drivers/char/diag/diagfwd.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 5X, 6, 6P, and 7 (2013) devices mishandles certain integer values, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28767796 and Qualcomm internal bug CR483408.

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P
Vendors Products
Google
  • Android

Configuration 1 [-]

cpe:2.3:o:google:android:*:*:*:*:*:*:*:*
References
Link Resource
http://source.android.com/security/bulletin/2016-08-01.html Vendor Advisory
http://www.securityfocus.com/bid/92219
https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=7efd393ca08ac74b2e3d2639b0ad77da139e9139 Issue Tracking Patch
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: google_android

Published: 2016-08-06T10:00:00

Updated: 2016-11-25T19:57:01

Reserved: 2016-06-24T00:00:00

Link: CVE-2014-9876

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2016-08-06T10:59:17.997

Modified: 2016-11-28T19:15:18.357

Link: CVE-2014-9876

JSON object: View

cve-icon Redhat Information

No data.

CWE