Details of VAR-201608-0369

ID

VAR-201608-0369

CVE

CVE-2014-9863

TITLE

Nexus 5 and 7 (2013) Runs on the device Android of Qualcomm Component diag Driver integer underflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2016-004205

DESCRIPTION

Integer underflow in the diag driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application, aka Android internal bug 28768146 and Qualcomm internal bug CR549470. Vendors have confirmed this vulnerability Android internal bug 28768146 and Qualcomm internal bug CR549470 It is released as. Supplementary information : CWE Vulnerability type by CWE-190: Integer Overflow or Wraparound ( Integer overflow or wraparound ) Has been identified. http://cwe.mitre.org/data/definitions/190.htmlAn attacker could gain privileges or gain important information through a crafted application. AndroidonNexus is a high-end mobile phone series powered by Google's original Android system. Google Nexus is prone to multiple privilege escalation vulnerabilities. Attackers can exploit these issues to execute arbitrary code with elevated privileges within the context of the kernel

Trust: 2.52

sources: NVD: CVE-2014-9863 // JVNDB: JVNDB-2016-004205 // CNVD: CNVD-2016-06295 // BID: 92219 // VULMON: CVE-2014-9863

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2016-06295

AFFECTED PRODUCTS

vendor:	google	model:	android	scope:	lte	version:	6.0.1	Trust: 1.0
vendor:	google	model:	android	scope:	eq	version:	2016-08-05	Trust: 0.8
vendor:	google	model:	android	scope:	eq	version:	5<2016-08-05	Trust: 0.6
vendor:	google	model:	android	scope:	eq	version:	7(2013)<2016-08-05	Trust: 0.6
vendor:	google	model:	android	scope:	eq	version:	6.0.1	Trust: 0.6
vendor:	google	model:	nexus	scope:	eq	version:	7	Trust: 0.3
vendor:	google	model:	nexus 6p	scope:	-	version:	-	Trust: 0.3
vendor:	google	model:	nexus	scope:	eq	version:	6	Trust: 0.3
vendor:	google	model:	nexus	scope:	eq	version:	5x	Trust: 0.3
vendor:	google	model:	nexus	scope:	eq	version:	5	Trust: 0.3

sources: CNVD: CNVD-2016-06295 // BID: 92219 // JVNDB: JVNDB-2016-004205 // CNNVD: CNNVD-201608-106 // NVD: CVE-2014-9863

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-9863
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-9863
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2016-06295
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201608-106
value:	CRITICAL
Trust: 0.6
VULMON:	CVE-2014-9863
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-9863
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
NVD:	CVE-2014-9863
severity:	MEDIUM
baseScore:	6.9
vectorString:	AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2016-06295
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2014-9863
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2016-06295 // VULMON: CVE-2014-9863 // JVNDB: JVNDB-2016-004205 // CNNVD: CNNVD-201608-106 // NVD: CVE-2014-9863

PROBLEMTYPE DATA

problemtype:	CWE-190	Trust: 1.0
problemtype:	CWE-Other	Trust: 0.8

sources: JVNDB: JVNDB-2016-004205 // NVD: CVE-2014-9863

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201608-106

TYPE

digital error

Trust: 0.6

sources: CNNVD: CNNVD-201608-106

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-004205

PATCH

title:	Android Security Bulletin-August 2016	url:	http://source.android.com/security/bulletin/2016-08-01.html	Trust: 0.8
title:	diag: Safeguard for bound checks and integer underflow	url:	https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=75eac48a48562f819f50eeff8369b296d89102d7	Trust: 0.8
title:	AndroidonNexusdevices information disclosure vulnerability patch	url:	https://www.cnvd.org.cn/patchInfo/show/80380	Trust: 0.6
title:	Android on Nexus Qualcomm Fixes for component integer overflow vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63499	Trust: 0.6
title:	Android Security Bulletins: Android Security Bulletin—August 2016	url:	https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins&qid=1c52474e34daae48915f8b4129072a86	Trust: 0.1

sources: CNVD: CNVD-2016-06295 // VULMON: CVE-2014-9863 // JVNDB: JVNDB-2016-004205 // CNNVD: CNNVD-201608-106

EXTERNAL IDS

db:	NVD	id:	CVE-2014-9863	Trust: 3.4
db:	BID	id:	92219	Trust: 1.4
db:	JVNDB	id:	JVNDB-2016-004205	Trust: 0.8
db:	CNVD	id:	CNVD-2016-06295	Trust: 0.6
db:	CNNVD	id:	CNNVD-201608-106	Trust: 0.6
db:	VULMON	id:	CVE-2014-9863	Trust: 0.1

sources: CNVD: CNVD-2016-06295 // VULMON: CVE-2014-9863 // BID: 92219 // JVNDB: JVNDB-2016-004205 // CNNVD: CNNVD-201608-106 // NVD: CVE-2014-9863

REFERENCES

url:	https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=75eac48a48562f819f50eeff8369b296d89102d7	Trust: 2.3
url:	http://source.android.com/security/bulletin/2016-08-01.html	Trust: 2.1
url:	http://www.securityfocus.com/bid/92219	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9863	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9863	Trust: 0.8
url:	http://code.google.com/android/	Trust: 0.3
url:	https://developers.google.com/android/nexus/images#mantaray	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/190.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2016-06295 // VULMON: CVE-2014-9863 // BID: 92219 // JVNDB: JVNDB-2016-004205 // CNNVD: CNNVD-201608-106 // NVD: CVE-2014-9863

CREDITS

The vendor reported these issues.

Trust: 0.3

sources: BID: 92219

SOURCES

db:	CNVD	id:	CNVD-2016-06295
db:	VULMON	id:	CVE-2014-9863
db:	BID	id:	92219
db:	JVNDB	id:	JVNDB-2016-004205
db:	CNNVD	id:	CNNVD-201608-106
db:	NVD	id:	CVE-2014-9863

LAST UPDATE DATE

2025-04-13T23:02:45.456000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2016-06295	date:	2016-08-12T00:00:00
db:	VULMON	id:	CVE-2014-9863	date:	2016-11-28T00:00:00
db:	BID	id:	92219	date:	2016-08-01T00:00:00
db:	JVNDB	id:	JVNDB-2016-004205	date:	2016-08-10T00:00:00
db:	CNNVD	id:	CNNVD-201608-106	date:	2016-08-09T00:00:00
db:	NVD	id:	CVE-2014-9863	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2016-06295	date:	2016-08-12T00:00:00
db:	VULMON	id:	CVE-2014-9863	date:	2016-08-06T00:00:00
db:	BID	id:	92219	date:	2016-08-01T00:00:00
db:	JVNDB	id:	JVNDB-2016-004205	date:	2016-08-10T00:00:00
db:	CNNVD	id:	CNNVD-201608-106	date:	2016-08-09T00:00:00
db:	NVD	id:	CVE-2014-9863	date:	2016-08-06T10:59:00.133