CVE-2015-9115
Description
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile MDM9625, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 820, and SD 820A, no address argument validation is performed on calls to the qsee_prng_getdata syscall.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Missing input validation in the qsee_prng_getdata syscall on Qualcomm SoCs can lead to privilege escalation and information disclosure.
Vulnerability
In Android before the 2018-04-05 security patch level on certain Qualcomm Snapdragon SoCs (MDM9625, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 820, and SD 820A), the qsee_prng_getdata syscall does not perform address argument validation. This missing check allows a caller to pass arbitrary addresses as arguments, potentially leading to exploitation through a crafted syscall invocation [1].
Exploitation
An attacker with local user access to the device can make a sequence of qsee_prng_getdata syscalls with crafted address arguments. No additional permissions or user interaction are required beyond normal local access. The vulnerability can be reached from user space by invoking the syscall with controlled parameters [1].
Impact
Successful exploitation can lead to information disclosure (reading arbitrary kernel memory) and potentially privilege escalation, as the syscall operates in the kernel context. The attacker may gain elevated privileges and compromise device integrity and confidentiality [1].
Mitigation
Google's Android Security Bulletin for April 2018 includes a patch for this issue. Devices updated to the 2018-04-05 or later security patch level are no longer vulnerable. Users should ensure their device has received the latest security updates; no workaround is available without the patch [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3- Range: <2018-04-05
- Range: <2018-04-05
- Qualcomm, Inc./Snapdragon Automobile, Snapdragon Mobilev5Range: MDM9625, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 820, SD 820A
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- www.securityfocus.com/bid/103671mitrevdb-entryx_refsource_BID
- source.android.com/security/bulletin/2018-04-01mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.