CVE-2015-0569
published 2016-05-09CVE-2015-0569: Heap-based buffer overflow in the private wireless extensions IOCTL implementation in wlan_hdd_wext.c in the WLAN (aka Wi-Fi) driver for the Linux kernel 3.x…
PriorityP348high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
EXPLOIT
EPSS
6.47%
92.9th percentile
Heap-based buffer overflow in the private wireless extensions IOCTL implementation in wlan_hdd_wext.c in the WLAN (aka Wi-Fi) driver for the Linux kernel 3.x and 4.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges via a crafted application that establishes a packet filter.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| android | — | — | |
| linux | linux_kernel | 3.0.0 – 3.19.8 | — |
| linux | linux_kernel | 4.0.0 – 4.20.15 | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Android
CVE-2015-0569: Android Security Bulletin 2016-05-01
CVE: CVE-2015-0569
Severity: CRITICAL
vendor_android·2016-05-01·CVSS 7.8
CVE-2015-0569 [HIGH] CVE-2015-0569: Android Security Bulletin 2016-05-01
CVE: CVE-2015-0569
Severity: CRITICAL
Android Security Bulletin 2016-05-01
CVE: CVE-2015-0569
Severity: CRITICAL
GHSA
GHSA-wjf2-j9hj-wpfg: Heap-based buffer overflow in the private wireless extensions IOCTL implementation in wlan_hdd_wext
ghsa_unreviewed·2022-05-13
CVE-2015-0569 [HIGH] CWE-787 GHSA-wjf2-j9hj-wpfg: Heap-based buffer overflow in the private wireless extensions IOCTL implementation in wlan_hdd_wext
Heap-based buffer overflow in the private wireless extensions IOCTL implementation in wlan_hdd_wext.c in the WLAN (aka Wi-Fi) driver for the Linux kernel 3.x and 4.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges via a crafted application that establishes a packet filter.
Project0
In-the-Wild Series: Android Exploits - Project Zero
project_zero·2021-01-01·CVSS 7.8
CVE-2015-0569 [HIGH] In-the-Wild Series: Android Exploits - Project Zero
This is part 4 of a 6-part series detailing a set of vulnerabilities found by Project Zero being exploited in the wild. To read the other parts of the series, see the introduction post.
Posted by Mark Brand, Project Zero
A survey of the exploitation techniques used by a high-tier attacker against Android devices in 2020
## Introduction
After one of the Chrome exploits has been successful, there are several (quite simple) stages of payload decryption that occur. Once we've got through that, we reach a much more complex binary that is clearly the result of some engineering work. Thanks to that engineering it's very simple for us to locate and examine the exploits embedded inside! For each privilege elevation, they have a function in the .init_array which will register it into a global
No detection rules found.
No writeups or analysis indexed.
http://source.android.com/security/bulletin/2016-05-01.htmlhttp://www.securityfocus.com/bid/77691https://www.codeaurora.org/projects/security-advisories/multiple-issues-wlan-driver-allow-local-privilege-escalation-cve-2015https://www.exploit-db.com/exploits/39308/http://source.android.com/security/bulletin/2016-05-01.htmlhttp://www.securityfocus.com/bid/77691https://www.codeaurora.org/projects/security-advisories/multiple-issues-wlan-driver-allow-local-privilege-escalation-cve-2015https://www.exploit-db.com/exploits/39308/
2016-05-09
Published