← back
CVE-2013-2596

CVE-2013-2596

CVSS 7.8 HIGHEPSS 3.4%● KEVCWE-190
In short

A flaw in the Linux kernel's graphics driver allows a local attacker to map and access all of kernel memory by exploiting an integer overflow, potentially gaining full system control.

Technical detail

An integer overflow in the fb_mmap function (drivers/video/fbmem.c) in Linux kernel versions before 3.8.9 permits local attackers to establish read-write mappings of the entire kernel memory space via crafted mmap2 syscalls on /dev/graphics/fb0, enabling privilege escalation when a graphics device is accessible.

Summary generated and translated by AI from the official description.
Integer overflow in the fb_mmap function in drivers/video/fbmem.c in the Linux kernel before 3.8.9, as used in a certain Motorola build of Android 4.1.2 and other products, allows local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted /dev/graphics/fb0 mmap2 system calls, as demonstrated by the Motochopper pwn program.
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/a
public PoCs found1
githubgithub.com/hiikezoe/libfb_mem_exploit5
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://forum.xda-developers.com/showthread.php?t=2255491http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b4cbb197c7e7a68dbad0d491242e3ca67420c13ehttp://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fc9bbca8f650e5f738af8806317c0a041a48ae4ahttp://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761http://marc.info/?l=linux-kernel&m=136616837923938&w=2http://rhn.redhat.com/errata/RHSA-2015-0695.htmlhttp://rhn.redhat.com/errata/RHSA-2015-0782.htmlhttp://rhn.redhat.com/errata/RHSA-2015-0803.htmlhttps://github.com/torvalds/linux/commit/b4cbb197c7e7a68dbad0d491242e3ca67420c13ehttps://github.com/torvalds/linux/commit/fc9bbca8f650e5f738af8806317c0a041a48ae4ahttps://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-2596http://www.droid-life.com/2013/04/09/root-method-released-for-droid-razr-hd-running-android-4-1-2-other-devices-too/