First published: Mon Apr 02 2018(Updated: )
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear IPQ4019, MDM9206, MDM9607, MDM9615, MDM9625, MDM9640, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 600, SD 615/16/SD 415, and SDX20, when reading CDT from eMMC with a very large meta offset (>size of default CDT-array compiled in bootloader) for one of the CDBs, a buffer overflow occurs.
Credit: product-security@qualcomm.com
Affected Software | Affected Version | How to fix |
---|---|---|
Android | ||
Qualcomm MDM9206 | ||
Qualcomm MDM9206 firmware | ||
Qualcomm MD9607 Firmware | ||
Qualcomm MDM9607 firmware | ||
qualcomm mdm9615m firmware | ||
Qualcomm MDM9615 firmware | ||
Qualcomm MDM9625M | ||
Qualcomm MDM9625 firmware | ||
Qualcomm IPQ4019 | ||
Qualcomm IPQ4019 Firmware | ||
Qualcomm MDM9640 Firmware | ||
Qualcomm MDM9640 Firmware | ||
Qualcomm MDM9645 | ||
Qualcomm MDM9645 | ||
Qualcomm MDM9650 | ||
Qualcomm MDM9650 firmware | ||
Qualcomm MDM9655 firmware | ||
Qualcomm MDM9655 firmware | ||
Qualcomm 8909 Firmware | ||
Qualcomm Snapdragon 8909 | ||
Qualcomm SD210 Firmware | ||
Qualcomm SD 210 Firmware | ||
Qualcomm SD 212 | ||
Qualcomm SD 212 Firmware | ||
Qualcomm 205 Firmware | ||
Qualcomm SD205 Firmware | ||
Qualcomm SD 400 Firmware | ||
Qualcomm Snapdragon 400 | ||
Qualcomm SD410 Firmware | ||
Qualcomm Snapdragon 410 | ||
Qualcomm SD412 Firmware | ||
Qualcomm SD412 | ||
Qualcomm SD600 Firmware | ||
Qualcomm Snapdragon 600 | ||
Qualcomm SD615 Firmware | ||
Qualcomm Snapdragon 615 | ||
Qualcomm SD 616 Firmware | ||
Qualcomm Snapdragon 616 | ||
Qualcomm Snapdragon 415 Firmware | ||
Qualcomm Snapdragon 415 | ||
Qualcomm SDX20 Firmware | ||
Qualcomm SDX20 Firmware |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2015-9143 is a vulnerability that affects Android before April 2018 and Qualcomm Snapdragon Mobile and Snapdragon Wear devices.
CVE-2015-9143 has a severity rating of 9.8, which is considered critical.
CVE-2015-9143 affects Android before April 2018 and Qualcomm Snapdragon Mobile and Snapdragon Wear devices.
To fix CVE-2015-9143, update to the latest security patch level for Android or install the necessary firmware updates for Qualcomm Snapdragon devices.
You can find more information about CVE-2015-9143 at the following references: [SecurityFocus](http://www.securityfocus.com/bid/103671), [Android Security Bulletin](https://source.android.com/security/bulletin/2018-04-01), [Android Security Bulletin (April 2018)](https://source.android.com/docs/security/bulletin/2018-04-01/#asterisk).