Vulnerability Name: CVE-2015-9194 (CCN-143225) Assigned: 2017-08-16 Published: 2018-04-05 Updated: 2018-05-09 Summary: In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 210/SD 212/SD 205, SD 400, SD 425, SD 427, SD 430, SD 435, SD 450, SD 617, SD 625, SD 650/52, SD 800, SD 845, and Snapdragon_High_Med_2016, during module load at TZ Startup, memory statically allocated by modules was not being properly set to zero first. Allowing the module to execute without reset gives it access to information from previous app thus leading to information exposure. CVSS v3 Severity: 7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): NoneAvailibility (A): None
7.5 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): NetworkAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): NoneScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): NoneAvailibility (A): None
CVSS v2 Severity: 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAuthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): NoneAvailibility (A): None
7.8 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:N/A:N Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): LowAthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): NoneAvailibility (A): None
Vulnerability Type: CWE-200 Vulnerability Consequences: Obtain Information References: Source: CCNAndroid CVE-2015-9194 103671 Google Android Multiple Qualcomm Components Multiple Unspecified Security Vulnerabilities android-cve20159194-info-disc(143225) Android Security Bulletin—April 2018 https://source.android.com/security/bulletin/2018-04-01 Vulnerable Configuration: Configuration 1 :cpe:/o:qualcomm:sd_427_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd_427:-:*:*:*:*:*:*:* Configuration 2 :cpe:/o:qualcomm:sd_435_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd_435:-:*:*:*:*:*:*:* Configuration 3 :cpe:/o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd_210:-:*:*:*:*:*:*:* Configuration 4 :cpe:/o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd_212:-:*:*:*:*:*:*:* Configuration 5 :cpe:/o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd_205:-:*:*:*:*:*:*:* Configuration 6 :cpe:/o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd_400:-:*:*:*:*:*:*:* Configuration 7 :cpe:/o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd_425:-:*:*:*:*:*:*:* Configuration 8 :cpe:/o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd_430:-:*:*:*:*:*:*:* Configuration 9 :cpe:/o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd_450:-:*:*:*:*:*:*:* Configuration 10 :cpe:/o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd_617:-:*:*:*:*:*:*:* Configuration 11 :cpe:/o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd_625:-:*:*:*:*:*:*:* Configuration 12 :cpe:/o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd_650:-:*:*:*:*:*:*:* Configuration 13 :cpe:/o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd_652:-:*:*:*:*:*:*:* Configuration 14 :cpe:/o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd_800:-:*:*:*:*:*:*:* Configuration 15 :cpe:/o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:* AND cpe:/h:qualcomm:sd_845:-:*:*:*:*:*:*:* Configuration CCN 1 :cpe:/o:google:android:*:*:*:*:*:*:*:* BACK
qualcomm sd 427 firmware -
qualcomm sd 427 -
qualcomm sd 435 firmware -
qualcomm sd 435 -
qualcomm sd 210 firmware -
qualcomm sd 210 -
qualcomm sd 212 firmware -
qualcomm sd 212 -
qualcomm sd 205 firmware -
qualcomm sd 205 -
qualcomm sd 400 firmware -
qualcomm sd 400 -
qualcomm sd 425 firmware -
qualcomm sd 425 -
qualcomm sd 430 firmware -
qualcomm sd 430 -
qualcomm sd 450 firmware -
qualcomm sd 450 -
qualcomm sd 617 firmware -
qualcomm sd 617 -
qualcomm sd 625 firmware -
qualcomm sd 625 -
qualcomm sd 650 firmware -
qualcomm sd 650 -
qualcomm sd 652 firmware -
qualcomm sd 652 -
qualcomm sd 800 firmware -
qualcomm sd 800 -
qualcomm sd 845 firmware -
qualcomm sd 845 -
google android *
Denotes that component is vulnerable