nvd-json-data-feeds/CVE-2014/CVE-2014-43xx/CVE-2014-4323.json

{
  "id": "CVE-2014-4323",
  "sourceIdentifier": "cve@mitre.org",
  "published": "2014-12-12T11:59:00.063",
  "lastModified": "2020-08-14T18:20:44.343",
  "vulnStatus": "Analyzed",
  "descriptions": [
    {
      "lang": "en",
      "value": "The mdp_lut_hw_update function in drivers/video/msm/mdp.c in the MDP display driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not validate certain start and length values within an ioctl call, which allows attackers to gain privileges via a crafted application."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n mdp_lut_hw_update en drivers/video/msm/mdp.c en el controlador de la pantalla de MDP para el kernel de Linux 3.x, utilizada en las contribuciones de Android Qualcomm Innovation Center (QuIC) para los dispositivos MSM y otros productos, no valida ciertos valores de arranque y longitud dentro de una llamada ioctl, lo que permite a atacantes ganar privilegios a trav\u00e9s de una aplicaci\u00f3n manipulada."
    }
  ],
  "metrics": {
    "cvssMetricV2": [
      {
        "source": "nvd@nist.gov",
        "type": "Primary",
        "cvssData": {
          "version": "2.0",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "accessVector": "NETWORK",
          "accessComplexity": "LOW",
          "authentication": "NONE",
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5
        },
        "baseSeverity": "HIGH",
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "acInsufInfo": false,
        "obtainAllPrivilege": false,
        "obtainUserPrivilege": false,
        "obtainOtherPrivilege": true,
        "userInteractionRequired": false
      }
    ]
  },
  "weaknesses": [
    {
      "source": "nvd@nist.gov",
      "type": "Primary",
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ]
    }
  ],
  "configurations": [
    {
      "nodes": [
        {
          "operator": "OR",
          "negate": false,
          "cpeMatch": [
            {
              "vulnerable": true,
              "criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*",
              "versionStartIncluding": "3.0.0",
              "versionEndIncluding": "3.16.1",
              "matchCriteriaId": "2C4447A2-5E6A-4AB1-9A70-7A5F25C6B2F4"
            }
          ]
        }
      ]
    }
  ],
  "references": [
    {
      "url": "https://www.codeaurora.org/projects/security-advisories/improper-input-validation-mdp-driver-when-processing-color-maps",
      "source": "cve@mitre.org",
      "tags": [
        "Broken Link"
      ]
    }
  ]
}