Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.9
CVSSv2

CVE-2013-2596

Published: 13/04/2013 Updated: 07/11/2023
CVSS v2 Base Score: 6.9 | Impact Score: 10 | Exploitability Score: 3.4
VMScore: 616
Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Linux

Vulnerability Summary

Integer overflow in the fb_mmap function in drivers/video/fbmem.c in the Linux kernel prior to 3.8.9, as used in a certain Motorola build of Android 4.1.2 and other products, allows local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted /dev/graphics/fb0 mmap2 system calls, as demonstrated by the Motochopper pwn program.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

linux linux_kernel

motorola android 4.1.2

Vendor Advisories

Red Hat: CVE-2013-2596
An integer overflow flaw was found in the way the Linux kernel's Frame Buffer device implementation mapped kernel memory to user space via the mmap syscall A local user able to access a frame buffer device file (/dev/fb*) could possibly use this flaw to escalate their privileges on the system ...

References

CWE-189http://www.droid-life.com/2013/04/09/root-method-released-for-droid-razr-hd-running-android-4-1-2-other-devices-too/http://www.droidrzr.com/index.php/topic/15208-root-motochopper-yet-another-android-root-exploit/https://github.com/torvalds/linux/commit/b4cbb197c7e7a68dbad0d491242e3ca67420c13ehttp://forum.xda-developers.com/showthread.php?t=2255491https://github.com/torvalds/linux/commit/fc9bbca8f650e5f738af8806317c0a041a48ae4ahttp://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.9http://marc.info/?l=linux-kernel&m=136616837923938&w=2http://www.mandriva.com/security/advisories?name=MDVSA-2013:176http://rhn.redhat.com/errata/RHSA-2015-0695.htmlhttp://rhn.redhat.com/errata/RHSA-2015-0782.htmlhttp://rhn.redhat.com/errata/RHSA-2015-0803.htmlhttp://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.htmlhttp://www.securityfocus.com/bid/59264http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b4cbb197c7e7a68dbad0d491242e3ca67420c13ehttp://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fc9bbca8f650e5f738af8806317c0a041a48ae4ahttps://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2013-2596
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-32744privilege escalationCVE-2024-30253CVE-2024-3914cross-site scriptingCVE-2024-31497CVE-2024-3400CVE-2024-32341hardcoded
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook