CVE-2013-4511
Published: 12 November 2013
Multiple integer overflows in Alchemy LCD frame-buffer drivers in the Linux kernel before 3.12 allow local users to create a read-write memory mapping for the entirety of kernel memory, and consequently gain privileges, via crafted mmap operations, related to the (1) au1100fb_fb_mmap function in drivers/video/au1100fb.c and the (2) au1200fb_fb_mmap function in drivers/video/au1200fb.c.
From the Ubuntu security team
Multiple integer overflow flaws were discovered in the Alchemy LCD frame- buffer drivers in the Linux kernel. An unprivileged local user could exploit this flaw to gain administrative privileges.
Priority
Status
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-4511
- https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/commit/?id=7314e613d
- http://www.openwall.com/lists/oss-security/2013/11/04
- https://ubuntu.com/security/notices/USN-2036-1
- https://ubuntu.com/security/notices/USN-2037-1
- https://ubuntu.com/security/notices/USN-2066-1
- https://ubuntu.com/security/notices/USN-2067-1
- https://ubuntu.com/security/notices/USN-2068-1
- https://ubuntu.com/security/notices/USN-2069-1
- https://ubuntu.com/security/notices/USN-2070-1
- https://ubuntu.com/security/notices/USN-2071-1
- https://ubuntu.com/security/notices/USN-2072-1
- https://ubuntu.com/security/notices/USN-2073-1
- https://ubuntu.com/security/notices/USN-2074-1
- https://ubuntu.com/security/notices/USN-2075-1
- https://ubuntu.com/security/notices/USN-2076-1
- NVD
- Launchpad
- Debian