CVE-2013-4740

MEDIUM Year: 2013
CVSS v2 Score
6.9
Medium
Weakness Type
CWE-362
View all →

Vulnerability Description

goodix_tool.c in the Goodix gt915 touchscreen driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, relies on user-space length values for kernel-memory copies of procfs file content, which allows attackers to gain privileges or cause a denial of service (memory corruption) via an application that provides crafted values.

Related Vulnerabilities

CVE-2015-8556

CRITICAL
CVSS:10.0(Critical)

Local privilege escalation vulnerability in the Gentoo QEMU package before 2.5.0-r1.

CWE-3622015

CVE-2017-2898

CRITICAL
CVSS:9.9(Critical)

An exploitable vulnerability exists in the signature verification of the firmware update functionality of Circle with Disney. Specially crafted network packets can cause an unsigned firmware to be ins...

CWE-3622017

CVE-2020-1660

CRITICAL
CVSS:9.9(Critical)

When DNS filtering is enabled on Juniper Networks Junos MX Series with one of the following cards MS-PIC, MS-MIC or MS-MPC, an incoming stream of packets processed by the Multiservices PIC Management ...

CWE-3622020

CVE-2016-0930

CRITICAL
CVSS:9.8(Critical)

Pivotal Cloud Foundry (PCF) Ops Manager before 1.6.19 and 1.7.x before 1.7.10, when vCloud or vSphere is used, has a default password for compilation VMs, which allows remote attackers to obtain SSH a...

CWE-3622016

CVE-2019-2006

CRITICAL
CVSS:9.8(Critical)

In serviceDied of HalDeathHandlerHidl.cpp, there is a possible memory corruption due to a use after free. This could lead to local escalation of privilege in the audio server with no additional execut...

CWE-3622019

CVE-2021-32810

CRITICAL
CVSS:9.8(Critical)

crossbeam-deque is a package of work-stealing deques for building task schedulers when programming in Rust. In versions prior to 0.7.4 and 0.8.0, the result of the race condition is that one or more t...

CWE-3622021