Check validity of userspace address in kernel-msm-vidc CVE-2014-9880 remote
Tracked by Jolla
(Rejected)
asked 2017-07-20 11:29:51 +0200
This post is a wiki. Anyone with karma >75 is welcome to improve it.
drivers/video/msm/vidc/common/enc/venc.c in the Qualcomm components in Android before 2016-08-05 does not validate VEN_IOCTL_GET_SEQUENCE_HDR ioctl calls, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769352 and Qualcomm internal bug CR556356. medium (attack range: remote) CVSSv3: 7.8
Patch is availableon codeaurora.org.
File affected: kernel-adaptation-sbj-3.4.108.20161101.1/drivers/video/msm/vidc/common/enc/venc.c lines 1325-1330
@jovirkku this should have a "tracked by jolla" label
lpr ( 2017-09-19 09:40:06 +0200 )edit