Linux Kernel Qualcomm Innovation Center (QuIC) Android gain privileges

Credit: quicinc
Risk: High
Local: Yes
Remote: No

CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

Release Date December 11, 2014 Affected Projects: Android for MSM Firefox OS for MSM QRD Android Advisory ID QCIR-2014-00007-1 CVE ID(s) CVE-2014-4323 Description The following security vulnerability has been identified in the implementation of the MDP display driver for Android: CVE-2014-4323: The MDP display driver provides an ioctl system call interface to user space clients for communication. When processing this communication, the mdp_lut_hw_update function uses the user-supplied values start and len from an fb_cmap structure for write operations without any boundary checks. A local application with graphics privileges can access the MDP display device node and use this to, e.g., elevate privileges. Access Vector: local Security Risk: high Vulnerability: CWE-20 (Improper input validation) Affected versions All active branches of the MSM kernel for Android on CAF are affected. The driver itself is only used on the following chipsets: 8064/8960/8660/8x30/7x30. Patch We advise customers to apply the following patches: Acknowledgement Qualcomm Innovation Center, Inc. (QuIC) thanks Gal Beniamini for reporting the related issues and working with QuIC to help improve Android device security. Revisions Initial revision. Contact


Vote for this issue:


Thanks for you vote!


Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019,


Back to Top