CVSS: 10.0EPSS: 0%CPEs: 1EXPL: 0CVE-2020-10835
https://notcve.org/view.php?id=CVE-2020-10835
An issue was discovered on Samsung mobile devices with any (before February 2020 for Exynos modem chipsets) software. There is a buffer overflow in baseband CP message decoding. The Samsung IDs are SVE-2019-15816 and SVE-2019-15817 (February 2020). Se detectó un problema en dispositivos móviles Samsung con cualquier versión de software (antes de Febrero de 2020 para chipsets del módem Exynos). Se presenta un desbordamiento del búfer en la decodificación de mensajes CP de la banda base. • https://security.samsungmobile.com/securityUpdate.smsb • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 9.3EPSS: 0%CPEs: 6EXPL: 0CVE-2020-10255
https://notcve.org/view.php?id=CVE-2020-10255
Modern DRAM chips (DDR4 and LPDDR4 after 2015) are affected by a vulnerability in deployment of internal mitigations against RowHammer attacks known as Target Row Refresh (TRR), aka the TRRespass issue. To exploit this vulnerability, the attacker needs to create certain access patterns to trigger bit flips on affected memory modules, aka a Many-sided RowHammer attack. This means that, even when chips advertised as RowHammer-free are used, attackers may still be able to conduct privilege-escalation attacks against the kernel, conduct privilege-escalation attacks against the Sudo binary, and achieve cross-tenant virtual-machine access by corrupting RSA keys. The issue affects chips produced by SK Hynix, Micron, and Samsung. NOTE: tracking DRAM supply-chain issues is not straightforward because a single product model from a single vendor may use DRAM chips from different manufacturers. • https://download.vusec.net/papers/trrespass_sp20.pdf https://github.com/vusec/trrespass https://thehackernews.com/2020/03/rowhammer-vulnerability-ddr4-dram.html https://twitter.com/antumbral/status/1237425959407513600 https://twitter.com/vu5ec/status/1237399112590467072 https://www.vusec.net/projects/trrespass • CWE-20: Improper Input Validation •
CVSS: 8.0EPSS: 0%CPEs: 5EXPL: 0CVE-2020-8860 – Samsung Galaxy S10 Call Control Setup Stack-based Buffer Overflow Remote Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2020-8860
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Samsung Galaxy S10 Firmware G973FXXS3ASJA, O(8.x), P(9.0), Q(10.0) devices with Exynos chipsets. User interaction is required to exploit this vulnerability in that the target must answer a phone call. The specific flaw exists within the Call Control Setup messages. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length, stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the baseband processor. • https://security.samsungmobile.com/securityUpdate.smsb https://www.zerodayinitiative.com/advisories/ZDI-20-255 • CWE-121: Stack-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 10.0EPSS: 1%CPEs: 2EXPL: 1CVE-2019-20451
https://notcve.org/view.php?id=CVE-2019-20451
The HTTP API in Prismview System 9 11.10.17.00 and Prismview Player 11 13.09.1100 allows remote code execution by uploading RebootSystem.lnk and requesting /REBOOTSYSTEM or /RESTARTVNC. (Authentication is required but an XML file containing credentials can be downloaded.) La API HTTP en Prismview System versión 9 11.10.17.00 y Prismview Player versión 11 13.09.1100, permite una ejecución de código remota cargando RebootSystem.lnk y solicitando /REBOOTSYSTEM o /RESTARTVNC. (Una autenticación es requerida, pero un archivo XML que contiene credenciales puede ser descargado). • https://www.exploit-db.com/papers/47535 • CWE-434: Unrestricted Upload of File with Dangerous Type •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 1CVE-2019-19273
https://notcve.org/view.php?id=CVE-2019-19273
On Samsung mobile devices with O(8.0) and P(9.0) software and an Exynos 8895 chipset, RKP (aka the Samsung Hypervisor EL2 implementation) allows arbitrary memory write operations. The Samsung ID is SVE-2019-16265. En dispositivos móviles Samsung con versiones de software O(8.0) y P(9.0) y un chipset Exynos versión 8895, RKP (también se conoce como la implementación Samsung Hypervisor EL2) permite operaciones de escritura de memoria arbitrarias. El ID de Samsung es SVE-2019-16265. • https://census-labs.com/news/2020/10/08/samsung-hypervisor-rkp-arbitrary-zero-write https://security.samsungmobile.com/securityUpdate.smsb • CWE-787: Out-of-bounds Write •