Vulnerability Details : CVE-2016-3760
Bluetooth in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows local users to gain privileges by establishing a pairing that remains present during a session of the primary user, aka internal bug 27410683.
Published
2016-07-11 02:00:01
Updated
2016-07-12 14:05:17
Vulnerability category: Input validation
Exploit prediction scoring system (EPSS) score for CVE-2016-3760
Probability of exploitation activity in the next 30 days: 0.06%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 23 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2016-3760
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
5.4
|
MEDIUM | AV:A/AC:M/Au:N/C:P/I:P/A:P |
5.5
|
6.4
|
NIST |
7.5
|
HIGH | CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
1.6
|
5.9
|
NIST |
CWE ids for CVE-2016-3760
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
-
The product contains a code sequence that can run concurrently with other code, and the code sequence requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence that is operating concurrently.Assigned by: nvd@nist.gov (Primary)
References for CVE-2016-3760
-
https://android.googlesource.com/platform/hardware/libhardware/+/8b3d5a64c3c8d010ad4517f652731f09107ae9c5
8b3d5a64c3c8d010ad4517f652731f09107ae9c5 - platform/hardware/libhardware - Git at Google
-
https://android.googlesource.com/platform/packages/apps/Bluetooth/+/122feb9a0b04290f55183ff2f0384c6c53756bd8
122feb9a0b04290f55183ff2f0384c6c53756bd8 - platform/packages/apps/Bluetooth - Git at Google
-
https://android.googlesource.com/platform/system/bt/+/37c88107679d36c419572732b4af6e18bb2f7dce
37c88107679d36c419572732b4af6e18bb2f7dce - platform/system/bt - Git at Google
-
http://source.android.com/security/bulletin/2016-07-01.html
Android Security Bulletin—July 2016 | Android Open Source ProjectVendor Advisory
Products affected by CVE-2016-3760
- cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*
- cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:google:android:5.0.1:*:*:*:*:*:*:*
- cpe:2.3:o:google:android:5.1:*:*:*:*:*:*:*
- cpe:2.3:o:google:android:5.1.0:*:*:*:*:*:*:*