Vulnerability Description
The boot_linux_from_mmc function in app/aboot/aboot.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly validate a certain address value, which allows attackers to write data to a controllable memory location by leveraging the ability to initiate an attempted boot of an arbitrary image.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Little Kernel Project | Little Kernel Bootloader | - |
Related Weaknesses (CWE)
References
- http://source.android.com/security/bulletin/2016-07-01.html
- https://www.codeaurora.org/projects/security-advisories/lk-insufficient-verificaPatch
- http://source.android.com/security/bulletin/2016-07-01.html
- https://www.codeaurora.org/projects/security-advisories/lk-insufficient-verificaPatch
FAQ
What is CVE-2014-0974?
CVE-2014-0974 is a vulnerability with a CVSS score of 1.9 (LOW). The boot_linux_from_mmc function in app/aboot/aboot.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other produc...
How severe is CVE-2014-0974?
CVE-2014-0974 has been rated LOW with a CVSS base score of 1.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-0974?
Check the references section above for vendor advisories and patch information. Affected products include: Little Kernel Project Little Kernel Bootloader.