Vulnerability Name: CVE-2015-9135 (CCN-143348) Assigned: 2017-08-16 Published: 2018-04-04 Updated: 2018-05-10 Summary: In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9625, MDM9635M, MDM9640, MDM9645, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 617, SD 650/52, SD 800, SD 808, and SD 810, in a QTEE syscall handler, an untrusted pointer dereference can occur. CVSS v3 Severity: 9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 8.5 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): High
CVSS v2 Severity: 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): NoneIntegrity (I): NoneAvailibility (A): Complete
Vulnerability Type: CWE-476 Vulnerability Consequences: Denial of Service References: Source: MITRECVE-2015-9135 103671 Google Android Multiple Qualcomm Components Multiple Unspecified Security Vulnerabilities Android android-cve20159135-dos(143348) Android Security Bulletin—April 2018 https://source.android.com/security/bulletin/2018-04-01 Vulnerable Configuration: Configuration 1 :cpe:/o:qualcomm:mdm9625_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:mdm9625:-:*:*:*:*:*:*:* Configuration 2 :cpe:/o:qualcomm:mdm9635m_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:mdm9635m:-:*:*:*:*:*:*:* Configuration 3 :cpe:/o:qualcomm:mdm9640_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:mdm9640:-:*:*:*:*:*:*:* Configuration 4 :cpe:/o:qualcomm:mdm9645_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:mdm9645:-:*:*:*:*:*:*:* Configuration 5 :cpe:/o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:msm8909w:-:*:*:*:*:*:*:* Configuration 6 :cpe:/o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd_210:-:*:*:*:*:*:*:* Configuration 7 :cpe:/o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd_212:-:*:*:*:*:*:*:* Configuration 8 :cpe:/o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd_205:-:*:*:*:*:*:*:* Configuration 9 :cpe:/o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd_400:-:*:*:*:*:*:*:* Configuration 10 :cpe:/o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd_410:-:*:*:*:*:*:*:* Configuration 11 :cpe:/o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd_412:-:*:*:*:*:*:*:* Configuration 12 :cpe:/o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd_615:-:*:*:*:*:*:*:* Configuration 13 :cpe:/o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd_616:-:*:*:*:*:*:*:* Configuration 14 :cpe:/o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd_415:-:*:*:*:*:*:*:* Configuration 15 :cpe:/o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd_617:-:*:*:*:*:*:*:* Configuration 16 :cpe:/o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd_650:-:*:*:*:*:*:*:* Configuration 17 :cpe:/o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd_652:-:*:*:*:*:*:*:* Configuration 18 :cpe:/o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd_800:-:*:*:*:*:*:*:* Configuration 19 :cpe:/o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd_808:-:*:*:*:*:*:*:* Configuration 20 :cpe:/o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd_810:-:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/o:google:android:*:*:*:*:*:*:*:* BACK
qualcomm mdm9625 firmware -
qualcomm mdm9625 -
qualcomm mdm9635m firmware -
qualcomm mdm9635m -
qualcomm mdm9640 firmware -
qualcomm mdm9640 -
qualcomm mdm9645 firmware -
qualcomm mdm9645 -
qualcomm msm8909w firmware -
qualcomm msm8909w -
qualcomm sd 210 firmware -
qualcomm sd 210 -
qualcomm sd 212 firmware -
qualcomm sd 212 -
qualcomm sd 205 firmware -
qualcomm sd 205 -
qualcomm sd 400 firmware -
qualcomm sd 400 -
qualcomm sd 410 firmware -
qualcomm sd 410 -
qualcomm sd 412 firmware -
qualcomm sd 412 -
qualcomm sd 615 firmware -
qualcomm sd 615 -
qualcomm sd 616 firmware -
qualcomm sd 616 -
qualcomm sd 415 firmware -
qualcomm sd 415 -
qualcomm sd 617 firmware -
qualcomm sd 617 -
qualcomm sd 650 firmware -
qualcomm sd 650 -
qualcomm sd 652 firmware -
qualcomm sd 652 -
qualcomm sd 800 firmware -
qualcomm sd 800 -
qualcomm sd 808 firmware -
qualcomm sd 808 -
qualcomm sd 810 firmware -
qualcomm sd 810 -
google android *
Denotes that component is vulnerable