CVE-2012-6422

Severity Score

9.3

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The kernel in Samsung Galaxy S2, Galaxy Note 2, MEIZU MX, and possibly other Android devices, when running an Exynos 4210 or 4412 processor, uses weak permissions (0666) for /dev/exynos-mem, which allows attackers to read or write arbitrary physical memory and gain privileges via a crafted application, as demonstrated by ExynosAbuse.

El núcleo en Samsung S2 Galaxy, Galaxy Note 2, Meizu MX, y posiblemente en otros dispositivos Android, cuando se ejecuta un procesador Exynos 4210 o 4412, utiliza permisos débiles (0666) para /dev/exynos-mem, que permite a los atacantes leer o escribir en la memoria física arbitraria y obtener privilegios a través de una aplicación manipulada, como se demuestra por ExynosAbuse.

*Credits: N/A

CVSS Scores

NISTv2 9.3

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2012-12-17 CVE Reserved
2012-12-18 CVE Published
2024-09-16 CVE Updated
2024-09-16 First Exploit
2024-09-17 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-264: Permissions, Privileges, and Access Controls

CAPEC

References (7)

URL	Tag	Source
http://arstechnica.com/security/2012/12/developer-warns-of-critical-vulnerability-in-many-samsung-smartphones	X_refsource_misc
http://forum.xda-developers.com/showthread.php?t=2051290	X_refsource_misc
http://osvdb.org/88467	Vdb Entry
http://project-voodoo.org/articles/instant-fix-app-for-exynos-mem-abuse-vulnerability-no-root-required-reversible	X_refsource_misc
http://www.sammobile.com/2012/12/16/major-vulnerability-found-on-exynos-4-devices	X_refsource_misc
http://www.securityweek.com/new-vulnerability-exposed-samsungs-android-devices	X_refsource_misc

URL	Date	SRC
http://forum.xda-developers.com/showthread.php?p=35469999	2024-09-16

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Meizu Search vendor "Meizu"		Mx Search vendor "Meizu" for product "Mx"				-		-		Affected
Samsung Search vendor "Samsung"		Galaxy Note 2 Search vendor "Samsung" for product "Galaxy Note 2"				-		-		Affected
Samsung Search vendor "Samsung"		Galaxy S2 Search vendor "Samsung" for product "Galaxy S2"				-		-		Affected