← back
CVE-2015-9222

CVE-2015-9222

EPSS 4.4%
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 425, SD 427, SD 430, SD 435, SD 450, SD 625, SD 650/52, SD 800, SD 808, SD 810, SD 820, SD 835, SD 845, SDM630, SDM636, SDM660, and Snapdragon_High_Med_2016, processing erroneous bitstreams may result in a HW freeze. FW should detect the HW freeze based on watchdog timer, but because the watchdog timer is not enabled, an infinite loop occurs, resulting in a device freeze.
Affected products
Qualcomm, Inc. · Snapdragon Mobile, Snapdragon Wear
public PoCs found2
cve_referencewww.exploit-db.com/exploits/39739/unverifiedexploitdbwww.exploit-db.com/exploits/39739unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://source.android.com/security/bulletin/2018-04-01https://www.exploit-db.com/exploits/39739/http://www.securityfocus.com/bid/103671