CVE-2015-1805

EXPLOITED

Google Android < 3.15.10 - Denial of Service

Title source: rule
STIX 2.1

Exploitation Summary

CVE-2015-1805 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 6 public exploits from researchers including dosomder, panyu6325, codecat007.

AI-analyzed exploit summary This repository contains a privilege escalation exploit for CVE-2015-1805, targeting a Linux kernel vulnerability in the flex_array implementation. The exploit manipulates kernel memory to achieve root access by modifying task credentials and SELinux contexts.

Description

The (1) pipe_read and (2) pipe_write implementations in fs/pipe.c in the Linux kernel before 3.16 do not properly consider the side effects of failed __copy_to_user_inatomic and __copy_from_user_inatomic calls, which allows local users to cause a denial of service (system crash) or possibly gain privileges via a crafted application, aka an "I/O vector array overrun."

Exploits (6)

nomisec WORKING POC 277 stars
by dosomder · poc
https://github.com/dosomder/iovyroot

This repository contains a privilege escalation exploit for CVE-2015-1805, targeting a Linux kernel vulnerability in the flex_array implementation. The exploit manipulates kernel memory to achieve root access by modifying task credentials and SELinux contexts.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Reliable
Target: Linux kernel (versions affected by CVE-2015-1805)
No auth needed
Prerequisites: Kernel addresses for the target system · Compilation for the specific architecture (32/64-bit)
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 31 stars
by panyu6325 · poc
https://github.com/panyu6325/CVE-2015-1805

This PoC exploits a race condition in the Linux kernel's pipe handling (CVE-2015-1805) to achieve local privilege escalation. It uses multithreading to trigger a use-after-free vulnerability, allowing arbitrary memory manipulation.

Classification
Working Poc 90%
Attack Type
Lpe
Complexity
Complex
Reliability
Racy
Target: Linux kernel (versions before 4.0.5)
No auth needed
Prerequisites: Local access to a vulnerable Linux system
devstral-2 · analyzed Feb 16, 2026 Full analysis →
github WORKING POC 8 stars
by codecat007 · cpoc
https://github.com/codecat007/cvehub/tree/main/android/securityPatch/CVE-2015-1805

This PoC exploits a race condition in the Linux kernel's readv system call (CVE-2015-1805) by unmapping and remapping memory while readv is executing, leading to potential privilege escalation. The code uses threads to trigger the race condition between memory operations and I/O operations.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Racy
Target: Linux kernel (versions affected by CVE-2015-1805)
No auth needed
Prerequisites: Linux kernel vulnerable to CVE-2015-1805 · ability to execute code on the target system
devstral-2 · analyzed Feb 27, 2026 Full analysis →
nomisec WORKING POC 4 stars
by ireshchaminda1 · poc
https://github.com/ireshchaminda1/Android-Privilege-Escalation-Remote-Access-Vulnerability-CVE-2015-1805

This repository contains a Python script that builds an APK exploiting CVE-2015-1805 for privilege escalation on Android devices. It uses ngrok for tunneling and generates a malicious payload for remote access.

Classification
Working Poc 80%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Android (versions affected by CVE-2015-1805)
No auth needed
Prerequisites: Python 3.6-3.8 · pyngrok · target Android device vulnerable to CVE-2015-1805
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 3 stars
by FloatingGuy · poc
https://github.com/FloatingGuy/cve-2015-1805

This repository contains a proof-of-concept exploit for CVE-2015-1805, a Linux kernel vulnerability involving a race condition in the pipe system call. The exploit leverages thread-based race conditions to achieve privilege escalation by manipulating memory mappings and pipe operations.

Classification
Working Poc 90%
Attack Type
Lpe
Complexity
Complex
Reliability
Racy
Target: Linux Kernel (versions affected by CVE-2015-1805)
No auth needed
Prerequisites: Linux kernel vulnerable to CVE-2015-1805 · Ability to execute code on the target system
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC
by mobilelinux · poc
https://github.com/mobilelinux/iovy_root_research

This repository contains a functional privilege escalation exploit for CVE-2015-1805, targeting Linux kernels via a vulnerability in the I/O vector (iovec) handling. The exploit modifies kernel memory to escalate privileges to root by manipulating task credentials and syscall tables.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Reliable
Target: Linux kernel (versions affected by CVE-2015-1805)
No auth needed
Prerequisites: Kernel version vulnerable to CVE-2015-1805 · Access to a local user account
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (36)

Core 36
Core References
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-1211.html
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2015/dsa-3290
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1032454
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/74951
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-1120.html
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2967-1
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=1202855
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2680-1
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-1082.html
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2679-1
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2967-2
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-1138.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-1190.html
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/06/06/2
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-1199.html
Vendor Advisory vendor-advisory x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-2681-1
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-1042.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-1137.html
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-1081.html

Scores

EPSS 0.0901
EPSS Percentile 92.8%

Details

VulnCheck KEV 2016-03-18
CWE
CWE-17
Status published
Products (6)
google/android 4.4.3
google/android 5.0.1
google/android 5.1
google/android 5.1.1
google/android 6.0
linux/linux_kernel < 3.15.10
Published Aug 08, 2015
Tracked Since Feb 18, 2026