CVE-2014-4322
published 2014-12-24CVE-2014-4322: drivers/misc/qseecom.c in the QSEECOM driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and…
PriorityP338high7.2CVSS 2.0
AVLACLAuNCCICAC
EXPLOIT
EPSS
2.04%
78.7th percentile
drivers/misc/qseecom.c in the QSEECOM driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not validate certain offset, length, and base values within an ioctl call, which allows attackers to gain privileges or cause a denial of service (memory corruption) via a crafted application.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | linux | — | — |
| linux | linux_kernel | 3.0.0 – 3.18.1 | — |
CVSS provenance
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
osv7.2HIGH
vendor_debian7.2LOW
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-3hqx-6gq9-8f86: drivers/misc/qseecom
ghsa_unreviewed·2022-05-13
CVE-2014-4322 [HIGH] CWE-787 GHSA-3hqx-6gq9-8f86: drivers/misc/qseecom
drivers/misc/qseecom.c in the QSEECOM driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not validate certain offset, length, and base values within an ioctl call, which allows attackers to gain privileges or cause a denial of service (memory corruption) via a crafted application.
OSV
CVE-2014-4322: drivers/misc/qseecom
osv·2014-12-24·CVSS 7.2
CVE-2014-4322 [HIGH] CVE-2014-4322: drivers/misc/qseecom
drivers/misc/qseecom.c in the QSEECOM driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not validate certain offset, length, and base values within an ioctl call, which allows attackers to gain privileges or cause a denial of service (memory corruption) via a crafted application.
Debian
CVE-2014-4322: linux - drivers/misc/qseecom.c in the QSEECOM driver for the Linux kernel 3.x, as used i...
vendor_debian·2014·CVSS 7.2
CVE-2014-4322 [HIGH] CVE-2014-4322: linux - drivers/misc/qseecom.c in the QSEECOM driver for the Linux kernel 3.x, as used i...
drivers/misc/qseecom.c in the QSEECOM driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not validate certain offset, length, and base values within an ioctl call, which allows attackers to gain privileges or cause a denial of service (memory corruption) via a crafted application.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
No detection rules found.
No writeups or analysis indexed.
2014-12-24
Published