PT-2016-2634 · Google+2 · Android+2

Published

2014-04-02

Updated

2016-11-28

CVE-2014-9870

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 3.11 on ARM platforms Android versions prior to 2016-08-05 on Nexus 5 and 7 (2013) devices

Description The issue is related to improper consideration of user-space access to the TPIDRURW register. This allows local users to gain privileges via a crafted application.

Recommendations For Linux kernel versions prior to 3.11 on ARM platforms, update to version 3.11 or later to resolve the issue. For Android versions prior to 2016-08-05 on Nexus 5 and 7 (2013) devices, update to a version released after 2016-08-05 to resolve the issue.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

ALT-PU-2014-1422

BDU:2016-02026

CVE-2014-9870

Affected Products

Alt Linux

Android

Linux Kernel

PT-2016-2634 · Google+2 · Android+2

CVE-2014-9870

Weakness Enumeration

Related Identifiers

Affected Products

References · 160