[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FD] CVE request - Samsumg Mobile Phone SVE-2016-6248: SystemUI Security issue

To: cve-assign@xxxxxxxxx, oss-security@xxxxxxxxxxxxxxxxxx, fulldisclosure@xxxxxxxxxxxx
Subject: [FD] CVE request - Samsumg Mobile Phone SVE-2016-6248: SystemUI Security issue
From: 0xr0ot <0xr0ot.sec@xxxxxxxxx>
Date: Thu, 8 Sep 2016 11:17:34 +0800

Hi,

Description of the potential vulnerability:
SVE-2016-6248: SystemUI Security issue
Severity: Medium
Affected versions: L(5.0/5.1), M(6.0) devices with Exynos7420 chipset
Reported on: June 7, 2016
Disclosure status: Privately disclosed.
The vulnerability exists due to a null pointer dereference on fimg2d driver.
The patch verifies if the object is null before dereferencing it.

Fix:
http://security.samsungmobile.com/smrupdate.html#SMR-SEP-2016
SVE-2016-6248: SystemUI Security issue

I report this to samsung, samsung reply to us if I want to get CVE request
it by ourself.

Best regards,
Zhaozhanpeng(0xr0ot) of Cheetah Mobile.

_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Prev by Date: [FD] CVE-2016-4264 Adobe ColdFusion <= 11 XXE Vulnerability
Next by Date: [FD] AST-2016-006: Crash on ACK from unknown endpoint
Previous by thread: [FD] CVE-2016-4264 Adobe ColdFusion <= 11 XXE Vulnerability
Next by thread: [FD] AST-2016-006: Crash on ACK from unknown endpoint
Index(es):
- Date
- Thread