CVE-2013-4738

2014-02-0303:55:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2013-4738

buffer overflow

linux kernel

msm camera driver

qualcomm innovation center

android

security vulnerability

7 High

AI Score

Confidence

Low

7.2 High

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

0.0004 Low

EPSS

Percentile

12.2%

JSON

Multiple stack-based buffer overflows in the MSM camera driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to gain privileges via (1) a crafted VIDIOC_MSM_VPE_DEQUEUE_STREAM_BUFF_INFO ioctl call, related to drivers/media/platform/msm/camera_v2/pproc/vpe/msm_vpe.c, or (2) a crafted VIDIOC_MSM_CPP_DEQUEUE_STREAM_BUFF_INFO ioctl call, related to drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c.

CPENameOperatorVersion
codeaurora:android-msmcodeaurora android-msmeq2.6.29
qualcomm:quic_mobile_station_modem_kernelqualcomm quic mobile station modem kerneleq3.4