Memory Corruption in QSEECOM Driver (CVE-2014-4322)
2015年10月9日
风险等级: 高
CVE标识符: : CVE-2014-4322
建议日期 : 2015年10月2日
描述
drivers/misc/qseecom.c in the QSEECOM driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not validate certain offset, length, and base values within an ioctl call, which allows attackers to gain privileges or cause a denial of service (memory corruption) via a crafted application.
保护信息
解决方案
受感染软件和版本:
- All Android releases from CAF using the Linux kernel.