In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile and Snapdragon Mobile MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, SD 400, SD 425, SD 430, SD 450, SD 600, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, and SDX20, in the Diag User-PD command registration function, a length variable used during buffer allocation is not checked, so if it is very large, an integer overflow followed by a buffer overflow occurs.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: qualcomm

Published: 2018-04-18T14:00:00Z

Updated: 2024-09-17T04:25:15.573Z

Reserved: 2017-08-16T00:00:00

Link: CVE-2015-9148

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2018-04-18T14:29:05.027

Modified: 2018-05-09T16:45:11.543

Link: CVE-2015-9148

cve-icon Redhat

No data.