The following security vulnerability has been identified in the QuIC-authored QSEECOM driver.
The qseecom driver provides an ioctl system call interface to user space clients for communication. When processing this communication, the __qseecom_update_cmd_buf function uses the user-supplied value cmd_buf_offset as an index to a buffer for write operations without any boundary checks, allowing a local application with access to the qseecom device node to, e.g., escalate privileges.
Access Vector: local
Security Risk: medium
Vulnerability: CWE-823 (Use of Out-of-range Pointer Offset)
All Android releases from CAF using the Linux kernel.
Qualcomm Innovation Center, Inc. (QuIC) thanks Gal Beniamini for reporting the related issues and working with QuIC to help improve Android device security.