CVE-2014-4325

Qualcomm LK - Privilege Escalation

Title source: llm

Description

The cmd_boot function in app/aboot/aboot.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to bypass intended device-lock and kernel-signature restrictions by using fastboot mode in a boot command for an arbitrary kernel image.

References (1)

[Patch] https://www.codeaurora.org/projects/security-advisories/fastboot-boot-command-bypasses-signature-verification-cve-2014-4325

Scores

EPSS 0.0004

EPSS Percentile 12.9%

Classification

CWE

CWE-287

Status draft

Affected Products (1)

little_kernel_project/little_kernel_bootloader

Timeline

Published Aug 25, 2014

Tracked Since Feb 18, 2026