The following security vulnerabilities have been identified in the camera driver.
The camera driver provides an ioctl system call interface to user space clients for communication. When processing this communication, the msm_ioctl_server, msm_server_send_ctrl, and msm_ctrl_cmd_done functions use a user-supplied value as an index to the server_queue array for read and write operations without any boundary checks. A local application with access to the camera device nodes can use this flaw to, e.g., elevate privileges.
Access Vector: local
Security Risk: high
Vulnerability: CWE-129 (improper validation of array index)
All Android releases from CAF using the Linux kernel from the following heads:
We advise customers to apply the following patches:
Qualcomm Innovation Center, Inc. (QuIC) thanks firstname.lastname@example.org for reporting the related issues and working with QuIC to help improve Android device security.