Linux kernel MDP driver Privilege Escalation Vulnerability (CVE-2014-4323)
Release date:
Updated on:
Affected Systems:
Linux kernel 3.x
Description:
CVE (CAN) ID: CVE-2014-4323
Linux Kernel is the Kernel of the Linux operating system.
Linux kernel 3. in the MDP display driver of x, drivers/video/msm/mdp. c's mdp_lut_hw_update function does not correctly verify some start and length values in the ioctl call. This allows attackers to exploit this vulnerability to gain Elevation of Privilege through constructed applications. Affected programs: Android for MSM, Firefox OS for MSM, QRD Android
<* Source: Gal Beniamini
*>
Suggestion:
Vendor patch:
Linux
-----
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Https://www.codeaurora.org/projects/security-advisories/improper-input-validation-mdp-driver-when-processing-color-maps
Https://www.codeaurora.org/cgit/quic/la//kernel/msm-3.10/commit? Id = 014fa8def84c62893fa016e873c12de1da498603
The Ubuntu 13.10 (Saucy Salamander) Kernel has been upgraded to Linux Kernel 3.10 RC5
Linux Kernel 3.4.62 LTS is now available for download
How to install Linux kernel 13.10 On Ubuntu 3.12
How to install the 3.16.7 CKT2 kernel in Ubuntu 14.10, Ubuntu 14.04, and its derivative versions
Linux Kernel: click here
Linux Kernel: click here
This article permanently updates the link address: