cbcvebase.
CVE-2014-9792
published 2016-07-11

CVE-2014-9792: arch/arm/mach-msm/ipc_router.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices uses an incorrect integer data type, which allows…

PriorityP276high7.8CVSS 3.0
AVLACLPRNUIRSUCHIHAH
ITWVulnCheck KEV
Exploited in the wild
EPSS
0.48%
37.9th percentile
arch/arm/mach-msm/ipc_router.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices uses an incorrect integer data type, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769399 and Qualcomm internal bug CR550606.

Affected

2 ranges
VendorProductVersion rangeFixed in
googleandroid<= 6.0.1
googleandroid

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerable code is located in arch/arm/mach-msm/ipc_router.c within Qualcomm components on Android (Nexus 5); monitor for privilege escalation attempts targeting this path via crafted applications
  • Track Android internal bug reference A-28769399 and Qualcomm internal bug QC-CR550606 in patch/update management to confirm remediation of CVE-2014-9792 on affected Nexus 5 devices
  • ·Vulnerability is specific to Nexus 5 devices running Android before the 2016-07-05 security patch level; exploitation requires a crafted application to be installed on the device

CVSS provenance

nvdv3.07.8HIGHCVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
osv7.8HIGH
vulncheck7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.