CVE-2013-2595
published 2014-08-31CVE-2013-2595: The device-initialization functionality in the MSM camera driver for the Linux kernel 2.6.x and 3.x, as used in Qualcomm Innovation Center (QuIC) Android…
PriorityP275high7.2CVSS 2.0
AVLACLAuNCCICAC
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
0.89%
54.8th percentile
The device-initialization functionality in the MSM camera driver for the Linux kernel 2.6.x and 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, enables MSM_CAM_IOCTL_SET_MEM_MAP_INFO ioctl calls for an unrestricted mmap interface, which allows attackers to gain privileges via a crafted application.
Affected
141 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| codeaurora | android-msm | — | — |
| codeaurora | android-msm | — | — |
| codeaurora | android-msm | — | — |
| codeaurora | android-msm | — | — |
| codeaurora | android-msm | — | — |
| codeaurora | android-msm | — | — |
| codeaurora | android-msm | — | — |
| codeaurora | android-msm | — | — |
| codeaurora | android-msm | — | — |
| codeaurora | android-msm | — | — |
| codeaurora | android-msm | — | — |
| codeaurora | android-msm | — | — |
| codeaurora | android-msm | — | — |
| codeaurora | android-msm | — | — |
| codeaurora | android-msm | — | — |
| codeaurora | android-msm | — | — |
| codeaurora | android-msm | — | — |
| codeaurora | android-msm | — | — |
| codeaurora | android-msm | — | — |
| codeaurora | android-msm | — | — |
| codeaurora | android-msm | — | — |
| codeaurora | android-msm | — | — |
| codeaurora | android-msm | — | — |
| codeaurora | android-msm | — | — |
| codeaurora | android-msm | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →The CVE-2013-2595 exploit is triggered via the MSM_CAM_IOCTL_SET_MEM_MAP_INFO ioctl call against the MSM camera driver; monitor for unexpected ioctl calls to this interface from unprivileged processes. ↗
- →The Skygofree exploit payload (exploiting CVE-2013-2595 among others) drops and executes ELF binaries named 'run_root_shell', 'arrs_put_user.o', 'arrs_put_user', or 'poc'; detect execution of these filenames on Android devices. ↗
- ·Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2 are NOT affected by CVE-2013-2595; the MSM camera driver is specific to Qualcomm MSM/Android kernels and is not shipped in RHEL kernel packages. ↗
- ·The exploit payload targets only specific device models listed in device.db (205 devices); if a device is not listed, the exploit attempts to discover required memory addresses programmatically, so detection should not rely solely on device model matching. ↗
- ·CVE-2013-2595 is only one of five CVEs exploited by the Skygofree exploit payload; successful privilege escalation may occur via any of the other four vulnerabilities even if CVE-2013-2595 is patched. ↗
CVSS provenance
nvdv2.07.2HIGHAV:L/AC:L/Au:N/C:C/I:C/A:C
vulncheck7.2HIGH
vendor_redhat7.2HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-rfx2-r7w4-hgcp: The device-initialization functionality in the MSM camera driver for the Linux kernel 2
ghsa_unreviewed·2022-05-17
CVE-2013-2595 [HIGH] GHSA-rfx2-r7w4-hgcp: The device-initialization functionality in the MSM camera driver for the Linux kernel 2
The device-initialization functionality in the MSM camera driver for the Linux kernel 2.6.x and 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, enables MSM_CAM_IOCTL_SET_MEM_MAP_INFO ioctl calls for an unrestricted mmap interface, which allows attackers to gain privileges via a crafted application.
VulnCheck
Linux Kernel MSM_CAM_IOCTL_SET_MEM_MAP_INFO Privilege Escalation
vulncheck·2013·CVSS 7.2
CVE-2013-2595 [HIGH] Linux Kernel MSM_CAM_IOCTL_SET_MEM_MAP_INFO Privilege Escalation
Linux Kernel MSM_CAM_IOCTL_SET_MEM_MAP_INFO Privilege Escalation
The device-initialization functionality in the MSM camera driver for the Linux kernel 2.6.x and 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, enables MSM_CAM_IOCTL_SET_MEM_MAP_INFO ioctl calls for an unrestricted mmap interface, which allows attackers to gain privileges via a crafted application.
Affected: codeaurora android-msm
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://securelist.com/skygofree-following-in-the-footsteps-of-hackingteam/83603/
Exploit PoC: https://vulncheck.com/xdb/a5df29ea5929
Red Hat
CVE-2013-2595: The device-initialization functionality in the MSM camera driver for the Linux kernel 2
vendor_redhat·CVSS 7.2
CVE-2013-2595 [HIGH] CVE-2013-2595: The device-initialization functionality in the MSM camera driver for the Linux kernel 2
The device-initialization functionality in the MSM camera driver for the Linux kernel 2.6.x and 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, enables MSM_CAM_IOCTL_SET_MEM_MAP_INFO ioctl calls for an unrestricted mmap interface, which allows attackers to gain privileges via a crafted application.
Statement: Not vulnerable. This issue does not affect the versions of the kernel package as shipped with Red Hat Enterprise Linux 5, 6, 7 and Red Hat Enterprise MRG 2.
No detection rules found.
No public exploits indexed.
Securelist
Skygofree: Following in the footsteps of HackingTeam
blogs_securelist·2018-01-16
Skygofree: Following in the footsteps of HackingTeam
Table of Contents
Malware Features
Android
Reverse shell payload
Exploit payload
Busybox payload
Social payload
Parser payload
Windows
Code similarities
Distribution
Artifacts
Conclusions
Notes
Authors
Nikita Buchka
Alexey Firsh
At the beginning of October 2017, we discovered new Android spyware with several features previously unseen in the wild. In the course of further research, we found a number of related samples that point to a long-term development process. We believe the initial versions of this malware were created at least three years ago – at the end of 2014. Since then, the implant’s functionality has been improving and remarkable new features implemented, such as the ability to record audio surroundings via the microphone when an infected device is in a specif
Securelist
Skygofree: Following in the footsteps of HackingTeam
blogs_securelist·2018-01-16
Skygofree: Following in the footsteps of HackingTeam
Table of Contents
- Malware Features
- Distribution
- Artifacts
- Conclusions
Authors
- Nikita Buchka
- Alexey Firsh
At the beginning of October 2017, we discovered new Android spyware with several features previously unseen in the wild. In the course of further research, we found a number of related samples that point to a long-term development process. We believe the initial versions of this malware were created at least three years ago – at the end of 2014. Since then, the implant’s functionality has been improving and remarkable new features implemented, such as the ability to record audio surroundings via the microphone when an infected device is in a specified location; the stealing of WhatsApp messages via Accessibility Services; and the ability to connect an infected device to
Bugzilla
CVE kernel non-issue statements
bugzilla·2010-05-13·CVSS 5.0
[MEDIUM] CVE kernel non-issue statements
CVE kernel non-issue statements
This bug is to collect statements for Linux kernel-related CVE's that do not have their own top-level CVE SRT bug because it did not affect any of our supported kernels. These statements were also referred to as NVD statements and are noted on the NVD web site.
(From bug 589808) Do not change the bug alias, it needs to have "CVE" in the title. You can add extra statements in new comments or editing existing comments and they will be picked up correctly.
Discussion:
Statement CVE-2010-0747:
Not vulnerable. This issue did not affect the versions of the Linux kernel as shipped with Red Hat Enterprise Linux 3, 4, 5 and Red Hat Enterprise MRG as they did not backport an out-of-tree drbd module (drbd8).
Statement CVE-2010-1446:
Not vulnerable. This issue di
2014-08-31
Published
Exploited in the wild