CVE-2014-0973

2014-08-2501:55:02

CWE-287

[email protected]

web.nvd.nist.gov

cve-2014-0973

little kernel

lk bootloader

boot-image authentication

rsa_public_decrypt

android

qualcomm innovation center

quic

msm devices

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

6.9 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

35.3%

JSON

The image_verify function in platform/msm_shared/image_verify.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not check whether a certain digest size is consistent with the RSA_public_decrypt API specification, which makes it easier for attackers to bypass boot-image authentication requirements via trailing data.

Affected configurations

NVD

Node

little_kernel_projectlittle_kernel_bootloaderMatch-----android

CPENameOperatorVersion
little_kernel_project:little_kernel_bootloaderlittle kernel project little kernel bootloadereq-

CPE	Name	Operator	Version
little_kernel_project:little_kernel_bootloader	little kernel project little kernel bootloader	eq	-

References

source.android.com/security/bulletin/2016-07-01.html

www.codeaurora.org/projects/security-advisories/incomplete-signature-parsing-during-boot-image-authentication-leads-to-signature-forgery-cve-2014-0973