CVE-2015-3854

Published: Aug 7, 2016Modified: May 6, 2026

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

packages/SystemUI/src/com/android/systemui/power/PowerNotificationWarnings.java in Android 5.x allows attackers to bypass a DEVICE_POWER permission requirement via a broadcast intent with the PNW.stopSaver action, aka internal bug 20918350.

Affected (6)

Products: Google: Android

1 product

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Google Android	Version 5.0.1
Google Android	Version 5.0.2
Google Android	Version 5.0
Google Android	Version 5.1.0
Google Android	Version 5.1.1
Google Android	Version 5.1

Related CWEs

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (6)

http://seclists.org/fulldisclosure/2016/May/71

Source: security@android.com

Mailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2016/May/72

Source: security@android.com

Mailing ListThird Party Advisory

https://android.googlesource.com/platform/frameworks/base/+/05e0705177d2078fa9f940ce6df723312cfab976

Source: security@android.com

Issue TrackingPatch

http://seclists.org/fulldisclosure/2016/May/71

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2016/May/72

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://android.googlesource.com/platform/frameworks/base/+/05e0705177d2078fa9f940ce6df723312cfab976

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatch

Timeline

No history available yet.