Fastboot boot command bypasses signature verification (CVE-2014-4325)

Release Date:

August 5, 2014

Affected Projects:

Android for MSMFirefox OS for MSMQRD Android

Advisory ID:

QCIR-2014-00006-1

CVE ID(s):

CVE-2014-4325

Summary:

The following security vulnerability has been identified in the implementation of the Little Kernel (LK) bootloader. CVE-2014-4325: When processing the boot command in fastboot mode, the Little Kernel bootloader, as used on Android, will not verify that the device is unlocked or that the target does not use signed kernels before booting the downloaded kernel image without verification. A local user can use this flaw to boot arbitrary kernel images via fastboot even when the target uses a signed kernel and the bootloader is locked.

Access Vector: Local
Security Risk: Critical
Access Vector: Local

Affected Versions:

All active branches of the Little Kernel on CAF are affected.

Patch:

We advise customers to apply the following patches:

Acknowledgement:

Qualcomm Innovation Center, Inc. (QuIC) thanks Jon Sawyer for reporting the related issues and working with QuIC to help improve Android device security.

Revisions:

Initial revision

Contact:

security-advisory@quicinc.com