Vulnerability Note VU#702452

The Qualcomm Innovation Center, Inc. advisory states:

Summary:
A locally installed application can cause privilege escalation or Denial of Service (DoS) by passing a specially crafted input to diagchar_ioctl call of Diagnostics (DIAG) kernel mode driver for Android. The involved CVE IDs are CVE-2012-4220 (untrusted pointer dereference), CVE-2012-4221 (integer overflow). A patch which can be applied to Gingerbread, Ice Cream Sandwich and Jelly Bean source is made available from the location below.

A locally installed application can cause DoS by passing a specially crafted input to kgsl_ioctl call of Graphics KGSL kernel mode driver for Android. The involved CVE ID is CVE-2012-4222 (null pointer dereference). A patch which can be applied to Gingerbread, Ice Cream Sandwich and Jelly Bean source is made available from the location below.

Affected version:
All Android releases from CAF prior to November 15, 2012 using Linux kernel from the following heads: msm-3.4, msm-3.0, jb_*, ics_*, gingerbread_*

Note: Permission changes in ICS and Jelly Bean that restrict /dev/diag access to qcom_diag group mitigate CVE-2012-4220 and CVE-2012-4221.

By convincing a user to install a specially crafted android application, a remote attacker may be able to cause a privilege escalation or Denial of Service (DoS) allowing them to gain control of the affected device.

Update

The vendor states that these vulnerabilities have been addressed in PATCH_17010_jweEF843feG. Users are advised to apply the patch to affected devices. Fix for CVE-2012-4220 and CVE-2012-4221 in msm-3.4 can be found here. Fix for CVE-2012-4222 in msm-3.4 can be found here.