Vulnerability Description
The kgsl graphics driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly prevent write access to IOMMU context registers, which allows local users to select a custom page table, and consequently write to arbitrary memory locations, by using a crafted GPU command stream to modify the contents of a certain register.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Codeaurora | Android-Msm | 3.2.54 |
Related Weaknesses (CWE)
References
- https://www.codeaurora.org/projects/security-advisories/unprivileged-gpu-command
- https://www.codeaurora.org/projects/security-advisories/unprivileged-gpu-command
FAQ
What is CVE-2014-0972?
CVE-2014-0972 is a vulnerability with a CVSS score of 7.2 (HIGH). The kgsl graphics driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly prevent write access to IOMM...
How severe is CVE-2014-0972?
CVE-2014-0972 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-0972?
Check the references section above for vendor advisories and patch information. Affected products include: Codeaurora Android-Msm.