Lucene search

[email protected]NVD:CVE-2014-0974

HistoryAug 25, 2014 - 1:55 a.m.

CVE-2014-0974

2014-08-2501:55:03

CWE-264

[email protected]

web.nvd.nist.gov

1.9 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:M/Au:N/C:N/I:P/A:N

6.6 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

35.2%

JSON

The boot_linux_from_mmc function in app/aboot/aboot.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly validate a certain address value, which allows attackers to write data to a controllable memory location by leveraging the ability to initiate an attempted boot of an arbitrary image.

Affected configurations

NVD

Node

little_kernel_projectlittle_kernel_bootloaderMatch-----android

References

source.android.com/security/bulletin/2016-07-01.html

www.codeaurora.org/projects/security-advisories/lk-insufficient-verification-tagaddr-when-loading-device-tree-cve-2014-0974

1.9 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:M/Au:N/C:N/I:P/A:N

6.6 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

35.2%

JSON

Related for NVD:CVE-2014-0974

cvelist1 cve2 prion2 nvd1