CVE-2016-3885

Published: Sep 11, 2016Modified: May 6, 2026

7.8

Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

debuggerd/debuggerd.cpp in Debuggerd in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 mishandles the interaction between PTRACE_ATTACH operations and thread exits, which allows attackers to gain privileges via a crafted application, aka internal bug 29555636.

Affected (7)

Products: Google: Android

1 product

Configuration A

7 vulnerable

Vulnerable Software	Affected Versions
Google Android	Version 5.0.1
Google Android	Version 5.0
Google Android	Version 5.1.0
Google Android	Version 5.1
Google Android	Version 6.0.1
Google Android	Version 6.0
Google Android	Version 7.0

Related CWEs

References (10)

http://source.android.com/security/bulletin/2016-09-01.html

Source: security@android.com

Vendor Advisory

http://source.android.com/security/bulletin/2016-10-01.html

Source: security@android.com

Vendor Advisory

http://www.securityfocus.com/bid/92876

Source: security@android.com

http://www.securitytracker.com/id/1036763

Source: security@android.com

https://android.googlesource.com/platform/system/core/+/d7603583f90c2bc6074a4ee2886bd28082d7c65b

Source: security@android.com

Issue TrackingPatch

http://source.android.com/security/bulletin/2016-09-01.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://source.android.com/security/bulletin/2016-10-01.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/92876

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id/1036763

Source: af854a3a-2127-422b-91ae-364da2661108

https://android.googlesource.com/platform/system/core/+/d7603583f90c2bc6074a4ee2886bd28082d7c65b

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatch

Timeline

No history available yet.