CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2015-9157

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear IPQ4019, MDM9206, MDM9607, MDM9625, MDM9635M, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 600, SD 615/16/SD 415, SD 617, SD 650/52, SD 800, SD 808, and SD 810, in widevine_dash_cmd_handler(), rsp buffers are passed off to widevine commands. These rsp buffers have values in them, such as buffer lengths, that need to be validated to ensure that no buffer overflow/over-reads happen. However, rsp buffers are not always in locked memory, meaning a time-of-check, time-of-use issue can occur where we check that the value is valid, but then a race condition occurs where this memory is swapped out with a different, possibly out of range, value.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.002

EPSS Ranking 40.5%

CVSS Severity

CVSS v3 Score 9.8

CVSS v2 Score 10.0

References

Products affected by CVE-2015-9157

Qualcomm » Ipq4019 » Version: N/A

cpe:2.3:h:qualcomm:ipq4019:-
Qualcomm » Mdm9206 » Version: N/A

cpe:2.3:h:qualcomm:mdm9206:-
Qualcomm » Mdm9607 » Version: N/A

cpe:2.3:h:qualcomm:mdm9607:-
Qualcomm » Mdm9625 » Version: N/A

cpe:2.3:h:qualcomm:mdm9625:-
Qualcomm » Mdm9635m » Version: N/A

cpe:2.3:h:qualcomm:mdm9635m:-
Qualcomm » Msm8909w » Version: N/A

cpe:2.3:h:qualcomm:msm8909w:-
Qualcomm » Sd 205 » Version: N/A

cpe:2.3:h:qualcomm:sd_205:-
Qualcomm » Sd 210 » Version: N/A

cpe:2.3:h:qualcomm:sd_210:-
Qualcomm » Sd 212 » Version: N/A

cpe:2.3:h:qualcomm:sd_212:-
Qualcomm » Sd 400 » Version: N/A

cpe:2.3:h:qualcomm:sd_400:-
Qualcomm » Sd 410 » Version: N/A

cpe:2.3:h:qualcomm:sd_410:-
Qualcomm » Sd 412 » Version: N/A

cpe:2.3:h:qualcomm:sd_412:-
Qualcomm » Sd 415 » Version: N/A

cpe:2.3:h:qualcomm:sd_415:-
Qualcomm » Sd 600 » Version: N/A

cpe:2.3:h:qualcomm:sd_600:-
Qualcomm » Sd 615 » Version: N/A

cpe:2.3:h:qualcomm:sd_615:-
Qualcomm » Sd 616 » Version: N/A

cpe:2.3:h:qualcomm:sd_616:-
Qualcomm » Sd 617 » Version: N/A

cpe:2.3:h:qualcomm:sd_617:-
Qualcomm » Sd 650 » Version: N/A

cpe:2.3:h:qualcomm:sd_650:-
Qualcomm » Sd 652 » Version: N/A

cpe:2.3:h:qualcomm:sd_652:-
Qualcomm » Sd 800 » Version: N/A

cpe:2.3:h:qualcomm:sd_800:-
Qualcomm » Sd 808 » Version: N/A

cpe:2.3:h:qualcomm:sd_808:-
Qualcomm » Sd 810 » Version: N/A

cpe:2.3:h:qualcomm:sd_810:-
Qualcomm » Ipq4019 Firmware » Version: N/A

cpe:2.3:o:qualcomm:ipq4019_firmware:-
Qualcomm » Mdm9206 Firmware » Version: N/A

cpe:2.3:o:qualcomm:mdm9206_firmware:-
Qualcomm » Mdm9607 Firmware » Version: N/A

cpe:2.3:o:qualcomm:mdm9607_firmware:-
Qualcomm » Mdm9625 Firmware » Version: N/A

cpe:2.3:o:qualcomm:mdm9625_firmware:-
Qualcomm » Mdm9635m Firmware » Version: N/A

cpe:2.3:o:qualcomm:mdm9635m_firmware:-
Qualcomm » Msm8909w Firmware » Version: N/A

cpe:2.3:o:qualcomm:msm8909w_firmware:-
Qualcomm » Sd 205 Firmware » Version: N/A

cpe:2.3:o:qualcomm:sd_205_firmware:-
Qualcomm » Sd 210 Firmware » Version: N/A

cpe:2.3:o:qualcomm:sd_210_firmware:-
Qualcomm » Sd 212 Firmware » Version: N/A

cpe:2.3:o:qualcomm:sd_212_firmware:-
Qualcomm » Sd 400 Firmware » Version: N/A

cpe:2.3:o:qualcomm:sd_400_firmware:-
Qualcomm » Sd 410 Firmware » Version: N/A

cpe:2.3:o:qualcomm:sd_410_firmware:-
Qualcomm » Sd 412 Firmware » Version: N/A

cpe:2.3:o:qualcomm:sd_412_firmware:-
Qualcomm » Sd 415 Firmware » Version: N/A

cpe:2.3:o:qualcomm:sd_415_firmware:-
Qualcomm » Sd 600 Firmware » Version: N/A

cpe:2.3:o:qualcomm:sd_600_firmware:-
Qualcomm » Sd 615 Firmware » Version: N/A

cpe:2.3:o:qualcomm:sd_615_firmware:-
Qualcomm » Sd 616 Firmware » Version: N/A

cpe:2.3:o:qualcomm:sd_616_firmware:-
Qualcomm » Sd 617 Firmware » Version: N/A

cpe:2.3:o:qualcomm:sd_617_firmware:-
Qualcomm » Sd 650 Firmware » Version: N/A

cpe:2.3:o:qualcomm:sd_650_firmware:-
Qualcomm » Sd 652 Firmware » Version: N/A

cpe:2.3:o:qualcomm:sd_652_firmware:-
Qualcomm » Sd 800 Firmware » Version: N/A

cpe:2.3:o:qualcomm:sd_800_firmware:-
Qualcomm » Sd 808 Firmware » Version: N/A

cpe:2.3:o:qualcomm:sd_808_firmware:-
Qualcomm » Sd 810 Firmware » Version: N/A

cpe:2.3:o:qualcomm:sd_810_firmware:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2015-9157

Products

Pricing

Contact Us