CVE-2014-2312

The main function in android_main.cpp in thermald allows local users to write to arbitrary files via a symlink attack on /tmp/thermald.pid.

CVSS v3.0 5.5 MEDIUM
CVSS v2.0 6.6 MEDIUM

5.5^/10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

6.6^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:L/Au:N/C:N/I:C/A:C

Exploitability : 3.9 / Impact : 9.2

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://www.openwall.com/lists/oss-security/2014/03/09/2	Mailing List Third Party Advisory
http://www.openwall.com/lists/oss-security/2014/03/08/4	Mailing List Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:intel:thermald:*:*:*:*:*:*:*:*

Information

Published : 2018-03-26 11:29

Updated : 2019-11-20 10:08

NVD link : CVE-2014-2312

Mitre link : CVE-2014-2312

JSON object : View

CWE

CWE-59

Improper Link Resolution Before File Access ('Link Following')

Products Affected

intel

thermald

5.5 /10

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

6.6 /10

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact COMPLETE

Availability Impact COMPLETE

JSON object

Attach tags to CVE-2014-2312

5.5^/10

6.6^/10

Attach tags to `CVE-2014-2312`