CVE Vulnerabilities

CVE-2016-3908

Published: Oct 10, 2016 | Modified: Nov 28, 2016
CVSS 3.x
5.5
MEDIUM
Source:
NVD
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:P/A:N
RedHat/V2
RedHat/V3
Ubuntu

The Lock Settings Service in Android 6.x before 2016-10-01 and 7.0 before 2016-10-01 allows attackers to remove a device’s PIN or password, and consequently gain privileges, via a crafted application, aka internal bug 30003944.

Affected Software

Name Vendor Start Version End Version
Android Google 6.0 6.0
Android Google 6.0.1 6.0.1
Android Google 7.0 7.0
Android Ubuntu trusty *
Android Ubuntu vivid/stable-phone-overlay *
Android Ubuntu xenial *
Android Ubuntu yakkety *
Android Ubuntu zesty *

References