Validate input arguments from user space in kernel-msm-mdp CVE-2014-4323 remote [released]

Tracked by Jolla (In progress)

asked 2017-07-13 12:24:16 +0200

this post is marked as community wiki

This post is a wiki. Anyone with karma >75 is welcome to improve it.

updated 2017-07-13 12:24:16 +0200

lpr gravatar image

The mdp_lut_hw_update function in drivers/video/msm/mdp.c in the MDP display driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not validate certain start and length values within an ioctl call, which allows attackers to gain privileges via a crafted application. CVSS v2 Base Score: 7.5 HIGH Access Vector: Network exploitable

Patch is available.

file affected: kernel-adaptation-sbj-3.4.108.20161101.1/drivers/video/msm/mdp.c lines 501-506

edit retag flag offensive reopen delete

The question has been closed for the following reason "released in a software update" by lpr
close date 2018-09-04 18:01:37.127867

Comments

released in SFOS 2.1.4 according to jovirkku's comment here.

lpr ( 2018-02-28 20:24:16 +0200 )edit

@jovirkku this issue was not addressed in SFOS 2.1.4.14 as you can see in kernel-adaptation-sbj-3.4.108.20171107.1/drivers/video/msm/mdp.c (lines 501-506)

lpr ( 2018-05-26 17:31:56 +0200 )edit

answer at recent mer-meeting (May31'18) topic: patches for CVE-2014-4323 and CVE-2016-5696 still not in kernel-adaptation-sbj:

Jaymzz> Yes we will provide fix for above CVE's for Jolla 1 in 2.2.1 release

lpr ( 2018-05-31 11:50:13 +0200 )edit

released with SFOS update to 2.2.1

lpr ( 2018-09-04 18:01:18 +0200 )edit