Qualcomm missing checks put_user get_user

CVE numbers: CVE-2013-6282 [QCIR-2013-00010-1][archived]
Coordinated disclosure?: false
Categories: kernel
Details: Missing access checks in put_user/get_user kernel API (CVE-2013-6282 QCIR-2013-00010-1): The get_user and put_user API functions of the Linux kernel fail to validate the target address when being used on ARM v6k/v7 platforms. This functionality was originally implemented and controlled by the domain switching feature (CONFIG_CPU_USE_DOMAINS), which has been deprecated due to architectural changes. As a result, any kernel code using these API functions may introduce a security issue where none existed before. This allows an application to read and write kernel memory to, e.g., escalated privileges. [QCIR-2013-00010-1][archived]
Discovered by: Unknown, used in vroot exploit [QCIR-2013-00010-1][archived] on: 2013-09-06 [xda-developers-vroot]
Reported on: 2013-09-06 [xda-developers-vroot]
Fixed on: 2012-09-07 [msm-check_user_pointer-patch], 2013-07-15 [msm-check_user_pointer-patch]
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [QCIR-2013-00010-1][archived]
Fixed versions:
Submission: by: Daniel R. Thomas, on: 2013-11-20

AndroidVulnerabilities.org