VYPR
← All advisories
Unrated severityNVD Advisory· Published Apr 18, 2018· Updated Sep 16, 2024

CVE-2015-9212

CVE-2015-9212

Description

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, and SD 800, lack of input validation while processing TZ_PR_CMD_SAVE_KEY command could lead to a buffer overread.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

A buffer overread in Qualcomm TrustZone due to missing input validation in the TZ_PR_CMD_SAVE_KEY command could lead to information disclosure.

Vulnerability

In Android before the 2018-04-05 security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear chipsets (MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 800), a lack of input validation while processing the TZ_PR_CMD_SAVE_KEY command could lead to a buffer overread.

Exploitation

An attacker with the ability to send crafted TZ_PR_CMD_SAVE_KEY commands to the TrustZone subsystem (potentially through local access or by executing code in the secure world) could trigger the buffer overread.

Impact

Successful exploitation could allow an attacker to read beyond the intended buffer boundaries, potentially disclosing sensitive information from TrustZone memory.

Mitigation

The vulnerability is fixed in Android as of the 2018-04-05 security patch level or later [1]. Users should ensure their devices have received the April 2018 or newer security updates.

References
  1. Android Security Bulletin—April 2018

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

3

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

2

News mentions

0

No linked articles in our index yet.