Login Sign Up

CVE-2015-9167

9.8 CRITICAL

📋 TL;DR

This CVE describes an integer underflow vulnerability in the EMM command handling of Qualcomm Snapdragon chipsets used in Android devices. Successful exploitation could allow attackers to execute arbitrary code with kernel privileges. Affected devices include Android smartphones and automobiles using specific Snapdragon processors before the April 2018 security patch.

💻 Affected Systems

Products:
  • Android devices with Qualcomm Snapdragon chipsets
Versions: Android versions before April 2018 security patch (2018-04-05)
Operating Systems: Android
Default Config Vulnerable: ⚠️ Yes
Notes: Specifically affects SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, and SD 820A chipsets in automotive and mobile applications.

📦 What is this software?

Sd 410 Firmware by Qualcomm

View all CVEs affecting Sd 410 Firmware →

Sd 412 Firmware by Qualcomm

View all CVEs affecting Sd 412 Firmware →

Sd 415 Firmware by Qualcomm

View all CVEs affecting Sd 415 Firmware →

Sd 425 Firmware by Qualcomm

View all CVEs affecting Sd 425 Firmware →

Sd 430 Firmware by Qualcomm

View all CVEs affecting Sd 430 Firmware →

Sd 450 Firmware by Qualcomm

View all CVEs affecting Sd 450 Firmware →

Sd 600 Firmware by Qualcomm

View all CVEs affecting Sd 600 Firmware →

Sd 615 Firmware by Qualcomm

View all CVEs affecting Sd 615 Firmware →

Sd 616 Firmware by Qualcomm

View all CVEs affecting Sd 616 Firmware →

Sd 617 Firmware by Qualcomm

View all CVEs affecting Sd 617 Firmware →

Sd 625 Firmware by Qualcomm

View all CVEs affecting Sd 625 Firmware →

Sd 650 Firmware by Qualcomm

View all CVEs affecting Sd 650 Firmware →

Sd 652 Firmware by Qualcomm

View all CVEs affecting Sd 652 Firmware →

Sd 800 Firmware by Qualcomm

View all CVEs affecting Sd 800 Firmware →

Sd 808 Firmware by Qualcomm

View all CVEs affecting Sd 808 Firmware →

Sd 810 Firmware by Qualcomm

View all CVEs affecting Sd 810 Firmware →

Sd 820 Firmware by Qualcomm

View all CVEs affecting Sd 820 Firmware →

Sd 820a Firmware by Qualcomm

View all CVEs affecting Sd 820a Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing remote code execution with kernel privileges, potentially enabling persistent malware installation, data theft, and device control.

🟠

Likely Case

Local privilege escalation allowing malware to gain kernel-level access and bypass security controls.

🟢

If Mitigated

Limited impact if patched, with potential denial of service or instability if exploited.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: HIGH

Exploitation requires kernel-level access and understanding of EMM command handling. No public exploit code is documented.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Android security patch level 2018-04-05 or later

Vendor Advisory: https://source.android.com/security/bulletin/2018-04-01

Restart Required: Yes

Instructions:

1. Check device security patch level in Settings > About phone > Android security patch level. 2. If patch level is before April 2018, update device through manufacturer's OTA update system. 3. For enterprise devices, push updates through MDM solutions. 4. Restart device after update.

🔧 Temporary Workarounds

No effective workarounds

all

This is a kernel-level vulnerability requiring patching at the firmware level.

🧯 If You Can't Patch

  • Isolate affected devices from critical networks and sensitive data
  • Implement strict application whitelisting and monitor for unusual kernel activity

🔍 How to Verify

Check if Vulnerable:

Check Android security patch level in Settings > About phone > Android security patch level. If date is before 2018-04-05, device is vulnerable.

Check Version:

adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify security patch level shows 2018-04-05 or later after applying updates.

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic logs
  • Unexpected EMM command handling errors
  • Privilege escalation attempts

Network Indicators:

  • Unusual kernel module loading
  • Suspicious root access patterns

SIEM Query:

Device security_patch_level < '2018-04-05' AND chipset_model IN ('SD410', 'SD425', 'SD430', 'SD450', 'SD600', 'SD615', 'SD616', 'SD415', 'SD617', 'SD625', 'SD650', 'SD652', 'SD800', 'SD808', 'SD810', 'SD820', 'SD820A')

📊 Metadata

CVE ID: CVE-2015-9167
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-191
Published: April 18, 2018
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2015-9167, you might also want to check these:

CVE-2025-29909 9.8

A heap buffer overflow vulnerability in CryptoLib's Crypto_TC_ApplySecurity() function allows attack...

Same vulnerability type (CWE-191)
CVE-2018-20179 9.8

CVE-2018-20179 is a critical integer underflow vulnerability in rdesktop RDP client that leads to he...

Same vulnerability type (CWE-191)
CVE-2018-20181 9.8

CVE-2018-20181 is a critical integer underflow vulnerability in rdesktop RDP client that leads to he...

Same vulnerability type (CWE-191)