CVE-2016-4038
https://notcve.org/view.php?id=CVE-2016-4038
Array index error in the msm_sensor_config function in kernel/SM-G9008V_CHN_KK_Opensource/Kernel/drivers/media/platform/msm/camera_v2/sensor/msm_sensor.c in Samsung devices with Android KK(4.4) or L and an APQ8084, MSM8974, or MSM8974pro chipset allows local users to have unspecified impact via the gpio_config.gpio_name value. Error de índice de array en la función msm_sensor_config en kernel/SM-G9008V_CHN_KK_Opensource/Kernel/drivers/media/platform/msm/camera_v2/sensor/msm_sensor.c en dispositivos Samsung con Android KK(4.4) o L y un chipset APQ8084, MSM8974 o MSM8974pro permite a usuarios locales tener impacto no especificado a través del valor gpio_config.gpio_name. • http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2016 http://www.openwall.com/lists/oss-security/2016/04/17/2 http://www.openwall.com/lists/oss-security/2016/04/18/8 • CWE-20: Improper Input Validation •
CVE-2017-5351
https://notcve.org/view.php?id=CVE-2017-5351
Samsung Note devices with KK(4.4), L(5.0/5.1), and M(6.0) software allow attackers to crash the system by creating an arbitrarily large number of active VR service threads. The Samsung ID is SVE-2016-7650. Dispositivos Samsung Note con software KK(4.4), L(5.0/5.1) y M(6.0) permiten a atacantes bloquear el sistema mediante la creación arbitraria de un gran número de hilos VR de servicio activos. El ID de Samsung es SVE-2016-7650. • http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2017 http://www.securityfocus.com/bid/95418 • CWE-400: Uncontrolled Resource Consumption •
CVE-2017-5350
https://notcve.org/view.php?id=CVE-2017-5350
Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allow attackers to crash systemUI by leveraging incomplete exception handling. The Samsung ID is SVE-2016-7122. Dispositivos Samsung Note con software L(5.0/5.1), M(6.0) y N(7.0) permiten a atacantes bloquear systemUI aprovechando un manejo de excepciones incompleto. El ID de Samsung es SVE-2016-7122. • http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2017 http://www.securityfocus.com/bid/95424 •
CVE-2017-5217
https://notcve.org/view.php?id=CVE-2017-5217
Installing a zero-permission Android application on certain Samsung Android devices with KK(4.4), L(5.0/5.1), and M(6.0) software can continually crash the system_server process in the Android OS. The zero-permission app will create an active install session for a separate app that it has embedded within it. The active install session of the embedded app is performed using the android.content.pm.PackageInstaller class and its nested classes in the Android API. The active install session will write the embedded APK file to the /data/app directory, but the app will not be installed since third-party applications cannot programmatically install apps. Samsung has modified AOSP in order to accelerate the parsing of APKs by introducing the com.android.server.pm.PackagePrefetcher class and its nested classes. • http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2017 http://www.securityfocus.com/bid/95319 • CWE-20: Improper Input Validation CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2016-9967
https://notcve.org/view.php?id=CVE-2016-9967
Lack of appropriate exception handling in some receivers of the Telecom application on Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allows attackers to crash the system easily resulting in a possible DoS attack, or possibly gain privileges. The Samsung ID is SVE-2016-7121. Falta de manejo de excepciones apropiado en algunos receptores de la aplicación Telecom en dispositivos Samsung Note con software L(5.0/5.1), M(6.0) y N(7.0) permite a atacantes bloquear el sistema fácilmente resultando en un posible ataque DoS, o posiblemente obtener privilegios. El ID de Samsung es SVE-2016-7121. • http://security.samsungmobile.com/smrupdate.html#SMR-DEC-2016 http://www.securityfocus.com/bid/94955 • CWE-388: 7PK - Errors •