CVE-2015-9159

Q: What is the severity of CVE-2015-9159?

CVE-2015-9159 has a CVSS score of 9.8 (CRITICAL). This vulnerability in Qualcomm Snapdragon chipsets allows potential buffer overflow due to lack of input validation in the OEMCrypto_GetRandom function. It affects Android devices with specific Qualcomm processors before the April 2018 security patch. Successful exploitation could allow attackers to execute arbitrary code with system privileges.

9.8 CRITICAL

Buffer Overflow

📋 TL;DR

This vulnerability in Qualcomm Snapdragon chipsets allows potential buffer overflow due to lack of input validation in the OEMCrypto_GetRandom function. It affects Android devices with specific Qualcomm processors before the April 2018 security patch. Successful exploitation could allow attackers to execute arbitrary code with system privileges.

💻 Affected Systems

Products:

Android devices with Qualcomm Snapdragon processors

Versions: Android versions before April 5, 2018 security patch level

Operating Systems: Android

Default Config Vulnerable: ⚠️ Yes

Notes: Affects specific Qualcomm chipsets: MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with kernel/system privileges leading to complete device compromise, data theft, and persistent backdoor installation.

🟠

Likely Case

Local privilege escalation allowing apps to gain elevated permissions and access sensitive data or system functions.

🟢

If Mitigated

Limited impact with proper security patches applied and app sandboxing preventing privilege escalation.

🌐 Internet-Facing: MEDIUM - Requires local access or malicious app installation, but could be combined with other exploits for remote attack chains.

🏢 Internal Only: HIGH - Malicious apps or compromised internal devices could exploit this for privilege escalation and lateral movement.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access or malicious app installation. Buffer overflow exploitation typically requires specific conditions and memory layout knowledge.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Android security patch level April 5, 2018 or later

Vendor Advisory: https://source.android.com/security/bulletin/2018-04-01

Restart Required: Yes

Instructions:

1. Check device security patch level in Settings > About phone > Android security patch level. 2. If before April 2018, install latest Android updates via Settings > System > System update. 3. For enterprise devices, deploy updates through MDM solutions. 4. Contact device manufacturer for specific update availability.

🔧 Temporary Workarounds

Application sandboxing enforcement

android

Ensure Android app sandboxing is properly enforced to limit potential damage from malicious apps

Disable unknown sources

android

Prevent installation of apps from unknown sources to reduce attack surface

🧯 If You Can't Patch

Isolate affected devices on separate network segments with strict access controls
Implement application allowlisting to prevent unauthorized app execution

🔍 How to Verify

Check if Vulnerable:

Check Android security patch level in Settings > About phone > Android security patch level. If date is before April 2018, device is vulnerable.

Check Version:

adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify security patch level shows April 2018 or later. Check Qualcomm chipset version matches affected list.

📡 Detection & Monitoring

Log Indicators:

Unusual process creation with elevated privileges
OEMCrypto API calls with abnormal parameters
Memory access violations in system logs

Network Indicators:

Unusual outbound connections from system processes
Suspicious app behavior patterns

SIEM Query:

source="android_logs" AND (process="OEMCrypto" OR privilege_escalation=true)

📊 Metadata

CVE ID: CVE-2015-9159

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-119

Published: April 18, 2018

Last Updated: November 21, 2024

🔗 References

http://www.securityfocus.com/bid/103671 Third Party Advisory,VDB Entry
https://source.android.com/security/bulletin/2018-04-01 Vendor Advisory
http://www.securityfocus.com/bid/103671 Third Party Advisory,VDB Entry
https://source.android.com/security/bulletin/2018-04-01 Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Mdm9206 Firmware by Qualcomm

Mdm9650 Firmware by Qualcomm

Msm8909w Firmware by Qualcomm

Sd 205 Firmware by Qualcomm

Sd 210 Firmware by Qualcomm

Sd 212 Firmware by Qualcomm

Sd 400 Firmware by Qualcomm

Sd 410 Firmware by Qualcomm

Sd 412 Firmware by Qualcomm

Sd 415 Firmware by Qualcomm

Sd 425 Firmware by Qualcomm

Sd 430 Firmware by Qualcomm

Sd 450 Firmware by Qualcomm

Sd 615 Firmware by Qualcomm

Sd 616 Firmware by Qualcomm

Sd 617 Firmware by Qualcomm

Sd 625 Firmware by Qualcomm

Sd 650 Firmware by Qualcomm

Sd 652 Firmware by Qualcomm

Sd 800 Firmware by Qualcomm

Sd 808 Firmware by Qualcomm

Sd 810 Firmware by Qualcomm

Sd 820 Firmware by Qualcomm

Sd 820a Firmware by Qualcomm

Sd 835 Firmware by Qualcomm

Sd 845 Firmware by Qualcomm

Sd 850 Firmware by Qualcomm