High severity7.5NVD Advisory· Published Aug 7, 2016· Updated May 6, 2026

CVE-2015-3854

Description

packages/SystemUI/src/com/android/systemui/power/PowerNotificationWarnings.java in Android 5.x allows attackers to bypass a DEVICE_POWER permission requirement via a broadcast intent with the PNW.stopSaver action, aka internal bug 20918350.

Affected products

Google/Android6 versions
cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:google:android:5.0.1:*:*:*:*:*:*:*
- cpe:2.3:o:google:android:5.0.2:*:*:*:*:*:*:*
- cpe:2.3:o:google:android:5.1:*:*:*:*:*:*:*
- cpe:2.3:o:google:android:5.1.0:*:*:*:*:*:*:*
- cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

android.googlesource.com/platform/frameworks/base/+/05e0705177d2078fa9f940ce6df723312cfab976nvdIssue TrackingPatch
seclists.org/fulldisclosure/2016/May/71nvdMailing ListThird Party Advisory
seclists.org/fulldisclosure/2016/May/72nvdMailing ListThird Party Advisory

News mentions

No linked articles in our index yet.

cvss	0.488
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000