Sign-up

ID

VAR-201608-0381


CVE

CVE-2014-9875


TITLE

Nexus 7 (2013) Run on device Android of Qualcomm Component drivers/char/diag/diag_dci.c Vulnerability gained in

Trust: 0.8

sources: JVNDB: JVNDB-2016-004219

DESCRIPTION

drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 7 (2013) devices allows attackers to gain privileges via a crafted application that sends short DCI request packets, aka Android internal bug 28767589 and Qualcomm internal bug CR483310. Nexus 7 (2013) Run on device Android of Qualcomm Component drivers/char/diag/diag_dci.c Contains a privileged vulnerability. AndroidonNexus is a high-end mobile phone series powered by Google's original Android system. Google Nexus is prone to multiple privilege escalation vulnerabilities. Attackers can exploit these issues to execute arbitrary code with elevated privileges within the context of the kernel. These issues are being tracked by Android Bug IDs A-28768146, A-28747998, A-28748271, A-28747684, A-28749629, A-28749721, A-28749728, A-28749743, A-28749803, A-28750155, A-28750726, A-28751152, A-28767589, A-28767796, A-28768281, A-28769208, A-28769221, A-28769352, A-28769368, A-28769546, A-28769912, A-28769920, A-28769959, A-28815575, A-28804057, A-28803642, A-28803645, A-28803962, A-28804030, A-28398884, A-28813987, A-28814502, A-28814652, A-28815158, A-28749283, and A-28770207

Trust: 2.52

sources: NVD: CVE-2014-9875 // JVNDB: JVNDB-2016-004219 // CNVD: CNVD-2016-06282 // BID: 92219 // VULMON: CVE-2014-9875

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2016-06282

AFFECTED PRODUCTS

vendor:googlemodel:androidscope:lteversion:6.0.1

Trust: 1.0

vendor:googlemodel:androidscope:eqversion:2016-08-05

Trust: 0.8

vendor:googlemodel:androidscope:eqversion:7(2013)<2016-08-05

Trust: 0.6

vendor:googlemodel:androidscope:eqversion:6.0.1

Trust: 0.6

vendor:googlemodel:nexusscope:eqversion:7

Trust: 0.3

vendor:googlemodel:nexus 6pscope: - version: -

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:6

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:5x

Trust: 0.3

vendor:googlemodel:nexusscope:eqversion:5

Trust: 0.3

sources: CNVD: CNVD-2016-06282 // BID: 92219 // JVNDB: JVNDB-2016-004219 // CNNVD: CNNVD-201608-118 // NVD: CVE-2014-9875

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2014-9875
value: HIGH

Trust: 1.0

NVD: CVE-2014-9875
value: HIGH

Trust: 0.8

CNVD: CNVD-2016-06282
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-201608-118
value: MEDIUM

Trust: 0.6

VULMON: CVE-2014-9875
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2014-9875
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2016-06282
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

nvd@nist.gov: CVE-2014-9875
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.8

sources: CNVD: CNVD-2016-06282 // VULMON: CVE-2014-9875 // JVNDB: JVNDB-2016-004219 // CNNVD: CNNVD-201608-118 // NVD: CVE-2014-9875

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.8

sources: JVNDB: JVNDB-2016-004219 // NVD: CVE-2014-9875

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201608-118

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201608-118

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2016-004219

PATCH
title:Android Security Bulletin-August 2016url:http://source.android.com/security/bulletin/2016-08-01.html
Trust: 0.8
title:diag: dci: Check for request pkt length being lesser than minimum lengthurl:https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=b77c694b88a994d077316c157168c710696f8805
Trust: 0.8
title:Patch for AndroidonNexusdevices Privilege Escalation Vulnerability (CNVD-2016-06282)url:https://www.cnvd.org.cn/patchInfo/show/80382
Trust: 0.6
title:Android on Nexus Qualcomm Fixes for component security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=63511
Trust: 0.6
title:Android Security Bulletins: Android Security Bulletin—August 2016url:https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins&qid=1c52474e34daae48915f8b4129072a86
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-06282 // 
            
            
            
            VULMON: CVE-2014-9875 // 
            
            
            
            JVNDB: JVNDB-2016-004219 // 
            
            
            
            CNNVD: CNNVD-201608-118

EXTERNAL IDS
db:NVDid:CVE-2014-9875
Trust: 3.4
db:BIDid:92219
Trust: 1.4
db:JVNDBid:JVNDB-2016-004219
Trust: 0.8
db:CNVDid:CNVD-2016-06282
Trust: 0.6
db:CNNVDid:CNNVD-201608-118
Trust: 0.6
db:VULMONid:CVE-2014-9875
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-06282 // 
            
            
            
            VULMON: CVE-2014-9875 // 
            
            
            
            BID: 92219 // 
            
            
            
            JVNDB: JVNDB-2016-004219 // 
            
            
            
            CNNVD: CNNVD-201608-118 // 
            
            
            
            NVD: CVE-2014-9875

REFERENCES
url:http://source.android.com/security/bulletin/2016-08-01.html
Trust: 2.7
url:https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=b77c694b88a994d077316c157168c710696f8805
Trust: 1.7
url:http://www.securityfocus.com/bid/92219
Trust: 1.2
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9875
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-9875
Trust: 0.8
url:http://code.google.com/android/
Trust: 0.3
url:https://developers.google.com/android/nexus/images#mantaray
Trust: 0.3
url:https://cwe.mitre.org/data/definitions/264.html
Trust: 0.1
url:https://nvd.nist.gov
Trust: 0.1
sources:
            
            
            CNVD: CNVD-2016-06282 // 
            
            
            
            VULMON: CVE-2014-9875 // 
            
            
            
            BID: 92219 // 
            
            
            
            JVNDB: JVNDB-2016-004219 // 
            
            
            
            CNNVD: CNNVD-201608-118 // 
            
            
            
            NVD: CVE-2014-9875

CREDITS
The vendor reported these issues.
Trust: 0.3
sources:
            
            
            BID: 92219

SOURCES
db:CNVDid:CNVD-2016-06282
db:VULMONid:CVE-2014-9875
db:BIDid:92219
db:JVNDBid:JVNDB-2016-004219
db:CNNVDid:CNNVD-201608-118
db:NVDid:CVE-2014-9875

LAST UPDATE DATE
2025-04-12T22:57:52.229000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2016-06282date:2016-08-12T00:00:00
db:VULMONid:CVE-2014-9875date:2016-11-28T00:00:00
db:BIDid:92219date:2016-08-01T00:00:00
db:JVNDBid:JVNDB-2016-004219date:2016-08-10T00:00:00
db:CNNVDid:CNNVD-201608-118date:2016-08-09T00:00:00
db:NVDid:CVE-2014-9875date:2025-04-12T10:46:40.837

SOURCES RELEASE DATE
db:CNVDid:CNVD-2016-06282date:2016-08-12T00:00:00
db:VULMONid:CVE-2014-9875date:2016-08-06T00:00:00
db:BIDid:92219date:2016-08-01T00:00:00
db:JVNDBid:JVNDB-2016-004219date:2016-08-10T00:00:00
db:CNNVDid:CNNVD-201608-118date:2016-08-09T00:00:00
db:NVDid:CVE-2014-9875date:2016-08-06T10:59:16.887