Vulnerability Description
Buffer overflow in CORE/SYS/legacy/src/utils/src/dot11f.c in the Qualcomm Wi-Fi driver in Android before 2016-08-05 on Nexus 7 (2013) devices allows remote attackers to execute arbitrary code via a crafted Information Element (IE) in an 802.11 management frame, aka Android internal bug 28668638 and Qualcomm internal bugs CR553937 and CR553941.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Android | <= 6.0.1 |
Related Weaknesses (CWE)
References
- http://source.android.com/security/bulletin/2016-08-01.htmlVendor Advisory
- http://www.securityfocus.com/bid/92223
- https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/primaIssue TrackingPatch
- http://source.android.com/security/bulletin/2016-08-01.htmlVendor Advisory
- http://www.securityfocus.com/bid/92223
- https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/primaIssue TrackingPatch
FAQ
What is CVE-2014-9902?
CVE-2014-9902 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Buffer overflow in CORE/SYS/legacy/src/utils/src/dot11f.c in the Qualcomm Wi-Fi driver in Android before 2016-08-05 on Nexus 7 (2013) devices allows remote attackers to execute arbitrary code via a cr...
How severe is CVE-2014-9902?
CVE-2014-9902 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2014-9902?
Check the references section above for vendor advisories and patch information. Affected products include: Google Android.