CVE-2013-2597

HIGH KEV

Linux kernel 2.6.x-3.x - Buffer Overflow

Title source: llm

Description

Stack-based buffer overflow in the acdb_ioctl function in audio_acdb.c in the acdb audio driver for the Linux kernel 2.6.x and 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges via an application that leverages /dev/msm_acdb access and provides a large size value in an ioctl argument.

Exploits (1)

nomisec WORKING POC 12 stars

by fi01 · remote

https://github.com/fi01/libmsm_acdb_exploit

View Code ZIP pw:eip

References (2)

[Broken Link, Vendor Advisory] https://www.codeaurora.org/projects/security-advisories/stack-based-buffer-overflow-acdb-audio-driver-cve-2013-2597

[Third Party Advisory, US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2013-2597

Scores

CVSS v3 8.4

EPSS 0.0610

EPSS Percentile 90.8%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2022-09-15

VulnCheck KEV 2022-09-15

InTheWild.io 2015-12-04

ENISA EUVD EUVD-2013-2539

CWE

CWE-121

Status published

Products (50)

codeaurora/android-msm 2.6.29

codeaurora/android-msm 3.2.54

codeaurora/android-msm 3.2.55

codeaurora/android-msm 3.2.56

codeaurora/android-msm 3.2.57

codeaurora/android-msm 3.2.58

codeaurora/android-msm 3.2.59

codeaurora/android-msm 3.2.60

codeaurora/android-msm 3.2.61

codeaurora/android-msm 3.2.62

... and 40 more

Published Aug 31, 2014

KEV Added Sep 15, 2022

Tracked Since Feb 18, 2026