Vulnerability Name: CVE-2015-9157 (CCN-143292) Assigned: 2017-08-16 Published: 2018-04-05 Updated: 2018-05-10 Summary: In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear IPQ4019, MDM9206, MDM9607, MDM9625, MDM9635M, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 600, SD 615/16/SD 415, SD 617, SD 650/52, SD 800, SD 808, and SD 810, in widevine_dash_cmd_handler(), rsp buffers are passed off to widevine commands. These rsp buffers have values in them, such as buffer lengths, that need to be validated to ensure that no buffer overflow/over-reads happen. However, rsp buffers are not always in locked memory, meaning a time-of-check, time-of-use issue can occur where we check that the value is valid, but then a race condition occurs where this memory is swapped out with a different, possibly out of range, value. CVSS v3 Severity: 9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H )8.5 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C )Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
9.8 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H )8.5 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C )Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
CVSS v2 Severity: 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C )Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C )Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
Vulnerability Type: CWE-362 CWE-119 Vulnerability Consequences: Gain Access References: Source: CCN Type: Google Web siteAndroid Source: MITRE Type: CNACVE-2015-9157 Source: BID Type: Third Party Advisory, VDB Entry103671 Source: CCN Type: BID-103671Google Android Multiple Qualcomm Components Multiple Unspecified Security Vulnerabilities Source: XF Type: UNKNOWNandroid-cve20159157-unspecified(143292) Source: CCN Type: Android Open Source ProjectAndroid Security Bulletin—April 2018 Source: CONFIRM Type: Vendor Advisoryhttps://source.android.com/security/bulletin/2018-04-01 Vulnerable Configuration: Configuration 1 :cpe:/o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:mdm9206:-:*:*:*:*:*:*:* Configuration 2 :cpe:/o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:mdm9607:-:*:*:*:*:*:*:* Configuration 3 :cpe:/o:qualcomm:ipq4019_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:ipq4019:-:*:*:*:*:*:*:* Configuration 4 :cpe:/o:qualcomm:mdm9625_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:mdm9625:-:*:*:*:*:*:*:* Configuration 5 :cpe:/o:qualcomm:mdm9635m_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:mdm9635m:-:*:*:*:*:*:*:* Configuration 6 :cpe:/o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:msm8909w:-:*:*:*:*:*:*:* Configuration 7 :cpe:/o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd_210:-:*:*:*:*:*:*:* Configuration 8 :cpe:/o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd_212:-:*:*:*:*:*:*:* Configuration 9 :cpe:/o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd_205:-:*:*:*:*:*:*:* Configuration 10 :cpe:/o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd_400:-:*:*:*:*:*:*:* Configuration 11 :cpe:/o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd_410:-:*:*:*:*:*:*:* Configuration 12 :cpe:/o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd_412:-:*:*:*:*:*:*:* Configuration 13 :cpe:/o:qualcomm:sd_600_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd_600:-:*:*:*:*:*:*:* Configuration 14 :cpe:/o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd_615:-:*:*:*:*:*:*:* Configuration 15 :cpe:/o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd_616:-:*:*:*:*:*:*:* Configuration 16 :cpe:/o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd_415:-:*:*:*:*:*:*:* Configuration 17 :cpe:/o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd_617:-:*:*:*:*:*:*:* Configuration 18 :cpe:/o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd_650:-:*:*:*:*:*:*:* Configuration 19 :cpe:/o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd_652:-:*:*:*:*:*:*:* Configuration 20 :cpe:/o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd_800:-:*:*:*:*:*:*:* Configuration 21 :cpe:/o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd_808:-:*:*:*:*:*:*:* Configuration 22 :cpe:/o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd_810:-:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/o:google:android:*:*:*:*:*:*:*:* Denotes that component is vulnerable BACK
qualcomm mdm9206 firmware -
qualcomm mdm9206 -
qualcomm mdm9607 firmware -
qualcomm mdm9607 -
qualcomm ipq4019 firmware -
qualcomm ipq4019 -
qualcomm mdm9625 firmware -
qualcomm mdm9625 -
qualcomm mdm9635m firmware -
qualcomm mdm9635m -
qualcomm msm8909w firmware -
qualcomm msm8909w -
qualcomm sd 210 firmware -
qualcomm sd 210 -
qualcomm sd 212 firmware -
qualcomm sd 212 -
qualcomm sd 205 firmware -
qualcomm sd 205 -
qualcomm sd 400 firmware -
qualcomm sd 400 -
qualcomm sd 410 firmware -
qualcomm sd 410 -
qualcomm sd 412 firmware -
qualcomm sd 412 -
qualcomm sd 600 firmware -
qualcomm sd 600 -
qualcomm sd 615 firmware -
qualcomm sd 615 -
qualcomm sd 616 firmware -
qualcomm sd 616 -
qualcomm sd 415 firmware -
qualcomm sd 415 -
qualcomm sd 617 firmware -
qualcomm sd 617 -
qualcomm sd 650 firmware -
qualcomm sd 650 -
qualcomm sd 652 firmware -
qualcomm sd 652 -
qualcomm sd 800 firmware -
qualcomm sd 800 -
qualcomm sd 808 firmware -
qualcomm sd 808 -
qualcomm sd 810 firmware -
qualcomm sd 810 -
google android *