CVE-2015-9194
HIGHQualcomm Snapdragon Mobile and High_Med_2016 Firmware - Information Exposure via Uninitialized Memory
Title source: llmDescription
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 210/SD 212/SD 205, SD 400, SD 425, SD 427, SD 430, SD 435, SD 450, SD 617, SD 625, SD 650/52, SD 800, SD 845, and Snapdragon_High_Med_2016, during module load at TZ Startup, memory statically allocated by modules was not being properly set to zero first. Allowing the module to execute without reset gives it access to information from previous app thus leading to information exposure.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_confirm
https://source.android.com/security/bulletin/2018-04-01
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/103671
Scores
CVSS v3
7.5
EPSS
0.0022
EPSS Percentile
44.1%
Attack Vector
NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (15)
qualcomm/sd_205_firmware
qualcomm/sd_210_firmware
qualcomm/sd_212_firmware
qualcomm/sd_400_firmware
qualcomm/sd_425_firmware
qualcomm/sd_427_firmware
qualcomm/sd_430_firmware
qualcomm/sd_435_firmware
qualcomm/sd_450_firmware
qualcomm/sd_617_firmware
... and 5 more
Published
Apr 18, 2018
Tracked Since
Feb 18, 2026