{"vuid":"VU#702452","idnumber":"702452","name":"Qualcomm Android OS kernel privilege escalation and denial of service vulnerabilites","keywords":["android","kernel","dos","ginerbread","ice cream sandwich","jelly bean"],"overview":"Android OS kernels running on certain Qualcomm devices contain multiple vulnerabilities which could allow an attacker to cause privilege escalation or Denial of Service (DoS).","clean_desc":"The Qualcomm Innovation Center, Inc. advisory states: Summary: A locally installed application can cause privilege escalation or Denial of Service (DoS) by passing a specially crafted input to diagchar_ioctl call of Diagnostics (DIAG) kernel mode driver for Android. The involved CVE IDs are CVE-2012-4220 (untrusted pointer dereference), CVE-2012-4221 (integer overflow). A patch which can be applied to Gingerbread, Ice Cream Sandwich and Jelly Bean source is made available from the location below. A locally installed application can cause DoS by passing a specially crafted input to kgsl_ioctl call of Graphics KGSL kernel mode driver for Android. The involved CVE ID is CVE-2012-4222 (null pointer dereference). A patch which can be applied to Gingerbread, Ice Cream Sandwich and Jelly Bean source is made available from the location below. Affected version: All Android releases from CAF prior to November 15, 2012 using Linux kernel from the following heads: msm-3.4, msm-3.0, jb_*, ics_*, gingerbread_* Note: Permission changes in ICS and Jelly Bean that restrict /dev/diag access to qcom_diag group mitigate CVE-2012-4220 and CVE-2012-4221.","impact":"By convincing a user to install a specially crafted android application, a remote attacker may be able to cause a privilege escalation or Denial of Service (DoS) allowing them to gain control of the affected device.","resolution":"Update The vendor states that these vulnerabilities have been addressed in PATCH_17010_jweEF843feG. Users are advised to apply the patch to affected devices. Fix for CVE-2012-4220 and CVE-2012-4221 in msm-3.4 can be found here. Fix for CVE-2012-4222 in msm-3.4 can be found here.","workarounds":"","sysaffected":"","thanks":"Thanks to giantpune@gmail.com for reporting this vulnerability.","author":"This document was written by Michael Orlando.","public":["https://www.codeaurora.org/participate/security-advisories/cve-2012-4220-cve-2012-4221-cve-2012-4222/","https://www.codeaurora.org/patches/quic/la/.PATCH_17010_jweEF843feG.tar.gz"],"cveids":["CVE-2012-4220","CVE-2012-4221","CVE-2012-4222"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2012-10-30T15:00:13Z","publicdate":"2012-11-15T00:00:00Z","datefirstpublished":"2012-12-07T14:06:13Z","dateupdated":"2014-08-15T02:30:40Z","revision":16,"vrda_d1_directreport":"1","vrda_d1_population":"3","vrda_d1_impact":"3","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"L","cvss_accesscomplexity":"M","cvss_authentication":null,"cvss_confidentialityimpact":"C","cvss_integrityimpact":"C","cvss_availabilityimpact":"C","cvss_exploitablity":null,"cvss_remediationlevel":"OF","cvss_reportconfidence":"C","cvss_collateraldamagepotential":"ND","cvss_targetdistribution":"M","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"6.6","cvss_basevector":"AV:L/AC:M/Au:S/C:C/I:C/A:C","cvss_temporalscore":"5.2","cvss_environmentalscore":"3.853205790336","cvss_environmentalvector":"CDP:ND/TD:M/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}