CVE-2015-7896 – Samsung Galaxy S6 - libQjpeg DoIntegralUpsample Crash
https://notcve.org/view.php?id=CVE-2015-7896
LibQJpeg in the Samsung Galaxy S6 before the October 2015 MR allows remote attackers to cause a denial of service (memory corruption and SIGSEGV) via a crafted image file. LibQJpeg en el Samsung Galaxy S6 anterior al MR de octubre de 2015 permite que atacantes remotos provoquen una denegación de servicio (corrupción de memoria y SIGSEGV) mediante un archivo de imagen manipulado. • https://www.exploit-db.com/exploits/38612 http://packetstormsecurity.com/files/134198/Samsung-Galaxy-S6-LibQjpeg-DoIntegralUpsample-Crash.html http://www.securityfocus.com/bid/77425 https://bugs.chromium.org/p/project-zero/issues/detail?id=498&redir=1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2015-7891 – Samsung fimg2d - FIMG2D_BITBLT_BLIT ioctl Concurrency Flaw
https://notcve.org/view.php?id=CVE-2015-7891
Race condition in the ioctl implementation in the Samsung Graphics 2D driver (aka /dev/fimg2d) in Samsung devices with Android L(5.0/5.1) allows local users to trigger memory errors by leveraging definition of g2d_lock and g2d_unlock lock macros as no-ops, aka SVE-2015-4598. Una condición de carrera en la implementación ioctl en Samsung Graphics 2D Driver, también conocido como /dev/fimg2d, en dispositivos Samsung con Android L(5.0/5.1) permite que usuarios locales provoquen errores de memoria aprovechando la definición de las macros de bloqueo g2d_lock y g2d_unlock como no operativas o SVE-2015-4598. The Samsung Graphics 2D driver (/dev/fimg2d) is accessible by unprivileged users/applications. It was found that the ioctl implementation for this driver contains a locking error which can lead to memory errors (such as use-after-free) due to a race condition. • https://www.exploit-db.com/exploits/38557 http://packetstormsecurity.com/files/134107/Samsung-Fimg2d-FIMG2D_BITBLT_BLIT-Ioctl-Concurrency-Flaw.html http://security.samsungmobile.com/smrupdate.html#SMR-OCT-2015 http://www.securityfocus.com/bid/77335 https://bugs.chromium.org/p/project-zero/issues/detail?id=492 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •