CVE-2015-9208: Input Validation
First published: Mon Apr 02 2018(Updated: )
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear IPQ4019, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 800, and SD 810, the function tzbsp_pil_verify_sig() does not strictly check that the pointer to ELF and program headers and hash segment is within secure memory. It only checks that the address is not in non-secure memory. A given address range can overlap with both secure and non-secure regions - hence if such an address is passed in, it would not pass the non-secure range check, and would be considered valid by the function, even though that memory area could be modified by the non-secure side.
Credit: product-security@qualcomm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Qualcomm Mdm9206 Firmware | ||
| Qualcomm Mdm9206 | ||
| Qualcomm Mdm9607 Firmware | ||
| Qualcomm Mdm9607 | ||
| Qualcomm Ipq4019 Firmware | ||
| Qualcomm Ipq4019 | ||
| Google Android | ||
| Qualcomm Mdm9635m | ||
| Qualcomm Mdm9640 Firmware | ||
| Qualcomm Mdm9640 | ||
| Qualcomm Mdm9645 Firmware | ||
| Qualcomm Mdm9645 | ||
| Qualcomm Msm8909w Firmware | ||
| Qualcomm Msm8909w | ||
| Qualcomm Sd 210 Firmware | ||
| Qualcomm Sd 210 | ||
| Qualcomm Sd 212 Firmware | ||
| Qualcomm Sd 212 | ||
| Qualcomm Sd 205 Firmware | ||
| Qualcomm Sd 205 | ||
| Qualcomm Sd 400 Firmware | ||
| Qualcomm Sd 400 | ||
| Qualcomm Sd 410 Firmware | ||
| Qualcomm Sd 410 | ||
| Qualcomm Sd 412 Firmware | ||
| Qualcomm Sd 412 | ||
| Qualcomm Sd 615 Firmware | ||
| Qualcomm Sd 615 | ||
| Qualcomm Sd 616 Firmware | ||
| Qualcomm Sd 616 | ||
| Qualcomm Sd 415 Firmware | ||
| Qualcomm Sd 415 | ||
| Qualcomm Sd 800 Firmware | ||
| Qualcomm Sd 800 | ||
| Google Android | ||
| Qualcomm Sd 810 | ||
| Google Android |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the CVE ID of this vulnerability?
The CVE ID of this vulnerability is CVE-2015-9208.
What is the severity of CVE-2015-9208?
The severity of CVE-2015-9208 is critical with a CVSS score of 9.8.
Which software products are affected by CVE-2015-9208?
Android versions before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear IPQ4019, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 800, and SD 810 are affected by CVE-2015-9208.
What is the fix for CVE-2015-9208?
To fix CVE-2015-9208, it is recommended to update to the latest security patch level or upgrade to a version of Android that includes the fix.
Where can I find more information about CVE-2015-9208?
More information about CVE-2015-9208 can be found on the SecurityFocus and Android Security Bulletin websites.
- agent/references
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- agent/author
- agent/severity
- agent/weakness
- agent/description
- agent/event
- agent/tags
- agent/last-modified-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/android-source
- source/Android
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- vendor/qualcomm
- canonical/qualcomm mdm9206 firmware
- canonical/qualcomm mdm9206
- canonical/qualcomm mdm9607 firmware
- canonical/qualcomm mdm9607
- canonical/qualcomm ipq4019 firmware
- canonical/qualcomm ipq4019
- canonical/google android
- canonical/qualcomm mdm9635m
- canonical/qualcomm mdm9640 firmware
- canonical/qualcomm mdm9640
- canonical/qualcomm mdm9645 firmware
- canonical/qualcomm mdm9645
- canonical/qualcomm msm8909w firmware
- canonical/qualcomm msm8909w
- canonical/qualcomm sd 210 firmware
- canonical/qualcomm sd 210
- canonical/qualcomm sd 212 firmware
- canonical/qualcomm sd 212
- canonical/qualcomm sd 205 firmware
- canonical/qualcomm sd 205
- canonical/qualcomm sd 400 firmware
- canonical/qualcomm sd 400
- canonical/qualcomm sd 410 firmware
- canonical/qualcomm sd 410
- canonical/qualcomm sd 412 firmware
- canonical/qualcomm sd 412
- canonical/qualcomm sd 615 firmware
- canonical/qualcomm sd 615
- canonical/qualcomm sd 616 firmware
- canonical/qualcomm sd 616
- canonical/qualcomm sd 415 firmware
- canonical/qualcomm sd 415
- canonical/qualcomm sd 800 firmware
- canonical/qualcomm sd 800
- canonical/qualcomm sd 810
- vendor/google