This vulnerability allows for arbitrary code execution in the context of many apps and services and results in elevation of privileges. There is a Proof-of-Concept exploit against the Google Nexus 5 device, that achieves code execution inside the highly privileged system_server process, and then either replaces an existing arbitrary application on the device with our own malware app or changes the device’s SELinux policy. For some other devices, it is also possible to gain kernel code execution by loading an arbitrary kernel modules. This vulnerability was responsibly disclosed to the Android Security Team which tagged it as CVE-2015-3825 internally as ANDROID-21437603/ANDROID-21583849 and patched Android 4.4 / 5.x / M and Google Play Services.
CVE-2015-3825 is the wrong CVE number (duplicate), CVE-2015-3837 should be used instead
The OpenSSLX509Certificate class in org/conscrypt/OpenSSLX509Certificate.java in Android before 5.1.1 LMY48I improperly includes certain context data during serialization and deserialization, which allows attackers to execute arbitrary code via an application that sends a crafted Intent, aka internal bug 21437603.
www.droid-life.com/2015/08/05/android-5-1-1-lmy48i-factory-images-arrive-for-nexus-4-5-6-7-2013-9-and-10/
android.googlesource.com/platform/external/conscrypt/+/8d57b9dbbd883422a0ff02083bfcf637b097e504
android.googlesource.com/platform/external/conscrypt/+/de55e62f6c7ecd57d0a91f2b497885c3bdc661d3
android.googlesource.com/platform/external/conscrypt/+/edf7055461e2d7fa18de5196dca80896a56e3540
groups.google.com/forum/message/raw?msg=android-security-updates/Ugvu3fi6RQM/yzJvoTVrIQAJ
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3825
web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3837
www.usenix.org/system/files/conference/woot15/woot15-paper-peles.pdf