The following security vulnerability has been identified in the camera driver.
The camera driver provides several interfaces to user space clients. The user space clients communicate to the kernel via syscalls such as ioctl or mmap. The camera driver provides an uncontrolled mmap interface that allows an application with access to the device file to map physical memory exceeding the camera driver's memory into user space. A locally installed, unprivileged application can use this flaw to escalate privileges.
Access Vector: local
Security Risk: high
Vulnerability: CWE-749 (exposed dangerous method or function)
All Android releases from CAF prior to May 1, 2013 using the Linux kernel from the following heads:
Customers that make active use of this interface, e.g., when using code from kernel branches prior to April 2012, are encouraged to use the below contact address for further information.
We advise customers to apply the following patches for individual branches.
- msm-3*/jb_mr1 releases that use drivers/media/platform/msm/camera_v1/server/msm_cam_server.c: https://www.codeaurora.org/patches/quic/la/.PATCH_24430_iwoLuwW321heHwW.tar.gz
- jb*/msm-2*/ics releases that use drivers/media/video/msm/server/msm_cam_server.c: https://www.codeaurora.org/patches/quic/la/.PATCH_24430_iwoLuwW321heHwU.tar.gz
- msm-2*/ics*/gingerbread releases that use drivers/media/video/msm/msm.c: https://www.codeaurora.org/patches/quic/la/.PATCH_24430_iwoLuwW321heHwV.tar.gz
Qualcomm Innovation Center, Inc. (QuIC) thanks firstname.lastname@example.org for reporting the related issues and working with QuIC to help improve Android device security.