Lucene search

QualcommCVE-2015-9221

HistoryApr 18, 2018 - 2:29 p.m.

CVE-2015-9221

2018-04-1814:29:08

CWE-476

qualcomm

web.nvd.nist.gov

android

qualcomm

snapdragon

cve-2015-9221

security patch

pointer dereference

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.5

Confidence

High

EPSS

0.002

Percentile

56.1%

JSON

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 400, SD 800, and SD 810, lack of validation of pointers passed by secure apps could lead to an untrusted pointer dereference.

Affected configurations

Nvd

Node

qualcommsd_400_firmwareMatch-

AND

qualcommsd_400Match-

Node

qualcommsd_800_firmwareMatch-

AND

qualcommsd_800Match-

Node

qualcommsd_810_firmwareMatch-

AND

qualcommsd_810Match-

VendorProductVersionCPE
qualcommsd_400_firmware-cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*
qualcommsd_400-cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*
qualcommsd_800_firmware-cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*
qualcommsd_800-cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*
qualcommsd_810_firmware-cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*
qualcommsd_810-cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
qualcomm	sd_400_firmware	-	cpe:2.3:o:qualcomm:sd_400_firmware:-:::::::*
qualcomm	sd_400	-	cpe:2.3:h:qualcomm:sd_400:-:::::::*
qualcomm	sd_800_firmware	-	cpe:2.3:o:qualcomm:sd_800_firmware:-:::::::*
qualcomm	sd_800	-	cpe:2.3:h:qualcomm:sd_800:-:::::::*
qualcomm	sd_810_firmware	-	cpe:2.3:o:qualcomm:sd_810_firmware:-:::::::*
qualcomm	sd_810	-	cpe:2.3:h:qualcomm:sd_810:-:::::::*

CNA Affected

[
  {
    "product": "Snapdragon Mobile",
    "vendor": "Qualcomm, Inc.",
    "versions": [
      {
        "status": "affected",
        "version": "SD 400, SD 800, SD 810"
      }
    ]
  }
]

References

www.securityfocus.com/bid/103671

source.android.com/security/bulletin/2018-04-01

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

8.5

Confidence

High

EPSS

0.002

Percentile

56.1%

JSON

Related for CVE-2015-9221