CVE-2015-9188 Information
Feb 14, 2021
cve
Description
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile Snapdragon Mobile and Snapdragon Wear MDM9206 MDM9650 SD 210/SD 212/SD 205 SD 410/12 SD 425 SD 430 SD 450 SD 600 SD 615/16/SD 415 SD 617 SD 625 SD 650/52 SD 800 SD 808 SD 810 SD 820 SD 820A SD 835 SD 845 and SD 850 in Secure DEMUX command handler when parameter validation fails an error code is written into a response buffer without checking that response buffer length passed from HLOS which may result in memory corruption.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Reference
http://www.securityfocus.com/bid/103671 https://source.android.com/security/bulletin/2018-04-01
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
9.8
Share on: