Check validity of userspace address in kernel-msm-vidc CVE-2014-9880 remote

asked 2017-07-20 11:29:51 +0200

this post is marked as community wiki

This post is a wiki. Anyone with karma >75 is welcome to improve it.

updated 2017-08-10 12:43:51 +0200

lpr gravatar image

drivers/video/msm/vidc/common/enc/venc.c in the Qualcomm components in Android before 2016-08-05 does not validate VEN_IOCTL_GET_SEQUENCE_HDR ioctl calls, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769352 and Qualcomm internal bug CR556356. medium (attack range: remote) CVSSv3: 7.8

Patch is availableon codeaurora.org

File affected: kernel-adaptation-sbj-3.4.108.20161101.1/drivers/video/msm/vidc/common/enc/venc.c lines 1325-1330

edit retag flag offensive close delete

Comments

@jovirkku this should have a "tracked by jolla" label

lpr ( 2017-09-19 09:40:06 +0200 )edit