Vulnerability Description
Multiple array index errors in drivers/media/video/msm/server/msm_cam_server.c in the MSM camera driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to gain privileges by leveraging camera device-node access, related to the (1) msm_ctrl_cmd_done, (2) msm_ioctl_server, and (3) msm_server_send_ctrl functions.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Codeaurora | Android-Msm | 2.6.29 |
| Qualcomm | Quic Mobile Station Modem Kernel | 3.10 |
Related Weaknesses (CWE)
References
- https://exchange.xforce.ibmcloud.com/vulnerabilities/90505
- https://www.codeaurora.org/cgit/quic/la//kernel/msm/commit/?id=60e4af06161d91d5aExploitPatch
- https://www.codeaurora.org/cgit/quic/la//kernel/msm/commit/?id=7beb04ea945a7178ePatch
- https://www.codeaurora.org/projects/security-advisories/out-bounds-array-access-Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/90505
- https://www.codeaurora.org/cgit/quic/la//kernel/msm/commit/?id=60e4af06161d91d5aExploitPatch
- https://www.codeaurora.org/cgit/quic/la//kernel/msm/commit/?id=7beb04ea945a7178ePatch
- https://www.codeaurora.org/projects/security-advisories/out-bounds-array-access-Vendor Advisory
FAQ
What is CVE-2013-6123?
CVE-2013-6123 is a vulnerability with a CVSS score of 6.9 (MEDIUM). Multiple array index errors in drivers/media/video/msm/server/msm_cam_server.c in the MSM camera driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for...
How severe is CVE-2013-6123?
CVE-2013-6123 has been rated MEDIUM with a CVSS base score of 6.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-6123?
Check the references section above for vendor advisories and patch information. Affected products include: Codeaurora Android-Msm, Qualcomm Quic Mobile Station Modem Kernel.