// For flags

CVE-2014-0974

 

Severity Score

9.1
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

The boot_linux_from_mmc function in app/aboot/aboot.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly validate a certain address value, which allows attackers to write data to a controllable memory location by leveraging the ability to initiate an attempted boot of an arbitrary image.

La funciĆ³n boot_linux_from_mmc en app/aboot/aboot.c en el bootloader Little Kernel (LK), distribuido con las contribuciones de Android Qualcomm Innovation Center (QuIC) para los dispositivos MSM y otros productos, no valida debidamente cierto valor de direcciones, lo que permite a atacantes escribir datos en una localizaciĆ³n de memoria controlable mediante el aprovechamiento de la habilidad de iniciar un intento de arranque de un imagen arbitrario.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
None
Attack Vector
Local
Attack Complexity
Medium
Authentication
None
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2014-01-07 CVE Reserved
  • 2014-08-25 CVE Published
  • 2023-03-08 EPSS Updated
  • 2024-08-06 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-264: Permissions, Privileges, and Access Controls
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Little Kernel Project
Search vendor "Little Kernel Project"
 Little Kernel Bootloader
Search vendor "Little Kernel Project" for product "Little Kernel Bootloader"
-android
Affected