Vulnerability Name: | CVE-2015-9224 (CCN-143088) |
Assigned: | 2017-08-16 |
Published: | 2018-04-05 |
Updated: | 2018-05-01 |
Summary: | In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear, and Small Cell SoC FSM9055, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, and SDX20, lack of input Validation in QURTK_write() can cause potential buffer overflow.
|
CVSS v3 Severity: | 9.8 Critical (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) 8.5 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)Exploitability Metrics: | Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None | Scope: | Scope (S): Unchanged
| Impact Metrics: | Confidentiality (C): High Integrity (I): High Availibility (A): High | 9.8 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) 8.5 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)Exploitability Metrics: | Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None | Scope: | Scope (S): Unchanged
| Impact Metrics: | Confidentiality (C): High Integrity (I): High Availibility (A): High |
|
CVSS v2 Severity: | 10.0 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)Exploitability Metrics: | Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None | Impact Metrics: | Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete | 10.0 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C)Exploitability Metrics: | Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
| Impact Metrics: | Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete |
|
Vulnerability Type: | CWE-119
|
Vulnerability Consequences: | Gain Access |
References: | Source: CCN Type: Google Web site Android
Source: MITRE Type: CNA CVE-2015-9224
Source: BID Type: Third Party Advisory, VDB Entry 103671
Source: CCN Type: BID-103671 Google Android Multiple Qualcomm Components Multiple Unspecified Security Vulnerabilities
Source: XF Type: UNKNOWN android-cve20159224-bo(143088)
Source: CCN Type: Android Open Source Project Android Security Bulletin—April 2018
Source: CONFIRM Type: Vendor Advisory https://source.android.com/security/bulletin/2018-04-01
|
Vulnerable Configuration: | Configuration 1: cpe:/o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:mdm9206:-:*:*:*:*:*:*:* Configuration 2: cpe:/o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:mdm9607:-:*:*:*:*:*:*:* Configuration 3: cpe:/o:qualcomm:mdm9615_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:mdm9615:-:*:*:*:*:*:*:* Configuration 4: cpe:/o:qualcomm:mdm9625_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:mdm9625:-:*:*:*:*:*:*:* Configuration 5: cpe:/o:qualcomm:mdm9635m_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:mdm9635m:-:*:*:*:*:*:*:* Configuration 6: cpe:/o:qualcomm:mdm9640_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:mdm9640:-:*:*:*:*:*:*:* Configuration 7: cpe:/o:qualcomm:mdm9645_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:mdm9645:-:*:*:*:*:*:*:* Configuration 8: cpe:/o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:mdm9650:-:*:*:*:*:*:*:* Configuration 9: cpe:/o:qualcomm:mdm9655_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:mdm9655:-:*:*:*:*:*:*:* Configuration 10: cpe:/o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:msm8909w:-:*:*:*:*:*:*:* Configuration 11: cpe:/o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd_210:-:*:*:*:*:*:*:* Configuration 12: cpe:/o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd_212:-:*:*:*:*:*:*:* Configuration 13: cpe:/o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd_205:-:*:*:*:*:*:*:* Configuration 14: cpe:/o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd_400:-:*:*:*:*:*:*:* Configuration 15: cpe:/o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd_410:-:*:*:*:*:*:*:* Configuration 16: cpe:/o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd_412:-:*:*:*:*:*:*:* Configuration 17: cpe:/o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd_425:-:*:*:*:*:*:*:* Configuration 18: cpe:/o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd_430:-:*:*:*:*:*:*:* Configuration 19: cpe:/o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd_450:-:*:*:*:*:*:*:* Configuration 20: cpe:/o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd_615:-:*:*:*:*:*:*:* Configuration 21: cpe:/o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd_616:-:*:*:*:*:*:*:* Configuration 22: cpe:/o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd_415:-:*:*:*:*:*:*:* Configuration 23: cpe:/o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd_617:-:*:*:*:*:*:*:* Configuration 24: cpe:/o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd_625:-:*:*:*:*:*:*:* Configuration 25: cpe:/o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd_650:-:*:*:*:*:*:*:* Configuration 26: cpe:/o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd_652:-:*:*:*:*:*:*:* Configuration 27: cpe:/o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd_800:-:*:*:*:*:*:*:* Configuration 28: cpe:/o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd_808:-:*:*:*:*:*:*:* Configuration 29: cpe:/o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd_810:-:*:*:*:*:*:*:* Configuration 30: cpe:/o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd_820:-:*:*:*:*:*:*:* Configuration 31: cpe:/o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd_835:-:*:*:*:*:*:*:* Configuration 32: cpe:/o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd_845:-:*:*:*:*:*:*:* Configuration 33: cpe:/o:qualcomm:sdx20_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sdx20:-:*:*:*:*:*:*:* Configuration 34: cpe:/o:qualcomm:sd_850_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd_850:-:*:*:*:*:*:*:* Configuration 35: cpe:/o:qualcomm:fsm9055_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:fsm9055:-:*:*:*:*:*:*:* Configuration 36: cpe:/o:qualcomm:sd_600_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd_600:-:*:*:*:*:*:*:* Configuration 37: cpe:/o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*AND cpe:/h:qualcomm:sd_820a:-:*:*:*:*:*:*:* Configuration CCN 1: cpe:/o:google:android:*:*:*:*:*:*:*:* Denotes that component is vulnerable |
BACK |
qualcomm mdm9206 firmware -
qualcomm mdm9206 -
qualcomm mdm9607 firmware -
qualcomm mdm9607 -
qualcomm mdm9615 firmware -
qualcomm mdm9615 -
qualcomm mdm9625 firmware -
qualcomm mdm9625 -
qualcomm mdm9635m firmware -
qualcomm mdm9635m -
qualcomm mdm9640 firmware -
qualcomm mdm9640 -
qualcomm mdm9645 firmware -
qualcomm mdm9645 -
qualcomm mdm9650 firmware -
qualcomm mdm9650 -
qualcomm mdm9655 firmware -
qualcomm mdm9655 -
qualcomm msm8909w firmware -
qualcomm msm8909w -
qualcomm sd 210 firmware -
qualcomm sd 210 -
qualcomm sd 212 firmware -
qualcomm sd 212 -
qualcomm sd 205 firmware -
qualcomm sd 205 -
qualcomm sd 400 firmware -
qualcomm sd 400 -
qualcomm sd 410 firmware -
qualcomm sd 410 -
qualcomm sd 412 firmware -
qualcomm sd 412 -
qualcomm sd 425 firmware -
qualcomm sd 425 -
qualcomm sd 430 firmware -
qualcomm sd 430 -
qualcomm sd 450 firmware -
qualcomm sd 450 -
qualcomm sd 615 firmware -
qualcomm sd 615 -
qualcomm sd 616 firmware -
qualcomm sd 616 -
qualcomm sd 415 firmware -
qualcomm sd 415 -
qualcomm sd 617 firmware -
qualcomm sd 617 -
qualcomm sd 625 firmware -
qualcomm sd 625 -
qualcomm sd 650 firmware -
qualcomm sd 650 -
qualcomm sd 652 firmware -
qualcomm sd 652 -
qualcomm sd 800 firmware -
qualcomm sd 800 -
qualcomm sd 808 firmware -
qualcomm sd 808 -
qualcomm sd 810 firmware -
qualcomm sd 810 -
qualcomm sd 820 firmware -
qualcomm sd 820 -
qualcomm sd 835 firmware -
qualcomm sd 835 -
qualcomm sd 845 firmware -
qualcomm sd 845 -
qualcomm sdx20 firmware -
qualcomm sdx20 -
qualcomm sd 850 firmware -
qualcomm sd 850 -
qualcomm fsm9055 firmware -
qualcomm fsm9055 -
qualcomm sd 600 firmware -
qualcomm sd 600 -
qualcomm sd 820a firmware -
qualcomm sd 820a -
google android *