Vulnerability Description
The cmd_boot function in app/aboot/aboot.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to bypass intended device-lock and kernel-signature restrictions by using fastboot mode in a boot command for an arbitrary kernel image.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Little Kernel Project | Little Kernel Bootloader | - |
Related Weaknesses (CWE)
References
- https://www.codeaurora.org/projects/security-advisories/fastboot-boot-command-byPatch
- https://www.codeaurora.org/projects/security-advisories/fastboot-boot-command-byPatch
FAQ
What is CVE-2014-4325?
CVE-2014-4325 is a vulnerability with a CVSS score of 7.2 (HIGH). The cmd_boot function in app/aboot/aboot.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows ...
How severe is CVE-2014-4325?
CVE-2014-4325 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2014-4325?
Check the references section above for vendor advisories and patch information. Affected products include: Little Kernel Project Little Kernel Bootloader.