CVE-2013-2598
Severity CVSS v4.0:
Pending analysis
Type:
CWE-20
Input Validation
Publication date:
31/08/2014
Last modified:
12/04/2025
Description
app/aboot/aboot.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to overwrite signature-verification code via crafted boot-image load-destination header values that specify memory locations within bootloader memory.
Impact
Base Score 2.0
6.60
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:o:codeaurora:android-msm:2.6.29:*:*:*:*:*:*:* | ||
| cpe:2.3:o:codeaurora:android-msm:3.2.54:*:*:*:*:*:*:* | ||
| cpe:2.3:o:codeaurora:android-msm:3.2.55:*:*:*:*:*:*:* | ||
| cpe:2.3:o:codeaurora:android-msm:3.2.56:*:*:*:*:*:*:* | ||
| cpe:2.3:o:codeaurora:android-msm:3.2.57:*:*:*:*:*:*:* | ||
| cpe:2.3:o:codeaurora:android-msm:3.2.58:*:*:*:*:*:*:* | ||
| cpe:2.3:o:codeaurora:android-msm:3.2.59:*:*:*:*:*:*:* | ||
| cpe:2.3:o:codeaurora:android-msm:3.2.60:*:*:*:*:*:*:* | ||
| cpe:2.3:o:codeaurora:android-msm:3.2.61:*:*:*:*:*:*:* | ||
| cpe:2.3:o:codeaurora:android-msm:3.2.62:*:*:*:*:*:*:* | ||
| cpe:2.3:o:codeaurora:android-msm:3.4.72:*:*:*:*:*:*:* | ||
| cpe:2.3:o:codeaurora:android-msm:3.4.73:*:*:*:*:*:*:* | ||
| cpe:2.3:o:codeaurora:android-msm:3.4.74:*:*:*:*:*:*:* | ||
| cpe:2.3:o:codeaurora:android-msm:3.4.75:*:*:*:*:*:*:* | ||
| cpe:2.3:o:codeaurora:android-msm:3.4.76:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page