Memory Corruption in QSEECOM Driver (CVE-2014-4322)

2015年10月9日

  风险等级: 高

  CVE标识符: : CVE-2014-4322

  建议日期 : 2015年10月2日

---

  描述

drivers/misc/qseecom.c in the QSEECOM driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not validate certain offset, length, and base values within an ioctl call, which allows attackers to gain privileges or cause a denial of service (memory corruption) via a crafted application.

  保护信息

  解决方案

  补丁: https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-4322

  受感染软件和版本:

• All Android releases from CAF using the Linux kernel.