CVE-2015-3823 Android bug phones in endless reboots

Pierluigi Paganini August 05, 2015

Trend Micro revealed that Android users are threatened by another vulnerability coded as CVE-2015-3823 which traps mobile phones in endless reboots.

Still problems for Android users! A few days ago security experts at Trend Micro discovered a serious flaw in Android OS that can be exploited to crash mobile devices, just before it was announced the Stagefright vulnerability who was threatening nearly 950 Million Android devices that can be easily hacked.

The new security vulnerability, coded CVE-2015-3823, affecting the Android operating system can “brick” the mobile phones by making them unresponsive.

“We have discovered a new vulnerability that allows attackers to perform denial of service (DoS) attacks on Android’s mediaserver program. This causes a device’s system to reboot and drain all its battery life. In more a severe case, where a related malicious app is set to auto-start, the device can be trapped in an endless reboot and rendered unusable.

The vulnerability, CVE-2015-3823, affects Android versions 4.0.1 Jelly Bean to 5.1.1 Lollipop. Around 89% of the Android users (roughly 9 in 10 Android devices active as of June 2015) are affected. However, we have yet to discover active attacks in the wild that exploit this vulnerability.” states a blog post published by Trend Micro, the company that discovered the bug.

Hackers can trigger the flaw causing an Android device to endless Reboot, also in this case the bug resides in the ‘mediaserver’ built-in program like the Stagefright flaw.

Android versions CVE-2015-3823

Nearly 90 percent of Android devices running versions 4.0.1 Jelly Bean to 5.1.1 Lollipop are affected by the vulnerability. The attackers can trigger endless reboots in two ways, by using a malicious Android App or redirecting users a specially-crafted website.

The flaw is caused by an integer overflow in parsing .MKV files, if the mobile device plays a media file .MKV file in the flawed ‘mediaserver’ plugin the mobile device to fall into an endless loop when reading video frames.

“The vulnerability is caused by an integer overflow in parsing MKV files,” continues the post. “causes the device to fall into an endless loop when reading video frames.”

Trend Micro reported the flaw to Google that seems not consider the flaw critic by classifying it as a low-level vulnerability.

Victims have to reboot the mobile device in Safe Mode by holding the power button down and pressing the Power Off option until you see the pop-up box asking you to restart in Safe Mode.

Safe Mode will disable all third-party apps and information, then the victim can use the device until a patch is released.

The post published by Trend Micro also includes two PoC scenarios that clarify how to exploit the Android vulnerability.

Pierluigi Paganini

(Security Affairs – CVE-2015-3823, Android)

Pierluigi Paganini August 20, 2025

DOJ takes action against 22-year-old running RapperBot Botnet

Pierluigi Paganini August 20, 2025