CVE-2015-9177

Q: What is the severity of CVE-2015-9177?

CVE-2015-9177 has a CVSS score of 9.8 (CRITICAL). A buffer over-read vulnerability in a crypto API function on Qualcomm Snapdragon chipsets allows attackers to read sensitive data from adjacent memory locations. This affects Android devices with Qualcomm Snapdragon Automobile, Mobile, and Wear chipsets before the April 2018 security patch. The vulnerability could lead to information disclosure or potentially facilitate further attacks.

9.8 CRITICAL

Buffer Overflow

📋 TL;DR

A buffer over-read vulnerability in a crypto API function on Qualcomm Snapdragon chipsets allows attackers to read sensitive data from adjacent memory locations. This affects Android devices with Qualcomm Snapdragon Automobile, Mobile, and Wear chipsets before the April 2018 security patch. The vulnerability could lead to information disclosure or potentially facilitate further attacks.

💻 Affected Systems

Products:

Qualcomm Snapdragon Automobile
Qualcomm Snapdragon Mobile
Qualcomm Snapdragon Wear

Versions: Android before 2018-04-05 security patch level

Operating Systems: Android

Default Config Vulnerable: ⚠️ Yes

Notes: Affects specific Qualcomm chipsets: MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, data theft, or persistent backdoor installation.

🟠

Likely Case

Information disclosure of sensitive data from adjacent memory, potentially including cryptographic keys or other protected information.

🟢

If Mitigated

Limited impact with proper memory protections and exploit mitigations in place, potentially just crashes or denial of service.

🌐 Internet-Facing: MEDIUM - Requires local access or malicious app installation, not directly exploitable over network without additional attack vectors.

🏢 Internal Only: HIGH - Malicious apps or compromised applications could exploit this vulnerability to escalate privileges or access sensitive data.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Requires local access or malicious application installation. Buffer over-read vulnerabilities typically require specific conditions to be weaponized for code execution.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Android security patch level 2018-04-05 or later

Vendor Advisory: https://source.android.com/security/bulletin/2018-04-01

Restart Required: Yes

Instructions:

1. Check current Android security patch level in Settings > About phone > Android security patch level. 2. If before April 2018, update device through Settings > System > System update. 3. For enterprise devices, deploy updates through MDM solutions. 4. For embedded/IoT devices, contact device manufacturer for firmware updates.

🔧 Temporary Workarounds

Application sandboxing enforcement

android

Ensure strict application sandboxing and permission controls to limit potential attack surface

Memory protection controls

android

Enable ASLR and other memory protection features if available in device configuration

🧯 If You Can't Patch

Isolate affected devices from sensitive networks and data
Implement strict application whitelisting and only install trusted applications from official stores

🔍 How to Verify

Check if Vulnerable:

Check Android security patch level in Settings > About phone > Android security patch level. If date is before April 2018, device is vulnerable.

Check Version:

adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify Android security patch level shows April 2018 or later date after applying updates.

📡 Detection & Monitoring

Log Indicators:

Unexpected application crashes in crypto-related functions
Memory access violation logs
SELinux/security policy violations

Network Indicators:

Unusual outbound data transfers from affected devices
Suspicious application behavior patterns

SIEM Query:

source="android_device" AND (event_type="crash" AND process_name CONTAINS "crypto") OR (security_patch_level < "2018-04-05")

📊 Metadata

CVE ID: CVE-2015-9177

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-119

Published: April 18, 2018

Last Updated: November 21, 2024

🔗 References

http://www.securityfocus.com/bid/103671 Third Party Advisory,VDB Entry
https://source.android.com/security/bulletin/2018-04-01 Vendor Advisory
http://www.securityfocus.com/bid/103671 Third Party Advisory,VDB Entry
https://source.android.com/security/bulletin/2018-04-01 Vendor Advisory

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Mdm9206 Firmware by Qualcomm

Mdm9650 Firmware by Qualcomm

Msm8909w Firmware by Qualcomm

Sd 205 Firmware by Qualcomm

Sd 210 Firmware by Qualcomm

Sd 212 Firmware by Qualcomm

Sd 400 Firmware by Qualcomm

Sd 410 Firmware by Qualcomm

Sd 412 Firmware by Qualcomm

Sd 415 Firmware by Qualcomm

Sd 425 Firmware by Qualcomm

Sd 430 Firmware by Qualcomm

Sd 450 Firmware by Qualcomm

Sd 615 Firmware by Qualcomm

Sd 616 Firmware by Qualcomm

Sd 617 Firmware by Qualcomm

Sd 625 Firmware by Qualcomm

Sd 650 Firmware by Qualcomm

Sd 652 Firmware by Qualcomm

Sd 800 Firmware by Qualcomm

Sd 808 Firmware by Qualcomm

Sd 810 Firmware by Qualcomm

Sd 820 Firmware by Qualcomm

Sd 820a Firmware by Qualcomm

Sd 835 Firmware by Qualcomm

Sd 845 Firmware by Qualcomm

Sd 850 Firmware by Qualcomm