CVE-2015-9199 Information
Feb 14, 2021
cve
Description
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile IPQ4019 MDM9625 MDM9635M MDM9640 MDM9650 MDM9655 SD 210/SD 212/SD 205 SD 400 SD 410/12 SD 615/16/SD 415 SD 800 SD 808 SD 810 SD 820 and SD 820A A non-secure region check is done while registering QSEE buffer address which is passed by HLOS but not while logging in the QSEE buffer so corruption of dynamically protected secure region can occur if the non-secure buffer is changed between the time it’s checked and when it’s used.
CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Reference
http://www.securityfocus.com/bid/103671 https://source.android.com/security/bulletin/2018-04-01
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
9.8
Share on: