Fastboot boot command bypasses signature verification (CVE-2014-4325)

Release Date: 
August 5, 2014
Advisory ID: 
QCIR-2014-00006-1
Summary: 

The following security vulnerability has been identified in the implementation of the Little Kernel (LK) bootloader.

CVE-2014-4325:
When processing the boot command in fastboot mode, the Little Kernel bootloader, as used on Android, will not verify that the device is unlocked or that the target does not use signed kernels before booting the downloaded kernel image without verification. A local user can use this flaw to boot arbitrary kernel images via fastboot even when the target uses a signed kernel and the bootloader is locked.

Access Vector: local
Security Risk: critical
Vulnerability: CWE-287 (improper authentication)

Affected versions:
All active branches of the Little Kernel on CAF are affected.

Acknowledgement: 

Qualcomm Innovation Center, Inc. (QuIC) thanks Jon Sawyer for reporting the related issues and working with QuIC to help improve Android device security.

Revisions: 

Initial revision.

Contact: 
security-advisory@quicinc.com