CVE-2014-9896

MEDIUM

Google Android < 6.0.1 - Information Disclosure

Title source: rule

Description

drivers/char/adsprpc.c in the Qualcomm components in Android before 2016-08-05 on Nexus 5 and 7 (2013) devices does not properly validate parameters and return values, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28767593 and Qualcomm internal bug CR551795.

References (3)

Scores

CVSS v3 5.5
EPSS 0.0009
EPSS Percentile 25.4%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Classification

CWE
CWE-200
Status draft

Affected Products (1)

google/android < 6.0.1

Timeline

Published Aug 06, 2016
Tracked Since Feb 18, 2026