CVE-2015-9203
Description
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, lack of input validation in playready_set_domainid could lead to a buffer overread.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A buffer overread in Qualcomm's playready_set_domainid on Android could leak sensitive data, fixed in the April 2018 security patch.
Vulnerability
CVE-2015-9203 is a buffer overread vulnerability in the Qualcomm playready_set_domainid function. The bug exists because of a lack of input validation in that function, which is part of a library used on a wide range of Qualcomm Snapdragon chipsets, including Snapdragon Automobile, Mobile, and Wear. Affected chips include MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850. The issue is present in Android versions before the 2018-04-05 security patch level [1].
Exploitation
An attacker would need to supply a crafted buffer to the playready_set_domainid function. The vulnerability can be triggered locally without user interaction if the attacker can pass a specially sized domain ID that exceeds expected boundaries. No authentication is required to trigger the overread once the malicious data reaches the vulnerable code path [1].
Impact
Successful exploitation results in a buffer overread, which may allow an attacker to read sensitive data from adjacent memory locations. This can lead to information disclosure of kernel or process memory, potentially revealing cryptographic keys, passwords, or other confidential data [1].
Mitigation
The fix was released in the Android Security Bulletin for April 2018, with a patch level of 2018-04-05 or later. Users should ensure their devices have received the security update. Qualcomm has released a patch for the affected chipsets, and device vendors should have incorporated it into their Android builds [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4- Qualcomm, Inc./Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wearv5Range: MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- www.securityfocus.com/bid/103671mitrevdb-entryx_refsource_BID
- source.android.com/security/bulletin/2018-04-01mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.