CVE-2015-9162

Summary

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 410/12, SD 617, SD 650/52, SD 800, SD 808, and SD 810, in the function "Certificate_CreateWithBuffer" in the QSEE app TQS, in case of memory allocation failure, we free the memory and return the pointer without setting it to NULL.

Affected Software

VendorProductVersion RangeStatus
Qualcomm, Inc.Snapdragon MobileSD 410/12, SD 617, SD 650/52, SD 800, SD 808, SD 810affected

Weaknesses

  • Use after Free in Core.

ADP Enrichment

CVE Program Container

Additional References

References