CVE-2014-4323

Publication date 12 December 2014

Last updated 28 August 2025

The mdp_lut_hw_update function in drivers/video/msm/mdp.c in the MDP display driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not validate certain start and length values within an ioctl call, which allows attackers to gain privileges via a crafted application.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status

How can I get the fixes?
What do statuses mean?
Patch details

Notes

jdstrand

android kernels (flo, goldfish, grouper, maguro, mako and manta) are not supported on the Ubuntu Touch 14.04 preview kernels linux-lts-saucy no longer receives official support linux-lts-quantal no longer receives official support

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.codeaurora.org/projects/security-advisories/improper-input-validation-mdp-driver-when-processing-color-maps
https://www.cve.org/CVERecord?id=CVE-2014-4323