{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-04-09T00:00:00", "descriptions": [{"lang": "en", "value": "Integer overflow in the fb_mmap function in drivers/video/fbmem.c in the Linux kernel before 3.8.9, as used in a certain Motorola build of Android 4.1.2 and other products, allows local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted /dev/graphics/fb0 mmap2 system calls, as demonstrated by the Motochopper pwn program."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2016-12-29T21:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "RHSA-2015:0695", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0695.html"}, {"name": "59264", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/59264"}, {"tags": ["x_refsource_MISC"], "url": "http://www.droid-life.com/2013/04/09/root-method-released-for-droid-razr-hd-running-android-4-1-2-other-devices-too/"}, {"name": "MDVSA-2013:176", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:176"}, {"name": "[linux-kernel] 20130417 Device driver memory 'mmap()' function helper cleanup", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://marc.info/?l=linux-kernel&m=136616837923938&w=2"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/torvalds/linux/commit/b4cbb197c7e7a68dbad0d491242e3ca67420c13e"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b4cbb197c7e7a68dbad0d491242e3ca67420c13e"}, {"name": "RHSA-2015:0803", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0803.html"}, {"tags": ["x_refsource_MISC"], "url": "http://forum.xda-developers.com/showthread.php?t=2255491"}, {"tags": ["x_refsource_MISC"], "url": "http://www.droidrzr.com/index.php/topic/15208-root-motochopper-yet-another-android-root-exploit/"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.9"}, {"name": "RHSA-2015:0782", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0782.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/torvalds/linux/commit/fc9bbca8f650e5f738af8806317c0a041a48ae4a"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fc9bbca8f650e5f738af8806317c0a041a48ae4a"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2013-2596", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Integer overflow in the fb_mmap function in drivers/video/fbmem.c in the Linux kernel before 3.8.9, as used in a certain Motorola build of Android 4.1.2 and other products, allows local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted /dev/graphics/fb0 mmap2 system calls, as demonstrated by the Motochopper pwn program."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "RHSA-2015:0695", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-0695.html"}, {"name": "59264", "refsource": "BID", "url": "http://www.securityfocus.com/bid/59264"}, {"name": "http://www.droid-life.com/2013/04/09/root-method-released-for-droid-razr-hd-running-android-4-1-2-other-devices-too/", "refsource": "MISC", "url": "http://www.droid-life.com/2013/04/09/root-method-released-for-droid-razr-hd-running-android-4-1-2-other-devices-too/"}, {"name": "MDVSA-2013:176", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:176"}, {"name": "[linux-kernel] 20130417 Device driver memory 'mmap()' function helper cleanup", "refsource": "MLIST", "url": "http://marc.info/?l=linux-kernel&m=136616837923938&w=2"}, {"name": "https://github.com/torvalds/linux/commit/b4cbb197c7e7a68dbad0d491242e3ca67420c13e", "refsource": "CONFIRM", "url": "https://github.com/torvalds/linux/commit/b4cbb197c7e7a68dbad0d491242e3ca67420c13e"}, {"name": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html", "refsource": "CONFIRM", "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"}, {"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b4cbb197c7e7a68dbad0d491242e3ca67420c13e", "refsource": "CONFIRM", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=b4cbb197c7e7a68dbad0d491242e3ca67420c13e"}, {"name": "RHSA-2015:0803", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-0803.html"}, {"name": "http://forum.xda-developers.com/showthread.php?t=2255491", "refsource": "MISC", "url": "http://forum.xda-developers.com/showthread.php?t=2255491"}, {"name": "http://www.droidrzr.com/index.php/topic/15208-root-motochopper-yet-another-android-root-exploit/", "refsource": "MISC", "url": "http://www.droidrzr.com/index.php/topic/15208-root-motochopper-yet-another-android-root-exploit/"}, {"name": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.9", "refsource": "CONFIRM", "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.9"}, {"name": "RHSA-2015:0782", "refsource": "REDHAT", "url": "http://rhn.redhat.com/errata/RHSA-2015-0782.html"}, {"name": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761", "refsource": "CONFIRM", "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761"}, {"name": "https://github.com/torvalds/linux/commit/fc9bbca8f650e5f738af8806317c0a041a48ae4a", "refsource": "CONFIRM", "url": "https://github.com/torvalds/linux/commit/fc9bbca8f650e5f738af8806317c0a041a48ae4a"}, {"name": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=fc9bbca8f650e5f738af8806317c0a041a48ae4a", "refsource": "CONFIRM", "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=fc9bbca8f650e5f738af8806317c0a041a48ae4a"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T15:44:32.640Z"}, "title": "CVE Program Container", "references": [{"name": "RHSA-2015:0695", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0695.html"}, {"name": "59264", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/59264"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.droid-life.com/2013/04/09/root-method-released-for-droid-razr-hd-running-android-4-1-2-other-devices-too/"}, {"name": "MDVSA-2013:176", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:176"}, {"name": "[linux-kernel] 20130417 Device driver memory 'mmap()' function helper cleanup", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://marc.info/?l=linux-kernel&m=136616837923938&w=2"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/torvalds/linux/commit/b4cbb197c7e7a68dbad0d491242e3ca67420c13e"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b4cbb197c7e7a68dbad0d491242e3ca67420c13e"}, {"name": "RHSA-2015:0803", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0803.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://forum.xda-developers.com/showthread.php?t=2255491"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://www.droidrzr.com/index.php/topic/15208-root-motochopper-yet-another-android-root-exploit/"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.9"}, {"name": "RHSA-2015:0782", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0782.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/torvalds/linux/commit/fc9bbca8f650e5f738af8806317c0a041a48ae4a"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fc9bbca8f650e5f738af8806317c0a041a48ae4a"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2013-2596", "datePublished": "2013-04-13T01:00:00", "dateReserved": "2013-03-15T00:00:00", "dateUpdated": "2024-08-06T15:44:32.640Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"cisaActionDue": "2022-10-06", "cisaExploitAdd": "2022-09-15", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Linux Kernel Integer Overflow Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "F6BFD971-9FC9-4D37-99FC-9E39178942E2", "versionEndExcluding": "3.0.75", "versionStartIncluding": "2.6.12", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "88DA168C-393B-4853-8034-6E9099CC9623", "versionEndExcluding": "3.2.45", "versionStartIncluding": "3.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "8FECB4AF-F9DF-44E3-BD62-741D5D129053", "versionEndExcluding": "3.4.42", "versionStartIncluding": "3.3", "vulnerable": true}, {"criteria": "cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*", "matchCriteriaId": "7E3C2571-AFE5-4ED0-810D-232092DD0220", "versionEndExcluding": "3.8.9", "versionStartIncluding": "3.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:motorola:android:4.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "62EFFAAF-F122-4019-8554-9E9CEF73CDAE", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:motorola:atrix_hd:-:*:*:*:*:*:*:*", "matchCriteriaId": "75B24D97-F98A-4A1A-B20E-EB6D610C71EA", "vulnerable": false}, {"criteria": "cpe:2.3:h:motorola:razr_hd:-:*:*:*:*:*:*:*", "matchCriteriaId": "A5D2D0B7-8170-46F2-9FC8-2DDD3E96DE66", "vulnerable": false}, {"criteria": "cpe:2.3:h:motorola:razr_m:-:*:*:*:*:*:*:*", "matchCriteriaId": "01FE07B3-068A-4C2A-A985-631070C17F51", "vulnerable": false}, {"criteria": "cpe:2.3:h:qualcomm:msm8960:-:*:*:*:*:*:*:*", "matchCriteriaId": "73B9587B-78D0-4057-B694-E1E6655F624F", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Integer overflow in the fb_mmap function in drivers/video/fbmem.c in the Linux kernel before 3.8.9, as used in a certain Motorola build of Android 4.1.2 and other products, allows local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted /dev/graphics/fb0 mmap2 system calls, as demonstrated by the Motochopper pwn program."}, {"lang": "es", "value": "Una determinada version de Android v4.1.2 en dispositivos Motorola Razr HD, Razr M, y Atrix HD con el chipset Qualcomm MSM8960 permite a atacantes f\u00edsicamente pr\u00f3ximos obtener acceso de root entrando en el modo de depuraci\u00f3n USB, usando Android Debug Bridge (ADB) para establecer una conexi\u00f3n USB, y cargar y ejecutar el programa pwn Motochopper."}], "id": "CVE-2013-2596", "lastModified": "2024-06-28T14:01:45.387", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 3.4, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2013-04-13T02:59:46.627", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://forum.xda-developers.com/showthread.php?t=2255491"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b4cbb197c7e7a68dbad0d491242e3ca67420c13e"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fc9bbca8f650e5f738af8806317c0a041a48ae4a"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Patch", "Third Party Advisory"], "url": "http://marc.info/?l=linux-kernel&m=136616837923938&w=2"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0695.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0782.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://rhn.redhat.com/errata/RHSA-2015-0803.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "url": "http://www.droid-life.com/2013/04/09/root-method-released-for-droid-razr-hd-running-android-4-1-2-other-devices-too/"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Issue Tracking"], "url": "http://www.droidrzr.com/index.php/topic/15208-root-motochopper-yet-another-android-root-exploit/"}, {"source": "cve@mitre.org", "tags": ["Mailing List", "Release Notes"], "url": "http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.9"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:176"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/59264"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://github.com/torvalds/linux/commit/b4cbb197c7e7a68dbad0d491242e3ca67420c13e"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch"], "url": "https://github.com/torvalds/linux/commit/fc9bbca8f650e5f738af8806317c0a041a48ae4a"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-190"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2016:0450", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "kernel-0:2.6.18-409.el5", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2016-03-15T00:00:00Z"}, {"advisory": "RHSA-2014:1392", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "kernel-0:2.6.32-504.el6", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2014-10-13T00:00:00Z"}, {"advisory": "RHSA-2015:0695", "cpe": "cpe:/o:redhat:rhel_mission_critical:6.2", "package": "kernel-0:2.6.32-220.60.2.el6", "product_name": "Red Hat Enterprise Linux 6.2 Advanced Update Support", "release_date": "2015-03-17T00:00:00Z"}, {"advisory": "RHSA-2015:0803", "cpe": "cpe:/o:redhat:rhel_aus:6.4", "package": "kernel-0:2.6.32-358.59.1.el6", "product_name": "Red Hat Enterprise Linux 6.4 Advanced Update Support", "release_date": "2015-04-14T00:00:00Z"}, {"advisory": "RHSA-2015:0782", "cpe": "cpe:/o:redhat:rhel_eus:6.5", "package": "kernel-0:2.6.32-431.53.2.el6", "product_name": "Red Hat Enterprise Linux 6.5 Extended Update Support", "release_date": "2015-04-07T00:00:00Z"}], "bugzilla": {"description": "kernel: integer overflow in fb_mmap", "id": "1034490", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1034490"}, "csaw": false, "cvss": {"cvss_base_score": "6.0", "cvss_scoring_vector": "AV:L/AC:H/Au:S/C:C/I:C/A:C", "status": "verified"}, "cwe": "CWE-190", "details": ["Integer overflow in the fb_mmap function in drivers/video/fbmem.c in the Linux kernel before 3.8.9, as used in a certain Motorola build of Android 4.1.2 and other products, allows local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted /dev/graphics/fb0 mmap2 system calls, as demonstrated by the Motochopper pwn program.", "An integer overflow flaw was found in the way the Linux kernel's Frame Buffer device implementation mapped kernel memory to user space via the mmap syscall. A local user able to access a frame buffer device file (/dev/fb*) could possibly use this flaw to escalate their privileges on the system."], "name": "CVE-2013-2596", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "kernel", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/a:redhat:enterprise_mrg:2", "fix_state": "Not affected", "package_name": "realtime-kernel", "product_name": "Red Hat Enterprise MRG 2"}], "public_date": "2013-04-09T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2013-2596\nhttps://nvd.nist.gov/vuln/detail/CVE-2013-2596\nhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog"], "statement": "This issue does not affect the version of the kernel package as shipped with Red Hat Enterprise MRG 2.\nThis issue affects the versions of Linux kernel as shipped with Red Hat Enterprise Linux 5. Future kernel updates for Red Hat Enterprise Linux 5 may address this issue.", "threat_severity": "Important"}