Vulnerability Description
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile IPQ4019, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 800, SD 808, SD 810, SD 820, and SD 820A, A non-secure region check is done while registering QSEE buffer address which is passed by HLOS but not while logging in the QSEE buffer, so corruption of dynamically protected secure region can occur if the non-secure buffer is changed between the time it's checked and when it's used.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Qualcomm | Ipq4019 Firmware | - |
| Qualcomm | Ipq4019 | - |
| Qualcomm | Mdm9625 Firmware | - |
| Qualcomm | Mdm9625 | - |
| Qualcomm | Mdm9635M Firmware | - |
| Qualcomm | Mdm9635M | - |
| Qualcomm | Mdm9640 Firmware | - |
| Qualcomm | Mdm9640 | - |
| Qualcomm | Mdm9650 Firmware | - |
| Qualcomm | Mdm9650 | - |
| Qualcomm | Mdm9655 Firmware | - |
| Qualcomm | Mdm9655 | - |
| Qualcomm | Sd 210 Firmware | - |
| Qualcomm | Sd 210 | - |
| Qualcomm | Sd 212 Firmware | - |
| Qualcomm | Sd 212 | - |
| Qualcomm | Sd 205 Firmware | - |
| Qualcomm | Sd 205 | - |
| Qualcomm | Sd 400 Firmware | - |
| Qualcomm | Sd 400 | - |
Related Weaknesses (CWE)
References
- http://www.securityfocus.com/bid/103671Third Party AdvisoryVDB Entry
- https://source.android.com/security/bulletin/2018-04-01Vendor Advisory
- http://www.securityfocus.com/bid/103671Third Party AdvisoryVDB Entry
- https://source.android.com/security/bulletin/2018-04-01Vendor Advisory
FAQ
What is CVE-2015-9199?
CVE-2015-9199 is a vulnerability with a CVSS score of 9.8 (CRITICAL). In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile IPQ4019, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, SD 210/SD 212/SD 205, SD 400...
How severe is CVE-2015-9199?
CVE-2015-9199 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2015-9199?
Check the references section above for vendor advisories and patch information. Affected products include: Qualcomm Ipq4019 Firmware, Qualcomm Ipq4019, Qualcomm Mdm9625 Firmware, Qualcomm Mdm9625, Qualcomm Mdm9635M Firmware.