We have moved to a new Sailfish OS Forum. Please start new discussions there.
1 | initial version | posted 2017-06-22 16:23:06 +0200 |
Description:
drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 does not validate ioctl calls, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28747998 and Qualcomm internal bug CR561841. Patch: https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=a1124defc680055e2f2a8c8e3da4a94ca2ec842e
drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 does not properly restrict user-space input, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28748271 and Qualcomm internal bug CR550013. Patch: https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=e65a876a155de945e306f2726f3a557415e6044e
drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 does not validate certain pointers, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28769920 and Qualcomm internal bug CR580740. Patch: https://source.codeaurora.org/quic/la/kernel/msm/commit/?id=f4948193c46f75e16d4382c4472485ab12b7bd17
drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 does not validate certain length values, which allows attackers to gain privileges via a crafted application, aka Android internal bug 28804057 and Qualcomm internal bug CR636633. Patch: https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=b1bc773cf61265e0e3871b2e52bd6b3270ffc6c3
drivers/misc/qseecom.c in the Qualcomm components in Android before 2016-08-05 does not ensure that certain name strings end in a '\0' character, which allows attackers to obtain sensitive information via a crafted application, aka Android internal bug 28749708 and Qualcomm internal bug CR545736. Patch: https://source.codeaurora.org/quic/la/kernel/msm-3.10/commit/?id=83214431cd02674c70402b160b16b7427e28737f
SCORE 7.8high remote
File affected: /kernel-adaptation-sbj-3.4.108.20161101.1/drivers/misc/qseecom.c
lines 502-504; 963-971; 1099-1102; 1111-1115; 152-157; 348-354; 367-371; 502-504(II); 860-861; 1106-1111; 1113; 1108-1111(II); 655-656; 1467-1468