CVE-2015-9192
Description
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, out of bounds memory access vulnerability may occur in the content protection manager due to improper validation of incoming messages.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Out-of-bounds memory access in Qualcomm content protection manager on multiple Snapdragon platforms could lead to information disclosure.
Vulnerability
An out-of-bounds memory access vulnerability exists in the content protection manager of Qualcomm Snapdragon Automotive, Mobile, and Wear platforms. Due to improper validation of incoming messages, an attacker can trigger an out-of-bounds read or write. Affected chipsets include MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850. The issue affects Android devices with a security patch level before April 5, 2018 [1].
Exploitation
An attacker can exploit this vulnerability by sending a crafted message to the content protection manager. The vulnerability does not require special privileges beyond the ability to send messages to the affected component; it may be exploitable via a malicious application or possibly through other attack vectors such as network-based communication, depending on the exposure of the content protection manager interface [1].
Impact
Successful exploitation could result in information disclosure or memory corruption, potentially leading to arbitrary code execution with elevated privileges. The exact impact depends on the context of the vulnerable component, but it is rated as a critical severity vulnerability in the Android security bulletin [1].
Mitigation
Users should apply the Android security patch level of April 2018 or later, which includes the fix for this vulnerability. The fix is available in the Android Open Source Project (AOSP) as part of the 2018-04-01 security patch [1]. No workaround is provided; updating the device is the recommended mitigation.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4- Qualcomm, Inc./Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wearv5Range: MDM9206, MDM9650, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- www.securityfocus.com/bid/103671mitrevdb-entryx_refsource_BID
- source.android.com/security/bulletin/2018-04-01mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.