Qualcomm acdb audio buffer overflow

CVE numbers: CVE-2013-2597 [QCIR-2013-00002-1][archived]
Coordinated disclosure?: false
Categories: kernel
Details: The acdb audio driver provides an ioctl system call interface to user space clients for communication. When processing arguments passed to the ioctl handler, a user space supplied size is used to copy as many bytes from user space to a local stack buffer without proper bounds checking. An application with access to the /dev/msm_acdb device file (audio or system group) can use this flaw to, e.g., elevate privileges. QCIR-2013-00002-1 [QCIR-2013-00002-1][archived]
Discovered by: @fi01_IS01 [QCIR-2013-00002-1][archived], Xuxian Jiang [QCIR-2013-00002-1][archived] on: 2013-05-08 [twitter-fi01_IS01][archived]
Reported on: 2013-05-08 [twitter-fi01_IS01][archived]
Fixed on: 2013-06-21 [QCIR-2013-00002-1][archived]
Fix released on: Unknown
Affected versions: regex:
Affected devices:
Affected manufacturers: Qualcomm [QCIR-2013-00002-1][archived]
Fixed versions:
Submission: by: Daniel R. Thomas, on: 2013-11-08

AndroidVulnerabilities.org