Details of VAR-201608-0371

ID

VAR-201608-0371

CVE

CVE-2014-9865

TITLE

Nexus 5 and 7 (2013) Runs on the device Android of Qualcomm Component drivers/misc/qseecom.c Vulnerability gained in

Trust: 0.8

sources: JVNDB: JVNDB-2016-004207

DESCRIPTION

drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly restrict user-space input, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28748271 and Qualcomm internal bug CR550013. Vendors have confirmed this vulnerability Android internal bug 28748271 and Qualcomm internal bug CR550013 It is released as. Supplementary information : CWE Vulnerability type by CWE-284: Improper Access Control ( Inappropriate access control ) Has been identified. http://cwe.mitre.org/data/definitions/284.htmlAn attacker could gain privileges through a crafted application. AndroidonNexus is a high-end mobile phone series powered by Google's original Android system. Google Nexus is prone to multiple privilege escalation vulnerabilities. Attackers can exploit these issues to execute arbitrary code with elevated privileges within the context of the kernel

Trust: 2.52

sources: NVD: CVE-2014-9865 // JVNDB: JVNDB-2016-004207 // CNVD: CNVD-2016-06292 // BID: 92219 // VULMON: CVE-2014-9865

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2016-06292

AFFECTED PRODUCTS

vendor:	google	model:	android	scope:	lte	version:	6.0.1	Trust: 1.0
vendor:	google	model:	android	scope:	eq	version:	2016-08-05	Trust: 0.8
vendor:	google	model:	android	scope:	eq	version:	5<2016-08-05	Trust: 0.6
vendor:	google	model:	android	scope:	eq	version:	7(2013)<2016-08-05	Trust: 0.6
vendor:	google	model:	android	scope:	eq	version:	6.0.1	Trust: 0.6
vendor:	google	model:	nexus	scope:	eq	version:	7	Trust: 0.3
vendor:	google	model:	nexus 6p	scope:	-	version:	-	Trust: 0.3
vendor:	google	model:	nexus	scope:	eq	version:	6	Trust: 0.3
vendor:	google	model:	nexus	scope:	eq	version:	5x	Trust: 0.3
vendor:	google	model:	nexus	scope:	eq	version:	5	Trust: 0.3

sources: CNVD: CNVD-2016-06292 // BID: 92219 // JVNDB: JVNDB-2016-004207 // CNNVD: CNNVD-201608-108 // NVD: CVE-2014-9865

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-9865
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-9865
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2016-06292
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201608-108
value:	CRITICAL
Trust: 0.6
VULMON:	CVE-2014-9865
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-9865
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
NVD:	CVE-2014-9865
severity:	MEDIUM
baseScore:	6.9
vectorString:	AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8
CNVD:	CNVD-2016-06292
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2014-9865
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2016-06292 // VULMON: CVE-2014-9865 // JVNDB: JVNDB-2016-004207 // CNNVD: CNNVD-201608-108 // NVD: CVE-2014-9865

PROBLEMTYPE DATA

problemtype:	CWE-284	Trust: 1.0
problemtype:	CWE-Other	Trust: 0.8

sources: JVNDB: JVNDB-2016-004207 // NVD: CVE-2014-9865

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201608-108

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201608-108

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-004207

PATCH

title:	Android Security Bulletin-August 2016	url:	http://source.android.com/security/bulletin/2016-08-01.html	Trust: 0.8
title:	qseecom: Validate inputs from user space	url:	https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=e65a876a155de945e306f2726f3a557415e6044e	Trust: 0.8
title:	Patch for AndroidonNexusdevices Privilege Escalation Vulnerability (CNVD-2016-06292)	url:	https://www.cnvd.org.cn/patchInfo/show/80378	Trust: 0.6
title:	Android on Nexus Qualcomm Fixes for component security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63501	Trust: 0.6
title:	Android Security Bulletins: Android Security Bulletin—August 2016	url:	https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins&qid=1c52474e34daae48915f8b4129072a86	Trust: 0.1

sources: CNVD: CNVD-2016-06292 // VULMON: CVE-2014-9865 // JVNDB: JVNDB-2016-004207 // CNNVD: CNNVD-201608-108

EXTERNAL IDS

db:	NVD	id:	CVE-2014-9865	Trust: 3.4
db:	BID	id:	92219	Trust: 1.4
db:	JVNDB	id:	JVNDB-2016-004207	Trust: 0.8
db:	CNVD	id:	CNVD-2016-06292	Trust: 0.6
db:	CNNVD	id:	CNNVD-201608-108	Trust: 0.6
db:	VULMON	id:	CVE-2014-9865	Trust: 0.1

sources: CNVD: CNVD-2016-06292 // VULMON: CVE-2014-9865 // BID: 92219 // JVNDB: JVNDB-2016-004207 // CNNVD: CNNVD-201608-108 // NVD: CVE-2014-9865

REFERENCES

url:	http://source.android.com/security/bulletin/2016-08-01.html	Trust: 2.7
url:	https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=e65a876a155de945e306f2726f3a557415e6044e	Trust: 1.7
url:	http://www.securityfocus.com/bid/92219	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9865	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9865	Trust: 0.8
url:	http://code.google.com/android/	Trust: 0.3
url:	https://developers.google.com/android/nexus/images#mantaray	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/284.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2016-06292 // VULMON: CVE-2014-9865 // BID: 92219 // JVNDB: JVNDB-2016-004207 // CNNVD: CNNVD-201608-108 // NVD: CVE-2014-9865

CREDITS

The vendor reported these issues.

Trust: 0.3

sources: BID: 92219

SOURCES

db:	CNVD	id:	CNVD-2016-06292
db:	VULMON	id:	CVE-2014-9865
db:	BID	id:	92219
db:	JVNDB	id:	JVNDB-2016-004207
db:	CNNVD	id:	CNNVD-201608-108
db:	NVD	id:	CVE-2014-9865

LAST UPDATE DATE

2025-04-12T22:57:51.806000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2016-06292	date:	2016-08-15T00:00:00
db:	VULMON	id:	CVE-2014-9865	date:	2016-11-28T00:00:00
db:	BID	id:	92219	date:	2016-08-01T00:00:00
db:	JVNDB	id:	JVNDB-2016-004207	date:	2016-08-10T00:00:00
db:	CNNVD	id:	CNNVD-201608-108	date:	2016-08-09T00:00:00
db:	NVD	id:	CVE-2014-9865	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2016-06292	date:	2016-08-12T00:00:00
db:	VULMON	id:	CVE-2014-9865	date:	2016-08-06T00:00:00
db:	BID	id:	92219	date:	2016-08-01T00:00:00
db:	JVNDB	id:	JVNDB-2016-004207	date:	2016-08-10T00:00:00
db:	CNNVD	id:	CNNVD-201608-108	date:	2016-08-09T00:00:00
db:	NVD	id:	CVE-2014-9865	date:	2016-08-06T10:59:03.773