Android MSM camera driver for the Linux kernel 3.x Buffer Overflow

Credit: quicinc
Risk: High
Local: No
Remote: Yes
CWE: CWE-129

CVSS Base Score: 6.9/10
Impact Subscore: 10/10
Exploitability Subscore: 3.4/10
Exploit range: Local
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Complete
Integrity impact: Complete
Availability impact: Complete

Advisory ID QCIR-2014-00001-1 CVE ID(s) CVE-2013-6123 Description The following security vulnerabilities have been identified in the camera driver. CVE-2013-6123: The camera driver provides an ioctl system call interface to user space clients for communication. When processing this communication, the msm_ioctl_server, msm_server_send_ctrl, and msm_ctrl_cmd_done functions use a user-supplied value as an index to the server_queue array for read and write operations without any boundary checks. A local application with access to the camera device nodes can use this flaw to, e.g., elevate privileges. Access Vector: local Security Risk: high Vulnerability: CWE-129 (improper validation of array index) Affected versions All Android releases from CAF using Linux kernel from the following heads: jb_2.* kk_2* msm-3.0 Patch We advise customers to apply the following patches: Individual Patches msm_ioctl_server:;a=commit;h=7beb04ea945a7178e61d935918d3cb152996b558 msm_ctrl_cmd_done/msm_server_send_ctrl:;a=commit;h=60e4af06161d91d5aeaa04c7d6e9f4345a6acdd4 Acknowledgement Qualcomm Innovation Center, Inc. (QuIC) thanks for reporting the related issues and working with QuIC to help improve Android device security. Revisions Initial revision Contact


Vote for this issue:


Thanks for you vote!


Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022,


Back to Top