Details of VAR-201804-0310

ID

VAR-201804-0310

CVE

CVE-2014-9998

TITLE

plural Qualcomm Run on product Android Buffer error vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2018-003809

DESCRIPTION

In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear IPQ4019, IPQ8064, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, QCA4531, QCA6174A, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, QCA9558, QCA9880, QCA9886, QCA9980, SD 210/SD 212/SD 205, SD 425, SD 625, SD 808, SD 810, SD 820, and SDX20, while processing firmware image signature, the internal buffer may overflow if the firmware signature size is large. plural Qualcomm Run on product Android Contains a buffer error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. Google Android is prone to multiple unspecified security vulnerabilities. Little is known about these issues or its effects at this time. We will update this BID as more information emerges. Android is a Linux-based open source operating system jointly developed by Google and the Open Handheld Alliance (OHA). Qualcomm IPQ4019 and so on are the central processing unit (CPU) products of Qualcomm (Qualcomm) applied to different platforms. A buffer overflow vulnerability exists in Qualcomm closed-source components in Android versions prior to 2018-04-05. A remote attacker could exploit this vulnerability to execute arbitrary code on the system by sending a specially crafted request. The following products (used in automobiles, mobile devices, and watches) are affected: Qualcomm IPQ4019; IPQ8064; MDM9206; MDM9607; MDM9635M; MDM9640; MDM9650; QCA9886; QCA9980; SD 210; SD 212; SD 205; SD 425; SD 625; SD 808; SD 810; SD 820; SDX20

Trust: 2.07

sources: NVD: CVE-2014-9998 // JVNDB: JVNDB-2018-003809 // BID: 103671 // VULHUB: VHN-77943 // VULMON: CVE-2014-9998

AFFECTED PRODUCTS

vendor:	qualcomm	model:	qca9880	scope:	eq	version:	-	Trust: 1.6
vendor:	qualcomm	model:	sd 625	scope:	eq	version:	-	Trust: 1.6
vendor:	qualcomm	model:	sd 810	scope:	eq	version:	-	Trust: 1.6
vendor:	qualcomm	model:	sd 820	scope:	eq	version:	-	Trust: 1.6
vendor:	qualcomm	model:	qca9558	scope:	eq	version:	-	Trust: 1.6
vendor:	qualcomm	model:	qca9980	scope:	eq	version:	-	Trust: 1.6
vendor:	qualcomm	model:	qca9886	scope:	eq	version:	-	Trust: 1.6
vendor:	qualcomm	model:	qca9379	scope:	eq	version:	-	Trust: 1.6
vendor:	qualcomm	model:	sd 808	scope:	eq	version:	-	Trust: 1.6
vendor:	qualcomm	model:	sdx20	scope:	eq	version:	-	Trust: 1.6
vendor:	qualcomm	model:	qca6584au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 205	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 212	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 425	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9607	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	ipq8064	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca9377	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca4531	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9650	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	ipq4019	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9206	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9645	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6574au	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6174a	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9640	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	mdm9635m	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca6584	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	sd 210	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	qca9378	scope:	eq	version:	-	Trust: 1.0
vendor:	qualcomm	model:	ipq4019	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	ipq8064	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	mdm9206	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	mdm9607	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	mdm9635m	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	mdm9640	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	mdm9645	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	mdm9650	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	qca4531	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	qca6174a	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	qca6574au	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	qca6584	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	qca6584au	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	qca9377	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	qca9378	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	qca9379	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	qca9558	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	qca9880	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	qca9886	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	qca9980	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 205	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 210	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 212	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 425	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 625	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 808	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 810	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sd 820	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	sdx20	scope:	-	version:	-	Trust: 0.8
vendor:	google	model:	pixel xl	scope:	eq	version:	0	Trust: 0.3
vendor:	google	model:	pixel c	scope:	eq	version:	0	Trust: 0.3
vendor:	google	model:	pixel xl	scope:	eq	version:	20	Trust: 0.3
vendor:	google	model:	pixel	scope:	eq	version:	20	Trust: 0.3
vendor:	google	model:	pixel	scope:	eq	version:	0	Trust: 0.3
vendor:	google	model:	nexus	scope:	eq	version:	9	Trust: 0.3
vendor:	google	model:	nexus	scope:	eq	version:	7	Trust: 0.3
vendor:	google	model:	nexus 6p	scope:	-	version:	-	Trust: 0.3
vendor:	google	model:	nexus	scope:	eq	version:	6	Trust: 0.3
vendor:	google	model:	nexus	scope:	eq	version:	5x	Trust: 0.3
vendor:	google	model:	nexus	scope:	eq	version:	5	Trust: 0.3
vendor:	google	model:	nexus	scope:	eq	version:	4	Trust: 0.3
vendor:	google	model:	nexus	scope:	eq	version:	10	Trust: 0.3
vendor:	google	model:	android	scope:	eq	version:	0	Trust: 0.3

sources: BID: 103671 // JVNDB: JVNDB-2018-003809 // CNNVD: CNNVD-201804-1040 // NVD: CVE-2014-9998

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-9998
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2014-9998
value:	CRITICAL
Trust: 0.8
CNNVD:	CNNVD-201804-1040
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-77943
value:	HIGH
Trust: 0.1
VULMON:	CVE-2014-9998
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2014-9998
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
VULHUB:	VHN-77943
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2014-9998
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: VULHUB: VHN-77943 // VULMON: CVE-2014-9998 // JVNDB: JVNDB-2018-003809 // CNNVD: CNNVD-201804-1040 // NVD: CVE-2014-9998

PROBLEMTYPE DATA

problemtype:

CWE-119

Trust: 1.9

sources: VULHUB: VHN-77943 // JVNDB: JVNDB-2018-003809 // NVD: CVE-2014-9998

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201804-1040

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-201804-1040

CONFIGURATIONS

sources: JVNDB: JVNDB-2018-003809

PATCH

title:	Android のセキュリティに関する公開情報 - 2018 年 4 月	url:	https://source.android.com/security/bulletin/2018-04-01	Trust: 0.8
title:	Android Qualcomm Fixes for closed source component buffer error vulnerability	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=80388	Trust: 0.6
title:	Android Security Bulletins: Android Security Bulletin—April 2018	url:	https://vulmon.com/vendoradvisory?qidtp=android_security_bulletins&qid=068d787c35ce8cea494780f9a47b5827	Trust: 0.1

sources: VULMON: CVE-2014-9998 // JVNDB: JVNDB-2018-003809 // CNNVD: CNNVD-201804-1040

EXTERNAL IDS

db:	NVD	id:	CVE-2014-9998	Trust: 2.9
db:	BID	id:	103671	Trust: 1.5
db:	JVNDB	id:	JVNDB-2018-003809	Trust: 0.8
db:	CNNVD	id:	CNNVD-201804-1040	Trust: 0.7
db:	VULHUB	id:	VHN-77943	Trust: 0.1
db:	VULMON	id:	CVE-2014-9998	Trust: 0.1

sources: VULHUB: VHN-77943 // VULMON: CVE-2014-9998 // BID: 103671 // JVNDB: JVNDB-2018-003809 // CNNVD: CNNVD-201804-1040 // NVD: CVE-2014-9998

REFERENCES

url:	https://source.android.com/security/bulletin/2018-04-01	Trust: 2.1
url:	http://www.securityfocus.com/bid/103671	Trust: 1.3
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-9998	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2014-9998	Trust: 0.8
url:	http://code.google.com/android/	Trust: 0.3
url:	https://cwe.mitre.org/data/definitions/119.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://source.android.com/security/bulletin/2018-04-01.html	Trust: 0.1

sources: VULHUB: VHN-77943 // VULMON: CVE-2014-9998 // BID: 103671 // JVNDB: JVNDB-2018-003809 // CNNVD: CNNVD-201804-1040 // NVD: CVE-2014-9998

CREDITS

The vendor reported these issues.

Trust: 0.3

sources: BID: 103671

SOURCES

db:	VULHUB	id:	VHN-77943
db:	VULMON	id:	CVE-2014-9998
db:	BID	id:	103671
db:	JVNDB	id:	JVNDB-2018-003809
db:	CNNVD	id:	CNNVD-201804-1040
db:	NVD	id:	CVE-2014-9998

LAST UPDATE DATE

2024-11-23T21:39:09.343000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-77943	date:	2018-05-09T00:00:00
db:	VULMON	id:	CVE-2014-9998	date:	2018-05-09T00:00:00
db:	BID	id:	103671	date:	2018-04-05T00:00:00
db:	JVNDB	id:	JVNDB-2018-003809	date:	2018-06-05T00:00:00
db:	CNNVD	id:	CNNVD-201804-1040	date:	2018-05-29T00:00:00
db:	NVD	id:	CVE-2014-9998	date:	2024-11-21T02:22:09.610

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-77943	date:	2018-04-18T00:00:00
db:	VULMON	id:	CVE-2014-9998	date:	2018-04-18T00:00:00
db:	BID	id:	103671	date:	2018-04-05T00:00:00
db:	JVNDB	id:	JVNDB-2018-003809	date:	2018-06-05T00:00:00
db:	CNNVD	id:	CNNVD-201804-1040	date:	2018-04-18T00:00:00
db:	NVD	id:	CVE-2014-9998	date:	2018-04-18T14:29:02.480