What is CVE-2015-9157?

CVE-2015-9157 is a vulnerability that exists in Android devices before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear.

How severe is CVE-2015-9157?

CVE-2015-9157 is considered a critical vulnerability with a severity score of 9.8.

How do I fix CVE-2015-9157?

To fix CVE-2015-9157, make sure your Android device is updated with the security patch released on or after 2018-04-05.

Where can I find more information about CVE-2015-9157?

You can find more information about CVE-2015-9157 on the official Android Security Bulletin website and the SecurityFocus website.

Vulnerability/
CVE-2015-9157

critical

CWE

362 119

2/4/2018

26/8/2024

CVE-2015-9157: Race Condition

First published: Mon Apr 02 2018(Updated: )

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear IPQ4019, MDM9206, MDM9607, MDM9625, MDM9635M, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 600, SD 615/16/SD 415, SD 617, SD 650/52, SD 800, SD 808, and SD 810, in widevine_dash_cmd_handler(), rsp buffers are passed off to widevine commands. These rsp buffers have values in them, such as buffer lengths, that need to be validated to ensure that no buffer overflow/over-reads happen. However, rsp buffers are not always in locked memory, meaning a time-of-check, time-of-use issue can occur where we check that the value is valid, but then a race condition occurs where this memory is swapped out with a different, possibly out of range, value.

Credit: product-security@qualcomm.com

Affected Software	Affected Version	How to fix
Android
Qualcomm MDM9206
Qualcomm MDM9206 firmware
Qualcomm MD9607 Firmware
Qualcomm MDM9607 firmware
Qualcomm IPQ4019
Qualcomm IPQ4019 Firmware
Qualcomm MDM9625 firmware
Qualcomm MDM9625 firmware
Qualcomm MDM9635M firmware
Qualcomm MDM9635M firmware
Qualcomm MSM8909W
Qualcomm Snapdragon 8909
Qualcomm SD 210 Firmware
Qualcomm SD 210
Qualcomm SD 212 Firmware
Qualcomm SD 212 Firmware
Qualcomm SD 205 Firmware
Qualcomm SD 205
Qualcomm SD 400 Firmware
Qualcomm Snapdragon 400
Qualcomm SD410 Firmware
Qualcomm Snapdragon 410
Qualcomm SD 412 Firmware
Qualcomm SD412
Qualcomm SD 600 Firmware
Qualcomm Snapdragon 600
Qualcomm SD 615 Firmware
Qualcomm Snapdragon 615
Qualcomm SD 616 Firmware
Qualcomm Snapdragon 616
Qualcomm Snapdragon 415 Firmware
Qualcomm Snapdragon 415
Qualcomm SD 617 Firmware
Qualcomm QCA617
Qualcomm SD650 Firmware
Qualcomm Snapdragon 650
Qualcomm SD652 Firmware
Qualcomm SD652 Firmware
Qualcomm Snapdragon 800 Firmware
Qualcomm Snapdragon 800
Qualcomm SD 808 Firmware
Qualcomm Snapdragon 808
Qualcomm Snapdragon 810 Firmware
Qualcomm Snapdragon 810

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2015-9157?
CVE-2015-9157 is a vulnerability that exists in Android devices before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear.
How severe is CVE-2015-9157?
CVE-2015-9157 is considered a critical vulnerability with a severity score of 9.8.
Which devices are affected by CVE-2015-9157?
Android devices with Qualcomm Snapdragon Mobile and Snapdragon Wear IPQ4019, MDM9206, MDM9607, MDM9625, MDM9635M, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 600, SD 615/16/SD 415, SD 617, SD 650/52, SD 800, SD 808, and SD 810 are affected by CVE-2015-9157.
How do I fix CVE-2015-9157?
To fix CVE-2015-9157, make sure your Android device is updated with the security patch released on or after 2018-04-05.
Where can I find more information about CVE-2015-9157?
You can find more information about CVE-2015-9157 on the official Android Security Bulletin website and the SecurityFocus website.

agent/type
agent/references
agent/first-publish-date
agent/author
agent/severity
agent/description
collector/mitre-cve
source/MITRE
agent/event
agent/last-modified-date
agent/source
agent/weakness
collector/android-source
source/Android
agent/software-canonical-lookup
agent/software-canonical-lookup-request
agent/softwarecombine
agent/tags
collector/nvd-index
vendor/google
canonical/android
vendor/qualcomm
canonical/qualcomm mdm9206
canonical/qualcomm mdm9206 firmware
canonical/qualcomm md9607 firmware
canonical/qualcomm mdm9607 firmware
canonical/qualcomm ipq4019
canonical/qualcomm ipq4019 firmware
canonical/qualcomm mdm9625 firmware
canonical/qualcomm mdm9635m firmware
canonical/qualcomm msm8909w
canonical/qualcomm snapdragon 8909
canonical/qualcomm sd 210 firmware
canonical/qualcomm sd 210
canonical/qualcomm sd 212 firmware
canonical/qualcomm sd 205 firmware
canonical/qualcomm sd 205
canonical/qualcomm sd 400 firmware
canonical/qualcomm snapdragon 400
canonical/qualcomm sd410 firmware
canonical/qualcomm snapdragon 410
canonical/qualcomm sd 412 firmware
canonical/qualcomm sd412
canonical/qualcomm sd 600 firmware
canonical/qualcomm snapdragon 600
canonical/qualcomm sd 615 firmware
canonical/qualcomm snapdragon 615
canonical/qualcomm sd 616 firmware
canonical/qualcomm snapdragon 616
canonical/qualcomm snapdragon 415 firmware
canonical/qualcomm snapdragon 415
canonical/qualcomm sd 617 firmware
canonical/qualcomm qca617
canonical/qualcomm sd650 firmware
canonical/qualcomm snapdragon 650
canonical/qualcomm sd652 firmware
canonical/qualcomm snapdragon 800 firmware
canonical/qualcomm snapdragon 800
canonical/qualcomm sd 808 firmware
canonical/qualcomm snapdragon 808
canonical/qualcomm snapdragon 810 firmware
canonical/qualcomm snapdragon 810

CVE-2015-9157: Race Condition

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2015-9157?

How severe is CVE-2015-9157?

Which devices are affected by CVE-2015-9157?

How do I fix CVE-2015-9157?

Where can I find more information about CVE-2015-9157?

Company

Resources

Contact