CVE-2015-6637

HIGH

Android < 5.1.1 LMY49F and 6.0 < 2016-01-01 - Privilege Escalation via MediaTek misc-sd Driver

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2015-6637. PoCs published by betalphafai.

AI-analyzed exploit summary This repository contains a functional PoC exploit for CVE-2015-6637, targeting a vulnerability in the MediaTek MSDC driver. The exploit uses ioctl calls to trigger memory corruption via crafted MSDC_REINIT_SDCARD operations, demonstrating arbitrary read/write capabilities.

Description

The MediaTek misc-sd driver in Android before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application, aka internal bug 25307013.

Exploits (1)

nomisec WORKING POC 7 stars
by betalphafai · poc
https://github.com/betalphafai/CVE-2015-6637

This repository contains a functional PoC exploit for CVE-2015-6637, targeting a vulnerability in the MediaTek MSDC driver. The exploit uses ioctl calls to trigger memory corruption via crafted MSDC_REINIT_SDCARD operations, demonstrating arbitrary read/write capabilities.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: MediaTek MSDC driver (Android kernel)
No auth needed
Prerequisites: Access to /dev/misc-sd device node · MediaTek-based Android device with vulnerable driver
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1034592

Scores

CVSS v3 7.8
EPSS 0.0063
EPSS Percentile 45.5%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-264
Status published
Products (5)
google/android 4.4.4
google/android 5.0
google/android 5.1.1
google/android 6.0
google/android 6.0.1
Published Jan 06, 2016
Tracked Since Feb 18, 2026