CVE-2014-9789

Name of the Vulnerable Software and Affected Versions Android versions prior to 2016-07-05

Description The issue concerns the alloc and free APIs in the arch/arm/mach-msm/qdsp6v2/msm audio ion.c file within the Qualcomm components. These APIs do not validate parameters, allowing attackers to gain privileges via a crafted application.

Recommendations For Android versions prior to 2016-07-05, consider restricting access to the vulnerable APIs until a patch is available. As a temporary workaround, avoid using the affected alloc and free APIs in the /arch/arm/mach-msm/qdsp6v2/msm audio ion.c file to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.