CVE-2016-0813

MEDIUM

Android <5.1.1 LMY49G & <6 - Privilege Escalation

Title source: llm

Description

packages/SystemUI/src/com/android/systemui/recents/AlternateRecentsComponent.java in Setup Wizard in Android 5.1.x before 5.1.1 LMY49G and 6.x before 2016-02-01 does not properly check for device provisioning, which allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism and delete data via unspecified vectors, aka internal bug 25476219.

References (2)

[Patch] https://android.googlesource.com/platform%2Fframeworks%2Fbase/+/16a76dadcc23a13223e9c2216dad1fe5cad7d6e1

[Vendor Advisory] http://source.android.com/security/bulletin/2016-02-01.html

Scores

CVSS v3 6.1

EPSS 0.0002

EPSS Percentile 3.8%

Attack Vector PHYSICAL

CVSS:3.0/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Classification

CWE

CWE-264

Status draft

Affected Products (5)

google/android

Timeline

Published Feb 07, 2016

Tracked Since Feb 18, 2026