CVE-2012-4220

Name of the Vulnerable Software and Affected Versions Qualcomm Innovation Center (QuIC) Diagnostics kernel-mode driver versions for Android 2.3 through 4.2

Description The issue allows attackers to execute arbitrary code or cause a denial of service due to an incorrect pointer dereference. This can be achieved via an application that uses crafted arguments in a local diagchar ioctl call.

Recommendations For versions of the Qualcomm Innovation Center (QuIC) Diagnostics kernel-mode driver for Android 2.3 through 4.2, consider restricting access to the diagchar ioctl call until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.