VYPR
Critical severity9.8NVD Advisory· Published Apr 18, 2018· Updated Jun 17, 2026

CVE-2015-9148

CVE-2015-9148

Description

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, SD 400, SD 425, SD 430, SD 450, SD 600, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, and SDX20, in the Diag User-PD command registration function, a length variable used during buffer allocation is not checked, so if it is very large, an integer overflow followed by a buffer overflow occurs.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

3
  • Google/Androidllm-create
    Range: <2018-04-05
  • Range: <2018-04-05
  • Qualcomm, Inc./Snapdragon Automobile, Snapdragon Mobilev5
    Range: MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, SD 400, SD 425, SD 430, SD 450, SD 600, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDX20

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.