CVE-2013-4737
Summary
| CVE | CVE-2013-4737 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2014-02-15 14:57:00 UTC |
| Updated | 2014-02-18 19:35:00 UTC |
| Description | The CONFIG_STRICT_MEMORY_RWX implementation for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly consider certain memory sections, which makes it easier for attackers to bypass intended access restrictions by leveraging the presence of RWX memory at a fixed location. |
Risk And Classification
Problem Types: CWE-264
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Qualcomm | Quic Mobile Station Modem Kernel | 3.10 | All | All | All |
| Operating System | Qualcomm | Quic Mobile Station Modem Kernel | 3.10 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| CONFIG_STRICT_MEMORY_RWX is not strictly enforced (CVE-2013-4737) | Code Aurora Forum | CONFIRM | www.codeaurora.org | Patch, Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.