VYPR
← All advisories
Unrated severityNVD Advisory· Published Apr 18, 2018· Updated Sep 16, 2024

CVE-2015-9149

CVE-2015-9149

Description

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, in a DIAG ioctl handler, an untrusted pointer dereference can occur.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Untrusted pointer dereference in Qualcomm Snapdragon DIAG ioctl handler allows privilege escalation on Android devices.

Vulnerability

In Android before the 2018-04-05 security patch level on affected Qualcomm Snapdragon chipsets (MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850), an untrusted pointer dereference vulnerability exists in a DIAG ioctl handler.

Exploitation

An attacker with local access and the ability to invoke the vulnerable DIAG ioctl can trigger an untrusted pointer dereference by supplying a crafted pointer.

Impact

Successful exploitation could lead to elevation of privilege or arbitrary code execution in the kernel context.

Mitigation

The issue is fixed in Android security patch level 2018-04-05, as documented in the Android Security Bulletin [1]. Users should ensure their devices have received this patch.

References
  1. Android Security Bulletin—April 2018

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

4

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.