var-201401-0143
Vulnerability from variot
Multiple array index errors in drivers/media/video/msm/server/msm_cam_server.c in the MSM camera driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to gain privileges by leveraging camera device-node access, related to the (1) msm_ctrl_cmd_done, (2) msm_ioctl_server, and (3) msm_server_send_ctrl functions. The Linux kernel is prone to a local privilege-escalation vulnerability. Local attackers can exploit this issue to gain elevated privileges on affected computers. Other attacks are also possible. Android for MSM is an Android MSM project, the main purpose of this project is to build an Android platform that includes Qualcomm MSM chipset
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-201401-0143", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "android-msm", "scope": "eq", "trust": 1.6, "vendor": "codeaurora", "version": "2.6.29" }, { "model": "quic mobile station modem kernel", "scope": "eq", "trust": 1.3, "vendor": "qualcomm", "version": "3.10" }, { "model": "android for msm", "scope": "eq", "trust": 0.8, "vendor": "android for msm", "version": "2.6.29" }, { "model": "quic mobile station modem", "scope": "eq", "trust": 0.8, "vendor": "qualcomm", "version": "3.10" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "13.10" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.10" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.10" }, { "model": "linux lts i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "linux lts amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "12.04" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "linux i386", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "ubuntu", "version": "10.04" }, { "model": "linux enterprise server for vmware sp3", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "linux enterprise server sp3", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "linux enterprise high availability extension sp3", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "linux enterprise desktop sp3", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "linux enterprise server sp1 ltss", "scope": "eq", "trust": 0.3, "vendor": "suse", "version": "11" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "13.1" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "12.3" }, { "model": "opensuse", "scope": "eq", "trust": 0.3, "vendor": "s u s e", "version": "11.4" }, { "model": "linux", "scope": "eq", "trust": 0.3, "vendor": "oracle", "version": "6" }, { "model": "business server", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "1x8664" }, { "model": "business server", "scope": "eq", "trust": 0.3, "vendor": "mandriva", "version": "1" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.12.5" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.4.74" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.10.24" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "3.2.53" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.34.14" }, { "model": "kernel", "scope": "eq", "trust": 0.3, "vendor": "linux", "version": "2.6.32.61" }, { "model": "linux sparc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux s/390", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux powerpc", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux mips", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux ia-64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux ia-32", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux arm", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "linux amd64", "scope": "eq", "trust": 0.3, "vendor": "debian", "version": "6.0" }, { "model": "centos", "scope": "eq", "trust": 0.3, "vendor": "centos", "version": "6" }, { "model": "qrd android", "scope": "eq", "trust": 0.3, "vendor": "codeaurora", "version": "0" }, { "model": "firefox os for msm", "scope": "eq", "trust": 0.3, "vendor": "codeaurora", "version": "0" }, { "model": "android for msm", "scope": "eq", "trust": 0.3, "vendor": "codeaurora", "version": "0" } ], "sources": [ { "db": "BID", "id": "64328" }, { "db": "BID", "id": "64979" }, { "db": "JVNDB", "id": "JVNDB-2013-005846" }, { "db": "NVD", "id": "CVE-2013-6123" }, { "db": "CNNVD", "id": "CNNVD-201401-189" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:2.6.29:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:qualcomm:quic_mobile_station_modem_kernel:3.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2013-6123" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Andrew Honig of Google", "sources": [ { "db": "BID", "id": "64328" } ], "trust": 0.3 }, "cve": "CVE-2013-6123", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "author": "NVD", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.4, "impactScore": 10.0, "integrityImpact": "COMPLETE", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Medium", "accessVector": "Local", "authentication": "None", "author": "NVD", "availabilityImpact": "Complete", "baseScore": 6.9, "confidentialityImpact": "Complete", "exploitabilityScore": null, "id": "CVE-2013-6123", "impactScore": null, "integrityImpact": "Complete", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "Medium", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, { "accessComplexity": "MEDIUM", "accessVector": "LOCAL", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "COMPLETE", "baseScore": 6.9, "confidentialityImpact": "COMPLETE", "exploitabilityScore": 3.4, "id": "VHN-66125", "impactScore": 10.0, "integrityImpact": "COMPLETE", "severity": "MEDIUM", "trust": 0.1, "vectorString": "AV:L/AC:M/AU:N/C:C/I:C/A:C", "version": "2.0" } ], "cvssV3": [], "severity": [ { "author": "NVD", "id": "CVE-2013-6123", "trust": 1.8, "value": "MEDIUM" }, { "author": "CNNVD", "id": "CNNVD-201401-189", "trust": 0.6, "value": "MEDIUM" }, { "author": "VULHUB", "id": "VHN-66125", "trust": 0.1, "value": "MEDIUM" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-66125" }, { "db": "JVNDB", "id": "JVNDB-2013-005846" }, { "db": "NVD", "id": "CVE-2013-6123" }, { "db": "CNNVD", "id": "CNNVD-201401-189" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Multiple array index errors in drivers/media/video/msm/server/msm_cam_server.c in the MSM camera driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to gain privileges by leveraging camera device-node access, related to the (1) msm_ctrl_cmd_done, (2) msm_ioctl_server, and (3) msm_server_send_ctrl functions. The Linux kernel is prone to a local privilege-escalation vulnerability. \nLocal attackers can exploit this issue to gain elevated privileges on affected computers. Other attacks are also possible. Android for MSM is an Android MSM project, the main purpose of this project is to build an Android platform that includes Qualcomm MSM chipset", "sources": [ { "db": "NVD", "id": "CVE-2013-6123" }, { "db": "JVNDB", "id": "JVNDB-2013-005846" }, { "db": "BID", "id": "64328" }, { "db": "BID", "id": "64979" }, { "db": "VULHUB", "id": "VHN-66125" } ], "trust": 2.25 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2013-6123", "trust": 3.1 }, { "db": "JVNDB", "id": "JVNDB-2013-005846", "trust": 0.8 }, { "db": "CNNVD", "id": "CNNVD-201401-189", "trust": 0.7 }, { "db": "BID", "id": "64979", "trust": 0.4 }, { "db": "BID", "id": "64328", "trust": 0.3 }, { "db": "VULHUB", "id": "VHN-66125", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-66125" }, { "db": "BID", "id": "64328" }, { "db": "BID", "id": "64979" }, { "db": "JVNDB", "id": "JVNDB-2013-005846" }, { "db": "NVD", "id": "CVE-2013-6123" }, { "db": "CNNVD", "id": "CNNVD-201401-189" } ] }, "id": "VAR-201401-0143", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-66125" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T11:44:16.814000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "QCIR-2014-00001-1", "trust": 0.8, "url": "https://www.codeaurora.org/projects/security-advisories/out-bounds-array-access-camera-driver-cve-2013-6123" }, { "title": "msm: camera: Bounds and validity check for params", "trust": 0.8, "url": "https://www.codeaurora.org/cgit/quic/la//kernel/msm/commit/?id=60e4af06161d91d5aeaa04c7d6e9f4345a6acdd4" }, { "title": "msm: camera: Added bounds check for index parameter", "trust": 0.8, "url": "https://www.codeaurora.org/cgit/quic/la//kernel/msm/commit/?id=7beb04ea945a7178e61d935918d3cb152996b558" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2013-005846" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "CWE-20", "trust": 1.9 } ], "sources": [ { "db": "VULHUB", "id": "VHN-66125" }, { "db": "JVNDB", "id": "JVNDB-2013-005846" }, { "db": "NVD", "id": "CVE-2013-6123" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 2.3, "url": "https://www.codeaurora.org/projects/security-advisories/out-bounds-array-access-camera-driver-cve-2013-6123" }, { "trust": 1.7, "url": "https://www.codeaurora.org/cgit/quic/la//kernel/msm/commit/?id=60e4af06161d91d5aeaa04c7d6e9f4345a6acdd4" }, { "trust": 1.7, "url": "https://www.codeaurora.org/cgit/quic/la//kernel/msm/commit/?id=7beb04ea945a7178e61d935918d3cb152996b558" }, { "trust": 1.1, "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/90505" }, { "trust": 0.8, "url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6123" }, { "trust": 0.8, "url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6123" }, { "trust": 0.6, "url": "http://www.kernel.org/" }, { "trust": 0.3, "url": "http://lists.centos.org/pipermail/centos-announce/2013-december/020095.html" }, { "trust": 0.3, "url": "http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=338c7dbadd2671189cec7faf64c84d01071b3f96" }, { "trust": 0.3, "url": "http://linux.oracle.com/errata/elsa-2014-3034.html" } ], "sources": [ { "db": "VULHUB", "id": "VHN-66125" }, { "db": "BID", "id": "64328" }, { "db": "BID", "id": "64979" }, { "db": "JVNDB", "id": "JVNDB-2013-005846" }, { "db": "NVD", "id": "CVE-2013-6123" }, { "db": "CNNVD", "id": "CNNVD-201401-189" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-66125" }, { "db": "BID", "id": "64328" }, { "db": "BID", "id": "64979" }, { "db": "JVNDB", "id": "JVNDB-2013-005846" }, { "db": "NVD", "id": "CVE-2013-6123" }, { "db": "CNNVD", "id": "CNNVD-201401-189" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2014-01-14T00:00:00", "db": "VULHUB", "id": "VHN-66125" }, { "date": "2013-12-14T00:00:00", "db": "BID", "id": "64328" }, { "date": "2014-01-14T00:00:00", "db": "BID", "id": "64979" }, { "date": "2014-01-16T00:00:00", "db": "JVNDB", "id": "JVNDB-2013-005846" }, { "date": "2014-01-14T04:29:56.923000", "db": "NVD", "id": "CVE-2013-6123" }, { "date": "2014-01-16T00:00:00", "db": "CNNVD", "id": "CNNVD-201401-189" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2017-08-29T00:00:00", "db": "VULHUB", "id": "VHN-66125" }, { "date": "2015-04-13T22:23:00", "db": "BID", "id": "64328" }, { "date": "2014-01-14T00:00:00", "db": "BID", "id": "64979" }, { "date": "2014-01-16T00:00:00", "db": "JVNDB", "id": "JVNDB-2013-005846" }, { "date": "2017-08-29T01:33:54.920000", "db": "NVD", "id": "CVE-2013-6123" }, { "date": "2014-01-16T00:00:00", "db": "CNNVD", "id": "CNNVD-201401-189" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "local", "sources": [ { "db": "BID", "id": "64328" }, { "db": "BID", "id": "64979" }, { "db": "CNNVD", "id": "CNNVD-201401-189" } ], "trust": 1.2 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "MSM For devices Qualcomm Innovation Center Android Used for contributions etc. Linux Kernel for MSM Vulnerabilities that can be obtained in the camera driver", "sources": [ { "db": "JVNDB", "id": "JVNDB-2013-005846" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Boundary Condition Error", "sources": [ { "db": "BID", "id": "64328" }, { "db": "BID", "id": "64979" } ], "trust": 0.6 } }
Loading...
Loading...
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.