CVE-2013-6124

codeaurora/android-msm - Symlink Attack via chown or chmod Commands

Title source: llm
STIX 2.1

Description

The Qualcomm Innovation Center (QuIC) init scripts in Code Aurora Forum (CAF) releases of Android 4.1.x through 4.4.x allow local users to modify file metadata via a symlink attack on a file accessed by a (1) chown or (2) chmod command, as demonstrated by changing the permissions of an arbitrary file via an attack on the sensor-settings file.

References (1)

Core 1

Scores

EPSS 0.0030
EPSS Percentile 21.6%

Details

CWE
CWE-59
Status published
Products (50)
codeaurora/android-msm 3.2.54
codeaurora/android-msm 3.2.55
codeaurora/android-msm 3.2.56
codeaurora/android-msm 3.2.57
codeaurora/android-msm 3.2.58
codeaurora/android-msm 3.2.59
codeaurora/android-msm 3.2.60
codeaurora/android-msm 3.2.61
codeaurora/android-msm 3.2.62
codeaurora/android-msm 3.4.72
... and 40 more
Published Aug 31, 2014
Tracked Since Feb 18, 2026