MOABI : Continuous Software Improvement

CVE-2015-9136
Description	In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MDM9206, MDM9607, MDM9640, MDM9650, SD 210/SD 212/SD 205, SD 425, SD 430, SD 450, SD 600, SD 625, SD 650/52, SD 808, SD 810, SD 820, SD 835, and SDX20, in pre-auth request, Host driver uses FT IEs sent by the supplicant. A buffer overflow may occur if FT IEs sent by the supplicant are larger than the expected value.
Impact	CVSS v3 : 9.8 CRITICAL CVSS v2 : 10 HIGH
Type	CWE-119
Attack Vector	CVSSv2 Vector : AV:N/AC:L/Au:N/C:C/I:C/A:C
Quick links	CVE, NVD, CERT, Metasploit, Exploit-db, Fulldisc, Bugtraq, Microsoft, Red Hat, Debian, GitHub code/issues, Google
References	http://www.securityfocus.com/bid/103671 https://source.android.com/security/bulletin/2018-04-01