Vulnerability Details : CVE-2013-6392
The genlock_dev_ioctl function in genlock.c in the Genlock driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, does not properly initialize a certain data structure, which allows local users to obtain sensitive information from kernel stack memory via a crafted GENLOCK_IOC_EXPORT ioctl call.
Exploit prediction scoring system (EPSS) score for CVE-2013-6392
Probability of exploitation activity in the next 30 days: 0.04%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2013-6392
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.9
|
MEDIUM | AV:L/AC:L/Au:N/C:C/I:N/A:N |
3.9
|
6.9
|
NIST |
CWE ids for CVE-2013-6392
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-6392
-
https://www.codeaurora.org/cgit/quic/la/kernel/msm/commit/drivers/base/genlock.c?id=e3c43027bdb59f03eec7ead0a01c77e4bf801625&h=jb_3.2.3
kernel/msm - Kernel Tree for MSM/QSD family and Android on MSM/QSDPatch
-
http://openwall.com/lists/oss-security/2013/11/25/4
oss-security - Re: CVE request: Kernel MSM - Memory leak in drivers/base/genlock.c
Products affected by CVE-2013-6392
- cpe:2.3:o:codeaurora:android-msm:3.10.28:*:*:*:*:*:*:*
- cpe:2.3:o:codeaurora:android-msm:3.12.10:*:*:*:*:*:*:*
- cpe:2.3:o:codeaurora:android-msm:3.12.4:*:*:*:*:*:*:*
- cpe:2.3:o:codeaurora:android-msm:3.12.6:*:*:*:*:*:*:*
- cpe:2.3:o:codeaurora:android-msm:3.13:rc1:*:*:*:*:*:*
- cpe:2.3:o:codeaurora:android-msm:3.13:rc3:*:*:*:*:*:*
- cpe:2.3:o:codeaurora:android-msm:3.13.2:*:*:*:*:*:*:*
- cpe:2.3:o:codeaurora:android-msm:3.14:rc1:*:*:*:*:*:*
- cpe:2.3:o:codeaurora:android-msm:3.13:rc5:*:*:*:*:*:*
- cpe:2.3:o:codeaurora:android-msm:3.13:rc6:*:*:*:*:*:*
- cpe:2.3:o:codeaurora:android-msm:3.13:rc7:*:*:*:*:*:*
- cpe:2.3:o:codeaurora:android-msm:3.13:rc8:*:*:*:*:*:*
- cpe:2.3:o:codeaurora:android-msm:3.14:rc2:*:*:*:*:*:*
- cpe:2.3:o:codeaurora:android-msm:3.10.22:*:*:*:*:*:*:*
- cpe:2.3:o:codeaurora:android-msm:3.10.29:*:*:*:*:*:*:*
- cpe:2.3:o:codeaurora:android-msm:3.12.3:*:*:*:*:*:*:*
- cpe:2.3:o:codeaurora:android-msm:3.12.5:*:*:*:*:*:*:*
- cpe:2.3:o:codeaurora:android-msm:3.13:rc2:*:*:*:*:*:*
- cpe:2.3:o:codeaurora:android-msm:3.13:rc4:*:*:*:*:*:*
- cpe:2.3:o:codeaurora:android-msm:3.13.1:*:*:*:*:*:*:*
- cpe:2.3:o:codeaurora:android-msm:3.4.78:*:*:*:*:*:*:*
- cpe:2.3:o:codeaurora:android-msm:3.10.23:*:*:*:*:*:*:*
- cpe:2.3:o:codeaurora:android-msm:3.10.24:*:*:*:*:*:*:*
- cpe:2.3:o:codeaurora:android-msm:3.10.25:*:*:*:*:*:*:*
- cpe:2.3:o:codeaurora:android-msm:3.10.26:*:*:*:*:*:*:*
- cpe:2.3:o:codeaurora:android-msm:3.10.27:*:*:*:*:*:*:*
- cpe:2.3:o:codeaurora:android-msm:3.12.7:*:*:*:*:*:*:*
- cpe:2.3:o:codeaurora:android-msm:3.12.8:*:*:*:*:*:*:*
- cpe:2.3:o:codeaurora:android-msm:3.12.9:*:*:*:*:*:*:*
- cpe:2.3:o:codeaurora:android-msm:3.13:*:*:*:*:*:*:*
- cpe:2.3:o:codeaurora:android-msm:3.2.54:*:*:*:*:*:*:*
- cpe:2.3:o:codeaurora:android-msm:3.4.73:*:*:*:*:*:*:*
- cpe:2.3:o:codeaurora:android-msm:3.4.74:*:*:*:*:*:*:*
- cpe:2.3:o:codeaurora:android-msm:3.4.75:*:*:*:*:*:*:*
- cpe:2.3:o:codeaurora:android-msm:3.4.76:*:*:*:*:*:*:*
- cpe:2.3:o:codeaurora:android-msm:3.4.77:*:*:*:*:*:*:*
- cpe:2.3:o:codeaurora:android-msm:3.4.72:*:*:*:*:*:*:*
- cpe:2.3:o:codeaurora:android-msm:3.4.79:*:*:*:*:*:*:*