Skip to main content

Uncontrolled memory mapping in camera driver (CVE-2013-2595)

Release Date:

May 1, 2013

Affected Projects:

Android for MSMFirefox OS for MSMQRD Android

Advisory ID:


CVE ID(s):



The following security vulnerability has been identified in the camera driver. CVE-2013-2595: The camera driver provides several interfaces to user space clients. The user space clients communicate to the kernel via syscalls such as ioctl or mmap. The camera driver provides an uncontrolled mmap interface that allows an application with access to the device file to map physical memory exceeding the camera driver's memory into user space. A locally installed, unprivileged application can use this flaw to escalate privileges.

Access Vector: Local
Security Risk: High
Access Vector: Local

Affected Versions:

All Android releases from CAF prior to May 1, 2013 using the Linux kernel from the following heads: msm-2.*, msm-3.*, jb*, ics*, gingerbread*


Customers that make active use of this interface, e.g., when using code from kernel branches prior to April 2012, are encouraged to use the below contact address for further information.

We advise customers to apply the following patches for individual branches.

Individual Patches


Qualcomm Innovation Center, Inc. (QuIC) thanks for reporting the related issues and working with QuIC to help improve Android device security.


Initial revision