CVE-2016-3833

Published: Aug 5, 2016Modified: May 6, 2026

7.8

Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

The Shell component in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 does not properly manage the MANAGE_USERS and CREATE_USERS permissions, which allows attackers to bypass intended access restrictions via a crafted application, aka internal bug 29189712.

Affected (6)

Products: Google: Android

1 product

Configuration A

6 vulnerable

Vulnerable Software	Affected Versions
Google Android	Version 5.0.1
Google Android	Version 5.0
Google Android	Version 5.1.0
Google Android	Version 5.1
Google Android	Version 6.0.1
Google Android	Version 6.0

Related CWEs

References (8)

http://source.android.com/security/bulletin/2016-08-01.html

Source: security@android.com

Vendor Advisory

http://www.securityfocus.com/bid/92225

Source: security@android.com

https://android.googlesource.com/platform/frameworks/base/+/01875b0274e74f97edf6b0d5c92de822e0555d03

Source: security@android.com

Issue TrackingPatch

https://android.googlesource.com/platform/frameworks/base/+/4e4743a354e26467318b437892a9980eb9b8328a

Source: security@android.com

Issue TrackingPatch

http://source.android.com/security/bulletin/2016-08-01.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/92225

Source: af854a3a-2127-422b-91ae-364da2661108

https://android.googlesource.com/platform/frameworks/base/+/01875b0274e74f97edf6b0d5c92de822e0555d03

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatch

https://android.googlesource.com/platform/frameworks/base/+/4e4743a354e26467318b437892a9980eb9b8328a

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatch

Timeline

No history available yet.