CVE-2014-0973 in Little Kernel Bootloader
摘要 (英语)
The image_verify function in platform/msm_shared/image_verify.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not check whether a certain digest size is consistent with the RSA_public_decrypt API specification, which makes it easier for attackers to bypass boot-image authentication requirements via trailing data.
预定
2014-01-07
披露
2014-08-24
条目
VulDB provides additional information and datapoints for this CVE:
| 标识符 | 漏洞 | CWE | 可利用 | 对策 | CVE |
|---|---|---|---|---|---|
| 70720 | Little Kernel Bootloader image_verify 弱身份验证 | 287 | 未定义 | 未定义 | CVE-2014-0973 |