Little Kernel Bootloader
CVE-2014-4325
HIGH
Severity by source
AV:L/AC:L/Au:N/C:C/I:C/A:C
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
AV:L/AC:L/Au:N/C:C/I:C/A:C
Lifecycle Timeline
1DescriptionCVE.org
The cmd_boot function in app/aboot/aboot.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to bypass intended device-lock and kernel-signature restrictions by using fastboot mode in a boot command for an arbitrary kernel image.
AnalysisAI
The cmd_boot function in app/aboot/aboot.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows. Rated high severity (CVSS 7.2), this vulnerability is low attack complexity. This Improper Authentication vulnerability could allow attackers to bypass authentication mechanisms to gain unauthorized access.
Technical ContextAI
This vulnerability is classified as Improper Authentication (CWE-287), which allows attackers to bypass authentication mechanisms to gain unauthorized access. The cmd_boot function in app/aboot/aboot.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to bypass intended device-lock and kernel-signature restrictions by using fastboot mode in a boot command for an arbitrary kernel image. Affected products include: Little Kernel Project Little Kernel Bootloader.
RemediationAI
A vendor patch is available. Apply the latest security update as soon as possible. Implement multi-factor authentication, enforce strong password policies, use proven authentication frameworks.
More in Little Kernel Bootloader
View allThe image_verify function in platform/msm_shared/image_verify.c in the Little Kernel (LK) bootloader, as distributed wit
The boot_linux_from_mmc function in app/aboot/aboot.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm
Same weakness CWE-287 – Improper Authentication
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today