CVE-2015-9208
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear IPQ4019, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 800, and SD 810, the function tzbsp_pil_verify_sig() does not strictly check that the pointer to ELF and program headers and hash segment is within secure memory. It only checks that the address is not in non-secure memory. A given address range can overlap with both secure and non-secure regions - hence if such an address is passed in, it would not pass the non-secure range check, and would be considered valid by the function, even though that memory area could be modified by the non-secure side.
En Android antes del nivel de parcheo de seguridad del 2018-04-05 o antes en Qualcomm Snapdragon Mobile y Snapdragon Wear IPQ4019, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 800 y SD 810, la función tzbsp_pil_verify_sig() no comprueba de forma estricta que el puntero a ELF y las cabeceras de programa y segmentos de hash se encuentren en la memoria segura. Solo comprueba que la dirección no esté en la memoria no segura. Un rango de direcciones dado puede solaparse con regiones seguras y no seguras. Por lo tanto, si esa dirección se pasa, no pasaría la comprobación de rango no seguro y se consideraría válida para la función, incluso aunque ese área de memoria podría ser modificada por el lado no seguro.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2017-08-16 CVE Reserved
- 2018-04-18 CVE Published
- 2023-09-09 EPSS Updated
- 2024-09-16 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| http://www.securityfocus.com/bid/103671 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://source.android.com/security/bulletin/2018-04-01 | 2018-05-09 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Qualcomm Search vendor "Qualcomm" | Mdm9206 Firmware Search vendor "Qualcomm" for product "Mdm9206 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Mdm9206 Search vendor "Qualcomm" for product "Mdm9206" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Mdm9607 Firmware Search vendor "Qualcomm" for product "Mdm9607 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Mdm9607 Search vendor "Qualcomm" for product "Mdm9607" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Ipq4019 Firmware Search vendor "Qualcomm" for product "Ipq4019 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Ipq4019 Search vendor "Qualcomm" for product "Ipq4019" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Mdm9635m Firmware Search vendor "Qualcomm" for product "Mdm9635m Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Mdm9635m Search vendor "Qualcomm" for product "Mdm9635m" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Mdm9640 Firmware Search vendor "Qualcomm" for product "Mdm9640 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Mdm9640 Search vendor "Qualcomm" for product "Mdm9640" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Mdm9645 Firmware Search vendor "Qualcomm" for product "Mdm9645 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Mdm9645 Search vendor "Qualcomm" for product "Mdm9645" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Msm8909w Firmware Search vendor "Qualcomm" for product "Msm8909w Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Msm8909w Search vendor "Qualcomm" for product "Msm8909w" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sd 210 Firmware Search vendor "Qualcomm" for product "Sd 210 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sd 210 Search vendor "Qualcomm" for product "Sd 210" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sd 212 Firmware Search vendor "Qualcomm" for product "Sd 212 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sd 212 Search vendor "Qualcomm" for product "Sd 212" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sd 205 Firmware Search vendor "Qualcomm" for product "Sd 205 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sd 205 Search vendor "Qualcomm" for product "Sd 205" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sd 400 Firmware Search vendor "Qualcomm" for product "Sd 400 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sd 400 Search vendor "Qualcomm" for product "Sd 400" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sd 410 Firmware Search vendor "Qualcomm" for product "Sd 410 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sd 410 Search vendor "Qualcomm" for product "Sd 410" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sd 412 Firmware Search vendor "Qualcomm" for product "Sd 412 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sd 412 Search vendor "Qualcomm" for product "Sd 412" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sd 615 Firmware Search vendor "Qualcomm" for product "Sd 615 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sd 615 Search vendor "Qualcomm" for product "Sd 615" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sd 616 Firmware Search vendor "Qualcomm" for product "Sd 616 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sd 616 Search vendor "Qualcomm" for product "Sd 616" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sd 415 Firmware Search vendor "Qualcomm" for product "Sd 415 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sd 415 Search vendor "Qualcomm" for product "Sd 415" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sd 800 Firmware Search vendor "Qualcomm" for product "Sd 800 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sd 800 Search vendor "Qualcomm" for product "Sd 800" | - | - |
Safe
|
| Qualcomm Search vendor "Qualcomm" | Sd 810 Firmware Search vendor "Qualcomm" for product "Sd 810 Firmware" | - | - |
Affected
| in | Qualcomm Search vendor "Qualcomm" | Sd 810 Search vendor "Qualcomm" for product "Sd 810" | - | - |
Safe
|