CVE-2014-10045
Description
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile and Snapdragon Wear IPQ4019, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 820, and SDX20, buffer overflow vulnerability exist in Sahara boot when program header are parsing.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Buffer overflow in Qualcomm Sahara boot during program header parsing allows privilege escalation on multiple Snapdragon platforms.
Vulnerability
A buffer overflow vulnerability exists in the Qualcomm Sahara boot component when parsing program headers. This affects Android devices with security patch levels before 2018-04-05 on the following Qualcomm Snapdragon Mobile and Snapdragon Wear chipsets: IPQ4019, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 820, and SDX20 [1]. The bug is triggered during the parsing of program headers in a boot image.
Exploitation
An attacker with local access to the device or the ability to flash a malicious boot image can exploit this vulnerability. The attacker would need to craft a specially designed boot image with malformed program headers that cause a buffer overflow when processed by the Sahara boot loader. No user interaction is required beyond the device booting from the malicious image.
Impact
Successful exploitation allows the attacker to execute arbitrary code in the context of the boot loader, potentially gaining elevated privileges over the device's normal operating system. This could lead to complete compromise of the device's confidentiality, integrity, and availability, as the attacker may bypass security mechanisms enforced by the Android kernel and higher layers.
Mitigation
The vulnerability is fixed in the Android security patch level of 2018-04-05 or later [1]. Users should ensure their devices receive this update. No workaround is available for unpatched devices; updating to the latest security patch is the only mitigation.
AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3- Range: before Android security patch level 2018-04-05
- Range: before Android security patch level 2018-04-05
- Qualcomm, Inc./Snapdragon Mobile, Snapdragon Wearv5Range: IPQ4019, MDM9206, MDM9607, MDM9615, MDM9625, MDM9635M, MDM9640, MDM9650, MDM9655, MSM8909W, SD 210/SD 212/SD 205, SD 400, SD 410/12, SD 615/16/SD 415, SD 820, SDX20
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- www.securityfocus.com/bid/103671mitrevdb-entryx_refsource_BID
- source.android.com/security/bulletin/2018-04-01mitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.