CVE-2015-9166
Description
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear IPQ4019, MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, DRM provisioning mechanisms used in QSEE applications have a feature to prevent further provisioning. This is done by creating an SFS file called 'finalize_prov_flag.data' at the end of provisioning. When this feature is enabled, provisioning calls check for the existence of the file in order to decide whether to do provisioning or not. Current implementation allows provisioning without sufficient checks.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Qualcomm QSEE DRM provisioning on multiple Snapdragon SoCs can be bypassed by removing or not creating a finalization flag file, allowing repeated provisioning.
Vulnerability
In Android before the 2018-04-05 security patch level on Qualcomm Snapdragon Automobile, Mobile, and Wear IPQ4019, MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, the DRM provisioning mechanisms used in QSEE applications include a feature to prevent further provisioning by creating an SFS file called finalize_prov_flag.data at the end of provisioning. The current implementation allows provisioning without sufficient checks; when the feature is enabled, provisioning calls merely check for the existence of the file, but the enforcement is not properly implemented, allowing the process to be bypassed if the flag file is missing or removed.
Exploitation
An attacker with local access to the device and sufficient privileges to either remove the finalize_prov_flag.data file or prevent its creation could exploit the vulnerability. No specific network position or user interaction is required beyond local access. By manipulating the file system state, the attacker can trick the provisioning mechanism into allowing repeated DRM provisioning, effectively bypassing the finalization control.
Impact
Successful exploitation allows an attacker to repeatedly re-provision DRM content, potentially enabling unauthorized access to protected media or services. The vulnerability affects the integrity of the DRM provisioning mechanism, potentially leading to information disclosure or bypass of content protection controls [1].
Mitigation
Google released a security patch for Android as part of the April 2018 Security Bulletin [1]. Users should apply the 2018-04-05 patch level or later to mitigate this vulnerability. No workarounds were published for devices that do not receive the update. Devices running later security patch levels are not affected.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4- Qualcomm, Inc./Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wearv5Range: IPQ4019, MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- www.securityfocus.com/bid/103671mitrevdb-entryx_refsource_BID
- source.android.com/security/bulletin/2018-04-01mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.