Main Vulnerability Database Vulnerabilities #VU38914

Information disclosure in Google Android - CVE-2014-9951

Published: June 6, 2017 / Updated: August 8, 2020

Vulnerability identifier: #VU38914

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2014-9951

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

In TrustZone in all Android releases from CAF using the Linux kernel, an Information Exposure Through Timing Discrepancy vulnerability could potentially exist.

How to mitigate CVE-2014-9951

Install update from vendor's website.

Sources

http://www.securityfocus.com/bid/98252
https://source.android.com/security/bulletin/2017-05-01

Information disclosure in Google Android - CVE-2014-9951

Detailed vulnerability description

How to mitigate CVE-2014-9951

Sources

Please verify you're human