CVE-2013-6392

The genlock_dev_ioctl function in genlock.c in the Genlock driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted GENLOCK_IOC_EXPORT ioctl call.

CVSS v2.0 4.9 MEDIUM

4.9^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:L/AC:L/Au:N/C:C/I:N/A:N

Exploitability : 3.9 / Impact : 6.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://www.codeaurora.org/cgit/quic/la/kernel/msm/commit/drivers/base/genlock.c?id=e3c43027bdb59f03eec7ead0a01c77e4bf801625&h=jb_3.2.3	Patch
http://openwall.com/lists/oss-security/2013/11/25/4

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:codeaurora:android-msm:3.10.26:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.10.27:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.10.28:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.10.29:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.13:rc5::::::
	cpe:2.3:o:codeaurora:android-msm:3.13:rc6::::::
	cpe:2.3:o:codeaurora:android-msm:3.13:rc7::::::
	cpe:2.3:o:codeaurora:android-msm:3.13:rc8::::::
	cpe:2.3:o:codeaurora:android-msm:3.10.22:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.10.24:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.12.3:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.4.74:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.13.1:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.12.6:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.12.9:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.13:rc2::::::
	cpe:2.3:o:codeaurora:android-msm:3.12.10:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.4.72:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.10.25:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.13:rc4::::::
	cpe:2.3:o:codeaurora:android-msm:3.12.8:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.4.78:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.12.5:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.10.23:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.4.76:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.2.54:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.4.73:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.13:rc1::::::
	cpe:2.3:o:codeaurora:android-msm:3.12.7:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.12.4:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.4.75:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.13:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.14:rc1::::::
	cpe:2.3:o:codeaurora:android-msm:3.4.79:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.13:rc3::::::
	cpe:2.3:o:codeaurora:android-msm:3.13.2:::::::*
	cpe:2.3:o:codeaurora:android-msm:3.14:rc2::::::
	cpe:2.3:o:codeaurora:android-msm:3.4.77:::::::*

Information

Published : 2013-11-29 18:55

Updated : 2014-03-05 10:29

NVD link : CVE-2013-6392

Mitre link : CVE-2013-6392

JSON object : View

CWE

CWE-399

Resource Management Errors

Products Affected

codeaurora

android-msm

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://www.codeaurora.org/cgit/quic/la/kernel/msm/commit/drivers/base/genlock.c?id=e3c43027bdb59f03eec7ead0a01c77e4bf801625&h=jb_3.2.3", "name": "https://www.codeaurora.org/cgit/quic/la/kernel/msm/commit/drivers/base/genlock.c?id=e3c43027bdb59f03eec7ead0a01c77e4bf801625&h=jb_3.2.3", "tags": ["Patch"], "refsource": "CONFIRM"}, {"url": "http://openwall.com/lists/oss-security/2013/11/25/4", "name": "[oss-security] 20131125 Re: CVE request: Kernel MSM - Memory leak in drivers/base/genlock.c", "tags": [], "refsource": "MLIST"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The genlock_dev_ioctl function in genlock.c in the Genlock driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted GENLOCK_IOC_EXPORT ioctl call."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-399"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2013-6392", "ASSIGNER": "secalert@redhat.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:C/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "COMPLETE"}, "severity": "MEDIUM", "impactScore": 6.9, "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2013-11-30T02:55Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.10.26:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.10.27:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.10.28:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.10.29:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.13:rc5:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.13:rc6:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.13:rc7:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.13:rc8:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.10.22:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.10.24:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.12.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.4.74:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.13.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.12.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.12.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.13:rc2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.12.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.4.72:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.10.25:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.13:rc4:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.12.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.4.78:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.12.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.10.23:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.4.76:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.2.54:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.4.73:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.13:rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.12.7:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.12.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.4.75:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.14:rc1:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.4.79:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.13:rc3:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.13.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.14:rc2:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:codeaurora:android-msm:3.4.77:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2014-03-05T18:29Z"}

4.9 /10