CVE-2015-9185
Description
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, in multiple Secure DEMUX functions (e.g., SDMX_open_session, SDMX_close_session, SDMX_set_session_cfg), when parameter validation fails, an error code is written into a response buffer, without checking that response buffer length (rsplen) passed from HLOS is large enough to hold the response. If the buffer is at the end of a non-secure page followed by secured memory page, this can cause a secure memory corruption.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Insufficient length check in Qualcomm Secure DEMUX functions on Android allows secure memory corruption via crafted response.
Vulnerability
In Android before the 2018-04-05 security patch level on Qualcomm Snapdragon SoCs (MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850), multiple Secure DEMUX functions such as SDMX_open_session, SDMX_close_session, and SDMX_set_session_cfg fail to validate that the response buffer length (rsplen) passed from HLOS is large enough to hold the error code when parameter validation fails. If the buffer is at the end of a non-secure page followed by secured memory, this flaw can lead to secure memory corruption [1].
Exploitation
An attacker must trigger a parameter validation failure in one of the affected Secure DEMUX functions, potentially via a malicious application or crafted system call. The exploit requires the response buffer to be positioned at the end of a non-secure memory page immediately adjacent to secured memory. No additional authentication or user interaction is specified beyond local access [1].
Impact
Successful exploitation results in corruption of secure memory, which may enable an attacker to write arbitrary data into secured memory regions. This could lead to privilege escalation or disclosure of sensitive information protected by the secure execution environment [1].
Mitigation
Google released a fix in the Android security patch level 2018-04-05 or later. Users are advised to apply the latest Android security updates from their device manufacturer. No workaround is available without updating [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4- Range: before 2018-04-05 or earlier security patch level
- Range: before 2018-04-05 or earlier security patch level
- Range: before 2018-04-05 or earlier security patch level
- Qualcomm, Inc./Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wearv5Range: MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- www.securityfocus.com/bid/103671mitrevdb-entryx_refsource_BID
- source.android.com/security/bulletin/2018-04-01mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.