CVE-2013-6122 (GCVE-0-2013-6122)

Vulnerability from cvelistv5 – Published: 2013-11-12 01:00 – Updated: 2024-09-16 19:25

Summary

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.openwall.com/lists/oss-security/2013/11/08/1	mailing-listx_refsource_MLIST
	https://www.codeaurora.org/projects/security-advi…	x_refsource_CONFIRM
	https://www.codeaurora.org/cgit/quic/la/kernel/ms…	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T17:29:42.985Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "[oss-security] 20131108 Advisory report - Multiple memory corruption and race condition in Goodix gt915 Android touchscreen driver (CVE-2013-4740 \u0026 CVE-2013-6122)",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2013/11/08/1"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.codeaurora.org/projects/security-advisories/multiple-memory-corruption-issues-and-race-condition-goodix-gt915-touchscreen-driver-procfs-handler"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://www.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=f53bcf29a6e7a66b3d935b8d562fa00829261f05"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "goodix_tool.c in the Goodix gt915 touchscreen driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly synchronize updates to a global variable, which allows local users to bypass intended access restrictions or cause a denial of service (memory corruption) via crafted arguments to the procfs write handler."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2013-11-12T01:00:00Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "[oss-security] 20131108 Advisory report - Multiple memory corruption and race condition in Goodix gt915 Android touchscreen driver (CVE-2013-4740 \u0026 CVE-2013-6122)",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2013/11/08/1"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.codeaurora.org/projects/security-advisories/multiple-memory-corruption-issues-and-race-condition-goodix-gt915-touchscreen-driver-procfs-handler"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://www.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=f53bcf29a6e7a66b3d935b8d562fa00829261f05"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2013-6122",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "goodix_tool.c in the Goodix gt915 touchscreen driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly synchronize updates to a global variable, which allows local users to bypass intended access restrictions or cause a denial of service (memory corruption) via crafted arguments to the procfs write handler."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "[oss-security] 20131108 Advisory report - Multiple memory corruption and race condition in Goodix gt915 Android touchscreen driver (CVE-2013-4740 \u0026 CVE-2013-6122)",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2013/11/08/1"
            },
            {
              "name": "https://www.codeaurora.org/projects/security-advisories/multiple-memory-corruption-issues-and-race-condition-goodix-gt915-touchscreen-driver-procfs-handler",
              "refsource": "CONFIRM",
              "url": "https://www.codeaurora.org/projects/security-advisories/multiple-memory-corruption-issues-and-race-condition-goodix-gt915-touchscreen-driver-procfs-handler"
            },
            {
              "name": "https://www.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=f53bcf29a6e7a66b3d935b8d562fa00829261f05",
              "refsource": "CONFIRM",
              "url": "https://www.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=f53bcf29a6e7a66b3d935b8d562fa00829261f05"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2013-6122",
    "datePublished": "2013-11-12T01:00:00Z",
    "dateReserved": "2013-10-15T00:00:00Z",
    "dateUpdated": "2024-09-16T19:25:24.073Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:qualcomm:quic_mobile_station_modem_kernel:3.10:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"9B99C28E-E8DC-4987-BCDF-F6E18EFF59D8\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"goodix_tool.c in the Goodix gt915 touchscreen driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly synchronize updates to a global variable, which allows local users to bypass intended access restrictions or cause a denial of service (memory corruption) via crafted arguments to the procfs write handler.\"}, {\"lang\": \"es\", \"value\": \"goodix_tool.c en el driver de pantalla t\\u00e1ctil para el kernel de Linux 3.x, tal como se usa en Qualcomm Innovation Center (QuIC) de contribuciones Android para dispositivos MSM y otros productos, no sincroniza adecudamente actualizaciones a una variable global, lo que permite a usuarios locales evadir restricciones de acceso intencionadas o provocar una denegaci\\u00f3n de servicio (corrupci\\u00f3n de memoria) a trav\\u00e9s de argumentos dise\\u00f1ados al controlador de escritura procfs.\"}]",
      "id": "CVE-2013-6122",
      "lastModified": "2024-11-21T01:58:43.937",
      "metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:M/Au:N/C:C/I:C/A:C\", \"baseScore\": 6.9, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"COMPLETE\", \"integrityImpact\": \"COMPLETE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 3.4, \"impactScore\": 10.0, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2013-11-12T14:35:12.790",
      "references": "[{\"url\": \"http://www.openwall.com/lists/oss-security/2013/11/08/1\", \"source\": \"cve@mitre.org\"}, {\"url\": \"https://www.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=f53bcf29a6e7a66b3d935b8d562fa00829261f05\", \"source\": \"cve@mitre.org\", \"tags\": [\"Exploit\", \"Patch\"]}, {\"url\": \"https://www.codeaurora.org/projects/security-advisories/multiple-memory-corruption-issues-and-race-condition-goodix-gt915-touchscreen-driver-procfs-handler\", \"source\": \"cve@mitre.org\", \"tags\": [\"Patch\"]}, {\"url\": \"http://www.openwall.com/lists/oss-security/2013/11/08/1\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://www.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=f53bcf29a6e7a66b3d935b8d562fa00829261f05\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Patch\"]}, {\"url\": \"https://www.codeaurora.org/projects/security-advisories/multiple-memory-corruption-issues-and-race-condition-goodix-gt915-touchscreen-driver-procfs-handler\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}]",
      "sourceIdentifier": "cve@mitre.org",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2013-6122\",\"sourceIdentifier\":\"cve@mitre.org\",\"published\":\"2013-11-12T14:35:12.790\",\"lastModified\":\"2025-04-11T00:51:21.963\",\"vulnStatus\":\"Deferred\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"goodix_tool.c in the Goodix gt915 touchscreen driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly synchronize updates to a global variable, which allows local users to bypass intended access restrictions or cause a denial of service (memory corruption) via crafted arguments to the procfs write handler.\"},{\"lang\":\"es\",\"value\":\"goodix_tool.c en el driver de pantalla t\u00e1ctil para el kernel de Linux 3.x, tal como se usa en Qualcomm Innovation Center (QuIC) de contribuciones Android para dispositivos MSM y otros productos, no sincroniza adecudamente actualizaciones a una variable global, lo que permite a usuarios locales evadir restricciones de acceso intencionadas o provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) a trav\u00e9s de argumentos dise\u00f1ados al controlador de escritura procfs.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:M/Au:N/C:C/I:C/A:C\",\"baseScore\":6.9,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"COMPLETE\",\"integrityImpact\":\"COMPLETE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.4,\"impactScore\":10.0,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:qualcomm:quic_mobile_station_modem_kernel:3.10:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"9B99C28E-E8DC-4987-BCDF-F6E18EFF59D8\"}]}]}],\"references\":[{\"url\":\"http://www.openwall.com/lists/oss-security/2013/11/08/1\",\"source\":\"cve@mitre.org\"},{\"url\":\"https://www.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=f53bcf29a6e7a66b3d935b8d562fa00829261f05\",\"source\":\"cve@mitre.org\",\"tags\":[\"Exploit\",\"Patch\"]},{\"url\":\"https://www.codeaurora.org/projects/security-advisories/multiple-memory-corruption-issues-and-race-condition-goodix-gt915-touchscreen-driver-procfs-handler\",\"source\":\"cve@mitre.org\",\"tags\":[\"Patch\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2013/11/08/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://www.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=f53bcf29a6e7a66b3d935b8d562fa00829261f05\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\"]},{\"url\":\"https://www.codeaurora.org/projects/security-advisories/multiple-memory-corruption-issues-and-race-condition-goodix-gt915-touchscreen-driver-procfs-handler\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]}]}}"
  }
}

GSD-2013-6122

Vulnerability from gsd - Updated: 2023-12-13 01:22

Details

Aliases

CVE-2013-6122

Aliases

CVE-2013-6122

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2013-6122",
    "description": "goodix_tool.c in the Goodix gt915 touchscreen driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly synchronize updates to a global variable, which allows local users to bypass intended access restrictions or cause a denial of service (memory corruption) via crafted arguments to the procfs write handler.",
    "id": "GSD-2013-6122"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2013-6122"
      ],
      "details": "goodix_tool.c in the Goodix gt915 touchscreen driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly synchronize updates to a global variable, which allows local users to bypass intended access restrictions or cause a denial of service (memory corruption) via crafted arguments to the procfs write handler.",
      "id": "GSD-2013-6122",
      "modified": "2023-12-13T01:22:19.163269Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2013-6122",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "goodix_tool.c in the Goodix gt915 touchscreen driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly synchronize updates to a global variable, which allows local users to bypass intended access restrictions or cause a denial of service (memory corruption) via crafted arguments to the procfs write handler."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "[oss-security] 20131108 Advisory report - Multiple memory corruption and race condition in Goodix gt915 Android touchscreen driver (CVE-2013-4740 \u0026 CVE-2013-6122)",
            "refsource": "MLIST",
            "url": "http://www.openwall.com/lists/oss-security/2013/11/08/1"
          },
          {
            "name": "https://www.codeaurora.org/projects/security-advisories/multiple-memory-corruption-issues-and-race-condition-goodix-gt915-touchscreen-driver-procfs-handler",
            "refsource": "CONFIRM",
            "url": "https://www.codeaurora.org/projects/security-advisories/multiple-memory-corruption-issues-and-race-condition-goodix-gt915-touchscreen-driver-procfs-handler"
          },
          {
            "name": "https://www.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=f53bcf29a6e7a66b3d935b8d562fa00829261f05",
            "refsource": "CONFIRM",
            "url": "https://www.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=f53bcf29a6e7a66b3d935b8d562fa00829261f05"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:qualcomm:quic_mobile_station_modem_kernel:3.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2013-6122"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "goodix_tool.c in the Goodix gt915 touchscreen driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly synchronize updates to a global variable, which allows local users to bypass intended access restrictions or cause a denial of service (memory corruption) via crafted arguments to the procfs write handler."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-20"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.codeaurora.org/projects/security-advisories/multiple-memory-corruption-issues-and-race-condition-goodix-gt915-touchscreen-driver-procfs-handler",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "https://www.codeaurora.org/projects/security-advisories/multiple-memory-corruption-issues-and-race-condition-goodix-gt915-touchscreen-driver-procfs-handler"
            },
            {
              "name": "[oss-security] 20131108 Advisory report - Multiple memory corruption and race condition in Goodix gt915 Android touchscreen driver (CVE-2013-4740 \u0026 CVE-2013-6122)",
              "refsource": "MLIST",
              "tags": [],
              "url": "http://www.openwall.com/lists/oss-security/2013/11/08/1"
            },
            {
              "name": "https://www.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=f53bcf29a6e7a66b3d935b8d562fa00829261f05",
              "refsource": "CONFIRM",
              "tags": [
                "Exploit",
                "Patch"
              ],
              "url": "https://www.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=f53bcf29a6e7a66b3d935b8d562fa00829261f05"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.9,
            "confidentialityImpact": "COMPLETE",
            "integrityImpact": "COMPLETE",
            "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          "exploitabilityScore": 3.4,
          "impactScore": 10.0,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2013-11-13T19:53Z",
      "publishedDate": "2013-11-12T14:35Z"
    }
  }
}

GHSA-QFJF-9R53-CH8F

Vulnerability from github – Published: 2022-05-17 04:58 – Updated: 2022-05-17 04:58

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2013-6122"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2013-11-12T14:35:00Z",
    "severity": "MODERATE"
  },
  "details": "goodix_tool.c in the Goodix gt915 touchscreen driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly synchronize updates to a global variable, which allows local users to bypass intended access restrictions or cause a denial of service (memory corruption) via crafted arguments to the procfs write handler.",
  "id": "GHSA-qfjf-9r53-ch8f",
  "modified": "2022-05-17T04:58:10Z",
  "published": "2022-05-17T04:58:10Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2013-6122"
    },
    {
      "type": "WEB",
      "url": "https://www.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=f53bcf29a6e7a66b3d935b8d562fa00829261f05"
    },
    {
      "type": "WEB",
      "url": "https://www.codeaurora.org/projects/security-advisories/multiple-memory-corruption-issues-and-race-condition-goodix-gt915-touchscreen-driver-procfs-handler"
    },
    {
      "type": "WEB",
      "url": "http://www.openwall.com/lists/oss-security/2013/11/08/1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

FKIE_CVE-2013-6122

Vulnerability from fkie_nvd - Published: 2013-11-12 14:35 - Updated: 2025-04-11 00:51

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://www.openwall.com/lists/oss-security/2013/11/08/1
cve@mitre.org	https://www.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=f53bcf29a6e7a66b3d935b8d562fa00829261f05	Exploit, Patch
cve@mitre.org	https://www.codeaurora.org/projects/security-advisories/multiple-memory-corruption-issues-and-race-condition-goodix-gt915-touchscreen-driver-procfs-handler	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2013/11/08/1
af854a3a-2127-422b-91ae-364da2661108	https://www.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=f53bcf29a6e7a66b3d935b8d562fa00829261f05	Exploit, Patch
af854a3a-2127-422b-91ae-364da2661108	https://www.codeaurora.org/projects/security-advisories/multiple-memory-corruption-issues-and-race-condition-goodix-gt915-touchscreen-driver-procfs-handler	Patch

Impacted products

	Vendor	Product	Version
	qualcomm	quic_mobile_station_modem_kernel	3.10

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:qualcomm:quic_mobile_station_modem_kernel:3.10:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B99C28E-E8DC-4987-BCDF-F6E18EFF59D8",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "goodix_tool.c in the Goodix gt915 touchscreen driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly synchronize updates to a global variable, which allows local users to bypass intended access restrictions or cause a denial of service (memory corruption) via crafted arguments to the procfs write handler."
    },
    {
      "lang": "es",
      "value": "goodix_tool.c en el driver de pantalla t\u00e1ctil para el kernel de Linux 3.x, tal como se usa en Qualcomm Innovation Center (QuIC) de contribuciones Android para dispositivos MSM y otros productos, no sincroniza adecudamente actualizaciones a una variable global, lo que permite a usuarios locales evadir restricciones de acceso intencionadas o provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) a trav\u00e9s de argumentos dise\u00f1ados al controlador de escritura procfs."
    }
  ],
  "id": "CVE-2013-6122",
  "lastModified": "2025-04-11T00:51:21.963",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "COMPLETE",
          "baseScore": 6.9,
          "confidentialityImpact": "COMPLETE",
          "integrityImpact": "COMPLETE",
          "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
          "version": "2.0"
        },
        "exploitabilityScore": 3.4,
        "impactScore": 10.0,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2013-11-12T14:35:12.790",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2013/11/08/1"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "https://www.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=f53bcf29a6e7a66b3d935b8d562fa00829261f05"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "https://www.codeaurora.org/projects/security-advisories/multiple-memory-corruption-issues-and-race-condition-goodix-gt915-touchscreen-driver-procfs-handler"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2013/11/08/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch"
      ],
      "url": "https://www.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=f53bcf29a6e7a66b3d935b8d562fa00829261f05"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://www.codeaurora.org/projects/security-advisories/multiple-memory-corruption-issues-and-race-condition-goodix-gt915-touchscreen-driver-procfs-handler"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

VAR-201311-0208

Vulnerability from variot - Updated: 2023-12-18 12:21

goodix_tool.c in the Goodix gt915 touchscreen driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly synchronize updates to a global variable, which allows local users to bypass intended access restrictions or cause a denial of service (memory corruption) via crafted arguments to the procfs write handler. Android For MSM project is prone to a local security-bypass vulnerability because it fails to sufficiently validate user-supplied input. An attacker with physical access to the computer can exploit this issue to bypass security restrictions that may aid in further attacks. The Linux kernel is the kernel used by the open source operating system Linux released by the American Linux Foundation. The NFSv4 implementation is one of the distributed file system protocols. There is a buffer overflow vulnerability in the goodix_tool.c file in the goodix gt915 touch screen driver of the Linux kernel 3.x version using the Android system. The vulnerability comes from the fact that the program does not correctly synchronize the updated global variables. Description =========== Multiple issues have been identified in the Goodix gt915 touchscreen driver for Android. The issues were found in the write handler of the procfs entry created by the driver, which by default is readable and writeable to users without any specific privileges.

CVE-2013-4740

When processing data written to the procfs file, the Goodix gt915 touchscreen driver is using user space supplied content as length values in subsequent memory manipulation operations without bounds checking. This can lead to multiple memory corruption issues. An application with access to the respective file can use this flaw to, e.g., elevate privileges. The global structure used by the procfs write handler can be accessed concurrently by more than one process. This would allow local attackers to bypass the input validation checks (such as introduced by the fix for CVE-2013-4740). An application with access to the respective file can use this flaw to, e.g., alter the internal state of the handler, bypass security checks, or create a denial-of-service condition.

Access Vector: local Security Risk: medium Vulnerability: CWE-362 (Concurrent Execution using Shared Resource with Improper Synchronization)

Affected versions

All Android releases from CAF using a Linux kernel from the following heads:

jb_3*
msm-3.10

Patch

We advise customers to apply the following patches: https://www.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=f53bcf29a6e7a66b3d935b8d562fa00829261f05

Acknowledgement

Qualcomm Innovation Center, Inc. (QuIC) thanks Jonathan Salwan of the Sysdream Security Lab for reporting the related issues and working with QuIC to help improve Android device security.

https://www.codeaurora.org/projects/security-advisories/multiple-memory-corruption-issues-and-race-condition-goodix-gt915-touchscreen-driver-procfs-handler

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-201311-0208",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "quic mobile station modem kernel",
        "scope": "eq",
        "trust": 1.6,
        "vendor": "qualcomm",
        "version": "3.10"
      },
      {
        "model": "quic mobile station modem",
        "scope": "eq",
        "trust": 0.8,
        "vendor": "qualcomm",
        "version": "3.10"
      },
      {
        "model": "ip deskphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "96x16.2"
      },
      {
        "model": "ip deskphone",
        "scope": "eq",
        "trust": 0.3,
        "vendor": "avaya",
        "version": "96x16"
      }
    ],
    "sources": [
      {
        "db": "BID",
        "id": "63655"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005073"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-6122"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201311-153"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:qualcomm:quic_mobile_station_modem_kernel:3.10:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-6122"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Jonathan Salwan of the Sysdream Security Lab",
    "sources": [
      {
        "db": "BID",
        "id": "63655"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2013-6122",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.9,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.4,
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Medium",
            "accessVector": "Local",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Complete",
            "baseScore": 6.9,
            "confidentialityImpact": "Complete",
            "exploitabilityScore": null,
            "id": "CVE-2013-6122",
            "impactScore": null,
            "integrityImpact": "Complete",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.8,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "COMPLETE",
            "baseScore": 6.9,
            "confidentialityImpact": "COMPLETE",
            "exploitabilityScore": 3.4,
            "id": "VHN-66124",
            "impactScore": 10.0,
            "integrityImpact": "COMPLETE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:L/AC:M/AU:N/C:C/I:C/A:C",
            "version": "2.0"
          }
        ],
        "cvssV3": [],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2013-6122",
            "trust": 1.8,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-201311-153",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-66124",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-66124"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005073"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-6122"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201311-153"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "goodix_tool.c in the Goodix gt915 touchscreen driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly synchronize updates to a global variable, which allows local users to bypass intended access restrictions or cause a denial of service (memory corruption) via crafted arguments to the procfs write handler. Android For MSM project is prone to a local security-bypass vulnerability because it fails to sufficiently validate user-supplied input. \nAn attacker with physical access to the computer can exploit this issue  to bypass security restrictions that may aid in further attacks. The Linux kernel is the kernel used by the open source operating system Linux released by the American Linux Foundation. The NFSv4 implementation is one of the distributed file system protocols. There is a buffer overflow vulnerability in the goodix_tool.c file in the goodix gt915 touch screen driver of the Linux kernel 3.x version using the Android system. The vulnerability comes from the fact that the program does not correctly synchronize the updated global variables. Description\n===========\nMultiple issues have been identified in the Goodix gt915 touchscreen \ndriver for Android. The issues were found in the write handler of the \nprocfs entry created by the driver, which by default is readable and\nwriteable to users without any specific privileges. \n\nCVE-2013-4740\n-------------\nWhen processing data written to the procfs file, the Goodix gt915 \ntouchscreen driver is using user space supplied content as length\nvalues in subsequent memory manipulation operations without \nbounds checking. This can lead to multiple memory corruption issues. \nAn application with access to the respective file can use this flaw \nto, e.g., elevate privileges. \nThe global structure used by the procfs write handler can be accessed \nconcurrently by more than one process. This would allow local attackers\nto bypass the input validation checks (such as introduced by the fix for \nCVE-2013-4740). An application with access to the respective file can use\nthis flaw to, e.g., alter the internal state of the handler, bypass security \nchecks, or create a denial-of-service condition. \n\nAccess Vector: local\nSecurity Risk: medium\nVulnerability: CWE-362 (Concurrent Execution using Shared Resource \nwith Improper Synchronization)\n\nAffected versions\n-----------------\nAll Android releases from CAF using a Linux kernel from the following heads:\n\n- jb_3*\n- msm-3.10\n\nPatch\n-----\nWe advise customers to apply the following patches:\nhttps://www.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=f53bcf29a6e7a66b3d935b8d562fa00829261f05\n\nAcknowledgement\n===============\nQualcomm Innovation Center, Inc. (QuIC) thanks Jonathan Salwan of the \nSysdream Security Lab for reporting the related issues and working with \nQuIC to help improve Android device security. \n\nhttps://www.codeaurora.org/projects/security-advisories/multiple-memory-corruption-issues-and-race-condition-goodix-gt915-touchscreen-driver-procfs-handler\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2013-6122"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005073"
      },
      {
        "db": "BID",
        "id": "63655"
      },
      {
        "db": "VULHUB",
        "id": "VHN-66124"
      },
      {
        "db": "PACKETSTORM",
        "id": "123945"
      }
    ],
    "trust": 2.07
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2013-6122",
        "trust": 2.9
      },
      {
        "db": "OPENWALL",
        "id": "OSS-SECURITY/2013/11/08/1",
        "trust": 1.7
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005073",
        "trust": 0.8
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201311-153",
        "trust": 0.7
      },
      {
        "db": "MLIST",
        "id": "[OSS-SECURITY] 20131108 ADVISORY REPORT - MULTIPLE MEMORY CORRUPTION AND RACE CONDITION IN GOODIX GT915 ANDROID TOUCHSCREEN DRIVER (CVE-2013-4740 \u0026 CVE-2013-6122)",
        "trust": 0.6
      },
      {
        "db": "BID",
        "id": "63655",
        "trust": 0.4
      },
      {
        "db": "VULHUB",
        "id": "VHN-66124",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "123945",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-66124"
      },
      {
        "db": "BID",
        "id": "63655"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005073"
      },
      {
        "db": "PACKETSTORM",
        "id": "123945"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-6122"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201311-153"
      }
    ]
  },
  "id": "VAR-201311-0208",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-66124"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T12:21:32.992000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "QCIR-2013-00009-1",
        "trust": 0.8,
        "url": "https://www.codeaurora.org/projects/security-advisories/multiple-memory-corruption-issues-and-race-condition-goodix-gt915-touchscreen-driver-procfs-handler"
      },
      {
        "title": "input: touchpanel: fix security issues in GT915 driver",
        "trust": 0.8,
        "url": "https://www.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=f53bcf29a6e7a66b3d935b8d562fa00829261f05"
      },
      {
        "title": "linux-3.10.21",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=46699"
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005073"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201311-153"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.1
      },
      {
        "problemtype": "CWE-119",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-66124"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005073"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-6122"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "https://www.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=f53bcf29a6e7a66b3d935b8d562fa00829261f05"
      },
      {
        "trust": 1.8,
        "url": "https://www.codeaurora.org/projects/security-advisories/multiple-memory-corruption-issues-and-race-condition-goodix-gt915-touchscreen-driver-procfs-handler"
      },
      {
        "trust": 1.7,
        "url": "http://www.openwall.com/lists/oss-security/2013/11/08/1"
      },
      {
        "trust": 0.8,
        "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6122"
      },
      {
        "trust": 0.8,
        "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6122"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-6122"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-4740"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-66124"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005073"
      },
      {
        "db": "PACKETSTORM",
        "id": "123945"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-6122"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201311-153"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-66124"
      },
      {
        "db": "BID",
        "id": "63655"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005073"
      },
      {
        "db": "PACKETSTORM",
        "id": "123945"
      },
      {
        "db": "NVD",
        "id": "CVE-2013-6122"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201311-153"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-11-12T00:00:00",
        "db": "VULHUB",
        "id": "VHN-66124"
      },
      {
        "date": "2013-11-07T00:00:00",
        "db": "BID",
        "id": "63655"
      },
      {
        "date": "2013-11-13T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-005073"
      },
      {
        "date": "2013-11-07T23:02:22",
        "db": "PACKETSTORM",
        "id": "123945"
      },
      {
        "date": "2013-11-12T14:35:12.790000",
        "db": "NVD",
        "id": "CVE-2013-6122"
      },
      {
        "date": "2013-11-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201311-153"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2013-11-13T00:00:00",
        "db": "VULHUB",
        "id": "VHN-66124"
      },
      {
        "date": "2015-03-19T09:14:00",
        "db": "BID",
        "id": "63655"
      },
      {
        "date": "2013-11-13T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2013-005073"
      },
      {
        "date": "2013-11-13T19:53:13.717000",
        "db": "NVD",
        "id": "CVE-2013-6122"
      },
      {
        "date": "2013-11-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-201311-153"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "BID",
        "id": "63655"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-201311-153"
      }
    ],
    "trust": 0.9
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "MSM For devices  Qualcomm Innovation Center Android Used for contributions etc.  Linux Kernel for  Goodix gt915 Vulnerability that can prevent access restriction in touch screen driver",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2013-005073"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "input validation",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-201311-153"
      }
    ],
    "trust": 0.6
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2013-6122 (GCVE-0-2013-6122)

GSD-2013-6122

GHSA-QFJF-9R53-CH8F

FKIE_CVE-2013-6122

VAR-201311-0208

CVE-2013-4740

Affected versions

Patch

Acknowledgement

Tags

Sightings

Nomenclature