CVE-2013-2596

HIGH KEV

Linux kernel <3.8.9 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2013-2596 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added September 15, 2022. EIP tracks 1 public exploit from researchers including hiikezoe.

AI-analyzed exploit summary This exploit leverages a memory mapping vulnerability in the Linux framebuffer driver to achieve arbitrary kernel memory write, enabling local privilege escalation. It maps kernel memory via /dev/graphics/fb0 and manipulates kernel structures to gain elevated privileges.

Description

Integer overflow in the fb_mmap function in drivers/video/fbmem.c in the Linux kernel before 3.8.9, as used in a certain Motorola build of Android 4.1.2 and other products, allows local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted /dev/graphics/fb0 mmap2 system calls, as demonstrated by the Motochopper pwn program.

Exploits (1)

nomisec WORKING POC 5 stars
by hiikezoe · local
https://github.com/hiikezoe/libfb_mem_exploit

This exploit leverages a memory mapping vulnerability in the Linux framebuffer driver to achieve arbitrary kernel memory write, enabling local privilege escalation. It maps kernel memory via /dev/graphics/fb0 and manipulates kernel structures to gain elevated privileges.

Classification
Working Poc 90%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: Linux kernel (specific versions affected by CVE-2013-2596)
No auth needed
Prerequisites: Access to the framebuffer device (/dev/graphics/fb0) · Kernel memory layout knowledge
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (17)

Core 17
Core References
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-0695.html
Broken Link, Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/59264
Broken Link vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2013:176
Mailing List, Patch, Third Party Advisory mailing-list x_refsource_mlist
http://marc.info/?l=linux-kernel&m=136616837923938&w=2
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-0803.html
Mailing List, Release Notes x_refsource_confirm
http://www.kernel.org/pub/linux/kernel/v3.x/ChangeLog-3.8.9
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2015-0782.html
Third Party Advisory x_refsource_confirm
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10761

Scores

CVSS v3 7.8
EPSS 0.0313
EPSS Percentile 87.2%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation active
Automatable no
Technical Impact total

Details

CISA KEV 2022-09-15
VulnCheck KEV 2022-09-15
InTheWild.io 2015-12-04
ENISA EUVD EUVD-2013-2538
CWE
CWE-190
Status published
Products (2)
linux/linux_kernel 2.6.12 - 3.0.75
motorola/android 4.1.2
Published Apr 13, 2013
KEV Added Sep 15, 2022
Tracked Since Feb 18, 2026