CVE-2014-0972

{"id": "CVE-2014-0972", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.2, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-08-01T11:13:08.353", "references": [{"url": "https://www.codeaurora.org/projects/security-advisories/unprivileged-gpu-command-streams-can-change-the-iommu-page-table-cve-2014-0972", "source": "cve@mitre.org"}, {"url": "https://www.codeaurora.org/projects/security-advisories/unprivileged-gpu-command-streams-can-change-the-iommu-page-table-cve-2014-0972", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "The kgsl graphics driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly prevent write access to IOMMU context registers, which allows local users to select a custom page table, and consequently write to arbitrary memory locations, by using a crafted GPU command stream to modify the contents of a certain register."}, {"lang": "es", "value": "El controlador kgsl graphics para el kernel de Linux 3.x, utilizado en las contribuciones de Qualcomm Innovation Center (QuIC) Android para los dispositivos MSM y otros productos, no previene debidamente el acceso de escritura a los registros de contexto IOMMU, lo que permite a usuarios locales seleccionar una tabla de p\u00e1ginas personalizadas, y como consecuencia escribir en localizaciones arbitrarias de la memoria, mediante el uso de un flujo manipulado de comandos GPU para modificar los contenidos de cierto registro."}], "lastModified": "2025-04-12T10:46:40.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:codeaurora:android-msm:3.2.54:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "82BFCD06-425A-469F-BD52-56C78AB11D54"}, {"criteria": "cpe:2.3:o:codeaurora:android-msm:3.4.72:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B2E29DBF-4869-41F8-85F6-091F1B34D8F8"}, {"criteria": "cpe:2.3:o:codeaurora:android-msm:3.4.73:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6D3B42C6-F8F7-493C-81AD-A112A207FC58"}, {"criteria": "cpe:2.3:o:codeaurora:android-msm:3.4.74:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6F7F6E06-C45C-47E5-B745-33B1A5083F43"}, {"criteria": "cpe:2.3:o:codeaurora:android-msm:3.4.75:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4C8DB4C3-3A34-496E-9422-3D7E1425B7D8"}, {"criteria": "cpe:2.3:o:codeaurora:android-msm:3.4.76:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9B167417-35A9-42BA-874E-0B32EE44AFE4"}, {"criteria": "cpe:2.3:o:codeaurora:android-msm:3.4.77:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F93FA4BD-DD95-4402-AC27-C1FB86469A52"}, {"criteria": "cpe:2.3:o:codeaurora:android-msm:3.4.78:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AF6C0F8A-CD4A-4B7C-84D2-79150FBAAFF5"}, {"criteria": "cpe:2.3:o:codeaurora:android-msm:3.4.79:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E392CFA9-C390-4F31-A826-5D2BE237FFD8"}, {"criteria": "cpe:2.3:o:codeaurora:android-msm:3.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DA49E4BE-25FF-469E-BD82-390F1F705673"}, {"criteria": "cpe:2.3:o:codeaurora:android-msm:3.10.22:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FD74D1CD-DBA8-487D-AE08-F3565B12B5D3"}, {"criteria": "cpe:2.3:o:codeaurora:android-msm:3.10.23:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9A00D89D-63B9-425D-AF50-B274491FA470"}, {"criteria": "cpe:2.3:o:codeaurora:android-msm:3.10.24:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F18C21F4-F5AB-49D0-8B77-6768337B391A"}, {"criteria": "cpe:2.3:o:codeaurora:android-msm:3.10.25:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "16CCD06D-0248-4802-8FAB-A8411F102078"}, {"criteria": "cpe:2.3:o:codeaurora:android-msm:3.10.26:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "08315601-ECBF-489B-8482-4D075ABB8B94"}, {"criteria": "cpe:2.3:o:codeaurora:android-msm:3.10.27:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "93FEF076-6924-4671-A7B4-619582B1F491"}, {"criteria": "cpe:2.3:o:codeaurora:android-msm:3.10.28:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0E89A6BA-599E-4C5F-B60F-FF8175A1EE57"}, {"criteria": "cpe:2.3:o:codeaurora:android-msm:3.10.29:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1D0D9E5A-3D4D-41F3-85DE-AA029C0ED86F"}, {"criteria": "cpe:2.3:o:codeaurora:android-msm:3.12.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DC580424-3A41-4110-9CDD-C72B52FD360A"}, {"criteria": "cpe:2.3:o:codeaurora:android-msm:3.12.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A88D6F21-5D58-4BF2-A3DD-6E1C21A464E8"}, {"criteria": "cpe:2.3:o:codeaurora:android-msm:3.12.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5D16E881-C08D-4C23-BA7F-C2811EA65E6D"}, {"criteria": "cpe:2.3:o:codeaurora:android-msm:3.12.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "677023A0-0628-41D0-99B7-CEF547DA7249"}, {"criteria": "cpe:2.3:o:codeaurora:android-msm:3.12.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DD77E075-1B20-4EE2-A14F-49772963E589"}, {"criteria": "cpe:2.3:o:codeaurora:android-msm:3.12.8:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E85620CE-8085-4FE9-B8FE-11585FB2C4AF"}, {"criteria": "cpe:2.3:o:codeaurora:android-msm:3.12.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "24FC9829-EF73-4FF6-B752-8EFB4223703A"}, {"criteria": "cpe:2.3:o:codeaurora:android-msm:3.12.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6F416D6E-9CF0-47E3-BEF9-97571888FB47"}, {"criteria": "cpe:2.3:o:codeaurora:android-msm:3.13:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C5B7FC7D-3287-4B15-879E-321F663EB508"}, {"criteria": "cpe:2.3:o:codeaurora:android-msm:3.13:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D1A9A837-2771-4443-A18A-1CE2386FBBF6"}, {"criteria": "cpe:2.3:o:codeaurora:android-msm:3.13:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E6016DD8-1AB1-43F9-9652-A47FD48861E0"}, {"criteria": "cpe:2.3:o:codeaurora:android-msm:3.13:rc3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "23289CA4-3FE3-43E7-9793-3120928DD43D"}, {"criteria": "cpe:2.3:o:codeaurora:android-msm:3.13:rc4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "631355B2-8B51-4F16-8733-9C54539E77C8"}, {"criteria": "cpe:2.3:o:codeaurora:android-msm:3.13:rc5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3BCE7F05-607F-48E2-B371-FBDCA585561A"}, {"criteria": "cpe:2.3:o:codeaurora:android-msm:3.13:rc6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "177D555B-CD3B-4E3E-97BD-103AB2A6051A"}, {"criteria": "cpe:2.3:o:codeaurora:android-msm:3.13:rc7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "45A19E0E-D07B-43E6-B334-A7A3FE4367C5"}, {"criteria": "cpe:2.3:o:codeaurora:android-msm:3.13:rc8:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A8C0E4F9-F1B8-459B-9A4F-42164EBCFD61"}, {"criteria": "cpe:2.3:o:codeaurora:android-msm:3.13.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0D220E16-C172-4A6A-971B-6B1B6CA6AA8F"}, {"criteria": "cpe:2.3:o:codeaurora:android-msm:3.13.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D45AF000-98BE-4C23-8E40-A8E202800DC7"}, {"criteria": "cpe:2.3:o:codeaurora:android-msm:3.14:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7E922227-ADB4-41CC-AC2E-10D0F9FD165E"}, {"criteria": "cpe:2.3:o:codeaurora:android-msm:3.14:rc2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C0BED70D-0E2E-433A-A8B1-3418793969CD"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}