← Retour aux CVEs
CVE-2013-2597
HIGHCISA KEV8.4
Description
Stack-based buffer overflow in the acdb_ioctl function in audio_acdb.c in the acdb audio driver for the Linux kernel 2.6.x and 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges via an application that leverages /dev/msm_acdb access and provides a large size value in an ioctl argument.
Details CVE
Score CVSS v3.18.4
SeveriteHIGH
Vecteur CVSSCVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vecteur d'attaqueLOCAL
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie8/31/2014
Derniere modification4/22/2026
Sourcekev
Observations honeypot0
CISA KEV
FournisseurCode Aurora
ProduitACDB Audio Driver
Nom vulnerabiliteCode Aurora ACDB Audio Driver Stack-based Buffer Overflow Vulnerability
Date ajout KEV2022-09-15
Date limite remediation2022-10-06
Utilise dans ransomwareUnknown
Produits affectes
codeaurora:android-msm
Faiblesses (CWE)
CWE-121
References
https://www.codeaurora.org/projects/security-advisories/stack-based-buffer-overflow-acdb-audio-driver-cve-2013-2597(cve@mitre.org)
https://www.codeaurora.org/projects/security-advisories/stack-based-buffer-overflow-acdb-audio-driver-cve-2013-2597(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-2597(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.