Published on April 13, 2013
Integer overflow in the fb_mmap function in drivers/video/fbmem.c in the Linux kernel before 3.8.9, as used in a certain Motorola build of Android 4.1.2 and other products, allows local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted /dev/graphics/fb0 mmap2 system calls, as demonstrated by the Motochopper pwn program.
Known Exploited Vulnerability
This Linux Kernel Integer Overflow Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Linux kernel fb_mmap function in drivers/video/fbmem.c contains an integer overflow vulnerability which allows for privilege escalation.
The following remediation steps are recommended / required by October 6, 2022: Apply updates per vendor instructions.
Weaknesses in this category are related to improper calculation or conversion of numbers.
Products Associated with CVE-2013-2596
You can be notified by stack.watch whenever vulnerabilities like CVE-2013-2596 are published in these products:
What versions are vulnerable to CVE-2013-2596?
Each of the following must match for the vulnerability to exist.