CVE-2013-6124

low

Published 2014-08-31 · Modified 2026-05-06

CVSS v3

—

CVSS v2

3.3

VIR risk

3.3

Description

The Qualcomm Innovation Center (QuIC) init scripts in Code Aurora Forum (CAF) releases of Android 4.1.x through 4.4.x allow local users to modify file metadata via a symlink attack on a file accessed by a (1) chown or (2) chmod command, as demonstrated by changing the permissions of an arbitrary file via an attack on the sensor-settings file.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cve@mitre.org — https://www.codeaurora.org/projects/security-advisories/insecure-owner-permission-changes-init-shell-scripts-cve-2013-6124

References

https://www.codeaurora.org/projects/security-advisories/insecure-owner-permission-changes-init-shell-scripts-cve-2013-6124
https://www.codeaurora.org/projects/security-advisories/insecure-owner-permission-changes-init-shell-scripts-cve-2013-6124

CWEs

CWE-59

Verify integrity in audit chain (admin only). AS-IS.