CVE-2013-4737

The CONFIG_STRICT_MEMORY_RWX implementation for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly consider certain memory sections, which makes it easier for attackers to bypass intended access restrictions by leveraging the presence of RWX memory at a fixed location.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
https://www.codeaurora.org/projects/security-advisories/configstrictmemoryrwx-not-strictly-enforced-cve-2013-4737	Patch Vendor Advisory
https://www.codeaurora.org/projects/security-advisories/configstrictmemoryrwx-not-strictly-enforced-cve-2013-4737	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:o:qualcomm:quic_mobile_station_modem_kernel:3.10:*:*:*:*:*:*:*

History

21 Nov 2024, 01:56

Type	Values Removed	Values Added
References	~~() https://www.codeaurora.org/projects/security-advisories/configstrictmemoryrwx-not-strictly-enforced-cve-2013-4737 - Patch, Vendor Advisory~~	() https://www.codeaurora.org/projects/security-advisories/configstrictmemoryrwx-not-strictly-enforced-cve-2013-4737 - Patch, Vendor Advisory

Information

Published : 2014-02-15 14:57

Updated : 2024-11-21 01:56

NVD link : CVE-2013-4737

Mitre link : CVE-2013-4737

CVE.ORG link : CVE-2013-4737

JSON object : View

Products Affected

qualcomm

quic_mobile_station_modem_kernel

CWE

CWE-264

Permissions, Privileges, and Access Controls

{"id": "CVE-2013-4737", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-02-15T14:57:07.737", "references": [{"url": "https://www.codeaurora.org/projects/security-advisories/configstrictmemoryrwx-not-strictly-enforced-cve-2013-4737", "tags": ["Patch", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.codeaurora.org/projects/security-advisories/configstrictmemoryrwx-not-strictly-enforced-cve-2013-4737", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-264"}]}], "descriptions": [{"lang": "en", "value": "The CONFIG_STRICT_MEMORY_RWX implementation for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly consider certain memory sections, which makes it easier for attackers to bypass intended access restrictions by leveraging the presence of RWX memory at a fixed location."}, {"lang": "es", "value": "La implementaci\u00f3n CONFIG_STRICT_MEMORY_RWX para el kernel de Linux 3.x, tal y como se utiliza en las contribuciones Android de Qualcomm Innovation Center (QuIC) para los dispositivos MSM y otros productos, no considera debidamente ciertas secciones de memoria, lo que facilita a atacantes evadir restricciones de acceso mediante el aprovechamiento de la presencia de la memoria RWX en una localizaci\u00f3n fija."}], "lastModified": "2024-11-21T01:56:15.250", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:qualcomm:quic_mobile_station_modem_kernel:3.10:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9B99C28E-E8DC-4987-BCDF-F6E18EFF59D8"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}