CVE-2014-9891

Name of the Vulnerable Software and Affected Versions Android versions prior to 2016-08-05

Description The issue is related to a lack of validation of certain buffer addresses in the drivers/misc/qseecom.c file of Qualcomm components in the Android operating system. This can be exploited by a remote attacker using a specially crafted application that makes an ioctl call, potentially allowing the attacker to gain privileges.

Recommendations For Android versions prior to 2016-08-05, consider restricting access to the ioctl call in the drivers/misc/qseecom.c file until a patch is available. As a temporary workaround, avoid using the ioctl call in the affected component to minimize the risk of exploitation.