CVE-2015-9145
Description
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, and SDX20, lack of input validation in NPA driver functions leads to null pointer dereference.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A null pointer dereference vulnerability in Qualcomm NPA driver functions due to missing input validation could lead to denial of service on affected Android devices.
Vulnerability
In Android on Qualcomm Snapdragon platforms (including MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, and SDX20) prior to the 2018-04-05 security patch level, the NPA (Network Power Architecture) driver functions lack input validation. This missing validation can result in a null pointer dereference when processing crafted input. The vulnerability is present in Android builds before the April 2018 security patch.
Exploitation
An attacker with local access to the device or the ability to inject malicious input into the NPA driver could trigger the null pointer dereference. No authentication is required beyond the ability to interact with the affected driver. The exact sequence involves sending specially crafted data to the NPA driver functions, causing the driver to dereference a null pointer.
Impact
Successful exploitation leads to a denial of service (DoS) condition, likely causing a system crash or reboot. The vulnerability does not appear to allow arbitrary code execution or privilege escalation based on the description. The impact is limited to temporary device unavailability.
Mitigation
Google released a fix as part of the Android Security Bulletin for April 2018 [1]. The security patch level 2018-04-05 or later includes the necessary input validation to prevent the null pointer dereference. Users should ensure their devices receive the April 2018 or later security update. No workaround is available without the patch.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4- Qualcomm, Inc./Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wearv5Range: MDM9206, MDM9607, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDX20
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- www.securityfocus.com/bid/103671mitrevdb-entryx_refsource_BID
- source.android.com/security/bulletin/2018-04-01mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.