Bypassing DEVICE_POWER Permission Requirement in PowerNotificationWarnings.java
CVE-2015-3854 · MEDIUM Severity
AV:N/AC:L/AU:N/C:N/I:P/A:N
packages/SystemUI/src/com/android/systemui/power/PowerNotificationWarnings.java in Android 5.x allows attackers to bypass a DEVICE_POWER permission requirement via a broadcast intent with the PNW.stopSaver action, aka internal bug 20918350.
Learn more about our Cis Benchmark Audit For Google Android.