Details of VAR-201401-0143

ID

VAR-201401-0143

CVE

CVE-2013-6123

TITLE

MSM For devices Qualcomm Innovation Center Android Used for contributions etc. Linux Kernel for MSM Vulnerabilities that can be obtained in the camera driver

Trust: 0.8

sources: JVNDB: JVNDB-2013-005846

DESCRIPTION

Multiple array index errors in drivers/media/video/msm/server/msm_cam_server.c in the MSM camera driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to gain privileges by leveraging camera device-node access, related to the (1) msm_ctrl_cmd_done, (2) msm_ioctl_server, and (3) msm_server_send_ctrl functions. The Linux kernel is prone to a local privilege-escalation vulnerability. Local attackers can exploit this issue to gain elevated privileges on affected computers. Other attacks are also possible. Android for MSM is an Android MSM project, the main purpose of this project is to build an Android platform that includes Qualcomm MSM chipset

Trust: 2.25

sources: NVD: CVE-2013-6123 // JVNDB: JVNDB-2013-005846 // BID: 64328 // BID: 64979 // VULHUB: VHN-66125

AFFECTED PRODUCTS

vendor:	codeaurora	model:	android-msm	scope:	eq	version:	2.6.29	Trust: 1.6
vendor:	qualcomm	model:	quic mobile station modem kernel	scope:	eq	version:	3.10	Trust: 1.3
vendor:	android for msm	model:	android for msm	scope:	eq	version:	2.6.29	Trust: 0.8
vendor:	qualcomm	model:	quic mobile station modem	scope:	eq	version:	3.10	Trust: 0.8
vendor:	ubuntu	model:	linux	scope:	eq	version:	13.10	Trust: 0.3
vendor:	ubuntu	model:	linux i386	scope:	eq	version:	12.10	Trust: 0.3
vendor:	ubuntu	model:	linux amd64	scope:	eq	version:	12.10	Trust: 0.3
vendor:	ubuntu	model:	linux lts i386	scope:	eq	version:	12.04	Trust: 0.3
vendor:	ubuntu	model:	linux lts amd64	scope:	eq	version:	12.04	Trust: 0.3
vendor:	ubuntu	model:	linux sparc	scope:	eq	version:	10.04	Trust: 0.3
vendor:	ubuntu	model:	linux powerpc	scope:	eq	version:	10.04	Trust: 0.3
vendor:	ubuntu	model:	linux i386	scope:	eq	version:	10.04	Trust: 0.3
vendor:	ubuntu	model:	linux arm	scope:	eq	version:	10.04	Trust: 0.3
vendor:	ubuntu	model:	linux amd64	scope:	eq	version:	10.04	Trust: 0.3
vendor:	suse	model:	linux enterprise server for vmware sp3	scope:	eq	version:	11	Trust: 0.3
vendor:	suse	model:	linux enterprise server sp3	scope:	eq	version:	11	Trust: 0.3
vendor:	suse	model:	linux enterprise high availability extension sp3	scope:	eq	version:	11	Trust: 0.3
vendor:	suse	model:	linux enterprise desktop sp3	scope:	eq	version:	11	Trust: 0.3
vendor:	suse	model:	linux enterprise server sp1 ltss	scope:	eq	version:	11	Trust: 0.3
vendor:	s u s e	model:	opensuse	scope:	eq	version:	13.1	Trust: 0.3
vendor:	s u s e	model:	opensuse	scope:	eq	version:	12.3	Trust: 0.3
vendor:	s u s e	model:	opensuse	scope:	eq	version:	11.4	Trust: 0.3
vendor:	oracle	model:	linux	scope:	eq	version:	6	Trust: 0.3
vendor:	mandriva	model:	business server	scope:	eq	version:	1x8664	Trust: 0.3
vendor:	mandriva	model:	business server	scope:	eq	version:	1	Trust: 0.3
vendor:	linux	model:	kernel	scope:	eq	version:	3.12.5	Trust: 0.3
vendor:	linux	model:	kernel	scope:	eq	version:	3.4.74	Trust: 0.3
vendor:	linux	model:	kernel	scope:	eq	version:	3.10.24	Trust: 0.3
vendor:	linux	model:	kernel	scope:	eq	version:	3.2.53	Trust: 0.3
vendor:	linux	model:	kernel	scope:	eq	version:	2.6.34.14	Trust: 0.3
vendor:	linux	model:	kernel	scope:	eq	version:	2.6.32.61	Trust: 0.3
vendor:	debian	model:	linux sparc	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux s/390	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux powerpc	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux mips	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux ia-64	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux ia-32	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux arm	scope:	eq	version:	6.0	Trust: 0.3
vendor:	debian	model:	linux amd64	scope:	eq	version:	6.0	Trust: 0.3
vendor:	centos	model:	centos	scope:	eq	version:	6	Trust: 0.3
vendor:	codeaurora	model:	qrd android	scope:	eq	version:	0	Trust: 0.3
vendor:	codeaurora	model:	firefox os for msm	scope:	eq	version:	0	Trust: 0.3
vendor:	codeaurora	model:	android for msm	scope:	eq	version:	0	Trust: 0.3

sources: BID: 64328 // BID: 64979 // JVNDB: JVNDB-2013-005846 // CNNVD: CNNVD-201401-189 // NVD: CVE-2013-6123

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2013-6123
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2013-6123
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-201401-189
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-66125
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2013-6123
severity:	MEDIUM
baseScore:	6.9
vectorString:	AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.4
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-66125
severity:	MEDIUM
baseScore:	6.9
vectorString:	AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.4
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

sources: VULHUB: VHN-66125 // JVNDB: JVNDB-2013-005846 // CNNVD: CNNVD-201401-189 // NVD: CVE-2013-6123

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.9

sources: VULHUB: VHN-66125 // JVNDB: JVNDB-2013-005846 // NVD: CVE-2013-6123

THREAT TYPE

local

Trust: 1.2

sources: BID: 64328 // BID: 64979 // CNNVD: CNNVD-201401-189

TYPE

Boundary Condition Error

Trust: 0.6

sources: BID: 64328 // BID: 64979

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-005846

PATCH

title:	QCIR-2014-00001-1	url:	https://www.codeaurora.org/projects/security-advisories/out-bounds-array-access-camera-driver-cve-2013-6123	Trust: 0.8
title:	msm: camera: Bounds and validity check for params	url:	https://www.codeaurora.org/cgit/quic/la//kernel/msm/commit/?id=60e4af06161d91d5aeaa04c7d6e9f4345a6acdd4	Trust: 0.8
title:	msm: camera: Added bounds check for index parameter	url:	https://www.codeaurora.org/cgit/quic/la//kernel/msm/commit/?id=7beb04ea945a7178e61d935918d3cb152996b558	Trust: 0.8

sources: JVNDB: JVNDB-2013-005846

EXTERNAL IDS

db:	NVD	id:	CVE-2013-6123	Trust: 3.1
db:	JVNDB	id:	JVNDB-2013-005846	Trust: 0.8
db:	CNNVD	id:	CNNVD-201401-189	Trust: 0.7
db:	BID	id:	64979	Trust: 0.4
db:	BID	id:	64328	Trust: 0.3
db:	VULHUB	id:	VHN-66125	Trust: 0.1

sources: VULHUB: VHN-66125 // BID: 64328 // BID: 64979 // JVNDB: JVNDB-2013-005846 // CNNVD: CNNVD-201401-189 // NVD: CVE-2013-6123

REFERENCES

url:	https://www.codeaurora.org/projects/security-advisories/out-bounds-array-access-camera-driver-cve-2013-6123	Trust: 2.3
url:	https://www.codeaurora.org/cgit/quic/la//kernel/msm/commit/?id=60e4af06161d91d5aeaa04c7d6e9f4345a6acdd4	Trust: 1.7
url:	https://www.codeaurora.org/cgit/quic/la//kernel/msm/commit/?id=7beb04ea945a7178e61d935918d3cb152996b558	Trust: 1.7
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/90505	Trust: 1.1
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6123	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6123	Trust: 0.8
url:	http://www.kernel.org/	Trust: 0.6
url:	http://lists.centos.org/pipermail/centos-announce/2013-december/020095.html	Trust: 0.3
url:	http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=338c7dbadd2671189cec7faf64c84d01071b3f96	Trust: 0.3
url:	http://linux.oracle.com/errata/elsa-2014-3034.html	Trust: 0.3

sources: VULHUB: VHN-66125 // BID: 64328 // BID: 64979 // JVNDB: JVNDB-2013-005846 // CNNVD: CNNVD-201401-189 // NVD: CVE-2013-6123

CREDITS

Andrew Honig of Google

Trust: 0.3

sources: BID: 64328

SOURCES

db:	VULHUB	id:	VHN-66125
db:	BID	id:	64328
db:	BID	id:	64979
db:	JVNDB	id:	JVNDB-2013-005846
db:	CNNVD	id:	CNNVD-201401-189
db:	NVD	id:	CVE-2013-6123

LAST UPDATE DATE

2024-08-14T12:39:42.846000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-66125	date:	2017-08-29T00:00:00
db:	BID	id:	64328	date:	2015-04-13T22:23:00
db:	BID	id:	64979	date:	2014-01-14T00:00:00
db:	JVNDB	id:	JVNDB-2013-005846	date:	2014-01-16T00:00:00
db:	CNNVD	id:	CNNVD-201401-189	date:	2014-01-16T00:00:00
db:	NVD	id:	CVE-2013-6123	date:	2017-08-29T01:33:54.920

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-66125	date:	2014-01-14T00:00:00
db:	BID	id:	64328	date:	2013-12-14T00:00:00
db:	BID	id:	64979	date:	2014-01-14T00:00:00
db:	JVNDB	id:	JVNDB-2013-005846	date:	2014-01-16T00:00:00
db:	CNNVD	id:	CNNVD-201401-189	date:	2014-01-16T00:00:00
db:	NVD	id:	CVE-2013-6123	date:	2014-01-14T04:29:56.923