CVE-2016-9279 - Use-after-free vulnerability in the Samsung Exynos fimg2d driver for Android with Exynos 5433, 54xx,

CVE-2016-9279

Summary

Use-after-free vulnerability in the Samsung Exynos fimg2d driver for Android with Exynos 5433, 54xx, or 7420 chipsets allows attackers to obtain sensitive information via unspecified vectors. The Samsung ID is SVE-2016-6853.

References

http://security.samsungmobile.com/smrupdate.html#SMR-NOV-2016
http://www.openwall.com/lists/oss-security/2016/11/09/3
http://www.openwall.com/lists/oss-security/2016/11/11/11
http://www.securityfocus.com/bid/94283

Vulnerable Configurations

cpe:2.3:a:samsung:exynos_fimg2d_driver:-:*:*:*:*:*:*:*
cpe:2.3:a:samsung:exynos_fimg2d_driver:-:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 25-04-2017 - 01:59)
Impact:
Exploitability:

CWE

CWE-416

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	NONE	NONE

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:N/A:N

refmap via4

bid	94283
confirm	http://security.samsungmobile.com/smrupdate.html#SMR-NOV-2016
mlist	[oss-security] 20161109 CVE Request - Samsung Exynos fimg2d Multiple Issues [oss-security] 20161111 Re: CVE Request - Samsung Exynos fimg2d Multiple Issues

Last major update

25-04-2017 - 01:59

Published

18-01-2017 - 17:59

Last modified

25-04-2017 - 01:59