Vulnerabilities > CVE-2015-9134 - NULL Pointer Dereference vulnerability in Qualcomm products

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

PARTIAL

Availability impact

NONE

network

low complexity

qualcomm

CWE-476

NVD

Published: 2018-04-18

Updated: 2018-05-09

Summary

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 410/12, SD 615/16/SD 415, and SD 810, while processing QSEE Syscall 'qsee_macc_gen_ecc_privkey', untrusted pointer dereference occurs, which could result in arbitrary write.

Vulnerable Configurations

Part	Description	Count
OS	Qualcomm Qualcomm SD 410 Firmware - Qualcomm SD 412 Firmware - Qualcomm SD 615 Firmware - Qualcomm SD 616 Firmware - Qualcomm SD 415 Firmware - Qualcomm SD 810 Firmware -	6
Hardware	Qualcomm Qualcomm SD 410 - Qualcomm SD 412 - Qualcomm SD 615 - Qualcomm SD 616 - Qualcomm SD 415 - Qualcomm SD 810 -	6

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References