CVE-2013-2596
Published: 13 April 2013
Summary
CVE-2013-2596 is a high-severity Integer Overflow or Wraparound (CWE-190) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).
Operationally, ranked in the top 12.8% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Deeper analysis
The vulnerability is an integer overflow in the fb_mmap function within drivers/video/fbmem.c of the Linux kernel prior to version 3.8.9. It affects framebuffer handling in that kernel and was present in a Motorola build of Android 4.1.2 along with other products using the same code. The flaw is tracked as CWE-190 and carries a CVSS 3.1 score of 7.8.
Local users can exploit the issue by issuing specially crafted mmap2 system calls against /dev/graphics/fb0. Successful exploitation grants a read-write mapping over the entire kernel address space, enabling privilege escalation to root or kernel level. The Motochopper proof-of-concept program demonstrates the attack on the affected Android build.
Upstream fixes appear in the referenced kernel commits that were merged prior to the 3.8.9 release. Juniper’s JSA10761 advisory addresses the issue for its products that incorporate the vulnerable kernel code, directing customers to apply the corresponding vendor patches or updated kernels.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2013-2538
Vulnerability details
Integer overflow in the fb_mmap function in drivers/video/fbmem.c in the Linux kernel before 3.8.9, as used in a certain Motorola build of Android 4.1.2 and other products, allows local users to create a read-write memory mapping for the entirety of…
more
kernel memory, and consequently gain privileges, via crafted /dev/graphics/fb0 mmap2 system calls, as demonstrated by the Motochopper pwn program.
- CWE(s)
- KEV Date Added
- 15 September 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires applying the vendor kernel patch (3.8.9+) that eliminates the integer overflow in fb_mmap.
Mandates validation of untrusted input parameters to mmap2 calls, blocking the crafted values that trigger the overflow.
Enforces access restrictions on kernel memory mappings so that only authorized subjects can obtain read-write views of fb0.