Bypassing DEVICE_POWER Permission Requirement in PowerNotificationWarnings.java

CVE-2015-3854 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:P/A:N

packages/SystemUI/src/com/android/systemui/power/PowerNotificationWarnings.java in Android 5.x allows attackers to bypass a DEVICE_POWER permission requirement via a broadcast intent with the PNW.stopSaver action, aka internal bug 20918350.

Learn more about our Cis Benchmark Audit For Google Android.