CVE-2015-9031

Vulnerability

In all Android releases from CAF (Code Aurora Forum) using the Linux kernel, the HDCP (High-bandwidth Digital Content Protection) implementation exposes a TZ (TrustZone) memory address to the HLOS (High-Level Operating System) [1]. This happens due to improper handling of memory addresses between the secure and non-secure worlds. All affected versions are listed in the Android Security Bulletin—June 2017 [1].

Exploitation

An attacker with local access to the device and the ability to interact with the HLOS can read the exposed TZ memory address [1]. No special permissions or user interaction beyond normal device usage is required, as the information is leaked through the standard HDCP interface.

Impact

Successful exploitation allows an attacker to obtain a TZ memory address, which may reveal information about the secure memory layout [1]. This is a low-severity information disclosure that does not directly enable code execution or privilege escalation without further vulnerabilities.

Mitigation

Android partners were notified of the issue and updates were included in the June 2017 Android security patch level [1]. Users should apply the security update from their device manufacturer. No workarounds are available for unpatched devices.