Samsung Mobile vulnerabilities

CVE-2018-10751 [MEDIUM] CWE-190 CVE-2018-10751: A malformed OMACP WAP push message can cause memory corruption on a Samsung S7 Edge device when proc A malformed OMACP WAP push message can cause memory corruption on a Samsung S7 Edge device when processing the String Extension portion of the WbXml payload. This is due to an integer overflow in memory allocation for this string. The Samsung ID is SVE-2018-11463.

CVE-2018-9143 [CRITICAL] CWE-787 CVE-2018-9143: On Samsung mobile devices with M(6.0) and N(7.x) software, a heap overflow in the sensorhub binder s On Samsung mobile devices with M(6.0) and N(7.x) software, a heap overflow in the sensorhub binder service leads to code execution in a privileged process, aka SVE-2017-10991.

CVE-2018-9139 [CRITICAL] CWE-119 CVE-2018-9139: On Samsung mobile devices with N(7.x) software, a buffer overflow in the vision service allows code On Samsung mobile devices with N(7.x) software, a buffer overflow in the vision service allows code execution in a privileged process via a large frame size, aka SVE-2017-11165.

CVE-2018-9142 [HIGH] CWE-20 CVE-2018-9142: On Samsung mobile devices with N(7.x) software, attackers can install an arbitrary APK in the Secure On Samsung mobile devices with N(7.x) software, attackers can install an arbitrary APK in the Secure Folder SD Card area because of faulty validation of a package signature and package name, aka SVE-2017-10932.

CVE-2018-9141 [HIGH] CWE-20 CVE-2018-9141: On Samsung mobile devices with L(5.x), M(6.0), and N(7.x) software, Gallery allows remote attackers On Samsung mobile devices with L(5.x), M(6.0), and N(7.x) software, Gallery allows remote attackers to execute arbitrary code via a BMP file with a crafted resolution, aka SVE-2017-11105.

CVE-2018-9140 [MEDIUM] CWE-79 CVE-2018-9140: On Samsung mobile devices with M(6.0) software, the Email application allows XSS via an event attrib On Samsung mobile devices with M(6.0) software, the Email application allows XSS via an event attribute and arbitrary file loading via a src attribute, aka SVE-2017-10747.

CVE-2018-5210 [HIGH] CWE-787 CVE-2018-5210: On Samsung mobile devices with N(7.x) software and Exynos chipsets, attackers can conduct a Trustlet On Samsung mobile devices with N(7.x) software and Exynos chipsets, attackers can conduct a Trustlet stack overflow attack for arbitrary TEE code execution, in conjunction with a brute-force attack to discover unlock information (PIN, password, or pattern). The Samsung ID is SVE-2017-10733.

CVE-2017-18020 [HIGH] CWE-20 CVE-2017-18020: On Samsung mobile devices with L(5.x), M(6.x), and N(7.x) software and Exynos chipsets, attackers ca On Samsung mobile devices with L(5.x), M(6.x), and N(7.x) software and Exynos chipsets, attackers can execute arbitrary code in the bootloader because S Boot omits a size check during a copy of ramfs data to memory. The Samsung ID is SVE-2017-10598.

CVE-2015-7896 [MEDIUM] CWE-119 CVE-2015-7896: LibQJpeg in the Samsung Galaxy S6 before the October 2015 MR allows remote attackers to cause a deni LibQJpeg in the Samsung Galaxy S6 before the October 2015 MR allows remote attackers to cause a denial of service (memory corruption and SIGSEGV) via a crafted image file.

CVE-2015-7891 [HIGH] CWE-362 CVE-2015-7891: Race condition in the ioctl implementation in the Samsung Graphics 2D driver (aka /dev/fimg2d) in Sa Race condition in the ioctl implementation in the Samsung Graphics 2D driver (aka /dev/fimg2d) in Samsung devices with Android L(5.0/5.1) allows local users to trigger memory errors by leveraging definition of g2d_lock and g2d_unlock lock macros as no-ops, aka SVE-2015-4598.

CVE-2017-7978 [HIGH] CWE-200 CVE-2017-7978: Samsung Android devices with L(5.0/5.1), M(6.0), and N(7.x) software allow attackers to obtain sensi Samsung Android devices with L(5.0/5.1), M(6.0), and N(7.x) software allow attackers to obtain sensitive information by reading a world-readable log file after an unexpected reboot. The Samsung ID is SVE-2017-8290.

CVE-2017-5538 [CRITICAL] CWE-125 CVE-2017-5538: The kbase_dispatch function in arm/t7xx/r5p0/mali_kbase_core_linux.c in the GPU driver on Samsung de The kbase_dispatch function in arm/t7xx/r5p0/mali_kbase_core_linux.c in the GPU driver on Samsung devices with M(6.0) and N(7.0) software and Exynos AP chipsets allows attackers to have unspecified impact via unknown vectors, which trigger an out-of-bounds read, aka SVE-2016-6362.

CVE-2016-4547 [HIGH] CWE-20 CVE-2016-4547: Samsung devices with Android KK(4.4), L(5.0/5.1), or M(6.0) allow attackers to cause a denial of ser Samsung devices with Android KK(4.4), L(5.0/5.1), or M(6.0) allow attackers to cause a denial of service (system crash) via a crafted system call to TvoutService_C.

CVE-2016-4546 [MEDIUM] CWE-20 CVE-2016-4546: Samsung devices with Android KK(4.4) or L(5.0/5.1) allow local users to cause a denial of service (I Samsung devices with Android KK(4.4) or L(5.0/5.1) allow local users to cause a denial of service (IAndroidShm service crash) via crafted data in a service call.

CVE-2016-4038 [HIGH] CWE-20 CVE-2016-4038: Array index error in the msm_sensor_config function in kernel/SM-G9008V_CHN_KK_Opensource/Kernel/dri Array index error in the msm_sensor_config function in kernel/SM-G9008V_CHN_KK_Opensource/Kernel/drivers/media/platform/msm/camera_v2/sensor/msm_sensor.c in Samsung devices with Android KK(4.4) or L and an APQ8084, MSM8974, or MSM8974pro chipset allows local users to have unspecified impact via the gpio_config.gpio_name value.

CVE-2016-6527 [HIGH] CWE-264 CVE-2016-6527: The SmartCall Activity component in Telecom application on Samsung Note device L(5.0/5.1) and M(6.0) The SmartCall Activity component in Telecom application on Samsung Note device L(5.0/5.1) and M(6.0) allows attackers to cause a denial of service (crash and reboot) or possibly gain privileges via a malformed serializable object.

CVE-2016-6526 [HIGH] CWE-264 CVE-2016-6526: The SpamCall Activity component in Telecom application on Samsung Note device L(5.0/5.1) and M(6.0) The SpamCall Activity component in Telecom application on Samsung Note device L(5.0/5.1) and M(6.0) allows attackers to cause a denial of service (crash and reboot) or possibly gain privileges via a malformed serializable object.

CVE-2017-5350 [HIGH] CVE-2017-5350: Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allow attackers to crash systemUI Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allow attackers to crash systemUI by leveraging incomplete exception handling. The Samsung ID is SVE-2016-7122.

CVE-2017-5351 [HIGH] CWE-400 CVE-2017-5351: Samsung Note devices with KK(4.4), L(5.0/5.1), and M(6.0) software allow attackers to crash the syst Samsung Note devices with KK(4.4), L(5.0/5.1), and M(6.0) software allow attackers to crash the system by creating an arbitrarily large number of active VR service threads. The Samsung ID is SVE-2016-7650.

CVE-2017-5217 [MEDIUM] CWE-20 CVE-2017-5217: Installing a zero-permission Android application on certain Samsung Android devices with KK(4.4), L( Installing a zero-permission Android application on certain Samsung Android devices with KK(4.4), L(5.0/5.1), and M(6.0) software can continually crash the system_server process in the Android OS. The zero-permission app will create an active install session for a separate app that it has embedded within it. The active install session of the embedded a