CVE-2013-4737 — HIGH (9.3) — White Hats Nepal

Vulnerability Description

The CONFIG_STRICT_MEMORY_RWX implementation for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly consider certain memory sections, which makes it easier for attackers to bypass intended access restrictions by leveraging the presence of RWX memory at a fixed location.

CVSS Score

9.3

HIGH

AV:N/AC:M/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Qualcomm	Quic Mobile Station Modem Kernel	3.10

Related Weaknesses (CWE)

CWE-264

References

https://www.codeaurora.org/projects/security-advisories/configstrictmemoryrwx-noPatchVendor Advisory
https://www.codeaurora.org/projects/security-advisories/configstrictmemoryrwx-noPatchVendor Advisory

FAQ

What is CVE-2013-4737?

CVE-2013-4737 is a vulnerability with a CVSS score of 9.3 (HIGH). The CONFIG_STRICT_MEMORY_RWX implementation for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly consider ...

How severe is CVE-2013-4737?

CVE-2013-4737 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2013-4737?

Check the references section above for vendor advisories and patch information. Affected products include: Qualcomm Quic Mobile Station Modem Kernel.