CVE-2013-2596

Linux Kernel Integer Overflow Vulnerability

Severity Score

7.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

Yes

*KEV

Decision

*SSVC

Descriptions

Integer overflow in the fb_mmap function in drivers/video/fbmem.c in the Linux kernel before 3.8.9, as used in a certain Motorola build of Android 4.1.2 and other products, allows local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted /dev/graphics/fb0 mmap2 system calls, as demonstrated by the Motochopper pwn program.

Una determinada version de Android v4.1.2 en dispositivos Motorola Razr HD, Razr M, y Atrix HD con el chipset Qualcomm MSM8960 permite a atacantes físicamente próximos obtener acceso de root entrando en el modo de depuración USB, usando Android Debug Bridge (ADB) para establecer una conexión USB, y cargar y ejecutar el programa pwn Motochopper.

An integer overflow flaw was found in the way the Linux kernel's Frame Buffer device implementation mapped kernel memory to user space via the mmap syscall. A local user able to access a frame buffer device file (/dev/fb*) could possibly use this flaw to escalate their privileges on the system.

Linux kernel fb_mmap function in drivers/video/fbmem.c contains an integer overflow vulnerability that allows for privilege escalation.

*Credits: N/A

CVSS Scores

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Local

Attack Complexity

Medium

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

Attack Vector

Local

Attack Complexity

High

Authentication

Single

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2013-03-15 CVE Reserved
2013-04-13 CVE Published
2022-09-15 Exploited in Wild
2022-10-06 KEV Due Date
2024-06-29 EPSS Updated
2024-08-06 CVE Updated
2024-08-06 First Exploit

CWE

CWE-190: Integer Overflow or Wraparound

CAPEC

References (18)

URL	Tag	Source
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b4cbb197c7e7a68dbad0d491242e3ca67420c13e	Broken Link
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fc9bbca8f650e5f738af8806317c0a041a48ae4a	Broken Link
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761	Third Party Advisory
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.9	Mailing List
http://www.securityfocus.com/bid/59264	Broken Link

URL	Date	SRC
http://forum.xda-developers.com/showthread.php?t=2255491	2024-08-06
http://www.droid-life.com/2013/04/09/root-method-released-for-droid-razr-hd-running-android-4-1-2-other-devices-too	2024-08-06
http://www.droidrzr.com/index.php/topic/15208-root-motochopper-yet-another-android-root-exploit	2024-08-06
https://github.com/torvalds/linux/commit/fc9bbca8f650e5f738af8806317c0a041a48ae4a	2024-08-06

URL	Date	SRC
http://marc.info/?l=linux-kernel&m=136616837923938&w=2	2024-06-28
http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html	2024-06-28
https://github.com/torvalds/linux/commit/b4cbb197c7e7a68dbad0d491242e3ca67420c13e	2024-06-28

URL	Date	SRC
http://rhn.redhat.com/errata/RHSA-2015-0695.html	2024-06-28
http://rhn.redhat.com/errata/RHSA-2015-0782.html	2024-06-28
http://rhn.redhat.com/errata/RHSA-2015-0803.html	2024-06-28
http://www.mandriva.com/security/advisories?name=MDVSA-2013:176	2024-06-28
https://access.redhat.com/security/cve/CVE-2013-2596	2016-03-15
https://bugzilla.redhat.com/show_bug.cgi?id=1034490	2016-03-15

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Linux Search vendor "Linux"	Linux Kernel Search vendor "Linux" for product "Linux Kernel"	>= 2.6.12 < 3.0.75 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.12 < 3.0.75"	-	Affected	in	Motorola Search vendor "Motorola"	Atrix Hd Search vendor "Motorola" for product "Atrix Hd"	-	-	Safe
Linux Search vendor "Linux"	Linux Kernel Search vendor "Linux" for product "Linux Kernel"	>= 2.6.12 < 3.0.75 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.12 < 3.0.75"	-	Affected	in	Motorola Search vendor "Motorola"	Razr Hd Search vendor "Motorola" for product "Razr Hd"	-	-	Safe
Linux Search vendor "Linux"	Linux Kernel Search vendor "Linux" for product "Linux Kernel"	>= 2.6.12 < 3.0.75 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.12 < 3.0.75"	-	Affected	in	Motorola Search vendor "Motorola"	Razr M Search vendor "Motorola" for product "Razr M"	-	-	Safe
Linux Search vendor "Linux"	Linux Kernel Search vendor "Linux" for product "Linux Kernel"	>= 2.6.12 < 3.0.75 Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.12 < 3.0.75"	-	Affected	in	Qualcomm Search vendor "Qualcomm"	Msm8960 Search vendor "Qualcomm" for product "Msm8960"	-	-	Safe
Linux Search vendor "Linux"	Linux Kernel Search vendor "Linux" for product "Linux Kernel"	>= 3.1 < 3.2.45 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.1 < 3.2.45"	-	Affected	in	Motorola Search vendor "Motorola"	Atrix Hd Search vendor "Motorola" for product "Atrix Hd"	-	-	Safe
Linux Search vendor "Linux"	Linux Kernel Search vendor "Linux" for product "Linux Kernel"	>= 3.1 < 3.2.45 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.1 < 3.2.45"	-	Affected	in	Motorola Search vendor "Motorola"	Razr Hd Search vendor "Motorola" for product "Razr Hd"	-	-	Safe
Linux Search vendor "Linux"	Linux Kernel Search vendor "Linux" for product "Linux Kernel"	>= 3.1 < 3.2.45 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.1 < 3.2.45"	-	Affected	in	Motorola Search vendor "Motorola"	Razr M Search vendor "Motorola" for product "Razr M"	-	-	Safe
Linux Search vendor "Linux"	Linux Kernel Search vendor "Linux" for product "Linux Kernel"	>= 3.1 < 3.2.45 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.1 < 3.2.45"	-	Affected	in	Qualcomm Search vendor "Qualcomm"	Msm8960 Search vendor "Qualcomm" for product "Msm8960"	-	-	Safe
Linux Search vendor "Linux"	Linux Kernel Search vendor "Linux" for product "Linux Kernel"	>= 3.3 < 3.4.42 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.3 < 3.4.42"	-	Affected	in	Motorola Search vendor "Motorola"	Atrix Hd Search vendor "Motorola" for product "Atrix Hd"	-	-	Safe
Linux Search vendor "Linux"	Linux Kernel Search vendor "Linux" for product "Linux Kernel"	>= 3.3 < 3.4.42 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.3 < 3.4.42"	-	Affected	in	Motorola Search vendor "Motorola"	Razr Hd Search vendor "Motorola" for product "Razr Hd"	-	-	Safe
Linux Search vendor "Linux"	Linux Kernel Search vendor "Linux" for product "Linux Kernel"	>= 3.3 < 3.4.42 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.3 < 3.4.42"	-	Affected	in	Motorola Search vendor "Motorola"	Razr M Search vendor "Motorola" for product "Razr M"	-	-	Safe
Linux Search vendor "Linux"	Linux Kernel Search vendor "Linux" for product "Linux Kernel"	>= 3.3 < 3.4.42 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.3 < 3.4.42"	-	Affected	in	Qualcomm Search vendor "Qualcomm"	Msm8960 Search vendor "Qualcomm" for product "Msm8960"	-	-	Safe
Linux Search vendor "Linux"	Linux Kernel Search vendor "Linux" for product "Linux Kernel"	>= 3.5 < 3.8.9 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.5 < 3.8.9"	-	Affected	in	Motorola Search vendor "Motorola"	Atrix Hd Search vendor "Motorola" for product "Atrix Hd"	-	-	Safe
Linux Search vendor "Linux"	Linux Kernel Search vendor "Linux" for product "Linux Kernel"	>= 3.5 < 3.8.9 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.5 < 3.8.9"	-	Affected	in	Motorola Search vendor "Motorola"	Razr Hd Search vendor "Motorola" for product "Razr Hd"	-	-	Safe
Linux Search vendor "Linux"	Linux Kernel Search vendor "Linux" for product "Linux Kernel"	>= 3.5 < 3.8.9 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.5 < 3.8.9"	-	Affected	in	Motorola Search vendor "Motorola"	Razr M Search vendor "Motorola" for product "Razr M"	-	-	Safe
Linux Search vendor "Linux"	Linux Kernel Search vendor "Linux" for product "Linux Kernel"	>= 3.5 < 3.8.9 Search vendor "Linux" for product "Linux Kernel" and version " >= 3.5 < 3.8.9"	-	Affected	in	Qualcomm Search vendor "Qualcomm"	Msm8960 Search vendor "Qualcomm" for product "Msm8960"	-	-	Safe
Motorola Search vendor "Motorola"	Android Search vendor "Motorola" for product "Android"	4.1.2 Search vendor "Motorola" for product "Android" and version "4.1.2"	-	Affected	in	Motorola Search vendor "Motorola"	Atrix Hd Search vendor "Motorola" for product "Atrix Hd"	-	-	Safe
Motorola Search vendor "Motorola"	Android Search vendor "Motorola" for product "Android"	4.1.2 Search vendor "Motorola" for product "Android" and version "4.1.2"	-	Affected	in	Motorola Search vendor "Motorola"	Razr Hd Search vendor "Motorola" for product "Razr Hd"	-	-	Safe
Motorola Search vendor "Motorola"	Android Search vendor "Motorola" for product "Android"	4.1.2 Search vendor "Motorola" for product "Android" and version "4.1.2"	-	Affected	in	Motorola Search vendor "Motorola"	Razr M Search vendor "Motorola" for product "Razr M"	-	-	Safe
Motorola Search vendor "Motorola"	Android Search vendor "Motorola" for product "Android"	4.1.2 Search vendor "Motorola" for product "Android" and version "4.1.2"	-	Affected	in	Qualcomm Search vendor "Qualcomm"	Msm8960 Search vendor "Qualcomm" for product "Msm8960"	-	-	Safe