Published: 03/11/2015 Updated: 12/02/2019

CVSS v2 Base Score: 5.1 | Impact Score: 6.4 | Exploitability Score: 4.9

VMScore: 454

Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P

Bluetooth in Android prior to 5.1.1 LMY48X and 6.0 prior to 2015-11-01 allows malicious users to send commands to a debugging port, and consequently gain privileges, via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 24371736.

Vulnerable Product	Search on Vulmon	Subscribe to Product
google android
google android 6.0

Google roasts critical twin Android bugs in new Marshmallow OS

The Register • Darren Pauli • 03 Nov 2015

Privilege escalation and remote code execution feature in fourth droid patch run.

Google has patched two critical remote code execution vulnerabilities as part of a suite of seven fixes in its fourth round of Android patching since August. The over-the-air updates set to hit Nexus, Samsung, and Android Open Source Project (AOSP) devices first for Google's latest Marshmallow Android operating system. Google informed "partners" on 5 October and patch source code is set to hit the AOSP soon. Two flaws rated critical include libutils (CVE-2015-6609) and mediaserver (CVE-2015-6608...

CVE-2015-6613

Vulnerability Summary

Recent Articles

References

Vulmon Search

About

Products

Connect