CVE-2015-9169
Description
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 617, SD 650/52, SD 800, SD 808, and SD 810, buffer over-read in QSEE app may cause confidential information to be leaked.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A buffer over-read in a Qualcomm Secure Execution Environment (QSEE) app on multiple Snapdragon SoCs can leak confidential information from kernel memory.
Vulnerability
A buffer over-read vulnerability exists in a Qualcomm Secure Execution Environment (QSEE) application, affecting multiple Snapdragon SoCs. The flaw can be triggered in a privileged context, allowing an attacker to read beyond the bounds of an allocated buffer. Affected chipsets include MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 617, SD 650/52, SD 800, SD 808, and SD 810. The issue was addressed in Android security patch level of 2018-04-05 or earlier [1].
Exploitation
An attacker with local access to the device and the ability to execute code in the QSEE trustlet could trigger the buffer over-read. The vulnerability does not require user interaction beyond normal device usage, but the attacker must have sufficient privileges to invoke the vulnerable QSEE app function.
Impact
Successful exploitation results in the reading of sensitive data from kernel memory, leading to information disclosure. The leaked data could include cryptographic keys, tokens, or other confidential information processed by the secure environment.
Mitigation
Google released fixes in the April 2018 Android Security Bulletin, with security patch level 2018-04-05 or later. Users should ensure their devices receive this update. Qualcomm also provided patches to OEMs as part of their standard update process. No workarounds are available; installing the vendor-provided update is the only mitigation [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3- Range: < 2018-04-05
- Range: < 2018-04-05
- Qualcomm, Inc./Snapdragon Mobile, Snapdragon Wearv5Range: MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 617, SD 650/52, SD 800, SD 808, SD 810
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- www.securityfocus.com/bid/103671mitrevdb-entryx_refsource_BID
- source.android.com/security/bulletin/2018-04-01mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.