Unrated severityNVD Advisory· Published Oct 1, 2015· Updated May 6, 2026

CVE-2015-3860

Description

packages/Keyguard/res/layout/keyguard_password_view.xml in Lockscreen in Android 5.x before 5.1.1 LMY48M does not restrict the number of characters in the passwordEntry input field, which allows physically proximate attackers to bypass intended access restrictions via a long password that triggers a SystemUI crash, aka internal bug 22214934.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

sites.utexas.edu/iso/2015/09/15/android-5-lockscreen-bypass/nvdExploit
code.google.com/p/android/issues/detailnvdExploit
android.googlesource.com/platform/frameworks/base/+/8fba7e6931245a17215e0e740e78b45f6b66d590nvdVendor Advisory
groups.google.com/forum/message/rawnvdVendor Advisory

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000