Cyber Resilience

CVE-2013-2596

HighCISA KEVActive ExploitationEUVD ExploitedPublic PoC

Published: 13 April 2013

Published
13 April 2013
Modified
21 April 2026
KEV Added
15 September 2022
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0313 87.2th percentile
Risk Priority 37 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2013-2596 is a high-severity Integer Overflow or Wraparound (CWE-190) vulnerability in Linux Linux Kernel. Its CVSS base score is 7.8 (High).

Operationally, ranked in the top 12.8% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog; a public proof-of-concept is referenced.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

The vulnerability is an integer overflow in the fb_mmap function within drivers/video/fbmem.c of the Linux kernel prior to version 3.8.9. It affects framebuffer handling in that kernel and was present in a Motorola build of Android 4.1.2 along with other products using the same code. The flaw is tracked as CWE-190 and carries a CVSS 3.1 score of 7.8.

Local users can exploit the issue by issuing specially crafted mmap2 system calls against /dev/graphics/fb0. Successful exploitation grants a read-write mapping over the entire kernel address space, enabling privilege escalation to root or kernel level. The Motochopper proof-of-concept program demonstrates the attack on the affected Android build.

Upstream fixes appear in the referenced kernel commits that were merged prior to the 3.8.9 release. Juniper’s JSA10761 advisory addresses the issue for its products that incorporate the vulnerable kernel code, directing customers to apply the corresponding vendor patches or updated kernels.

EU & UK References

Vulnerability details

Integer overflow in the fb_mmap function in drivers/video/fbmem.c in the Linux kernel before 3.8.9, as used in a certain Motorola build of Android 4.1.2 and other products, allows local users to create a read-write memory mapping for the entirety of…

more

kernel memory, and consequently gain privileges, via crafted /dev/graphics/fb0 mmap2 system calls, as demonstrated by the Motochopper pwn program.

CWE(s)
KEV Date Added
15 September 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

linux
linux kernel
2.6.12 — 3.0.75 · 3.1 — 3.2.45 · 3.3 — 3.4.42
motorola
android
4.1.2

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly requires applying the vendor kernel patch (3.8.9+) that eliminates the integer overflow in fb_mmap.

prevent

Mandates validation of untrusted input parameters to mmap2 calls, blocking the crafted values that trigger the overflow.

prevent

Enforces access restrictions on kernel memory mappings so that only authorized subjects can obtain read-write views of fb0.

References