PT-2018-4500 · Google · Android

Published

2018-04-18

Updated

2018-05-11

CVE-2015-9166

CVSS v2.0

5.0

Medium

Vector

AV:N/AC:L/Au:N/C:N/I:P/A:N

Name of the Vulnerable Software and Affected Versions Android versions prior to 2018-04-05 security patch level

Description The issue concerns the DRM provisioning mechanisms in QSEE applications. These mechanisms have a feature to prevent further provisioning by creating an SFS file called finalize prov flag.data at the end of provisioning. However, the current implementation allows provisioning without sufficient checks, potentially leading to security issues.

Recommendations For Android versions prior to 2018-04-05 security patch level, update to a version with a security patch level of 2018-04-05 or later to resolve the issue.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-19

Related Identifiers

CVE-2015-9166

Affected Products

Android

PT-2018-4500 · Google · Android

CVE-2015-9166

Weakness Enumeration

Related Identifiers

Affected Products

References · 3