CVE-2014-4323
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
The mdp_lut_hw_update function in drivers/video/msm/mdp.c in the MDP display driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not validate certain start and length values within an ioctl call, which allows attackers to gain privileges via a crafted application.
La función mdp_lut_hw_update en drivers/video/msm/mdp.c en el controlador de la pantalla de MDP para el kernel de Linux 3.x, utilizada en las contribuciones de Android Qualcomm Innovation Center (QuIC) para los dispositivos MSM y otros productos, no valida ciertos valores de arranque y longitud dentro de una llamada ioctl, lo que permite a atacantes ganar privilegios a través de una aplicación manipulada.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2014-06-18 CVE Reserved
- 2014-12-12 CVE Published
- 2022-04-14 First Exploit
- 2023-03-07 EPSS Updated
- 2024-08-06 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-20: Improper Input Validation
CAPEC
References (2)
| URL | Tag | Source |
|---|---|---|
| https://www.codeaurora.org/projects/security-advisories/improper-input-validation-mdp-driver-when-processing-color-maps | Broken Link |
| URL | Date | SRC |
|---|---|---|
| https://github.com/marcograss/cve-2014-4323 | 2022-04-14 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Linux Search vendor "Linux" | Linux Kernel Search vendor "Linux" for product "Linux Kernel" | >= 3.0.0 <= 3.16.1 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.0.0 <= 3.16.1" | - |
Affected
| ||||||