CVE-2014-0972
published 2014-08-01CVE-2014-0972: The kgsl graphics driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does…
PriorityP431high7.2CVSS 2.0
AVLACLAuNCCICAC
EPSS
0.40%
31.4th percentile
The kgsl graphics driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly prevent write access to IOMMU context registers, which allows local users to select a custom page table, and consequently write to arbitrary memory locations, by using a crafted GPU command stream to modify the contents of a certain register.
Affected
31 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| codeaurora | android-msm | — | — |
| codeaurora | android-msm | — | — |
| codeaurora | android-msm | — | — |
| codeaurora | android-msm | — | — |
| codeaurora | android-msm | — | — |
| codeaurora | android-msm | — | — |
| codeaurora | android-msm | — | — |
| codeaurora | android-msm | — | — |
| codeaurora | android-msm | — | — |
| codeaurora | android-msm | — | — |
| codeaurora | android-msm | — | — |
| codeaurora | android-msm | — | — |
| codeaurora | android-msm | — | — |
| codeaurora | android-msm | — | — |
| codeaurora | android-msm | — | — |
| codeaurora | android-msm | — | — |
| codeaurora | android-msm | — | — |
| codeaurora | android-msm | — | — |
| codeaurora | android-msm | — | — |
| codeaurora | android-msm | — | — |
| codeaurora | android-msm | — | — |
| codeaurora | android-msm | — | — |
| codeaurora | android-msm | — | — |
| codeaurora | android-msm | — | — |
| codeaurora | android-msm | — | — |
CVSS provenance
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
osv7.2HIGH
vendor_debian7.2LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2014-0972: linux - The kgsl graphics driver for the Linux kernel 3.x, as used in Qualcomm Innovatio...
vendor_debian·2014·CVSS 7.2
CVE-2014-0972 [HIGH] CVE-2014-0972: linux - The kgsl graphics driver for the Linux kernel 3.x, as used in Qualcomm Innovatio...
The kgsl graphics driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly prevent write access to IOMMU context registers, which allows local users to select a custom page table, and consequently write to arbitrary memory locations, by using a crafted GPU command stream to modify the contents of a certain register.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
GHSA
GHSA-82p5-w4jh-vwvq: The kgsl graphics driver for the Linux kernel 3
ghsa_unreviewed·2022-05-17
CVE-2014-0972 [HIGH] GHSA-82p5-w4jh-vwvq: The kgsl graphics driver for the Linux kernel 3
The kgsl graphics driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly prevent write access to IOMMU context registers, which allows local users to select a custom page table, and consequently write to arbitrary memory locations, by using a crafted GPU command stream to modify the contents of a certain register.
OSV
CVE-2014-0972: The kgsl graphics driver for the Linux kernel 3
osv·2014-08-01·CVSS 7.2
CVE-2014-0972 [HIGH] CVE-2014-0972: The kgsl graphics driver for the Linux kernel 3
The kgsl graphics driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly prevent write access to IOMMU context registers, which allows local users to select a custom page table, and consequently write to arbitrary memory locations, by using a crafted GPU command stream to modify the contents of a certain register.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2014-08-01
Published