Main Vulnerability Database Vulnerabilities #VU38917

Improper access control in Google Android - CVE-2015-9006

Published: June 6, 2017 / Updated: August 8, 2020

Vulnerability identifier: #VU38917

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2015-9006

CWE-ID: CWE-284

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

In Resource Power Manager (RPM) in all Android releases from CAF using the Linux kernel, an Improper Access Control vulnerability could potentially exist.

How to mitigate CVE-2015-9006

Install update from vendor's website.

Sources

http://www.securityfocus.com/bid/98321
https://source.android.com/security/bulletin/2017-05-01

Improper access control in Google Android - CVE-2015-9006

Detailed vulnerability description

How to mitigate CVE-2015-9006

Sources

Please verify you're human