Login Sign Up

CVE-2015-9181

9.8 CRITICAL
Buffer Overflow

📋 TL;DR

This CVE describes a buffer over-read vulnerability in a crypto API function affecting multiple Qualcomm Snapdragon processors used in Android devices. The vulnerability could allow attackers to read sensitive data from adjacent memory locations. It affects Android devices with Qualcomm chipsets before the April 2018 security patch.

💻 Affected Systems

Products:
  • Android devices with Qualcomm Snapdragon Automobile, Mobile, and Wear chipsets
Versions: Android versions before April 5, 2018 security patch level
Operating Systems: Android
Default Config Vulnerable: ⚠️ Yes
Notes: Affects specific Qualcomm Snapdragon processors: MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, and SD 835

📦 What is this software?

Msm8909w Firmware by Qualcomm

View all CVEs affecting Msm8909w Firmware →

Sd 205 Firmware by Qualcomm

View all CVEs affecting Sd 205 Firmware →

Sd 210 Firmware by Qualcomm

View all CVEs affecting Sd 210 Firmware →

Sd 212 Firmware by Qualcomm

View all CVEs affecting Sd 212 Firmware →

Sd 400 Firmware by Qualcomm

View all CVEs affecting Sd 400 Firmware →

Sd 410 Firmware by Qualcomm

View all CVEs affecting Sd 410 Firmware →

Sd 412 Firmware by Qualcomm

View all CVEs affecting Sd 412 Firmware →

Sd 415 Firmware by Qualcomm

View all CVEs affecting Sd 415 Firmware →

Sd 425 Firmware by Qualcomm

View all CVEs affecting Sd 425 Firmware →

Sd 430 Firmware by Qualcomm

View all CVEs affecting Sd 430 Firmware →

Sd 450 Firmware by Qualcomm

View all CVEs affecting Sd 450 Firmware →

Sd 615 Firmware by Qualcomm

View all CVEs affecting Sd 615 Firmware →

Sd 616 Firmware by Qualcomm

View all CVEs affecting Sd 616 Firmware →

Sd 617 Firmware by Qualcomm

View all CVEs affecting Sd 617 Firmware →

Sd 625 Firmware by Qualcomm

View all CVEs affecting Sd 625 Firmware →

Sd 650 Firmware by Qualcomm

View all CVEs affecting Sd 650 Firmware →

Sd 652 Firmware by Qualcomm

View all CVEs affecting Sd 652 Firmware →

Sd 800 Firmware by Qualcomm

View all CVEs affecting Sd 800 Firmware →

Sd 808 Firmware by Qualcomm

View all CVEs affecting Sd 808 Firmware →

Sd 810 Firmware by Qualcomm

View all CVEs affecting Sd 810 Firmware →

Sd 820 Firmware by Qualcomm

View all CVEs affecting Sd 820 Firmware →

Sd 820a Firmware by Qualcomm

View all CVEs affecting Sd 820a Firmware →

Sd 835 Firmware by Qualcomm

View all CVEs affecting Sd 835 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, data exfiltration, or persistent backdoor installation.

🟠

Likely Case

Information disclosure where attackers can read sensitive data from adjacent memory, potentially exposing cryptographic keys or other secrets.

🟢

If Mitigated

Limited impact with proper network segmentation, device isolation, and updated security patches preventing exploitation.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Buffer over-read vulnerabilities in crypto APIs typically require specific conditions to be exploitable, but the high CVSS score suggests significant risk

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Android security patch level April 5, 2018 or later

Vendor Advisory: https://source.android.com/security/bulletin/2018-04-01

Restart Required: Yes

Instructions:

1. Check device security patch level in Settings > About phone > Android security patch level. 2. If before April 2018, apply the latest Android security updates. 3. For enterprise devices, push updates through MDM solutions. 4. Restart device after update.

🔧 Temporary Workarounds

Network segmentation

all

Isolate vulnerable devices from untrusted networks and critical systems

Application whitelisting

all

Restrict which applications can run on affected devices

🧯 If You Can't Patch

  • Isolate affected devices from internet and untrusted networks
  • Implement strict network access controls and monitor for suspicious activity

🔍 How to Verify

Check if Vulnerable:

Check Android security patch level in Settings > About phone > Android security patch level. If date is before April 5, 2018, device is vulnerable.

Check Version:

adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify security patch level shows April 2018 or later after applying updates

📡 Detection & Monitoring

Log Indicators:

  • Unexpected process crashes in crypto-related services
  • Memory access violations in system logs
  • Unusual cryptographic operations

Network Indicators:

  • Suspicious outbound connections from affected devices
  • Unexpected data exfiltration patterns

SIEM Query:

source="android_logs" AND (process="crypto" OR process="keystore") AND (event="crash" OR event="access_violation")

📊 Metadata

CVE ID: CVE-2015-9181
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-119
Published: April 18, 2018
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2015-9181, you might also want to check these:

CVE-2024-23613 10.0

A critical buffer overflow vulnerability in Symantec Deployment Solution 7.9 allows remote, unauthen...

Same vulnerability type (CWE-119)
CVE-2024-23615 10.0

A critical buffer overflow vulnerability in Symantec Messaging Gateway allows remote unauthenticated...

Same vulnerability type (CWE-119)
CVE-2026-2776 10.0

This CVE describes a sandbox escape vulnerability in Firefox's Telemetry component due to incorrect ...

Same vulnerability type (CWE-119)