var-201311-0282
Vulnerability from variot
goodix_tool.c in the Goodix gt915 touchscreen driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, relies on user-space length values for kernel-memory copies of procfs file content, which allows attackers to gain privileges or cause a denial of service (memory corruption) via an application that provides crafted values. Android For MSM is prone to multiple local memory-corruption vulnerabilities that occur in the Goodix GT915 touchscreen driver because it fails to properly bounds-check user-supplied data. Local attackers can exploit these issues to execute arbitrary code. Failed exploit attempts may cause a denial-of-service condition. The Linux kernel is the kernel used by the open source operating system Linux released by the American Linux Foundation. The NFSv4 implementation is one of the distributed file system protocols. There is a security vulnerability in the goodix_tool.c file in the goodix gt915 touch screen driver of the Linux kernel 3.x version using the Android system. The issues were found in the write handler of the procfs entry created by the driver, which by default is readable and writeable to users without any specific privileges.
CVE-2013-4740
When processing data written to the procfs file, the Goodix gt915 touchscreen driver is using user space supplied content as length values in subsequent memory manipulation operations without bounds checking. This can lead to multiple memory corruption issues. An application with access to the respective file can use this flaw to, e.g., elevate privileges.
Access Vector: local Security Risk: high Vulnerability: CWE-20 (Improper Input Validation)
CVE-2013-6122
When processing arguments passed to the procfs write handler of the Goodix gt915 touchscreen driver, user space data is copied to a global variable and used without a mutual-exclusion mechanism. The global structure used by the procfs write handler can be accessed concurrently by more than one process. This would allow local attackers to bypass the input validation checks (such as introduced by the fix for CVE-2013-4740). An application with access to the respective file can use this flaw to, e.g., alter the internal state of the handler, bypass security checks, or create a denial-of-service condition.
Access Vector: local Security Risk: medium Vulnerability: CWE-362 (Concurrent Execution using Shared Resource with Improper Synchronization)
Affected versions
All Android releases from CAF using a Linux kernel from the following heads:
- jb_3*
- msm-3.10
Patch
We advise customers to apply the following patches: https://www.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=f53bcf29a6e7a66b3d935b8d562fa00829261f05
Acknowledgement
Qualcomm Innovation Center, Inc. (QuIC) thanks Jonathan Salwan of the Sysdream Security Lab for reporting the related issues and working with QuIC to help improve Android device security.
https://www.codeaurora.org/projects/security-advisories/multiple-memory-corruption-issues-and-race-condition-goodix-gt915-touchscreen-driver-procfs-handler
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-201311-0282",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "quic mobile station modem kernel",
"scope": "eq",
"trust": 1.6,
"vendor": "qualcomm",
"version": "3.10"
},
{
"model": "quic mobile station modem",
"scope": "eq",
"trust": 0.8,
"vendor": "qualcomm",
"version": "3.10"
},
{
"model": "ip deskphone",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "96x16.2"
},
{
"model": "ip deskphone",
"scope": "eq",
"trust": 0.3,
"vendor": "avaya",
"version": "96x16"
}
],
"sources": [
{
"db": "BID",
"id": "63661"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005072"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-152"
},
{
"db": "NVD",
"id": "CVE-2013-4740"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"cpe_match": [
{
"cpe22Uri": "cpe:/o:qualcomm:quic_mobile_station_modem_kernel",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005072"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Jonathan Salwan of Sysdream Security Lab",
"sources": [
{
"db": "BID",
"id": "63661"
}
],
"trust": 0.3
},
"cve": "CVE-2013-4740",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "CVE-2013-4740",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 6.9,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 3.4,
"id": "VHN-64742",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:L/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2013-4740",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2013-4740",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-201311-152",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-64742",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-64742"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005072"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-152"
},
{
"db": "NVD",
"id": "CVE-2013-4740"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "goodix_tool.c in the Goodix gt915 touchscreen driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, relies on user-space length values for kernel-memory copies of procfs file content, which allows attackers to gain privileges or cause a denial of service (memory corruption) via an application that provides crafted values. Android For MSM is prone to multiple local memory-corruption vulnerabilities that occur in the Goodix GT915 touchscreen driver because it fails to properly bounds-check user-supplied data. \nLocal attackers can exploit these issues to execute arbitrary code. Failed exploit attempts may cause a denial-of-service condition. The Linux kernel is the kernel used by the open source operating system Linux released by the American Linux Foundation. The NFSv4 implementation is one of the distributed file system protocols. There is a security vulnerability in the goodix_tool.c file in the goodix gt915 touch screen driver of the Linux kernel 3.x version using the Android system. The issues were found in the write handler of the \nprocfs entry created by the driver, which by default is readable and\nwriteable to users without any specific privileges. \n\nCVE-2013-4740\n-------------\nWhen processing data written to the procfs file, the Goodix gt915 \ntouchscreen driver is using user space supplied content as length\nvalues in subsequent memory manipulation operations without \nbounds checking. This can lead to multiple memory corruption issues. \nAn application with access to the respective file can use this flaw \nto, e.g., elevate privileges. \n\nAccess Vector: local\nSecurity Risk: high\nVulnerability: CWE-20 (Improper Input Validation)\n\nCVE-2013-6122\n-------------\nWhen processing arguments passed to the procfs write handler of \nthe Goodix gt915 touchscreen driver, user space data is copied to\na global variable and used without a mutual-exclusion mechanism. \nThe global structure used by the procfs write handler can be accessed \nconcurrently by more than one process. This would allow local attackers\nto bypass the input validation checks (such as introduced by the fix for \nCVE-2013-4740). An application with access to the respective file can use\nthis flaw to, e.g., alter the internal state of the handler, bypass security \nchecks, or create a denial-of-service condition. \n\nAccess Vector: local\nSecurity Risk: medium\nVulnerability: CWE-362 (Concurrent Execution using Shared Resource \nwith Improper Synchronization)\n\nAffected versions\n-----------------\nAll Android releases from CAF using a Linux kernel from the following heads:\n\n- jb_3*\n- msm-3.10\n\nPatch\n-----\nWe advise customers to apply the following patches:\nhttps://www.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=f53bcf29a6e7a66b3d935b8d562fa00829261f05\n\nAcknowledgement\n===============\nQualcomm Innovation Center, Inc. (QuIC) thanks Jonathan Salwan of the \nSysdream Security Lab for reporting the related issues and working with \nQuIC to help improve Android device security. \n\nhttps://www.codeaurora.org/projects/security-advisories/multiple-memory-corruption-issues-and-race-condition-goodix-gt915-touchscreen-driver-procfs-handler\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2013-4740"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005072"
},
{
"db": "BID",
"id": "63661"
},
{
"db": "VULHUB",
"id": "VHN-64742"
},
{
"db": "PACKETSTORM",
"id": "123945"
}
],
"trust": 2.07
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2013-4740",
"trust": 2.9
},
{
"db": "OPENWALL",
"id": "OSS-SECURITY/2013/11/08/1",
"trust": 1.7
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005072",
"trust": 0.8
},
{
"db": "CNNVD",
"id": "CNNVD-201311-152",
"trust": 0.7
},
{
"db": "MLIST",
"id": "[OSS-SECURITY] 20131108 ADVISORY REPORT - MULTIPLE MEMORY CORRUPTION AND RACE CONDITION IN GOODIX GT915 ANDROID TOUCHSCREEN DRIVER (CVE-2013-4740 \u0026 CVE-2013-6122)",
"trust": 0.6
},
{
"db": "BID",
"id": "63661",
"trust": 0.4
},
{
"db": "PACKETSTORM",
"id": "123945",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-64742",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-64742"
},
{
"db": "BID",
"id": "63661"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005072"
},
{
"db": "PACKETSTORM",
"id": "123945"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-152"
},
{
"db": "NVD",
"id": "CVE-2013-4740"
}
]
},
"id": "VAR-201311-0282",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-64742"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T22:13:50.987000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "QCIR-2013-00009-1",
"trust": 0.8,
"url": "https://www.codeaurora.org/projects/security-advisories/multiple-memory-corruption-issues-and-race-condition-goodix-gt915-touchscreen-driver-procfs-handler"
},
{
"title": "input: touchpanel: fix security issues in GT915 driver",
"trust": 0.8,
"url": "https://www.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=f53bcf29a6e7a66b3d935b8d562fa00829261f05"
},
{
"title": "linux-3.10.21",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=46699"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005072"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-152"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-362",
"trust": 1.1
},
{
"problemtype": "CWE-119",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-64742"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005072"
},
{
"db": "NVD",
"id": "CVE-2013-4740"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.1,
"url": "https://www.codeaurora.org/cgit/quic/la/kernel/msm-3.10/commit/?id=f53bcf29a6e7a66b3d935b8d562fa00829261f05"
},
{
"trust": 2.1,
"url": "https://www.codeaurora.org/projects/security-advisories/multiple-memory-corruption-issues-and-race-condition-goodix-gt915-touchscreen-driver-procfs-handler"
},
{
"trust": 1.7,
"url": "http://www.openwall.com/lists/oss-security/2013/11/08/1"
},
{
"trust": 0.8,
"url": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2013-4740"
},
{
"trust": 0.8,
"url": "http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2013-4740"
},
{
"trust": 0.3,
"url": "https://www.codeaurora.org/xwiki/bin/qaep/"
},
{
"trust": 0.3,
"url": "https://downloads.avaya.com/css/p8/documents/100178103"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-6122"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2013-4740"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-64742"
},
{
"db": "BID",
"id": "63661"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005072"
},
{
"db": "PACKETSTORM",
"id": "123945"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-152"
},
{
"db": "NVD",
"id": "CVE-2013-4740"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-64742"
},
{
"db": "BID",
"id": "63661"
},
{
"db": "JVNDB",
"id": "JVNDB-2013-005072"
},
{
"db": "PACKETSTORM",
"id": "123945"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-152"
},
{
"db": "NVD",
"id": "CVE-2013-4740"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-11-12T00:00:00",
"db": "VULHUB",
"id": "VHN-64742"
},
{
"date": "2013-11-07T00:00:00",
"db": "BID",
"id": "63661"
},
{
"date": "2013-11-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005072"
},
{
"date": "2013-11-07T23:02:22",
"db": "PACKETSTORM",
"id": "123945"
},
{
"date": "2013-11-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201311-152"
},
{
"date": "2013-11-12T14:35:12.760000",
"db": "NVD",
"id": "CVE-2013-4740"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2013-11-14T00:00:00",
"db": "VULHUB",
"id": "VHN-64742"
},
{
"date": "2015-03-19T08:48:00",
"db": "BID",
"id": "63661"
},
{
"date": "2013-11-13T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2013-005072"
},
{
"date": "2013-11-13T00:00:00",
"db": "CNNVD",
"id": "CNNVD-201311-152"
},
{
"date": "2024-11-21T01:56:16.767000",
"db": "NVD",
"id": "CVE-2013-4740"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "BID",
"id": "63661"
},
{
"db": "CNNVD",
"id": "CNNVD-201311-152"
}
],
"trust": 0.9
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "MSM For devices Qualcomm Innovation Center Android Used for contributions etc. Linux Kernel for Goodix gt915 Vulnerability of obtaining privilege in touch screen driver",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2013-005072"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "competitive condition",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-201311-152"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…