CVE-2015-9186

Vulnerability

A buffer over-read vulnerability exists in a PlayReady API function on Qualcomm Snapdragon platforms, including Snapdragon Automobile, Mobile, and Wear, as well as specific SoCs such as MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850 [1]. The vulnerability affects Android builds before the 2018-04-05 security patch level [1]. The affected code path is reachable when an application invokes the insecure PlayReady API function, without specific authentication or permissions beyond normal API access [1].

Exploitation

An attacker can exploit this vulnerability by crafting a malicious input that causes the susceptible PlayReady API function to read beyond the bounds of an allocated buffer [1]. No special permissions are required beyond those needed to call the API; the attacker does not need physical access or elevated privileges [1]. The exploitation does not require user interaction beyond typical usage that triggers the vulnerable code path [1].

Impact

Successful exploitation of the buffer over-read can lead to information disclosure, as an attacker could read sensitive data from adjacent memory regions [1]. The vulnerability does not directly enable code execution or privilege escalation based on available information [1]. The disclosure of memory contents could compromise confidentiality of data processed by the PlayReady component [1].

Mitigation

Google and Qualcomm released a fix in the Android security bulletin dated April 2018 [1]. Users should update their devices to the 2018-04-05 security patch level or later to mitigate this vulnerability [1]. No workarounds are documented for devices that cannot be patched; affected devices should receive an OTA update from their manufacturer [1].