Validate userspace buffer count in kernel-msm-vidc CVE-2014-9778 remote

Tracked by Jolla

asked 2017-06-22 12:27:06 +0300

this post is marked as community wiki

This post is a wiki. Anyone with karma >75 is welcome to improve it.

updated 2017-06-22 12:36:14 +0300

lpr gravatar image

Description

The vid_dec_set_h264_mv_buffers function in drivers/video/msm/vidc/common/dec/vdec.c in the Qualcomm components in Android before 2016-07-05 does not validate the number of buffers, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28598515 and Qualcomm internal bug CR563694.
CVSS v3 Base:7.8high (attack range: remote)

Patch is available: link

Files affected: kernel-adaptation-sbj-3.4.108.20161101.1/drivers/video/msm/vidc/common/dec/vdec.c lines: 867-872
kernel-adaptation-sbj-3.4.108.20161101.1/include/media/msm/vidc_init.h lines 20-22

edit retag flag offensive close delete