CVE-2014-9902

moderate-risk
Published 2016-08-05

Buffer overflow in CORE/SYS/legacy/src/utils/src/dot11f.c in the Qualcomm Wi-Fi driver in Android before 2016-08-05 on Nexus 7 (2013) devices allows remote attackers to execute arbitrary code via a crafted Information Element (IE) in an 802.11 management frame, aka Android internal bug 28668638 and Qualcomm internal bugs CR553937 and CR553941.

Do I need to act?

~
3.9% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
9
CVSS 9.8/10 Critical
NETWORK / LOW complexity

Affected Products (1)

Affected Vendors

Google

References (6)

Vendor Advisory http://source.android.com/security/bulletin/2016-08-01.html
http://www.securityfocus.com/bid/92223
Issue Tracking https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima...
Vendor Advisory http://source.android.com/security/bulletin/2016-08-01.html
http://www.securityfocus.com/bid/92223
Issue Tracking https://source.codeaurora.org/quic/la/platform/vendor/qcom-opensource/wlan/prima...
44
/ 100
moderate-risk
Severity 32/34 · Critical
Exploitability 7/34 · Low
Exposure 5/34 · Minimal