Skip to main content

Qualcomm CVE-2013-2597

HIGH
Buffer Overflow (CWE-119)
2014-08-31 cve@mitre.org
8.4
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.4 HIGH
AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Added to CISA KEV
Apr 21, 2026 - 15:31 CISA
CVE Published
Aug 31, 2014 - 10:55 cve.org
HIGH 8.4

DescriptionCVE.org

Stack-based buffer overflow in the acdb_ioctl function in audio_acdb.c in the acdb audio driver for the Linux kernel 2.6.x and 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges via an application that leverages /dev/msm_acdb access and provides a large size value in an ioctl argument.

AnalysisAI

Stack-based buffer overflow in the acdb_ioctl function in audio_acdb.c in the acdb audio driver for the Linux kernel 2.6.x and 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions. Rated high severity (CVSS 8.4), this vulnerability is no authentication required, low attack complexity. Actively exploited in the wild (cisa kev) and no vendor patch available.

Technical ContextAI

This vulnerability is classified as Buffer Overflow (CWE-119), which allows attackers to corrupt memory to execute arbitrary code or crash the application. Stack-based buffer overflow in the acdb_ioctl function in audio_acdb.c in the acdb audio driver for the Linux kernel 2.6.x and 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges via an application that leverages /dev/msm_acdb access and provides a large size value in an ioctl argument. Affected products include: Codeaurora Android-Msm.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Use memory-safe languages or bounds-checking. Enable ASLR, DEP/NX, stack canaries. Use safe string functions.

CVE-2014-10031 HIGH POC
7.5 Jan 13

Buffer overflow in the IMAPd service in Qualcomm Eudora WorldMail 9.0.333.0 allows remote attackers to execute arbitrary

CVE-2020-11117 CRITICAL POC
9.8 Sep 08

u'In the lbd service, an external user can issue a specially crafted debug command to overwrite arbitrary files with arb

CVE-2016-5348 MEDIUM POC
5.9 Oct 10

The GPS component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, 6.x before 2016-10-01, and 7.0 be

CVE-2014-4322 HIGH POC
7.2 Dec 24

drivers/misc/qseecom.c in the QSEECOM driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Andr

CVE-2015-0569 HIGH POC
7.8 May 09

Heap-based buffer overflow in the private wireless extensions IOCTL implementation in wlan_hdd_wext.c in the WLAN (aka W

CVE-2017-8260 HIGH POC
7.8 Aug 18

In all Qualcomm products with Android releases from CAF using the Linux kernel, due to a type downcast, a value may impr

CVE-2016-3934 HIGH POC
7.8 Oct 10

drivers/media/platform/msm/camera_v2/sensor/io/msm_camera_cci_i2c.c in the Qualcomm camera driver in Android before 2016

CVE-2020-11207 HIGH POC
7.8 Nov 12

Buffer overflow in LibFastCV library due to improper size checks with respect to buffer length' in Snapdragon Auto, Snap

CVE-2020-11206 HIGH POC
7.8 Nov 12

Possible buffer overflow in Fastrpc while handling received parameters due to lack of validation on input parameters' in

CVE-2020-11202 HIGH POC
7.8 Nov 12

Buffer overflow/underflow occurs when typecasting the buffer passed by CPU internally in the library which is not aligne

CVE-2020-11201 HIGH POC
7.8 Nov 12

Arbitrary access to DSP memory due to improper check in loaded library for data received from CPU side' in Snapdragon Au

CVE-2020-25858 HIGH POC
7.5 Oct 15

The QCMAP_Web_CLIENT binary in the Qualcomm QCMAP software suite prior to versions released in October 2020 does not val

Share

CVE-2013-2597 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy