CVE-2015-9221

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 400, SD 800, and SD 810, lack of validation of pointers passed by secure apps could lead to an untrusted pointer dereference.

CVSS v3 9.8 CRITICAL
CVSS v2.0 10.0 HIGH

9.8^/10

CVSS v3 : CRITICAL

Vector : AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

10.0^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C

Exploitability : 10.0 / Impact : 10.0

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.securityfocus.com/bid/103671	Third Party Advisory VDB Entry
https://source.android.com/security/bulletin/2018-04-01	Vendor Advisory
http://www.securityfocus.com/bid/103671	Third Party Advisory VDB Entry
https://source.android.com/security/bulletin/2018-04-01	Vendor Advisory

Configurations

Configuration 1 (hide)

AND

cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*

Configuration 2 (hide)

AND

cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*

Configuration 3 (hide)

AND

cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*

History

No history.

Information

Published : 2018-04-18 14:29

Updated : 2024-11-21 02:40

NVD link : CVE-2015-9221

Mitre link : CVE-2015-9221

CVE.ORG link : CVE-2015-9221

JSON object : View

Products Affected

qualcomm

sd_800_firmware
sd_810
sd_400_firmware
sd_800
sd_400
sd_810_firmware

CWE

CWE-476

NULL Pointer Dereference

{"id": "CVE-2015-9221", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 10.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": true, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2018-04-18T14:29:08.980", "references": [{"url": "http://www.securityfocus.com/bid/103671", "tags": ["Third Party Advisory", "VDB Entry"], "source": "product-security@qualcomm.com"}, {"url": "https://source.android.com/security/bulletin/2018-04-01", "tags": ["Vendor Advisory"], "source": "product-security@qualcomm.com"}, {"url": "http://www.securityfocus.com/bid/103671", "tags": ["Third Party Advisory", "VDB Entry"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://source.android.com/security/bulletin/2018-04-01", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-476"}]}], "descriptions": [{"lang": "en", "value": "In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 400, SD 800, and SD 810, lack of validation of pointers passed by secure apps could lead to an untrusted pointer dereference."}, {"lang": "es", "value": "En Android, antes del nivel de parche de seguridad del 2018-04-05 o antes en Qualcomm Snapdragon Mobile SD 400, SD 800 y SD 810, la falta de validaci\u00f3n de punteros pasados por aplicaciones seguras podr\u00eda desembocar en una desreferencia de puntero no fiable."}], "lastModified": "2024-11-21T02:40:05.017", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AC3C20F8-9EFD-457C-B0B2-DA3C44A8B26D"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "4B562043-7A0C-4692-A94F-EF4086BAA654"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "67E0DD11-0B28-4B6D-BDB7-0DBFA34A7187"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "551512D0-ED24-4B5A-BEB2-B090BB8DEE0C"}], "operator": "OR"}], "operator": "AND"}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "95B4B4D4-0357-4E1D-9B72-635106D632CF"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2F992088-5E31-4625-8C3B-CE7F946C61F2"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "product-security@qualcomm.com"}