Details of VAR-201608-0379

ID

VAR-201608-0379

CVE

CVE-2014-9873

TITLE

Nexus 5 and 7 (2013) Run on device Android of Qualcomm Component integer overflow vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2016-004217

DESCRIPTION

Integer underflow in drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application, aka Android internal bug 28750726 and Qualcomm internal bug CR556860. Nexus 5 and 7 (2013) Run on device Android of Qualcomm Component drivers/char/diag/diag_dci.c Contains an integer overflow vulnerability. AndroidonNexus is a high-end mobile phone series powered by Google's original Android system. Google Nexus is prone to multiple privilege escalation vulnerabilities. Attackers can exploit these issues to execute arbitrary code with elevated privileges within the context of the kernel. These issues are being tracked by Android Bug IDs A-28768146, A-28747998, A-28748271, A-28747684, A-28749629, A-28749721, A-28749728, A-28749743, A-28749803, A-28750155, A-28750726, A-28751152, A-28767589, A-28767796, A-28768281, A-28769208, A-28769221, A-28769352, A-28769368, A-28769546, A-28769912, A-28769920, A-28769959, A-28815575, A-28804057, A-28803642, A-28803645, A-28803962, A-28804030, A-28398884, A-28813987, A-28814502, A-28814652, A-28815158, A-28749283, and A-28770207

Trust: 2.52

sources: NVD: CVE-2014-9873 // JVNDB: JVNDB-2016-004217 // CNVD: CNVD-2016-06284 // BID: 92219 // VULMON: CVE-2014-9873

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2016-06284

AFFECTED PRODUCTS

vendor:	google	model:	android	scope:	lte	version:	6.0.1	Trust: 1.0
vendor:	google	model:	android	scope:	eq	version:	2016-08-05	Trust: 0.8
vendor:	google	model:	android	scope:	eq	version:	5<2016-08-05	Trust: 0.6
vendor:	google	model:	android	scope:	eq	version:	7(2013)<2016-08-05	Trust: 0.6
vendor:	google	model:	android	scope:	eq	version:	6.0.1	Trust: 0.6
vendor:	google	model:	nexus	scope:	eq	version:	7	Trust: 0.3
vendor:	google	model:	nexus 6p	scope:	-	version:	-	Trust: 0.3
vendor:	google	model:	nexus	scope:	eq	version:	6	Trust: 0.3
vendor:	google	model:	nexus	scope:	eq	version:	5x	Trust: 0.3
vendor:	google	model:	nexus	scope:	eq	version:	5	Trust: 0.3

sources: CNVD: CNVD-2016-06284 // BID: 92219 // JVNDB: JVNDB-2016-004217 // CNNVD: CNNVD-201608-116 // NVD: CVE-2014-9873

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-9873
value:	HIGH
Trust: 1.0
NVD:	CVE-2014-9873
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2016-06284
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201608-116
value:	MEDIUM
Trust: 0.6
VULMON:	CVE-2014-9873
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2014-9873
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2016-06284
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2014-9873
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2016-06284 // VULMON: CVE-2014-9873 // JVNDB: JVNDB-2016-004217 // CNNVD: CNNVD-201608-116 // NVD: CVE-2014-9873

PROBLEMTYPE DATA

problemtype:

CWE-264

Trust: 1.8

sources: JVNDB: JVNDB-2016-004217 // NVD: CVE-2014-9873

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201608-116

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201608-116

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-004217

PATCH

title:	Android Security Bulletin-August 2016	url:	http://source.android.com/security/bulletin/2016-08-01.html	Trust: 0.8
title:	diag: dci: Safeguard to prevent Integer Underflow and Memory Leak	url:	https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=ef29ae1d40536fef7fb95e4d5bb5b6b57bdf9420	Trust: 0.8
title:	Patch for AndroidonNexusdevices Information Disclosure Vulnerability (CNVD-2016-06284)	url:	https://www.cnvd.org.cn/patchInfo/show/80384	Trust: 0.6
title:	Android on Nexus Qualcomm Fixes for component integer overflow vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63509	Trust: 0.6
title:	Android Security Bulletins: Android Security Bulletin—August 2016	url:	https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins&qid=1c52474e34daae48915f8b4129072a86	Trust: 0.1

sources: CNVD: CNVD-2016-06284 // VULMON: CVE-2014-9873 // JVNDB: JVNDB-2016-004217 // CNNVD: CNNVD-201608-116

EXTERNAL IDS

db:	NVD	id:	CVE-2014-9873	Trust: 3.4
db:	BID	id:	92219	Trust: 1.4
db:	JVNDB	id:	JVNDB-2016-004217	Trust: 0.8
db:	CNVD	id:	CNVD-2016-06284	Trust: 0.6
db:	CNNVD	id:	CNNVD-201608-116	Trust: 0.6
db:	VULMON	id:	CVE-2014-9873	Trust: 0.1

sources: CNVD: CNVD-2016-06284 // VULMON: CVE-2014-9873 // BID: 92219 // JVNDB: JVNDB-2016-004217 // CNNVD: CNNVD-201608-116 // NVD: CVE-2014-9873

REFERENCES

url:	https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=ef29ae1d40536fef7fb95e4d5bb5b6b57bdf9420	Trust: 2.3
url:	http://source.android.com/security/bulletin/2016-08-01.html	Trust: 2.1
url:	http://www.securityfocus.com/bid/92219	Trust: 1.2
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9873	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9873	Trust: 0.8
url:	http://code.google.com/android/	Trust: 0.3
url:	https://developers.google.com/android/nexus/images#mantaray	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/264.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: CNVD: CNVD-2016-06284 // VULMON: CVE-2014-9873 // BID: 92219 // JVNDB: JVNDB-2016-004217 // CNNVD: CNNVD-201608-116 // NVD: CVE-2014-9873

CREDITS

The vendor reported these issues.

Trust: 0.3

sources: BID: 92219

SOURCES

db:	CNVD	id:	CNVD-2016-06284
db:	VULMON	id:	CVE-2014-9873
db:	BID	id:	92219
db:	JVNDB	id:	JVNDB-2016-004217
db:	CNNVD	id:	CNNVD-201608-116
db:	NVD	id:	CVE-2014-9873

LAST UPDATE DATE

2025-04-13T23:02:45.319000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2016-06284	date:	2016-08-12T00:00:00
db:	VULMON	id:	CVE-2014-9873	date:	2016-11-28T00:00:00
db:	BID	id:	92219	date:	2016-08-01T00:00:00
db:	JVNDB	id:	JVNDB-2016-004217	date:	2016-08-10T00:00:00
db:	CNNVD	id:	CNNVD-201608-116	date:	2016-08-09T00:00:00
db:	NVD	id:	CVE-2014-9873	date:	2025-04-12T10:46:40.837

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2016-06284	date:	2016-08-12T00:00:00
db:	VULMON	id:	CVE-2014-9873	date:	2016-08-06T00:00:00
db:	BID	id:	92219	date:	2016-08-01T00:00:00
db:	JVNDB	id:	JVNDB-2016-004217	date:	2016-08-10T00:00:00
db:	CNNVD	id:	CNNVD-201608-116	date:	2016-08-09T00:00:00
db:	NVD	id:	CVE-2014-9873	date:	2016-08-06T10:59:14.323