// For flags

CVE-2013-2596

Linux Kernel Integer Overflow Vulnerability

Severity Score

7.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

4
*Multiple Sources

Exploited in Wild

Yes
*KEV

Decision

-
*SSVC
Descriptions

Integer overflow in the fb_mmap function in drivers/video/fbmem.c in the Linux kernel before 3.8.9, as used in a certain Motorola build of Android 4.1.2 and other products, allows local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted /dev/graphics/fb0 mmap2 system calls, as demonstrated by the Motochopper pwn program.

Una determinada version de Android v4.1.2 en dispositivos Motorola Razr HD, Razr M, y Atrix HD con el chipset Qualcomm MSM8960 permite a atacantes físicamente próximos obtener acceso de root entrando en el modo de depuración USB, usando Android Debug Bridge (ADB) para establecer una conexión USB, y cargar y ejecutar el programa pwn Motochopper.

An integer overflow flaw was found in the way the Linux kernel's Frame Buffer device implementation mapped kernel memory to user space via the mmap syscall. A local user able to access a frame buffer device file (/dev/fb*) could possibly use this flaw to escalate their privileges on the system.

Linux kernel fb_mmap function in drivers/video/fbmem.c contains an integer overflow vulnerability that allows for privilege escalation.

*Credits: N/A
CVSS Scores
Attack Vector
Local
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Local
Attack Complexity
Medium
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
Attack Vector
Local
Attack Complexity
High
Authentication
Single
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2013-03-15 CVE Reserved
  • 2013-04-13 CVE Published
  • 2022-09-15 Exploited in Wild
  • 2022-10-06 KEV Due Date
  • 2024-06-29 EPSS Updated
  • 2024-08-06 CVE Updated
  • 2024-08-06 First Exploit
CWE
  • CWE-190: Integer Overflow or Wraparound
CAPEC
References (18)
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 2.6.12 < 3.0.75
Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.12 < 3.0.75"
-
Affected
in Motorola
Search vendor "Motorola"
Atrix Hd
Search vendor "Motorola" for product "Atrix Hd"
--
Safe
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 2.6.12 < 3.0.75
Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.12 < 3.0.75"
-
Affected
in Motorola
Search vendor "Motorola"
Razr Hd
Search vendor "Motorola" for product "Razr Hd"
--
Safe
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 2.6.12 < 3.0.75
Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.12 < 3.0.75"
-
Affected
in Motorola
Search vendor "Motorola"
Razr M
Search vendor "Motorola" for product "Razr M"
--
Safe
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 2.6.12 < 3.0.75
Search vendor "Linux" for product "Linux Kernel" and version " >= 2.6.12 < 3.0.75"
-
Affected
in Qualcomm
Search vendor "Qualcomm"
Msm8960
Search vendor "Qualcomm" for product "Msm8960"
--
Safe
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 3.1 < 3.2.45
Search vendor "Linux" for product "Linux Kernel" and version " >= 3.1 < 3.2.45"
-
Affected
in Motorola
Search vendor "Motorola"
Atrix Hd
Search vendor "Motorola" for product "Atrix Hd"
--
Safe
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 3.1 < 3.2.45
Search vendor "Linux" for product "Linux Kernel" and version " >= 3.1 < 3.2.45"
-
Affected
in Motorola
Search vendor "Motorola"
Razr Hd
Search vendor "Motorola" for product "Razr Hd"
--
Safe
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 3.1 < 3.2.45
Search vendor "Linux" for product "Linux Kernel" and version " >= 3.1 < 3.2.45"
-
Affected
in Motorola
Search vendor "Motorola"
Razr M
Search vendor "Motorola" for product "Razr M"
--
Safe
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 3.1 < 3.2.45
Search vendor "Linux" for product "Linux Kernel" and version " >= 3.1 < 3.2.45"
-
Affected
in Qualcomm
Search vendor "Qualcomm"
Msm8960
Search vendor "Qualcomm" for product "Msm8960"
--
Safe
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 3.3 < 3.4.42
Search vendor "Linux" for product "Linux Kernel" and version " >= 3.3 < 3.4.42"
-
Affected
in Motorola
Search vendor "Motorola"
Atrix Hd
Search vendor "Motorola" for product "Atrix Hd"
--
Safe
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 3.3 < 3.4.42
Search vendor "Linux" for product "Linux Kernel" and version " >= 3.3 < 3.4.42"
-
Affected
in Motorola
Search vendor "Motorola"
Razr Hd
Search vendor "Motorola" for product "Razr Hd"
--
Safe
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 3.3 < 3.4.42
Search vendor "Linux" for product "Linux Kernel" and version " >= 3.3 < 3.4.42"
-
Affected
in Motorola
Search vendor "Motorola"
Razr M
Search vendor "Motorola" for product "Razr M"
--
Safe
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 3.3 < 3.4.42
Search vendor "Linux" for product "Linux Kernel" and version " >= 3.3 < 3.4.42"
-
Affected
in Qualcomm
Search vendor "Qualcomm"
Msm8960
Search vendor "Qualcomm" for product "Msm8960"
--
Safe
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 3.5 < 3.8.9
Search vendor "Linux" for product "Linux Kernel" and version " >= 3.5 < 3.8.9"
-
Affected
in Motorola
Search vendor "Motorola"
Atrix Hd
Search vendor "Motorola" for product "Atrix Hd"
--
Safe
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 3.5 < 3.8.9
Search vendor "Linux" for product "Linux Kernel" and version " >= 3.5 < 3.8.9"
-
Affected
in Motorola
Search vendor "Motorola"
Razr Hd
Search vendor "Motorola" for product "Razr Hd"
--
Safe
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 3.5 < 3.8.9
Search vendor "Linux" for product "Linux Kernel" and version " >= 3.5 < 3.8.9"
-
Affected
in Motorola
Search vendor "Motorola"
Razr M
Search vendor "Motorola" for product "Razr M"
--
Safe
Linux
Search vendor "Linux"
Linux Kernel
Search vendor "Linux" for product "Linux Kernel"
>= 3.5 < 3.8.9
Search vendor "Linux" for product "Linux Kernel" and version " >= 3.5 < 3.8.9"
-
Affected
in Qualcomm
Search vendor "Qualcomm"
Msm8960
Search vendor "Qualcomm" for product "Msm8960"
--
Safe
Motorola
Search vendor "Motorola"
Android
Search vendor "Motorola" for product "Android"
4.1.2
Search vendor "Motorola" for product "Android" and version "4.1.2"
-
Affected
in Motorola
Search vendor "Motorola"
Atrix Hd
Search vendor "Motorola" for product "Atrix Hd"
--
Safe
Motorola
Search vendor "Motorola"
Android
Search vendor "Motorola" for product "Android"
4.1.2
Search vendor "Motorola" for product "Android" and version "4.1.2"
-
Affected
in Motorola
Search vendor "Motorola"
Razr Hd
Search vendor "Motorola" for product "Razr Hd"
--
Safe
Motorola
Search vendor "Motorola"
Android
Search vendor "Motorola" for product "Android"
4.1.2
Search vendor "Motorola" for product "Android" and version "4.1.2"
-
Affected
in Motorola
Search vendor "Motorola"
Razr M
Search vendor "Motorola" for product "Razr M"
--
Safe
Motorola
Search vendor "Motorola"
Android
Search vendor "Motorola" for product "Android"
4.1.2
Search vendor "Motorola" for product "Android" and version "4.1.2"
-
Affected
in Qualcomm
Search vendor "Qualcomm"
Msm8960
Search vendor "Qualcomm" for product "Msm8960"
--
Safe