Vulnerability Name: | CVE-2015-0571 (CCN-110052) | ||||||||||||||||||||
Assigned: | 2015-01-07 | ||||||||||||||||||||
Published: | 2016-01-25 | ||||||||||||||||||||
Updated: | 2020-07-31 | ||||||||||||||||||||
Summary: | The WLAN (aka Wi-Fi) driver for the Linux kernel 3.x and 4.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not verify authorization for private SET IOCTL calls, which allows attackers to gain privileges via a crafted application, related to wlan_hdd_hostapd.c and wlan_hdd_wext.c. | ||||||||||||||||||||
CVSS v3 Severity: | 7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) 6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
5.2 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C)
| ||||||||||||||||||||
CVSS v2 Severity: | 9.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C)
| ||||||||||||||||||||
Vulnerability Type: | CWE-862 | ||||||||||||||||||||
Vulnerability Consequences: | Gain Privileges | ||||||||||||||||||||
References: | Source: MITRE Type: CNA CVE-2015-0571 Source: CONFIRM Type: Vendor Advisory http://source.android.com/security/bulletin/2016-05-01.html Source: BID Type: Third Party Advisory, VDB Entry 77691 Source: XF Type: UNKNOWN linux-kernel-cve20150571-priv-esc(110052) Source: CCN Type: CodeAurora Web site Multiple Issues in WLAN Driver Allow Local Privilege Escalation (CVE-2015-0569, CVE-2015-0570, CVE-2015-0571) Source: CONFIRM Type: Broken Link https://www.codeaurora.org/projects/security-advisories/multiple-issues-wlan-driver-allow-local-privilege-escalation-cve-2015 | ||||||||||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||||||||||
Oval Definitions | |||||||||||||||||||||
| |||||||||||||||||||||
BACK |