Lucene search

Ubuntu.comUB:CVE-2014-9800

HistoryJul 11, 2016 - 12:00 a.m.

CVE-2014-9800

2016-07-1100:00:00

ubuntu.com

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

39.8%

JSON

Integer overflow in lib/heap/heap.c in the Qualcomm components in Android
before 2016-07-05 on Nexus 5 and 7 (2013) devices allows attackers to gain
privileges via a crafted application, aka Android internal bug 28822150 and
Qualcomm internal bug CR692478.

Notes

Author	Note
jdstrand	android kernels (flo, goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 14.10 and earlier preview kernels linux-lts-saucy no longer receives official support linux-lts-quantal no longer receives official support

References

source.android.com/security/bulletin/2016-07-01.html

launchpad.net/bugs/cve/CVE-2014-9800

nvd.nist.gov/vuln/detail/CVE-2014-9800

security-tracker.debian.org/tracker/CVE-2014-9800

source.codeaurora.org/quic/la/kernel/lk/commit/?id=6390f200d966dc13cf61bb5abbe3110447ca82b5

www.cve.org/CVERecord?id=CVE-2014-9800

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

39.8%

JSON

Related for UB:CVE-2014-9800