Fix various small issues in Actuator driver in kernel-msm-camera CVE-2014-9782 remote

asked 2017-07-25 18:07:44 +0200

this post is marked as community wiki

This post is a wiki. Anyone with karma >75 is welcome to improve it.

updated 2017-08-10 12:47:30 +0200

lpr gravatar image

drivers/media/platform/msm/camera_v2/sensor/actuator/msm_actuator.c in the Qualcomm components in Android before 2016-07-05 does not validate direction and step parameters, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28431531 and Qualcomm internal bug CR511349. CVSS v3 Base Score: 7.8 High remote

Patch is availableon codeaurora.org.

file affected: kernel-adaptation-sbj-3.4.108.20161101.1/drivers/media/video/msm/actuators/msm_actuator.c lines 361-371 (except 364-367) ; 471-476; 570-581 ; 610-616 + defines of MAX_ACTUATOR_AF_TOTAL_STEPS , MSM_ACTUATOR_MOVE_SIGNED_FAR and MSM_ACTUATOR_MOVE_SIGNED_NEAR

edit retag flag offensive close delete

Comments

@jovirkku this should have a "tracked by jolla" label

lpr ( 2017-09-19 09:42:21 +0200 )edit