Sign-up

ID

VAR-201311-0208


CVE

CVE-2013-6122


TITLE

MSM For devices Qualcomm Innovation Center Android Used for contributions etc. Linux Kernel for Goodix gt915 Vulnerability that can prevent access restriction in touch screen driver

Trust: 0.8

sources: JVNDB: JVNDB-2013-005073

DESCRIPTION

goodix_tool.c in the Goodix gt915 touchscreen driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly synchronize updates to a global variable, which allows local users to bypass intended access restrictions or cause a denial of service (memory corruption) via crafted arguments to the procfs write handler. Android For MSM project is prone to a local security-bypass vulnerability because it fails to sufficiently validate user-supplied input. An attacker with physical access to the computer can exploit this issue to bypass security restrictions that may aid in further attacks. The Linux kernel is the kernel used by the open source operating system Linux released by the American Linux Foundation. The NFSv4 implementation is one of the distributed file system protocols. There is a buffer overflow vulnerability in the goodix_tool.c file in the goodix gt915 touch screen driver of the Linux kernel 3.x version using the Android system. The vulnerability comes from the fact that the program does not correctly synchronize the updated global variables. Description =========== Multiple issues have been identified in the Goodix gt915 touchscreen driver for Android. The issues were found in the write handler of the procfs entry created by the driver, which by default is readable and writeable to users without any specific privileges. CVE-2013-4740 ------------- When processing data written to the procfs file, the Goodix gt915 touchscreen driver is using user space supplied content as length values in subsequent memory manipulation operations without bounds checking. This can lead to multiple memory corruption issues. An application with access to the respective file can use this flaw to, e.g., elevate privileges. The global structure used by the procfs write handler can be accessed concurrently by more than one process. This would allow local attackers to bypass the input validation checks (such as introduced by the fix for CVE-2013-4740). An application with access to the respective file can use this flaw to, e.g., alter the internal state of the handler, bypass security checks, or create a denial-of-service condition. Access Vector: local Security Risk: medium Vulnerability: CWE-362 (Concurrent Execution using Shared Resource with Improper Synchronization) Affected versions ----------------- All Android releases from CAF using a Linux kernel from the following heads: - jb_3* - msm-3.10 Patch ----- We advise customers to apply the following patches: https://www.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=f53bcf29a6e7a66b3d935b8d562fa00829261f05 Acknowledgement =============== Qualcomm Innovation Center, Inc. (QuIC) thanks Jonathan Salwan of the Sysdream Security Lab for reporting the related issues and working with QuIC to help improve Android device security. https://www.codeaurora.org/projects/security-advisories/multiple-memory-corruption-issues-and-race-condition-goodix-gt915-touchscreen-driver-procfs-handler

Trust: 2.07

sources: NVD: CVE-2013-6122 // JVNDB: JVNDB-2013-005073 // BID: 63655 // VULHUB: VHN-66124 // PACKETSTORM: 123945

AFFECTED PRODUCTS

vendor:qualcommmodel:quic mobile station modem kernelscope:eqversion:3.10

Trust: 1.6

vendor:qualcommmodel:quic mobile station modemscope:eqversion:3.10

Trust: 0.8

vendor:avayamodel:ip deskphonescope:eqversion:96x16.2

Trust: 0.3

vendor:avayamodel:ip deskphonescope:eqversion:96x16

Trust: 0.3

sources: BID: 63655 // JVNDB: JVNDB-2013-005073 // CNNVD: CNNVD-201311-153 // NVD: CVE-2013-6122

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-6122
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-6122
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201311-153
value: MEDIUM

Trust: 0.6

VULHUB: VHN-66124
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-6122
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-66124
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-66124 // JVNDB: JVNDB-2013-005073 // CNNVD: CNNVD-201311-153 // NVD: CVE-2013-6122

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.1

problemtype:CWE-119

Trust: 0.8

sources: VULHUB: VHN-66124 // JVNDB: JVNDB-2013-005073 // NVD: CVE-2013-6122

THREAT TYPE

local

Trust: 0.9

sources: BID: 63655 // CNNVD: CNNVD-201311-153

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201311-153

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2013-005073

PATCH
title:QCIR-2013-00009-1url:https://www.codeaurora.org/projects/security-advisories/multiple-memory-corruption-issues-and-race-condition-goodix-gt915-touchscreen-driver-procfs-handler
Trust: 0.8
title:input: touchpanel: fix security issues in GT915 driverurl:https://www.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=f53bcf29a6e7a66b3d935b8d562fa00829261f05
Trust: 0.8
title:linux-3.10.21url:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=46699
Trust: 0.6
sources:
            
            
            JVNDB: JVNDB-2013-005073 // 
            
            
            
            CNNVD: CNNVD-201311-153

EXTERNAL IDS
db:NVDid:CVE-2013-6122
Trust: 2.9
db:OPENWALLid:OSS-SECURITY/2013/11/08/1
Trust: 1.7
db:JVNDBid:JVNDB-2013-005073
Trust: 0.8
db:CNNVDid:CNNVD-201311-153
Trust: 0.7
db:MLISTid:[OSS-SECURITY] 20131108 ADVISORY REPORT - MULTIPLE MEMORY CORRUPTION AND RACE CONDITION IN GOODIX GT915 ANDROID TOUCHSCREEN DRIVER (CVE-2013-4740 & CVE-2013-6122)
Trust: 0.6
db:BIDid:63655
Trust: 0.4
db:VULHUBid:VHN-66124
Trust: 0.1
db:PACKETSTORMid:123945
Trust: 0.1
sources:
            
            
            VULHUB: VHN-66124 // 
            
            
            
            BID: 63655 // 
            
            
            
            JVNDB: JVNDB-2013-005073 // 
            
            
            
            PACKETSTORM: 123945 // 
            
            
            
            CNNVD: CNNVD-201311-153 // 
            
            
            
            NVD: CVE-2013-6122

REFERENCES
url:https://www.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=f53bcf29a6e7a66b3d935b8d562fa00829261f05
Trust: 1.8
url:https://www.codeaurora.org/projects/security-advisories/multiple-memory-corruption-issues-and-race-condition-goodix-gt915-touchscreen-driver-procfs-handler
Trust: 1.8
url:http://www.openwall.com/lists/oss-security/2013/11/08/1
Trust: 1.7
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6122
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6122
Trust: 0.8
url:https://nvd.nist.gov/vuln/detail/cve-2013-6122
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2013-4740
Trust: 0.1
sources:
            
            
            VULHUB: VHN-66124 // 
            
            
            
            JVNDB: JVNDB-2013-005073 // 
            
            
            
            PACKETSTORM: 123945 // 
            
            
            
            CNNVD: CNNVD-201311-153 // 
            
            
            
            NVD: CVE-2013-6122

CREDITS
Jonathan Salwan of the Sysdream Security Lab
Trust: 0.3
sources:
            
            
            BID: 63655

SOURCES
db:VULHUBid:VHN-66124
db:BIDid:63655
db:JVNDBid:JVNDB-2013-005073
db:PACKETSTORMid:123945
db:CNNVDid:CNNVD-201311-153
db:NVDid:CVE-2013-6122

LAST UPDATE DATE
2024-11-23T22:13:51.021000+00:00

SOURCES UPDATE DATE
db:VULHUBid:VHN-66124date:2013-11-13T00:00:00
db:BIDid:63655date:2015-03-19T09:14:00
db:JVNDBid:JVNDB-2013-005073date:2013-11-13T00:00:00
db:CNNVDid:CNNVD-201311-153date:2013-11-13T00:00:00
db:NVDid:CVE-2013-6122date:2024-11-21T01:58:43.937

SOURCES RELEASE DATE
db:VULHUBid:VHN-66124date:2013-11-12T00:00:00
db:BIDid:63655date:2013-11-07T00:00:00
db:JVNDBid:JVNDB-2013-005073date:2013-11-13T00:00:00
db:PACKETSTORMid:123945date:2013-11-07T23:02:22
db:CNNVDid:CNNVD-201311-153date:2013-11-13T00:00:00
db:NVDid:CVE-2013-6122date:2013-11-12T14:35:12.790