CVE-2015-9194 Information
Feb 14, 2021
cve
Description
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 210/SD 212/SD 205 SD 400 SD 425 SD 427 SD 430 SD 435 SD 450 SD 617 SD 625 SD 650/52 SD 800 SD 845 and Snapdragon_High_Med_2016 during module load at TZ Startup memory statically allocated by modules was not being properly set to zero first. Allowing the module to execute without reset gives it access to information from previous app thus leading to information exposure.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Reference
http://www.securityfocus.com/bid/103671 https://source.android.com/security/bulletin/2018-04-01
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
NONE
Base Score
NONE
Base Severity
7.5
Share on: