CVE-2013-2596
Summary
| CVE | CVE-2013-2596 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2013-04-13 02:59:00 UTC |
| Updated | 2023-11-07 02:15:00 UTC |
| Description | Integer overflow in the fb_mmap function in drivers/video/fbmem.c in the Linux kernel before 3.8.9, as used in a certain Motorola build of Android 4.1.2 and other products, allows local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted /dev/graphics/fb0 mmap2 system calls, as demonstrated by the Motochopper pwn program. |
Risk And Classification
EPSS: 0.026960000 probability, percentile 0.858020000 (date 2026-04-01)
CISA KEV: Listed on 2022-09-15; due 2022-10-06; ransomware use Unknown
Problem Types: CWE-189
CISA Known Exploited Vulnerability
| Vendor | Linux |
|---|---|
| Product | Kernel |
| Name | Linux Kernel Integer Overflow Vulnerability |
| Required Action | Apply updates per vendor instructions. |
| Notes | https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=fc9bbca8f650e5f738af8806317c0a041a48ae4a; https://nvd.nist.gov/vuln/detail/CVE-2013-2596 |
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Linux | Linux Kernel | All | All | All | All |
| Operating System | Linux | Linux Kernel | 3.8.0 | All | All | All |
| Operating System | Linux | Linux Kernel | 3.8.1 | All | All | All |
| Operating System | Linux | Linux Kernel | 3.8.2 | All | All | All |
| Operating System | Linux | Linux Kernel | 3.8.3 | All | All | All |
| Operating System | Linux | Linux Kernel | 3.8.4 | All | All | All |
| Operating System | Linux | Linux Kernel | 3.8.5 | All | All | All |
| Operating System | Linux | Linux Kernel | 3.8.6 | All | All | All |
| Operating System | Linux | Linux Kernel | 3.8.7 | All | All | All |
| Operating System | Linux | Linux Kernel | 3.8.0 | All | All | All |
| Operating System | Linux | Linux Kernel | 3.8.1 | All | All | All |
| Operating System | Linux | Linux Kernel | 3.8.2 | All | All | All |
| Operating System | Linux | Linux Kernel | 3.8.3 | All | All | All |
| Operating System | Linux | Linux Kernel | 3.8.4 | All | All | All |
| Operating System | Linux | Linux Kernel | 3.8.5 | All | All | All |
| Operating System | Linux | Linux Kernel | 3.8.6 | All | All | All |
| Operating System | Linux | Linux Kernel | 3.8.7 | All | All | All |
| Operating System | Linux | Linux Kernel | All | All | All | All |
| Operating System | Motorola | Android | 4.1.2 | All | All | All |
| Operating System | Motorola | Android | 4.1.2 | All | All | All |
| Hardware | Motorola | Atrix Hd | - | All | All | All |
| Hardware | Motorola | Atrix Hd | - | All | All | All |
| Hardware | Motorola | Atrix Hd | - | All | All | All |
| Hardware | Motorola | Razr Hd | - | All | All | All |
| Hardware | Motorola | Razr Hd | - | All | All | All |
| Hardware | Motorola | Razr Hd | - | All | All | All |
| Hardware | Motorola | Razr M | - | All | All | All |
| Hardware | Motorola | Razr M | - | All | All | All |
| Hardware | Motorola | Razr M | - | All | All | All |
| Hardware | Qualcomm | Msm8960 | - | All | All | All |
| Hardware | Qualcomm | Msm8960 | - | All | All | All |
| Hardware | Qualcomm | Msm8960 | - | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| kernel/git/torvalds/linux.git - Linux kernel source tree | git.kernel.org | ||
| kernel/git/torvalds/linux.git - Linux kernel source tree | CONFIRM | git.kernel.org | Patch |
| vm: add vm_iomap_memory() helper function · torvalds/linux@b4cbb19 · GitHub | CONFIRM | github.com | Patch |
| kernel/git/torvalds/linux.git - Linux kernel source tree | CONFIRM | git.kernel.org | Exploit, Patch |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | |
| www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.9 | CONFIRM | www.kernel.org | |
| Motorola Multiple Devices For Android Local Privilege Escalation Vulnerability | BID | www.securityfocus.com | |
| 'Device driver memory 'mmap()' function helper cleanup' - MARC | MLIST | marc.info | Patch |
| 2016-10 Security Bulletin: CTPView: Multiple vulnerabilities in CTPView - Juniper Networks | CONFIRM | kb.juniper.net | |
| Root Method Released for DROID RAZR HD Running Android 4.1.2, Other Devices Too | Droid Life | MISC | www.droid-life.com | Exploit |
| kernel/git/torvalds/linux.git - Linux kernel source tree | git.kernel.org | ||
| Oracle Linux Bulletin - January 2016 | CONFIRM | www.oracle.com | |
| [Q] Understanding how motochopper works - xda-developers | MISC | forum.xda-developers.com | Exploit |
| vm: convert fb_mmap to vm_iomap_memory() helper · torvalds/linux@fc9bbca · GitHub | CONFIRM | github.com | Exploit, Patch |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | |
| Support / Security / Advisories / / MDVSA-2013:176 | Mandriva | MANDRIVA | www.mandriva.com | |
| Red Hat Customer Portal | REDHAT | rhn.redhat.com | |
| [ROOT] Motochopper: {WARNING: No longer works on newer builds} - VZW Droid Razr/Razr Maxx HD Development [XT926] - DroidRzr.com | MISC | www.droidrzr.com | Exploit |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
| CISA Known Exploited Vulnerabilities catalog | CISA | www.cisa.gov | kev |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.