CVE-2015-0571

The WLAN (aka Wi-Fi) driver for the Linux kernel 3.x and 4.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not verify authorization for private SET IOCTL calls, which allows attackers to gain privileges via a crafted application, related to wlan_hdd_hostapd.c and wlan_hdd_wext.c.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.8 HIGH
LOCAL
LOW
NONE
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 48%
VendorProductVersion
linuxlinux_kernel
4.0.0 ≤
𝑥
≤ 4.20.15
linuxlinux_kernel
3.0.0 ≤
𝑥
≤ 3.18.66
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
linux
xenial
not-affected
wily
not-affected
trusty
not-affected
precise
not-affected
linux-armadaxp
xenial
dne
wily
dne
trusty
dne
precise
not-affected
linux-flo
xenial
not-affected
wily
not-affected
trusty
dne
precise
dne
linux-goldfish
xenial
not-affected
wily
not-affected
trusty
dne
precise
dne
linux-grouper
xenial
dne
wily
dne
trusty
dne
precise
dne
linux-linaro-omap
xenial
dne
wily
dne
trusty
dne
precise
ignored
linux-linaro-shared
xenial
dne
wily
dne
trusty
dne
precise
ignored
linux-linaro-vexpress
xenial
dne
wily
dne
trusty
dne
precise
ignored
linux-lts-quantal
xenial
dne
wily
dne
trusty
dne
precise
ignored
linux-lts-raring
xenial
dne
wily
dne
trusty
dne
precise
ignored
linux-lts-saucy
xenial
dne
wily
dne
trusty
dne
precise
ignored
linux-lts-trusty
xenial
dne
wily
dne
trusty
dne
precise
not-affected
linux-lts-utopic
xenial
dne
wily
dne
trusty
dne
precise
dne
linux-lts-vivid
xenial
dne
wily
dne
trusty
dne
precise
dne
linux-lts-wily
xenial
dne
wily
dne
trusty
dne
precise
dne
linux-lts-xenial
xenial
dne
wily
dne
trusty
not-affected
precise
dne
linux-maguro
xenial
dne
wily
dne
trusty
dne
precise
dne
linux-mako
xenial
not-affected
wily
not-affected
trusty
dne
precise
dne
linux-manta
xenial
dne
wily
not-affected
trusty
dne
precise
dne
linux-qcm-msm
xenial
dne
wily
dne
trusty
dne
precise
ignored
linux-raspi2
xenial
not-affected
wily
not-affected
trusty
dne
precise
dne
linux-snapdragon
xenial
not-affected
wily
dne
trusty
dne
precise
dne
linux-ti-omap4
xenial
dne
wily
dne
trusty
dne
precise
not-affected
Common Weakness Enumeration
References
http://source.android.com/security/bulletin/2016-05-01.html
http://www.securityfocus.com/bid/77691
https://www.codeaurora.org/projects/security-advisories/multiple-issues-wlan-driver-allow-local-privilege-escalation-cve-2015
http://source.android.com/security/bulletin/2016-05-01.html
http://www.securityfocus.com/bid/77691
https://www.codeaurora.org/projects/security-advisories/multiple-issues-wlan-driver-allow-local-privilege-escalation-cve-2015