PT-2016-2634 · Google+2 · Android+2

Publicado

2014-04-02

Atualizado

2016-11-28

CVE-2014-9870

CVSS v2.0

9.3

Alta

Vetor

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 3.11 on ARM platforms Android versions prior to 2016-08-05 on Nexus 5 and 7 (2013) devices

Description The issue is related to improper consideration of user-space access to the TPIDRURW register. This allows local users to gain privileges via a crafted application.

Recommendations For Linux kernel versions prior to 3.11 on ARM platforms, update to version 3.11 or later to resolve the issue. For Android versions prior to 2016-08-05 on Nexus 5 and 7 (2013) devices, update to a version released after 2016-08-05 to resolve the issue.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-264

Identificadores relacionados

ALT-PU-2014-1422

BDU:2016-02026

CVE-2014-9870

Produtos afetados

Alt Linux

Android

Linux Kernel

PT-2016-2634 · Google+2 · Android+2

CVE-2014-9870

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 160