Vulnerability Details CVE-2015-9146
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9625, MDM9635M, MDM9645, MDM9650, MDM9655, SD 400, SD 800, SD 835, SD 845, SD 850, and SDX20, when QDI read, write, or ioctl are called, the passed-in pointer is not properly validated before accessing it for the delayed response.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 44.5%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
References
Products affected by CVE-2015-9146
-
cpe:2.3:h:qualcomm:mdm9625:-
-
cpe:2.3:h:qualcomm:mdm9635m:-
-
cpe:2.3:h:qualcomm:mdm9650:-
-
cpe:2.3:h:qualcomm:mdm9655:-
-
cpe:2.3:h:qualcomm:sd_400:-
-
cpe:2.3:h:qualcomm:sd_800:-
-
cpe:2.3:h:qualcomm:sd_835:-
-
cpe:2.3:h:qualcomm:sd_845:-
-
cpe:2.3:h:qualcomm:sd_850:-
-
cpe:2.3:h:qualcomm:sdx20:-
-
cpe:2.3:o:qualcomm:mdm9625_firmware:-
-
cpe:2.3:o:qualcomm:mdm9635m_firmware:-
-
cpe:2.3:o:qualcomm:mdm9650_firmware:-
-
cpe:2.3:o:qualcomm:mdm9655_firmware:-
-
cpe:2.3:o:qualcomm:sd_400_firmware:-
-
cpe:2.3:o:qualcomm:sd_800_firmware:-
-
cpe:2.3:o:qualcomm:sd_835_firmware:-
-
cpe:2.3:o:qualcomm:sd_845_firmware:-
-
cpe:2.3:o:qualcomm:sd_850_firmware:-
-
cpe:2.3:o:qualcomm:sdx20_firmware:-