CVE-2013-4739

Name of the Vulnerable Software and Affected Versions Linux kernel versions 3.x

Description The issue allows attackers to obtain sensitive information from kernel stack memory. This can be achieved through a crafted MSM MCR IOCTL EVT GET ioctl call related to drivers/media/platform/msm/camera v1/mercury/msm mercury sync.c, or a crafted MSM JPEG IOCTL EVT GET ioctl call related to drivers/media/platform/msm/camera v2/jpeg 10/msm jpeg sync.c.

Recommendations For Linux kernel version 3.x, consider restricting access to the MSM MCR IOCTL EVT GET and MSM JPEG IOCTL EVT GET ioctl calls until a patch is available. As a temporary workaround, disabling the msm mercury sync.c and msm jpeg sync.c functions may help minimize the risk of exploitation.