VDB
CVE-2013-2596
CVE-2013-2596
PUBLISHED
KEV
Integer overflow in the fb_mmap function in drivers/video/fbmem.c in the Linux kernel before 3.8.9, as used in a certain Motorola build of Android 4.1.2 and other products, allows local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted /dev/graphics/fb0 mmap2 system calls, as demonstrated by the Motochopper pwn program.
EPSS 3.13% · 87.1th percentile
Risk Scores
EPSS Score
3.13%
87.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:18.04:LTS | linux-gcp-edge | 0, 4.18.0-1004.5~18.04.1, 4.18.0-1005.6~18.04.1 |
| Ubuntu:18.04:LTS | linux-gcp | 4.15.0-1019.20, 4.15.0-1034.36, 4.15.0-1036.38 |
| Ubuntu:18.04:LTS | linux-hwe-edge | 5.3.0-23.25~18.04.1, 5.3.0-22.24~18.04.1, 5.0.0-19.20~18.04.1 |
| Ubuntu:18.04:LTS | linux-aws-5.0 | 5.0.0-1021.24~18.04.1, 5.0.0-1023.26~18.04.1, 0 |
| Ubuntu:18.04:LTS | linux-azure | 4.18.0-1019.19~18.04.1, 4.15.0-1003.3, 4.15.0-1008.8 |
| Ubuntu:18.04:LTS | linux-oracle-5.0 | 5.0.0-1007.12~18.04.1, 0, 5.0.0-1008.13~18.04.1 |
| Ubuntu:18.04:LTS | linux-azure-edge | 4.18.0-1008.8~18.04.1, 0, 4.18.0-1006.6~18.04.1 |
| Ubuntu:20.04:LTS | linux-raspi2 | 5.4.0-1006.6, 5.4.0-1004.4, 5.3.0-1017.19 |
| Ubuntu:16.04:LTS | linux-hwe-edge | 4.15.0-13.14~16.04.1, 4.15.0-15.16~16.04.1, 4.15.0-20.21~16.04.1 |
Timeline
- Jan 18, 1970 VulnCheck XDB Entry
- Apr 13, 2013 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Sep 15, 2022 CISA KEV Added
- Dec 17, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- May 24, 2023 EPSS Score
- Jul 15, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2013-2596 third-party-advisory
- http://forum.xda-developers.com/showthread.php?t=2255491 third-party-advisory
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b4cbb197c7e7a68dbad0d491242e3ca67420c13e third-party-advisory
- http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=fc9bbca8f650e5f738af8806317c0a041a48ae4a third-party-advisory
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761 third-party-advisory
- http://marc.info/?l=linux-kernel&m=136616837923938&w=2 third-party-advisory
- http://rhn.redhat.com/errata/RHSA-2015-0695.html third-party-advisory
- http://rhn.redhat.com/errata/RHSA-2015-0782.html third-party-advisory
- http://rhn.redhat.com/errata/RHSA-2015-0803.html third-party-advisory
- http://www.droid-life.com/2013/04/09/root-method-released-for-droid-razr-hd-running-android-4-1-2-other-devices-too/ third-party-advisory
- http://www.droidrzr.com/index.php/topic/15208-root-motochopper-yet-another-android-root-exploit/ third-party-advisory
- http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.9 third-party-advisory
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:176 third-party-advisory
- http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html third-party-advisory
- https://github.com/torvalds/linux/commit/b4cbb197c7e7a68dbad0d491242e3ca67420c13e third-party-advisory
- https://github.com/torvalds/linux/commit/fc9bbca8f650e5f738af8806317c0a041a48ae4a third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2013-2596 third-party-advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog third-party-advisory