Launchpad.net

CVE 2013-4738

Multiple stack-based buffer overflows in the MSM camera driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow attackers to gain privileges via (1) a crafted VIDIOC_MSM_VPE_DEQUEUE_STREAM_BUFF_INFO ioctl call, related to drivers/media/platform/msm/camera_v2/pproc/vpe/msm_vpe.c, or (2) a crafted VIDIOC_MSM_CPP_DEQUEUE_STREAM_BUFF_INFO ioctl call, related to drivers/media/platform/msm/camera_v2/pproc/cpp/msm_cpp.c.

Related bugs and status

CVE-2013-4738 (Candidate) is related to these bugs:

Bug #1244800: CVE-2013-4738

		In	Importance	Status
1244800	CVE-2013-4738	linux (Ubuntu)	High	Invalid
1244800	CVE-2013-4738	linux-fsl-imx51 (Ubuntu)	High	Invalid
1244800	CVE-2013-4738	linux-mvl-dove (Ubuntu)	High	Invalid
1244800	CVE-2013-4738	linux-lts-backport-maverick (Ubuntu)	Undecided	Won't Fix
1244800	CVE-2013-4738	linux-lts-backport-natty (Ubuntu)	Undecided	Won't Fix
1244800	CVE-2013-4738	linux-ti-omap4 (Ubuntu)	High	Invalid
1244800	CVE-2013-4738	linux-ec2 (Ubuntu)	High	Invalid
1244800	CVE-2013-4738	linux (Ubuntu Trusty)	High	Invalid
1244800	CVE-2013-4738	linux-ec2 (Ubuntu Trusty)	High	Invalid
1244800	CVE-2013-4738	linux-fsl-imx51 (Ubuntu Trusty)	High	Invalid
1244800	CVE-2013-4738	linux-lts-backport-maverick (Ubuntu Trusty)	Undecided	Won't Fix
1244800	CVE-2013-4738	linux-lts-backport-natty (Ubuntu Trusty)	Undecided	Won't Fix
1244800	CVE-2013-4738	linux-mvl-dove (Ubuntu Trusty)	High	Invalid
1244800	CVE-2013-4738	linux-ti-omap4 (Ubuntu Trusty)	High	Invalid
1244800	CVE-2013-4738	linux (Ubuntu Saucy)	High	Won't Fix
1244800	CVE-2013-4738	linux-ec2 (Ubuntu Saucy)	High	Invalid
1244800	CVE-2013-4738	linux-fsl-imx51 (Ubuntu Saucy)	High	Invalid
1244800	CVE-2013-4738	linux-lts-backport-maverick (Ubuntu Saucy)	Undecided	Won't Fix
1244800	CVE-2013-4738	linux-lts-backport-natty (Ubuntu Saucy)	Undecided	Won't Fix
1244800	CVE-2013-4738	linux-mvl-dove (Ubuntu Saucy)	High	Invalid
1244800	CVE-2013-4738	linux-ti-omap4 (Ubuntu Saucy)	High	Won't Fix
1244800	CVE-2013-4738	linux (Ubuntu Raring)	High	Won't Fix
1244800	CVE-2013-4738	linux-ec2 (Ubuntu Raring)	High	Invalid
1244800	CVE-2013-4738	linux-fsl-imx51 (Ubuntu Raring)	High	Invalid
1244800	CVE-2013-4738	linux-lts-backport-maverick (Ubuntu Raring)	Undecided	Won't Fix
1244800	CVE-2013-4738	linux-lts-backport-natty (Ubuntu Raring)	Undecided	Won't Fix
1244800	CVE-2013-4738	linux-mvl-dove (Ubuntu Raring)	High	Invalid
1244800	CVE-2013-4738	linux-ti-omap4 (Ubuntu Raring)	High	Won't Fix
1244800	CVE-2013-4738	linux (Ubuntu Quantal)	High	Won't Fix
1244800	CVE-2013-4738	linux-ec2 (Ubuntu Quantal)	High	Invalid
1244800	CVE-2013-4738	linux-fsl-imx51 (Ubuntu Quantal)	High	Invalid
1244800	CVE-2013-4738	linux-lts-backport-maverick (Ubuntu Quantal)	Undecided	Won't Fix
1244800	CVE-2013-4738	linux-lts-backport-natty (Ubuntu Quantal)	Undecided	Won't Fix
1244800	CVE-2013-4738	linux-mvl-dove (Ubuntu Quantal)	High	Invalid
1244800	CVE-2013-4738	linux-ti-omap4 (Ubuntu Quantal)	High	Won't Fix
1244800	CVE-2013-4738	linux (Ubuntu Precise)	High	Invalid
1244800	CVE-2013-4738	linux-ec2 (Ubuntu Precise)	High	Invalid
1244800	CVE-2013-4738	linux-fsl-imx51 (Ubuntu Precise)	High	Invalid
1244800	CVE-2013-4738	linux-lts-backport-maverick (Ubuntu Precise)	Undecided	Won't Fix
1244800	CVE-2013-4738	linux-lts-backport-natty (Ubuntu Precise)	Undecided	Won't Fix
1244800	CVE-2013-4738	linux-mvl-dove (Ubuntu Precise)	High	Invalid
1244800	CVE-2013-4738	linux-ti-omap4 (Ubuntu Precise)	High	Invalid
1244800	CVE-2013-4738	linux (Ubuntu Lucid)	High	Invalid
1244800	CVE-2013-4738	linux-ec2 (Ubuntu Lucid)	High	Invalid
1244800	CVE-2013-4738	linux-fsl-imx51 (Ubuntu Lucid)	High	Invalid
1244800	CVE-2013-4738	linux-lts-backport-maverick (Ubuntu Lucid)	Undecided	Won't Fix
1244800	CVE-2013-4738	linux-lts-backport-natty (Ubuntu Lucid)	Undecided	Won't Fix
1244800	CVE-2013-4738	linux-mvl-dove (Ubuntu Lucid)	High	Invalid
1244800	CVE-2013-4738	linux-ti-omap4 (Ubuntu Lucid)	High	Invalid
1244800	CVE-2013-4738	linux-armadaxp (Ubuntu)	High	Invalid
1244800	CVE-2013-4738	linux-armadaxp (Ubuntu Lucid)	High	Invalid
1244800	CVE-2013-4738	linux-armadaxp (Ubuntu Precise)	High	Invalid
1244800	CVE-2013-4738	linux-armadaxp (Ubuntu Quantal)	High	Won't Fix
1244800	CVE-2013-4738	linux-armadaxp (Ubuntu Raring)	High	Invalid
1244800	CVE-2013-4738	linux-armadaxp (Ubuntu Saucy)	High	Invalid
1244800	CVE-2013-4738	linux-armadaxp (Ubuntu Trusty)	High	Invalid
1244800	CVE-2013-4738	linux-lts-quantal (Ubuntu)	High	Invalid
1244800	CVE-2013-4738	linux-lts-quantal (Ubuntu Lucid)	High	Invalid
1244800	CVE-2013-4738	linux-lts-quantal (Ubuntu Precise)	High	Invalid
1244800	CVE-2013-4738	linux-lts-quantal (Ubuntu Quantal)	High	Invalid
1244800	CVE-2013-4738	linux-lts-quantal (Ubuntu Raring)	High	Invalid
1244800	CVE-2013-4738	linux-lts-quantal (Ubuntu Saucy)	High	Invalid
1244800	CVE-2013-4738	linux-lts-quantal (Ubuntu Trusty)	High	Invalid
1244800	CVE-2013-4738	linux-lts-raring (Ubuntu)	High	Invalid
1244800	CVE-2013-4738	linux-lts-raring (Ubuntu Lucid)	High	Invalid
1244800	CVE-2013-4738	linux-lts-raring (Ubuntu Precise)	High	Won't Fix
1244800	CVE-2013-4738	linux-lts-raring (Ubuntu Quantal)	High	Invalid
1244800	CVE-2013-4738	linux-lts-raring (Ubuntu Raring)	High	Invalid
1244800	CVE-2013-4738	linux-lts-raring (Ubuntu Saucy)	High	Invalid
1244800	CVE-2013-4738	linux-lts-raring (Ubuntu Trusty)	High	Invalid

See the

CVE page on Mitre.org for more details.

References

MLIST: [oss-security] 2013101...
CONFIRM: https://www.codeaurora...