CVE-2015-0571
HIGHLinux Kernel 3.x-4.x < 4.20.15 - Missing Authorization in WLAN Driver IOCTL Calls
Title source: llmDescription
The WLAN (aka Wi-Fi) driver for the Linux kernel 3.x and 4.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not verify authorization for private SET IOCTL calls, which allows attackers to gain privileges via a crafted application, related to wlan_hdd_hostapd.c and wlan_hdd_wext.c.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
http://source.android.com/security/bulletin/2016-05-01.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/77691
Broken Link x_refsource_confirm
https://www.codeaurora.org/projects/security-advisories/multiple-issues-wlan-driver-allow-local-privilege-escalation-cve-2015
Scores
CVSS v3
7.8
EPSS
0.0135
EPSS Percentile
68.3%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-862
Status
published
Products (1)
linux/linux_kernel
4.0.0 - 4.20.15
Published
May 09, 2016
Tracked Since
Feb 18, 2026