Details of VAR-201804-0014

ID

VAR-201804-0014

CVE

CVE-2015-9194

TITLE

plural Qualcomm Run on product Android Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2018-003877

DESCRIPTION

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 210/SD 212/SD 205, SD 400, SD 425, SD 427, SD 430, SD 435, SD 450, SD 617, SD 625, SD 650/52, SD 800, SD 845, and Snapdragon_High_Med_2016, during module load at TZ Startup, memory statically allocated by modules was not being properly set to zero first. Allowing the module to execute without reset gives it access to information from previous app thus leading to information exposure. plural Qualcomm Run on product Android Contains an information disclosure vulnerability.Information may be obtained. Google Android is prone to multiple unspecified security vulnerabilities. Little is known about these issues or its effects at this time. We will update this BID as more information emerges. Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance (OHA). Qualcomm SD 210, etc. are the central processing unit (CPU) products of Qualcomm (Qualcomm). The vulnerability stems from the fact that the program does not correctly set the statically allocated memory of the module to 0. A remote attacker could exploit this vulnerability to disclose information about previously opened applications

Trust: 2.07

sources: NVD: CVE-2015-9194 // JVNDB: JVNDB-2018-003877 // BID: 103671 // VULHUB: VHN-87155 // VULMON: CVE-2015-9194

AFFECTED PRODUCTS

vendor:	qualcomm	model:	sd 625	scope:	eq	version:	-	Trust: 1.6
vendor:	qualcomm	model:	sd 800	scope:	eq	version:	-	Trust: 1.6
vendor:	qualcomm	model:	sd 650	scope:	eq	version:	-	Trust: 1.6
vendor:	qualcomm	model:	sd 400	scope:	eq	version:	-	Trust: 1.6
vendor:	qualcomm	model:	sd 845	scope:	eq	version:	-	Trust: 1.6
vendor:	qualcomm	model:	sd 425	scope:	eq	version:	-	Trust: 1.6
vendor:	qualcomm	model:	sd 430	scope:	eq	version:	-	Trust: 1.6
vendor:	qualcomm	model:	sd 617	scope:	eq	version:	-	Trust: 1.6
vendor:	qualcomm	model:	sd 652	scope:	eq	version:	-	Trust: 1.6
vendor:	qualcomm	model:	sd 450	scope:	eq	version:	-	Trust: 1.6
vendor:	qualcomm	model:	sd 210	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 205	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 435	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 427	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 212	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 205	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 210	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 212	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 400	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 425	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 427	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 430	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 435	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 450	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 617	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 625	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 650	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 652	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 800	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 845	scope:	-	version:	-	Trust: 0.8
vendor:	google	model:	pixel xl	scope:	eq	version:	0	Trust: 0.3
vendor:	google	model:	pixel c	scope:	eq	version:	0	Trust: 0.3
vendor:	google	model:	pixel xl	scope:	eq	version:	20	Trust: 0.3
vendor:	google	model:	pixel	scope:	eq	version:	20	Trust: 0.3
vendor:	google	model:	pixel	scope:	eq	version:	0	Trust: 0.3
vendor:	google	model:	nexus	scope:	eq	version:	9	Trust: 0.3
vendor:	google	model:	nexus	scope:	eq	version:	7	Trust: 0.3
vendor:	google	model:	nexus 6p	scope:	-	version:	-	Trust: 0.3
vendor:	google	model:	nexus	scope:	eq	version:	6	Trust: 0.3
vendor:	google	model:	nexus	scope:	eq	version:	5x	Trust: 0.3
vendor:	google	model:	nexus	scope:	eq	version:	5	Trust: 0.3
vendor:	google	model:	nexus	scope:	eq	version:	4	Trust: 0.3
vendor:	google	model:	nexus	scope:	eq	version:	10	Trust: 0.3
vendor:	google	model:	android	scope:	eq	version:	0	Trust: 0.3

sources: BID: 103671 // JVNDB: JVNDB-2018-003877 // CNNVD: CNNVD-201804-959 // NVD: CVE-2015-9194

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-9194
value:	HIGH
Trust: 1.0
NVD:	CVE-2015-9194
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-201804-959
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-87155
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2015-9194
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2015-9194
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-87155
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2015-9194
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-87155 // VULMON: CVE-2015-9194 // JVNDB: JVNDB-2018-003877 // CNNVD: CNNVD-201804-959 // NVD: CVE-2015-9194

PROBLEMTYPE DATA

problemtype:

CWE-200

Trust: 1.9

sources: VULHUB: VHN-87155 // JVNDB: JVNDB-2018-003877 // NVD: CVE-2015-9194

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201804-959

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201804-959

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-003877

PATCH

title:	Android のセキュリティに関する公開情報 - 2018 年 4 月	url:	https://source.android.com/security/bulletin/2018-04-01	Trust: 0.8
title:	Android Qualcomm Repair measures for closed source component information disclosure vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=80315	Trust: 0.6
title:	Android Security Bulletins: Android Security Bulletin—April 2018	url:	https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins&qid=068d787c35ce8cea494780f9a47b5827	Trust: 0.1

sources: VULMON: CVE-2015-9194 // JVNDB: JVNDB-2018-003877 // CNNVD: CNNVD-201804-959

EXTERNAL IDS

db:	NVD	id:	CVE-2015-9194	Trust: 2.9
db:	BID	id:	103671	Trust: 1.5
db:	JVNDB	id:	JVNDB-2018-003877	Trust: 0.8
db:	CNNVD	id:	CNNVD-201804-959	Trust: 0.7
db:	VULHUB	id:	VHN-87155	Trust: 0.1
db:	VULMON	id:	CVE-2015-9194	Trust: 0.1

sources: VULHUB: VHN-87155 // VULMON: CVE-2015-9194 // BID: 103671 // JVNDB: JVNDB-2018-003877 // CNNVD: CNNVD-201804-959 // NVD: CVE-2015-9194

REFERENCES

url:	https://source.android.com/security/bulletin/2018-04-01	Trust: 2.1
url:	http://www.securityfocus.com/bid/103671	Trust: 1.3
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-9194	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2015-9194	Trust: 0.8
url:	http://code.google.com/android/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/200.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://source.android.com/security/bulletin/2018-04-01.html	Trust: 0.1

sources: VULHUB: VHN-87155 // VULMON: CVE-2015-9194 // BID: 103671 // JVNDB: JVNDB-2018-003877 // CNNVD: CNNVD-201804-959 // NVD: CVE-2015-9194

CREDITS

The vendor reported these issues.

Trust: 0.3

sources: BID: 103671

SOURCES

db:	VULHUB	id:	VHN-87155
db:	VULMON	id:	CVE-2015-9194
db:	BID	id:	103671
db:	JVNDB	id:	JVNDB-2018-003877
db:	CNNVD	id:	CNNVD-201804-959
db:	NVD	id:	CVE-2015-9194

LAST UPDATE DATE

2024-08-14T13:28:43.383000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-87155	date:	2018-05-09T00:00:00
db:	VULMON	id:	CVE-2015-9194	date:	2018-05-09T00:00:00
db:	BID	id:	103671	date:	2018-04-05T00:00:00
db:	JVNDB	id:	JVNDB-2018-003877	date:	2018-06-05T00:00:00
db:	CNNVD	id:	CNNVD-201804-959	date:	2018-05-24T00:00:00
db:	NVD	id:	CVE-2015-9194	date:	2018-05-09T15:05:07.017

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-87155	date:	2018-04-18T00:00:00
db:	VULMON	id:	CVE-2015-9194	date:	2018-04-18T00:00:00
db:	BID	id:	103671	date:	2018-04-05T00:00:00
db:	JVNDB	id:	JVNDB-2018-003877	date:	2018-06-05T00:00:00
db:	CNNVD	id:	CNNVD-201804-959	date:	2018-04-18T00:00:00
db:	NVD	id:	CVE-2015-9194	date:	2018-04-18T14:29:07.637