CVE-2013-6282

Severity Level: Medium
AppRisk Coverage: Yes
Type: Vulnerability
OWASP: M4: Unintended Data Leakage
Aliases:
Platform: Android
File size (bytes): N/A
Filename: N/A
App title: N/A
MD5 Hash: N/A
SHA1 hash: N/A
Affected CVE:

• CVE-2013-6282

Details or analysis:

This is a vulnerability in two API functions within Linux kernel 3.5.5 on the v6k and v7 ARM platforms. The vulnerability is present in the two API functions “get_user” and “put_user” because they do not validate certain addresses, which allows attackers to read or modify the contents of arbitrary kernel memory locations via a crafted application.

This was exploited in the wild against Android devices in October and November 2013.

Reference:

• https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2013-6282
• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-6282