Critical severity9.8NVD Advisory· Published Apr 18, 2018· Updated Jun 17, 2026
CVE-2015-9148
CVE-2015-9148
Description
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, SD 400, SD 425, SD 430, SD 450, SD 600, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, and SDX20, in the Diag User-PD command registration function, a length variable used during buffer allocation is not checked, so if it is very large, an integer overflow followed by a buffer overflow occurs.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Range: <2018-04-05
- Qualcomm, Inc./Snapdragon Automobile, Snapdragon Mobilev5Range: MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, SD 400, SD 425, SD 430, SD 450, SD 600, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDX20
Patches
Vulnerability mechanics
References
2- www.securityfocus.com/bid/103671nvdThird Party AdvisoryVDB Entry
- source.android.com/security/bulletin/2018-04-01nvdVendor Advisory
News mentions
0No linked articles in our index yet.