CVE-2013-2597
CVE-2013-2597
In short
A flaw in the acdb audio driver allows an attacker to overflow the system memory by sending a specially crafted command through a device file. This can give an attacker full control of the device.
Technical detail
Stack-based buffer overflow in acdb_ioctl function (audio_acdb.c) triggered by ioctl calls with oversized arguments via /dev/msm_acdb. Requires local access to the device file; leads to privilege escalation and arbitrary code execution.
Summary generated and translated by AI from the official description.
Stack-based buffer overflow in the acdb_ioctl function in audio_acdb.c in the acdb audio driver for the Linux kernel 2.6.x and 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges via an application that leverages /dev/msm_acdb access and provides a large size value in an ioctl argument.
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/apublic PoCs found — 1
githubgithub.com/fi01/libmsm_acdb_exploit★ 12⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →