CVE-2015-9136 in Android
Summary
by MITRE
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9640, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 600, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 835, and SDX20, in pre-auth request, Host driver uses FT IEs sent by the supplicant. A buffer overflow may occur if FT IEs sent by the supplicant are larger than the expected value.
Once again VulDB remains the best source for vulnerability data.
Analysis
by VulDB Data Team • 01/26/2020
This vulnerability exists in Qualcomm Snapdragon mobile and wearable chipsets affecting Android devices prior to the 2018-04-05 security patch level. The flaw manifests in the wireless networking stack where the host driver processes Fast Transition Information Elements (FT IEs) sent by the supplicant component during wireless authentication processes. When these FT IEs exceed the expected buffer size allocated by the host driver, a classic buffer overflow condition occurs that can lead to arbitrary code execution or system instability. The vulnerability specifically impacts devices utilizing Snapdragon MDM9206, MDM9607, MDM9640, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 600, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 835, and SDX20 chipsets. The issue is particularly dangerous because it occurs during the pre-authentication phase, meaning an attacker could potentially exploit this vulnerability before establishing a legitimate wireless connection, making it a critical zero-day threat for affected device populations. This vulnerability maps to CWE-121, which describes buffer overflow conditions where insufficient space is allocated for data, and aligns with ATT&CK technique T1068 which covers local privilege escalation through exploitation of software vulnerabilities. The buffer overflow scenario creates a potential pathway for attackers to execute malicious code with the privileges of the wireless networking driver, potentially leading to complete system compromise. The exploitation requires an attacker to be within proximity of the target device and to initiate a wireless authentication process, making this vulnerability particularly concerning for mobile environments where devices are constantly connecting to various wireless networks. The technical impact extends beyond simple code execution to include potential denial of service conditions that could render the device unusable, as well as the possibility of persistent backdoor installation through the exploited buffer overflow mechanism. Device manufacturers and security researchers have documented this as a particularly severe vulnerability due to its potential for remote code execution and the widespread deployment of affected Snapdragon chipsets across multiple Android device manufacturers. The vulnerability demonstrates poor input validation in the wireless networking subsystem where the host driver fails to properly validate the size of incoming FT IEs before attempting to process them. This represents a fundamental security flaw in the driver architecture that allows attacker-controlled data to overwrite adjacent memory locations, potentially leading to privilege escalation or system crashes. The remediation requires updating the device firmware and applying the appropriate security patches released by Qualcomm and device manufacturers, with the vulnerability being classified as a critical threat requiring immediate attention from system administrators and security teams managing affected device fleets.