Main Vulnerability Database Vulnerabilities #VU40991

Buffer overflow in Linux kernel - CVE-2014-4322

Published: December 24, 2014 / Updated: October 14, 2020

Vulnerability identifier: #VU40991

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber

CVE-ID: CVE-2014-4322

CWE-ID: CWE-119

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vendor: Linux Foundation

Affected software:
Linux kernel

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

drivers/misc/qseecom.c in the QSEECOM driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not validate certain offset, length, and base values within an ioctl call, which allows attackers to gain privileges or cause a denial of service (memory corruption) via a crafted application.

How to mitigate CVE-2014-4322

Install update from vendor's website.

Sources

https://www.codeaurora.org/projects/security-advisories/memory-corruption-qseecom-driver-cve-2014-4322

Buffer overflow in Linux kernel - CVE-2014-4322

Detailed vulnerability description

How to mitigate CVE-2014-4322

Sources

Please verify you're human