Qualcomm Patches Privilege Escalation, DoS Vulnerabilities in Android Devices

Qualcomm has patched a handful of vulnerabilities in its devices that if exploited could leave Android OS kernels open to privilege escalation or denial of service (DoS) attacks.

Qualcomm has patched a handful of vulnerabilities in its devices that if exploited could leave Android OS kernels open to privilege escalation or denial of service (DoS) attacks.

According to notes published earlier today by Michael Orlando, a vulnerability analyst at the United States Computer Emergency Readiness Team (CERT), the vulnerabilities could be exploited if an attacker got a user to install a specially crafted android application. Once said app was executed, attackers could gain control of the device via privilege escalation or DoS.

Specifically, if installed, a malicious app would affect the device “by passing a specially crafted input to diagchar_ioctl call of Diagnostics (DIAG) kernel mode driver for Android,” (CVE-2012-4220, CVE-2012-4221) according to a vulnerability summary on mobile open source community CodeAurora.org. The write-up also claims a separate DoS attack could be triggered by exploiting a graphics kernel mode driver (CVE-2012-4222) on the devices.

The updates can be downloaded and installed by Android users running the Gingerbread, Ice Cream Sandwich and Jelly Bean operating systems at Code Aurora.

Suggested articles

biggest headlines 2020

The 5 Most-Wanted Threatpost Stories of 2020

A look back at what was hot with readers — offering a snapshot of the security stories that were most top-of-mind for security professionals and consumers throughout the year.