CVE-2015-9138

Q: What is the severity of CVE-2015-9138?

CVE-2015-9138 has a CVSS score of 9.8 (CRITICAL). This vulnerability is a buffer overflow in Qualcomm Snapdragon chipsets affecting Android devices when performing RSA encryption operations. It allows attackers to execute arbitrary code with kernel privileges on affected devices. The vulnerability impacts a wide range of Qualcomm-based Android smartphones, wearables, automotive systems, and small cell devices.

9.8 CRITICAL

Buffer Overflow

📋 TL;DR

This vulnerability is a buffer overflow in Qualcomm Snapdragon chipsets affecting Android devices when performing RSA encryption operations. It allows attackers to execute arbitrary code with kernel privileges on affected devices. The vulnerability impacts a wide range of Qualcomm-based Android smartphones, wearables, automotive systems, and small cell devices.

💻 Affected Systems

Products:

Android devices with Qualcomm Snapdragon chipsets including Snapdragon Automobile, Mobile, Wear, and Small Cell SoC models

Versions: Android versions before April 5, 2018 security patch level

Operating Systems: Android

Default Config Vulnerable: ⚠️ Yes

Notes: Affects specific Qualcomm chipset models: FSM9055, IPQ4019, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, and SDX20

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing remote code execution with kernel privileges, potentially leading to data theft, persistent backdoors, or device bricking.

🟠

Likely Case

Local privilege escalation allowing malware to gain kernel-level access and bypass security controls.

🟢

If Mitigated

Limited impact if devices are patched and have additional security controls like SELinux enforcement and app sandboxing.

🌐 Internet-Facing: MEDIUM - While primarily a local vulnerability, it could be chained with other exploits for remote attacks.

🏢 Internal Only: HIGH - Malicious apps or compromised apps could exploit this for privilege escalation.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access or ability to execute code on the device. The vulnerability is in cryptographic operations which may require specific conditions to trigger.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Android security patch level dated 2018-04-05 or later

Vendor Advisory: https://source.android.com/security/bulletin/2018-04-01

Restart Required: Yes

Instructions:

1. Check device security patch level in Settings > About phone > Android security patch level. 2. If before April 2018, update device through Settings > System > System update. 3. For enterprise devices, push updates through MDM solutions. 4. For custom ROMs, apply Qualcomm-provided patches to kernel/drivers.

🔧 Temporary Workarounds

Disable vulnerable RSA operations

android

Block or restrict applications from performing RSA encryption operations that trigger the vulnerable code path

Application sandboxing enforcement

android

Ensure SELinux policies and app sandboxing are strictly enforced to limit potential damage

🧯 If You Can't Patch

Isolate affected devices from sensitive networks and data
Implement application allowlisting to prevent unauthorized apps from running

🔍 How to Verify

Check if Vulnerable:

Check Android security patch level in Settings > About phone > Android security patch level. If date is before April 2018 and device uses affected Qualcomm chipset, it is vulnerable.

Check Version:

adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify security patch level shows April 2018 or later. Check Qualcomm driver versions if accessible through developer tools.

📡 Detection & Monitoring

Log Indicators:

Kernel panic logs
Cryptographic operation failures
Memory access violation errors in system logs

Network Indicators:

Unusual cryptographic traffic patterns
Suspicious privilege escalation attempts

SIEM Query:

source="android_system" AND ("kernel panic" OR "crypto" OR "RSA" OR "buffer overflow")

📊 Metadata

CVE ID: CVE-2015-9138

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-119

Published: April 18, 2018

Last Updated: November 21, 2024

🔗 References

http://www.securityfocus.com/bid/103671 Third Party Advisory,VDB Entry
https://source.android.com/security/bulletin/2018-04-01 Vendor Advisory
http://www.securityfocus.com/bid/103671 Third Party Advisory,VDB Entry
https://source.android.com/security/bulletin/2018-04-01 Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Fsm9055 Firmware by Qualcomm

Ipq4019 Firmware by Qualcomm

Mdm9206 Firmware by Qualcomm

Mdm9607 Firmware by Qualcomm

Mdm9625 Firmware by Qualcomm

Mdm9635m Firmware by Qualcomm

Mdm9640 Firmware by Qualcomm

Mdm9645 Firmware by Qualcomm

Mdm9650 Firmware by Qualcomm

Mdm9655 Firmware by Qualcomm

Msm8909w Firmware by Qualcomm

Sd 205 Firmware by Qualcomm

Sd 210 Firmware by Qualcomm

Sd 212 Firmware by Qualcomm

Sd 400 Firmware by Qualcomm

Sd 410 Firmware by Qualcomm

Sd 412 Firmware by Qualcomm

Sd 415 Firmware by Qualcomm

Sd 425 Firmware by Qualcomm

Sd 430 Firmware by Qualcomm

Sd 450 Firmware by Qualcomm

Sd 600 Firmware by Qualcomm

Sd 615 Firmware by Qualcomm

Sd 616 Firmware by Qualcomm

Sd 617 Firmware by Qualcomm

Sd 625 Firmware by Qualcomm

Sd 650 Firmware by Qualcomm

Sd 652 Firmware by Qualcomm

Sd 800 Firmware by Qualcomm

Sd 808 Firmware by Qualcomm

Sd 810 Firmware by Qualcomm

Sd 820 Firmware by Qualcomm

Sd 820a Firmware by Qualcomm

Sd 835 Firmware by Qualcomm

Sd 845 Firmware by Qualcomm

Sd 850 Firmware by Qualcomm

Sdx20 Firmware by Qualcomm