Lucene search

QualcommCVE-2015-9124

HistoryApr 18, 2018 - 2:29 p.m.

CVE-2015-9124

2018-04-1814:29:03

CWE-476

qualcomm

web.nvd.nist.gov

cve-2015-9124

android

security

vulnerability

qualcomm

snapdragon

mdm9625

mdm9635m

mdm9640

mdm9645

sd 210

sd 212

sd 205

sd 400

sd 410

sd 412

sd 615

sd 616

sd 415

sd 800

sd 808

sd 810

nvd

CVSS2

8.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:P/I:N/A:C

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

AI Score

8.3

Confidence

High

EPSS

0.001

Percentile

50.5%

JSON

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9625, MDM9635M, MDM9640, MDM9645, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 800, SD 808, and SD 810, the device may crash while accessing an invalid pointer or expose otherwise inaccessible memory contents.

Affected configurations

Nvd

Node

qualcommmdm9625_firmwareMatch-

AND

qualcommmdm9625Match-

Node

qualcommmdm9635m_firmwareMatch-

AND

qualcommmdm9635mMatch-

Node

qualcommmdm9640_firmwareMatch-

AND

qualcommmdm9640Match-

Node

qualcommmdm9645_firmwareMatch-

AND

qualcommmdm9645Match-

Node

qualcommsd_210_firmwareMatch-

AND

qualcommsd_210Match-

Node

qualcommsd_212_firmwareMatch-

AND

qualcommsd_212Match-

Node

qualcommsd_205_firmwareMatch-

AND

qualcommsd_205Match-

Node

qualcommsd_400_firmwareMatch-

AND

qualcommsd_400Match-

Node

qualcommsd_410_firmwareMatch-

AND

qualcommsd_410Match-

Node

qualcommsd_412_firmwareMatch-

AND

qualcommsd_412Match-

Node

qualcommsd_615_firmwareMatch-

AND

qualcommsd_615Match-

Node

qualcommsd_616_firmwareMatch-

AND

qualcommsd_616Match-

Node

qualcommsd_415_firmwareMatch-

AND

qualcommsd_415Match-

Node

qualcommsd_800_firmwareMatch-

AND

qualcommsd_800Match-

Node

qualcommsd_808_firmwareMatch-

AND

qualcommsd_808Match-

Node

qualcommsd_810_firmwareMatch-

AND

qualcommsd_810Match-

VendorProductVersionCPE
qualcommmdm9625_firmware-cpe:2.3:o:qualcomm:mdm9625_firmware:-:*:*:*:*:*:*:*
qualcommmdm9625-cpe:2.3:h:qualcomm:mdm9625:-:*:*:*:*:*:*:*
qualcommmdm9635m_firmware-cpe:2.3:o:qualcomm:mdm9635m_firmware:-:*:*:*:*:*:*:*
qualcommmdm9635m-cpe:2.3:h:qualcomm:mdm9635m:-:*:*:*:*:*:*:*
qualcommmdm9640_firmware-cpe:2.3:o:qualcomm:mdm9640_firmware:-:*:*:*:*:*:*:*
qualcommmdm9640-cpe:2.3:h:qualcomm:mdm9640:-:*:*:*:*:*:*:*
qualcommmdm9645_firmware-cpe:2.3:o:qualcomm:mdm9645_firmware:-:*:*:*:*:*:*:*
qualcommmdm9645-cpe:2.3:h:qualcomm:mdm9645:-:*:*:*:*:*:*:*
qualcommsd_210_firmware-cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*
qualcommsd_210-cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
qualcomm	mdm9625_firmware	-	cpe:2.3:o:qualcomm:mdm9625_firmware:-:::::::*
qualcomm	mdm9625	-	cpe:2.3:h:qualcomm:mdm9625:-:::::::*
qualcomm	mdm9635m_firmware	-	cpe:2.3:o:qualcomm:mdm9635m_firmware:-:::::::*
qualcomm	mdm9635m	-	cpe:2.3:h:qualcomm:mdm9635m:-:::::::*
qualcomm	mdm9640_firmware	-	cpe:2.3:o:qualcomm:mdm9640_firmware:-:::::::*
qualcomm	mdm9640	-	cpe:2.3:h:qualcomm:mdm9640:-:::::::*
qualcomm	mdm9645_firmware	-	cpe:2.3:o:qualcomm:mdm9645_firmware:-:::::::*
qualcomm	mdm9645	-	cpe:2.3:h:qualcomm:mdm9645:-:::::::*
qualcomm	sd_210_firmware	-	cpe:2.3:o:qualcomm:sd_210_firmware:-:::::::*
qualcomm	sd_210	-	cpe:2.3:h:qualcomm:sd_210:-:::::::*

Rows per page:

1-10 of 321

CNA Affected

[
  {
    "product": "Snapdragon Mobile",
    "vendor": "Qualcomm, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "MDM9625, MDM9635M, MDM9640, MDM9645, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 800, SD 808, SD 810"
      }
    ]
  }
]

References

www.securityfocus.com/bid/103671

source.android.com/security/bulletin/2018-04-01

CVSS2

8.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:P/I:N/A:C

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

AI Score

8.3

Confidence

High

EPSS

0.001

Percentile

50.5%

JSON

Related for CVE-2015-9124