Vulnerabilities > CVE-2015-9221 - NULL Pointer Dereference vulnerability in Qualcomm SD 400 Firmware, SD 800 Firmware and SD 810 Firmware

CVSS 10.0 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

network

low complexity

qualcomm

CWE-476

critical

NVD

Published: 2018-04-18

Updated: 2018-05-01

Summary

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 400, SD 800, and SD 810, lack of validation of pointers passed by secure apps could lead to an untrusted pointer dereference.

Vulnerable Configurations

Part	Description	Count
OS	Qualcomm Qualcomm SD 400 Firmware - Qualcomm SD 800 Firmware - Qualcomm SD 810 Firmware -	3
Hardware	Qualcomm Qualcomm SD 400 - Qualcomm SD 800 - Qualcomm SD 810 -	3

Common Weakness Enumeration (CWE)

CWE-476 - NULL Pointer Dereference

References

http://www.securityfocus.com/bid/103671
https://source.android.com/security/bulletin/2018-04-01