validate inputs and add checks in kernel-drivers-qseecom CVE-2014-9864 CVE-2014-9865 CVE-2014-9884 CVE-2014-9887 CVE-2014-9894 remote

Tracked by Jolla (In progress)

asked 2017-06-22 16:23:06 +0200

this post is marked as community wiki

This post is a wiki. Anyone with karma >75 is welcome to improve it.

updated 2017-06-22 16:23:06 +0200

lpr gravatar image

Description:

drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 does not validate ioctl calls, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28747998 and Qualcomm internal bug CR561841. Patch: https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=a1124defc680055e2f2a8c8e3da4a94ca2ec842e

drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 does not properly restrict user-space input, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28748271 and Qualcomm internal bug CR550013. Patch: https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=e65a876a155de945e306f2726f3a557415e6044e

drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 does not validate certain pointers, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769920 and Qualcomm internal bug CR580740. Patch: https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=f4948193c46f75e16d4382c4472485ab12b7bd17

drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 does not validate certain length values, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28804057 and Qualcomm internal bug CR636633. Patch: https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=b1bc773cf61265e0e3871b2e52bd6b3270ffc6c3

drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 does not ensure that certain name strings end in a '\0' character, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28749708 and Qualcomm internal bug CR545736. Patch: https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=83214431cd02674c70402b160b16b7427e28737f

SCORE 7.8high remote

File affected: /kernel-adaptation-sbj-3.4.108.20161101.1/drivers/misc/qseecom.c
lines 502-504; 963-971; 1099-1102; 1111-1115; 152-157; 348-354; 367-371; 502-504(II); 860-861; 1106-1111; 1113; 1108-1111(II); 655-656; 1467-1468

edit retag flag offensive close delete