Vulnerabilities (CVE)

Filtered by vendor Little Kernel Project Subscribe
Filtered by product Little Kernel Bootloader
Total 3 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-4325 1 Little Kernel Project 1 Little Kernel Bootloader 2024-11-21 7.2 HIGH N/A
The cmd_boot function in app/aboot/aboot.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to bypass intended device-lock and kernel-signature restrictions by using fastboot mode in a boot command for an arbitrary kernel image.
CVE-2014-0974 1 Little Kernel Project 1 Little Kernel Bootloader 2024-11-21 1.9 LOW N/A
The boot_linux_from_mmc function in app/aboot/aboot.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly validate a certain address value, which allows attackers to write data to a controllable memory location by leveraging the ability to initiate an attempted boot of an arbitrary image.
CVE-2014-0973 1 Little Kernel Project 1 Little Kernel Bootloader 2024-11-21 7.2 HIGH N/A
The image_verify function in platform/msm_shared/image_verify.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not check whether a certain digest size is consistent with the RSA_public_decrypt API specification, which makes it easier for attackers to bypass boot-image authentication requirements via trailing data.