CVE-2014-9948 : In TrustZone in all Android releases from CAF using the Linux kernel, an Improper Validation of Array Index vulnerabilit

In TrustZone in all Android releases from CAF using the Linux kernel, an Improper Validation of Array Index vulnerability could potentially exist.

Published 2017-06-06 14:29:01

Updated 2017-06-08 17:47:58

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2014-9948

Probability of exploitation activity in the next 30 days: 0.06%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 25 % EPSS Score History EPSS FAQ

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C	8.6	10.0	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete
7.8	HIGH	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	1.8	5.9	NIST
Attack Vector: Local Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE-129 Improper Validation of Array Index

The product uses untrusted input when calculating or using an array index, but the product does not validate or incorrectly validates the index to ensure the index references a valid position within the array.

Assigned by: nvd@nist.gov (Primary)

http://www.securityfocus.com/bid/98249

Google Android Qualcomm Components CVE-2014-9948 Unspecified Security Vulnerability
Third Party Advisory;VDB Entry
https://source.android.com/security/bulletin/2017-05-01

Android Security Bulletin—May 2017 | Android Open Source Project
Patch;Vendor Advisory

CVEs referencing this url

Google » Android » Version: N/A
cpe:2.3:o:google:android:-:*:*:*:*:*:*:*
Matching versions