Validate input arguments from user space in kernel-msm-mdp CVE-2014-4323 remote

Tracked by Jolla (In progress)

asked 2017-07-13 12:24:16 +0200

this post is marked as community wiki

This post is a wiki. Anyone with karma >75 is welcome to improve it.

updated 2017-07-13 12:24:16 +0200

lpr gravatar image

The mdp_lut_hw_update function in drivers/video/msm/mdp.c in the MDP display driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not validate certain start and length values within an ioctl call, which allows attackers to gain privileges via a crafted application. CVSS v2 Base Score: 7.5 HIGH Access Vector: Network exploitable

Patch is available.

file affected: kernel-adaptation-sbj-3.4.108.20161101.1/drivers/video/msm/mdp.c lines 501-506

edit retag flag offensive close delete