Main Vulnerability Database Vulnerabilities #VU34473

Information disclosure in Google Android - CVE-2015-9547

Published: April 10, 2020 / Updated: August 8, 2020

Vulnerability identifier: #VU34473

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2015-9547

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

An issue was discovered on Samsung mobile devices with JBP(4.3) and KK(4.4.2) software. Because the READ_LOGS permission is mishandled, sensitive information is disclosed in a world-readable copy of the log file if the error message is "Unhandled exception in Dalvik VM," "Application not responding ANR event," or "Crash on an application's native code." The Samsung ID is SVE-2015-2885 (October 2015).

How to mitigate CVE-2015-9547

Install update from vendor's website.

Sources

https://security.samsungmobile.com/securityUpdate.smsb

Information disclosure in Google Android - CVE-2015-9547

Detailed vulnerability description

How to mitigate CVE-2015-9547

Sources

Please verify you're human