Vulnerability Description
The WLAN (aka Wi-Fi) driver for the Linux kernel 3.x and 4.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not verify authorization for private SET IOCTL calls, which allows attackers to gain privileges via a crafted application, related to wlan_hdd_hostapd.c and wlan_hdd_wext.c.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Linux | Linux Kernel | >= 4.0.0, <= 4.20.15 |
Related Weaknesses (CWE)
References
- http://source.android.com/security/bulletin/2016-05-01.htmlVendor Advisory
- http://www.securityfocus.com/bid/77691Third Party AdvisoryVDB Entry
- https://www.codeaurora.org/projects/security-advisories/multiple-issues-wlan-driBroken Link
- http://source.android.com/security/bulletin/2016-05-01.htmlVendor Advisory
- http://www.securityfocus.com/bid/77691Third Party AdvisoryVDB Entry
- https://www.codeaurora.org/projects/security-advisories/multiple-issues-wlan-driBroken Link
FAQ
What is CVE-2015-0571?
CVE-2015-0571 is a vulnerability with a CVSS score of 7.8 (HIGH). The WLAN (aka Wi-Fi) driver for the Linux kernel 3.x and 4.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not verify authorization for p...
How severe is CVE-2015-0571?
CVE-2015-0571 has been rated HIGH with a CVSS base score of 7.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2015-0571?
Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.