CVE-2014-9900

Published: Aug 6, 2016Modified: May 6, 2026

5.5

Vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

The ethtool_get_wol function in net/core/ethtool.c in the Linux kernel through 4.7, as used in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices, does not initialize a certain data structure, which allows local users to obtain sensitive information via a crafted application, aka Android internal bug 28803952 and Qualcomm internal bug CR570754.

Affected (2)

Products: Google: Android · Linux: Linux Kernel

1 product

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Google Android	Up to 6.0.1
Linux Linux Kernel	Up to 4.7

Related CWEs

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (6)

http://source.android.com/security/bulletin/2016-08-01.html

Source: security@android.com

Vendor Advisory

http://www.securityfocus.com/bid/92222

Source: security@android.com

https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=63c317dbee97983004dffdd9f742a20d17150071

Source: security@android.com

Issue TrackingPatch

http://source.android.com/security/bulletin/2016-08-01.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

http://www.securityfocus.com/bid/92222

Source: af854a3a-2127-422b-91ae-364da2661108

https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=63c317dbee97983004dffdd9f742a20d17150071

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatch

Timeline

No history available yet.