Race condition in Samsung Mobile

#VU38609 Race condition in Samsung Mobile

Published: 2020-08-09

Vulnerability identifier: #VU38609

Vulnerability risk: Low

CVSSv3.1: 6.3 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:P/RL:O/RC:C]

CVE-ID: CVE-2015-7891

CWE-ID: CWE-362

Exploitation vector: Local

Exploit availability: Yes

Vulnerable software:
Samsung Mobile
Mobile applications / Mobile firmware & hardware

Vendor: Samsung

Description

The vulnerability allows a local authenticated user to execute arbitrary code.

Race condition in the ioctl implementation in the Samsung Graphics 2D driver (aka /dev/fimg2d) in Samsung devices with Android L(5.0/5.1) allows local users to trigger memory errors by leveraging definition of g2d_lock and g2d_unlock lock macros as no-ops, aka SVE-2015-4598.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Samsung Mobile: 5.0 - 5.1

External links
http://packetstormsecurity.com/files/134107/Samsung-Fimg2d-FIMG2D_BITBLT_BLIT-Ioctl-Concurrency-Flaw.html
http://security.samsungmobile.com/smrupdate.html#SMR-OCT-2015
http://www.securityfocus.com/bid/77335
http://bugs.chromium.org/p/project-zero/issues/detail?id=492
http://www.exploit-db.com/exploits/38557/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Samsung Mobile