First published: Mon Apr 02 2018(Updated: )
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, and SD 800, while reading PlayReady rights string information from command buffer (which is sent from non-secure side), if length of rights string is very large, a buffer over read occurs, exposing TZ App memory to non-secure side.
Credit: product-security@qualcomm.com
Affected Software | Affected Version | How to fix |
---|---|---|
Qualcomm Msm8909w Firmware | ||
Qualcomm Msm8909w | ||
Qualcomm Sd 210 Firmware | ||
Qualcomm Sd 210 | ||
Qualcomm Sd 212 Firmware | ||
Qualcomm Sd 212 | ||
Qualcomm Sd 205 Firmware | ||
Qualcomm Sd 205 | ||
Qualcomm Sd 400 Firmware | ||
Qualcomm Sd 400 | ||
Qualcomm Sd 410 Firmware | ||
Qualcomm Sd 410 | ||
Qualcomm Sd 412 Firmware | ||
Qualcomm Sd 412 | ||
Qualcomm Sd 800 Firmware | ||
Qualcomm Sd 800 | ||
Google Android |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2014-10043 is a vulnerability in Android devices before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, and SD 800.
CVE-2014-10043 has a severity rating of 7.5, which is considered high.
The affected software by CVE-2014-10043 includes Google Android, Qualcomm MSM8909W Firmware, Qualcomm SD 210 Firmware, Qualcomm SD 212 Firmware, Qualcomm SD 205 Firmware, Qualcomm SD 400 Firmware, Qualcomm SD 410 Firmware, Qualcomm SD 412 Firmware, and Qualcomm SD 800 Firmware.
CVE-2014-10043 exploits a vulnerability where PlayReady rights string information is read from a command buffer sent from non-secure side, allowing for potential unauthorized access.
Yes, the fix for CVE-2014-10043 is included in the security patch level update released on 2018-04-05.