Sign-up

ID

VAR-201608-0378


CVE

CVE-2014-9872


TITLE

Nexus 5 Run on device Android of Qualcomm Component diag Driver vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2016-004216

DESCRIPTION

The diag driver in the Qualcomm components in Android before 2016-08-05 on Nexus 5 devices does not ensure unique identifiers in a DCI client table, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28750155 and Qualcomm internal bug CR590721. AndroidonNexus is a high-end mobile phone series powered by Google's original Android system. Google Nexus is prone to multiple privilege escalation vulnerabilities. Attackers can exploit these issues to execute arbitrary code with elevated privileges within the context of the kernel. These issues are being tracked by Android Bug IDs A-28768146, A-28747998, A-28748271, A-28747684, A-28749629, A-28749721, A-28749728, A-28749743, A-28749803, A-28750155, A-28750726, A-28751152, A-28767589, A-28767796, A-28768281, A-28769208, A-28769221, A-28769352, A-28769368, A-28769546, A-28769912, A-28769920, A-28769959, A-28815575, A-28804057, A-28803642, A-28803645, A-28803962, A-28804030, A-28398884, A-28813987, A-28814502, A-28814652, A-28815158, A-28749283, and A-28770207

Trust: 2.52

sources: NVD: CVE-2014-9872 // JVNDB: JVNDB-2016-004216 // CNVD: CNVD-2016-06285 // BID: 92219 // VULMON: CVE-2014-9872

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-06285

AFFECTED PRODUCTS

vendor:googlemodel:androidscope:lteversion:6.0.1

Trust: 1.0

vendor:googlemodel:androidscope:eqversion:2016-08-05

Trust: 0.8

vendor:googlemodel:androidscope:eqversion:5<2016-08-05

Trust: 0.6

vendor:googlemodel:androidscope:eqversion:6.0.1

Trust: 0.6

vendor:googlemodel:nexusscope:eqversion:7

Trust: 0.3

vendor:googlemodel:nexus 6pscope: - version: -

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:6

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:5x

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:5

Trust: 0.3

sources: CNVD: CNVD-2016-06285 // BID: 92219 // JVNDB: JVNDB-2016-004216 // CNNVD: CNNVD-201608-115 // NVD: CVE-2014-9872

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-9872
value: HIGH

Trust: 1.0

NVD: CVE-2014-9872
value: HIGH

Trust: 0.8

CNVD: CNVD-2016-06285
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201608-115
value: MEDIUM

Trust: 0.6

VULMON: CVE-2014-9872
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-9872
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2016-06285
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2014-9872
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2016-06285 // VULMON: CVE-2014-9872 // JVNDB: JVNDB-2016-004216 // CNNVD: CNNVD-201608-115 // NVD: CVE-2014-9872

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2016-004216 // NVD: CVE-2014-9872

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201608-115

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201608-115

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-004216

PATCH
title:Android Security Bulletin-August 2016url:http://source.android.com/security/bulletin/2016-08-01.html
Trust: 0.8
title:diag: dci: Index DCI client table by client idurl:https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=fc787ebd71fa231cc7dd2a0d5f2208da0527096a
Trust: 0.8
title:Patch for AndroidonNexusdevices Privilege Escalation Vulnerability (CNVD-2016-06285)url:https://www.cnvd.org.cn/patchInfo/show/80385
Trust: 0.6
title:Android on Nexus Qualcomm Fixes for component security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63508
Trust: 0.6
title:Android Security Bulletins: Android Security Bulletin—August 2016url:https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins&qid=1c52474e34daae48915f8b4129072a86
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-06285 // 
            
            
            
            VULMON: CVE-2014-9872 // 
            
            
            
            JVNDB: JVNDB-2016-004216 // 
            
            
            
            CNNVD: CNNVD-201608-115

EXTERNAL IDS
db:NVDid:CVE-2014-9872
Trust: 3.4
db:BIDid:92219
Trust: 1.4
db:JVNDBid:JVNDB-2016-004216
Trust: 0.8
db:CNVDid:CNVD-2016-06285
Trust: 0.6
db:CNNVDid:CNNVD-201608-115
Trust: 0.6
db:VULMONid:CVE-2014-9872
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-06285 // 
            
            
            
            VULMON: CVE-2014-9872 // 
            
            
            
            BID: 92219 // 
            
            
            
            JVNDB: JVNDB-2016-004216 // 
            
            
            
            CNNVD: CNNVD-201608-115 // 
            
            
            
            NVD: CVE-2014-9872

REFERENCES
url:https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=fc787ebd71fa231cc7dd2a0d5f2208da0527096a
Trust: 2.3
url:http://source.android.com/security/bulletin/2016-08-01.html
Trust: 2.1
url:http://www.securityfocus.com/bid/92219
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9872
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9872
Trust: 0.8
url:http://code.google.com/android/
Trust: 0.3
url:https://developers.google.com/android/nexus/images#mantaray
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/20.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-06285 // 
            
            
            
            VULMON: CVE-2014-9872 // 
            
            
            
            BID: 92219 // 
            
            
            
            JVNDB: JVNDB-2016-004216 // 
            
            
            
            CNNVD: CNNVD-201608-115 // 
            
            
            
            NVD: CVE-2014-9872

CREDITS
The vendor reported these issues.
Trust: 0.3
sources:
            
            
            BID: 92219

SOURCES
db:CNVDid:CNVD-2016-06285
db:VULMONid:CVE-2014-9872
db:BIDid:92219
db:JVNDBid:JVNDB-2016-004216
db:CNNVDid:CNNVD-201608-115
db:NVDid:CVE-2014-9872

LAST UPDATE DATE
2025-04-13T23:02:45.218000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-06285date:2016-08-15T00:00:00
db:VULMONid:CVE-2014-9872date:2016-11-28T00:00:00
db:BIDid:92219date:2016-08-01T00:00:00
db:JVNDBid:JVNDB-2016-004216date:2016-08-10T00:00:00
db:CNNVDid:CNNVD-201608-115date:2016-08-09T00:00:00
db:NVDid:CVE-2014-9872date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:CNVDid:CNVD-2016-06285date:2016-08-12T00:00:00
db:VULMONid:CVE-2014-9872date:2016-08-06T00:00:00
db:BIDid:92219date:2016-08-01T00:00:00
db:JVNDBid:JVNDB-2016-004216date:2016-08-10T00:00:00
db:CNNVDid:CNNVD-201608-115date:2016-08-09T00:00:00
db:NVDid:CVE-2014-9872date:2016-08-06T10:59:13.010