7.8
CVE-2013-2596
- EPSS 3.37%
- Veröffentlicht 13.04.2013 02:59:46
- Zuletzt bearbeitet 21.04.2026 18:14:34
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
Integer overflow in the fb_mmap function in drivers/video/fbmem.c in the Linux kernel before 3.8.9, as used in a certain Motorola build of Android 4.1.2 and other products, allows local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted /dev/graphics/fb0 mmap2 system calls, as demonstrated by the Motochopper pwn program.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 2.6.12 < 3.0.75
Linux ≫ Linux Kernel Version >= 3.1 < 3.2.45
Linux ≫ Linux Kernel Version >= 3.3 < 3.4.42
Linux ≫ Linux Kernel Version >= 3.5 < 3.8.9
VulnDex Vulnerability Enrichment
15.09.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog
Linux Kernel Integer Overflow Vulnerability
SchwachstelleLinux kernel fb_mmap function in drivers/video/fbmem.c contains an integer overflow vulnerability that allows for privilege escalation.
BeschreibungApply updates per vendor instructions.
Erforderliche Maßnahmen| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.37% | 0.872 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.9 | 3.4 | 10 |
AV:L/AC:M/Au:N/C:C/I:C/A:C
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-190 Integer Overflow or Wraparound
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html
http://www.mandriva.com/security/advisories?name=MDVSA-2013:176
http://forum.xda-developers.com/showthread.php?t=2255491
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b4cbb197c7e7a68dbad0d491242e3ca67420c13e
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fc9bbca8f650e5f738af8806317c0a041a48ae4a
http://marc.info/?l=linux-kernel&m=136616837923938&w=2
http://rhn.redhat.com/errata/RHSA-2015-0695.html
http://rhn.redhat.com/errata/RHSA-2015-0782.html
http://rhn.redhat.com/errata/RHSA-2015-0803.html
http://www.droid-life.com/2013/04/09/root-method-released-for-droid-razr-hd-running-android-4-1-2-other-devices-too/
http://www.droidrzr.com/index.php/topic/15208-root-motochopper-yet-another-android-root-exploit/
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.9
http://www.securityfocus.com/bid/59264
https://github.com/torvalds/linux/commit/b4cbb197c7e7a68dbad0d491242e3ca67420c13e
https://github.com/torvalds/linux/commit/fc9bbca8f650e5f738af8806317c0a041a48ae4a
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-2596