CVE-2013-4739
Summary
| CVE | CVE-2013-4739 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2014-02-03 03:55:00 UTC |
| Updated | 2014-02-07 04:49:00 UTC |
| Description | The MSM camera driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to obtain sensitive information from kernel stack memory via (1) a crafted MSM_MCR_IOCTL_EVT_GET ioctl call, related to drivers/media/platform/msm/camera_v1/mercury/msm_mercury_sync.c, or (2) a crafted MSM_JPEG_IOCTL_EVT_GET ioctl call, related to drivers/media/platform/msm/camera_v2/jpeg_10/msm_jpeg_sync.c. |
Risk And Classification
Problem Types: CWE-200
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Codeaurora | Android-msm | 2.6.29 | All | All | All |
| Operating System | Codeaurora | Android-msm | 2.6.29 | All | All | All |
| Operating System | Qualcomm | Quic Mobile Station Modem Kernel | 3.4 | All | All | All |
| Operating System | Qualcomm | Quic Mobile Station Modem Kernel | 3.4 | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| oss-security - Report - Stack-based buffer overflow and memory disclosure in camera driver (CVE-2013-4748 CVE-2013-4739) | MLIST | www.openwall.com | |
| Page not found - Code Aurora | CONFIRM | www.codeaurora.org | Vendor Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
There are currently no legacy QID mappings associated with this CVE.