CVE-2015-3865
Published: 6 October 2015
The Runtime subsystem in Android before 5.1.1 LMY48T allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23050463.
Notes
Author | Note |
---|---|
sbeattie | non-zygote apps were able to make JDWP connections |
jdstrand | Ubuntu does not use the Runtime subsystem |
Priority
References
- https://groups.google.com/forum/#!topic/android-security-updates/iv1BF0f0XY4
- https://android.googlesource.com/platform/cts/+/3f7334822ba4cc53f81f22f3519093bf4e1d7f89%5E!/#F0
- https://android.googlesource.com/platform/frameworks/base/+/ff8dc21278b19b22ed8dc9f9475850838336d351%5E!/#F0
- https://www.cve.org/CVERecord?id=CVE-2015-3865
- NVD
- Launchpad
- Debian