Vulnerability CVE-2013-6123

Vulnerability Name:

CVE-2013-6123 (CCN-90505)

Assigned:

2013-10-11

Published:

2013-10-11

Updated:

2017-08-29

Summary:

Multiple array index errors in drivers/media/video/msm/server/msm_cam_server.c in the MSM camera driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to gain privileges by leveraging camera device-node access, related to the (1) msm_ctrl_cmd_done, (2) msm_ioctl_server, and (3) msm_server_send_ctrl functions.

CVSS v3 Severity:

5.9 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): Low Availibility (A): Low

CVSS v2 Severity:

6.9 Medium (CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C)
5.1 Medium (Temporal CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

4.6 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P)
3.4 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Local Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

Vulnerability Type:

CWE-20

Vulnerability Consequences:

Gain Privileges

References:

Source: MITRE
Type: CNA
CVE-2013-6123

Source: CCN
Type: BID-64979
Code Aurora Multiple Products 'msm_cam_server.c' Privilege Escalation Vulnerabilty

Source: XF
Type: UNKNOWN
code-aurora-cve20136123-priv-esc(90505)

Source: XF
Type: UNKNOWN
code-aurora-cve20136123-priv-esc(90505)

Source: CCN
Type: Code Aurora Web site
msm:camera: Bounds and validity check for params

Source: CONFIRM
Type: Exploit, Patch
https://www.codeaurora.org/cgit/quic/la//kernel/msm/commit/?id=60e4af06161d91d5aeaa04c7d6e9f4345a6acdd4

Source: CONFIRM
Type: Patch
https://www.codeaurora.org/cgit/quic/la//kernel/msm/commit/?id=7beb04ea945a7178e61d935918d3cb152996b558

Source: CONFIRM
Type: Vendor Advisory
https://www.codeaurora.org/projects/security-advisories/out-bounds-array-access-camera-driver-cve-2013-6123

Vulnerable Configuration:

Configuration 1:

cpe:/o:codeaurora:android-msm:2.6.29:*:*:*:*:*:*:*

OR cpe:/o:qualcomm:quic_mobile_station_modem_kernel:3.10:*:*:*:*:*:*:*

Configuration CCN 1:

cpe:/o:codeaurora:android-msm:2.6.29:*:*:*:*:*:*:*

OR cpe:/o:qualcomm:quic_mobile_station_modem_kernel:3.10:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:com.ubuntu.xenial:def:201361230000000	V	CVE-2013-6123 on Ubuntu 16.04 LTS (xenial) - medium.	2014-01-14
oval:com.ubuntu.precise:def:20136123000	V	CVE-2013-6123 on Ubuntu 12.04 LTS (precise) - medium.	2014-01-13
oval:com.ubuntu.trusty:def:20136123000	V	CVE-2013-6123 on Ubuntu 14.04 LTS (trusty) - medium.	2014-01-13
oval:com.ubuntu.xenial:def:20136123000	V	CVE-2013-6123 on Ubuntu 16.04 LTS (xenial) - medium.	2014-01-13

BACK