CVE-2015-6637

Vulnerability

The MediaTek misc-sd driver in Android contains a vulnerability that allows a crafted application to execute arbitrary code with kernel privileges. This affects Android versions before 5.1.1 LMY49F and Android 6.0 before the 2016-01-01 security patch level [1]. The vulnerability is identified as Android internal bug 25307013.

Exploitation

An attacker requires the ability to install and run a crafted malicious application on the target device. No additional authentication or special privileges are needed beyond the ability to execute the application. The application triggers the vulnerability through interaction with the MediaTek misc-sd driver, leading to arbitrary code execution in the kernel context [1].

Impact

Successful exploitation results in arbitrary code execution at the kernel level, allowing the attacker to gain full privileged access (root) to the device. This compromises the confidentiality, integrity, and availability of the device and its data [1].

Mitigation

Google released a fix as part of the January 2016 Android Security Bulletin. Devices running Android 5.1.1 build LMY49F or later, or Android 6.0 with a security patch level of January 1, 2016 or later, are patched. Updates were provided to partners on December 7, 2015, and source code patches were released to the Android Open Source Project (AOSP) [1].