CVE-2015-9211
Description
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850, while provising the Playready module, a buffer overread may occur if the message passed is large.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A buffer overread in Qualcomm's Playready module on multiple Snapdragon SoCs allows information disclosure, fixed in Android 2018-04-05 security patch level.
Vulnerability
The vulnerability resides in the Playready module of Qualcomm firmware on a wide range of Snapdragon SoCs, including MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, and SD 850 [1]. While provisioning the Playready module, if the message passed is large, a buffer overread occurs [1]. This applies to Android versions before the 2018-04-05 security patch level (or earlier SPLs) [1].
Exploitation
An attacker would need to be able to send a crafted large message to the Playready module during the provisioning process [1]. No additional authentication or special permissions are mentioned as required beyond the ability to trigger the provisioning flow [1]. The buffer overread is triggered by the oversized input [1].
Impact
Successful exploitation leads to a buffer overread, which can result in the disclosure of sensitive information from adjacent memory [1]. The information disclosure may include cryptographic keys or other data handled by the Playready module [1]. The confidentiality of the device is compromised, though the exact scope depends on what resides in memory after the buffer [1].
Mitigation
Google's Android Security Bulletin for April 2018 includes fixes for this issue under the 2018-04-05 security patch level [1]. Updating to this patch level or later is the recommended mitigation [1]. No workarounds are described in the available reference. All affected Qualcomm platforms listed in the bulletin require the update [1].
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
4- Range: <2018-04-05
- Range: <2018-04-05
- Range: <2018-04-05
- Qualcomm, Inc./Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wearv5Range: MDM9206, MDM9650, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- www.securityfocus.com/bid/103671mitrevdb-entryx_refsource_BID
- source.android.com/security/bulletin/2018-04-01mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.