Main Vulnerability Database Vulnerabilities #VU38987

Integer overflow in Google Android - CVE-2014-9932

Published: May 16, 2017 / Updated: August 8, 2020

Vulnerability identifier: #VU38987

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2014-9932

CWE-ID: CWE-190

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Google

Affected software:
Google Android

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

In TrustZone, an integer overflow vulnerability can potentially occur in all Android releases from CAF using the Linux kernel due to an improper address range computation.

How to mitigate CVE-2014-9932

Install update from vendor's website.

Sources

http://www.securityfocus.com/bid/97329
http://www.securitytracker.com/id/1038201
https://source.android.com/security/bulletin/2017-04-01

Integer overflow in Google Android - CVE-2014-9932

Detailed vulnerability description

How to mitigate CVE-2014-9932

Sources

Please verify you're human