Linux kernel 3.x QuIC bypass intended access restrictions

2014.02.16
Credit: codeaurora
Risk: High
Local: Yes
Remote: No
CWE: CWE-264


CVSS Base Score: 9.3/10
Impact Subscore: 10/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Complete
Integrity impact: Complete
Availability impact: Complete

Advisory ID QCIR-2013-00006-1 CVE ID(s) CVE-2013-4737 Description The following security vulnerability has been identified in the implementation of the CONFIG_STRICT_MEMORY_RWX feature. CVE-2013-4737: If CONFIG_STRICT_MEMORY_RWX is set, the first section (containing the kernel page table and the initial code) and the section containing the init code are both given RWX permission. This effectively bypasses the intention of this this feature and eases exploitation of kernel vulnerabilities by providing readable, writeable and executable memory at a known location. Access Vector: local/remote Security Risk: high Vulnerability: weaknesses that affect memory (CWE-633) Affected versions All Android releases from CAF using a Linux kernel from the following heads: msm-3.* jb* ics* Note: Because the patch is making use of additional padding of the memory sections, it results in approximately using 1900kB additional memory for the kernel. Patch We advise customers to apply the following patch: https://www.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=4256415b296348ff16cd17a5b8f8dce4dea37328 Acknowledgement Qualcomm Innovation Center, Inc. (QuIC) thanks Georg Wicherski of CrowdStrike for reporting the related issues and working with QuIC to help improve Android device security. Revisions Initial revision Contact security-advisory@quicinc.com

References:

https://www.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=4256415b296348ff16cd17a5b8f8dce4dea37328
https://www.codeaurora.org/projects/security-advisories/configstrictmemoryrwx-not-strictly-enforced-cve-2013-4737


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top