Signature-Verification Code Overwrite Vulnerability in Little Kernel (LK) Bootloader

Signature-Verification Code Overwrite Vulnerability in Little Kernel (LK) Bootloader

CVE-2013-2598 · MEDIUM Severity

AV:L/AC:L/AU:N/C:N/I:C/A:C

app/aboot/aboot.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to overwrite signature-verification code via crafted boot-image load-destination header values that specify memory locations within bootloader memory.

Learn more about our Cis Benchmark Audit For Google Android.