Memory Corruption Vulnerability in MSM-VFE31 Driver for Linux Kernel 3.x

Memory Corruption Vulnerability in MSM-VFE31 Driver for Linux Kernel 3.x

CVE-2014-9410 · CRITICAL Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

The vfe31_proc_general function in drivers/media/video/msm/vfe/msm_vfe31.c in the MSM-VFE31 driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not validate a certain id value, which allows attackers to gain privileges or cause a denial of service (memory corruption) via an application that makes a crafted ioctl call.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.