CVE-2013-2597

critical-risk
Published 2014-08-31

Stack-based buffer overflow in the acdb_ioctl function in audio_acdb.c in the acdb audio driver for the Linux kernel 2.6.x and 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges via an application that leverages /dev/msm_acdb access and provides a large size value in an ioctl argument.

Do I need to act?

~
6.7% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.4/10 High
LOCAL / LOW complexity

Affected Products (20)

Affected Vendors

Codeaurora

References (3)

Broken Link https://www.codeaurora.org/projects/security-advisories/stack-based-buffer-overf...
Broken Link https://www.codeaurora.org/projects/security-advisories/stack-based-buffer-overf...
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-...
75
/ 100
critical-risk
Severity 26/34 · High
Exploitability 16/34 · Moderate
Exposure 33/34 · Critical