High severity7.8NVD Advisory· Published Jul 11, 2016· Updated May 6, 2026

CVE-2014-9789

Description

The (1) alloc and (2) free APIs in arch/arm/mach-msm/qdsp6v2/msm_audio_ion.c in the Qualcomm components in Android before 2016-07-05 on Nexus 5 devices do not validate parameters, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28749392 and Qualcomm internal bug CR556425.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

source.codeaurora.org/quic/la/kernel/msm/commit/nvdMailing ListPatchThird Party Advisory
source.android.com/security/bulletin/2016-07-01.htmlnvdVendor Advisory
www.securityfocus.com/bid/91628nvdThird Party AdvisoryVDB Entry

News mentions

No linked articles in our index yet.

cvss	0.507
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000