Validate userspace buffer count in kernel-msm-vidc CVE-2014-9778 remote

Tracked by Jolla (Rejected)

asked 2017-06-22 12:27:06 +0200

this post is marked as community wiki

This post is a wiki. Anyone with karma >75 is welcome to improve it.

updated 2017-06-22 12:36:14 +0200

lpr gravatar image


The vid_dec_set_h264_mv_buffers function in drivers/video/msm/vidc/common/dec/vdec.c in the Qualcomm components in Android before 2016-07-05 does not validate the number of buffers, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28598515 and Qualcomm internal bug CR563694.
CVSS v3 Base:7.8high (attack range: remote)

Patch is available: link

Files affected: kernel-adaptation-sbj- lines: 867-872
kernel-adaptation-sbj- lines 20-22

edit retag flag offensive close delete