CVE-2015-9196
Severity CVSS v4.0:
Pending analysis
Type:
CWE-20
Input Validation
Publication date:
18/04/2018
Last modified:
09/05/2018
Description
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Small Cell SoC FSM9055, MDM9635M, SD 400, and SD 800, improper input validation in tzbsp_ocmem can cause privilege escalation.
Impact
Base Score 3.x
9.80
Severity 3.x
CRITICAL
Base Score 2.0
10.00
Severity 2.0
HIGH
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:o:qualcomm:fsm9055_firmware:-:*:*:*:*:*:*:* | ||
cpe:2.3:h:qualcomm:fsm9055:-:*:*:*:*:*:*:* | ||
cpe:2.3:o:qualcomm:mdm9635m_firmware:-:*:*:*:*:*:*:* | ||
cpe:2.3:h:qualcomm:mdm9635m:-:*:*:*:*:*:*:* | ||
cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:* | ||
cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:* | ||
cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:* | ||
cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page