Trusted Design

• 重大度: Unknown
• 公開日: 2014-12-24
• 更新日: 2024-08-06

概要

drivers/misc/qseecom.c in the QSEECOM driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not validate certain offset, length, and base values within an ioctl call, which allows attackers to gain privileges or cause a denial of service (memory corruption) via a crafted application.

このCVEに関連するMITRE ATT&CKテクニック

• T1602 - Data from Configuration Repository
• T1171 - LLMNR/NBT-NS Poisoning and Relay
• T1003.002 - Security Account Manager
• T1542.001 - System Firmware
• T1588.004 - Digital Certificates
• T1583.002 - DNS Server
• T1192 - Spearphishing Link
• T1652 - Device Driver Discovery
• T1598.003 - Spearphishing Link
• T1583.005 - Botnet
• T1190 - Exploit Public-Facing Application
• T1558 - Steal or Forge Kerberos Tickets
• T1050 - New Service
• T1518.002 - Backup Software Discovery
• T1218.003 - CMSTP
• T1029 - Scheduled Transfer
• T1525 - Implant Internal Image
• T1602.002 - Network Device Configuration Dump
• T1145 - Private Keys
• T1112 - Modify Registry
• T1535 - Unused/Unsupported Cloud Regions
• T1155 - AppleScript
• T1563 - Remote Service Session Hijacking
• T1505.003 - Web Shell
• T1598.004 - Spearphishing Voice
• T1177 - LSASS Driver
• T1546.008 - Accessibility Features
• T1083 - File and Directory Discovery
• T1649 - Steal or Forge Authentication Certificates
• T1051 - Shared Webroot
• T1218.005 - Mshta
• T1608 - Stage Capabilities
• T1608.005 - Link Target
• T1606 - Forge Web Credentials
• T1679 - Selective Exclusion
• T1219.003 - Remote Access Hardware
• T1562.001 - Disable or Modify Tools
• T1559 - Inter-Process Communication
• T1078 - Valid Accounts
• T1068 - Exploitation for Privilege Escalation
• T1486 - Data Encrypted for Impact
• T1587.004 - Exploits
• T1553.004 - Install Root Certificate
• T1499 - Endpoint Denial of Service
• T1578.002 - Create Cloud Instance
• T1213.003 - Code Repositories
• T1565.002 - Transmitted Data Manipulation
• T1159 - Launch Agent
• T1538 - Cloud Service Dashboard
• T1055.008 - Ptrace System Calls
• T1653 - Power Settings
• T1027.007 - Dynamic API Resolution
• T1137.002 - Office Test
• T1547.008 - LSASS Driver
• T1480.001 - Environmental Keying
• T1086 - PowerShell

このCVEが関連しているPulses

このCVEが関連しているPulsesはありません。

CVEの関係性グラフ

---

← CVE一覧に戻る