VYPR
High severity7.5NVD Advisory· Published Apr 18, 2018· Updated Jun 17, 2026

CVE-2015-9166

CVE-2015-9166

Description

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear IPQ4019, MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, DRM provisioning mechanisms used in QSEE applications have a feature to prevent further provisioning. This is done by creating an SFS file called 'finalize_prov_flag.data' at the end of provisioning. When this feature is enabled, provisioning calls check for the existence of the file in order to decide whether to do provisioning or not. Current implementation allows provisioning without sufficient checks.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

4
  • Range: < 2018-04-05 security patch level
  • Range: < 2018-04-05 security patch level
  • Range: < 2018-04-05 security patch level
  • Qualcomm, Inc./Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wearv5
    Range: IPQ4019, MDM9206, MDM9607, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.