Improper Input Validation Affecting torvalds/linux package, versions [3.0,4.0)


Severity

Recommended
0.0
critical
0
10

CVSS assessment by Snyk's Security Team. Learn more

Threat Intelligence

EPSS
1.3% (67th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-UNMANAGED-TORVALDSLINUX-3004772
  • published26 Jan 2022
  • disclosed7 Aug 2016
  • creditUnknown

Introduced: 7 Aug 2016

CVE-2014-9410  (opens in a new tab)
CWE-20  (opens in a new tab)

How to fix?

Upgrade torvalds/linux to version 4.0 or higher.

Overview

Affected versions of this package are vulnerable to Improper Input Validation. The vfe31_proc_general function in drivers/media/video/msm/vfe/msm_vfe31.c in the MSM-VFE31 driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not validate a certain id value, which allows attackers to gain privileges or cause a denial of service (memory corruption) via an application that makes a crafted ioctl call.

References

CVSS Base Scores

version 3.1