Published on April 13, 2013

Integer overflow in the fb_mmap function in drivers/video/fbmem.c in the Linux kernel before 3.8.9, as used in a certain Motorola build of Android 4.1.2 and other products, allows local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted /dev/graphics/fb0 mmap2 system calls, as demonstrated by the Motochopper pwn program.

Vendor Advisory Vendor Advisory Vendor Advisory NVD

Known Exploited Vulnerability

This Linux Kernel Integer Overflow Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Linux kernel fb_mmap function in drivers/video/fbmem.c contains an integer overflow vulnerability which allows for privilege escalation.

The following remediation steps are recommended / required by October 6, 2022: Apply updates per vendor instructions.

Vulnerability Analysis

Numeric Errors

Weaknesses in this category are related to improper calculation or conversion of numbers.

Products Associated with CVE-2013-2596

You can be notified by whenever vulnerabilities like CVE-2013-2596 are published in these products:

What versions are vulnerable to CVE-2013-2596?

Each of the following must match for the vulnerability to exist.