High severity7.8NVD Advisory· Published Jan 6, 2016· Updated May 6, 2026

CVE-2015-6638

Description

A privilege escalation vulnerability in the Imagination Technologies driver on Android 5.x and 6.0 allows a crafted application to gain elevated privileges.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A privilege escalation vulnerability in the Imagination Technologies driver on Android 5.x and 6.0 allows a crafted application to gain elevated privileges.

Vulnerability

The vulnerability resides in the Imagination Technologies graphics driver used in Android 5.x (before 5.1.1 LMY49F) and 6.0 (before the 2016-01-01 security patch level). It is reachable by a malicious application with no special permissions, as the driver is accessible to third-party apps on affected devices.

Exploitation

An attacker must install a crafted application that exploits the driver bug. The sequence involves the application sending specific inputs to the Imagination Technologies driver, triggering a flaw that allows elevation of privileges. The attack requires no user interaction beyond installation.

Impact

Successful exploitation grants the attacker elevated privileges, potentially leading to full compromise of the device. The CVSS v3 score of 7.8 (High) indicates a high impact on confidentiality, integrity, and availability.

Mitigation

Google released fixes in the January 2016 Android Security Bulletin [1]. Devices updated to Android 5.1.1 LMY49F or later, or Android 6.0 with the January 1, 2016 security patch level, are protected. Partners were notified in December 2015 [1].

References

Nexus Security Bulletin—January 2016

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Google/Android4 versions
cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*+ 3 more
- cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*
- cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*
- cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*
osv-coords2 versions
pkg:deb/ubuntu/linux-flo@3.4.0-5.23?arch=source&distro=esm-apps/xenial pkg:deb/ubuntu/linux-mako@3.4.0-7.44?arch=source&distro=esm-apps/xenial
>= 0+ 1 more
- (no CPE)range: >= 0
- (no CPE)range: >= 0

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

source.android.com/security/bulletin/2016-01-01.htmlnvdVendor Advisory
www.securitytracker.com/id/1034592nvd

News mentions

No linked articles in our index yet.

cvss	0.507
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000