Vulnerabilities > Little Kernel Project
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-08-25 | CVE-2014-4325 | Improper Authentication vulnerability in Little Kernel Project Little Kernel Bootloader The cmd_boot function in app/aboot/aboot.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to bypass intended device-lock and kernel-signature restrictions by using fastboot mode in a boot command for an arbitrary kernel image. | 7.2 |
| 2014-08-25 | CVE-2014-0974 | Permissions, Privileges, and Access Controls vulnerability in Little Kernel Project Little Kernel Bootloader The boot_linux_from_mmc function in app/aboot/aboot.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly validate a certain address value, which allows attackers to write data to a controllable memory location by leveraging the ability to initiate an attempted boot of an arbitrary image. | 1.9 |
| 2014-08-25 | CVE-2014-0973 | Improper Authentication vulnerability in Little Kernel Project Little Kernel Bootloader The image_verify function in platform/msm_shared/image_verify.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not check whether a certain digest size is consistent with the RSA_public_decrypt API specification, which makes it easier for attackers to bypass boot-image authentication requirements via trailing data. | 7.2 |