Local Privilege Escalation Vulnerability in Android on ARM Devices by Qualcomm
CVE-2014-9870

7.8HIGH

Key Information:

Vendor

Linux
Status
Linux Kernel
Android
Vendor
CVE Published:
6 August 2016

What is CVE-2014-9870?

The vulnerability in the Linux kernel prior to version 3.11 on ARM platforms, utilized by Android devices such as Nexus 5 and 7 (2013), allows local users to gain elevated privileges through a specially crafted application. This occurs due to improper handling of user-space access to the TPIDRURW register. The flaw opens the door for potential exploitation, leading to unauthorized access and control over the affected device, thereby posing security risks to the user's data and device integrity.

References

http://source.android.com/security/bulletin/2016-08-01.html
x_refsource_CONFIRM
https://source.codeaurora.org/quic/la/kernel/msm/commit/?...
x_refsource_CONFIRM
http://www.securityfocus.com/bid/92219
vdb-entryx_refsource_BID

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.