CVE-2016-3876

EUVD-2016-4889
providers/settings/SettingsProvider.java in Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 allows physically proximate attackers to bypass the SAFE_BOOT_DISALLOWED protection mechanism and boot to safe mode via the Android Debug Bridge (adb) tool, aka internal bug 29900345.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 MEDIUM
PHYSICAL
LOW
NONE
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 6%
Affected Products (NVD)
VendorProductVersion
googleandroid
6.0
googleandroid
6.0.1
googleandroid
7.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
android
artful
dne
bionic
dne
precise
dne
trusty
dne
xenial
ignored
yakkety
ignored
zesty
ignored
Common Weakness Enumeration
References
http://source.android.com/security/bulletin/2016-09-01.html
http://www.securityfocus.com/bid/92819
http://www.securitytracker.com/id/1036763
https://android.googlesource.com/platform/frameworks/base/+/91fc934bb2e5ea59929bb2f574de6db9b5100745
http://source.android.com/security/bulletin/2016-09-01.html
http://www.securityfocus.com/bid/92819
http://www.securitytracker.com/id/1036763
https://android.googlesource.com/platform/frameworks/base/+/91fc934bb2e5ea59929bb2f574de6db9b5100745