CVE-2015-9146 — Improper Input Validation in INC Snapdragon Mobile

CWE-20 — Improper Input Validation4 documents4 sources

Severity

9.8CRITICALNVD

EPSS

0.2%

top 57.13%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Qualcomm INC Snapdragon Mobile Google Android

Timeline

PublishedApr 18

Latest updateMay 14

Description

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9625, MDM9635M, MDM9645, MDM9650, MDM9655, SD 400, SD 800, SD 835, SD 845, SD 850, and SDX20, when QDI read, write, or ioctl are called, the passed-in pointer is not properly validated before accessing it for the delayed response.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5qualcomm_inc/snapdragon_mobileMDM9625, MDM9635M, MDM9645, MDM9650, MDM9655, SD 400, SD 800, SD 835, SD 845, SD 850, SDX20

▶googlegoogle/android

🔴Vulnerability Details

GHSA

GHSA-fqfx-qch6-7ghh: In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9625, MDM9635M, MDM9645, MDM9650, MDM9655, SD 400, SD 80↗2022-05-14

▶

💥Exploits & PoCs

Exploit-DB

Fiyo CMS 2.0.1.8 - Multiple Vulnerabilities↗2015-03-31

▶

📋Vendor Advisories

Android

CVE-2015-9146: Closed-source component↗2018-04-01

▶