Bypass of DISALLOW_SAFE_BOOT Setting in Android 6.x

Bypass of DISALLOW_SAFE_BOOT Setting in Android 6.x

CVE-2016-3875 · HIGH Severity

AV:L/AC:L/AU:N/C:C/I:C/A:C

server/wm/WindowManagerService.java in Android 6.x before 2016-09-01 does not enforce the DISALLOW_SAFE_BOOT setting, which allows physically proximate attackers to bypass intended access restrictions and boot to safe mode via unspecified vectors, aka internal bug 26251884.

Learn more about our Cis Benchmark Audit For Google Android.