CVE-2013-2852

Linux kernel <3.9.4 - Privilege Escalation

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2013-2852. PoCs published by Kees Cook.

AI-analyzed exploit summary This exploit leverages a format string vulnerability in the Linux kernel's b43 module to achieve local privilege escalation or denial of service. The attacker loads the module with a malformed fwpostfix parameter to trigger the vulnerability.

Description

Format string vulnerability in the b43_request_firmware function in drivers/net/wireless/b43/main.c in the Broadcom B43 wireless driver in the Linux kernel through 3.9.4 allows local users to gain privileges by leveraging root access and including format string specifiers in an fwpostfix modprobe parameter, leading to improper construction of an error message.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Kees Cook · textlocallinux

https://www.exploit-db.com/exploits/38559

View Code ZIP pw:eip

This exploit leverages a format string vulnerability in the Linux kernel's b43 module to achieve local privilege escalation or denial of service. The attacker loads the module with a malformed fwpostfix parameter to trigger the vulnerability.

Classification

Working Poc 90%

Attack Type

Lpe

Complexity

Trivial

Reliability

Reliable

Target: Linux kernel (versions affected by CVE-2013-2852)

Auth required

Prerequisites: Local access to the target system · Ability to load kernel modules

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (18)

Core 18

Core References

Vendor Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-1919-1

Vendor Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-1920-1

Vendor Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-1915-1

Vendor Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-1918-1

Vendor Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-1930-1

Vendor Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-1917-1

Vendor Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-1916-1

Vendor Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-1914-1

Patch x_refsource_confirm

http://git.kernel.org/cgit/linux/kernel/git/linville/wireless.git/commit/?id=9538cbaab6e8b8046039b4b2eb6c9d614dc782bd

Vendor Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-1899-1

Vendor Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2013-1051.html

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-security-announce/2013-09/msg00003.html

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2013/dsa-2766

Mailing List vendor-advisory x_refsource_suse

http://lists.opensuse.org/opensuse-updates/2013-12/msg00129.html

Vendor Advisory vendor-advisory x_refsource_redhat

http://rhn.redhat.com/errata/RHSA-2013-1450.html

Issue Tracking x_refsource_confirm

https://bugzilla.redhat.com/show_bug.cgi?id=969518

Mailing List mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2013/06/06/13

Vendor Advisory vendor-advisory x_refsource_ubuntu

http://www.ubuntu.com/usn/USN-1900-1

Scores

EPSS 0.0102

EPSS Percentile 58.8%

Details

CWE

CWE-134

Status published

Products (6)

canonical/ubuntu_linux 10.04

canonical/ubuntu_linux 12.04

canonical/ubuntu_linux 12.10

canonical/ubuntu_linux 13.04

debian/debian_linux 6.0

linux/linux_kernel 2.6.12 - 3.0.83

Published Jun 07, 2013

Tracked Since Feb 18, 2026