First published: Mon Apr 02 2018(Updated: )
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile MDM9625, SD 400, SD 800, SD 820, and SD 820A, lack of input validation in QSEE can cause potential buffer overflow.
Credit: product-security@qualcomm.com
Affected Software | Affected Version | How to fix |
---|---|---|
Android | ||
Qualcomm MDM9625M | ||
Qualcomm MDM9625 firmware | ||
Qualcomm SD 400 Firmware | ||
Qualcomm Snapdragon 400 | ||
Qualcomm Snapdragon 800 Firmware | ||
Qualcomm Snapdragon 800 | ||
Qualcomm SD820A Firmware | ||
Qualcomm SD820A Firmware | ||
Qualcomm SD820 Firmware | ||
Qualcomm SD820 Firmware |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2015-9112 is a vulnerability in Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile MDM9625, SD 400, SD 800, SD 820, and SD 820A. It is a buffer overflow vulnerability caused by the lack of input validation in QSEE.
The severity of CVE-2015-9112 is critical, with a severity value of 9.8.
CVE-2015-9112 affects Google Android, Qualcomm Mdm9625 Firmware, Qualcomm Sd 400 Firmware, Qualcomm Sd 800 Firmware, and Qualcomm Sd 820a Firmware.
To fix CVE-2015-9112, it is recommended to update to the latest Android security patch level and firmware version provided by Google and Qualcomm.
More information about CVE-2015-9112 can be found at the following references: [1](http://www.securityfocus.com/bid/103671), [2](https://source.android.com/security/bulletin/2018-04-01), [3](https://source.android.com/docs/security/bulletin/2018-04-01/#asterisk).