SB2014121211 - Permissions, Privileges, and Access Controls in Linux kernel

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2014121211

SB2014121211 - Permissions, Privileges, and Access Controls in Linux kernel

Published: December 12, 2014 Updated: August 9, 2020

Security Bulletin ID SB2014121211
Severity
Medium
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 security vulnerability.


1) Permissions, Privileges, and Access Controls (CVE-ID: CVE-2014-4323)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The mdp_lut_hw_update function in drivers/video/msm/mdp.c in the MDP display driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not validate certain start and length values within an ioctl call, which allows attackers to gain privileges via a crafted application.


Remediation

Install update from vendor's website.

References