DEBIAN-CVE-2013-2596

DEBIAN-CVE-2013-2596 PUBLISHED CVSS 7.800000190734863 HIGH

Integer overflow in the fb_mmap function in drivers/video/fbmem.c in the Linux kernel before 3.8.9, as used in a certain Motorola build of Android 4.1.2 and other products, allows local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted /dev/graphics/fb0 mmap2 system calls, as demonstrated by the Motochopper pwn program.

Risk Scores

CVSS 3.1

7.800000190734863

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected Products

Vendor	Product	Versions
Debian:13	linux	0, 0, 0
Debian:14	linux	0, 0, 0
Debian:11	linux	0, 0, 0
Debian:12	linux	0, 0, 0

Exploit Intelligence

CVE-2013-2596 exploit for android (github-poc)
kev.json (github-poc)
data.js (github-poc)

Timeline

Apr 13, 2013 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2013-2596 advisory

Open in Interactive Console →