Privilege escalation vulnerability in MDP display driver for Linux kernel 3.x

Privilege escalation vulnerability in MDP display driver for Linux kernel 3.x

CVE-2014-4323 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

The mdp_lut_hw_update function in drivers/video/msm/mdp.c in the MDP display driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not validate certain start and length values within an ioctl call, which allows attackers to gain privileges via a crafted application.

Learn more about our Cis Benchmark Audit For Distribution Independent Linux.