CVE-2015-6639

HIGH

Android Widevine QSEE TrustZone < 5.1.1 LMY49F and < 2016-01-01 - Privilege Escalation via QSEECOM Access

Title source: llm

Exploitation Summary

EIP tracks 3 public exploits for CVE-2015-6639. PoCs published by laginimaineb.

AI-analyzed exploit summary This exploit targets a privilege escalation vulnerability in Qualcomm's Secure Execution Environment (QSEE) by leveraging PRDiag commands. It allows local attackers to escalate privileges on affected devices.

Description

The Widevine QSEE TrustZone application in Android 5.x before 5.1.1 LMY49F and 6.0 before 2016-01-01 allows attackers to gain privileges via a crafted application that leverages QSEECOM access, aka internal bug 24446875.

Exploits (3)

exploitdb WORKING POC

by laginimaineb · textlocalandroid

https://www.exploit-db.com/exploits/39757

View Code ZIP pw:eip

This exploit targets a privilege escalation vulnerability in Qualcomm's Secure Execution Environment (QSEE) by leveraging PRDiag commands. It allows local attackers to escalate privileges on affected devices.

Classification

Working Poc 90%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: Qualcomm Secure Execution Environment (QSEE)

No auth needed

Prerequisites: Local access to the target device · PRDiag commands accessible

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WORKING POC 362 stars

by laginimaineb · poc

https://github.com/laginimaineb/ExtractKeyMaster

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2016-2431, targeting Qualcomm's KeyMaster to extract cryptographic keys. The exploit leverages memory corruption in the QSEECom API to bypass security measures and dump keys from the Widevine trusted application.

Classification

Working Poc 95%

Attack Type

Info Leak

Complexity

Complex

Reliability

Reliable

Target: Qualcomm Secure Execution Environment (QSEE) with KeyMaster/Widevine

No auth needed

Prerequisites: Root access on the target device · Qualcomm chipset with vulnerable QSEE implementation

MITRE ATT&CK

T1006 - Direct Volume Access T1552 - Unsecured Credentials

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec WORKING POC 123 stars

by laginimaineb · poc

https://github.com/laginimaineb/cve-2015-6639

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2015-6639, a QSEE privilege escalation vulnerability. The code demonstrates memory corruption via PRDiag commands to achieve local privilege escalation on affected Qualcomm devices.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Complex

Reliability

Racy

Target: Qualcomm Secure Execution Environment (QSEE)

No auth needed

Prerequisites: Access to a vulnerable Qualcomm device with QSEE · Ability to execute native code on the target device

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (5)

Core 5

Core References

Exploit, Third Party Advisory exploit

https://www.exploit-db.com/exploits/39757/

Third Party Advisory, VDB Entry vdb-entry

http://www.securitytracker.com/id/1034592

Mailing List mailing-list

http://seclists.org/fulldisclosure/2023/May/26

Vendor Advisory

http://source.android.com/security/bulletin/2016-01-01.html

Exploit, Third Party Advisory

http://packetstormsecurity.com/files/172637/Widevine-Trustlet-5.x-6.x-7.x-PRDiagVerifyProvisioning-Buffer-Overflow.html

Scores

CVSS v3 7.8

EPSS 0.0677

EPSS Percentile 93.1%

Attack Vector LOCAL

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-264

Status published

Products (4)

google/android 5.0

google/android 5.1.1

google/android 6.0

google/android 6.0.1

Published Jan 06, 2016

Tracked Since Feb 18, 2026