Integer overflow in drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application, aka Android internal bug 28769912 and Qualcomm internal bug CR565160.

No CVSS v3.1

Attack Vector Local

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P
Vendors Products
Google
  • Android

Configuration 1 [-]

cpe:2.3:o:google:android:*:*:*:*:*:*:*:*
References
Link Resource
http://source.android.com/security/bulletin/2016-08-01.html Vendor Advisory
http://www.securityfocus.com/bid/92219
https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=cbf79a67348e48557c0d0bb9bc58391b3f84bc46 Issue Tracking Patch
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: google_android

Published: 2016-08-06T10:00:00

Updated: 2016-11-25T19:57:01

Reserved: 2016-06-24T00:00:00

Link: CVE-2014-9883

JSON object: View

cve-icon NVD Information

Status : Modified

Published: 2016-08-06T10:59:25.810

Modified: 2016-11-28T19:15:25.280

Link: CVE-2014-9883

JSON object: View

cve-icon Redhat Information

No data.

CWE