CVE-2015-3854
HIGHAndroid 5.x - Improper Access Control via PNW.stopSaver Broadcast Intent
Title source: llmDescription
packages/SystemUI/src/com/android/systemui/power/PowerNotificationWarnings.java in Android 5.x allows attackers to bypass a DEVICE_POWER permission requirement via a broadcast intent with the PNW.stopSaver action, aka internal bug 20918350.
References (3)
Core 3
Core References
Mailing List, Third Party Advisory mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2016/May/71
Mailing List, Third Party Advisory mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2016/May/72
Issue Tracking, Patch x_refsource_confirm
https://android.googlesource.com/platform/frameworks/base/+/05e0705177d2078fa9f940ce6df723312cfab976
Scores
CVSS v3
7.5
EPSS
0.0054
EPSS Percentile
41.6%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Details
CWE
CWE-284
Status
published
Products (6)
google/android
5.0
google/android
5.0.1
google/android
5.0.2
google/android
5.1
google/android
5.1.0
google/android
5.1.1
Published
Aug 07, 2016
Tracked Since
Feb 18, 2026