CVE-2014-10043: Buffer Overflow
First published: Mon Apr 02 2018(Updated: )
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, and SD 800, while reading PlayReady rights string information from command buffer (which is sent from non-secure side), if length of rights string is very large, a buffer over read occurs, exposing TZ App memory to non-secure side.
Credit: product-security@qualcomm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Qualcomm Msm8909w Firmware | ||
| Qualcomm Msm8909w | ||
| Qualcomm Sd 210 Firmware | ||
| Qualcomm Sd 210 | ||
| Qualcomm Sd 212 Firmware | ||
| Qualcomm Sd 212 | ||
| Qualcomm Sd 205 Firmware | ||
| Qualcomm Sd 205 | ||
| Qualcomm Sd 400 Firmware | ||
| Qualcomm Sd 400 | ||
| Qualcomm Sd 410 Firmware | ||
| Qualcomm Sd 410 | ||
| Qualcomm Sd 412 Firmware | ||
| Qualcomm Sd 412 | ||
| Qualcomm Sd 800 Firmware | ||
| Qualcomm Sd 800 | ||
| Google Android |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2014-10043?
CVE-2014-10043 is a vulnerability in Android devices before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, and SD 800.
How severe is CVE-2014-10043?
CVE-2014-10043 has a severity rating of 7.5, which is considered high.
What is the affected software by CVE-2014-10043?
The affected software by CVE-2014-10043 includes Google Android, Qualcomm MSM8909W Firmware, Qualcomm SD 210 Firmware, Qualcomm SD 212 Firmware, Qualcomm SD 205 Firmware, Qualcomm SD 400 Firmware, Qualcomm SD 410 Firmware, Qualcomm SD 412 Firmware, and Qualcomm SD 800 Firmware.
How does CVE-2014-10043 exploit work?
CVE-2014-10043 exploits a vulnerability where PlayReady rights string information is read from a command buffer sent from non-secure side, allowing for potential unauthorized access.
Are there any fixes available for CVE-2014-10043?
Yes, the fix for CVE-2014-10043 is included in the security patch level update released on 2018-04-05.
- agent/references
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- agent/author
- agent/severity
- agent/weakness
- agent/description
- agent/event
- agent/tags
- agent/last-modified-date
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/android-source
- source/Android
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- vendor/qualcomm
- canonical/qualcomm msm8909w firmware
- canonical/qualcomm msm8909w
- canonical/qualcomm sd 210 firmware
- canonical/qualcomm sd 210
- canonical/qualcomm sd 212 firmware
- canonical/qualcomm sd 212
- canonical/qualcomm sd 205 firmware
- canonical/qualcomm sd 205
- canonical/qualcomm sd 400 firmware
- canonical/qualcomm sd 400
- canonical/qualcomm sd 410 firmware
- canonical/qualcomm sd 410
- canonical/qualcomm sd 412 firmware
- canonical/qualcomm sd 412
- canonical/qualcomm sd 800 firmware
- canonical/qualcomm sd 800
- vendor/google
- canonical/google android