CVE-2014-9883

Published: Aug 6, 2016Modified: May 6, 2026

7.8

Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Integer overflow in drivers/char/diag/diag_dci.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices allows attackers to gain privileges or obtain sensitive information via a crafted application, aka Android internal bug 28769912 and Qualcomm internal bug CR565160.

Affected (1)

Products: Google: Android

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Google Android	Up to 6.0.1

Related CWEs

Integer Underflow (Wrap or Wraparound)

The product subtracts one value from another, such that the result is less than the minimum allowable integer value, which produces a value that is not equal to the correct result.

References (6)

http://source.android.com/security/bulletin/2016-08-01.html

Source: security@android.com

Vendor Advisory

http://www.securityfocus.com/bid/92219

Source: security@android.com

https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=cbf79a67348e48557c0d0bb9bc58391b3f84bc46

Source: security@android.com

Issue TrackingPatch

http://source.android.com/security/bulletin/2016-08-01.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/92219

Source: af854a3a-2127-422b-91ae-364da2661108

https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=cbf79a67348e48557c0d0bb9bc58391b3f84bc46

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatch

Timeline

No history available yet.