Stack-based buffer overflow in the acdb_ioctl function in audio_acdb.c in the acdb audio driver for the Linux kernel 2.6.x and 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges via an application that leverages /dev/msm_acdb access and provides a large size value in an ioctl argument.
Published 2014-08-31 10:55:04
Updated 2014-09-02 18:43:12
Source MITRE
View at NVD,   CVE.org
Vulnerability category: Overflow

CVE-2013-2597 is in the CISA Known Exploited Vulnerabilities Catalog

CISA vulnerability name:
Code Aurora ACDB Audio Driver Stack-based Buffer Overflow Vulnerability
CISA required action:
Apply updates per vendor instructions.
CISA description:
The Code Aurora audio calibration database (acdb) audio driver contains a stack-based buffer overflow vulnerability that allows for privilege escalation. Code Aurora is used in third-party products such as Qualcomm and Android.
Notes:
https://web.archive.org/web/20161226013354/https:/www.codeaurora.org/news/security-advisories/stack-based-buffer-overflow-acdb-audio-driver-cve-2013-2597
Added on 2022-09-15 Action due date 2022-10-06

Exploit prediction scoring system (EPSS) score for CVE-2013-2597

0.16%
Probability of exploitation activity in the next 30 days EPSS Score History
~ 51 %
Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2013-2597

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source First Seen
7.2
HIGH AV:L/AC:L/Au:N/C:C/I:C/A:C
3.9
10.0
NIST

CWE ids for CVE-2013-2597

Products affected by CVE-2013-2597

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!