CVE-2016-3888

Publication date 11 September 2016

Last updated 25 August 2025


Ubuntu priority

Cvss 3 Severity Score

2.1 · Low

Score breakdown

Description

internal/telephony/SMSDispatcher.java in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-09-01, and 7.0 before 2016-09-01 allows physically proximate attackers to bypass the Factory Reset Protection protection mechanism, and send premium SMS messages during the Setup Wizard provisioning stage, via unspecified vectors, aka internal bug 29420123.

Status

Package Ubuntu Release Status
android 16.04 LTS xenial
Not affected
14.04 LTS trusty Not in release
12.04 LTS precise Not in release

Severity score breakdown

CVSS version: CVSS v3.0

Base score 2.1 · Low

Vector: CVSS:3.0/AV:P/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N


Access our resources on patching vulnerabilities