Samsung SystemUI fimg2d Null Pointer Dereference

2016.09.09

Credit: Cheetah Mobile

Risk: Medium

Local: No

Remote: Yes

CVE: SVE-2016-6248

CWE: CWE-476

Hi,

Description of the potential vulnerability:
SVE-2016-6248: SystemUI Security issue
Severity: Medium
Affected versions: L(5.0/5.1), M(6.0) devices with Exynos7420 chipset
Reported on: June 7, 2016
Disclosure status: Privately disclosed.
The vulnerability exists due to a null pointer dereference on fimg2d driver.
The patch verifies if the object is null before dereferencing it.

Fix:
http://security.samsungmobile.com/smrupdate.html#SMR-SEP-2016
SVE-2016-6248: SystemUI Security issue

I report this to samsung, samsung reply to us if I want to get CVE request
it by ourself.

Best regards,
Zhaozhanpeng(0xr0ot) of Cheetah Mobile.

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Samsung SystemUI fimg2d Null Pointer Dereference

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.