CVE-2014-9886

Name of the Vulnerable Software and Affected Versions Android versions prior to 2016-08-05

Description The issue is related to insufficient input validation in the usf.c file of the Qualcomm components in the Android operating system. This can be exploited by a remote attacker using a specially crafted application to gain elevated privileges. The vulnerability affects Nexus 5 and 7 (2013) devices.

Recommendations For Android versions prior to 2016-08-05, consider restricting access to the usf.c file in the arch/arm/mach-msm/qdsp6v2/ultrasound directory to minimize the risk of exploitation. As a temporary workaround, avoid using potentially vulnerable applications until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.