Lucene search

[email protected]CVE-2013-4737

HistoryFeb 15, 2014 - 2:57 p.m.

CVE-2013-4737

2014-02-1514:57:07

CWE-264

[email protected]

web.nvd.nist.gov

cve-2013-4737

config_strict_memory_rwx

linux kernel

qualcomm

android

msm devices

nvd

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

6.5 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

69.7%

JSON

The CONFIG_STRICT_MEMORY_RWX implementation for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly consider certain memory sections, which makes it easier for attackers to bypass intended access restrictions by leveraging the presence of RWX memory at a fixed location.

Affected configurations

NVD

Node

qualcommquic_mobile_station_modem_kernelMatch3.10

CPENameOperatorVersion
qualcomm:quic_mobile_station_modem_kernelqualcomm quic mobile station modem kerneleq3.10

CPE	Name	Operator	Version
qualcomm:quic_mobile_station_modem_kernel	qualcomm quic mobile station modem kernel	eq	3.10

References

www.codeaurora.org/projects/security-advisories/configstrictmemoryrwx-not-strictly-enforced-cve-2013-4737

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

6.5 Medium

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

69.7%

JSON

Related for CVE-2013-4737

redhatcve1 cvelist1 prion1 ubuntucve1 seebug1 nvd1 debiancve1