Login Sign Up

CVE-2015-9192

9.8 CRITICAL

📋 TL;DR

This vulnerability allows attackers to execute arbitrary code or cause denial of service on affected Android devices by exploiting an out-of-bounds memory access in the content protection manager. It affects Android devices with Qualcomm Snapdragon chipsets before the April 2018 security patch. The high CVSS score of 9.8 indicates critical severity.

💻 Affected Systems

Products:
  • Android devices with Qualcomm Snapdragon chipsets: MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850
Versions: Android versions before April 5, 2018 security patch level
Operating Systems: Android
Default Config Vulnerable: ⚠️ Yes
Notes: Affects Qualcomm Snapdragon Automobile, Mobile, and Wear platforms. Vulnerability is in the content protection manager component.

📦 What is this software?

Mdm9206 Firmware by Qualcomm

View all CVEs affecting Mdm9206 Firmware →

Mdm9650 Firmware by Qualcomm

View all CVEs affecting Mdm9650 Firmware →

Sd 205 Firmware by Qualcomm

View all CVEs affecting Sd 205 Firmware →

Sd 210 Firmware by Qualcomm

View all CVEs affecting Sd 210 Firmware →

Sd 212 Firmware by Qualcomm

View all CVEs affecting Sd 212 Firmware →

Sd 400 Firmware by Qualcomm

View all CVEs affecting Sd 400 Firmware →

Sd 410 Firmware by Qualcomm

View all CVEs affecting Sd 410 Firmware →

Sd 412 Firmware by Qualcomm

View all CVEs affecting Sd 412 Firmware →

Sd 415 Firmware by Qualcomm

View all CVEs affecting Sd 415 Firmware →

Sd 425 Firmware by Qualcomm

View all CVEs affecting Sd 425 Firmware →

Sd 430 Firmware by Qualcomm

View all CVEs affecting Sd 430 Firmware →

Sd 450 Firmware by Qualcomm

View all CVEs affecting Sd 450 Firmware →

Sd 615 Firmware by Qualcomm

View all CVEs affecting Sd 615 Firmware →

Sd 616 Firmware by Qualcomm

View all CVEs affecting Sd 616 Firmware →

Sd 617 Firmware by Qualcomm

View all CVEs affecting Sd 617 Firmware →

Sd 625 Firmware by Qualcomm

View all CVEs affecting Sd 625 Firmware →

Sd 650 Firmware by Qualcomm

View all CVEs affecting Sd 650 Firmware →

Sd 652 Firmware by Qualcomm

View all CVEs affecting Sd 652 Firmware →

Sd 800 Firmware by Qualcomm

View all CVEs affecting Sd 800 Firmware →

Sd 808 Firmware by Qualcomm

View all CVEs affecting Sd 808 Firmware →

Sd 810 Firmware by Qualcomm

View all CVEs affecting Sd 810 Firmware →

Sd 820 Firmware by Qualcomm

View all CVEs affecting Sd 820 Firmware →

Sd 820a Firmware by Qualcomm

View all CVEs affecting Sd 820a Firmware →

Sd 835 Firmware by Qualcomm

View all CVEs affecting Sd 835 Firmware →

Sd 845 Firmware by Qualcomm

View all CVEs affecting Sd 845 Firmware →

Sd 850 Firmware by Qualcomm

View all CVEs affecting Sd 850 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete device compromise, data theft, or persistent backdoor installation.

🟠

Likely Case

Application crashes, denial of service, or limited information disclosure due to memory corruption.

🟢

If Mitigated

No impact if patched; limited impact if network access is restricted and device is isolated.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires sending specially crafted messages to trigger the out-of-bounds memory access. No public exploit code is documented in references.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Android security patch level April 5, 2018 or later

Vendor Advisory: https://source.android.com/security/bulletin/2018-04-01

Restart Required: Yes

Instructions:

1. Check current Android security patch level in Settings > About phone > Android security patch level. 2. If before April 2018, apply the April 2018 security update via Settings > System > System update. 3. Restart device after update installation.

🔧 Temporary Workarounds

Network segmentation

all

Restrict network access to affected devices to reduce attack surface

Disable unnecessary services

android

Disable content protection manager if not required (may impact functionality)

🧯 If You Can't Patch

  • Isolate affected devices from untrusted networks and internet access
  • Monitor for unusual activity or crashes related to content protection services

🔍 How to Verify

Check if Vulnerable:

Check Android security patch level in Settings > About phone > Android security patch level. If date is before April 5, 2018, device is vulnerable.

Check Version:

adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify Android security patch level shows April 2018 or later after applying update.

📡 Detection & Monitoring

Log Indicators:

  • Crashes or abnormal behavior in content protection manager services
  • Memory access violation logs in system logs

Network Indicators:

  • Unusual network traffic to content protection services
  • Suspicious message patterns targeting vulnerable components

SIEM Query:

Search for process crashes related to 'content protection' or 'Qualcomm' services in Android system logs

📊 Metadata

CVE ID: CVE-2015-9192
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-119
Published: April 18, 2018
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2015-9192, you might also want to check these:

CVE-2024-23613 10.0

A critical buffer overflow vulnerability in Symantec Deployment Solution 7.9 allows remote, unauthen...

Same vulnerability type (CWE-119)
CVE-2024-23615 10.0

A critical buffer overflow vulnerability in Symantec Messaging Gateway allows remote unauthenticated...

Same vulnerability type (CWE-119)
CVE-2026-2776 10.0

This CVE describes a sandbox escape vulnerability in Firefox's Telemetry component due to incorrect ...

Same vulnerability type (CWE-119)