CVE-2013-2597
Published: 31 August 2014
Summary
CVE-2013-2597 is a high-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Codeaurora Android-Msm. Its CVSS base score is 8.4 (High).
Operationally, ranked in the top 9.0% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-6 (Least Privilege).
Deeper analysis
The vulnerability is a stack-based buffer overflow in the acdb_ioctl function within audio_acdb.c of the acdb audio driver, affecting Linux kernel versions 2.6.x and 3.x as incorporated in Qualcomm Innovation Center Android contributions for MSM devices and related products. It is tracked under CWE-121 and carries a CVSS 3.1 score of 8.4.
An attacker with the ability to execute an application that obtains access to the /dev/msm_acdb device node can supply an oversized value in an ioctl argument, leading to privilege escalation on the affected system.
The issue is documented in Code Aurora security advisories and appears in the CISA Known Exploited Vulnerabilities catalog, confirming observed real-world exploitation.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2013-2539
Vulnerability details
Stack-based buffer overflow in the acdb_ioctl function in audio_acdb.c in the acdb audio driver for the Linux kernel 2.6.x and 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain…
more
privileges via an application that leverages /dev/msm_acdb access and provides a large size value in an ioctl argument.
- CWE(s)
- KEV Date Added
- 15 September 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Enforces access restrictions on the /dev/msm_acdb device node so only authorized processes may issue ioctls to the vulnerable acdb_ioctl function.
Limits privileges of applications so they cannot obtain the /dev/msm_acdb access required to supply an oversized ioctl argument and trigger the stack overflow.
Requires validation of ioctl size parameters in the audio driver, directly blocking the oversized value that causes the stack-based buffer overflow.