ID

VAR-201804-0014


CVE

CVE-2015-9194


TITLE

plural Qualcomm Run on product Android Vulnerable to information disclosure

Trust: 0.8

sources: JVNDB: JVNDB-2018-003877

DESCRIPTION

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 210/SD 212/SD 205, SD 400, SD 425, SD 427, SD 430, SD 435, SD 450, SD 617, SD 625, SD 650/52, SD 800, SD 845, and Snapdragon_High_Med_2016, during module load at TZ Startup, memory statically allocated by modules was not being properly set to zero first. Allowing the module to execute without reset gives it access to information from previous app thus leading to information exposure. plural Qualcomm Run on product Android Contains an information disclosure vulnerability.Information may be obtained. Google Android is prone to multiple unspecified security vulnerabilities. Little is known about these issues or its effects at this time. We will update this BID as more information emerges. Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance (OHA). Qualcomm SD 210, etc. are the central processing unit (CPU) products of Qualcomm (Qualcomm). The vulnerability stems from the fact that the program does not correctly set the statically allocated memory of the module to 0. A remote attacker could exploit this vulnerability to disclose information about previously opened applications

Trust: 2.07

sources: NVD: CVE-2015-9194 // JVNDB: JVNDB-2018-003877 // BID: 103671 // VULHUB: VHN-87155 // VULMON: CVE-2015-9194

AFFECTED PRODUCTS

vendor:qualcommmodel:sd 625scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 800scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 650scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 400scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 845scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 425scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 430scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 617scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 652scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 450scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 205scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 427scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 435scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 212scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 210scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:sd 205scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 210scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 212scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 400scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 425scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 427scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 430scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 435scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 450scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 617scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 625scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 650scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 652scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 800scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 845scope: - version: -

Trust: 0.8

vendor:googlemodel:pixel xlscope:eqversion:0

Trust: 0.3

vendor:googlemodel:pixel cscope:eqversion:0

Trust: 0.3

vendor:googlemodel:pixel xlscope:eqversion:20

Trust: 0.3

vendor:googlemodel:pixelscope:eqversion:20

Trust: 0.3

vendor:googlemodel:pixelscope:eqversion:0

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:9

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:7

Trust: 0.3

vendor:googlemodel:nexus 6pscope: - version: -

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:6

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:5x

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:5

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:4

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:10

Trust: 0.3

vendor:googlemodel:androidscope:eqversion:0

Trust: 0.3

sources: BID: 103671 // JVNDB: JVNDB-2018-003877 // CNNVD: CNNVD-201804-959 // NVD: CVE-2015-9194

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-9194
value: HIGH

Trust: 1.0

NVD: CVE-2015-9194
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201804-959
value: MEDIUM

Trust: 0.6

VULHUB: VHN-87155
value: MEDIUM

Trust: 0.1

VULMON: CVE-2015-9194
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-9194
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-87155
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2015-9194
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-87155 // VULMON: CVE-2015-9194 // JVNDB: JVNDB-2018-003877 // CNNVD: CNNVD-201804-959 // NVD: CVE-2015-9194

PROBLEMTYPE DATA

problemtype:CWE-200

Trust: 1.9

sources: VULHUB: VHN-87155 // JVNDB: JVNDB-2018-003877 // NVD: CVE-2015-9194

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201804-959

TYPE

information disclosure

Trust: 0.6

sources: CNNVD: CNNVD-201804-959

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-003877

PATCH

title:Android のセキュリティに関する公開情報 - 2018 年 4 月url:https://source.android.com/security/bulletin/2018-04-01

Trust: 0.8

title:Android Qualcomm Repair measures for closed source component information disclosure vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=80315

Trust: 0.6

title:Android Security Bulletins: Android Security Bulletin—April 2018url:https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins&qid=068d787c35ce8cea494780f9a47b5827

Trust: 0.1

sources: VULMON: CVE-2015-9194 // JVNDB: JVNDB-2018-003877 // CNNVD: CNNVD-201804-959

EXTERNAL IDS

db:NVDid:CVE-2015-9194

Trust: 2.9

db:BIDid:103671

Trust: 1.5

db:JVNDBid:JVNDB-2018-003877

Trust: 0.8

db:CNNVDid:CNNVD-201804-959

Trust: 0.7

db:VULHUBid:VHN-87155

Trust: 0.1

db:VULMONid:CVE-2015-9194

Trust: 0.1

sources: VULHUB: VHN-87155 // VULMON: CVE-2015-9194 // BID: 103671 // JVNDB: JVNDB-2018-003877 // CNNVD: CNNVD-201804-959 // NVD: CVE-2015-9194

REFERENCES

url:https://source.android.com/security/bulletin/2018-04-01

Trust: 2.1

url:http://www.securityfocus.com/bid/103671

Trust: 1.3

url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-9194

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2015-9194

Trust: 0.8

url:http://code.google.com/android/

Trust: 0.3

url:https://cwe.mitre.org/data/definitions/200.html

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://source.android.com/security/bulletin/2018-04-01.html

Trust: 0.1

sources: VULHUB: VHN-87155 // VULMON: CVE-2015-9194 // BID: 103671 // JVNDB: JVNDB-2018-003877 // CNNVD: CNNVD-201804-959 // NVD: CVE-2015-9194

CREDITS

The vendor reported these issues.

Trust: 0.3

sources: BID: 103671

SOURCES

db:VULHUBid:VHN-87155
db:VULMONid:CVE-2015-9194
db:BIDid:103671
db:JVNDBid:JVNDB-2018-003877
db:CNNVDid:CNNVD-201804-959
db:NVDid:CVE-2015-9194

LAST UPDATE DATE

2024-11-23T21:39:20.855000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-87155date:2018-05-09T00:00:00
db:VULMONid:CVE-2015-9194date:2018-05-09T00:00:00
db:BIDid:103671date:2018-04-05T00:00:00
db:JVNDBid:JVNDB-2018-003877date:2018-06-05T00:00:00
db:CNNVDid:CNNVD-201804-959date:2018-05-24T00:00:00
db:NVDid:CVE-2015-9194date:2024-11-21T02:40:00.930

SOURCES RELEASE DATE

db:VULHUBid:VHN-87155date:2018-04-18T00:00:00
db:VULMONid:CVE-2015-9194date:2018-04-18T00:00:00
db:BIDid:103671date:2018-04-05T00:00:00
db:JVNDBid:JVNDB-2018-003877date:2018-06-05T00:00:00
db:CNNVDid:CNNVD-201804-959date:2018-04-18T00:00:00
db:NVDid:CVE-2015-9194date:2018-04-18T14:29:07.637