td>Dec 16, 2015</td>
+ </tr>
+</table>
+
+
+<h3 id=elevation_of_privilege_vulnerability_in_conscrypt>
+Elevation of Privilege Vulnerability in Conscrypt</h3>
+
+
+<p>An elevation of privilege vulnerability in Conscrypt could allow an local
+application to believe a message was authenticated when it was not. This issue
+is rated as Moderate severity because it requires coordinated steps across
+multiple devices.</p>
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="19%">
+ <col width="18%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>Android bugs</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Updated AOSP versions</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-2461</td>
+ <td>27324690</td>
+ <td>Moderate</td>
+ <td><a href="#nexus_devices">All Nexus</a></td>
+ <td>6.0, 6.0.1</td>
+ <td>Google Internal</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-2462</td>
+ <td>27371173</td>
+ <td>Moderate</td>
+ <td><a href="#nexus_devices">All Nexus</a></td>
+ <td>6.0, 6.0.1</td>
+ <td>Google Internal</td>
+ </tr>
+</table>
+
+
+<h3 id=elevation_of_privilege_vulnerability_in_openssl_&_boringssl>
+Elevation of Privilege Vulnerability in OpenSSL & BoringSSL</h3>
+
+
+<p>An elevation of privilege vulnerability in OpenSSL and BoringSSL could enable a
+local malicious application to access data outside of its permission levels.
+Normally this would be rated High, but because it requires an uncommon manual
+configuration, it is rated as Moderate severity.</p>
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="19%">
+ <col width="18%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>Android bugs</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Updated AOSP versions</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-0705</td>
+ <td>27449871</td>
+ <td>Moderate</td>
+ <td><a href="#nexus_devices">All Nexus</a></td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td>
+ <td>Feb 7, 2016</td>
+ </tr>
+</table>
+
+
+<h3 id=elevation_of_privilege_vulnerability_in_mediatek_wi-fi_driver>
+Elevation of Privilege Vulnerability in MediaTek Wi-Fi Driver</h3>
+
+
+<p>An elevation of privilege vulnerability in MediaTek Wi-Fi driver could enable a
+local malicious application to cause a denial of service. Normally an elevation
+of privilege bug like this would be rated High, but because it requires first
+compromising a system service, it is rated as Moderate severity.</p>
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="27%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>Android bugs</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-2456</td>
+ <td>27275187</td>
+ <td>Moderate</td>
+ <td>Android One</td>
+ <td>Feb 19, 2016</td>
+ </tr>
+</table>
+
+
+<h3 id=elevation_of_privilege_vulnerability_in_wi-fi>
+Elevation of Privilege Vulnerability in Wi-Fi</h3>
+
+
+<p>An elevation of privilege vulnerability in Wi-Fi could enable a guest account
+to modify the Wi-Fi settings that persist for the primary user. This issue is
+rated as Moderate severity because it enables local access to "
+<a href="http://developer.android.com/guide/topics/manifest/permission-element.html#plevel">
+dangerous</a>" capabilities without permission.</p>
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="19%">
+ <col width="18%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>Android bugs</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Updated AOSP versions</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-2457</td>
+ <td>27411179</td>
+ <td>Moderate</td>
+ <td><a href="#nexus_devices">All Nexus</a></td>
+ <td>5.0.2, 5.1.1, 6.0, 6.0.1</td>
+ <td>Feb 29, 2016</td>
+ </tr>
+</table>
+
+
+<h3 id=information_disclosure_vulnerability_in_aosp_mail>
+Information Disclosure Vulnerability in AOSP Mail</h3>
+
+
+<p>An information disclosure vulnerability in AOSP Mail could enable a local
+malicious application to gain access to user’s private information. This issue
+is rated Moderate severity because it could be used to improperly access data
+without permission.</p>
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="19%">
+ <col width="18%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>Android bugs</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Updated AOSP versions</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-2458</td>
+ <td>27335139</td>
+ <td>Moderate</td>
+ <td><a href="#nexus_devices">All Nexus</a></td>
+ <td>5.0.2, 5.1.1, 6.0, 6.0.1</td>
+ <td>Feb 23, 2016</td>
+ </tr>
+</table>
+
+
+<h3 id=information_disclosure_vulnerability_in_mediaserver>
+Information Disclosure Vulnerability in Mediaserver</h3>
+
+
+<p>An information disclosure vulnerability in Mediaserver could allow an
+application to access sensitive information. This issue is rated as Moderate
+severity because it could be used to improperly access data without permission.</p>
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="19%">
+ <col width="18%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>Android bugs</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Updated AOSP versions</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-2459</td>
+ <td>27556038</td>
+ <td>Moderate</td>
+ <td><a href="#nexus_devices">All Nexus</a></td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td>
+ <td>Mar 7, 2016</td>
+ </tr>
+ <tr>
+ <td>CVE-2016-2460</td>
+ <td>27555981</td>
+ <td>Moderate</td>
+ <td><a href="#nexus_devices">All Nexus</a></td>
+ <td>4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1</td>
+ <td>Mar 7, 2016</td>
+ </tr>
+</table>
+
+
+<h3 id=denial_of_service_vulnerability_in_kernel>
+Denial of Service Vulnerability in Kernel</h3>
+
+
+<p>A denial of service vulnerability in the kernel could allow a local malicious
+application to cause a device reboot. This issue is rated as Low severity
+because the effect is a temporary denial of service.</p>
+<table>
+ <col width="19%">
+ <col width="16%">
+ <col width="10%">
+ <col width="27%">
+ <col width="16%">
+ <tr>
+ <th>CVE</th>
+ <th>Android bugs</th>
+ <th>Severity</th>
+ <th>Updated Nexus devices</th>
+ <th>Date reported</th>
+ </tr>
+ <tr>
+ <td>CVE-2016-0774</td>
+ <td>27721803 </td>
+ <td>Low</td>
+ <td><a href="#nexus_devices">All Nexus</a></td>
+ <td>Mar 17, 2016</td>
+ </tr>
+</table>
+
+
+<h2 id=common_questions_and_answers>Common Questions and Answers</h2>
+
+
+<p>This section reviews answers to common questions that may occur after reading
+this bulletin.</p>
+
+<p><strong>1. How do I determine if my device is updated to address these issues?</strong></p>
+
+<p>Security Patch Levels of May 01, 2016 or later address these issues (refer to
+the <a href="https://support.google.com/nexus/answer/4457705">Nexus documentation</a>
+for instructions on how to check the security patch level). Device
+manufacturers that include these updates should set the patch string level to:
+[ro.build.version.security_patch]:[2016-05-01]</p>
+
+<p id="nexus_devices"><strong>2. How do I determine which Nexus devices are affected
+by each issue?</strong></p>
+
+<p>In the <a href="security_vulnerability_details">Security Vulnerability Details</a>
+section, each table has an Updated Nexus devices column that covers the range
+of affected Nexus devices updated for each issue. This column has a few
+options:</p>
+
+<ul>
+ <li> <strong>All Nexus devices</strong>: If an issue affects all Nexus devices,
+ the table will have All Nexus in the <em>Updated Nexus devices</em> column.
+ All Nexus encapsulates the following
+ <a href="https://support.google.com/nexus/answer/4457705#nexus_devices">
+ supported devices</a>: Nexus 5, Nexus 5X, Nexus 6, Nexus 6P, Nexus 7 (2013),
+ Nexus 9, and Android One.
+ <li> <strong>Some Nexus devices</strong>: If an issue doesn’t affect all Nexus
+ devices, the affected Nexus devices are listed in the <em>Updated Nexus
+ devices</em> column.</li>
+ <li> <strong>No Nexus devices</strong>: If no Nexus devices are affected by the
+ issue, the table will have “None” in the <em>Updated Nexus devices</em> column.</li>
+</ul>
+
+<p><strong>3. Why is CVE-2015-1805 included in this bulletin?</strong></p>
+<p>CVE-2015-1805 is included in this bulletin because the <a href="{@docRoot}security/advisory/2016-03-18.html">
+Android Security Advisory—2016-03-18</a> was published very close to the release of
+the April bulletin. Due to the tight timeline, device manufacturers were given the
+option to ship fixes from the <a href="2016-04-02.html">Nexus Security Bulletin-April 2016</a>
+, without the fix for CVE-2015-1805, if they used the April 01, 2016 Security Patch Level.
+It is included again in this bulletin as it must be fixed in order to use the the
+May 01, 2016 Security Patch Level.</p>
+<h2 id=revisions>Revisions</h2>
+
+
+<ul>
+ <li> May 02, 2016: Bulletin published.</li>
+</ul>
diff --git a/src/security/bulletin/index.jd b/src/security/bulletin/index.jd
index 9a88fc4..926b897 100644
--- a/src/security/bulletin/index.jd
+++ b/src/security/bulletin/index.jd
@@ -1,4 +1,4 @@
-page.title=Nexus Security Bulletins
+page.title=Android Security Bulletins
@jd:body
<!--
@@ -19,8 +19,8 @@
<p>Security has always been a major focus for Android and Google Play: Android was
built from day one with security in mind. Monthly device updates are an
important tool to make and keep Android users safe. This page contains the
-available Nexus Security Bulletins. These security bulletins include
-information users can follow to ensure their device has the latest security
+available Android Security Bulletins. These security bulletins also include
+information users can follow to ensure their Nexus device has the latest security
updates.</p>
<p>To get notifications when we publish a new bulletin, join the
<a href="https://groups.google.com/forum/#!forum/android-security-updates">Android Security Updates group</a>,
@@ -40,6 +40,13 @@
<th>Android Security Patch Level</th>
</tr>
<tr>
+ <td><a href="2016-05-01.html">May 2016</a></td>
+ <td>Coming soon
+ </td>
+ <td>May 2, 2016</td>
+ <td>May 1, 2016: [2016-05-01]</td>
+ </tr>
+ <tr>
<td><a href="2016-04-02.html">April 2016</a></td>
<td>
<a href="{@docRoot}intl/ja_ALL/security/bulletin/2016-04-02.html">日本語</a> /
diff --git a/src/security/overview/acknowledgements.jd b/src/security/overview/acknowledgements.jd
index 22e80b7..85d9d86 100644
--- a/src/security/overview/acknowledgements.jd
+++ b/src/security/overview/acknowledgements.jd
@@ -40,6 +40,9 @@
<p>Abhishek Arya of Google Chrome Security Team</p>
+<p> Andy Tyler (<a href="https://twitter.com/ticarpi">@ticarpi</a>) of
+ <a href="https://www.e2e-assure.com">e2e-assure</a></p>
+
<p>Anestis Bechtsoudis (<a href="https://twitter.com/anestisb">@anestisb</a>) of CENSUS S.A.</p>
<p>Brad Ebinger of Google Telecom Team</p>
@@ -53,6 +56,9 @@
<p>David Riley of the Google Pixel C Team</p>
+<p> Dzmitry Lukyanenka (<a href="http://www.linkedin.com/in/dzima">
+ www.linkedin.com/in/dzima</a>)</p>
+
<p>Dominik Schürmann of <a href="https://www.ibr.cs.tu-bs.de">Institute for
Operating Systems and Computer Networks</a>, TU Braunschweig</p>
@@ -66,22 +72,35 @@
<p>Guang Gong (龚广) (<a href="https://twitter.com/oldfresher">@oldfresher</a>) of <a href="http://www.360.com/">Qihoo 360 Technology Co.Ltd</a></p>
+<p>Hao Chen of Vulpecker Team, Qihoo 360 Technology Co. Ltd.</p>
+
<p>Hongil Kim (<a href="mailto:hongilk@kaist.ac.kr">hongilk@kaist.ac.kr</a>) of System Security Lab, KAIST</p>
+<p>Jake Valletta of Mandiant, a FireEye company</p>
+
<p>James Forshaw of Google Project Zero</p>
<p>Jann Horn (<a href="https://thejh.net/">https://thejh.net</a>)</p>
+<p>Jeremy C. Joslin of Google</p>
+
<p>jfang of KEEN lab, Tencent (<a href="https://twitter.com/k33nteam">@K33nTeam</a>)</p>
-<p> Jianqiang Zhao (<a href="https://twitter.com/jianqiangzhao">@jianqiangzhao</a>) of IceSword Lab, Qihoo 360</p>
+<p>Jianqiang Zhao (<a href="https://twitter.com/jianqiangzhao">@jianqiangzhao</a>) of IceSword Lab, Qihoo 360</p>
<p>Jouni Malinen PGP id EFC895FA</p>
+<p>Kenny Root of Google</p>
+
+<p>Marco Grassi (<a href="https://twitter.com/marcograss">@marcograss</a>) of KeenLab
+ (<a href="https://twitter.com/keen_lab">@keen_lab</a>), Tencent</p>
+
<p>Mark Brand of Google Project Zero</p>
<p>Martin Barbella of Google Chrome Security Team</p>
+<p>Michał Bednarski (<a href="https://github.com/michalbednarski">https://github.com/michalbednarski</a>)</p>
+
<p>Mingjian Zhou (<a href="https://twitter.com/Mingjian_Zhou">@Mingjian_Zhou</a>) of <a href="http://c0reteam.org">C0RE Team</a> from <a href="http://www.360safe.com/">Qihoo 360</a></p>
<p>Nancy Wang of Vertu Corporation LTD</p>
@@ -116,6 +135,8 @@
<p>Su Mon Kywe of Singapore Management University</p>
+<p>Tao (Lenx) Wei of Baidu X-Lab</p>
+
<p>Tieyan Li of Huawei</p>
<p>Tom Craig of Google X</p>
@@ -126,6 +147,8 @@
<p>Weichao Sun (<a href="https://twitter.com/sunblate">@sunblate</a>) of Alibaba Inc</p>
+<p>William Roberts (<a href="mailto:william.c.roberts@intel.com">william.c.roberts@intel.com</a>)</p>
+
<p>Wish Wu (<a href="https://twitter.com/@wish_wu">@wish_wu</a>) of Trend Micro Inc.</p>
<p><a href="mailto:xw7@indiana.edu">Xiaofeng Wang</a> of Indiana University Bloomington</p>
@@ -142,6 +165,8 @@
<p>Yongzheng Wu of Huawei</p>
+<p>Yulong Zhang of Baidu X-Lab</p>
+
<p>Zach Riggle (<a href="https://twitter.com/@ebeip90">@ebeip90</a>) of the Android Security Team</p>
</div>
@@ -236,6 +261,8 @@
<p>Wen Xu (@antlr7) from KeenTeam (@K33nTeam, <a href="http://k33nteam.org/">http://k33nteam.org/</a>)</p>
+<p>William Roberts (<a href="mailto:william.c.roberts@intel.com">william.c.roberts@intel.com</a>)</p>
+
<p>Wish Wu of Trend Micro Inc. (@wish_wu)</p>
<p>Xuxian Jiang of C0RE Team from Qihoo 360</p>
diff --git a/src/security/security_toc.cs b/src/security/security_toc.cs
index 9b71a4d..d512045 100644
--- a/src/security/security_toc.cs
+++ b/src/security/security_toc.cs
@@ -61,15 +61,25 @@
<li><a href="<?cs var:toroot ?>security/advisory/2016-03-18.html">2016-03-18</a></li>
</ul>
</li>
+ <li><a href="<?cs var:toroot ?>security/bulletin/2016-05-01.html">May 2016</a></li>
<li><a href="<?cs var:toroot ?>security/bulletin/2016-04-02.html">April 2016</a></li>
<li><a href="<?cs var:toroot ?>security/bulletin/2016-03-01.html">March 2016</a></li>
<li><a href="<?cs var:toroot ?>security/bulletin/2016-02-01.html">February 2016</a></li>
<li><a href="<?cs var:toroot ?>security/bulletin/2016-01-01.html">January 2016</a></li>
- <li><a href="<?cs var:toroot ?>security/bulletin/2015-12-01.html">December 2015</a></li>
- <li><a href="<?cs var:toroot ?>security/bulletin/2015-11-01.html">November 2015</a></li>
- <li><a href="<?cs var:toroot ?>security/bulletin/2015-10-01.html">October 2015</a></li>
- <li><a href="<?cs var:toroot ?>security/bulletin/2015-09-01.html">September 2015</a></li>
- <li><a href="<?cs var:toroot ?>security/bulletin/2015-08-01.html">August 2015</a></li>
+ <li class="nav-section">
+ <div class="nav-section-header">
+ <a href="<?cs var:toroot ?>security/bulletin/2015.html">
+ <span class="en">2015 Bulletins</span>
+ </a>
+ </div>
+ <ul>
+ <li><a href="<?cs var:toroot ?>security/bulletin/2015-12-01.html">December 2015</a></li>
+ <li><a href="<?cs var:toroot ?>security/bulletin/2015-11-01.html">November 2015</a></li>
+ <li><a href="<?cs var:toroot ?>security/bulletin/2015-10-01.html">October 2015</a></li>
+ <li><a href="<?cs var:toroot ?>security/bulletin/2015-09-01.html">September 2015</a></li>
+ <li><a href="<?cs var:toroot ?>security/bulletin/2015-08-01.html">August 2015</a></li>
+ </ul>
+ </li>
</ul>
</li>
<li class="nav-section">
