Stack-based buffer overflow in acdb audio driver (CVE-2013-2597)

Release Date:

June 21, 2013

Affected Projects:

Android for MSMFirefox OS for MSMQRD Android

Advisory ID:

QCIR-2013-00002-1

CVE ID(s):

CVE-2013-2597

Summary:

The following security vulnerability has been identified in the acdb audio driver. CVE-2013-2597: The acdb audio driver provides an ioctl system call interface to user space clients for communication. When processing arguments passed to the ioctl handler, a user space supplied size is used to copy as many bytes from user space to a local stack buffer without proper bounds checking. An application with access to the /dev/msm_acdb device file (audio or system group) can use this flaw to, e.g., elevate privileges.

Access Vector: Local
Security Risk: Medium
Access Vector: Local

Affected Versions:

All Android releases from CAF using the Linux kernel from the following heads: msm-3.*, jb*, ics*, gingerbread*

Patch:

We advise customers to apply the following patch:

Acknowledgement:

This issue has been first disclosed by @fi01_IS01 in a public exploit. Qualcomm Innovation Center, Inc. (QuIC) additionally thanks Xuxian Jiang for reporting the issue and working with QuIC to help improve Android device security. He independently discovered this vulnerability.

Revisions:

Initial revision

Contact:

security-advisory@quicinc.com