Main Vulnerability Database SB2016091234

SB2016091234 - Permissions, Privileges, and Access Controls in Google, Google Android

Published: September 12, 2016 Updated: August 9, 2020

Security Bulletin ID SB2016091234

Severity

Medium

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Physical access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2016-3875)

The vulnerability allows a local non-authenticated attacker to execute arbitrary code.

server/wm/WindowManagerService.java in Android 6.x before 2016-09-01 does not enforce the DISALLOW_SAFE_BOOT setting, which allows physically proximate attackers to bypass intended access restrictions and boot to safe mode via unspecified vectors, aka internal bug 26251884.

Remediation

Install update from vendor's website.

References

http://source.android.com/security/bulletin/2016-09-01.html
http://www.securityfocus.com/bid/92818
http://www.securitytracker.com/id/1036763
https://android.googlesource.com/platform/frameworks/base/+/69729fa8b13cadbf3173fe1f389fe4f3b7bd0f9c