Fix possible underflow/overflow issues in kernel-drivers-diag CVE-2014-9876 remote
Tracked by Jolla
(Rejected)
asked 2017-08-10 12:33:43 +0300
This post is a wiki. Anyone with karma >75 is welcome to improve it.
drivers/char/diag/diagfwd.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5, 5X, 6, 6P, and 7 (2013) devices mishandles certain integer values, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28767796 and Qualcomm internal bug CR483408. CVSS v3 Base Score: 7.8 High (attack range: remote)
File affected: kernel-adaptation-sbj-3.4.108.20161101.1/drivers/char/diag/diagfwd.c lines 100-106; 1630-1632