7.8
CVE-2013-2596
- EPSS 1.74%
- Published 13.04.2013 02:59:46
- Last modified 11.04.2025 00:51:21
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
Integer overflow in the fb_mmap function in drivers/video/fbmem.c in the Linux kernel before 3.8.9, as used in a certain Motorola build of Android 4.1.2 and other products, allows local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted /dev/graphics/fb0 mmap2 system calls, as demonstrated by the Motochopper pwn program.
Data is provided by the National Vulnerability Database (NVD)
Linux ≫ Linux Kernel Version >= 2.6.12 < 3.0.75
Linux ≫ Linux Kernel Version >= 3.1 < 3.2.45
Linux ≫ Linux Kernel Version >= 3.3 < 3.4.42
Linux ≫ Linux Kernel Version >= 3.5 < 3.8.9
15.09.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog
Linux Kernel Integer Overflow Vulnerability
VulnerabilityLinux kernel fb_mmap function in drivers/video/fbmem.c contains an integer overflow vulnerability that allows for privilege escalation.
DescriptionApply updates per vendor instructions.
Required actions| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.74% | 0.818 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 6.9 | 3.4 | 10 |
AV:L/AC:M/Au:N/C:C/I:C/A:C
|
| 134c704f-9b21-4f2e-91b3-4a467353bcc0 | 7.8 | 1.8 | 5.9 |
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-190 Integer Overflow or Wraparound
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.