All the vulnerabilites related to samsung - galaxy_s2
cve-2012-6422
Vulnerability from cvelistv5
Published
2012-12-18 00:00
Modified
2024-09-16 19:15
Severity ?
EPSS score ?
Summary
The kernel in Samsung Galaxy S2, Galaxy Note 2, MEIZU MX, and possibly other Android devices, when running an Exynos 4210 or 4412 processor, uses weak permissions (0666) for /dev/exynos-mem, which allows attackers to read or write arbitrary physical memory and gain privileges via a crafted application, as demonstrated by ExynosAbuse.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.securityweek.com/new-vulnerability-exposed-samsungs-android-devices | x_refsource_MISC | |
| http://project-voodoo.org/articles/instant-fix-app-for-exynos-mem-abuse-vulnerability-no-root-required-reversible | x_refsource_MISC | |
| http://forum.xda-developers.com/showthread.php?p=35469999 | x_refsource_MISC | |
| http://arstechnica.com/security/2012/12/developer-warns-of-critical-vulnerability-in-many-samsung-smartphones/ | x_refsource_MISC | |
| http://forum.xda-developers.com/showthread.php?t=2051290 | x_refsource_MISC | |
| http://www.sammobile.com/2012/12/16/major-vulnerability-found-on-exynos-4-devices/ | x_refsource_MISC | |
| http://osvdb.org/88467 | vdb-entry, x_refsource_OSVDB |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:28:39.788Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityweek.com/new-vulnerability-exposed-samsungs-android-devices"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://project-voodoo.org/articles/instant-fix-app-for-exynos-mem-abuse-vulnerability-no-root-required-reversible"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://forum.xda-developers.com/showthread.php?p=35469999"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://arstechnica.com/security/2012/12/developer-warns-of-critical-vulnerability-in-many-samsung-smartphones/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://forum.xda-developers.com/showthread.php?t=2051290"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.sammobile.com/2012/12/16/major-vulnerability-found-on-exynos-4-devices/"
},
{
"name": "88467",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/88467"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The kernel in Samsung Galaxy S2, Galaxy Note 2, MEIZU MX, and possibly other Android devices, when running an Exynos 4210 or 4412 processor, uses weak permissions (0666) for /dev/exynos-mem, which allows attackers to read or write arbitrary physical memory and gain privileges via a crafted application, as demonstrated by ExynosAbuse."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-12-18T00:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityweek.com/new-vulnerability-exposed-samsungs-android-devices"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://project-voodoo.org/articles/instant-fix-app-for-exynos-mem-abuse-vulnerability-no-root-required-reversible"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://forum.xda-developers.com/showthread.php?p=35469999"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://arstechnica.com/security/2012/12/developer-warns-of-critical-vulnerability-in-many-samsung-smartphones/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://forum.xda-developers.com/showthread.php?t=2051290"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.sammobile.com/2012/12/16/major-vulnerability-found-on-exynos-4-devices/"
},
{
"name": "88467",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/88467"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6422",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The kernel in Samsung Galaxy S2, Galaxy Note 2, MEIZU MX, and possibly other Android devices, when running an Exynos 4210 or 4412 processor, uses weak permissions (0666) for /dev/exynos-mem, which allows attackers to read or write arbitrary physical memory and gain privileges via a crafted application, as demonstrated by ExynosAbuse."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.securityweek.com/new-vulnerability-exposed-samsungs-android-devices",
"refsource": "MISC",
"url": "http://www.securityweek.com/new-vulnerability-exposed-samsungs-android-devices"
},
{
"name": "http://project-voodoo.org/articles/instant-fix-app-for-exynos-mem-abuse-vulnerability-no-root-required-reversible",
"refsource": "MISC",
"url": "http://project-voodoo.org/articles/instant-fix-app-for-exynos-mem-abuse-vulnerability-no-root-required-reversible"
},
{
"name": "http://forum.xda-developers.com/showthread.php?p=35469999",
"refsource": "MISC",
"url": "http://forum.xda-developers.com/showthread.php?p=35469999"
},
{
"name": "http://arstechnica.com/security/2012/12/developer-warns-of-critical-vulnerability-in-many-samsung-smartphones/",
"refsource": "MISC",
"url": "http://arstechnica.com/security/2012/12/developer-warns-of-critical-vulnerability-in-many-samsung-smartphones/"
},
{
"name": "http://forum.xda-developers.com/showthread.php?t=2051290",
"refsource": "MISC",
"url": "http://forum.xda-developers.com/showthread.php?t=2051290"
},
{
"name": "http://www.sammobile.com/2012/12/16/major-vulnerability-found-on-exynos-4-devices/",
"refsource": "MISC",
"url": "http://www.sammobile.com/2012/12/16/major-vulnerability-found-on-exynos-4-devices/"
},
{
"name": "88467",
"refsource": "OSVDB",
"url": "http://osvdb.org/88467"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-6422",
"datePublished": "2012-12-18T00:00:00Z",
"dateReserved": "2012-12-17T00:00:00Z",
"dateUpdated": "2024-09-16T19:15:58.524Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-6334
Vulnerability from cvelistv5
Published
2012-12-31 11:00
Modified
2024-09-16 17:28
Severity ?
EPSS score ?
Summary
The Track My Mobile feature in the SamsungDive subsystem for Android on Samsung Galaxy devices does not properly implement Location APIs, which allows physically proximate attackers to provide arbitrary location data via a "commonly available simple GPS location spoofer."
References
| ▼ | URL | Tags |
|---|---|---|
| http://thehackernews.com/2012/12/manufacture-based-gps-tracking-services.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:28:39.416Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://thehackernews.com/2012/12/manufacture-based-gps-tracking-services.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Track My Mobile feature in the SamsungDive subsystem for Android on Samsung Galaxy devices does not properly implement Location APIs, which allows physically proximate attackers to provide arbitrary location data via a \"commonly available simple GPS location spoofer.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-12-31T11:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://thehackernews.com/2012/12/manufacture-based-gps-tracking-services.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6334",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Track My Mobile feature in the SamsungDive subsystem for Android on Samsung Galaxy devices does not properly implement Location APIs, which allows physically proximate attackers to provide arbitrary location data via a \"commonly available simple GPS location spoofer.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://thehackernews.com/2012/12/manufacture-based-gps-tracking-services.html",
"refsource": "MISC",
"url": "http://thehackernews.com/2012/12/manufacture-based-gps-tracking-services.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-6334",
"datePublished": "2012-12-31T11:00:00Z",
"dateReserved": "2012-12-13T00:00:00Z",
"dateUpdated": "2024-09-16T17:28:53.097Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2012-6337
Vulnerability from cvelistv5
Published
2012-12-31 11:00
Modified
2024-09-16 23:30
Severity ?
EPSS score ?
Summary
The Track My Mobile feature in the SamsungDive subsystem for Android on Samsung Galaxy devices shows the activation of remote tracking, which might allow physically proximate attackers to defeat a product-recovery effort by tampering with this feature or its location data.
References
| ▼ | URL | Tags |
|---|---|---|
| http://thehackernews.com/2012/12/manufacture-based-gps-tracking-services.html | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:28:39.586Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://thehackernews.com/2012/12/manufacture-based-gps-tracking-services.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The Track My Mobile feature in the SamsungDive subsystem for Android on Samsung Galaxy devices shows the activation of remote tracking, which might allow physically proximate attackers to defeat a product-recovery effort by tampering with this feature or its location data."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-12-31T11:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://thehackernews.com/2012/12/manufacture-based-gps-tracking-services.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2012-6337",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Track My Mobile feature in the SamsungDive subsystem for Android on Samsung Galaxy devices shows the activation of remote tracking, which might allow physically proximate attackers to defeat a product-recovery effort by tampering with this feature or its location data."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://thehackernews.com/2012/12/manufacture-based-gps-tracking-services.html",
"refsource": "MISC",
"url": "http://thehackernews.com/2012/12/manufacture-based-gps-tracking-services.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2012-6337",
"datePublished": "2012-12-31T11:00:00Z",
"dateReserved": "2012-12-13T00:00:00Z",
"dateUpdated": "2024-09-16T23:30:49.095Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2012-12-31 11:50
Modified
2024-11-21 01:46
Severity ?
Summary
The Track My Mobile feature in the SamsungDive subsystem for Android on Samsung Galaxy devices does not properly implement Location APIs, which allows physically proximate attackers to provide arbitrary location data via a "commonly available simple GPS location spoofer."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| samsung | samsungdive | - | |
| samsung | galaxy_note_2 | - | |
| samsung | galaxy_s | - | |
| samsung | galaxy_s2 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:samsung:samsungdive:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1A2FC077-4D6C-4342-9B7F-FE2AC47F736A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:samsung:galaxy_note_2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C11A19CD-FAFE-45ED-A24C-72642C3ED565",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:samsung:galaxy_s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A60CAD7B-6A6C-4627-B999-AA442F210486",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:samsung:galaxy_s2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "27B05798-6E5E-4DCD-810E-680DEB3BDE97",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Track My Mobile feature in the SamsungDive subsystem for Android on Samsung Galaxy devices does not properly implement Location APIs, which allows physically proximate attackers to provide arbitrary location data via a \"commonly available simple GPS location spoofer.\""
},
{
"lang": "es",
"value": "La funci\u00f3n \"Track My Mobile\" en el subsistema SamsungDive para Android en los dispositivos Samsung Galaxy no implementa correctamente las APIs de localizaci\u00f3n, lo que permite a atacantes f\u00edsicamente pr\u00f3ximos proporcionar datos de localizaci\u00f3n de su elecci\u00f3n a trav\u00e9s de un \"sencillo spoofer de localizaci\u00f3n GPS com\u00fanmente disponible.\"\r\n"
}
],
"id": "CVE-2012-6334",
"lastModified": "2024-11-21T01:46:01.567",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.9,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:A/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 5.5,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-12-31T11:50:28.047",
"references": [
{
"source": "cve@mitre.org",
"url": "http://thehackernews.com/2012/12/manufacture-based-gps-tracking-services.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://thehackernews.com/2012/12/manufacture-based-gps-tracking-services.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-12-31 11:50
Modified
2024-11-21 01:46
Severity ?
Summary
The Track My Mobile feature in the SamsungDive subsystem for Android on Samsung Galaxy devices shows the activation of remote tracking, which might allow physically proximate attackers to defeat a product-recovery effort by tampering with this feature or its location data.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| samsung | samsungdive | - | |
| samsung | galaxy_note_2 | - | |
| samsung | galaxy_s | - | |
| samsung | galaxy_s2 | - |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:samsung:samsungdive:-:*:*:*:*:*:*:*",
"matchCriteriaId": "1A2FC077-4D6C-4342-9B7F-FE2AC47F736A",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:samsung:galaxy_note_2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C11A19CD-FAFE-45ED-A24C-72642C3ED565",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:samsung:galaxy_s:-:*:*:*:*:*:*:*",
"matchCriteriaId": "A60CAD7B-6A6C-4627-B999-AA442F210486",
"vulnerable": false
},
{
"criteria": "cpe:2.3:h:samsung:galaxy_s2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "27B05798-6E5E-4DCD-810E-680DEB3BDE97",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Track My Mobile feature in the SamsungDive subsystem for Android on Samsung Galaxy devices shows the activation of remote tracking, which might allow physically proximate attackers to defeat a product-recovery effort by tampering with this feature or its location data."
},
{
"lang": "es",
"value": "La funcionalidad Track My Mobile en el subsistema SamsungDive para Android en dispositivos Samsung Galaxy muestra la activaci\u00f3n de seguimiento a distancia, lo que podr\u00eda permitir a los atacantes f\u00edsicamente pr\u00f3ximos a vencer a un esfuerzo de recuperaci\u00f3n de producto mediante la manipulaci\u00f3n de esta funci\u00f3n o sus datos de localizaci\u00f3n."
}
],
"id": "CVE-2012-6337",
"lastModified": "2024-11-21T01:46:01.960",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "ADJACENT_NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 3.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:A/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 6.5,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2012-12-31T11:50:28.237",
"references": [
{
"source": "cve@mitre.org",
"url": "http://thehackernews.com/2012/12/manufacture-based-gps-tracking-services.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://thehackernews.com/2012/12/manufacture-based-gps-tracking-services.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-200"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2012-12-18 00:55
Modified
2024-11-21 01:46
Severity ?
Summary
The kernel in Samsung Galaxy S2, Galaxy Note 2, MEIZU MX, and possibly other Android devices, when running an Exynos 4210 or 4412 processor, uses weak permissions (0666) for /dev/exynos-mem, which allows attackers to read or write arbitrary physical memory and gain privileges via a crafted application, as demonstrated by ExynosAbuse.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:h:meizu:mx:-:*:*:*:*:*:*:*",
"matchCriteriaId": "8EBFA2B5-7276-4C8C-A2B2-FDD69CFBD623",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:samsung:galaxy_note_2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "C11A19CD-FAFE-45ED-A24C-72642C3ED565",
"vulnerable": true
},
{
"criteria": "cpe:2.3:h:samsung:galaxy_s2:-:*:*:*:*:*:*:*",
"matchCriteriaId": "27B05798-6E5E-4DCD-810E-680DEB3BDE97",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The kernel in Samsung Galaxy S2, Galaxy Note 2, MEIZU MX, and possibly other Android devices, when running an Exynos 4210 or 4412 processor, uses weak permissions (0666) for /dev/exynos-mem, which allows attackers to read or write arbitrary physical memory and gain privileges via a crafted application, as demonstrated by ExynosAbuse."
},
{
"lang": "es",
"value": "El n\u00facleo en Samsung S2 Galaxy, Galaxy Note 2, Meizu MX, y posiblemente en otros dispositivos Android, cuando se ejecuta un procesador Exynos 4210 o 4412, utiliza permisos d\u00e9biles (0666) para /dev/exynos-mem, que permite a los atacantes leer o escribir en la memoria f\u00edsica arbitraria y obtener privilegios a trav\u00e9s de una aplicaci\u00f3n manipulada, como se demuestra por ExynosAbuse."
}
],
"id": "CVE-2012-6422",
"lastModified": "2024-11-21T01:46:05.800",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2012-12-18T00:55:04.197",
"references": [
{
"source": "cve@mitre.org",
"url": "http://arstechnica.com/security/2012/12/developer-warns-of-critical-vulnerability-in-many-samsung-smartphones/"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://forum.xda-developers.com/showthread.php?p=35469999"
},
{
"source": "cve@mitre.org",
"url": "http://forum.xda-developers.com/showthread.php?t=2051290"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/88467"
},
{
"source": "cve@mitre.org",
"url": "http://project-voodoo.org/articles/instant-fix-app-for-exynos-mem-abuse-vulnerability-no-root-required-reversible"
},
{
"source": "cve@mitre.org",
"url": "http://www.sammobile.com/2012/12/16/major-vulnerability-found-on-exynos-4-devices/"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityweek.com/new-vulnerability-exposed-samsungs-android-devices"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://arstechnica.com/security/2012/12/developer-warns-of-critical-vulnerability-in-many-samsung-smartphones/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://forum.xda-developers.com/showthread.php?p=35469999"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://forum.xda-developers.com/showthread.php?t=2051290"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/88467"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://project-voodoo.org/articles/instant-fix-app-for-exynos-mem-abuse-vulnerability-no-root-required-reversible"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.sammobile.com/2012/12/16/major-vulnerability-found-on-exynos-4-devices/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityweek.com/new-vulnerability-exposed-samsungs-android-devices"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}