Fix possible underflow/overflow issues in kernel-drivers-diag CVE-2014-9876 remote

Tracked by Jolla

asked 2017-08-10 12:33:43 +0300

this post is marked as community wiki

This post is a wiki. Anyone with karma >75 is welcome to improve it.

updated 2017-08-10 12:33:43 +0300

lpr gravatar image

drivers/char/diag/diagfwd.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 5X, 6, 6P, and 7 (2013) devices mishandles certain integer values, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28767796 and Qualcomm internal bug CR483408. CVSS v3 Base Score: 7.8 High (attack range: remote)

Patch available.

File affected: kernel-adaptation-sbj-3.4.108.20161101.1/drivers/char/diag/diagfwd.c lines 100-106; 1630-1632

edit retag flag offensive close delete