CVE-2015-9149

Q: What is the severity of CVE-2015-9149?

CVE-2015-9149 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows local attackers to execute arbitrary code with kernel privileges on affected Android devices by exploiting an untrusted pointer dereference in a DIAG ioctl handler. It affects Android devices with Qualcomm Snapdragon chipsets before the April 2018 security patch. The high CVSS score reflects the potential for complete system compromise.

9.8 CRITICAL

📋 TL;DR

This vulnerability allows local attackers to execute arbitrary code with kernel privileges on affected Android devices by exploiting an untrusted pointer dereference in a DIAG ioctl handler. It affects Android devices with Qualcomm Snapdragon chipsets before the April 2018 security patch. The high CVSS score reflects the potential for complete system compromise.

💻 Affected Systems

Products:

Android devices with Qualcomm Snapdragon chipsets

Versions: Android versions before April 2018 security patch (2018-04-05)

Operating Systems: Android

Default Config Vulnerable: ⚠️ Yes

Notes: Specifically affects Qualcomm Snapdragon Automobile, Mobile, and Wear chipsets including MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing attacker to install persistent malware, access all user data, and use device as part of botnet.

🟠

Likely Case

Local privilege escalation allowing malware to gain kernel-level access and bypass security controls.

🟢

If Mitigated

Limited impact if device is fully patched and has additional security controls like verified boot.

🌐 Internet-Facing: LOW - This is a local vulnerability requiring physical access or local code execution first.

🏢 Internal Only: MEDIUM - Could be exploited by malicious apps or users with physical access to devices.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access and ability to execute code; DIAG ioctl handler vulnerabilities typically require understanding of Qualcomm diagnostic interfaces

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Android security patch level 2018-04-05 or later

Vendor Advisory: https://source.android.com/security/bulletin/2018-04-01

Restart Required: Yes

Instructions:

1. Check current Android security patch level in Settings > About phone > Android security patch level. 2. If before April 2018, update device through Settings > System > System update. 3. For enterprise devices, push updates through MDM solution. 4. Restart device after update.

🔧 Temporary Workarounds

Disable DIAG services

android

Disable Qualcomm diagnostic services if not needed for device functionality

adb shell pm disable com.qualcomm.qti.diagservices
adb shell setprop persist.vendor.sys.usb.config mtp,adb

🧯 If You Can't Patch

Isolate affected devices from critical networks and sensitive data
Implement application allowlisting to prevent malicious apps from exploiting local vulnerabilities

🔍 How to Verify

Check if Vulnerable:

Check Android security patch level: Settings > About phone > Android security patch level. If date is before 2018-04-05, device is vulnerable.

Check Version:

adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify security patch level shows 2018-04-05 or later date. Check that DIAG services are disabled if workaround applied.

📡 Detection & Monitoring

Log Indicators:

Kernel panic logs
Unexpected DIAG service activity
Privilege escalation attempts in audit logs

Network Indicators:

Unusual diagnostic traffic to/from devices
Suspicious USB debugging connections

SIEM Query:

source="android_logs" AND ("kernel panic" OR "diag" OR "ioctl") AND severity=HIGH

📊 Metadata

CVE ID: CVE-2015-9149

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-476

Published: April 18, 2018

Last Updated: November 21, 2024

🔗 References

http://www.securityfocus.com/bid/103671 Third Party Advisory,VDB Entry
https://source.android.com/security/bulletin/2018-04-01 Vendor Advisory
http://www.securityfocus.com/bid/103671 Third Party Advisory,VDB Entry
https://source.android.com/security/bulletin/2018-04-01 Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Mdm9206 Firmware by Qualcomm

Mdm9650 Firmware by Qualcomm

Sd 205 Firmware by Qualcomm

Sd 210 Firmware by Qualcomm

Sd 212 Firmware by Qualcomm

Sd 400 Firmware by Qualcomm

Sd 410 Firmware by Qualcomm

Sd 412 Firmware by Qualcomm

Sd 415 Firmware by Qualcomm

Sd 425 Firmware by Qualcomm

Sd 430 Firmware by Qualcomm

Sd 450 Firmware by Qualcomm

Sd 615 Firmware by Qualcomm

Sd 616 Firmware by Qualcomm

Sd 617 Firmware by Qualcomm

Sd 625 Firmware by Qualcomm

Sd 650 Firmware by Qualcomm

Sd 652 Firmware by Qualcomm

Sd 800 Firmware by Qualcomm

Sd 808 Firmware by Qualcomm

Sd 810 Firmware by Qualcomm

Sd 820 Firmware by Qualcomm

Sd 820a Firmware by Qualcomm

Sd 835 Firmware by Qualcomm

Sd 845 Firmware by Qualcomm

Sd 850 Firmware by Qualcomm