PT-2018-4520 · Qualcomm+1 · Snapdragon Automobile+3
Published
2018-04-18
·
Updated
2018-05-09
·
CVE-2015-9187
CVSS v2.0
10
High
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Android versions prior to 2018-04-05 security patch level
Description
The issue is related to a lack of buffer length validation in the
pvr cmd handler function, which can lead to unauthorized access to secure memory. This affects Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850.Recommendations
For Android versions prior to 2018-04-05 security patch level, update to a version with a security patch level of 2018-04-05 or later to resolve the issue. As a temporary workaround, consider restricting access to secure memory until a patch is available.
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Android
Snapdragon Automobile
Snapdragon Mobile
Snapdragon Wear