CVE-2015-9213
Description
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, and SDX20, the DIAG-EFS command EFS2_DIAG_DELTREE, which is handled by the function fs_diag_deltree_handler(), is used to delete files and directories only inside the /public folder.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
A vulnerability in Qualcomm's DIAG-EFS command allows deletion of arbitrary files on Android devices, potentially leading to system compromise.
Vulnerability
In Android before the April 2018 security patch on multiple Qualcomm SoCs (MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, and SDX20), the DIAG-EFS command EFS2_DIAG_DELTREE, handled by fs_diag_deltree_handler(), did not properly restrict file deletion to the /public directory. This allowed a privileged attacker to delete arbitrary files on the filesystem. Affected versions include Android with security patch level before 2018-04-05 on the listed Snapdragon platforms.
Exploitation
An attacker would require elevated privileges (e.g., root or system user) to send the DIAG-EFS command. The command EFS2_DIAG_DELTREE could be executed with a path argument outside /public, causing deletion of specified files or directories. No user interaction is needed beyond the attacker having the necessary privileges.
Impact
Successful exploitation allows an attacker to delete arbitrary files, potentially breaking system functionality, disabling security mechanisms, or causing denial of service. This could lead to a full compromise of the device if critical system files are removed. The vulnerability is classified as high severity.
Mitigation
The fix was included in the Android security bulletin released on April 5, 2018 [1]. Affected devices should receive the security patch from their OEMs. Users should ensure their device's security patch level is at or later than 2018-04-05. No workarounds are documented.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3- Range: <2018-04-05
- Range: <2018-04-05
- Qualcomm, Inc./Snapdragon Mobile, Snapdragon Wearv5Range: MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SD 850, SDX20
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- www.securityfocus.com/bid/103671mitrevdb-entryx_refsource_BID
- source.android.com/security/bulletin/2018-04-01mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.