CVE-2015-9208

Опубликовано: 18 апр. 2018

Источник: nvd

CVSS3: 9.8

CVSS2: 10

EPSS Низкий

Описание

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear IPQ4019, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 800, and SD 810, the function tzbsp_pil_verify_sig() does not strictly check that the pointer to ELF and program headers and hash segment is within secure memory. It only checks that the address is not in non-secure memory. A given address range can overlap with both secure and non-secure regions - hence if such an address is passed in, it would not pass the non-secure range check, and would be considered valid by the function, even though that memory area could be modified by the non-secure side.

Ссылки

http://www.securityfocus.com/bid/103671
Third Party Advisory
VDB Entry
https://source.android.com/security/bulletin/2018-04-01
Vendor Advisory
http://www.securityfocus.com/bid/103671
Third Party Advisory
VDB Entry
https://source.android.com/security/bulletin/2018-04-01
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:o:qualcomm:mdm9206_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:mdm9206:-:*:*:*:*:*:*:*

Конфигурация 2

Одновременно

cpe:2.3:o:qualcomm:mdm9607_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:mdm9607:-:*:*:*:*:*:*:*

Конфигурация 3

Одновременно

cpe:2.3:o:qualcomm:ipq4019_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:ipq4019:-:*:*:*:*:*:*:*

Конфигурация 4

Одновременно

cpe:2.3:o:qualcomm:mdm9635m_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:mdm9635m:-:*:*:*:*:*:*:*

Конфигурация 5

Одновременно

cpe:2.3:o:qualcomm:mdm9640_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:mdm9640:-:*:*:*:*:*:*:*

Конфигурация 6

Одновременно

cpe:2.3:o:qualcomm:mdm9645_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:mdm9645:-:*:*:*:*:*:*:*

Конфигурация 7

Одновременно

cpe:2.3:o:qualcomm:msm8909w_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:msm8909w:-:*:*:*:*:*:*:*

Конфигурация 8

Одновременно

cpe:2.3:o:qualcomm:sd_210_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_210:-:*:*:*:*:*:*:*

Конфигурация 9

Одновременно

cpe:2.3:o:qualcomm:sd_212_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_212:-:*:*:*:*:*:*:*

Конфигурация 10

Одновременно

cpe:2.3:o:qualcomm:sd_205_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_205:-:*:*:*:*:*:*:*

Конфигурация 11

Одновременно

cpe:2.3:o:qualcomm:sd_400_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_400:-:*:*:*:*:*:*:*

Конфигурация 12

Одновременно

cpe:2.3:o:qualcomm:sd_410_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_410:-:*:*:*:*:*:*:*

Конфигурация 13

Одновременно

cpe:2.3:o:qualcomm:sd_412_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_412:-:*:*:*:*:*:*:*

Конфигурация 14

Одновременно

cpe:2.3:o:qualcomm:sd_615_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_615:-:*:*:*:*:*:*:*

Конфигурация 15

Одновременно

cpe:2.3:o:qualcomm:sd_616_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_616:-:*:*:*:*:*:*:*

Конфигурация 16

Одновременно

cpe:2.3:o:qualcomm:sd_415_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_415:-:*:*:*:*:*:*:*

Конфигурация 17

Одновременно

cpe:2.3:o:qualcomm:sd_800_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_800:-:*:*:*:*:*:*:*

Конфигурация 18

Одновременно

cpe:2.3:o:qualcomm:sd_810_firmware:-:*:*:*:*:*:*:*

cpe:2.3:h:qualcomm:sd_810:-:*:*:*:*:*:*:*

EPSS

Процентиль: 43%

0.00206

Низкий

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-20

Связанные уязвимости

GHSA-p87q-j7mq-759c

CVSS3: 9.8

github

больше 3 лет назад

EPSS

Процентиль: 43%

0.00206

Низкий

9.8 Critical

CVSS3

10 Critical

CVSS2

Дефекты

CWE-20