ID CVE-2012-4220
Summary diagchar_core.c in the Qualcomm Innovation Center (QuIC) Diagnostics (aka DIAG) kernel-mode driver for Android 2.3 through 4.2 allows attackers to execute arbitrary code or cause a denial of service (incorrect pointer dereference) via an application that uses crafted arguments in a local diagchar_ioctl call.
References
Vulnerable Configurations
  • Google Android Operating System 2.3
    cpe:2.3:o:google:android:2.3
  • Google Android Operating System 2.3.1
    cpe:2.3:o:google:android:2.3.1
  • Google Android Operating System 2.3.2
    cpe:2.3:o:google:android:2.3.2
  • Google Android Operating System 2.3.3
    cpe:2.3:o:google:android:2.3.3
  • Google Android Operating System 2.3.4
    cpe:2.3:o:google:android:2.3.4
  • Google Android Operating System 2.3.5
    cpe:2.3:o:google:android:2.3.5
  • Google Android Operating System 2.3.6
    cpe:2.3:o:google:android:2.3.6
  • Google Android Operating System 2.3.7
    cpe:2.3:o:google:android:2.3.7
  • Google Android Operating System 2.3 Revision 1
    cpe:2.3:o:google:android:2.3:rev1
  • Google Android Operating System 3.1
    cpe:2.3:o:google:android:3.1
  • Google Android Operating System 3.2
    cpe:2.3:o:google:android:3.2
  • Google Android Operating System 3.0
    cpe:2.3:o:google:android:3.0
  • Google Android Operating System 3.2.2
    cpe:2.3:o:google:android:3.2.2
  • Google Android Operating System 3.2.1
    cpe:2.3:o:google:android:3.2.1
  • Google Android Operating System 3.2.6
    cpe:2.3:o:google:android:3.2.6
  • Google Android Operating System 3.2.4
    cpe:2.3:o:google:android:3.2.4
  • Google Android Operating System 4.0
    cpe:2.3:o:google:android:4.0
  • Google Android Operating System 4.1
    cpe:2.3:o:google:android:4.1
  • Google Android Operating System 4.0.4
    cpe:2.3:o:google:android:4.0.4
  • Google Android Operating System 4.0.3
    cpe:2.3:o:google:android:4.0.3
  • Google Android Operating System 4.0.2
    cpe:2.3:o:google:android:4.0.2
  • Google Android Operating System 4.0.1
    cpe:2.3:o:google:android:4.0.1
  • Google Android Operating System 4.2 (Jelly Bean)
    cpe:2.3:o:google:android:4.2
CVSS
Base: 6.8 (as of 10-10-2013 - 14:20)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
refmap via4
cert-vn VU#702452
confirm https://www.codeaurora.org/projects/security-advisories/multiple-issues-diagkgsl-system-call-handling-cve-2012-4220-cve-2012
the hacker news via4
id THN:C8A4219AFC2880AC311776A8C10BAE97
last seen 2018-01-27
modified 2017-11-28
published 2017-11-27
reporter Mohit Kumar
source https://thehackernews.com/2017/11/android-spying-app.html
title Google Detects Android Spyware That Spies On WhatsApp, Skype Calls
Last major update 10-10-2013 - 14:28
Published 30-11-2012 - 07:54
Back to Top