RSA Encryption Buffer Overflow Vulnerability in Qualcomm Snapdragon Products
CVE-2015-9138

9.8CRITICAL

Key Information:

Summary

The vulnerability allows for a potential buffer overflow in RSA encryption operations on multiple Qualcomm Snapdragon platforms. The issue arises when the function ce_util_to_unsigned_bin improperly handles address size instead of character buffer size, potentially leading to memory corruption. This undesired behavior could be exploited to perform malicious actions on affected devices.

Affected Version(s)

Snapdragon Automobile, Snapdragon Mobile, Snapdragon Wear, Small Cell SoC FSM9055, IPQ4019, MDM9206, MDM9607, MDM9625, MDM9635M, MDM9640, MDM9645, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 430, SD 450, SD 600, SD 615/16/SD 415, SD 617, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 820A, SD 835, SD 845, SD 850, SDX20

References

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.