Vulnerability Details CVE-2015-9150
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9625, MDM9635M, SD 400, and SD 800, while computing the length of memory allocated for a Diag event, if the buffer length is very small or greater than the maximum, an integer overflow may occur, which later results in a buffer overflow.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 46.3%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
References
Products affected by CVE-2015-9150
-
cpe:2.3:h:qualcomm:mdm9625:-
-
cpe:2.3:h:qualcomm:mdm9635m:-
-
cpe:2.3:h:qualcomm:sd_400:-
-
cpe:2.3:h:qualcomm:sd_800:-
-
cpe:2.3:o:qualcomm:mdm9625_firmware:-
-
cpe:2.3:o:qualcomm:mdm9635m_firmware:-
-
cpe:2.3:o:qualcomm:sd_400_firmware:-
-
cpe:2.3:o:qualcomm:sd_800_firmware:-