Input validation error in Google Android - CVE-2014-9933
Published: May 16, 2017 / Updated: August 8, 2020
Vulnerability identifier: #VU38988
CSH Severity: High
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber
CVE-ID: CVE-2014-9933
CWE-ID: CWE-20
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: Google
Affected software:
Google Android
Google Android
Detailed vulnerability description
The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.
Due to missing input validation in all Android releases from CAF using the Linux kernel, HLOS can write to fuses for which it should not have access.
How to mitigate CVE-2014-9933
Install update from vendor's website.