Oval Definition:oval:com.ubuntu.xenial:def:20144323000
Revision Date:2014-12-12Version:1
Title:CVE-2014-4323 on Ubuntu 16.04 LTS (xenial) - high.
Description:The mdp_lut_hw_update function in drivers/video/msm/mdp.c in the MDP display driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not validate certain start and length values within an ioctl call, which allows attackers to gain privileges via a crafted application.
Family:unixClass:vulnerability
Status:Reference(s):CVE-2014-4323
Platform(s):Ubuntu 16.04 LTS
Product(s):
Definition Synopsis
  • Ubuntu 16.04 LTS (xenial) is installed.
  • AND Package Information
  • NOT While related to the CVE in some way, the 'linux' package in xenial is not affected (note: 'Android-specific').
  • OR NOT While related to the CVE in some way, the 'linux-aws' package in xenial is not affected (note: 'Android-specific').
  • OR NOT While related to the CVE in some way, the 'linux-azure' package in xenial is not affected (note: 'Android-specific').
  • OR NOT While related to the CVE in some way, the 'linux-azure-edge' package in xenial is not affected (note: 'Android-specific').
  • OR NOT While related to the CVE in some way, the 'linux-euclid' package in xenial is not affected (note: 'Android-specific').
  • OR While related to the CVE in some way, a decision has been made to ignore it (note: 'abandoned').
  • OR NOT While related to the CVE in some way, the 'linux-gcp' package in xenial is not affected (note: 'Android-specific').
  • OR NOT While related to the CVE in some way, the 'linux-gke' package in xenial is not affected (note: 'Android-specific').
  • OR While related to the CVE in some way, a decision has been made to ignore it (note: 'abandoned').
  • OR NOT While related to the CVE in some way, the 'linux-hwe' package in xenial is not affected (note: 'Android-specific').
  • OR NOT While related to the CVE in some way, the 'linux-hwe-edge' package in xenial is not affected (note: 'Android-specific').
  • OR NOT While related to the CVE in some way, the 'linux-kvm' package in xenial is not affected (note: 'Android-specific').
  • OR While related to the CVE in some way, a decision has been made to ignore it (note: 'abandoned').
  • OR While related to the CVE in some way, a decision has been made to ignore it (note: 'was not-affected (Android-specific) now end-of-life').
  • OR NOT While related to the CVE in some way, the 'linux-raspi2' package in xenial is not affected (note: 'Android-specific').
  • OR NOT While related to the CVE in some way, the 'linux-snapdragon' package in xenial is not affected (note: 'code not present').
    • BACK