First published: Mon Apr 02 2018(Updated: )
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9635M, SD 400, and SD 800, TOCTOU condition may result in bypassing error condition checks, leading to undefined behavior.
Credit: product-security@qualcomm.com
Affected Software | Affected Version | How to fix |
---|---|---|
Google Android | ||
Google Android | ||
Qualcomm Mdm9635m | ||
Qualcomm Sd 400 Firmware | ||
Qualcomm Sd 400 | ||
Qualcomm Sd 800 Firmware | ||
Qualcomm Sd 800 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2014-9985 is a vulnerability found in Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9635M, SD 400, and SD 800, which allows for bypassing error condition checks and may result in undefined behavior.
Android devices using Qualcomm Snapdragon Mobile MDM9635M, SD 400, and SD 800 before 2018-04-05 or earlier security patch level are affected by CVE-2014-9985.
CVE-2014-9985 has a severity rating of critical with a CVSS score of 9.8.
CVE-2014-9985 can be exploited by attackers who can trigger a TOCTOU (Time-of-Check to Time-of-Use) condition, leading to bypassing error condition checks and potentially causing undefined behavior.
Yes, a security patch was released by Google for Android on 2018-04-05 to address CVE-2014-9985.