Lucene search

[email protected]CVE-2014-0974

HistoryAug 25, 2014 - 1:55 a.m.

CVE-2014-0974

2014-08-2501:55:03

CWE-264

[email protected]

web.nvd.nist.gov

cve-2014-0974

qualcomm

android

msm devices

bootloader

validation vulnerability

memory location

1.9 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:M/Au:N/C:N/I:P/A:N

6.8 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

35.3%

JSON

The boot_linux_from_mmc function in app/aboot/aboot.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly validate a certain address value, which allows attackers to write data to a controllable memory location by leveraging the ability to initiate an attempted boot of an arbitrary image.

Affected configurations

NVD

Node

little_kernel_projectlittle_kernel_bootloaderMatch-----android

CPENameOperatorVersion
little_kernel_project:little_kernel_bootloaderlittle kernel project little kernel bootloadereq-

CPE	Name	Operator	Version
little_kernel_project:little_kernel_bootloader	little kernel project little kernel bootloader	eq	-

References

source.android.com/security/bulletin/2016-07-01.html

www.codeaurora.org/projects/security-advisories/lk-insufficient-verification-tagaddr-when-loading-device-tree-cve-2014-0974

1.9 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:M/Au:N/C:N/I:P/A:N

6.8 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

35.3%

JSON

Related for CVE-2014-0974

nvd2 cvelist1 prion2 cve1