CVE-2014-4323

Linux kernel 3.x - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2014-4323. PoCs published by marcograss.

AI-analyzed exploit summary This PoC exploits CVE-2014-4323, a local privilege escalation vulnerability in the Qualcomm MDP (Mobile Display Processor) driver. It leverages an integer overflow in the MSMFB_SET_LUT ioctl to achieve arbitrary kernel memory write, ultimately executing a payload to gain root privileges.

Description

The mdp_lut_hw_update function in drivers/video/msm/mdp.c in the MDP display driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not validate certain start and length values within an ioctl call, which allows attackers to gain privileges via a crafted application.

Exploits (1)

nomisec WORKING POC 24 stars
by marcograss · poc
https://github.com/marcograss/cve-2014-4323

This PoC exploits CVE-2014-4323, a local privilege escalation vulnerability in the Qualcomm MDP (Mobile Display Processor) driver. It leverages an integer overflow in the MSMFB_SET_LUT ioctl to achieve arbitrary kernel memory write, ultimately executing a payload to gain root privileges.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Reliable
Target: Qualcomm MDP driver (Linux kernel)
No auth needed
Prerequisites: Access to the target device · Kernel with vulnerable MDP driver · Debugfs access to leak MDP base address
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

Scores

EPSS 0.0360
EPSS Percentile 88.1%

Details

CWE
CWE-20
Status published
Products (1)
linux/linux_kernel 3.0.0 - 3.16.1
Published Dec 12, 2014
Tracked Since Feb 18, 2026