CVE-2013-2597
CVE-2013-2597
Vexday Risk Score
71High priority
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
CVSS 8.4EPSS 1.5%KEV simPoC públicaNuclei —Metasploit —Patch —
Lifecycle
11 Jun 2013Public PoC
31 Aug 2014Published on NVD
15 Sep 2022Active exploitation (CISA KEV)
Recommendation: Patch as soon as possible — active exploitation confirmed.
In short
A flaw in the acdb audio driver allows an attacker to overflow the system memory by sending a specially crafted command through a device file. This can give an attacker full control of the device.
Technical detail
Stack-based buffer overflow in acdb_ioctl function (audio_acdb.c) triggered by ioctl calls with oversized arguments via /dev/msm_acdb. Requires local access to the device file; leads to privilege escalation and arbitrary code execution.
Summary generated and translated by AI from the official description.
Stack-based buffer overflow in the acdb_ioctl function in audio_acdb.c in the acdb audio driver for the Linux kernel 2.6.x and 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges via an application that leverages /dev/msm_acdb access and provides a large size value in an ioctl argument.
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
n/a · n/apublic PoCs found — 1
githubgithub.com/fi01/libmsm_acdb_exploit★ 12⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →