Vulnerability Description
The Java Debug Wire Protocol (JDWP) implementation in adb/sockets.cpp in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 mishandles socket close operations, which allows attackers to gain privileges via a crafted application, aka internal bug 28347842.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Android | 4.0 |
Related Weaknesses (CWE)
References
- http://source.android.com/security/bulletin/2016-09-01.htmlVendor Advisory
- http://www.securityfocus.com/bid/92851
- http://www.securitytracker.com/id/1036763
- https://android.googlesource.com/platform/system/core/+/014b01706cc64dc9c2ad94a9Issue TrackingPatch
- https://android.googlesource.com/platform/system/core/+/268068f25673242d1d5130d9Issue TrackingPatch
- http://source.android.com/security/bulletin/2016-09-01.htmlVendor Advisory
- http://www.securityfocus.com/bid/92851
- http://www.securitytracker.com/id/1036763
- https://android.googlesource.com/platform/system/core/+/014b01706cc64dc9c2ad94a9Issue TrackingPatch
- https://android.googlesource.com/platform/system/core/+/268068f25673242d1d5130d9Issue TrackingPatch
FAQ
What is CVE-2016-3890?
CVE-2016-3890 is a vulnerability with a CVSS score of 7.0 (HIGH). The Java Debug Wire Protocol (JDWP) implementation in adb/sockets.cpp in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-09-01 mishandles socket close operations,...
How severe is CVE-2016-3890?
CVE-2016-3890 has been rated HIGH with a CVSS base score of 7.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2016-3890?
Check the references section above for vendor advisories and patch information. Affected products include: Google Android.