Lucene search

Ubuntu.comUB:CVE-2014-0972

HistoryAug 01, 2014 - 12:00 a.m.

CVE-2014-0972

2014-08-0100:00:00

ubuntu.com

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.1%

JSON

The kgsl graphics driver for the Linux kernel 3.x, as used in Qualcomm
Innovation Center (QuIC) Android contributions for MSM devices and other
products, does not properly prevent write access to IOMMU context
registers, which allows local users to select a custom page table, and
consequently write to arbitrary memory locations, by using a crafted GPU
command stream to modify the contents of a certain register.

Bugs

<https://launchpad.net/bugs/1354019>

Notes

Author	Note
jdstrand	android kernels (goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 13.10 preview kernels android kernels (flo, goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 14.04 preview kernels

References

launchpad.net/bugs/cve/CVE-2014-0972

nvd.nist.gov/vuln/detail/CVE-2014-0972

security-tracker.debian.org/tracker/CVE-2014-0972

www.codeaurora.org/projects/security-advisories/unprivileged-gpu-command-streams-can-change-iommu-page-table-cve-2014

www.cve.org/CVERecord?id=CVE-2014-0972

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for UB:CVE-2014-0972