CVE-2014-9792
published 2016-07-11CVE-2014-9792: arch/arm/mach-msm/ipc_router.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices uses an incorrect integer data type, which allows…
PriorityP276high7.8CVSS 3.0
AVLACLPRNUIRSUCHIHAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
0.48%
37.9th percentile
arch/arm/mach-msm/ipc_router.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices uses an incorrect integer data type, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769399 and Qualcomm internal bug CR550606.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| android | <= 6.0.1 | — | |
| android | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerable code is located in arch/arm/mach-msm/ipc_router.c within Qualcomm components on Android (Nexus 5); monitor for privilege escalation attempts targeting this path via crafted applications ↗
- →Track Android internal bug reference A-28769399 and Qualcomm internal bug QC-CR550606 in patch/update management to confirm remediation of CVE-2014-9792 on affected Nexus 5 devices ↗
- ·Vulnerability is specific to Nexus 5 devices running Android before the 2016-07-05 security patch level; exploitation requires a crafted application to be installed on the device ↗
CVSS provenance
nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
osv7.8HIGH
vulncheck7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-q6hp-c53h-wgqg: arch/arm/mach-msm/ipc_router
ghsa_unreviewed·2022-05-17
CVE-2014-9792 [HIGH] GHSA-q6hp-c53h-wgqg: arch/arm/mach-msm/ipc_router
arch/arm/mach-msm/ipc_router.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices uses an incorrect integer data type, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769399 and Qualcomm internal bug CR550606.
OSV
CVE-2014-9792: arch/arm/mach-msm/ipc_router
osv·2016-07-11·CVSS 7.8
CVE-2014-9792 [HIGH] CVE-2014-9792: arch/arm/mach-msm/ipc_router
arch/arm/mach-msm/ipc_router.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices uses an incorrect integer data type, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769399 and Qualcomm internal bug CR550606.
VulnCheck
Android Nexus 5 Qualcomm Components Elevation of Privilege Vulnerability
vulncheck·2014·CVSS 7.8
CVE-2014-9792 [HIGH] Android Nexus 5 Qualcomm Components Elevation of Privilege Vulnerability
Android Nexus 5 Qualcomm Components Elevation of Privilege Vulnerability
arch/arm/mach-msm/ipc_router.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices uses an incorrect integer data type, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769399 and Qualcomm internal bug CR550606.
Affected: Google Android
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://www.f5.com/labs/articles/threat-intelligence/sensor-intel-series-top-cves-august-2024; https://www.f5.com/labs/articles/threat-intelligence/botpoke-scanner-switches-ip; https://www.f5.com/labs/articles/threat-intelligence/conti
Android
CVE-2014-9792: Android Security Bulletin 2016-07-01
CVE: CVE-2014-9792
Severity: HIGH
References: A-28769399
QC-CR550606
vendor_android·2016-07-01·CVSS 7.8
CVE-2014-9792 [HIGH] CVE-2014-9792: Android Security Bulletin 2016-07-01
CVE: CVE-2014-9792
Severity: HIGH
References: A-28769399
QC-CR550606
Android Security Bulletin 2016-07-01
CVE: CVE-2014-9792
Severity: HIGH
References: A-28769399
QC-CR550606
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://source.android.com/security/bulletin/2016-07-01.htmlhttp://www.securityfocus.com/bid/91628https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=a3e3dd9fc0a2699ae053ffd3efb52cdc73ad94cdhttp://source.android.com/security/bulletin/2016-07-01.htmlhttp://www.securityfocus.com/bid/91628https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=a3e3dd9fc0a2699ae053ffd3efb52cdc73ad94cd
2016-07-11
Published
Exploited in the wild