cvelistv5 - CVE-2014-0972

CVE-2014-0972 (GCVE-0-2014-0972)

Vulnerability from cvelistv5

Published

2014-08-01 10:00

Modified

2024-08-06 09:34

Severity ?

CWE

Summary

The kgsl graphics driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly prevent write access to IOMMU context registers, which allows local users to select a custom page table, and consequently write to arbitrary memory locations, by using a crafted GPU command stream to modify the contents of a certain register.

References

▼	URL	Tags
	cve@mitre.org	https://www.codeaurora.org/projects/security-advisories/unprivileged-gpu-command-streams-can-change-the-iommu-page-table-cve-2014-0972
	af854a3a-2127-422b-91ae-364da2661108	https://www.codeaurora.org/projects/security-advisories/unprivileged-gpu-command-streams-can-change-the-iommu-page-table-cve-2014-0972

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T09:34:40.748Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.codeaurora.org/projects/security-advisories/unprivileged-gpu-command-streams-can-change-the-iommu-page-table-cve-2014-0972"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2014-07-23T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The kgsl graphics driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly prevent write access to IOMMU context registers, which allows local users to select a custom page table, and consequently write to arbitrary memory locations, by using a crafted GPU command stream to modify the contents of a certain register."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-08-25T18:57:00",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.codeaurora.org/projects/security-advisories/unprivileged-gpu-command-streams-can-change-the-iommu-page-table-cve-2014-0972"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-0972",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The kgsl graphics driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly prevent write access to IOMMU context registers, which allows local users to select a custom page table, and consequently write to arbitrary memory locations, by using a crafted GPU command stream to modify the contents of a certain register."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.codeaurora.org/projects/security-advisories/unprivileged-gpu-command-streams-can-change-the-iommu-page-table-cve-2014-0972",
              "refsource": "CONFIRM",
              "url": "https://www.codeaurora.org/projects/security-advisories/unprivileged-gpu-command-streams-can-change-the-iommu-page-table-cve-2014-0972"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2014-0972",
    "datePublished": "2014-08-01T10:00:00",
    "dateReserved": "2014-01-07T00:00:00",
    "dateUpdated": "2024-08-06T09:34:40.748Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2014-0972\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2014-08-01T11:13:08.353\",\"lastModified\":\"2025-04-12T10:46:40.837\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The kgsl graphics driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly prevent write access to IOMMU context registers, which allows local users to select a custom page table, and consequently write to arbitrary memory locations, by using a crafted GPU command stream to modify the contents of a certain register.\"},{\"lang\":\"es\",\"value\":\"El controlador kgsl graphics para el kernel de Linux 3.x, utilizado en las contribuciones de Qualcomm Innovation Center (QuIC) Android para los dispositivos MSM y otros productos, no previene debidamente el acceso de escritura a los registros de contexto IOMMU, lo que permite a usuarios locales seleccionar una tabla de p\u00e1ginas personalizadas, y como consecuencia escribir en localizaciones arbitrarias de la memoria, mediante el uso de un flujo manipulado de comandos GPU para modificar los contenidos de cierto registro.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":7.2,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":3.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-264\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:codeaurora:android-msm:3.2.54:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"82BFCD06-425A-469F-BD52-56C78AB11D54\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:codeaurora:android-msm:3.4.72:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"B2E29DBF-4869-41F8-85F6-091F1B34D8F8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:codeaurora:android-msm:3.4.73:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D3B42C6-F8F7-493C-81AD-A112A207FC58\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:codeaurora:android-msm:3.4.74:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F7F6E06-C45C-47E5-B745-33B1A5083F43\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:codeaurora:android-msm:3.4.75:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"4C8DB4C3-3A34-496E-9422-3D7E1425B7D8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:codeaurora:android-msm:3.4.76:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B167417-35A9-42BA-874E-0B32EE44AFE4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:codeaurora:android-msm:3.4.77:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F93FA4BD-DD95-4402-AC27-C1FB86469A52\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:codeaurora:android-msm:3.4.78:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"AF6C0F8A-CD4A-4B7C-84D2-79150FBAAFF5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:codeaurora:android-msm:3.4.79:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E392CFA9-C390-4F31-A826-5D2BE237FFD8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:codeaurora:android-msm:3.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DA49E4BE-25FF-469E-BD82-390F1F705673\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:codeaurora:android-msm:3.10.22:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FD74D1CD-DBA8-487D-AE08-F3565B12B5D3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:codeaurora:android-msm:3.10.23:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9A00D89D-63B9-425D-AF50-B274491FA470\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:codeaurora:android-msm:3.10.24:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F18C21F4-F5AB-49D0-8B77-6768337B391A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:codeaurora:android-msm:3.10.25:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"16CCD06D-0248-4802-8FAB-A8411F102078\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:codeaurora:android-msm:3.10.26:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"08315601-ECBF-489B-8482-4D075ABB8B94\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:codeaurora:android-msm:3.10.27:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"93FEF076-6924-4671-A7B4-619582B1F491\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:codeaurora:android-msm:3.10.28:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0E89A6BA-599E-4C5F-B60F-FF8175A1EE57\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:codeaurora:android-msm:3.10.29:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"1D0D9E5A-3D4D-41F3-85DE-AA029C0ED86F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:codeaurora:android-msm:3.12.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DC580424-3A41-4110-9CDD-C72B52FD360A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:codeaurora:android-msm:3.12.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A88D6F21-5D58-4BF2-A3DD-6E1C21A464E8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:codeaurora:android-msm:3.12.5:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5D16E881-C08D-4C23-BA7F-C2811EA65E6D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:codeaurora:android-msm:3.12.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"677023A0-0628-41D0-99B7-CEF547DA7249\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:codeaurora:android-msm:3.12.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DD77E075-1B20-4EE2-A14F-49772963E589\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:codeaurora:android-msm:3.12.8:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E85620CE-8085-4FE9-B8FE-11585FB2C4AF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:codeaurora:android-msm:3.12.9:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"24FC9829-EF73-4FF6-B752-8EFB4223703A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:codeaurora:android-msm:3.12.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"6F416D6E-9CF0-47E3-BEF9-97571888FB47\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:codeaurora:android-msm:3.13:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C5B7FC7D-3287-4B15-879E-321F663EB508\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:codeaurora:android-msm:3.13:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"D1A9A837-2771-4443-A18A-1CE2386FBBF6\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:codeaurora:android-msm:3.13:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"E6016DD8-1AB1-43F9-9652-A47FD48861E0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:codeaurora:android-msm:3.13:rc3:*:*:*:*:*:*\",\"matchCriteriaId\":\"23289CA4-3FE3-43E7-9793-3120928DD43D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:codeaurora:android-msm:3.13:rc4:*:*:*:*:*:*\",\"matchCriteriaId\":\"631355B2-8B51-4F16-8733-9C54539E77C8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:codeaurora:android-msm:3.13:rc5:*:*:*:*:*:*\",\"matchCriteriaId\":\"3BCE7F05-607F-48E2-B371-FBDCA585561A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:codeaurora:android-msm:3.13:rc6:*:*:*:*:*:*\",\"matchCriteriaId\":\"177D555B-CD3B-4E3E-97BD-103AB2A6051A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:codeaurora:android-msm:3.13:rc7:*:*:*:*:*:*\",\"matchCriteriaId\":\"45A19E0E-D07B-43E6-B334-A7A3FE4367C5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:codeaurora:android-msm:3.13:rc8:*:*:*:*:*:*\",\"matchCriteriaId\":\"A8C0E4F9-F1B8-459B-9A4F-42164EBCFD61\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:codeaurora:android-msm:3.13.1:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"0D220E16-C172-4A6A-971B-6B1B6CA6AA8F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:codeaurora:android-msm:3.13.2:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"D45AF000-98BE-4C23-8E40-A8E202800DC7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:codeaurora:android-msm:3.14:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"7E922227-ADB4-41CC-AC2E-10D0F9FD165E\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:codeaurora:android-msm:3.14:rc2:*:*:*:*:*:*\",\"matchCriteriaId\":\"C0BED70D-0E2E-433A-A8B1-3418793969CD\"}]}]}],\"references\":[{\"url\":\"https://www.codeaurora.org/projects/security-advisories/unprivileged-gpu-command-streams-can-change-the-iommu-page-table-cve-2014-0972\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.codeaurora.org/projects/security-advisories/unprivileged-gpu-command-streams-can-change-the-iommu-page-table-cve-2014-0972\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

ghsa-82p5-w4jh-vwvq

Vulnerability from github

Published

2022-05-17 04:01

Modified

2022-05-17 04:01

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2014-0972"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2014-08-01T11:13:00Z",
    "severity": "HIGH"
  },
  "details": "The kgsl graphics driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly prevent write access to IOMMU context registers, which allows local users to select a custom page table, and consequently write to arbitrary memory locations, by using a crafted GPU command stream to modify the contents of a certain register.",
  "id": "GHSA-82p5-w4jh-vwvq",
  "modified": "2022-05-17T04:01:16Z",
  "published": "2022-05-17T04:01:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2014-0972"
    },
    {
      "type": "WEB",
      "url": "https://www.codeaurora.org/projects/security-advisories/unprivileged-gpu-command-streams-can-change-the-iommu-page-table-cve-2014-0972"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

gsd-2014-0972

Vulnerability from gsd

Modified

2023-12-13 01:22

Details

Aliases

CVE-2014-0972

Aliases

CVE-2014-0972

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2014-0972",
    "description": "The kgsl graphics driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly prevent write access to IOMMU context registers, which allows local users to select a custom page table, and consequently write to arbitrary memory locations, by using a crafted GPU command stream to modify the contents of a certain register.",
    "id": "GSD-2014-0972"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2014-0972"
      ],
      "details": "The kgsl graphics driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly prevent write access to IOMMU context registers, which allows local users to select a custom page table, and consequently write to arbitrary memory locations, by using a crafted GPU command stream to modify the contents of a certain register.",
      "id": "GSD-2014-0972",
      "modified": "2023-12-13T01:22:44.740965Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2014-0972",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The kgsl graphics driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly prevent write access to IOMMU context registers, which allows local users to select a custom page table, and consequently write to arbitrary memory locations, by using a crafted GPU command stream to modify the contents of a certain register."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.codeaurora.org/projects/security-advisories/unprivileged-gpu-command-streams-can-change-the-iommu-page-table-cve-2014-0972",
            "refsource": "CONFIRM",
            "url": "https://www.codeaurora.org/projects/security-advisories/unprivileged-gpu-command-streams-can-change-the-iommu-page-table-cve-2014-0972"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.10.22:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.10.27:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.10.29:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.12.8:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.13:rc7:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.13.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.4.72:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.4.74:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.4.76:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.12.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.12.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.12.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.12.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.12.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.13.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.14:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.14:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.2.54:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.10.23:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.10.24:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.10.25:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.10.26:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.13:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.13:rc3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.13:rc4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.13:rc5:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.4.77:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.4.78:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.4.79:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.10.28:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.12.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.12.9:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.13:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.13:rc6:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.13:rc8:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.4.73:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.4.75:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2014-0972"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The kgsl graphics driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly prevent write access to IOMMU context registers, which allows local users to select a custom page table, and consequently write to arbitrary memory locations, by using a crafted GPU command stream to modify the contents of a certain register."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-264"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.codeaurora.org/projects/security-advisories/unprivileged-gpu-command-streams-can-change-the-iommu-page-table-cve-2014-0972",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://www.codeaurora.org/projects/security-advisories/unprivileged-gpu-command-streams-can-change-the-iommu-page-table-cve-2014-0972"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2015-12-04T16:16Z",
      "publishedDate": "2014-08-01T11:13Z"
    }
  }
}

fkie_cve-2014-0972

Vulnerability from fkie_nvd

Published

2014-08-01 11:13

Modified

2025-04-12 10:46

Severity ?

Summary

References

▼	URL	Tags
	cve@mitre.org	https://www.codeaurora.org/projects/security-advisories/unprivileged-gpu-command-streams-can-change-the-iommu-page-table-cve-2014-0972
	af854a3a-2127-422b-91ae-364da2661108	https://www.codeaurora.org/projects/security-advisories/unprivileged-gpu-command-streams-can-change-the-iommu-page-table-cve-2014-0972

Impacted products

Vendor	Product	Version
codeaurora	android-msm	3.2.54
codeaurora	android-msm	3.4.72
codeaurora	android-msm	3.4.73
codeaurora	android-msm	3.4.74
codeaurora	android-msm	3.4.75
codeaurora	android-msm	3.4.76
codeaurora	android-msm	3.4.77
codeaurora	android-msm	3.4.78
codeaurora	android-msm	3.4.79
codeaurora	android-msm	3.10
codeaurora	android-msm	3.10.22
codeaurora	android-msm	3.10.23
codeaurora	android-msm	3.10.24
codeaurora	android-msm	3.10.25
codeaurora	android-msm	3.10.26
codeaurora	android-msm	3.10.27
codeaurora	android-msm	3.10.28
codeaurora	android-msm	3.10.29
codeaurora	android-msm	3.12.3
codeaurora	android-msm	3.12.4
codeaurora	android-msm	3.12.5
codeaurora	android-msm	3.12.6
codeaurora	android-msm	3.12.7
codeaurora	android-msm	3.12.8
codeaurora	android-msm	3.12.9
codeaurora	android-msm	3.12.10
codeaurora	android-msm	3.13
codeaurora	android-msm	3.13
codeaurora	android-msm	3.13
codeaurora	android-msm	3.13
codeaurora	android-msm	3.13
codeaurora	android-msm	3.13
codeaurora	android-msm	3.13
codeaurora	android-msm	3.13
codeaurora	android-msm	3.13
codeaurora	android-msm	3.13.1
codeaurora	android-msm	3.13.2
codeaurora	android-msm	3.14
codeaurora	android-msm	3.14

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:codeaurora:android-msm:3.2.54:*:*:*:*:*:*:*",
              "matchCriteriaId": "82BFCD06-425A-469F-BD52-56C78AB11D54",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:codeaurora:android-msm:3.4.72:*:*:*:*:*:*:*",
              "matchCriteriaId": "B2E29DBF-4869-41F8-85F6-091F1B34D8F8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:codeaurora:android-msm:3.4.73:*:*:*:*:*:*:*",
              "matchCriteriaId": "6D3B42C6-F8F7-493C-81AD-A112A207FC58",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:codeaurora:android-msm:3.4.74:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F7F6E06-C45C-47E5-B745-33B1A5083F43",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:codeaurora:android-msm:3.4.75:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C8DB4C3-3A34-496E-9422-3D7E1425B7D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:codeaurora:android-msm:3.4.76:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B167417-35A9-42BA-874E-0B32EE44AFE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:codeaurora:android-msm:3.4.77:*:*:*:*:*:*:*",
              "matchCriteriaId": "F93FA4BD-DD95-4402-AC27-C1FB86469A52",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:codeaurora:android-msm:3.4.78:*:*:*:*:*:*:*",
              "matchCriteriaId": "AF6C0F8A-CD4A-4B7C-84D2-79150FBAAFF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:codeaurora:android-msm:3.4.79:*:*:*:*:*:*:*",
              "matchCriteriaId": "E392CFA9-C390-4F31-A826-5D2BE237FFD8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:codeaurora:android-msm:3.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "DA49E4BE-25FF-469E-BD82-390F1F705673",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:codeaurora:android-msm:3.10.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "FD74D1CD-DBA8-487D-AE08-F3565B12B5D3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:codeaurora:android-msm:3.10.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "9A00D89D-63B9-425D-AF50-B274491FA470",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:codeaurora:android-msm:3.10.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "F18C21F4-F5AB-49D0-8B77-6768337B391A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:codeaurora:android-msm:3.10.25:*:*:*:*:*:*:*",
              "matchCriteriaId": "16CCD06D-0248-4802-8FAB-A8411F102078",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:codeaurora:android-msm:3.10.26:*:*:*:*:*:*:*",
              "matchCriteriaId": "08315601-ECBF-489B-8482-4D075ABB8B94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:codeaurora:android-msm:3.10.27:*:*:*:*:*:*:*",
              "matchCriteriaId": "93FEF076-6924-4671-A7B4-619582B1F491",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:codeaurora:android-msm:3.10.28:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E89A6BA-599E-4C5F-B60F-FF8175A1EE57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:codeaurora:android-msm:3.10.29:*:*:*:*:*:*:*",
              "matchCriteriaId": "1D0D9E5A-3D4D-41F3-85DE-AA029C0ED86F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:codeaurora:android-msm:3.12.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "DC580424-3A41-4110-9CDD-C72B52FD360A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:codeaurora:android-msm:3.12.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "A88D6F21-5D58-4BF2-A3DD-6E1C21A464E8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:codeaurora:android-msm:3.12.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "5D16E881-C08D-4C23-BA7F-C2811EA65E6D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:codeaurora:android-msm:3.12.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "677023A0-0628-41D0-99B7-CEF547DA7249",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:codeaurora:android-msm:3.12.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "DD77E075-1B20-4EE2-A14F-49772963E589",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:codeaurora:android-msm:3.12.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "E85620CE-8085-4FE9-B8FE-11585FB2C4AF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:codeaurora:android-msm:3.12.9:*:*:*:*:*:*:*",
              "matchCriteriaId": "24FC9829-EF73-4FF6-B752-8EFB4223703A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:codeaurora:android-msm:3.12.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "6F416D6E-9CF0-47E3-BEF9-97571888FB47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:codeaurora:android-msm:3.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "C5B7FC7D-3287-4B15-879E-321F663EB508",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:codeaurora:android-msm:3.13:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "D1A9A837-2771-4443-A18A-1CE2386FBBF6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:codeaurora:android-msm:3.13:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "E6016DD8-1AB1-43F9-9652-A47FD48861E0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:codeaurora:android-msm:3.13:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "23289CA4-3FE3-43E7-9793-3120928DD43D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:codeaurora:android-msm:3.13:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "631355B2-8B51-4F16-8733-9C54539E77C8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:codeaurora:android-msm:3.13:rc5:*:*:*:*:*:*",
              "matchCriteriaId": "3BCE7F05-607F-48E2-B371-FBDCA585561A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:codeaurora:android-msm:3.13:rc6:*:*:*:*:*:*",
              "matchCriteriaId": "177D555B-CD3B-4E3E-97BD-103AB2A6051A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:codeaurora:android-msm:3.13:rc7:*:*:*:*:*:*",
              "matchCriteriaId": "45A19E0E-D07B-43E6-B334-A7A3FE4367C5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:codeaurora:android-msm:3.13:rc8:*:*:*:*:*:*",
              "matchCriteriaId": "A8C0E4F9-F1B8-459B-9A4F-42164EBCFD61",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:codeaurora:android-msm:3.13.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D220E16-C172-4A6A-971B-6B1B6CA6AA8F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:codeaurora:android-msm:3.13.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D45AF000-98BE-4C23-8E40-A8E202800DC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:codeaurora:android-msm:3.14:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "7E922227-ADB4-41CC-AC2E-10D0F9FD165E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:codeaurora:android-msm:3.14:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "C0BED70D-0E2E-433A-A8B1-3418793969CD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The kgsl graphics driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly prevent write access to IOMMU context registers, which allows local users to select a custom page table, and consequently write to arbitrary memory locations, by using a crafted GPU command stream to modify the contents of a certain register."
    },
    {
      "lang": "es",
      "value": "El controlador kgsl graphics para el kernel de Linux 3.x, utilizado en las contribuciones de Qualcomm Innovation Center (QuIC) Android para los dispositivos MSM y otros productos, no previene debidamente el acceso de escritura a los registros de contexto IOMMU, lo que permite a usuarios locales seleccionar una tabla de p\u00e1ginas personalizadas, y como consecuencia escribir en localizaciones arbitrarias de la memoria, mediante el uso de un flujo manipulado de comandos GPU para modificar los contenidos de cierto registro."
    }
  ],
  "id": "CVE-2014-0972",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-08-01T11:13:08.353",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "https://www.codeaurora.org/projects/security-advisories/unprivileged-gpu-command-streams-can-change-the-iommu-page-table-cve-2014-0972"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.codeaurora.org/projects/security-advisories/unprivileged-gpu-command-streams-can-change-the-iommu-page-table-cve-2014-0972"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-264"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2014-0972 (GCVE-0-2014-0972)

Vulnerability from cvelistv5

ghsa-82p5-w4jh-vwvq

Vulnerability from github

gsd-2014-0972

Vulnerability from gsd

fkie_cve-2014-0972

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature