CVE-2015-9148 - NVD | ByteOS Network

NVD Vulnerability Details :

CVE-2015-9148

Analyzed

More Info Official Page

Source-product-security@qualcomm.com

Published At-18 Apr, 2018 | 14:29

Updated At-09 May, 2018 | 16:45

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, SD 400, SD 425, SD 430, SD 450, SD 600, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, and SDX20, in the Diag User-PD command registration function, a length variable used during buffer allocation is not checked, so if it is very large, an integer overflow followed by a buffer overflow occurs.

Metrics

Type	Version	Base score	Base severity	Vector
Primary	3.0	9.8	CRITICAL	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary	2.0	10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C

Type: Primary

Version: 3.0

Base score: 9.8

Base severity: CRITICAL

Vector:

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Type: Primary

Version: 2.0

Base score: 10.0

Base severity: HIGH

Vector:

AV:N/AC:L/Au:N/C:C/I:C/A:C

CPE Matches

Qualcomm Technologies, Inc.

>>mdm9625_firmware>>-

cpe:2.3:o:qualcomm:mdm9625_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:mdm9625:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>mdm9635m_firmware>>-

cpe:2.3:o:qualcomm:mdm9635m_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:mdm9635m:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>mdm9640_firmware>>-

cpe:2.3:o:qualcomm:mdm9640_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:mdm9640:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>mdm9645_firmware>>-

cpe:2.3:o:qualcomm:mdm9645_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:mdm9645:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>mdm9650_firmware>>-

cpe:2.3:o:qualcomm:mdm9650_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:mdm9650:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>mdm9655_firmware>>-

cpe:2.3:o:qualcomm:mdm9655_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:mdm9655:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sd_400_firmware>>-

cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sd_425_firmware>>-

cpe:2.3:o:qualcomm:sd_425_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:sd_425:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sd_430_firmware>>-

cpe:2.3:o:qualcomm:sd_430_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:sd_430:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sd_450_firmware>>-

cpe:2.3:o:qualcomm:sd_450_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:sd_450:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sd_600_firmware>>-

cpe:2.3:o:qualcomm:sd_600_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:sd_600:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sd_617_firmware>>-

cpe:2.3:o:qualcomm:sd_617_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:sd_617:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sd_625_firmware>>-

cpe:2.3:o:qualcomm:sd_625_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:sd_625:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sd_650_firmware>>-

cpe:2.3:o:qualcomm:sd_650_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:sd_650:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sd_652_firmware>>-

cpe:2.3:o:qualcomm:sd_652_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:sd_652:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sd_800_firmware>>-

cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sd_808_firmware>>-

cpe:2.3:o:qualcomm:sd_808_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:sd_808:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sd_810_firmware>>-

cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sd_820_firmware>>-

cpe:2.3:o:qualcomm:sd_820_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:sd_820:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sd_835_firmware>>-

cpe:2.3:o:qualcomm:sd_835_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:sd_835:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sd_845_firmware>>-

cpe:2.3:o:qualcomm:sd_845_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:sd_845:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sdx20_firmware>>-

cpe:2.3:o:qualcomm:sdx20_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sdx20>>-

cpe:2.3:h:qualcomm:sdx20:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sd_850_firmware>>-

cpe:2.3:o:qualcomm:sd_850_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:sd_850:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

>>sd_820a_firmware>>-

cpe:2.3:o:qualcomm:sd_820a_firmware:-:*:*:*:*:*:*:*

Qualcomm Technologies, Inc.

cpe:2.3:h:qualcomm:sd_820a:-:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-119	Primary	nvd@nist.gov
CWE-190	Primary	nvd@nist.gov

CWE ID: CWE-119

Type: Primary

Source: nvd@nist.gov

CWE ID: CWE-190

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://www.securityfocus.com/bid/103671	product-security@qualcomm.com	Third Party Advisory VDB Entry
https://source.android.com/security/bulletin/2018-04-01	product-security@qualcomm.com	Vendor Advisory

Hyperlink: http://www.securityfocus.com/bid/103671

Source: product-security@qualcomm.com

Resource:

Third Party Advisory

VDB Entry

Hyperlink: https://source.android.com/security/bulletin/2018-04-01

Source: product-security@qualcomm.com

Resource:

Vendor Advisory