PT-2014-5809 · Linux+1 · Linux Kernel+1

Published

2014-12-24

Updated

2025-09-29

CVE-2014-4322

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel versions 3.x

Description The issue concerns a lack of validation for certain offset, length, and base values within an ioctl call in the QSEECOM driver. This allows attackers to potentially gain privileges or cause a denial of service due to memory corruption by using a crafted application.

Recommendations For Linux kernel version 3.x, update to a version that includes the fix for the QSEECOM driver issue to prevent potential privilege escalation or denial of service attacks.

Exploit

Fix

DoS

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

ALSA-2025_12746

ALSA-2025_12752

ALSA-2025_12753

ALSA-2025_16880

ALT-PU-2015-1018

ALT-PU-2015-1794

CVE-2014-4322

Affected Products

Alt Linux

Linux Kernel

PT-2014-5809 · Linux+1 · Linux Kernel+1

CVE-2014-4322

Weakness Enumeration

Related Identifiers

Affected Products

References · 8