6 results (0.006 seconds)

CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 0

Samsung devices with Android KK(4.4), L(5.0/5.1), or M(6.0) allow attackers to cause a denial of service (system crash) via a crafted system call to TvoutService_C. Los dispositivos Samsung con Android KK(4.4), L(5.0 / 5.1) o M(6.0) permiten a atacantes provocar una denegación de servicio (caída del sistema) a través de una llamada de sistema manipulada a TvoutService_C. • http://security.samsungmobile.com/smrupdate.html#SMR-FEB-2016 http://www.openwall.com/lists/oss-security/2016/05/06/2 • CWE-20: Improper Input Validation •

CVSS: 5.5EPSS: 0%CPEs: 3EXPL: 0

Samsung devices with Android KK(4.4) or L(5.0/5.1) allow local users to cause a denial of service (IAndroidShm service crash) via crafted data in a service call. Los dispositivos Samsung con Android KK(4.4) o L(5.0/5.1) permiten a usuarios locales provocar una denegación de servicio (caída del servicio IAndroidShm) a través de datos manipulados en una llamada de servicio. • http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2016 http://www.openwall.com/lists/oss-security/2016/05/06/1 • CWE-20: Improper Input Validation •

CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 0

Array index error in the msm_sensor_config function in kernel/SM-G9008V_CHN_KK_Opensource/Kernel/drivers/media/platform/msm/camera_v2/sensor/msm_sensor.c in Samsung devices with Android KK(4.4) or L and an APQ8084, MSM8974, or MSM8974pro chipset allows local users to have unspecified impact via the gpio_config.gpio_name value. Error de índice de array en la función msm_sensor_config en kernel/SM-G9008V_CHN_KK_Opensource/Kernel/drivers/media/platform/msm/camera_v2/sensor/msm_sensor.c en dispositivos Samsung con Android KK(4.4) o L y un chipset APQ8084, MSM8974 o MSM8974pro permite a usuarios locales tener impacto no especificado a través del valor gpio_config.gpio_name. • http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2016 http://www.openwall.com/lists/oss-security/2016/04/17/2 http://www.openwall.com/lists/oss-security/2016/04/18/8 • CWE-20: Improper Input Validation •

CVSS: 7.8EPSS: 0%CPEs: 4EXPL: 0

Samsung Note devices with KK(4.4), L(5.0/5.1), and M(6.0) software allow attackers to crash the system by creating an arbitrarily large number of active VR service threads. The Samsung ID is SVE-2016-7650. Dispositivos Samsung Note con software KK(4.4), L(5.0/5.1) y M(6.0) permiten a atacantes bloquear el sistema mediante la creación arbitraria de un gran número de hilos VR de servicio activos. El ID de Samsung es SVE-2016-7650. • http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2017 http://www.securityfocus.com/bid/95418 • CWE-400: Uncontrolled Resource Consumption •

CVSS: 7.1EPSS: 0%CPEs: 4EXPL: 0

Installing a zero-permission Android application on certain Samsung Android devices with KK(4.4), L(5.0/5.1), and M(6.0) software can continually crash the system_server process in the Android OS. The zero-permission app will create an active install session for a separate app that it has embedded within it. The active install session of the embedded app is performed using the android.content.pm.PackageInstaller class and its nested classes in the Android API. The active install session will write the embedded APK file to the /data/app directory, but the app will not be installed since third-party applications cannot programmatically install apps. Samsung has modified AOSP in order to accelerate the parsing of APKs by introducing the com.android.server.pm.PackagePrefetcher class and its nested classes. • http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2017 http://www.securityfocus.com/bid/95319 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •