fix arbitrary read/write to user space in kernel-mmc-core CVE-2014-9790 remote
asked 2017-07-27 11:57:08 +0200
This post is a wiki. Anyone with karma >75 is welcome to improve it.
drivers/mmc/core/debugfs.c in the Qualcomm components in Android before 2016-07-05 does not validate pointers used in read and write operations, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769136 and Qualcomm internal bug CR545716. CVSS v3 Base Score: 7.8 High remote
Patch is availableon codeaurora.org.
File affected: kernel-adaptation-sbj-3.4.108.20161101.1/drivers/mmc/core/debugfs.c lines 15-20; 340-345; 466-471
@jovirkku this should have a "tracked by jolla" label
lpr ( 2017-09-19 09:39:05 +0200 )edit