CVE-2015-9194

Summary

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile SD 210/SD 212/SD 205, SD 400, SD 425, SD 427, SD 430, SD 435, SD 450, SD 617, SD 625, SD 650/52, SD 800, SD 845, and Snapdragon_High_Med_2016, during module load at TZ Startup, memory statically allocated by modules was not being properly set to zero first. Allowing the module to execute without reset gives it access to information from previous app thus leading to information exposure.

Affected Software

VendorProductVersion RangeStatus
Qualcomm, Inc.Snapdragon MobileSD 210/SD 212/SD 205,SD 400,SD 425,SD 427,SD 430,SD 435,SD 450,SD 617,SD 625,SD 650/52,SD 800,SD 845,Snapdragon_High_Med_2016affected

Weaknesses

  • Information Exposure in Core.

ADP Enrichment

CVE Program Container

Additional References

References