Vulnerability Details CVE-2015-9190
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear IPQ4019, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 600, SD 615/16/SD 415, SD 808, and SD 810, if start_addr + size is too large in boot_clobber_check_local_address_range(), an integer overflow occurs, resulting in clobber protection check being bypassed and SBL memory corruption.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 50.2%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 10.0
References
Products affected by CVE-2015-9190
-
cpe:2.3:h:qualcomm:ipq4019:-
-
cpe:2.3:h:qualcomm:mdm9206:-
-
cpe:2.3:h:qualcomm:mdm9607:-
-
cpe:2.3:h:qualcomm:mdm9615:-
-
cpe:2.3:h:qualcomm:mdm9625:-
-
cpe:2.3:h:qualcomm:mdm9635m:-
-
cpe:2.3:h:qualcomm:msm8909w:-
-
cpe:2.3:h:qualcomm:sd_205:-
-
cpe:2.3:h:qualcomm:sd_210:-
-
cpe:2.3:h:qualcomm:sd_212:-
-
cpe:2.3:h:qualcomm:sd_400:-
-
cpe:2.3:h:qualcomm:sd_410:-
-
cpe:2.3:h:qualcomm:sd_412:-
-
cpe:2.3:h:qualcomm:sd_415:-
-
cpe:2.3:h:qualcomm:sd_600:-
-
cpe:2.3:h:qualcomm:sd_615:-
-
cpe:2.3:h:qualcomm:sd_616:-
-
cpe:2.3:h:qualcomm:sd_808:-
-
cpe:2.3:h:qualcomm:sd_810:-
-
cpe:2.3:o:qualcomm:ipq4019_firmware:-
-
cpe:2.3:o:qualcomm:mdm9206_firmware:-
-
cpe:2.3:o:qualcomm:mdm9607_firmware:-
-
cpe:2.3:o:qualcomm:mdm9615_firmware:-
-
cpe:2.3:o:qualcomm:mdm9625_firmware:-
-
cpe:2.3:o:qualcomm:mdm9635m_firmware:-
-
cpe:2.3:o:qualcomm:msm8909w_firmware:-
-
cpe:2.3:o:qualcomm:sd_205_firmware:-
-
cpe:2.3:o:qualcomm:sd_210_firmware:-
-
cpe:2.3:o:qualcomm:sd_212_firmware:-
-
cpe:2.3:o:qualcomm:sd_400_firmware:-
-
cpe:2.3:o:qualcomm:sd_410_firmware:-
-
cpe:2.3:o:qualcomm:sd_412_firmware:-
-
cpe:2.3:o:qualcomm:sd_415_firmware:-
-
cpe:2.3:o:qualcomm:sd_600_firmware:-
-
cpe:2.3:o:qualcomm:sd_615_firmware:-
-
cpe:2.3:o:qualcomm:sd_616_firmware:-
-
cpe:2.3:o:qualcomm:sd_808_firmware:-
-
cpe:2.3:o:qualcomm:sd_810_firmware:-