Memory corruption in QSEECOM driver (CVE-2014-4322)
Release Date:
December 22, 2014
Affected Projects:
Android for MSMFirefox OS for MSMQRD Android
Advisory ID:
QCIR-2014-00008-1
CVE ID(s):
Summary:
The following security vulnerability has been identified in the QuIC-authored QSEECOM driver. CVE-2014-4322: The qseecom driver provides an ioctl system call interface to user space clients for communication. When processing this communication, the __qseecom_update_cmd_buf function uses the user-supplied value cmd_buf_offset as an index to a buffer for write operations without any boundary checks, allowing a local application with access to the qseecom device node to, e.g., escalate privileges.
Access Vector: Local
Security Risk: Medium
Access Vector: Local
Affected Versions:
All Android releases from CAF using the Linux kernel.
Patch:
Acknowledgement:
Qualcomm Innovation Center, Inc. (QuIC) thanks Gal Beniamini for reporting the related issues and working with QuIC to help improve Android device security.
Revisions:
Initial revision