CVE-2015-3844

Name of the Vulnerable Software and Affected Versions Android versions prior to 5.1.1 LMY48I

Description The issue is related to the getProcessRecordLocked method in the ActivityManagerService.java file, which allows attackers to trigger incorrect process loading via a crafted application. This can be demonstrated by interfering with the use of the Settings application. The vulnerability is associated with insufficient access control to certain functions, which can be exploited by a remote attacker to cause incorrect process loading using a specially formed application.

Recommendations For Android versions prior to 5.1.1 LMY48I, update to version 5.1.1 LMY48I or later to resolve the issue. As a temporary workaround, consider restricting access to the getProcessRecordLocked method in the ActivityManagerService.java file until a patch is available.