CVE-2014-4322 : drivers/misc/qseecom.c in the QSEECOM driver for the Linux kernel 3.x, as used i

drivers/misc/qseecom.c in the QSEECOM driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not validate certain offset, length, and base values within an ioctl call, which allows attackers to gain privileges or cause a denial of service (memory corruption) via a crafted application.

Published 2014-12-24 15:59:00

Updated 2025-04-12 10:46:41

Source MITRE

View at NVD, CVE.org

Vulnerability category: Memory CorruptionDenial of service

Products affected by CVE-2014-4322

Linux » Linux Kernel
Versions from including (>=) 3.0.0 and up to, including, (<=) 3.18.1
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2014-4322

EPSS FAQ

3.45%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 86 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2014-4322

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.2	HIGH	AV:L/AC:L/Au:N/C:C/I:C/A:C	3.9	10.0	NIST
Access Vector: Local Access Complexity: Low Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE ids for CVE-2014-4322

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2014-4322

https://www.codeaurora.org/projects/security-advisories/memory-corruption-qseecom-driver-cve-2014-4322

Page not found - Code Aurora
Patch;Vendor Advisory

Jump to

Vulnerability Details : CVE-2014-4322

Products affected by CVE-2014-4322

Exploit prediction scoring system (EPSS) score for CVE-2014-4322

CVSS scores for CVE-2014-4322

CWE ids for CVE-2014-4322

References for CVE-2014-4322