CVE-2014-9902
critical
CVSS v3
9.8
CVSS v2
10.0
VIR risk
9.8
Description
Buffer overflow in CORE/SYS/legacy/src/utils/src/dot11f.c in the Qualcomm Wi-Fi driver in Android before 2016-08-05 on Nexus 7 (2013) devices allows remote attackers to execute arbitrary code via a crafted Information Element (IE) in an 802.11 management frame, aka Android internal bug 28668638 and Qualcomm internal bugs CR553937 and CR553941.
Predictions
Exploit likelihood
97%
Patch ETA
—
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: security@android.com — https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=3b1c44a3a7129dc25abe2c23543f6f66c59e8f50
Vendor advisory: security@android.com — http://source.android.com/security/bulletin/2016-08-01.html
References
- http://source.android.com/security/bulletin/2016-08-01.html
- http://www.securityfocus.com/bid/92223
- https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=3b1c44a3a7129dc25abe2c23543f6f66c59e8f50
- http://source.android.com/security/bulletin/2016-08-01.html
- http://www.securityfocus.com/bid/92223
- https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima/commit/?id=3b1c44a3a7129dc25abe2c23543f6f66c59e8f50
CWEs
CWE-119
Verify integrity in audit chain (admin only). AS-IS.