Vulnerabilities > CVE-2015-9157 - Race Condition vulnerability in Qualcomm products

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

qualcomm

CWE-362

critical

NVD

Published: 2018-04-18

Updated: 2018-05-10

Summary

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear IPQ4019, MDM9206, MDM9607, MDM9625, MDM9635M, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 600, SD 615/16/SD 415, SD 617, SD 650/52, SD 800, SD 808, and SD 810, in widevine_dash_cmd_handler(), rsp buffers are passed off to widevine commands. These rsp buffers have values in them, such as buffer lengths, that need to be validated to ensure that no buffer overflow/over-reads happen. However, rsp buffers are not always in locked memory, meaning a time-of-check, time-of-use issue can occur where we check that the value is valid, but then a race condition occurs where this memory is swapped out with a different, possibly out of range, value.

Vulnerable Configurations

Part	Description	Count
OS	Qualcomm Qualcomm Mdm9206 Firmware - Qualcomm Mdm9607 Firmware - Qualcomm Ipq4019 Firmware - Qualcomm Mdm9625 Firmware - Qualcomm Mdm9635M Firmware - Qualcomm Msm8909W Firmware - Qualcomm SD 210 Firmware - Qualcomm SD 212 Firmware - Qualcomm SD 205 Firmware - Qualcomm SD 400 Firmware - Qualcomm SD 410 Firmware - Qualcomm SD 412 Firmware - Qualcomm SD 600 Firmware - Qualcomm SD 615 Firmware - Qualcomm SD 616 Firmware - Qualcomm SD 415 Firmware - Qualcomm SD 617 Firmware - Qualcomm SD 650 Firmware - Qualcomm SD 652 Firmware - Qualcomm SD 800 Firmware - Qualcomm SD 808 Firmware - Qualcomm SD 810 Firmware -	22
Hardware	Qualcomm Qualcomm Mdm9206 - Qualcomm Mdm9607 - Qualcomm Ipq4019 - Qualcomm Mdm9625 - Qualcomm Mdm9635M - Qualcomm Msm8909W - Qualcomm SD 210 - Qualcomm SD 212 - Qualcomm SD 205 - Qualcomm SD 400 - Qualcomm SD 410 - Qualcomm SD 412 - Qualcomm SD 600 - Qualcomm SD 615 - Qualcomm SD 616 - Qualcomm SD 415 - Qualcomm SD 617 - Qualcomm SD 650 - Qualcomm SD 652 - Qualcomm SD 800 - Qualcomm SD 808 - Qualcomm SD 810 -	22

Common Weakness Enumeration (CWE)

CWE-362 - Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

Common Attack Pattern Enumeration and Classification (CAPEC)

Leveraging Race Conditions
This attack targets a race condition occurring when multiple processes access and manipulate the same resource concurrently and the outcome of the execution depends on the particular order in which the access takes place. The attacker can leverage a race condition by "running the race", modifying the resource and modifying the normal execution flow. For instance a race condition can occur while accessing a file, the attacker can trick the system by replacing the original file with his version and cause the system to read the malicious file.
Leveraging Time-of-Check and Time-of-Use (TOCTOU) Race Conditions
This attack targets a race condition occurring between the time of check (state) for a resource and the time of use of a resource. The typical example is the file access. The attacker can leverage a file access race condition by "running the race", meaning that he would modify the resource between the first time the target program accesses the file and the time the target program uses the file. During that period of time, the attacker could do something such as replace the file and cause an escalation of privilege.

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

References