Login Sign Up

CVE-2015-9199

9.8 CRITICAL

📋 TL;DR

This vulnerability allows attackers to corrupt secure memory regions in Qualcomm Snapdragon chipsets by exploiting a race condition in QSEE buffer handling. It affects Android devices with specific Qualcomm processors before the April 2018 security patch, potentially enabling privilege escalation or arbitrary code execution in the secure environment.

💻 Affected Systems

Products:
  • Android devices with Qualcomm Snapdragon Automobile and Mobile chipsets: IPQ4019, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 800, SD 808, SD 810, SD 820, SD 820A
Versions: Android versions before April 5, 2018 security patch level
Operating Systems: Android
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability is in Qualcomm's TrustZone implementation (QSEE), affecting devices regardless of Android version if using vulnerable chipsets without the security patch.

📦 What is this software?

Ipq4019 Firmware by Qualcomm

View all CVEs affecting Ipq4019 Firmware →

Mdm9625 Firmware by Qualcomm

View all CVEs affecting Mdm9625 Firmware →

Mdm9635m Firmware by Qualcomm

View all CVEs affecting Mdm9635m Firmware →

Mdm9640 Firmware by Qualcomm

View all CVEs affecting Mdm9640 Firmware →

Mdm9650 Firmware by Qualcomm

View all CVEs affecting Mdm9650 Firmware →

Mdm9655 Firmware by Qualcomm

View all CVEs affecting Mdm9655 Firmware →

Sd 205 Firmware by Qualcomm

View all CVEs affecting Sd 205 Firmware →

Sd 210 Firmware by Qualcomm

View all CVEs affecting Sd 210 Firmware →

Sd 212 Firmware by Qualcomm

View all CVEs affecting Sd 212 Firmware →

Sd 400 Firmware by Qualcomm

View all CVEs affecting Sd 400 Firmware →

Sd 410 Firmware by Qualcomm

View all CVEs affecting Sd 410 Firmware →

Sd 412 Firmware by Qualcomm

View all CVEs affecting Sd 412 Firmware →

Sd 415 Firmware by Qualcomm

View all CVEs affecting Sd 415 Firmware →

Sd 615 Firmware by Qualcomm

View all CVEs affecting Sd 615 Firmware →

Sd 616 Firmware by Qualcomm

View all CVEs affecting Sd 616 Firmware →

Sd 800 Firmware by Qualcomm

View all CVEs affecting Sd 800 Firmware →

Sd 808 Firmware by Qualcomm

View all CVEs affecting Sd 808 Firmware →

Sd 810 Firmware by Qualcomm

View all CVEs affecting Sd 810 Firmware →

Sd 820 Firmware by Qualcomm

View all CVEs affecting Sd 820 Firmware →

Sd 820a Firmware by Qualcomm

View all CVEs affecting Sd 820a Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the secure execution environment (QSEE), allowing attackers to bypass hardware security features, extract encryption keys, or gain persistent control over the device.

🟠

Likely Case

Privilege escalation from userland to kernel or secure environment, enabling data theft, surveillance capabilities, or installation of persistent malware.

🟢

If Mitigated

Limited impact if patched; unpatched devices remain vulnerable to sophisticated attacks requiring local access.

🌐 Internet-Facing: LOW
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: HIGH

Exploitation requires local access and precise timing to win the race condition. No public exploits have been documented, but the high CVSS score indicates significant potential impact.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Android security patch level 2018-04-05 or later

Vendor Advisory: https://source.android.com/security/bulletin/2018-04-01

Restart Required: Yes

Instructions:

1. Check for Android system updates in Settings > System > Advanced > System update. 2. Apply the April 2018 or later security patch. 3. For enterprise devices, coordinate with device manufacturers for firmware updates specific to your chipset model.

🧯 If You Can't Patch

  • Isolate affected devices from sensitive networks and data
  • Implement strict application whitelisting to reduce attack surface

🔍 How to Verify

Check if Vulnerable:

Check Android security patch level in Settings > About phone > Android security patch level. If date is before April 2018, device is vulnerable.

Check Version:

adb shell getprop ro.build.version.security_patch

Verify Fix Applied:

Verify security patch level shows April 2018 or later date after applying update.

📡 Detection & Monitoring

Log Indicators:

  • Kernel panic logs
  • TrustZone/QSEE service crashes
  • Unexpected secure world transitions

SIEM Query:

Search for kernel panic events or TrustZone service failures in device logs

📊 Metadata

CVE ID: CVE-2015-9199
CVSS v3 Score: 9.8 (CRITICAL)
CVSS Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CWE: CWE-119
Published: April 18, 2018
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2015-9199, you might also want to check these:

CVE-2024-23613 10.0

A critical buffer overflow vulnerability in Symantec Deployment Solution 7.9 allows remote, unauthen...

Same vulnerability type (CWE-119)
CVE-2024-23615 10.0

A critical buffer overflow vulnerability in Symantec Messaging Gateway allows remote unauthenticated...

Same vulnerability type (CWE-119)
CVE-2026-2776 10.0

This CVE describes a sandbox escape vulnerability in Firefox's Telemetry component due to incorrect ...

Same vulnerability type (CWE-119)