Main Vulnerability Database Vulnerabilities #VU41016

Permissions, Privileges, and Access Controls in Linux kernel - CVE-2014-4323

Published: December 12, 2014 / Updated: August 9, 2020

Vulnerability identifier: #VU41016

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2014-4323

CWE-ID: CWE-264

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Linux Foundation

Affected software:
Linux kernel

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The mdp_lut_hw_update function in drivers/video/msm/mdp.c in the MDP display driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not validate certain start and length values within an ioctl call, which allows attackers to gain privileges via a crafted application.

How to mitigate CVE-2014-4323

Install update from vendor's website.

Sources

https://www.codeaurora.org/projects/security-advisories/improper-input-validation-mdp-driver-when-processing-color-maps

Permissions, Privileges, and Access Controls in Linux kernel - CVE-2014-4323

Detailed vulnerability description

How to mitigate CVE-2014-4323

Sources

Please verify you're human