CVE-2014-4323 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2014-4323?

CVE-2014-4323 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2014-4323?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.

Vulnerability Description

The mdp_lut_hw_update function in drivers/video/msm/mdp.c in the MDP display driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not validate certain start and length values within an ioctl call, which allows attackers to gain privileges via a crafted application.

CVSS Score

7.5

HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Linux	Linux Kernel	>= 3.0.0, <= 3.16.1

Related Weaknesses (CWE)

CWE-20

References

FAQ

What is CVE-2014-4323?

CVE-2014-4323 is a vulnerability with a CVSS score of 7.5 (HIGH). The mdp_lut_hw_update function in drivers/video/msm/mdp.c in the MDP display driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and oth...

How severe is CVE-2014-4323?

CVE-2014-4323 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2014-4323?

Check the references section above for vendor advisories and patch information. Affected products include: Linux Linux Kernel.