CVE-2015-0569 Information

Description

Heap-based buffer overflow in the private wireless extensions IOCTL implementation in wlan_hdd_wext.c in the WLAN (aka Wi-Fi) driver for the Linux kernel 3.x and 4.x as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products allows attackers to gain privileges via a crafted application that establishes a packet filter.

CVSS Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Reference

http://source.android.com/security/bulletin/2016-05-01.html http://www.securityfocus.com/bid/77691 https://www.codeaurora.org/projects/security-advisories/multiple-issues-wlan-driver-allow-local-privilege-escalation-cve-2015 https://www.exploit-db.com/exploits/39308/

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

REQUIRED

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

7.8