CVE-2016-3876

providers/settings/SettingsProvider.java in Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 allows physically proximate attackers to bypass the SAFE_BOOT_DISALLOWED protection mechanism and boot to safe mode via the Android Debug Bridge (adb) tool, aka internal bug 29900345.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 MEDIUM
PHYSICAL
LOW
NONE
CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
google_androidCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 7%
VendorProductVersion
googleandroid
6.0
googleandroid
6.0.1
googleandroid
7.0
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
android
bionic
dne
artful
dne
zesty
ignored
yakkety
ignored
xenial
ignored
trusty
dne
precise
dne
Common Weakness Enumeration
References
http://source.android.com/security/bulletin/2016-09-01.html
http://www.securityfocus.com/bid/92819
http://www.securitytracker.com/id/1036763
https://android.googlesource.com/platform/frameworks/base/+/91fc934bb2e5ea59929bb2f574de6db9b5100745
http://source.android.com/security/bulletin/2016-09-01.html
http://www.securityfocus.com/bid/92819
http://www.securitytracker.com/id/1036763
https://android.googlesource.com/platform/frameworks/base/+/91fc934bb2e5ea59929bb2f574de6db9b5100745