Upstream information

CVE-2014-2312 at MITRE

Description

The main function in android_main.cpp in thermald allows local users to write to arbitrary files via a symlink attack on /tmp/thermald.pid.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having moderate severity.

CVSS v2 Scores
  National Vulnerability Database
Base Score 6.6
Vector AV:L/AC:L/Au:N/C:N/I:C/A:C
Access Vector Local
Access Complexity Low
Authentication None
Confidentiality Impact None
Integrity Impact Complete
Availability Impact Complete
SUSE Bugzilla entry: 1087393 [RESOLVED / INVALID]

No SUSE Security Announcements cross referenced.