Details of VAR-201608-0374

ID

VAR-201608-0374

CVE

CVE-2014-9868

TITLE

Nexus 5 and 7 (2013) Run on device Android of Qualcomm Vulnerability gained privileges in components

Trust: 0.8

sources: JVNDB: JVNDB-2016-004212

DESCRIPTION

drivers/media/platform/msm/camera_v2/sensor/csiphy/msm_csiphy.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges via an application that provides a crafted mask value, aka Android internal bug 28749721 and Qualcomm internal bug CR511976. Nexus 5 and 7 (2013) Run on device Android of Qualcomm Component drivers/media/platform/msm/camera_v2/sensor/csiphy/msm_csiphy.c Contains a privileged vulnerability. AndroidonNexus is a high-end mobile phone series powered by Google's original Android system. Androidbefore2016-08-05onNexus5, 7devices has a privilege escalation vulnerability that allows an attacker to provide a well-defined mask value for access through the application. Google Nexus is prone to multiple privilege escalation vulnerabilities. Attackers can exploit these issues to execute arbitrary code with elevated privileges within the context of the kernel. These issues are being tracked by Android Bug IDs A-28768146, A-28747998, A-28748271, A-28747684, A-28749629, A-28749721, A-28749728, A-28749743, A-28749803, A-28750155, A-28750726, A-28751152, A-28767589, A-28767796, A-28768281, A-28769208, A-28769221, A-28769352, A-28769368, A-28769546, A-28769912, A-28769920, A-28769959, A-28815575, A-28804057, A-28803642, A-28803645, A-28803962, A-28804030, A-28398884, A-28813987, A-28814502, A-28814652, A-28815158, A-28749283, and A-28770207

Trust: 2.52

sources: NVD: CVE-2014-9868 // JVNDB: JVNDB-2016-004212 // CNVD: CNVD-2016-06289 // BID: 92219 // VULMON: CVE-2014-9868

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2016-06289

AFFECTED PRODUCTS

vendor:	google	model:	android	scope:	lte	version:	6.0.1	Trust: 1.0
vendor:	google	model:	android	scope:	eq	version:	2016-08-05	Trust: 0.8
vendor:	google	model:	android	scope:	eq	version:	5<2016-08-05	Trust: 0.6
vendor:	google	model:	android	scope:	eq	version:	7(2013)<2016-08-05	Trust: 0.6
vendor:	google	model:	android	scope:	eq	version:	6.0.1	Trust: 0.6
vendor:	google	model:	nexus	scope:	eq	version:	7	Trust: 0.3
vendor:	google	model:	nexus 6p	scope:	-	version:	-	Trust: 0.3
vendor:	google	model:	nexus	scope:	eq	version:	6	Trust: 0.3
vendor:	google	model:	nexus	scope:	eq	version:	5x	Trust: 0.3
vendor:	google	model:	nexus	scope:	eq	version:	5	Trust: 0.3

sources: CNVD: CNVD-2016-06289 // BID: 92219 // JVNDB: JVNDB-2016-004212 // CNNVD: CNNVD-201608-111 // NVD: CVE-2014-9868

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-9868
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-9868
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2016-06289
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201608-111
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2014-9868
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-9868
severity:	MEDIUM
baseScore:	6.9
vectorString:	AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.4
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2016-06289
severity:	MEDIUM
baseScore:	6.9
vectorString:	AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.4
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2014-9868
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2016-06289 // VULMON: CVE-2014-9868 // JVNDB: JVNDB-2016-004212 // CNNVD: CNNVD-201608-111 // NVD: CVE-2014-9868

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.8

sources: JVNDB: JVNDB-2016-004212 // NVD: CVE-2014-9868

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201608-111

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201608-111

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-004212

PATCH

title:	Android Security Bulletin-August 2016	url:	http://source.android.com/security/bulletin/2016-08-01.html	Trust: 0.8
title:	msm: camera: Fix possible out of bound writes in csi driver	url:	https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=1f274b74c00187ba1c379971503f51944148b22f	Trust: 0.8
title:	Patch for AndroidonNexusdevices Privilege Escalation Vulnerability (CNVD-2016-06289)	url:	https://www.cnvd.org.cn/patchInfo/show/80375	Trust: 0.6
title:	Android on Nexus Qualcomm Fixes for component security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63504	Trust: 0.6
title:	Android Security Bulletins: Android Security Bulletin—August 2016	url:	https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins&qid=1c52474e34daae48915f8b4129072a86	Trust: 0.1

sources: CNVD: CNVD-2016-06289 // VULMON: CVE-2014-9868 // JVNDB: JVNDB-2016-004212 // CNNVD: CNNVD-201608-111

EXTERNAL IDS

db:	NVD	id:	CVE-2014-9868	Trust: 3.4
db:	BID	id:	92219	Trust: 1.4
db:	JVNDB	id:	JVNDB-2016-004212	Trust: 0.8
db:	CNVD	id:	CNVD-2016-06289	Trust: 0.6
db:	CNNVD	id:	CNNVD-201608-111	Trust: 0.6
db:	VULMON	id:	CVE-2014-9868	Trust: 0.1

sources: CNVD: CNVD-2016-06289 // VULMON: CVE-2014-9868 // BID: 92219 // JVNDB: JVNDB-2016-004212 // CNNVD: CNNVD-201608-111 // NVD: CVE-2014-9868

REFERENCES

url:	http://source.android.com/security/bulletin/2016-08-01.html	Trust: 2.7
url:	https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=1f274b74c00187ba1c379971503f51944148b22f	Trust: 1.7
url:	http://www.securityfocus.com/bid/92219	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9868	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9868	Trust: 0.8
url:	http://code.google.com/android/	Trust: 0.3
url:	https://developers.google.com/android/nexus/images#mantaray	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/264.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2016-06289 // VULMON: CVE-2014-9868 // BID: 92219 // JVNDB: JVNDB-2016-004212 // CNNVD: CNNVD-201608-111 // NVD: CVE-2014-9868

CREDITS

The vendor reported these issues.

Trust: 0.3

sources: BID: 92219

SOURCES

db:	CNVD	id:	CNVD-2016-06289
db:	VULMON	id:	CVE-2014-9868
db:	BID	id:	92219
db:	JVNDB	id:	JVNDB-2016-004212
db:	CNNVD	id:	CNNVD-201608-111
db:	NVD	id:	CVE-2014-9868

LAST UPDATE DATE

2025-04-13T23:02:45.650000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2016-06289	date:	2016-08-12T00:00:00
db:	VULMON	id:	CVE-2014-9868	date:	2016-11-28T00:00:00
db:	BID	id:	92219	date:	2016-08-01T00:00:00
db:	JVNDB	id:	JVNDB-2016-004212	date:	2016-08-10T00:00:00
db:	CNNVD	id:	CNNVD-201608-111	date:	2016-08-09T00:00:00
db:	NVD	id:	CVE-2014-9868	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2016-06289	date:	2016-08-12T00:00:00
db:	VULMON	id:	CVE-2014-9868	date:	2016-08-06T00:00:00
db:	BID	id:	92219	date:	2016-08-01T00:00:00
db:	JVNDB	id:	JVNDB-2016-004212	date:	2016-08-10T00:00:00
db:	CNNVD	id:	CNNVD-201608-111	date:	2016-08-09T00:00:00
db:	NVD	id:	CVE-2014-9868	date:	2016-08-06T10:59:07.680