Strix
26.1K

CVE-2013-2598

UnknownEPSS 0.31%

Last modified

CVE-2013-2598 is a vulnerability of currently unknown severity. app/aboot/aboot.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to overwrite signature-verification code via crafted boot-image load-destination header values that specify memory locations within bootloader memory.. EPSS estimates a 0.31% chance of exploitation in the next 30 days.

Description

app/aboot/aboot.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to overwrite signature-verification code via crafted boot-image load-destination header values that specify memory locations within bootloader memory.

Metrics

EPSS Probability
0.31%

22.4th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersionsUpdate
CodeauroraAndroid-Msm2.6.29
CodeauroraAndroid-Msm3.2.54
CodeauroraAndroid-Msm3.2.55
CodeauroraAndroid-Msm3.2.56
CodeauroraAndroid-Msm3.2.57
CodeauroraAndroid-Msm3.2.58
CodeauroraAndroid-Msm3.2.59
CodeauroraAndroid-Msm3.2.60
CodeauroraAndroid-Msm3.2.61
CodeauroraAndroid-Msm3.2.62
CodeauroraAndroid-Msm3.4.72
CodeauroraAndroid-Msm3.4.73
CodeauroraAndroid-Msm3.4.74
CodeauroraAndroid-Msm3.4.75
CodeauroraAndroid-Msm3.4.76
CodeauroraAndroid-Msm3.4.77
CodeauroraAndroid-Msm3.4.78
CodeauroraAndroid-Msm3.4.79
CodeauroraAndroid-Msm3.4.80
CodeauroraAndroid-Msm3.4.81
CodeauroraAndroid-Msm3.4.82
CodeauroraAndroid-Msm3.4.83
CodeauroraAndroid-Msm3.4.84
CodeauroraAndroid-Msm3.4.85
CodeauroraAndroid-Msm3.4.86
CodeauroraAndroid-Msm3.4.87
CodeauroraAndroid-Msm3.4.88
CodeauroraAndroid-Msm3.4.89
CodeauroraAndroid-Msm3.4.90
CodeauroraAndroid-Msm3.4.91
CodeauroraAndroid-Msm3.4.92
CodeauroraAndroid-Msm3.4.93
CodeauroraAndroid-Msm3.4.94
CodeauroraAndroid-Msm3.4.95
CodeauroraAndroid-Msm3.4.96
CodeauroraAndroid-Msm3.4.97
CodeauroraAndroid-Msm3.4.98
CodeauroraAndroid-Msm3.4.99
CodeauroraAndroid-Msm3.4.100
CodeauroraAndroid-Msm3.4.101
CodeauroraAndroid-Msm3.4.102
CodeauroraAndroid-Msm3.4.103
CodeauroraAndroid-Msm3.10
CodeauroraAndroid-Msm3.10.22
CodeauroraAndroid-Msm3.10.23
CodeauroraAndroid-Msm3.10.24
CodeauroraAndroid-Msm3.10.25
CodeauroraAndroid-Msm3.10.26
CodeauroraAndroid-Msm3.10.27
CodeauroraAndroid-Msm3.10.28

Showing 50 of 141 affected configurations. See NVD for the full list.

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2013-2598?
app/aboot/aboot.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to overwrite signature-verification code via crafted boot-image load-destination header values that specify memory locations within bootloader memory.
How severe is CVE-2013-2598?
Severity scoring for CVE-2013-2598 is pending analysis. The EPSS model estimates a 0.31% probability of exploitation in the next 30 days.
How do I fix CVE-2013-2598?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2013-2598?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST