Main Vulnerability Database Vulnerabilities #VU40991

#VU40991 Buffer overflow in Linux kernel - CVE-2014-4322

Published: December 24, 2014 / Updated: October 14, 2020

Vulnerability identifier: #VU40991

Vulnerability risk: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:P/U:Amber

CVE-ID: CVE-2014-4322

CWE-ID: CWE-119

Exploitation vector: Remote access

Exploit availability: Public exploit is available

Vulnerable software:
Linux kernel

Software vendor:
Linux Foundation

Description

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

drivers/misc/qseecom.c in the QSEECOM driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not validate certain offset, length, and base values within an ioctl call, which allows attackers to gain privileges or cause a denial of service (memory corruption) via a crafted application.

Remediation

Install update from vendor's website.

External links

https://www.codeaurora.org/projects/security-advisories/memory-corruption-qseecom-driver-cve-2014-4322

#VU40991 Buffer overflow in Linux kernel - CVE-2014-4322

Description

Remediation

External links

Please verify you're human