CVE-2015-9188
Description
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, in Secure DEMUX command handler, when parameter validation fails, an error code is written into a response buffer without checking that response buffer length, passed from HLOS, which may result in memory corruption.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Missing buffer length check in Qualcomm Secure DEMUX handler on multiple Snapdragon chipsets leads to memory corruption in Android before April 2018 patch.
Vulnerability
In the Secure DEMUX command handler on Qualcomm Snapdragon chipsets (MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850), when parameter validation fails, an error code is written into a response buffer without checking the buffer length passed from the HLOS (High Level OS). This missing length check can result in memory corruption. The vulnerability affects Android versions before the 2018-04-05 security patch level [1].
Exploitation
An attacker must be able to send crafted input to the Secure DEMUX command handler, likely requiring local access or the ability to execute code at a sufficient privilege level (e.g., from a system process or a malicious application). By providing a response buffer length smaller than the error code being written, the attacker can trigger an out-of-bounds write, corrupting adjacent memory.
Impact
Successful exploitation leads to memory corruption, which could allow an attacker to execute arbitrary code within the context of the secure environment or cause a denial of service. The exact impact depends on the memory layout and the attacker's ability to control the corrupted data.
Mitigation
Google released a fix as part of the Android Security Bulletin for April 2018 (security patch level 2018-04-05 or later). Users should update their devices to the latest available security patch. No workaround is documented [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3- Qualcomm, Inc./Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wearv5Range: MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- www.securityfocus.com/bid/103671mitrevdb-entryx_refsource_BID
- source.android.com/security/bulletin/2018-04-01mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.