Login Sign Up

CVE-2015-9197

9.8 CRITICAL

📋 TL;DR

This vulnerability in Qualcomm Snapdragon chipsets allows memory access outside secure memory (SMEM) boundaries when enabling XPUs with out-of-range configuration values. This could lead to arbitrary code execution or system compromise. Affects Android devices with specific Qualcomm chipsets before April 2018 security patches.

💻 Affected Systems

Products:
  • Android devices with Qualcomm Snapdragon chipsets
Versions: Android versions before April 5, 2018 security patch level
Operating Systems: Android
Default Config Vulnerable: ⚠️ Yes
Notes: Specifically affects MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 617, SD 650/52, SD 808, and SD 810 chipsets.

📦 What is this software?

Mdm9206 Firmware by Qualcomm

View all CVEs affecting Mdm9206 Firmware →

Mdm9607 Firmware by Qualcomm

View all CVEs affecting Mdm9607 Firmware →

Mdm9635m Firmware by Qualcomm

View all CVEs affecting Mdm9635m Firmware →

Mdm9640 Firmware by Qualcomm

View all CVEs affecting Mdm9640 Firmware →

Mdm9645 Firmware by Qualcomm

View all CVEs affecting Mdm9645 Firmware →

Msm8909w Firmware by Qualcomm

View all CVEs affecting Msm8909w Firmware →

Sd 205 Firmware by Qualcomm

View all CVEs affecting Sd 205 Firmware →

Sd 210 Firmware by Qualcomm

View all CVEs affecting Sd 210 Firmware →

Sd 212 Firmware by Qualcomm

View all CVEs affecting Sd 212 Firmware →

Sd 400 Firmware by Qualcomm

View all CVEs affecting Sd 400 Firmware →

Sd 410 Firmware by Qualcomm

View all CVEs affecting Sd 410 Firmware →

Sd 412 Firmware by Qualcomm

View all CVEs affecting Sd 412 Firmware →

Sd 415 Firmware by Qualcomm

View all CVEs affecting Sd 415 Firmware →

Sd 615 Firmware by Qualcomm

View all CVEs affecting Sd 615 Firmware →

Sd 616 Firmware by Qualcomm

View all CVEs affecting Sd 616 Firmware →

Sd 617 Firmware by Qualcomm

View all CVEs affecting Sd 617 Firmware →

Sd 650 Firmware by Qualcomm

View all CVEs affecting Sd 650 Firmware →

Sd 652 Firmware by Qualcomm

View all CVEs affecting Sd 652 Firmware →

Sd 808 Firmware by Qualcomm

View all CVEs affecting Sd 808 Firmware →

Sd 810 Firmware by Qualcomm

View all CVEs affecting Sd 810 Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with kernel-level privileges, allowing attackers to execute arbitrary code, bypass security mechanisms, and potentially gain persistent access to the device.

🟠

Likely Case

System instability, crashes, or privilege escalation attacks leading to unauthorized access to sensitive data and device control.

🟢

If Mitigated

Limited impact with proper memory protection mechanisms and updated firmware, though some performance degradation may occur.

🌐 Internet-Facing: MEDIUM - Requires local access or malware installation, but could be combined with other exploits for remote attacks.
🏢 Internal Only: HIGH - Malicious apps or compromised processes could exploit this vulnerability to escalate privileges and compromise the device.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires local access or ability to execute code on the device. Exploitation involves manipulating XPU configuration values.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Android security patch level April 5, 2018 or later

Vendor Advisory: https://source.android.com/security/bulletin/2018-04-01

Restart Required: Yes

Instructions:

1. Check for Android system updates in Settings > System > System update. 2. Install the April 2018 or later security patch. 3. Reboot the device. 4. Verify the patch is applied by checking the security patch level in Settings > About phone.

🔧 Temporary Workarounds

Disable unnecessary system services

android

Reduce attack surface by disabling non-essential services that might interact with SMEM or XPU configurations

🧯 If You Can't Patch

  • Isolate affected devices from critical networks and sensitive data
  • Implement application whitelisting to prevent unauthorized app execution

🔍 How to Verify

Check if Vulnerable:

Check Android security patch level in Settings > About phone. If date is before April 2018, device is vulnerable.

Check Version:

adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify security patch level shows April 2018 or later in Settings > About phone.

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic logs
  • SMEM access violations
  • XPU configuration errors in system logs

Network Indicators:

  • Unusual outbound connections from system processes
  • Anomalous device behavior patterns

SIEM Query:

source="android_logs" AND ("SMEM" OR "XPU") AND ("violation" OR "error" OR "panic")

📊 Metadata

CVE ID: CVE-2015-9197
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-16
Published: April 18, 2018
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2015-9197, you might also want to check these:

CVE-2018-11922 9.8

The Touch Pal application on Qualcomm devices was configured to collect user behavior data without u...

Same vulnerability type (CWE-16)
CVE-2019-3939 9.8

CVE-2019-3939 allows unauthenticated remote attackers to gain privileged access to Crestron AM-100 a...

Same vulnerability type (CWE-16)
CVE-2021-20032 9.8

SonicWall Analytics 2.5 On-Prem has a Java Debug Wire Protocol (JDWP) interface misconfiguration tha...

Same vulnerability type (CWE-16)