Security readout for executives and security teams
CVE-2014-9795 is a bootloader-level flaw reported for Nexus 5 devices using Qualcomm Android components before the 2016-07-05 Android security fixes. The issue is an integer overflow check failure that could let an attacker bypass intended access restrictions. The sources do not provide CVSS, broad affected-product data, or active exploitation evidence. Exposure appears limited by the provided sources to Nexus 5 devices running Android firmware before the 2016-07-05 security level. The bundle does not prove impact across other Qualcomm-based Android devices, so broader fleet exposure should not be assumed without vendor evidence. Treat this as a legacy-device risk. It is not supported by current active-exploitation evidence in the bundle, but bootloader access-control bypasses are sensitive. Prioritize confirmation that no Nexus 5 or similarly unsupported Android devices remain in business-critical use. Mitigation focus: Apply Android or OEM firmware including the 2016-07-05 security fixes.; Verify Nexus 5 devices are not running pre-2016-07-05 firmware.; Check OEM or vendor guidance before assuming fixes for non-Nexus devices..
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
CVE-2014-9795 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
Open ATT&CK lookup- Severity
- Unknown
- CVSS
- Not scored
- Known Exploited
- No
- Published
CNA and ADP enrichment extracted from CVE v5
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
CVSS and timeline data
No CVSS vectors or timeline events were available in the normalized CVE source material.
Source materials
- CVE List V5 sourceCVE List V5
- https://source.codeaurora.org/quic/la/kernel/lk/commit/?id=fc3b31f81a1c128c2bcc745564a075022cd72a2eCVE reference · x_refsource_CONFIRM
- https://source.codeaurora.org/quic/la/kernel/lk/commit/?id=ce2a0ea1f14298abc83729f3a095adab43342342CVE reference · x_refsource_CONFIRM
Products and packages named in the record
CWE details
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
