994751 – (CVE-2014-4322) VUL-1: CVE-2014-4322: kernel-source: android specific qseecom driver problem

Bug 994751 (CVE-2014-4322) - VUL-1: CVE-2014-4322: kernel-source: android specific qseecom driver problem

Summary: VUL-1: CVE-2014-4322: kernel-source: android specific qseecom driver problem

Status:	RESOLVED INVALID

Alias:	CVE-2014-4322

Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents (show other bugs)
Version:	unspecified
Hardware:	Other Other

Priority:	P5 - None Severity: Normal
Target Milestone:	---
Assignee:	E-mail List
QA Contact:	Security Team bot

URL:
Whiteboard:	CVSSv2:SUSE:CVE-2014-4322:7.2:(AV:L/...
Keywords:

Depends on:
Blocks:

Clone This Bug

Reported:	2016-08-20 09:05 UTC by Marcus Meissner
Modified:	2022-02-13 11:15 UTC (History)
CC List:	0 users

See Also:
Found By:	---
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Marcus Meissner 2016-08-20 09:05:20 UTC

via cve db

drivers/misc/qseecom.c in the QSEECOM driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not validate certain offset, length, and base values within an ioctl call, which allows attackers to gain privileges or cause a denial of service (memory corruption) via a crafted application. 

https://www.codeaurora.org/projects/security-advisories/memory-corruption-qseecom-driver-cve-2014-4322

Comment 1 Marcus Meissner 2016-08-20 09:05:54 UTC

This driver is not in the mainline kernel and was never included in SUSE