CVE-2015-9222

18.04.2018, 14:29

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SDM630, SDM636, SDM660, and Snapdragon_High_Med_2016, processing erroneous bitstreams may result in a HW freeze. FW should detect the HW freeze based on watchdog timer, but because the watchdog timer is not enabled, an infinite loop occurs, resulting in a device freeze.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	7.5 HIGH	NETWORK	LOW	NONE	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
qualcomm	CNA	---				---
CVE	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 95%

Vendor	Product	Version
qualcomm	msm8909w_firmware	-
qualcomm	sd_210_firmware	-
qualcomm	sd_212_firmware	-
qualcomm	sd_205_firmware	-
qualcomm	sd_400_firmware	-
qualcomm	sd_410_firmware	-
qualcomm	sd_412_firmware	-
qualcomm	sd_425_firmware	-
qualcomm	sd_430_firmware	-
qualcomm	sd_450_firmware	-
qualcomm	sd_427_firmware	-
qualcomm	sd_435_firmware	-
qualcomm	sd_625_firmware	-
qualcomm	sd_650_firmware	-
qualcomm	sd_652_firmware	-
qualcomm	sd_800_firmware	-
qualcomm	sd_808_firmware	-
qualcomm	sd_810_firmware	-
qualcomm	sd_820_firmware	-
qualcomm	sd_835_firmware	-
qualcomm	sd_845_firmware	-
qualcomm	sdm630_firmware	-
qualcomm	sdm636_firmware	-
qualcomm	sdm660_firmware	-

𝑥

= Vulnerable software versions

Common Weakness Enumeration

CWE-399 -

References

http://www.securityfocus.com/bid/103671

https://source.android.com/security/bulletin/2018-04-01

https://www.exploit-db.com/exploits/39739/

http://www.securityfocus.com/bid/103671

https://source.android.com/security/bulletin/2018-04-01

https://www.exploit-db.com/exploits/39739/