CVE-2015-9146
CRITICALQualcomm Mdm9625 Firmware - Improper Input Validation
Title source: ruleDescription
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9625, MDM9635M, MDM9645, MDM9650, MDM9655, SD 400, SD 800, SD 835, SD 845, SD 850, and SDX20, when QDI read, write, or ioctl are called, the passed-in pointer is not properly validated before accessing it for the delayed response.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://source.android.com/security/bulletin/2018-04-01
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/103671
Scores
CVSS v3
9.8
EPSS
0.0021
EPSS Percentile
42.9%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-20
Status
published
Products (10)
qualcomm/mdm9625_firmware
qualcomm/mdm9635m_firmware
qualcomm/mdm9650_firmware
qualcomm/mdm9655_firmware
qualcomm/sd_400_firmware
qualcomm/sd_800_firmware
qualcomm/sd_835_firmware
qualcomm/sd_845_firmware
qualcomm/sd_850_firmware
qualcomm/sdx20_firmware
Published
Apr 18, 2018
Tracked Since
Feb 18, 2026