Skip Ribbon Commands
Skip to main content
Computer Emergency Response Team of Mauritius (CERT-MU)
Computer Emergency Response Team of Mauritius>Nearly 90 percent of Android devices vulnerable to endless reboot bug

Nearly 90 percent of Android devices vulnerable to endless reboot bug

After the disclosure of a denial of service (DoS) vulnerability impacting the majority of Android devices in use, security researchers have discovered another Denial of Service flaw that affects even more users. The vulnerability can be exploited by an attacker to cause a device to reboot, and it is similar to the previously identified bug in that it exists in the mediaserver program. In more a severe case, where a related malicious app is set to auto-start, the device can be trapped in an endless reboot and rendered unusable. This vulnerability can also cause the device to be drained of its battery life. An attacker can exploit the bug (CVE-2015-3823), which is caused by an integer overflow in parsing .MKV files - either by a malicious app installed on the affected device, or by luring a user to a specially crafted website containing a malformed media file. The vulnerability affects Android versions 4.0.1 to 5.1.1, which indicates that about 89 percent of devices in use today are affected.


SC Magazine

Team Cymru


The information provided herein is on "as is" basis, without warranty of any kind.

Contact Information

Postal address
Mauritian Computer Emergency Response Team (CERT-MU)
National Computer Board
7th Floor, Stratton Court
La Poudriere Street
Port Louis