Published: 28/09/2014 Updated: 14/05/2015
CVSS v2 Base Score: 6.9 | Impact Score: 10 | Exploitability Score: 3.4

Vulnerability Summary

Buffer overflow in the picolcd_raw_event function in devices/hid/hid-picolcd_core.c in the PicoLCD HID device driver in the Linux kernel through 3.16.3, as used in Android on Nexus 7 devices, allows physically proximate attackers to cause a denial of service (system crash) or possibly execute arbitrary code via a crafted device that sends a large report.

Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Access Complexity: MEDIUM
Authentication: NONE
Access Vector: LOCAL
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Affected Products

Vendor Product Versions
GoogleNexus 7-
LinuxLinux Kernel3.16.0, 3.16.1, 3.16.2, 3.16.3