CVE-2016-3876
Published: 11 September 2016
providers/settings/SettingsProvider.java in Android 6.x before 2016-09-01 and 7.0 before 2016-09-01 allows physically proximate attackers to bypass the SAFE_BOOT_DISALLOWED protection mechanism and boot to safe mode via the Android Debug Bridge (adb) tool, aka internal bug 29900345.
Priority
Severity score breakdown
Parameter | Value |
---|---|
Base score | 6.8 |
Attack vector | Physical |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |