LK – Improper partition bounds checking when flashing sparse images (CVE-2015-0567)
Release Date:
May 12, 2015
Affected Projects:
Android for MSMFirefox OS for MSMQRD Android
Advisory ID:
QCIR-2015-00002-1
CVE ID(s):
Summary:
The following security vulnerability has been identified in the implementation of the Little Kernel (LK) bootloader. CVE-2015-0567: The Little Kernel (LK) application bootloader is not ensuring that write operations stay within partition boundaries when flashing sparse images via fastboot. This is possible because certain sparse chunk types allow adjusting the write destination offset past the partition boundary. This is a problem for additional custom image verification on top of the fastboot flash commands for certain partition names, while not doing so for others. This can lead to boot failures or the possibility of bypassing such verification routines.
Access Vector: Local
Security Risk: High
Access Vector: Local
Affected Versions:
All active branches of Little Kernel on CAF are affected.
Patch:
We advise customers to apply the following patches:
Acknowledgement:
Qualcomm Innovation Center, Inc. (QuIC) thanks Lee Harrison and Michael Contreras for reporting the related issues and working with QuIC to help improve Android device security.
Revisions:
Initial revision