Lucene search

Ubuntu.comUB:CVE-2014-4323

HistoryDec 12, 2014 - 12:00 a.m.

CVE-2014-4323

2014-12-1200:00:00

ubuntu.com

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

42.1%

JSON

The mdp_lut_hw_update function in drivers/video/msm/mdp.c in the MDP
display driver for the Linux kernel 3.x, as used in Qualcomm Innovation
Center (QuIC) Android contributions for MSM devices and other products,
does not validate certain start and length values within an ioctl call,
which allows attackers to gain privileges via a crafted application.

Bugs

<https://launchpad.net/bugs/1403851>

Notes

Author	Note
jdstrand	android kernels (flo, goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 14.04 preview kernels linux-lts-saucy no longer receives official support linux-lts-quantal no longer receives official support

References

launchpad.net/bugs/cve/CVE-2014-4323

nvd.nist.gov/vuln/detail/CVE-2014-4323

security-tracker.debian.org/tracker/CVE-2014-4323

www.codeaurora.org/projects/security-advisories/improper-input-validation-mdp-driver-when-processing-color-maps

www.cve.org/CVERecord?id=CVE-2014-4323

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

42.1%

JSON

Related for UB:CVE-2014-4323