CVE-2014-9872

Name of the Vulnerable Software and Affected Versions Android versions prior to 2016-08-05

Description The issue is related to a lack of unique identifier checks in the DCI client table of the diag driver in Qualcomm components for the Android operating system. This could allow a remote attacker to elevate their privileges using a specially crafted application. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited. Technical details include the exploitation of the diag driver's failure to ensure unique identifiers in the DCI client table.

Recommendations For Android versions prior to 2016-08-05, update the operating system to a version released after 2016-08-05 to resolve the issue. As a temporary workaround, consider restricting the use of the diag driver until a patch is available. Avoid using the diag driver in the Qualcomm components for Android until the issue is resolved.