CVE-2013-2597

Name of the Vulnerable Software and Affected Versions Linux kernel versions 2.6.x through 3.x

Description The issue is a stack-based buffer overflow in the acdb ioctl function in audio acdb.c in the acdb audio driver. This allows attackers to gain privileges via an application that leverages /dev/msm acdb access and provides a large size value in an ioctl argument. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited.

Recommendations For Linux kernel versions 2.6.x through 3.x, as a temporary workaround, consider restricting access to the /dev/msm acdb device file to minimize the risk of exploitation. Additionally, avoid providing large size values in ioctl arguments to the acdb ioctl function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.