Vulnerabilities > CVE-2015-9142 - Range Error vulnerability in Qualcomm products

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

qualcomm

CWE-118

critical

NVD

Published: 2018-04-18

Updated: 2018-05-09

Summary

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9645, MDM9650, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 615/16/SD 415, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SDM630, SDM636, SDM660, and Snapdragon_High_Med_2016, bounds check is missing for vtable index in DAL-TO-QDI conversion framework.

Vulnerable Configurations

Part	Description	Count
OS	Qualcomm Qualcomm Mdm9645 Firmware - Qualcomm Mdm9650 Firmware - Qualcomm SD 210 Firmware - Qualcomm SD 212 Firmware - Qualcomm SD 205 Firmware - Qualcomm SD 400 Firmware - Qualcomm SD 410 Firmware - Qualcomm SD 412 Firmware - Qualcomm SD 425 Firmware - Qualcomm SD 430 Firmware - Qualcomm SD 450 Firmware - Qualcomm SD 615 Firmware - Qualcomm SD 616 Firmware - Qualcomm SD 415 Firmware - Qualcomm SD 427 Firmware - Qualcomm SD 625 Firmware - Qualcomm SD 650 Firmware - Qualcomm SD 652 Firmware - Qualcomm SD 800 Firmware - Qualcomm SD 808 Firmware - Qualcomm SD 810 Firmware - Qualcomm SD 820 Firmware - Qualcomm SD 435 Firmware - Qualcomm Sdm630 Firmware - Qualcomm Sdm636 Firmware - Qualcomm Sdm660 Firmware -	26
Hardware	Qualcomm Qualcomm Mdm9645 - Qualcomm Mdm9650 - Qualcomm SD 210 - Qualcomm SD 212 - Qualcomm SD 205 - Qualcomm SD 400 - Qualcomm SD 410 - Qualcomm SD 412 - Qualcomm SD 425 - Qualcomm SD 430 - Qualcomm SD 450 - Qualcomm SD 615 - Qualcomm SD 616 - Qualcomm SD 415 - Qualcomm SD 427 - Qualcomm SD 625 - Qualcomm SD 650 - Qualcomm SD 652 - Qualcomm SD 800 - Qualcomm SD 808 - Qualcomm SD 810 - Qualcomm SD 820 - Qualcomm SD 435 - Qualcomm Sdm630 - Qualcomm Sdm636 - Qualcomm Sdm660 -	26

Common Weakness Enumeration (CWE)

CWE-118 - Incorrect Access of Indexable Resource ('Range Error')

Common Attack Pattern Enumeration and Classification (CAPEC)

Buffer Overflow via Environment Variables
This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
Client-side Injection-induced Buffer Overflow
This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
Filter Failure through Buffer Overflow
In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
Buffer Overflow via Symbolic Links
This type of attack leverages the use of symbolic links to cause buffer overflows. An attacker can try to create or manipulate a symbolic link file such that its contents result in out of bounds data. When the target software processes the symbolic link file, it could potentially overflow internal buffers with insufficient bounds checking.
Overflow Variables and Tags
This type of attack leverages the use of tags or variables from a formatted configuration data to cause buffer overflow. The attacker crafts a malicious HTML page or configuration file that includes oversized strings, thus causing an overflow.

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

References