Details of VAR-201412-0589

ID

VAR-201412-0589

CVE

CVE-2014-7252

TITLE

Multiple improper data validation vulnerabilities in Syslink driver for Texas Instruments OMAP mobile processors

Trust: 0.8

sources: JVNDB: JVNDB-2014-000137

DESCRIPTION

Multiple unspecified vulnerabilities in the Syslink driver for Texas Instruments OMAP mobile processor, as used on NTT DOCOMO ARROWS Tab LTE F-01D, ARROWS X LTE F-05D, Disney Mobile on docomo F-08D, REGZA Phone T-01D, and PRADA phone by LG L-02D; and SoftBank SHARP handsets 102SH allow local users to execute arbitrary code or read kernel memory via unknown vectors related to userland data and "improper data validation.". The Syslink driver for OMAP mobile processors contained in Android devices contain mulitple improper data validation vulerabilities. The OMAP mobile processor provided by Texas Instruments is used in some Android tablets, smartphones and other devices. The Syslink driver for some OMAP mobile processors is used to implement the communication of processes between the host and slave processors. The Syslink driver contains multiple vulnerabilities where userland data is not properly validated prior to use. Exploitation of these vulnerabilities may lead to arbitrary code execution or kernel memory content disclosure. Masaaki Chida of GREE, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership.When the device is accessed through the Android Debug Bridge (adb), contents of the kernel memory may be obtained or arbitrary code may be executed to obtain root privileges. Local attackers can exploit these vulnerabilities to execute arbitrary code and gain sensitive information in the context of the user running the vulnerable application

Trust: 1.89

sources: NVD: CVE-2014-7252 // JVNDB: JVNDB-2014-000137 // BID: 71412

AFFECTED PRODUCTS

vendor:	lg	model:	prada phone l-02d	scope:	eq	version:	-	Trust: 1.6
vendor:	fujitsu	model:	arrows tab lte f-01d	scope:	eq	version:	*	Trust: 1.0
vendor:	disney interactive	model:	mobile	scope:	eq	version:	-	Trust: 1.0
vendor:	fujitsu	model:	regza phone t-01d	scope:	eq	version:	-	Trust: 1.0
vendor:	sharp	model:	softbank 102sh	scope:	eq	version:	-	Trust: 1.0
vendor:	fujitsu	model:	arrows x lte f-05d	scope:	eq	version:	-	Trust: 1.0
vendor:	multiple venders	model:	-	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2014-000137 // CNNVD: CNNVD-201412-047 // NVD: CVE-2014-7252

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2014-7252
value:	MEDIUM
Trust: 1.0
IPA:	JVNDB-2014-000137
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201412-047
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2014-7252
severity:	MEDIUM
baseScore:	4.6
vectorString:	AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	3.9
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
IPA:	JVNDB-2014-000137
severity:	MEDIUM
baseScore:	6.2
vectorString:	AV:L/AC:H/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	HIGH
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	NONE
impactScore:	NONE
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.8

sources: JVNDB: JVNDB-2014-000137 // CNNVD: CNNVD-201412-047 // NVD: CVE-2014-7252

PROBLEMTYPE DATA

problemtype:	NVD-CWE-noinfo	Trust: 1.0
problemtype:	CWE-20	Trust: 0.8

sources: JVNDB: JVNDB-2014-000137 // NVD: CVE-2014-7252

THREAT TYPE

local

Trust: 0.9

sources: BID: 71412 // CNNVD: CNNVD-201412-047

TYPE

Design Error

Trust: 0.3

sources: BID: 71412

CONFIGURATIONS

sources: JVNDB: JVNDB-2014-000137

PATCH

title:	Information from NTT DOCOMO, INC.	url:	http://jvn.jp/en/jp/JVN67792023/995312/index.html	Trust: 0.8
title:	- SHARP handsets 102SH (Fix-May 31 2012 release software)	url:	http://www.softbank.jp/mobile/info/personal/software/20130830-01/	Trust: 0.8

sources: JVNDB: JVNDB-2014-000137

EXTERNAL IDS

db:	NVD	id:	CVE-2014-7252	Trust: 2.7
db:	JVN	id:	JVN67792023	Trust: 2.4
db:	JVNDB	id:	JVNDB-2014-000137	Trust: 2.4
db:	BID	id:	71412	Trust: 0.9
db:	CNNVD	id:	CNNVD-201412-047	Trust: 0.6

sources: BID: 71412 // JVNDB: JVNDB-2014-000137 // CNNVD: CNNVD-201412-047 // NVD: CVE-2014-7252

REFERENCES

url:	http://jvn.jp/en/jp/jvn67792023/index.html	Trust: 2.4
url:	http://jvn.jp/en/jp/jvn67792023/397327/index.html	Trust: 1.6
url:	http://jvndb.jvn.jp/ja/contents/2014/jvndb-2014-000137.html	Trust: 1.6
url:	http://jvn.jp/en/jp/jvn67792023/995312/index.html	Trust: 1.6
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2014-7252	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2014-7252	Trust: 0.8
url:	http://www.securityfocus.com/bid/71412	Trust: 0.6

sources: JVNDB: JVNDB-2014-000137 // CNNVD: CNNVD-201412-047 // NVD: CVE-2014-7252

CREDITS

Masaaki Chida of GREE

Trust: 0.9

sources: BID: 71412 // CNNVD: CNNVD-201412-047

SOURCES

db:	BID	id:	71412
db:	JVNDB	id:	JVNDB-2014-000137
db:	CNNVD	id:	CNNVD-201412-047
db:	NVD	id:	CVE-2014-7252

LAST UPDATE DATE

2024-08-14T14:52:25.608000+00:00

SOURCES UPDATE DATE

db:	BID	id:	71412	date:	2014-12-02T00:00:00
db:	JVNDB	id:	JVNDB-2014-000137	date:	2014-12-09T00:00:00
db:	CNNVD	id:	CNNVD-201412-047	date:	2014-12-08T00:00:00
db:	NVD	id:	CVE-2014-7252	date:	2014-12-08T13:55:38.113

SOURCES RELEASE DATE

db:	BID	id:	71412	date:	2014-12-02T00:00:00
db:	JVNDB	id:	JVNDB-2014-000137	date:	2014-12-02T00:00:00
db:	CNNVD	id:	CNNVD-201412-047	date:	2014-12-03T00:00:00
db:	NVD	id:	CVE-2014-7252	date:	2014-12-05T17:59:01.087