Memory corruption in QSEECOM driver (CVE-2014-4322)

Release Date: 
December 22, 2014
Advisory ID: 
QCIR-2014-00008-1
Summary: 

The following security vulnerability has been identified in the QuIC-authored QSEECOM driver.

CVE-2014-4322:
The qseecom driver provides an ioctl system call interface to user space clients for communication. When processing this communication, the __qseecom_update_cmd_buf function uses the user-supplied value cmd_buf_offset as an index to a buffer for write operations without any boundary checks, allowing a local application with access to the qseecom device node to, e.g., escalate privileges.

Access Vector: local
Security Risk: medium
Vulnerability: CWE-823 (Use of Out-of-range Pointer Offset)

Affected versions:
All Android releases from CAF using the Linux kernel.

Acknowledgement: 

Qualcomm Innovation Center, Inc. (QuIC) thanks Gal Beniamini for reporting the related issues and working with QuIC to help improve Android device security.

Revisions: 

Initial revision.

Contact: 
security-advisory@quicinc.com