CVE-2015-9146 Information

Description

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9625 MDM9635M MDM9645 MDM9650 MDM9655 SD 400 SD 800 SD 835 SD 845 SD 850 and SDX20 when QDI read write or ioctl are called the passed-in pointer is not properly validated before accessing it for the delayed response.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Reference

http://www.securityfocus.com/bid/103671 https://source.android.com/security/bulletin/2018-04-01

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

HIGH

Base Score

HIGH

Base Severity

9.8