← Voltar para CVEs
CVE-2013-2597
HIGHCISA KEV8.4
Descricao
Stack-based buffer overflow in the acdb_ioctl function in audio_acdb.c in the acdb audio driver for the Linux kernel 2.6.x and 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges via an application that leverages /dev/msm_acdb access and provides a large size value in an ioctl argument.
Detalhes CVE
Pontuacao CVSS v3.18.4
SeveridadeHIGH
Vetor CVSSCVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vetor de ataqueLOCAL
ComplexidadeLOW
Privilegios necessariosNONE
Interacao do usuarioNONE
Publicado8/31/2014
Ultima modificacao4/22/2026
Fontekev
Avistamentos honeypot0
CISA KEV
FornecedorCode Aurora
ProdutoACDB Audio Driver
Nome da vulnerabilidadeCode Aurora ACDB Audio Driver Stack-based Buffer Overflow Vulnerability
Data inclusao KEV2022-09-15
Prazo de remediacao2022-10-06
Uso em ransomwareUnknown
Produtos afetados
codeaurora:android-msm
Fraquezas (CWE)
CWE-121
Referencias
https://www.codeaurora.org/projects/security-advisories/stack-based-buffer-overflow-acdb-audio-driver-cve-2013-2597(cve@mitre.org)
https://www.codeaurora.org/projects/security-advisories/stack-based-buffer-overflow-acdb-audio-driver-cve-2013-2597(af854a3a-2127-422b-91ae-364da2661108)
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-2597(134c704f-9b21-4f2e-91b3-4a467353bcc0)
Correlacoes IOC
Sem correlacoes registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.