CVE-2013-2596

Published: Apr 13, 2013Modified: Apr 21, 2026CISA KEV

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

Integer overflow in the fb_mmap function in drivers/video/fbmem.c in the Linux kernel before 3.8.9, as used in a certain Motorola build of Android 4.1.2 and other products, allows local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted /dev/graphics/fb0 mmap2 system calls, as demonstrated by the Motochopper pwn program.

Affected (5)

Products: Linux: Linux Kernel · Motorola: Android

1 product

1 product

Configuration A

5 vulnerable · 4 platform

Vulnerable Software	Affected Versions
Linux Linux Kernel	From 2.6.12 to 3.0.75
Linux Linux Kernel	From 3.1 to 3.2.45
Linux Linux Kernel	From 3.3 to 3.4.42
Linux Linux Kernel	From 3.5 to 3.8.9
Motorola Android	Version 4.1.2

Running on/with	Platform Versions
Motorola Atrix Hd	All versions
Motorola Razr Hd	All versions
Motorola Razr M	All versions
Qualcomm Msm8960	All versions

Related CWEs

Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

References (33)

http://forum.xda-developers.com/showthread.php?t=2255491

Source: cve@mitre.org

Exploit

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b4cbb197c7e7a68dbad0d491242e3ca67420c13e

Source: cve@mitre.org

Broken Link

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fc9bbca8f650e5f738af8806317c0a041a48ae4a

Source: cve@mitre.org

Broken Link

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761

Source: cve@mitre.org

Third Party Advisory

http://marc.info/?l=linux-kernel&m=136616837923938&w=2

Source: cve@mitre.org

Mailing ListPatchThird Party Advisory

http://rhn.redhat.com/errata/RHSA-2015-0695.html

Source: cve@mitre.org

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2015-0782.html

Source: cve@mitre.org

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2015-0803.html

Source: cve@mitre.org

Third Party Advisory

http://www.droid-life.com/2013/04/09/root-method-released-for-droid-razr-hd-running-android-4-1-2-other-devices-too/

Source: cve@mitre.org

ExploitIssue TrackingThird Party Advisory

http://www.droidrzr.com/index.php/topic/15208-root-motochopper-yet-another-android-root-exploit/

Source: cve@mitre.org

ExploitIssue Tracking

http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.9

Source: cve@mitre.org

Mailing ListRelease Notes

http://www.mandriva.com/security/advisories?name=MDVSA-2013:176

Source: cve@mitre.org

Broken Link

http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

Source: cve@mitre.org

PatchThird Party Advisory

http://www.securityfocus.com/bid/59264

Source: cve@mitre.org

Broken LinkThird Party AdvisoryVDB Entry

https://github.com/torvalds/linux/commit/b4cbb197c7e7a68dbad0d491242e3ca67420c13e

Source: cve@mitre.org

Patch

https://github.com/torvalds/linux/commit/fc9bbca8f650e5f738af8806317c0a041a48ae4a

Source: cve@mitre.org

ExploitPatch

http://forum.xda-developers.com/showthread.php?t=2255491

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=b4cbb197c7e7a68dbad0d491242e3ca67420c13e

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=fc9bbca8f650e5f738af8806317c0a041a48ae4a

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://marc.info/?l=linux-kernel&m=136616837923938&w=2

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListPatchThird Party Advisory

http://rhn.redhat.com/errata/RHSA-2015-0695.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2015-0782.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://rhn.redhat.com/errata/RHSA-2015-0803.html

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.droid-life.com/2013/04/09/root-method-released-for-droid-razr-hd-running-android-4-1-2-other-devices-too/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue TrackingThird Party Advisory

http://www.droidrzr.com/index.php/topic/15208-root-motochopper-yet-another-android-root-exploit/

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitIssue Tracking

http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.9

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListRelease Notes

http://www.mandriva.com/security/advisories?name=MDVSA-2013:176

Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link

http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

http://www.securityfocus.com/bid/59264

Source: af854a3a-2127-422b-91ae-364da2661108

Broken LinkThird Party AdvisoryVDB Entry

https://github.com/torvalds/linux/commit/b4cbb197c7e7a68dbad0d491242e3ca67420c13e

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://github.com/torvalds/linux/commit/fc9bbca8f650e5f738af8806317c0a041a48ae4a

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitPatch

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-2596

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

US Government Resource

Timeline

No history available yet.