Check validity of userspace address in kernel-msm-vidc CVE-2014-9880 remote

Tracked by Jolla

asked 2017-07-20 11:29:51 +0300

this post is marked as community wiki

This post is a wiki. Anyone with karma >75 is welcome to improve it.

updated 2017-12-20 00:37:22 +0300

lpr gravatar image

drivers/video/msm/vidc/common/enc/venc.c in the Qualcomm components in Android before 2016-08-05 does not validate VEN_IOCTL_GET_SEQUENCE_HDR ioctl calls, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769352 and Qualcomm internal bug CR556356. medium (attack range: remote) CVSSv3: 7.8

Patch is availableon

File affected: kernel-adaptation-sbj- lines 1325-1330

edit retag flag offensive close delete


@jovirkku this should have a "tracked by jolla" label

lpr ( 2017-09-19 09:40:06 +0300 )edit