Lucene search

K
androidAlephzain <[email protected]>ANDROID:QUALCOMM_OUT_OF_BOUNDS_CAMERA
HistoryJan 10, 2014 - 12:00 a.m.

Qualcomm out of bounds camera

2014-01-1000:00:00
alephzain <[email protected]>
www.androidvulnerabilities.org
10

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

41.0%

Out of bounds array access in camera driver (CVE-2013-6123): The camera driver provides an ioctl system call interface to user space clients for communication. When processing this communication, the msm_ioctl_server, msm_server_send_ctrl, and msm_ctrl_cmd_done functions use a user-supplied value as an index to the server_queue array for read and write operations without any boundary checks. A local application with access to the camera device nodes can use this flaw to, e.g., elevate privileges.

6.9 Medium

CVSS2

Access Vector

LOCAL

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

0.001 Low

EPSS

Percentile

41.0%

Related for ANDROID:QUALCOMM_OUT_OF_BOUNDS_CAMERA