CVE-2016-3760

Publication date 11 July 2016

Last updated 25 August 2025

Ubuntu priority

Cvss 3 Severity Score

Description

Bluetooth in Android 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-07-01 allows local users to gain privileges by establishing a pairing that remains present during a session of the primary user, aka internal bug 27410683.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
android	18.04 LTS bionic	Not in release
	17.10 artful	Not in release
	17.04 zesty	Ignored end of life
	16.10 yakkety	Ignored end of life
	16.04 LTS xenial	Ignored abandoned
	15.10 wily	Ignored end of life
	14.04 LTS trusty	Not in release
	12.04 LTS precise	Not in release

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
android	Upstream: https://android.googlesource.com/platform/system/bt/+/37c88107679d36c419572732b4af6e18bb2f7dce Upstream: https://android.googlesource.com/platform/packages/apps/Bluetooth/+/122feb9a0b04290f55183ff2f0384c6c53756bd8 Upstream: https://android.googlesource.com/platform/hardware/libhardware/+/8b3d5a64c3c8d010ad4517f652731f09107ae9c5

Severity score breakdown

Parameter	Value
Base score	7.5 · High
Attack vector	Adjacent
Attack complexity	High
Privileges required	None
User interaction	None
Scope	Unchanged
Confidentiality	High
Integrity impact	High
Availability impact	High
Vector	CVSS:3.0/AV:A/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H