CVE-2013-2596

Advisory lineage Upstream: 0 Downstream: 7

Downstream

DEBIAN-CVE-2013-2596 RHSA-2014:1392 RHSA-2015:0695 RHSA-2015:0782 RHSA-2015:0803 RHSA-2016:0450

Analyzed

Published: 13 Apr 2013, 01:00

Last modified:22 Oct 2025, 00:05

Vulnerability Summary

Overall Risk (default)

medium

42/100

CVSS Score

7.8 HIGH

v3.1 (cve.org)

EPSS Score

3.13% LOW

3% probability +1.13%

KEV

Listed

CISA

1 listing

Ransomware

No reports

Public exploits

4 found

Dark Web

Not detected

Timeline

13 Apr 2013, 01:00

Published

Vulnerability first disclosed

15 Sept 2022, 00:00

Added to CISA KEV

Linux Kernel Integer Overflow Vulnerability

06 Oct 2022, 00:00

CISA Remediation Due

Apply updates per vendor instructions.

22 Oct 2025, 00:05

Last Modified

Vulnerability information updated

Description

Integer overflow in the fb_mmap function in drivers/video/fbmem.c in the Linux kernel before 3.8.9, as used in a certain Motorola build of Android 4.1.2 and other products, allows local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted /dev/graphics/fb0 mmap2 system calls, as demonstrated by the Motochopper pwn program.

CVSS Metrics

v3.1•HIGH•Score: 7.8CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
v2.0•MEDIUM•Score: 6.9AV:L/AC:M/Au:N/C:C/I:C/A:C

EPSS Trends

Current EPSS score: 3.13%• Percentile: 87%

Techniques & Countermeasures

CWE-190•Integer Overflow or Wraparound
The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

Affected Systems

linux•linux_kernel
≥ 2.6.12, < 3.0.75 | ≥ 3.1, < 3.2.45 | ≥ 3.3, < 3.4.42 | ≥ 3.5, < 3.8.9
motorola•android
4.1.2