CVE-2015-9032

Vulnerability

In all Android releases from CAF (Code Aurora Forum) using the Linux kernel, a DRM key was exposed to QTEE applications [1]. The vulnerability resides in the Qualcomm Trusted Execution Environment (TEE) component and affects all devices that shipped those CAF-based kernels. The exact kernel version range is not disclosed in the available references, but all Android security bulletins from CAF up to the June 2017 bulletin are implicated.

Exploitation

An attacker would need the ability to execute a QTEE application on the device [1]. No additional authentication or privileged access is mentioned; the key is already accessible to any QTEE application running in the secure environment. The exploitation does not require user interaction beyond the QTEE execution itself.

Impact

Successful exploitation allows an attacker (via a QTEE application) to obtain the DRM key, which could be used to decrypt or copy protected content [1]. The impact is limited to the compromise of content protection mechanisms; no escalation of privileges or full device compromise is described.

Mitigation

Android released security patches in the June 2017 Security Bulletin [1]. Users should apply the update from their device manufacturer. No workaround is provided for unpatched devices, and the issue is not listed on the CISA KEV. Affected devices must update to a fixed kernel build provided by the vendor.