CVE-2013-2596

Name of the Vulnerable Software and Affected Versions Linux Kernel versions prior to 3.8.9

Description The issue allows local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted /dev/graphics/fb0 mmap2 system calls. This is due to an integer overflow in the fb mmap function in drivers/video/fbmem.c. The Motochopper pwn program demonstrates this exploit.

Recommendations For Linux Kernel versions prior to 3.8.9, update to version 3.8.9 or later to resolve the issue. As a temporary workaround, consider restricting access to the /dev/graphics/fb0 device file to minimize the risk of exploitation.