CVE-2015-9141
Description
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 617, SD 800, SD 808, and SD 810, in HHO scenarios, during the ACQ procedure, there are possible instances where the search database is incorrectly updated resulting in memory corruption due to buffer overflow.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A buffer overflow in Qualcomm HHO ACQ procedure can corrupt memory, affecting many Snapdragon chips in Android.
Vulnerability
A buffer overflow vulnerability exists in the Hardware Handover (HHO) procedure of the Acquisition (ACQ) process in Qualcomm Snapdragon Mobile and Snapdragon Wear firmware. Affected chips include MDM9206, MDM9607, MDM9635M, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 617, SD 800, SD 808, and SD 810. The search database is incorrectly updated during ACQ, leading to memory corruption due to a buffer overflow. The vulnerability is addressed in the Android security patch level of 2018-04-05 or earlier [1].
Exploitation
An attacker with local access to the device and the ability to trigger the HHO ACQ procedure may exploit the buffer overflow. The exact attack vector is not detailed in the reference, but it requires the attacker to interact with the radio stack or modem firmware. No user interaction is needed beyond normal device operation in a vulnerable radio environment.
Impact
Successful exploitation results in memory corruption, which could lead to denial of service or potential escalation of privilege within the modem processor. The impact is limited to the affected Qualcomm components and may enable arbitrary code execution at the modem level.
Mitigation
The vulnerability is fixed in the Android security patch level of 2018-04-05 or earlier [1]. Devices running a later patch level are not affected. There is no indication that the vulnerability is listed in CISA's Known Exploited Vulnerabilities catalog.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3- Range: before 2018-04-05 security patch level
- Range: before 2018-04-05 security patch level
- Qualcomm, Inc./Snapdragon Mobile, Snapdragon Wearv5Range: MDM9206, MDM9607, MDM9635M, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 615/16/SD 415, SD 617, SD 800, SD 808, SD 810
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- www.securityfocus.com/bid/103671mitrevdb-entryx_refsource_BID
- source.android.com/security/bulletin/2018-04-01mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.