CVE-2014-4322 — HIGH (7.2) — White Hats Nepal

Q: How severe is CVE-2014-4322?

CVE-2014-4322 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2014-4322?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.

Vulnerability Description

drivers/misc/qseecom.c in the QSEECOM driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not validate certain offset, length, and base values within an ioctl call, which allows attackers to gain privileges or cause a denial of service (memory corruption) via a crafted application.

CVSS Score

7.2

HIGH

AV:L/AC:L/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Linux	Linux Kernel	>= 3.0.0, <= 3.18.1

Related Weaknesses (CWE)

CWE-787

References

https://www.codeaurora.org/projects/security-advisories/memory-corruption-qseecoPatchVendor Advisory
https://www.codeaurora.org/projects/security-advisories/memory-corruption-qseecoPatchVendor Advisory

FAQ

What is CVE-2014-4322?

CVE-2014-4322 is a vulnerability with a CVSS score of 7.2 (HIGH). drivers/misc/qseecom.c in the QSEECOM driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not validate certain ...

How severe is CVE-2014-4322?

CVE-2014-4322 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-4322?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.