ID

VAR-201401-0143


CVE

CVE-2013-6123


TITLE

MSM For devices Qualcomm Innovation Center Android Used for contributions etc. Linux Kernel for MSM Vulnerabilities that can be obtained in the camera driver

Trust: 0.8

sources: JVNDB: JVNDB-2013-005846

DESCRIPTION

Multiple array index errors in drivers/media/video/msm/server/msm_cam_server.c in the MSM camera driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to gain privileges by leveraging camera device-node access, related to the (1) msm_ctrl_cmd_done, (2) msm_ioctl_server, and (3) msm_server_send_ctrl functions. The Linux kernel is prone to a local privilege-escalation vulnerability. Local attackers can exploit this issue to gain elevated privileges on affected computers. Other attacks are also possible. Android for MSM is an Android MSM project, the main purpose of this project is to build an Android platform that includes Qualcomm MSM chipset

Trust: 2.25

sources: NVD: CVE-2013-6123 // JVNDB: JVNDB-2013-005846 // BID: 64328 // BID: 64979 // VULHUB: VHN-66125

AFFECTED PRODUCTS

vendor:codeauroramodel:android-msmscope:eqversion:2.6.29

Trust: 1.6

vendor:qualcommmodel:quic mobile station modem kernelscope:eqversion:3.10

Trust: 1.3

vendor:android for msmmodel:android for msmscope:eqversion:2.6.29

Trust: 0.8

vendor:qualcommmodel:quic mobile station modemscope:eqversion:3.10

Trust: 0.8

vendor:ubuntumodel:linuxscope:eqversion:13.10

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:12.10

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:12.10

Trust: 0.3

vendor:ubuntumodel:linux lts i386scope:eqversion:12.04

Trust: 0.3

vendor:ubuntumodel:linux lts amd64scope:eqversion:12.04

Trust: 0.3

vendor:ubuntumodel:linux sparcscope:eqversion:10.04

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:10.04

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:10.04

Trust: 0.3

vendor:ubuntumodel:linux armscope:eqversion:10.04

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:10.04

Trust: 0.3

vendor:susemodel:linux enterprise server for vmware sp3scope:eqversion:11

Trust: 0.3

vendor:susemodel:linux enterprise server sp3scope:eqversion:11

Trust: 0.3

vendor:susemodel:linux enterprise high availability extension sp3scope:eqversion:11

Trust: 0.3

vendor:susemodel:linux enterprise desktop sp3scope:eqversion:11

Trust: 0.3

vendor:susemodel:linux enterprise server sp1 ltssscope:eqversion:11

Trust: 0.3

vendor:s u s emodel:opensusescope:eqversion:13.1

Trust: 0.3

vendor:s u s emodel:opensusescope:eqversion:12.3

Trust: 0.3

vendor:s u s emodel:opensusescope:eqversion:11.4

Trust: 0.3

vendor:oraclemodel:linuxscope:eqversion:6

Trust: 0.3

vendor:mandrivamodel:business serverscope:eqversion:1x8664

Trust: 0.3

vendor:mandrivamodel:business serverscope:eqversion:1

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:3.12.5

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:3.4.74

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:3.10.24

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:3.2.53

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.6.34.14

Trust: 0.3

vendor:linuxmodel:kernelscope:eqversion:2.6.32.61

Trust: 0.3

vendor:debianmodel:linux sparcscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux s/390scope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux powerpcscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux mipsscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux ia-64scope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux ia-32scope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux armscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux amd64scope:eqversion:6.0

Trust: 0.3

vendor:centosmodel:centosscope:eqversion:6

Trust: 0.3

vendor:codeauroramodel:qrd androidscope:eqversion:0

Trust: 0.3

vendor:codeauroramodel:firefox os for msmscope:eqversion:0

Trust: 0.3

vendor:codeauroramodel:android for msmscope:eqversion:0

Trust: 0.3

sources: BID: 64328 // BID: 64979 // JVNDB: JVNDB-2013-005846 // CNNVD: CNNVD-201401-189 // NVD: CVE-2013-6123

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2013-6123
value: MEDIUM

Trust: 1.0

NVD: CVE-2013-6123
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201401-189
value: MEDIUM

Trust: 0.6

VULHUB: VHN-66125
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2013-6123
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-66125
severity: MEDIUM
baseScore: 6.9
vectorString: AV:L/AC:M/AU:N/C:C/I:C/A:C
accessVector: LOCAL
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 3.4
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-66125 // JVNDB: JVNDB-2013-005846 // CNNVD: CNNVD-201401-189 // NVD: CVE-2013-6123

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.9

sources: VULHUB: VHN-66125 // JVNDB: JVNDB-2013-005846 // NVD: CVE-2013-6123

THREAT TYPE

local

Trust: 1.2

sources: BID: 64328 // BID: 64979 // CNNVD: CNNVD-201401-189

TYPE

Boundary Condition Error

Trust: 0.6

sources: BID: 64328 // BID: 64979

CONFIGURATIONS

sources: JVNDB: JVNDB-2013-005846

PATCH

title:QCIR-2014-00001-1url:https://www.codeaurora.org/projects/security-advisories/out-bounds-array-access-camera-driver-cve-2013-6123

Trust: 0.8

title:msm: camera: Bounds and validity check for paramsurl:https://www.codeaurora.org/cgit/quic/la//kernel/msm/commit/?id=60e4af06161d91d5aeaa04c7d6e9f4345a6acdd4

Trust: 0.8

title:msm: camera: Added bounds check for index parameterurl:https://www.codeaurora.org/cgit/quic/la//kernel/msm/commit/?id=7beb04ea945a7178e61d935918d3cb152996b558

Trust: 0.8

sources: JVNDB: JVNDB-2013-005846

EXTERNAL IDS

db:NVDid:CVE-2013-6123

Trust: 3.1

db:JVNDBid:JVNDB-2013-005846

Trust: 0.8

db:CNNVDid:CNNVD-201401-189

Trust: 0.7

db:BIDid:64979

Trust: 0.4

db:BIDid:64328

Trust: 0.3

db:VULHUBid:VHN-66125

Trust: 0.1

sources: VULHUB: VHN-66125 // BID: 64328 // BID: 64979 // JVNDB: JVNDB-2013-005846 // CNNVD: CNNVD-201401-189 // NVD: CVE-2013-6123

REFERENCES

url:https://www.codeaurora.org/projects/security-advisories/out-bounds-array-access-camera-driver-cve-2013-6123

Trust: 2.3

url:https://www.codeaurora.org/cgit/quic/la//kernel/msm/commit/?id=60e4af06161d91d5aeaa04c7d6e9f4345a6acdd4

Trust: 1.7

url:https://www.codeaurora.org/cgit/quic/la//kernel/msm/commit/?id=7beb04ea945a7178e61d935918d3cb152996b558

Trust: 1.7

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/90505

Trust: 1.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-6123

Trust: 0.8

url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-6123

Trust: 0.8

url:http://www.kernel.org/

Trust: 0.6

url:http://lists.centos.org/pipermail/centos-announce/2013-december/020095.html

Trust: 0.3

url:http://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=338c7dbadd2671189cec7faf64c84d01071b3f96

Trust: 0.3

url:http://linux.oracle.com/errata/elsa-2014-3034.html

Trust: 0.3

sources: VULHUB: VHN-66125 // BID: 64328 // BID: 64979 // JVNDB: JVNDB-2013-005846 // CNNVD: CNNVD-201401-189 // NVD: CVE-2013-6123

CREDITS

Andrew Honig of Google

Trust: 0.3

sources: BID: 64328

SOURCES

db:VULHUBid:VHN-66125
db:BIDid:64328
db:BIDid:64979
db:JVNDBid:JVNDB-2013-005846
db:CNNVDid:CNNVD-201401-189
db:NVDid:CVE-2013-6123

LAST UPDATE DATE

2024-08-14T12:39:42.846000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-66125date:2017-08-29T00:00:00
db:BIDid:64328date:2015-04-13T22:23:00
db:BIDid:64979date:2014-01-14T00:00:00
db:JVNDBid:JVNDB-2013-005846date:2014-01-16T00:00:00
db:CNNVDid:CNNVD-201401-189date:2014-01-16T00:00:00
db:NVDid:CVE-2013-6123date:2017-08-29T01:33:54.920

SOURCES RELEASE DATE

db:VULHUBid:VHN-66125date:2014-01-14T00:00:00
db:BIDid:64328date:2013-12-14T00:00:00
db:BIDid:64979date:2014-01-14T00:00:00
db:JVNDBid:JVNDB-2013-005846date:2014-01-16T00:00:00
db:CNNVDid:CNNVD-201401-189date:2014-01-16T00:00:00
db:NVDid:CVE-2013-6123date:2014-01-14T04:29:56.923