Memory Write Vulnerability in Little Kernel (LK) Bootloader

Memory Write Vulnerability in Little Kernel (LK) Bootloader

CVE-2014-0974 · LOW Severity

AV:L/AC:M/AU:N/C:N/I:P/A:N

The boot_linux_from_mmc function in app/aboot/aboot.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly validate a certain address value, which allows attackers to write data to a controllable memory location by leveraging the ability to initiate an attempted boot of an arbitrary image.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.