Sign-up

ID

VAR-201804-0116


CVE

CVE-2015-9132


TITLE

plural Qualcomm Run on product Android In NULL Pointer dereference vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-003826

DESCRIPTION

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Small Cell SoC FSM9055, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 800, and SD 810, possible arbitrary memory read due to untrusted pointer dereference when handling HLOS controlled values passed to the QSEE syscall helper. plural Qualcomm Run on product Android Is NULL A vulnerability related to pointer dereference exists.Information may be obtained. Google Android is prone to multiple unspecified security vulnerabilities. Little is known about these issues or its effects at this time. We will update this BID as more information emerges. Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance (OHA). Qualcomm FSM9055, etc. are the central processing unit (CPU) products of Qualcomm (Qualcomm) applied to different platforms. The vulnerability is caused by the program backreferencing untrusted pointers. A remote attacker can exploit this vulnerability to read arbitrary memory (null pointer backreference). The following products (for mobile devices and Small Cell SoCs) are affected: Qualcomm FSM9055; SD 210; SD 212; SD 205; SD 400; SD 410/12; SD 615/16; SD 415; SD 800; SD 810

Trust: 2.07

sources: NVD: CVE-2015-9132 // JVNDB: JVNDB-2018-003826 // BID: 103671 // VULHUB: VHN-87093 // VULMON: CVE-2015-9132

AFFECTED PRODUCTS

vendor:qualcommmodel:sd 212scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 205scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 810scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 800scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 615scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 400scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 410scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 412scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 616scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 415scope:eqversion: -

Trust: 1.6

vendor:qualcommmodel:sd 210scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:fsm9055scope:eqversion: -

Trust: 1.0

vendor:qualcommmodel:fsm9055scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 205scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 210scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 212scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 400scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 410scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 412scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 415scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 615scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 616scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 800scope: - version: -

Trust: 0.8

vendor:qualcommmodel:sd 810scope: - version: -

Trust: 0.8

vendor:googlemodel:pixel xlscope:eqversion:0

Trust: 0.3

vendor:googlemodel:pixel cscope:eqversion:0

Trust: 0.3

vendor:googlemodel:pixel xlscope:eqversion:20

Trust: 0.3

vendor:googlemodel:pixelscope:eqversion:20

Trust: 0.3

vendor:googlemodel:pixelscope:eqversion:0

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:9

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:7

Trust: 0.3

vendor:googlemodel:nexus 6pscope: - version: -

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:6

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:5x

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:5

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:4

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:10

Trust: 0.3

vendor:googlemodel:androidscope:eqversion:0

Trust: 0.3

sources: BID: 103671 // JVNDB: JVNDB-2018-003826 // CNNVD: CNNVD-201804-1018 // NVD: CVE-2015-9132

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-9132
value: HIGH

Trust: 1.0

NVD: CVE-2015-9132
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201804-1018
value: MEDIUM

Trust: 0.6

VULHUB: VHN-87093
value: MEDIUM

Trust: 0.1

VULMON: CVE-2015-9132
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2015-9132
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

VULHUB: VHN-87093
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2015-9132
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULHUB: VHN-87093 // VULMON: CVE-2015-9132 // JVNDB: JVNDB-2018-003826 // CNNVD: CNNVD-201804-1018 // NVD: CVE-2015-9132

PROBLEMTYPE DATA

problemtype:CWE-476

Trust: 1.9

sources: VULHUB: VHN-87093 // JVNDB: JVNDB-2018-003826 // NVD: CVE-2015-9132

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201804-1018

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201804-1018

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2018-003826

PATCH
title:Android のセキュリティに関する公開情報 - 2018 年 4 月url:https://source.android.com/security/bulletin/2018-04-01
Trust: 0.8
title:Android Qualcomm Repair measures for closed source component security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=80374
Trust: 0.6
title:Android Security Bulletins: Android Security Bulletin—April 2018url:https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins&qid=068d787c35ce8cea494780f9a47b5827
Trust: 0.1
sources:
            
            
            VULMON: CVE-2015-9132 // 
            
            
            
            JVNDB: JVNDB-2018-003826 // 
            
            
            
            CNNVD: CNNVD-201804-1018

EXTERNAL IDS
db:NVDid:CVE-2015-9132
Trust: 2.9
db:BIDid:103671
Trust: 1.5
db:JVNDBid:JVNDB-2018-003826
Trust: 0.8
db:CNNVDid:CNNVD-201804-1018
Trust: 0.7
db:VULHUBid:VHN-87093
Trust: 0.1
db:VULMONid:CVE-2015-9132
Trust: 0.1
sources:
            
            
            VULHUB: VHN-87093 // 
            
            
            
            VULMON: CVE-2015-9132 // 
            
            
            
            BID: 103671 // 
            
            
            
            JVNDB: JVNDB-2018-003826 // 
            
            
            
            CNNVD: CNNVD-201804-1018 // 
            
            
            
            NVD: CVE-2015-9132

REFERENCES
url:https://source.android.com/security/bulletin/2018-04-01
Trust: 2.1
url:http://www.securityfocus.com/bid/103671
Trust: 1.3
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-9132
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2015-9132
Trust: 0.8
url:http://code.google.com/android/
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/476.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
url:https://source.android.com/security/bulletin/2018-04-01.html
Trust: 0.1
sources:
            
            
            VULHUB: VHN-87093 // 
            
            
            
            VULMON: CVE-2015-9132 // 
            
            
            
            BID: 103671 // 
            
            
            
            JVNDB: JVNDB-2018-003826 // 
            
            
            
            CNNVD: CNNVD-201804-1018 // 
            
            
            
            NVD: CVE-2015-9132

CREDITS
The vendor reported these issues.
Trust: 0.3
sources:
            
            
            BID: 103671

SOURCES
db:VULHUBid:VHN-87093
db:VULMONid:CVE-2015-9132
db:BIDid:103671
db:JVNDBid:JVNDB-2018-003826
db:CNNVDid:CNNVD-201804-1018
db:NVDid:CVE-2015-9132

LAST UPDATE DATE
2024-11-23T21:39:18.377000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-87093date:2018-05-09T00:00:00
db:VULMONid:CVE-2015-9132date:2018-05-09T00:00:00
db:BIDid:103671date:2018-04-05T00:00:00
db:JVNDBid:JVNDB-2018-003826date:2018-06-05T00:00:00
db:CNNVDid:CNNVD-201804-1018date:2018-05-29T00:00:00
db:NVDid:CVE-2015-9132date:2024-11-21T02:39:52.200

SOURCES RELEASE DATE
db:VULHUBid:VHN-87093date:2018-04-18T00:00:00
db:VULMONid:CVE-2015-9132date:2018-04-18T00:00:00
db:BIDid:103671date:2018-04-05T00:00:00
db:JVNDBid:JVNDB-2018-003826date:2018-06-05T00:00:00
db:CNNVDid:CNNVD-201804-1018date:2018-04-18T00:00:00
db:NVDid:CVE-2015-9132date:2018-04-18T14:29:04.137