cvelistv5 - cve-2013-4738

CVE-2013-4738 (GCVE-0-2013-4738)

Vulnerability from cvelistv5 – Published: 2014-02-03 02:00 – Updated: 2024-08-06 16:52

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	https://www.codeaurora.org/projects/security-advi…	x_refsource_CONFIRM
	http://www.openwall.com/lists/oss-security/2013/10/15/4	mailing-listx_refsource_MLIST

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T16:52:27.040Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.codeaurora.org/projects/security-advisories/stack-based-buffer-overflow-and-memory-disclosure-camera-driver-cve-2013-4748-cve-2013-4739"
          },
          {
            "name": "[oss-security] 20131015 Report - Stack-based buffer overflow and memory disclosure in camera driver (CVE-2013-4748 CVE-2013-4739)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2013/10/15/4"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2013-10-15T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Multiple stack-based buffer overflows in the MSM camera driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to gain privileges via (1) a crafted VIDIOC_MSM_VPE_DEQUEUE_STREAM_BUFF_INFO ioctl call, related to drivers/media/platform/msm/camera_v2/pproc/vpe/msm_vpe.c, or (2) a crafted VIDIOC_MSM_CPP_DEQUEUE_STREAM_BUFF_INFO ioctl call, related to drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2014-02-06T02:57:01",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.codeaurora.org/projects/security-advisories/stack-based-buffer-overflow-and-memory-disclosure-camera-driver-cve-2013-4748-cve-2013-4739"
        },
        {
          "name": "[oss-security] 20131015 Report - Stack-based buffer overflow and memory disclosure in camera driver (CVE-2013-4748 CVE-2013-4739)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2013/10/15/4"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2013-4738",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Multiple stack-based buffer overflows in the MSM camera driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to gain privileges via (1) a crafted VIDIOC_MSM_VPE_DEQUEUE_STREAM_BUFF_INFO ioctl call, related to drivers/media/platform/msm/camera_v2/pproc/vpe/msm_vpe.c, or (2) a crafted VIDIOC_MSM_CPP_DEQUEUE_STREAM_BUFF_INFO ioctl call, related to drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.codeaurora.org/projects/security-advisories/stack-based-buffer-overflow-and-memory-disclosure-camera-driver-cve-2013-4748-cve-2013-4739",
              "refsource": "CONFIRM",
              "url": "https://www.codeaurora.org/projects/security-advisories/stack-based-buffer-overflow-and-memory-disclosure-camera-driver-cve-2013-4748-cve-2013-4739"
            },
            {
              "name": "[oss-security] 20131015 Report - Stack-based buffer overflow and memory disclosure in camera driver (CVE-2013-4748 CVE-2013-4739)",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2013/10/15/4"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2013-4738",
    "datePublished": "2014-02-03T02:00:00",
    "dateReserved": "2013-07-01T00:00:00",
    "dateUpdated": "2024-08-06T16:52:27.040Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:codeaurora:android-msm:2.6.29:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"46D87AD6-5AF4-418F-ACDB-A93CE4998958\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:qualcomm:quic_mobile_station_modem_kernel:3.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"BC462F6B-50B4-4EDD-921C-36CEB05D14AC\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"Multiple stack-based buffer overflows in the MSM camera driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to gain privileges via (1) a crafted VIDIOC_MSM_VPE_DEQUEUE_STREAM_BUFF_INFO ioctl call, related to drivers/media/platform/msm/camera_v2/pproc/vpe/msm_vpe.c, or (2) a crafted VIDIOC_MSM_CPP_DEQUEUE_STREAM_BUFF_INFO ioctl call, related to drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c.\"}, {\"lang\": \"es\", \"value\": \"M\\u00faltiples desbordamientos de buffer basados en pila en el driver de la c\\u00e1mara MSM para el kernel de Linux 3.x, tal y como se usa en Qualcomm Innovation Center (QuIC) de contribuciones Android para dispositivos MSM y otros productos, permite a atacantes obtener privilegios mediante (1) una llamada ioctl VIDIOC_MSM_VPE_DEQUEUE_STREAM_BUFF_INFO  manipulada, relacionada con /drivers/media/platform/msm/camera_v2/pproc/vpe/msm_vpe.c o (2) una llamada ioctl VIDIOC_MSM_CPP_DEQUEUE_STREAM_BUFF_INFO manipulada, relacionada con drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c.\"}]",
      "id": "CVE-2013-4738",
      "lastModified": "2024-11-21T01:56:15.457",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:C/I:C/A:C\", \"baseScore\": 7.2, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 3.9, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2014-02-03T03:55:03.690",
      "references": "[{\"url\": \"http://www.openwall.com/lists/oss-security/2013/10/15/4\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://www.codeaurora.org/projects/security-advisories/stack-based-buffer-overflow-and-memory-disclosure-camera-driver-cve-2013-4748-cve-2013-4739\", \"source\": \"cve@mitre.org\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2013/10/15/4\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.codeaurora.org/projects/security-advisories/stack-based-buffer-overflow-and-memory-disclosure-camera-driver-cve-2013-4748-cve-2013-4739\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-119\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2013-4738\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2014-02-03T03:55:03.690\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"Multiple stack-based buffer overflows in the MSM camera driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to gain privileges via (1) a crafted VIDIOC_MSM_VPE_DEQUEUE_STREAM_BUFF_INFO ioctl call, related to drivers/media/platform/msm/camera_v2/pproc/vpe/msm_vpe.c, or (2) a crafted VIDIOC_MSM_CPP_DEQUEUE_STREAM_BUFF_INFO ioctl call, related to drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c.\"},{\"lang\":\"es\",\"value\":\"M\u00faltiples desbordamientos de buffer basados en pila en el driver de la c\u00e1mara MSM para el kernel de Linux 3.x, tal y como se usa en Qualcomm Innovation Center (QuIC) de contribuciones Android para dispositivos MSM y otros productos, permite a atacantes obtener privilegios mediante (1) una llamada ioctl VIDIOC_MSM_VPE_DEQUEUE_STREAM_BUFF_INFO  manipulada, relacionada con /drivers/media/platform/msm/camera_v2/pproc/vpe/msm_vpe.c o (2) una llamada ioctl VIDIOC_MSM_CPP_DEQUEUE_STREAM_BUFF_INFO manipulada, relacionada con drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:C/I:C/A:C\",\"baseScore\":7.2,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":3.9,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-119\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:codeaurora:android-msm:2.6.29:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"46D87AD6-5AF4-418F-ACDB-A93CE4998958\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:quic_mobile_station_modem_kernel:3.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"BC462F6B-50B4-4EDD-921C-36CEB05D14AC\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2013/10/15/4\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.codeaurora.org/projects/security-advisories/stack-based-buffer-overflow-and-memory-disclosure-camera-driver-cve-2013-4748-cve-2013-4739\",\"source\":\"cve@mitre.org\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2013/10/15/4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.codeaurora.org/projects/security-advisories/stack-based-buffer-overflow-and-memory-disclosure-camera-driver-cve-2013-4748-cve-2013-4739\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

VAR-201402-0146

Vulnerability from variot - Updated: 2023-12-18 12:30

Multiple stack-based buffer overflows in the MSM camera driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to gain privileges via (1) a crafted VIDIOC_MSM_VPE_DEQUEUE_STREAM_BUFF_INFO ioctl call, related to drivers/media/platform/msm/camera_v2/pproc/vpe/msm_vpe.c, or (2) a crafted VIDIOC_MSM_CPP_DEQUEUE_STREAM_BUFF_INFO ioctl call, related to drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c. (1) drivers/media/platform/msm/camera_v2/pproc/vpe/msm_vpe.c (2) drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.cAn attacker could gain privileges through the following items: (1) Cleverly crafted VIDIOC_MSM_VPE_DEQUEUE_STREAM_BUFF_INFO ioctl call (2) Cleverly crafted VIDIOC_MSM_CPP_DEQUEUE_STREAM_BUFF_INFO ioctl call. Android for MSM project is prone to multiple stack-based buffer-overflow vulnerabilities because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. Local attackers can exploit these issues to run arbitrary code with elevated privileges. Failed exploit attempts will likely result in denial-of-service conditions. MSM camera driver for the Linux kernel is a Qualcomm platform camera driver project based on the Linux kernel. Description

A stack-based buffer overflow and a kernel memory disclosure vulnerability have been discovered in the system call handlers of the camera driver.

CVE-2013-4738

The camera post processing engine (CPP) and video processing engine (VPE) provide an ioctl system call interface to user space clients for communication. When processing arguments passed to the VIDIOC_MSM_CPP_DEQUEUE_STREAM_BUFF_INFO or VIDIOC_MSM_VPE_DEQUEUE_STREAM_BUFF_INFO ioctl subdev handlers, a user space supplied length value is used to copy memory to a local stack buffer without proper bounds checking. An application with access to the respective device nodes can use this flaw to, e.g., elevate privileges.

Access Vector: local Security Risk: high Vulnerability: CWE-121 (stack-based buffer overflow)

CVE-2013-4739

The Gemini JPEG encoder and the Jpeg1.0 common encoder/decoder engines of the camera driver are not properly initializing all members of a structure before copying it to user space. This allows a local attacker to obtain potentially sensitive information from kernel stack memory via ioctl system calls.

Access Vector: local Security Risk: low Vulnerability: CWE-200 (information exposure)

Affected versions

All Android releases from CAF using a Linux kernel from the following heads:

msm-3.4
jb_3*

Patch

We advise customers to apply the following patches:

CVE-2013-4738:

https://www.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=c9c81836ee44db9974007d34cf2aaeb1a51a8d45

https://www.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=28385b9c3054c91dca1aa194ffa750550c50f3ce

CVE-2013-4739:

https://www.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=8604847927f952cc8e773b97eca24e1060a570f2

Credits

Reported by the researcher Jonathan Salwan and patched by Qualcomm Innovation Center

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201402-0146",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "android-msm",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "codeaurora",
        "version": "2.6.29"
      },
      {
        "model": "quic mobile station modem kernel",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "qualcomm",
        "version": "3.4"
      },
      {
        "model": "android for msm",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "android for msm",
        "version": "2.6.29"
      },
      {
        "model": "quic mobile station modem",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "qualcomm",
        "version": "3.4"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005979"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-4738"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201310-658"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:2.6.29:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:qualcomm:quic_mobile_station_modem_kernel:3.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-4738"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Jonathan Salwan of the Sysdream Security Lab",
    "sources": [
      {
        "db": "BID",
        "id": "63263"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201310-658"
      }
    ],
    "trust": 0.9
  },
  "cve": "CVE-2013-4738",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "HIGH",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Local",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 7.2,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2013-4738",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "High",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.9,
            "id": "VHN-64740",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "HIGH",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2013-4738",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201310-658",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-64740",
            "trust": 0.1,
            "value": "HIGH"
          },
          {
            "author": "VULMON",
            "id": "CVE-2013-4738",
            "trust": 0.1,
            "value": "HIGH"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-64740"
      },
      {
        "db": "VULMON",
        "id": "CVE-2013-4738"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005979"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-4738"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201310-658"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Multiple stack-based buffer overflows in the MSM camera driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to gain privileges via (1) a crafted VIDIOC_MSM_VPE_DEQUEUE_STREAM_BUFF_INFO ioctl call, related to drivers/media/platform/msm/camera_v2/pproc/vpe/msm_vpe.c, or (2) a crafted VIDIOC_MSM_CPP_DEQUEUE_STREAM_BUFF_INFO ioctl call, related to drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c. (1) drivers/media/platform/msm/camera_v2/pproc/vpe/msm_vpe.c (2) drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.cAn attacker could gain privileges through the following items: (1) Cleverly crafted VIDIOC_MSM_VPE_DEQUEUE_STREAM_BUFF_INFO ioctl call (2) Cleverly crafted VIDIOC_MSM_CPP_DEQUEUE_STREAM_BUFF_INFO ioctl call. Android for MSM project is prone to multiple stack-based buffer-overflow  vulnerabilities because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer. \nLocal attackers can exploit these issues to run arbitrary code with elevated  privileges. Failed exploit attempts will   likely result in denial-of-service conditions. MSM camera driver for the Linux kernel is a Qualcomm platform camera driver project based on the Linux kernel. *Description*\n\nA stack-based buffer overflow and a kernel memory disclosure vulnerability\nhave been discovered in the system call handlers of the camera driver. \n\n*CVE-2013-4738*\n\nThe camera post processing engine (CPP) and video processing engine (VPE)\nprovide an ioctl system call interface to user space clients for\ncommunication. When processing arguments passed to the\nVIDIOC_MSM_CPP_DEQUEUE_STREAM_BUFF_INFO or\nVIDIOC_MSM_VPE_DEQUEUE_STREAM_BUFF_INFO ioctl subdev handlers, a user space\nsupplied length value is used to copy memory to a local stack buffer\nwithout proper bounds checking. An application with access to the\nrespective device nodes can use this flaw to, e.g., elevate privileges. \n\nAccess Vector: local\nSecurity Risk: high\nVulnerability: CWE-121 (stack-based buffer overflow)\n\n*CVE-2013-4739*\n\nThe Gemini JPEG encoder and the Jpeg1.0 common encoder/decoder engines of\nthe camera driver are not properly initializing all members of a structure\nbefore copying it to user space. This allows a local attacker to obtain\npotentially sensitive information from kernel stack memory via ioctl system\ncalls. \n\nAccess Vector: local\nSecurity Risk: low\nVulnerability: CWE-200 (information exposure)\n\n*Affected versions*\n\nAll Android releases from CAF using a Linux kernel from the following heads:\n\n- msm-3.4\n- jb_3*\n\n*Patch*\n\nWe advise customers to apply the following patches:\n\nCVE-2013-4738:\n-\nhttps://www.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=c9c81836ee44db9974007d34cf2aaeb1a51a8d45\n-\nhttps://www.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=28385b9c3054c91dca1aa194ffa750550c50f3ce\n\nCVE-2013-4739:\n-\nhttps://www.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=8604847927f952cc8e773b97eca24e1060a570f2\n\n*Credits*\n\nReported by the researcher Jonathan Salwan and patched by Qualcomm\nInnovation Center",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-4738"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005979"
      },
      {
        "db": "BID",
        "id": "63263"
      },
      {
        "db": "VULHUB",
        "id": "VHN-64740"
      },
      {
        "db": "VULMON",
        "id": "CVE-2013-4738"
      },
      {
        "db": "PACKETSTORM",
        "id": "123704"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2013-4738",
        "trust": 3.0
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2013/10/15/4",
        "trust": 1.8
      },
      {
        "db": "BID",
        "id": "63263",
        "trust": 1.1
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005979",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201310-658",
        "trust": 0.7
      },
      {
        "db": "MLIST",
        "id": "[OSS-SECURITY] 20131015 REPORT - STACK-BASED BUFFER OVERFLOW AND MEMORY DISCLOSURE IN CAMERA DRIVER (CVE-2013-4748 CVE-2013-4739)",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "123704",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-64740",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2013-4738",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-64740"
      },
      {
        "db": "VULMON",
        "id": "CVE-2013-4738"
      },
      {
        "db": "BID",
        "id": "63263"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005979"
      },
      {
        "db": "PACKETSTORM",
        "id": "123704"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-4738"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201310-658"
      }
    ]
  },
  "id": "VAR-201402-0146",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-64740"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:30:48.037000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "QCIR-2013-00008-1",
        "trust": 0.8,
        "url": "https://www.codeaurora.org/projects/security-advisories/stack-based-buffer-overflow-and-memory-disclosure-camera-driver-cve-2013-4738-cve-2013-4739"
      },
      {
        "title": "c9c81836ee44db9974007d34cf2aaeb1a51a8d45",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=47783"
      },
      {
        "title": "28385b9c3054c91dca1aa194ffa750550c50f3ce",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=47782"
      },
      {
        "title": "8604847927f952cc8e773b97eca24e1060a570f2",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=47781"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005979"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201310-658"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-119",
        "trust": 1.9
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-64740"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005979"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-4738"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "https://www.codeaurora.org/projects/security-advisories/stack-based-buffer-overflow-and-memory-disclosure-camera-driver-cve-2013-4748-cve-2013-4739"
      },
      {
        "trust": 1.8,
        "url": "http://www.openwall.com/lists/oss-security/2013/10/15/4"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4738"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-4738"
      },
      {
        "trust": 0.7,
        "url": "http://www.securityfocus.com/bid/63263"
      },
      {
        "trust": 0.4,
        "url": "https://www.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=28385b9c3054c91dca1aa194ffa750550c50f3ce"
      },
      {
        "trust": 0.4,
        "url": "https://www.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=c9c81836ee44db9974007d34cf2aaeb1a51a8d45"
      },
      {
        "trust": 0.3,
        "url": "https://www.codeaurora.org/xwiki/bin/qaep/"
      },
      {
        "trust": 0.3,
        "url": "https://www.codeaurora.org/projects/security-advisories/stack-based-buffer-overflow-and-memory-disclosure-camera-driver-cve-2013-4738-cve-2013-4739"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/119.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://www.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=8604847927f952cc8e773b97eca24e1060a570f2"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-4739"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-4738"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-64740"
      },
      {
        "db": "VULMON",
        "id": "CVE-2013-4738"
      },
      {
        "db": "BID",
        "id": "63263"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005979"
      },
      {
        "db": "PACKETSTORM",
        "id": "123704"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-4738"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201310-658"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-64740"
      },
      {
        "db": "VULMON",
        "id": "CVE-2013-4738"
      },
      {
        "db": "BID",
        "id": "63263"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005979"
      },
      {
        "db": "PACKETSTORM",
        "id": "123704"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-4738"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201310-658"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-02-03T00:00:00",
        "db": "VULHUB",
        "id": "VHN-64740"
      },
      {
        "date": "2014-02-03T00:00:00",
        "db": "VULMON",
        "id": "CVE-2013-4738"
      },
      {
        "date": "2013-10-15T00:00:00",
        "db": "BID",
        "id": "63263"
      },
      {
        "date": "2014-02-05T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-005979"
      },
      {
        "date": "2013-10-21T22:22:22",
        "db": "PACKETSTORM",
        "id": "123704"
      },
      {
        "date": "2014-02-03T03:55:03.690000",
        "db": "NVD",
        "id": "CVE-2013-4738"
      },
      {
        "date": "2013-10-15T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201310-658"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2014-02-21T00:00:00",
        "db": "VULHUB",
        "id": "VHN-64740"
      },
      {
        "date": "2014-02-21T00:00:00",
        "db": "VULMON",
        "id": "CVE-2013-4738"
      },
      {
        "date": "2013-10-15T00:00:00",
        "db": "BID",
        "id": "63263"
      },
      {
        "date": "2014-02-05T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-005979"
      },
      {
        "date": "2014-02-21T18:18:57.280000",
        "db": "NVD",
        "id": "CVE-2013-4738"
      },
      {
        "date": "2014-02-08T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201310-658"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "BID",
        "id": "63263"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201310-658"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "MSM For devices  Qualcomm Innovation Center Android Used for contributions etc.  Linux Kernel for  MSM Buffer overflow vulnerability in camera driver",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005979"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "buffer overflow",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201310-658"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2013-4738

Vulnerability from fkie_nvd - Published: 2014-02-03 03:55 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://www.openwall.com/lists/oss-security/2013/10/15/4
cve@mitre.org	https://www.codeaurora.org/projects/security-advisories/stack-based-buffer-overflow-and-memory-disclosure-camera-driver-cve-2013-4748-cve-2013-4739	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2013/10/15/4
af854a3a-2127-422b-91ae-364da2661108	https://www.codeaurora.org/projects/security-advisories/stack-based-buffer-overflow-and-memory-disclosure-camera-driver-cve-2013-4748-cve-2013-4739	Vendor Advisory

Impacted products

	Vendor	Product	Version
	codeaurora	android-msm	2.6.29
	qualcomm	quic_mobile_station_modem_kernel	3.4

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:codeaurora:android-msm:2.6.29:*:*:*:*:*:*:*",
              "matchCriteriaId": "46D87AD6-5AF4-418F-ACDB-A93CE4998958",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:qualcomm:quic_mobile_station_modem_kernel:3.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC462F6B-50B4-4EDD-921C-36CEB05D14AC",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Multiple stack-based buffer overflows in the MSM camera driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to gain privileges via (1) a crafted VIDIOC_MSM_VPE_DEQUEUE_STREAM_BUFF_INFO ioctl call, related to drivers/media/platform/msm/camera_v2/pproc/vpe/msm_vpe.c, or (2) a crafted VIDIOC_MSM_CPP_DEQUEUE_STREAM_BUFF_INFO ioctl call, related to drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c."
    },
    {
      "lang": "es",
      "value": "M\u00faltiples desbordamientos de buffer basados en pila en el driver de la c\u00e1mara MSM para el kernel de Linux 3.x, tal y como se usa en Qualcomm Innovation Center (QuIC) de contribuciones Android para dispositivos MSM y otros productos, permite a atacantes obtener privilegios mediante (1) una llamada ioctl VIDIOC_MSM_VPE_DEQUEUE_STREAM_BUFF_INFO  manipulada, relacionada con /drivers/media/platform/msm/camera_v2/pproc/vpe/msm_vpe.c o (2) una llamada ioctl VIDIOC_MSM_CPP_DEQUEUE_STREAM_BUFF_INFO manipulada, relacionada con drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c."
    }
  ],
  "id": "CVE-2013-4738",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 7.2,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2014-02-03T03:55:03.690",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2013/10/15/4"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.codeaurora.org/projects/security-advisories/stack-based-buffer-overflow-and-memory-disclosure-camera-driver-cve-2013-4748-cve-2013-4739"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2013/10/15/4"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://www.codeaurora.org/projects/security-advisories/stack-based-buffer-overflow-and-memory-disclosure-camera-driver-cve-2013-4748-cve-2013-4739"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-119"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

GSD-2013-4738

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2013-4738

Aliases

CVE-2013-4738

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2013-4738",
    "description": "Multiple stack-based buffer overflows in the MSM camera driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to gain privileges via (1) a crafted VIDIOC_MSM_VPE_DEQUEUE_STREAM_BUFF_INFO ioctl call, related to drivers/media/platform/msm/camera_v2/pproc/vpe/msm_vpe.c, or (2) a crafted VIDIOC_MSM_CPP_DEQUEUE_STREAM_BUFF_INFO ioctl call, related to drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c.",
    "id": "GSD-2013-4738",
    "references": [
      "https://www.suse.com/security/cve/CVE-2013-4738.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2013-4738"
      ],
      "details": "Multiple stack-based buffer overflows in the MSM camera driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to gain privileges via (1) a crafted VIDIOC_MSM_VPE_DEQUEUE_STREAM_BUFF_INFO ioctl call, related to drivers/media/platform/msm/camera_v2/pproc/vpe/msm_vpe.c, or (2) a crafted VIDIOC_MSM_CPP_DEQUEUE_STREAM_BUFF_INFO ioctl call, related to drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c.",
      "id": "GSD-2013-4738",
      "modified": "2023-12-13T01:22:16.321817Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2013-4738",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Multiple stack-based buffer overflows in the MSM camera driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to gain privileges via (1) a crafted VIDIOC_MSM_VPE_DEQUEUE_STREAM_BUFF_INFO ioctl call, related to drivers/media/platform/msm/camera_v2/pproc/vpe/msm_vpe.c, or (2) a crafted VIDIOC_MSM_CPP_DEQUEUE_STREAM_BUFF_INFO ioctl call, related to drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://www.codeaurora.org/projects/security-advisories/stack-based-buffer-overflow-and-memory-disclosure-camera-driver-cve-2013-4748-cve-2013-4739",
            "refsource": "CONFIRM",
            "url": "https://www.codeaurora.org/projects/security-advisories/stack-based-buffer-overflow-and-memory-disclosure-camera-driver-cve-2013-4748-cve-2013-4739"
          },
          {
            "name": "[oss-security] 20131015 Report - Stack-based buffer overflow and memory disclosure in camera driver (CVE-2013-4748 CVE-2013-4739)",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2013/10/15/4"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:2.6.29:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:qualcomm:quic_mobile_station_modem_kernel:3.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2013-4738"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Multiple stack-based buffer overflows in the MSM camera driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to gain privileges via (1) a crafted VIDIOC_MSM_VPE_DEQUEUE_STREAM_BUFF_INFO ioctl call, related to drivers/media/platform/msm/camera_v2/pproc/vpe/msm_vpe.c, or (2) a crafted VIDIOC_MSM_CPP_DEQUEUE_STREAM_BUFF_INFO ioctl call, related to drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-119"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.codeaurora.org/projects/security-advisories/stack-based-buffer-overflow-and-memory-disclosure-camera-driver-cve-2013-4748-cve-2013-4739",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://www.codeaurora.org/projects/security-advisories/stack-based-buffer-overflow-and-memory-disclosure-camera-driver-cve-2013-4748-cve-2013-4739"
            },
            {
              "name": "[oss-security] 20131015 Report - Stack-based buffer overflow and memory disclosure in camera driver (CVE-2013-4748 CVE-2013-4739)",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://www.openwall.com/lists/oss-security/2013/10/15/4"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 7.2,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "HIGH",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2014-02-21T18:18Z",
      "publishedDate": "2014-02-03T03:55Z"
    }
  }
}

GHSA-9G7G-R2VQ-GQPH

Vulnerability from github – Published: 2022-05-17 04:52 – Updated: 2022-05-17 04:52

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2013-4738"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-119"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2014-02-03T03:55:00Z",
    "severity": "HIGH"
  },
  "details": "Multiple stack-based buffer overflows in the MSM camera driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to gain privileges via (1) a crafted VIDIOC_MSM_VPE_DEQUEUE_STREAM_BUFF_INFO ioctl call, related to drivers/media/platform/msm/camera_v2/pproc/vpe/msm_vpe.c, or (2) a crafted VIDIOC_MSM_CPP_DEQUEUE_STREAM_BUFF_INFO ioctl call, related to drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c.",
  "id": "GHSA-9g7g-r2vq-gqph",
  "modified": "2022-05-17T04:52:16Z",
  "published": "2022-05-17T04:52:16Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-4738"
    },
    {
      "type": "WEB",
      "url": "https://www.codeaurora.org/projects/security-advisories/stack-based-buffer-overflow-and-memory-disclosure-camera-driver-cve-2013-4748-cve-2013-4739"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2013/10/15/4"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2013-4738 (GCVE-0-2013-4738)

VAR-201402-0146

CVE-2013-4738:

https://www.codeaurora.org/cgit/quic/la/kernel/msm/commit/?id=c9c81836ee44db9974007d34cf2aaeb1a51a8d45

CVE-2013-4739:

FKIE_CVE-2013-4738

GSD-2013-4738

GHSA-9G7G-R2VQ-GQPH

Tags

Sightings

Nomenclature