CVE-2014-9998: Buffer Overflow
First published: Mon Apr 02 2018(Updated: )
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear IPQ4019, IPQ8064, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, QCA4531, QCA6174A, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, QCA9558, QCA9880, QCA9886, QCA9980, SD 210/SD 212/SD 205, SD 425, SD 625, SD 808, SD 810, SD 820, and SDX20, while processing firmware image signature, the internal buffer may overflow if the firmware signature size is large.
Credit: product-security@qualcomm.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Qualcomm MDM9206 firmware | ||
| Qualcomm MDM9206 | ||
| Qualcomm MDM9607 firmware | ||
| Qualcomm MDM9607 | ||
| Qualcomm IPQ4019 | ||
| Qualcomm IPQ4019 Firmware | ||
| Qualcomm IPQ8064 | ||
| qualcomm IPQ8064 firmware | ||
| Qualcomm MDM9635M firmware | ||
| Qualcomm MDM9635M | ||
| qualcomm mdm9640 firmware | ||
| qualcomm MDM9640 | ||
| qualcomm mdm9645 firmware | ||
| qualcomm mdm9645 | ||
| Qualcomm MDM9650 firmware | ||
| Qualcomm MDM9650 | ||
| Qualcomm Qca4531 Firmware | ||
| Qualcomm Qca4531 | ||
| Qualcomm qca6174a firmware | ||
| Qualcomm qca6174a | ||
| qualcomm SD 210 firmware | ||
| qualcomm SD 210 | ||
| qualcomm SD 212 firmware | ||
| qualcomm SD 212 | ||
| qualcomm SD 205 firmware | ||
| qualcomm SD 205 | ||
| qualcomm qca6574au firmware | ||
| qualcomm qca6574au | ||
| qualcomm QCA6584 firmware | ||
| qualcomm QCA6584 | ||
| qualcomm QCA6584AU firmware | ||
| qualcomm QCA6584AU | ||
| qualcomm SD 425 firmware | ||
| qualcomm SD 425 | ||
| Qualcomm qca9377 firmware | ||
| Qualcomm qca9377 | ||
| Qualcomm Qca9378 Firmware | ||
| Qualcomm Qca9378 | ||
| qualcomm qca9379 firmware | ||
| qualcomm qca9379 | ||
| Qualcomm Qca9558 Firmware | ||
| Qualcomm Qca9558 | ||
| qualcomm qca9880 firmware | ||
| qualcomm qca9880 | ||
| qualcomm QCA9886 firmware | ||
| qualcomm QCA9886 | ||
| qualcomm SD 625 firmware | ||
| qualcomm SD 625 | ||
| qualcomm qca9980 firmware | ||
| qualcomm qca9980 | ||
| qualcomm SD 808 firmware | ||
| qualcomm SD 808 | ||
| qualcomm sd 810 firmware | ||
| qualcomm sd 810 | ||
| qualcomm SD 820 firmware | ||
| qualcomm SD 820 | ||
| Qualcomm SDX20 Firmware | ||
| Qualcomm SDX20 Firmware | ||
| Android |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2014-9998?
The severity of CVE-2014-9998 is critical with a severity score of 9.8.
Which devices are affected by CVE-2014-9998?
Devices running Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Automobile, Snapdragon Mobile, and Snapdragon Wear IPQ4019, IPQ8064, MDM9206, MDM9607, MDM9635M, MDM9640, MDM9650, QCA4531, QCA6174A, QCA6574AU, QCA6584, QCA6584AU, QCA9377, QCA9378, QCA9379, QCA9558, QCA9880, and QCA9886 firmware are affected by CVE-2014-9998.
How can I fix CVE-2014-9998?
You can fix CVE-2014-9998 by updating your Android device to a security patch level released on or after 2018-04-05.
What is the Common Weakness Enumeration (CWE) ID for CVE-2014-9998?
The CWE ID for CVE-2014-9998 is 119.
Where can I find more information about CVE-2014-9998?
You can find more information about CVE-2014-9998 at the following references: [1](http://www.securityfocus.com/bid/103671), [2](https://source.android.com/security/bulletin/2018-04-01), [3](https://source.android.com/docs/security/bulletin/2018-04-01/#asterisk)
- agent/references
- agent/type
- agent/first-publish-date
- agent/author
- agent/weakness
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/source
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/android-source
- source/Android
- agent/software-canonical-lookup
- vendor/qualcomm
- canonical/qualcomm mdm9206 firmware
- canonical/qualcomm mdm9206
- canonical/qualcomm mdm9607 firmware
- canonical/qualcomm mdm9607
- canonical/qualcomm ipq4019
- canonical/qualcomm ipq4019 firmware
- canonical/qualcomm ipq8064
- canonical/qualcomm ipq8064 firmware
- canonical/qualcomm mdm9635m firmware
- canonical/qualcomm mdm9635m
- canonical/qualcomm mdm9640 firmware
- canonical/qualcomm mdm9640
- canonical/qualcomm mdm9645 firmware
- canonical/qualcomm mdm9645
- canonical/qualcomm mdm9650 firmware
- canonical/qualcomm mdm9650
- canonical/qualcomm qca4531 firmware
- canonical/qualcomm qca4531
- canonical/qualcomm qca6174a firmware
- canonical/qualcomm qca6174a
- canonical/qualcomm sd 210 firmware
- canonical/qualcomm sd 210
- canonical/qualcomm sd 212 firmware
- canonical/qualcomm sd 212
- canonical/qualcomm sd 205 firmware
- canonical/qualcomm sd 205
- canonical/qualcomm qca6574au firmware
- canonical/qualcomm qca6574au
- canonical/qualcomm qca6584 firmware
- canonical/qualcomm qca6584
- canonical/qualcomm qca6584au firmware
- canonical/qualcomm qca6584au
- canonical/qualcomm sd 425 firmware
- canonical/qualcomm sd 425
- canonical/qualcomm qca9377 firmware
- canonical/qualcomm qca9377
- canonical/qualcomm qca9378 firmware
- canonical/qualcomm qca9378
- canonical/qualcomm qca9379 firmware
- canonical/qualcomm qca9379
- canonical/qualcomm qca9558 firmware
- canonical/qualcomm qca9558
- canonical/qualcomm qca9880 firmware
- canonical/qualcomm qca9880
- canonical/qualcomm qca9886 firmware
- canonical/qualcomm qca9886
- canonical/qualcomm sd 625 firmware
- canonical/qualcomm sd 625
- canonical/qualcomm qca9980 firmware
- canonical/qualcomm qca9980
- canonical/qualcomm sd 808 firmware
- canonical/qualcomm sd 808
- canonical/qualcomm sd 810 firmware
- canonical/qualcomm sd 810
- canonical/qualcomm sd 820 firmware
- canonical/qualcomm sd 820
- canonical/qualcomm sdx20 firmware
- vendor/google
- canonical/android