Heap overflow in Little Kernel in bootloader prior to SMR Mar-2024 Release 1 allows a privileged attacker to execute arbitrary code.
Max CVSS
6.4
EPSS Score
0.04%
Published
2024-03-05
Updated
2024-03-05
Stack overflow in Little Kernel in bootloader prior to SMR Mar-2024 Release 1 allows a privileged attackers to execute arbitrary code.
Max CVSS
6.4
EPSS Score
0.04%
Published
2024-03-05
Updated
2024-03-05
The cmd_boot function in app/aboot/aboot.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to bypass intended device-lock and kernel-signature restrictions by using fastboot mode in a boot command for an arbitrary kernel image.
Max CVSS
7.2
EPSS Score
0.09%
Published
2014-08-25
Updated
2014-08-28
The boot_linux_from_mmc function in app/aboot/aboot.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly validate a certain address value, which allows attackers to write data to a controllable memory location by leveraging the ability to initiate an attempted boot of an arbitrary image.
Max CVSS
1.9
EPSS Score
0.08%
Published
2014-08-25
Updated
2016-07-13
The image_verify function in platform/msm_shared/image_verify.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not check whether a certain digest size is consistent with the RSA_public_decrypt API specification, which makes it easier for attackers to bypass boot-image authentication requirements via trailing data.
Max CVSS
7.2
EPSS Score
0.08%
Published
2014-08-25
Updated
2016-07-13
5 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!