Main Vulnerability Database Vulnerabilities #VU41016

#VU41016 Permissions, Privileges, and Access Controls in Linux kernel - CVE-2014-4323

Published: December 12, 2014 / Updated: August 9, 2020

Vulnerability identifier: #VU41016

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2014-4323

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Linux kernel

Software vendor:
Linux Foundation

Description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The mdp_lut_hw_update function in drivers/video/msm/mdp.c in the MDP display driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not validate certain start and length values within an ioctl call, which allows attackers to gain privileges via a crafted application.

Remediation

Install update from vendor's website.

External links

https://www.codeaurora.org/projects/security-advisories/improper-input-validation-mdp-driver-when-processing-color-maps

#VU41016 Permissions, Privileges, and Access Controls in Linux kernel - CVE-2014-4323

Description

Remediation

External links

Please verify you're human