PT-2013-5051 · Linux+2 · Linux Kernel+2

Fabian Yamaguchi

Published

2013-11-07

Updated

2023-12-15

CVE-2013-4511

CVSS v2.0

6.9

Medium

Vector

AV:L/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 3.12

Description The issue is related to multiple integer overflows in Alchemy LCD frame-buffer drivers. Local users can create a read-write memory mapping for the entirety of kernel memory and gain privileges via crafted mmap operations. This is related to the au1100fb fb mmap function in drivers/video/au1100fb.c and the au1200fb fb mmap function in drivers/video/au1200fb.c.

Recommendations For Linux kernel versions prior to 3.12, update to version 3.12 or later to resolve the issue. As a temporary workaround, consider restricting access to the au1100fb fb mmap and au1200fb fb mmap functions until a patch is available.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-189

Related Identifiers

ALT-PU-2013-1060

ALT-PU-2013-1061

ALT-PU-2013-1133

ALT-PU-2014-1422

CVE-2013-4511

DSA-2906-1

OPENSUSE-SU-2014_0204-1

OPENSUSE-SU-2014_0205-1

SUSE-RU-2015:0621-1

SUSE-SU-2015:0481-1

SUSE-SU-2015:0581-1

SUSE-SU-2015:0652-1

SUSE-SU-2015:0736-1

SUSE-SU-2015:1174-1

SUSE-SU-2015:1376-1

USN-2036-1

USN-2037-1

USN-2066-1

USN-2067-1

USN-2068-1

USN-2069-1

USN-2070-1

USN-2071-1

USN-2072-1

USN-2073-1

USN-2074-1

USN-2075-1

USN-2076-1

Affected Products

Alt Linux

Linux Kernel

Suse

PT-2013-5051 · Linux+2 · Linux Kernel+2

CVE-2013-4511

Weakness Enumeration

Related Identifiers

Affected Products

References · 264