Signature-Verification Code Overwrite Vulnerability in Little Kernel (LK) Bootloader
CVE-2013-2598 · MEDIUM Severity
AV:L/AC:L/AU:N/C:N/I:C/A:C
app/aboot/aboot.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to overwrite signature-verification code via crafted boot-image load-destination header values that specify memory locations within bootloader memory.
Learn more about our Cis Benchmark Audit For Google Android.