Lucene search

[email protected]CVE-2013-4740

HistoryOct 03, 2022 - 4:14 p.m.

CVE-2013-4740

2022-10-0316:14:58

CWE-362

[email protected]

web.nvd.nist.gov

cve-2013-4740

goodix gt915

touchscreen driver

linux kernel

memory corruption

procfs

android

quic

msm devices

denial of service

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

30.7%

JSON

goodix_tool.c in the Goodix gt915 touchscreen driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, relies on user-space length values for kernel-memory copies of procfs file content, which allows attackers to gain privileges or cause a denial of service (memory corruption) via an application that provides crafted values.

Affected configurations

NVD

Node

qualcommquic_mobile_station_modem_kernelMatch3.10

CPENameOperatorVersion
qualcomm:quic_mobile_station_modem_kernelqualcomm quic mobile station modem kerneleq3.10

CPE	Name	Operator	Version
qualcomm:quic_mobile_station_modem_kernel	qualcomm quic mobile station modem kernel	eq	3.10

References

www.openwall.com/lists/oss-security/2013/11/08/1

www.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=f53bcf29a6e7a66b3d935b8d562fa00829261f05

www.codeaurora.org/projects/security-advisories/multiple-memory-corruption-issues-and-race-condition-goodix-gt915-touchscreen-driver-procfs-handler

6.9 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

30.7%

JSON

Related for CVE-2013-4740

prion1 redhatcve1 nvd1 cvelist1 android1