Trusted Design

• 重大度: Unknown
• 公開日: 2014-08-31
• 更新日: 2024-08-06

概要

The device-initialization functionality in the MSM camera driver for the Linux kernel 2.6.x and 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, enables MSM_CAM_IOCTL_SET_MEM_MAP_INFO ioctl calls for an unrestricted mmap interface, which allows attackers to gain privileges via a crafted application.

このCVEに関連するMITRE ATT&CKテクニック

• T1037 - Boot or Logon Initialization Scripts
• T1602 - Data from Configuration Repository
• T1588.007 - Artificial Intelligence
• T1171 - LLMNR/NBT-NS Poisoning and Relay
• T1003.002 - Security Account Manager
• T1542.001 - System Firmware
• T1583.002 - DNS Server
• T1192 - Spearphishing Link
• T1652 - Device Driver Discovery
• T1591.003 - Identify Business Tempo
• T1598.003 - Spearphishing Link
• T1583.005 - Botnet
• T1586.002 - Email Accounts
• T1608.001 - Upload Malware
• T1190 - Exploit Public-Facing Application
• T1558 - Steal or Forge Kerberos Tickets
• T1070.008 - Clear Mailbox Data
• T1050 - New Service
• T1518.002 - Backup Software Discovery
• T1218.003 - CMSTP
• T1525 - Implant Internal Image
• T1602.002 - Network Device Configuration Dump
• T1145 - Private Keys
• T1112 - Modify Registry
• T1535 - Unused/Unsupported Cloud Regions
• T1563 - Remote Service Session Hijacking
• T1505.003 - Web Shell
• T1598.004 - Spearphishing Voice
• T1215 - Kernel Modules and Extensions
• T1177 - LSASS Driver
• T1546.008 - Accessibility Features
• T1204.005 - Malicious Library
• T1649 - Steal or Forge Authentication Certificates
• T1051 - Shared Webroot
• T1218.005 - Mshta
• T1608 - Stage Capabilities
• T1608.005 - Link Target
• T1606.001 - Web Cookies
• T1598.002 - Spearphishing Attachment
• T1606 - Forge Web Credentials
• T1679 - Selective Exclusion
• T1534 - Internal Spearphishing
• T1547.006 - Kernel Modules and Extensions
• T1219.003 - Remote Access Hardware
• T1562.001 - Disable or Modify Tools
• T1559 - Inter-Process Communication
• T1001 - Data Obfuscation
• T1078 - Valid Accounts
• T1068 - Exploitation for Privilege Escalation
• T1486 - Data Encrypted for Impact
• T1584.002 - DNS Server
• T1499 - Endpoint Denial of Service
• T1500 - Compile After Delivery
• T1565.002 - Transmitted Data Manipulation
• T1221 - Template Injection
• T1538 - Cloud Service Dashboard
• T1055.008 - Ptrace System Calls
• T1653 - Power Settings
• T1027.007 - Dynamic API Resolution
• T1086 - PowerShell

このCVEが関連しているPulses

このCVEが関連しているPulsesはありません。

CVEの関係性グラフ

---

← CVE一覧に戻る