Vulnerability Description
The getRunningAppProcesses function in services/core/java/com/android/server/am/ActivityManagerService.java in Android before 5.1.1 LMY48I allows attackers to bypass intended getRecentTasks restrictions and discover the name of the foreground application via a crafted application, aka internal bug 20034603.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Android | <= 5.1 |
Related Weaknesses (CWE)
References
- http://stackoverflow.com/questions/24625936/getrunningtasks-doesnt-work-in-andro
- https://android.googlesource.com/platform/frameworks/base/+/aaa0fee0d7a8da347a0cVendor Advisory
- https://groups.google.com/forum/message/raw?msg=android-security-updates/Ugvu3fiVendor Advisory
- http://stackoverflow.com/questions/24625936/getrunningtasks-doesnt-work-in-andro
- https://android.googlesource.com/platform/frameworks/base/+/aaa0fee0d7a8da347a0cVendor Advisory
- https://groups.google.com/forum/message/raw?msg=android-security-updates/Ugvu3fiVendor Advisory
FAQ
What is CVE-2015-3833?
CVE-2015-3833 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The getRunningAppProcesses function in services/core/java/com/android/server/am/ActivityManagerService.java in Android before 5.1.1 LMY48I allows attackers to bypass intended getRecentTasks restrictio...
How severe is CVE-2015-3833?
CVE-2015-3833 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-3833?
Check the references section above for vendor advisories and patch information. Affected products include: Google Android.