CVE-2012-4221
Essential information
- Published
- 30/11/2012 13:54
- Modified
- 25/05/2026 12:51
- Author
- The MITRE Corporation
- Creator
- The MITRE Corporation
- CVSS
- 6.8 (v2)
- CISA KEV
- No
- CWE
- CWE-189
- EPSS (First)
- P69.3% EPSS percentile: rank of this vulnerability versus all others. Higher percentile = more likely to be exploited. Learn more (score 0.00592)
- CVSS vector
-
AV:N/AC:M/Au:N/C:P/I:P/A:P— —
CVSS metrics
- Access vector
- NETWORK
- Access complexity
- MEDIUM
- Authentication
- NONE
- Confidentiality impact
- PARTIAL
- Integrity impact
- PARTIAL
- Availability impact
- PARTIAL
- Exploitability
- —
- Remediation level
- —
- Report confidence
- —
- Temporal score
- —
- Attack vector
- —
- Attack complexity
- —
- Privileges required
- —
- User interaction
- —
- Scope
- —
- Confidentiality impact
- —
- Integrity impact
- —
- Availability impact
- —
- Exploit code maturity
- —
- Remediation level
- —
- Report confidence
- —
- Temporal score
- —
- Attack vector
- —
- Attack complexity
- —
- Attack requirements
- —
- Privileges required
- —
- User interaction
- —
- Confidentiality (V)
- —
- Confidentiality (S)
- —
- Integrity (V)
- —
- Integrity (S)
- —
- Availability (V)
- —
- Availability (S)
- —
- Exploit maturity
- —
Description
Integer overflow in diagchar_core.c in the Qualcomm Innovation Center (QuIC) Diagnostics (aka DIAG) kernel-mode driver for Android 2.3 through 4.2 allows attackers to execute arbitrary code or cause a denial of service via an application that uses crafted arguments in a local diagchar_ioctl call.
NVD status
- NVD
- View on NVD