In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 410/12, SD 615/16/SD 415, and SD 810, while processing QSEE Syscall 'qsee_macc_gen_ecc_privkey', untrusted pointer dereference occurs, which could result in arbitrary write.
References
Link | Resource |
---|---|
https://source.android.com/security/bulletin/2018-04-01 | Vendor Advisory |
http://www.securityfocus.com/bid/103671 | Third Party Advisory VDB Entry |
Configurations
Configuration 1 (hide)
AND |
|
Configuration 2 (hide)
AND |
|
Configuration 3 (hide)
AND |
|
Configuration 4 (hide)
AND |
|
Configuration 5 (hide)
AND |
|
Configuration 6 (hide)
AND |
|
Information
Published : 2018-04-18 07:29
Updated : 2018-05-09 14:06
NVD link : CVE-2015-9134
Mitre link : CVE-2015-9134
JSON object : View
CWE
CWE-476
NULL Pointer Dereference
Products Affected
qualcomm
- sd_616_firmware
- sd_810
- sd_615
- sd_415
- sd_810_firmware
- sd_412_firmware
- sd_410
- sd_410_firmware
- sd_616
- sd_615_firmware
- sd_415_firmware
- sd_412