CVE-2014-0973

Published: 25/08/2014 Updated: 13/07/2016

CVSS v2 Base Score: 7.2 | Impact Score: 10 | Exploitability Score: 3.9

VMScore: 641

Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C

The image_verify function in platform/msm_shared/image_verify.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not check whether a certain digest size is consistent with the RSA_public_decrypt API specification, which makes it easier for malicious users to bypass boot-image authentication requirements via trailing data.

Vulnerable Product	Search on Vulmon	Subscribe to Product
little kernel project little kernel bootloader -

A signing tool for exploitable bootloaders

cuber This is a tool that signs recovery and boot images for Little Kernel bootloaders affected by CVE-2014-0973 vulnerability cuber has been tested working for 3rd-generation Kindle Fire HDX tablets with firmware versions older than 14/13324 Most likely affects many other devices using Little Kernel bootloaders built prior to June 13, 2014 requirements gcc libmpc-dev li

CWE-287 https://www.codeaurora.org/projects/security-advisories/incomplete-signature-parsing-during-boot-image-authentication-leads-to-signature-forgery-cve-2014-0973 http://source.android.com/security/bulletin/2016-07-01.html https://nvd.nist.gov https://github.com/Verteo/Cuber

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Product List Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2014-0973

Vulnerability Summary

Github Repositories

References

Vulmon Search

About

Products

Connect