cvelistv5 - cve-2015-0571

CVE-2015-0571 (GCVE-0-2015-0571)

Vulnerability from cvelistv5 – Published: 2016-05-09 10:00 – Updated: 2024-08-06 04:17

Summary

The WLAN (aka Wi-Fi) driver for the Linux kernel 3.x and 4.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not verify authorization for private SET IOCTL calls, which allows attackers to gain privileges via a crafted application, related to wlan_hdd_hostapd.c and wlan_hdd_wext.c.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://source.android.com/security/bulletin/2016-…	x_refsource_CONFIRM
	http://www.securityfocus.com/bid/77691	vdb-entryx_refsource_BID
	https://www.codeaurora.org/projects/security-advi…	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T04:17:31.268Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://source.android.com/security/bulletin/2016-05-01.html"
          },
          {
            "name": "77691",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/77691"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.codeaurora.org/projects/security-advisories/multiple-issues-wlan-driver-allow-local-privilege-escalation-cve-2015"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-12-21T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The WLAN (aka Wi-Fi) driver for the Linux kernel 3.x and 4.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not verify authorization for private SET IOCTL calls, which allows attackers to gain privileges via a crafted application, related to wlan_hdd_hostapd.c and wlan_hdd_wext.c."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-11-25T19:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://source.android.com/security/bulletin/2016-05-01.html"
        },
        {
          "name": "77691",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/77691"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.codeaurora.org/projects/security-advisories/multiple-issues-wlan-driver-allow-local-privilege-escalation-cve-2015"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-0571",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The WLAN (aka Wi-Fi) driver for the Linux kernel 3.x and 4.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not verify authorization for private SET IOCTL calls, which allows attackers to gain privileges via a crafted application, related to wlan_hdd_hostapd.c and wlan_hdd_wext.c."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://source.android.com/security/bulletin/2016-05-01.html",
              "refsource": "CONFIRM",
              "url": "http://source.android.com/security/bulletin/2016-05-01.html"
            },
            {
              "name": "77691",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/77691"
            },
            {
              "name": "https://www.codeaurora.org/projects/security-advisories/multiple-issues-wlan-driver-allow-local-privilege-escalation-cve-2015",
              "refsource": "CONFIRM",
              "url": "https://www.codeaurora.org/projects/security-advisories/multiple-issues-wlan-driver-allow-local-privilege-escalation-cve-2015"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-0571",
    "datePublished": "2016-05-09T10:00:00",
    "dateReserved": "2015-01-07T00:00:00",
    "dateUpdated": "2024-08-06T04:17:31.268Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.0.0\", \"versionEndIncluding\": \"4.20.15\", \"matchCriteriaId\": \"7FF42CEC-BC1A-4932-AD2D-004152E895B3\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"3.0.0\", \"versionEndIncluding\": \"3.18.66\", \"matchCriteriaId\": \"AA70EB46-9EC5-4D20-9569-23B0C557A7BB\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"The WLAN (aka Wi-Fi) driver for the Linux kernel 3.x and 4.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not verify authorization for private SET IOCTL calls, which allows attackers to gain privileges via a crafted application, related to wlan_hdd_hostapd.c and wlan_hdd_wext.c.\"}, {\"lang\": \"es\", \"value\": \"El controlador WLAN (tambi\\u00e9n conocido como Wi-Fi) para el kernel de Linux 3.x y 4.x, seg\\u00fan se utiliza en Qualcomm Innovation Center (QuIC) Android contributions for MSM devices y otros productos, no verifica la autorizaci\\u00f3n para llamadas SET IOCTL privadas, lo que permite a atacantes obtener privilegios a trav\\u00e9s de una aplicaci\\u00f3n manipulada, relacionado con wlan_hdd_hostapd.c y wlan_hdd_wext.c.\"}]",
      "id": "CVE-2015-0571",
      "lastModified": "2024-11-21T02:23:20.220",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 9.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2016-05-09T10:59:02.237",
      "references": "[{\"url\": \"http://source.android.com/security/bulletin/2016-05-01.html\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/77691\", \"source\": \"cve@mitre.org\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://www.codeaurora.org/projects/security-advisories/multiple-issues-wlan-driver-allow-local-privilege-escalation-cve-2015\", \"source\": \"cve@mitre.org\", \"tags\": [\"Broken Link\"]}, {\"url\": \"http://source.android.com/security/bulletin/2016-05-01.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.securityfocus.com/bid/77691\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\", \"VDB Entry\"]}, {\"url\": \"https://www.codeaurora.org/projects/security-advisories/multiple-issues-wlan-driver-allow-local-privilege-escalation-cve-2015\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-862\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2015-0571\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2016-05-09T10:59:02.237\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The WLAN (aka Wi-Fi) driver for the Linux kernel 3.x and 4.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not verify authorization for private SET IOCTL calls, which allows attackers to gain privileges via a crafted application, related to wlan_hdd_hostapd.c and wlan_hdd_wext.c.\"},{\"lang\":\"es\",\"value\":\"El controlador WLAN (tambi\u00e9n conocido como Wi-Fi) para el kernel de Linux 3.x y 4.x, seg\u00fan se utiliza en Qualcomm Innovation Center (QuIC) Android contributions for MSM devices y otros productos, no verifica la autorizaci\u00f3n para llamadas SET IOCTL privadas, lo que permite a atacantes obtener privilegios a trav\u00e9s de una aplicaci\u00f3n manipulada, relacionado con wlan_hdd_hostapd.c y wlan_hdd_wext.c.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":9.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-862\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.0.0\",\"versionEndIncluding\":\"4.20.15\",\"matchCriteriaId\":\"7FF42CEC-BC1A-4932-AD2D-004152E895B3\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"3.0.0\",\"versionEndIncluding\":\"3.18.66\",\"matchCriteriaId\":\"AA70EB46-9EC5-4D20-9569-23B0C557A7BB\"}]}]}],\"references\":[{\"url\":\"http://source.android.com/security/bulletin/2016-05-01.html\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/77691\",\"source\":\"cve@mitre.org\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.codeaurora.org/projects/security-advisories/multiple-issues-wlan-driver-allow-local-privilege-escalation-cve-2015\",\"source\":\"cve@mitre.org\",\"tags\":[\"Broken Link\"]},{\"url\":\"http://source.android.com/security/bulletin/2016-05-01.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.securityfocus.com/bid/77691\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\",\"VDB Entry\"]},{\"url\":\"https://www.codeaurora.org/projects/security-advisories/multiple-issues-wlan-driver-allow-local-privilege-escalation-cve-2015\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]}]}}"
  }
}

CNVD-2016-00928

Vulnerability from cnvd - Published: 2016-02-16

Title

Prima Wlan Driver存在多个本地权限提升漏洞

Description

Prima Wlan Driver是一套无线驱动程序。 Prima Wlan Driver存在本地提权漏洞。攻击者可利用漏洞获取提升的权限。

Severity

中

Patch Name

Prima Wlan Driver存在多个本地权限提升漏洞的补丁

Patch Description

Prima Wlan Driver是一套无线驱动程序。 Prima Wlan Driver存在本地提权漏洞。攻击者可利用漏洞获取提升的权限。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已经发布了升级补丁以修复此安全问题，补丁获取链接： https://www.codeaurora.org/projects/security-advisories/multiple-issues-wlan-driver-allow-local-privilege-escalation-cve-2015

Reference

http://www.securityfocus.com/bid/81746

Impacted products

Name
Prima Wlan Driver Prima Wlan Driver

Show details on source website

JSON

To clipboard

{
  "bids": {
    "bid": {
      "bidNumber": "81746"
    }
  },
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-0571"
    }
  },
  "description": "Prima Wlan Driver\u662f\u4e00\u5957\u65e0\u7ebf\u9a71\u52a8\u7a0b\u5e8f\u3002\r\n\r\nPrima Wlan Driver\u5b58\u5728\u672c\u5730\u63d0\u6743\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u83b7\u53d6\u63d0\u5347\u7684\u6743\u9650\u3002",
  "discovererName": "Renjia Lu",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6b64\u5b89\u5168\u95ee\u9898\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://www.codeaurora.org/projects/security-advisories/multiple-issues-wlan-driver-allow-local-privilege-escalation-cve-2015",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2016-00928",
  "openTime": "2016-02-16",
  "patchDescription": "Prima Wlan Driver\u662f\u4e00\u5957\u65e0\u7ebf\u9a71\u52a8\u7a0b\u5e8f\u3002\r\n\r\nPrima Wlan Driver\u5b58\u5728\u672c\u5730\u63d0\u6743\u6f0f\u6d1e\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u83b7\u53d6\u63d0\u5347\u7684\u6743\u9650\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Prima Wlan Driver\u5b58\u5728\u591a\u4e2a\u672c\u5730\u6743\u9650\u63d0\u5347\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Prima Wlan Driver Prima Wlan Driver"
  },
  "referenceLink": "http://www.securityfocus.com/bid/81746",
  "serverity": "\u4e2d",
  "submitTime": "2016-02-04",
  "title": "Prima Wlan Driver\u5b58\u5728\u591a\u4e2a\u672c\u5730\u6743\u9650\u63d0\u5347\u6f0f\u6d1e"
}

GHSA-FRF2-9XR3-8PCJ

Vulnerability from github – Published: 2022-05-13 01:24 – Updated: 2022-05-13 01:24

Details

Severity ?

7.8 (High)


                  
                    CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-0571"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-862"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2016-05-09T10:59:00Z",
    "severity": "HIGH"
  },
  "details": "The WLAN (aka Wi-Fi) driver for the Linux kernel 3.x and 4.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not verify authorization for private SET IOCTL calls, which allows attackers to gain privileges via a crafted application, related to wlan_hdd_hostapd.c and wlan_hdd_wext.c.",
  "id": "GHSA-frf2-9xr3-8pcj",
  "modified": "2022-05-13T01:24:51Z",
  "published": "2022-05-13T01:24:51Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-0571"
    },
    {
      "type": "WEB",
      "url": "https://www.codeaurora.org/projects/security-advisories/multiple-issues-wlan-driver-allow-local-privilege-escalation-cve-2015"
    },
    {
      "type": "WEB",
      "url": "http://source.android.com/security/bulletin/2016-05-01.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/77691"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2015-0571

Vulnerability from fkie_nvd - Published: 2016-05-09 10:59 - Updated: 2025-04-12 10:46

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
cve@mitre.org	http://source.android.com/security/bulletin/2016-05-01.html	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/77691	Third Party Advisory, VDB Entry
cve@mitre.org	https://www.codeaurora.org/projects/security-advisories/multiple-issues-wlan-driver-allow-local-privilege-escalation-cve-2015	Broken Link
af854a3a-2127-422b-91ae-364da2661108	http://source.android.com/security/bulletin/2016-05-01.html	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/77691	Third Party Advisory, VDB Entry
af854a3a-2127-422b-91ae-364da2661108	https://www.codeaurora.org/projects/security-advisories/multiple-issues-wlan-driver-allow-local-privilege-escalation-cve-2015	Broken Link

Impacted products

	Vendor	Product	Version
	linux	linux_kernel	*
	linux	linux_kernel	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FF42CEC-BC1A-4932-AD2D-004152E895B3",
              "versionEndIncluding": "4.20.15",
              "versionStartIncluding": "4.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "AA70EB46-9EC5-4D20-9569-23B0C557A7BB",
              "versionEndIncluding": "3.18.66",
              "versionStartIncluding": "3.0.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The WLAN (aka Wi-Fi) driver for the Linux kernel 3.x and 4.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not verify authorization for private SET IOCTL calls, which allows attackers to gain privileges via a crafted application, related to wlan_hdd_hostapd.c and wlan_hdd_wext.c."
    },
    {
      "lang": "es",
      "value": "El controlador WLAN (tambi\u00e9n conocido como Wi-Fi) para el kernel de Linux 3.x y 4.x, seg\u00fan se utiliza en Qualcomm Innovation Center (QuIC) Android contributions for MSM devices y otros productos, no verifica la autorizaci\u00f3n para llamadas SET IOCTL privadas, lo que permite a atacantes obtener privilegios a trav\u00e9s de una aplicaci\u00f3n manipulada, relacionado con wlan_hdd_hostapd.c y wlan_hdd_wext.c."
    }
  ],
  "id": "CVE-2015-0571",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 9.3,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2016-05-09T10:59:02.237",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://source.android.com/security/bulletin/2016-05-01.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/77691"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ],
      "url": "https://www.codeaurora.org/projects/security-advisories/multiple-issues-wlan-driver-allow-local-privilege-escalation-cve-2015"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://source.android.com/security/bulletin/2016-05-01.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory",
        "VDB Entry"
      ],
      "url": "http://www.securityfocus.com/bid/77691"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "https://www.codeaurora.org/projects/security-advisories/multiple-issues-wlan-driver-allow-local-privilege-escalation-cve-2015"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-862"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTFR-2016-AVI-149

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été corrigées dans Google Android (Nexus). Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à la confidentialité des données.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Google Android (Nexus) toutes versions n'intégrant pas le correctif de sécurité du 2 mai 2016

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Android du 02 mai 2016

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eGoogle Android (Nexus) toutes versions n\u0027int\u00e9grant pas le  correctif de s\u00e9curit\u00e9 du 2 mai 2016\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-2458",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2458"
    },
    {
      "name": "CVE-2016-2449",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2449"
    },
    {
      "name": "CVE-2016-2462",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2462"
    },
    {
      "name": "CVE-2016-2429",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2429"
    },
    {
      "name": "CVE-2016-2448",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2448"
    },
    {
      "name": "CVE-2016-2452",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2452"
    },
    {
      "name": "CVE-2016-2457",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2457"
    },
    {
      "name": "CVE-2016-2460",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2460"
    },
    {
      "name": "CVE-2016-2431",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2431"
    },
    {
      "name": "CVE-2016-2428",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2428"
    },
    {
      "name": "CVE-2016-2445",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2445"
    },
    {
      "name": "CVE-2016-2432",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2432"
    },
    {
      "name": "CVE-2016-2450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2450"
    },
    {
      "name": "CVE-2016-2454",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2454"
    },
    {
      "name": "CVE-2016-2439",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2439"
    },
    {
      "name": "CVE-2015-0570",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0570"
    },
    {
      "name": "CVE-2016-2451",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2451"
    },
    {
      "name": "CVE-2016-2459",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2459"
    },
    {
      "name": "CVE-2016-0774",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0774"
    },
    {
      "name": "CVE-2016-2435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2435"
    },
    {
      "name": "CVE-2016-2446",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2446"
    },
    {
      "name": "CVE-2015-0571",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0571"
    },
    {
      "name": "CVE-2016-2453",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2453"
    },
    {
      "name": "CVE-2016-2447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2447"
    },
    {
      "name": "CVE-2015-0569",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0569"
    },
    {
      "name": "CVE-2016-2461",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2461"
    },
    {
      "name": "CVE-2016-2060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2060"
    },
    {
      "name": "CVE-2016-2441",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2441"
    },
    {
      "name": "CVE-2016-2456",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2456"
    },
    {
      "name": "CVE-2016-2437",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2437"
    },
    {
      "name": "CVE-2016-2430",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2430"
    },
    {
      "name": "CVE-2016-2444",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2444"
    },
    {
      "name": "CVE-2016-2434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2434"
    },
    {
      "name": "CVE-2016-2442",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2442"
    },
    {
      "name": "CVE-2016-2438",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2438"
    },
    {
      "name": "CVE-2016-2436",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2436"
    },
    {
      "name": "CVE-2015-1805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1805"
    },
    {
      "name": "CVE-2016-2443",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2443"
    },
    {
      "name": "CVE-2016-0705",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0705"
    },
    {
      "name": "CVE-2016-2440",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2440"
    }
  ],
  "links": [],
  "reference": "CERTFR-2016-AVI-149",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2016-05-03T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eGoogle Android (Nexus)\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Android (Nexus)",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Android du 02 mai 2016",
      "url": "http://source.android.com/security/bulletin/2016-05-01.html"
    }
  ]
}

CERTFR-2016-AVI-149

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Google Android (Nexus) toutes versions n'intégrant pas le correctif de sécurité du 2 mai 2016

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Bulletin de sécurité Android du 02 mai 2016

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eGoogle Android (Nexus) toutes versions n\u0027int\u00e9grant pas le  correctif de s\u00e9curit\u00e9 du 2 mai 2016\u003c/P\u003e",
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2016-2458",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2458"
    },
    {
      "name": "CVE-2016-2449",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2449"
    },
    {
      "name": "CVE-2016-2462",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2462"
    },
    {
      "name": "CVE-2016-2429",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2429"
    },
    {
      "name": "CVE-2016-2448",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2448"
    },
    {
      "name": "CVE-2016-2452",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2452"
    },
    {
      "name": "CVE-2016-2457",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2457"
    },
    {
      "name": "CVE-2016-2460",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2460"
    },
    {
      "name": "CVE-2016-2431",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2431"
    },
    {
      "name": "CVE-2016-2428",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2428"
    },
    {
      "name": "CVE-2016-2445",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2445"
    },
    {
      "name": "CVE-2016-2432",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2432"
    },
    {
      "name": "CVE-2016-2450",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2450"
    },
    {
      "name": "CVE-2016-2454",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2454"
    },
    {
      "name": "CVE-2016-2439",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2439"
    },
    {
      "name": "CVE-2015-0570",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0570"
    },
    {
      "name": "CVE-2016-2451",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2451"
    },
    {
      "name": "CVE-2016-2459",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2459"
    },
    {
      "name": "CVE-2016-0774",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0774"
    },
    {
      "name": "CVE-2016-2435",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2435"
    },
    {
      "name": "CVE-2016-2446",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2446"
    },
    {
      "name": "CVE-2015-0571",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0571"
    },
    {
      "name": "CVE-2016-2453",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2453"
    },
    {
      "name": "CVE-2016-2447",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2447"
    },
    {
      "name": "CVE-2015-0569",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-0569"
    },
    {
      "name": "CVE-2016-2461",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2461"
    },
    {
      "name": "CVE-2016-2060",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2060"
    },
    {
      "name": "CVE-2016-2441",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2441"
    },
    {
      "name": "CVE-2016-2456",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2456"
    },
    {
      "name": "CVE-2016-2437",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2437"
    },
    {
      "name": "CVE-2016-2430",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2430"
    },
    {
      "name": "CVE-2016-2444",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2444"
    },
    {
      "name": "CVE-2016-2434",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2434"
    },
    {
      "name": "CVE-2016-2442",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2442"
    },
    {
      "name": "CVE-2016-2438",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2438"
    },
    {
      "name": "CVE-2016-2436",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2436"
    },
    {
      "name": "CVE-2015-1805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2015-1805"
    },
    {
      "name": "CVE-2016-2443",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2443"
    },
    {
      "name": "CVE-2016-0705",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-0705"
    },
    {
      "name": "CVE-2016-2440",
      "url": "https://www.cve.org/CVERecord?id=CVE-2016-2440"
    }
  ],
  "links": [],
  "reference": "CERTFR-2016-AVI-149",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2016-05-03T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eGoogle Android (Nexus)\u003c/span\u003e. Certaines d\u0027entre elles\npermettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code arbitraire\n\u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0 la\nconfidentialit\u00e9 des donn\u00e9es.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Google Android (Nexus)",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Android du 02 mai 2016",
      "url": "http://source.android.com/security/bulletin/2016-05-01.html"
    }
  ]
}

GSD-2015-0571

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2015-0571

Aliases

CVE-2015-0571

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-0571",
    "description": "The WLAN (aka Wi-Fi) driver for the Linux kernel 3.x and 4.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not verify authorization for private SET IOCTL calls, which allows attackers to gain privileges via a crafted application, related to wlan_hdd_hostapd.c and wlan_hdd_wext.c.",
    "id": "GSD-2015-0571"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-0571"
      ],
      "details": "The WLAN (aka Wi-Fi) driver for the Linux kernel 3.x and 4.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not verify authorization for private SET IOCTL calls, which allows attackers to gain privileges via a crafted application, related to wlan_hdd_hostapd.c and wlan_hdd_wext.c.",
      "id": "GSD-2015-0571",
      "modified": "2023-12-13T01:19:58.256263Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2015-0571",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The WLAN (aka Wi-Fi) driver for the Linux kernel 3.x and 4.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not verify authorization for private SET IOCTL calls, which allows attackers to gain privileges via a crafted application, related to wlan_hdd_hostapd.c and wlan_hdd_wext.c."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "http://source.android.com/security/bulletin/2016-05-01.html",
            "refsource": "CONFIRM",
            "url": "http://source.android.com/security/bulletin/2016-05-01.html"
          },
          {
            "name": "77691",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/77691"
          },
          {
            "name": "https://www.codeaurora.org/projects/security-advisories/multiple-issues-wlan-driver-allow-local-privilege-escalation-cve-2015",
            "refsource": "CONFIRM",
            "url": "https://www.codeaurora.org/projects/security-advisories/multiple-issues-wlan-driver-allow-local-privilege-escalation-cve-2015"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "4.20.15",
                "versionStartIncluding": "4.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "3.18.66",
                "versionStartIncluding": "3.0.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-0571"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The WLAN (aka Wi-Fi) driver for the Linux kernel 3.x and 4.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not verify authorization for private SET IOCTL calls, which allows attackers to gain privileges via a crafted application, related to wlan_hdd_hostapd.c and wlan_hdd_wext.c."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-862"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://source.android.com/security/bulletin/2016-05-01.html",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://source.android.com/security/bulletin/2016-05-01.html"
            },
            {
              "name": "https://www.codeaurora.org/projects/security-advisories/multiple-issues-wlan-driver-allow-local-privilege-escalation-cve-2015",
              "refsource": "CONFIRM",
              "tags": [
                "Broken Link"
              ],
              "url": "https://www.codeaurora.org/projects/security-advisories/multiple-issues-wlan-driver-allow-local-privilege-escalation-cve-2015"
            },
            {
              "name": "77691",
              "refsource": "BID",
              "tags": [
                "Third Party Advisory",
                "VDB Entry"
              ],
              "url": "http://www.securityfocus.com/bid/77691"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 9.3,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2020-07-31T18:56Z",
      "publishedDate": "2016-05-09T10:59Z"
    }
  }
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2015-0571 (GCVE-0-2015-0571)

CNVD-2016-00928

GHSA-FRF2-9XR3-8PCJ

FKIE_CVE-2015-0571

CERTFR-2016-AVI-149

Solution

CERTFR-2016-AVI-149

Solution

GSD-2015-0571

Tags

Sightings

Nomenclature