Lucene search

MitreCVE-2013-4740

HistoryNov 12, 2013 - 2:35 p.m.

CVE-2013-4740

2013-11-1214:35:12

CWE-362

mitre

web.nvd.nist.gov

cve-2013-4740

goodix gt915

touchscreen driver

linux kernel

memory corruption

procfs

android

quic

msm devices

denial of service

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

AI Score

Confidence

Low

EPSS

0.001

Percentile

43.3%

JSON

goodix_tool.c in the Goodix gt915 touchscreen driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, relies on user-space length values for kernel-memory copies of procfs file content, which allows attackers to gain privileges or cause a denial of service (memory corruption) via an application that provides crafted values.

Affected configurations

Nvd

Node

qualcommquic_mobile_station_modem_kernelMatch3.10

VendorProductVersionCPE
qualcommquic_mobile_station_modem_kernel3.10cpe:2.3:o:qualcomm:quic_mobile_station_modem_kernel:3.10:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
qualcomm	quic_mobile_station_modem_kernel	3.10	cpe:2.3:o:qualcomm:quic_mobile_station_modem_kernel:3.10:::::::*

References

www.openwall.com/lists/oss-security/2013/11/08/1

www.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=f53bcf29a6e7a66b3d935b8d562fa00829261f05

www.codeaurora.org/projects/security-advisories/multiple-memory-corruption-issues-and-race-condition-goodix-gt915-touchscreen-driver-procfs-handler

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

AI Score

Confidence

Low

EPSS

0.001

Percentile

43.3%

JSON

Related for CVE-2013-4740