Sign-up

ID

VAR-201804-0111


CVE

CVE-2015-9127


TITLE

plural Qualcomm Run on product Android In NULL Pointer dereference vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-003919

DESCRIPTION

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, and SD 810, possible null pointer dereference occurs due to failure of memory allocation when a large value is passed for buffer allocation in the Playready App. plural Qualcomm Run on product Android Is NULL A vulnerability related to pointer dereference exists.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Google Android is prone to multiple unspecified security vulnerabilities. Little is known about these issues or its effects at this time. We will update this BID as more information emerges. Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance (OHA). Playready App is one of those digital rights protection programs. Qualcomm MSM8909W, etc. are the central processing unit (CPU) products of Qualcomm (Qualcomm). The vulnerability stems from a memory allocation failure in the program when a large value is used to allocate a buffer. A remote attacker could exploit this vulnerability to cause a system crash (null pointer backreference). The following products (for mobile devices and watches) are affected: Qualcomm MSM8909W; SD 210; SD 212; SD 205; SD 400; SD 410/12; SD 615/16; SD 415; SD 810

Trust: 2.07

sources: NVD: CVE-2015-9127 // JVNDB: JVNDB-2018-003919 // BID: 103671 // VULHUB: VHN-87088 // VULMON: CVE-2015-9127

AFFECTED PRODUCTS

vendor:qualcommmodel:sd 210scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 212scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 205scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 810scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 615scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 400scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 410scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 412scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 616scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 415scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:msm8909wscope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:msm8909wscope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 205scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 210scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 212scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 400scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 410scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 412scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 415scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 615scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 616scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 810scope: - version: -

Trust: 0.8

vendor:googlemodel:pixel xlscope:eqversion:0

Trust: 0.3

vendor:googlemodel:pixel cscope:eqversion:0

Trust: 0.3

vendor:googlemodel:pixel xlscope:eqversion:20

Trust: 0.3

vendor:googlemodel:pixelscope:eqversion:20

Trust: 0.3

vendor:googlemodel:pixelscope:eqversion:0

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:9

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:7

Trust: 0.3

vendor:googlemodel:nexus 6pscope: - version: -

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:6

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:5x

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:5

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:4

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:10

Trust: 0.3

vendor:googlemodel:androidscope:eqversion:0

Trust: 0.3

sources: BID: 103671 // JVNDB: JVNDB-2018-003919 // CNNVD: CNNVD-201804-1023 // NVD: CVE-2015-9127

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-9127
value: CRITICAL

Trust: 1.0

NVD: CVE-2015-9127
value: CRITICAL

Trust: 0.8

CNNVD: CNNVD-201804-1023
value: CRITICAL

Trust: 0.6

VULHUB: VHN-87088
value: HIGH

Trust: 0.1

VULMON: CVE-2015-9127
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-2015-9127
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-87088
severity: HIGH
baseScore: 10.0
vectorString: AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 10.0
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2015-9127
baseSeverity: CRITICAL
baseScore: 9.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-87088 // VULMON: CVE-2015-9127 // JVNDB: JVNDB-2018-003919 // CNNVD: CNNVD-201804-1023 // NVD: CVE-2015-9127

PROBLEMTYPE DATA

problemtype:CWE-476

Trust: 1.9

sources: VULHUB: VHN-87088 // JVNDB: JVNDB-2018-003919 // NVD: CVE-2015-9127

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201804-1023

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201804-1023

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-003919

PATCH
title:Android のセキュリティに関する公開情報 - 2018 年 4 月url:https://source.android.com/security/bulletin/2018-04-01
Trust: 0.8
title:Android Playready App Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=80379
Trust: 0.6
title:Android Security Bulletins: Android Security Bulletin—April 2018url:https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins&qid=068d787c35ce8cea494780f9a47b5827
Trust: 0.1
sources:
            
            
            VULMON: CVE-2015-9127 // 
            
            
            
            JVNDB: JVNDB-2018-003919 // 
            
            
            
            CNNVD: CNNVD-201804-1023

EXTERNAL IDS
db:NVDid:CVE-2015-9127
Trust: 2.9
db:BIDid:103671
Trust: 1.5
db:JVNDBid:JVNDB-2018-003919
Trust: 0.8
db:CNNVDid:CNNVD-201804-1023
Trust: 0.6
db:VULHUBid:VHN-87088
Trust: 0.1
db:VULMONid:CVE-2015-9127
Trust: 0.1
sources:
            
            
            VULHUB: VHN-87088 // 
            
            
            
            VULMON: CVE-2015-9127 // 
            
            
            
            BID: 103671 // 
            
            
            
            JVNDB: JVNDB-2018-003919 // 
            
            
            
            CNNVD: CNNVD-201804-1023 // 
            
            
            
            NVD: CVE-2015-9127

REFERENCES
url:https://source.android.com/security/bulletin/2018-04-01
Trust: 2.1
url:http://www.securityfocus.com/bid/103671
Trust: 1.3
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-9127
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2015-9127
Trust: 0.8
url:http://code.google.com/android/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/476.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://source.android.com/security/bulletin/2018-04-01.html
Trust: 0.1
sources:
            
            
            VULHUB: VHN-87088 // 
            
            
            
            VULMON: CVE-2015-9127 // 
            
            
            
            BID: 103671 // 
            
            
            
            JVNDB: JVNDB-2018-003919 // 
            
            
            
            CNNVD: CNNVD-201804-1023 // 
            
            
            
            NVD: CVE-2015-9127

CREDITS
The vendor reported these issues.
Trust: 0.3
sources:
            
            
            BID: 103671

SOURCES
db:VULHUBid:VHN-87088
db:VULMONid:CVE-2015-9127
db:BIDid:103671
db:JVNDBid:JVNDB-2018-003919
db:CNNVDid:CNNVD-201804-1023
db:NVDid:CVE-2015-9127

LAST UPDATE DATE
2024-11-23T21:39:26.773000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-87088date:2018-05-10T00:00:00
db:VULMONid:CVE-2015-9127date:2018-05-10T00:00:00
db:BIDid:103671date:2018-04-05T00:00:00
db:JVNDBid:JVNDB-2018-003919date:2018-06-06T00:00:00
db:CNNVDid:CNNVD-201804-1023date:2018-05-29T00:00:00
db:NVDid:CVE-2015-9127date:2024-11-21T02:39:51.470

SOURCES RELEASE DATE
db:VULHUBid:VHN-87088date:2018-04-18T00:00:00
db:VULMONid:CVE-2015-9127date:2018-04-18T00:00:00
db:BIDid:103671date:2018-04-05T00:00:00
db:JVNDBid:JVNDB-2018-003919date:2018-06-06T00:00:00
db:CNNVDid:CNNVD-201804-1023date:2018-04-18T00:00:00
db:NVDid:CVE-2015-9127date:2018-04-18T14:29:03.667