The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Use-after-free vulnerability in the msm_set_crop function in drivers/media/video/msm/msm_camera.c in the MSM-Camera driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges or cause a denial of service (memory corruption) via an application that makes a crafted ioctl call.
Base Score: 7.2
Impact Score: 10
Exploitability Score: 3.9
Base Score: 7.8
Impact Score: 5.9
Exploitability Score: 1.8
cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:* versions from 3.0 to 3.19.8 (inclusive)