Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2012-6422

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2012-6422
Last Modified 21 Dec 2012 12:00:00
Published 17 Dec 2012 07:55:04
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2012-6422

Summary

The kernel in Samsung Galaxy S2, Galaxy Note 2, MEIZU MX, and possibly other Android devices, when running an Exynos 4210 or 4412 processor, uses weak permissions (0666) for /dev/exynos-mem, which allows attackers to read or write arbitrary physical memory and gain privileges via a crafted application, as demonstrated by ExynosAbuse.

Vulnerable Systems


References

MISC - http://www.securityweek.com/new-vulnerability-exposed-samsungs-android-devices

MISC - http://www.sammobile.com/2012/12/16/major-vulnerability-found-on-exynos-4-devices/

MISC - http://project-voodoo.org/articles/instant-fix-app-for-exynos-mem-abuse-vulnerability-no-root-required-reversible

OSVDB - 88467

MISC - http://forum.xda-developers.com/showthread.php?t=2051290

MISC - http://forum.xda-developers.com/showthread.php?p=35469999

MISC - http://arstechnica.com/security/2012/12/developer-warns-of-critical-vulnerability-in-many-samsung-smartphones/


Last Updated: 27 May 2016 11:01:28