VYPR
← All advisories
Unrated severityNVD Advisory· Published Dec 8, 2015· Updated May 6, 2026

CVE-2015-6621

CVE-2015-6621

Description

SystemUI in Android 5.x before 5.1.1 LMY48Z and 6.0 before 2015-12-01 allows attackers to gain privileges via a crafted application, as demonstrated by obtaining Signature or SignatureOrSystem access, aka internal bug 23909438.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

SystemUI in Android 5.x and 6.0 allows a crafted app to gain Signature or SignatureOrSystem privileges.

Vulnerability

SystemUI in Android 5.x before 5.1.1 LMY48Z and Android 6.0 before the 2015-12-01 security patch level contains a privilege escalation vulnerability (internal bug 23909438). A crafted application can trigger this bug to obtain Signature or SignatureOrSystem level permissions, which are typically reserved for system or signed applications. [1]

Exploitation

An attacker must first install a crafted application on the target device. No additional authentication or user interaction beyond installation is required. The application then exploits the vulnerability in SystemUI to escalate its privileges, bypassing normal permission checks. [1]

Impact

Successful exploitation allows the attacker's application to gain Signature or SignatureOrSystem permissions. This enables the app to perform actions normally restricted to system-level components, such as accessing sensitive data or executing privileged operations, leading to a partial or complete compromise of the device's security. [1]

Mitigation

Google released fixes in Android 5.1.1 LMY48Z and Android 6.0 with the December 1, 2015 security patch level. Users should apply the OTA update or flash the updated firmware images from the Google Developer site. Partners were notified on November 2, 2015. No workarounds other than updating are provided. [1]

References
  1. Nexus Security Bulletin - December 2015

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

4
  • Google/Android3 versions
    cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:5.1:*:*:*:*:*:*:*
    • cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*
  • Samsung Mobile/SystemUIllm-fuzzy
    Range: 5.x before 5.1.1 LMY48Z; 6.0 before 2015-12-01

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

1

News mentions

0

No linked articles in our index yet.