Main Vulnerability Database SB2014122403

SB2014122403 - Buffer overflow in Linux kernel

Published: December 24, 2014 Updated: August 9, 2020

Security Bulletin ID SB2014122403

Severity

High

Patch available

YES

Number of vulnerabilities 1

Exploitation vector Remote access

Highest impact Code execution

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 1 security vulnerability.

1) Buffer overflow (CVE-ID: CVE-2014-4322)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

drivers/misc/qseecom.c in the QSEECOM driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not validate certain offset, length, and base values within an ioctl call, which allows attackers to gain privileges or cause a denial of service (memory corruption) via a crafted application.

Remediation

Install update from vendor's website.

References

https://www.codeaurora.org/projects/security-advisories/memory-corruption-qseecom-driver-cve-2014-4322