Validate userspace buffer count in kernel-msm-vidc CVE-2014-9778 remote
Tracked by Jolla
(Rejected)
asked 2017-06-22 12:27:06 +0300
This post is a wiki. Anyone with karma >75 is welcome to improve it.
The vid_dec_set_h264_mv_buffers function in drivers/video/msm/vidc/common/dec/vdec.c in the Qualcomm components in Android before 2016-07-05 does not validate the number of buffers, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28598515 and Qualcomm internal bug CR563694.
CVSS v3 Base:7.8high (attack range: remote)
Patch is available: link
Files affected: kernel-adaptation-sbj-3.4.108.20161101.1/drivers/video/msm/vidc/common/dec/vdec.c lines: 867-872
kernel-adaptation-sbj-3.4.108.20161101.1/include/media/msm/vidc_init.h lines 20-22