Vulnerability Details : CVE-2014-0974
The boot_linux_from_mmc function in app/aboot/aboot.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly validate a certain address value, which allows attackers to write data to a controllable memory location by leveraging the ability to initiate an attempted boot of an arbitrary image.
Products affected by CVE-2014-0974
- cpe:2.3:a:little_kernel_project:little_kernel_bootloader:-:-:-:-:-:android:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-0974
0.06%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 14 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-0974
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
1.9
|
LOW | AV:L/AC:M/Au:N/C:N/I:P/A:N |
3.4
|
2.9
|
NIST |
CWE ids for CVE-2014-0974
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-0974
-
https://www.codeaurora.org/projects/security-advisories/lk-insufficient-verification-tagaddr-when-loading-device-tree-cve-2014-0974
Page not found - Code AuroraPatch
-
http://source.android.com/security/bulletin/2016-07-01.html
Android Security Bulletin—July 2016 | Android Open Source Project
Jump to