Sign-up

ID

VAR-201212-0246


CVE

CVE-2012-6422


TITLE

Samsung GALAXY and Meizu MX Such Android Vulnerability to read arbitrary physical memory in device

Trust: 0.8

sources: JVNDB: JVNDB-2012-005729

DESCRIPTION

The kernel in Samsung Galaxy S2, Galaxy Note 2, MEIZU MX, and possibly other Android devices, when running an Exynos 4210 or 4412 processor, uses weak permissions (0666) for /dev/exynos-mem, which allows attackers to read or write arbitrary physical memory and gain privileges via a crafted application, as demonstrated by ExynosAbuse. Samsung Galaxy S II, Galaxy S III, Galaxy Note II, etc. are Samsung-issued smartphone devices. Because the system does not properly set the /dev/exynos-mem privilege (the default is any user globally readable and writable) and the device maps all current physical memory space, allowing local attackers to exploit the vulnerability to gain root privileges

Trust: 2.16

sources: NVD: CVE-2012-6422 // JVNDB: JVNDB-2012-005729 // CNVD: CNVD-2012-7515

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2012-7515

AFFECTED PRODUCTS

vendor:samsungmodel:galaxy s2scope:eqversion: -

Trust: 1.6

vendor:samsungmodel:galaxy note 2scope:eqversion: -

Trust: 1.6

vendor:meizumodel:mxscope:eqversion: -

Trust: 1.0

vendor:meizumodel:mxscope: - version: -

Trust: 0.8

vendor:samsungmodel:galaxy notescope: - version: -

Trust: 0.8

vendor:samsungmodel:galaxy sscope: - version: -

Trust: 0.8

vendor:samsungmodel:galaxy s iiiscope: - version: -

Trust: 0.6

vendor:samsungmodel:galaxy s iiscope: - version: -

Trust: 0.6

vendor:samsungmodel:galaxy note iiscope: - version: -

Trust: 0.6

vendor:meizumodel:mscope: - version: -

Trust: 0.6

sources: CNVD: CNVD-2012-7515 // JVNDB: JVNDB-2012-005729 // CNNVD: CNNVD-201212-232 // NVD: CVE-2012-6422

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2012-6422
value: HIGH

Trust: 1.0

NVD: CVE-2012-6422
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201212-232
value: CRITICAL

Trust: 0.6

nvd@nist.gov: CVE-2012-6422
severity: HIGH
baseScore: 9.3
vectorString: AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: COMPLETE
integrityImpact: COMPLETE
availabilityImpact: COMPLETE
exploitabilityScore: 8.6
impactScore: 10.0
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

sources: JVNDB: JVNDB-2012-005729 // CNNVD: CNNVD-201212-232 // NVD: CVE-2012-6422

PROBLEMTYPE DATA

problemtype:CWE-264

Trust: 1.8

sources: JVNDB: JVNDB-2012-005729 // NVD: CVE-2012-6422

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201212-232

TYPE

permissions and access control

Trust: 0.6

sources: CNNVD: CNNVD-201212-232

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2012-005729

PATCH
title:Top Pageurl:http://en.meizu.com/
Trust: 0.8
title:GALAXY Surl:http://www.samsung.com/jp/galaxys2/
Trust: 0.8
title:GALAXY Noteurl:http://www.samsung.com/jp/consumer/mobilephone/mobilephone/galaxy-note
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2012-005729

EXTERNAL IDS
db:NVDid:CVE-2012-6422
Trust: 3.0
db:OSVDBid:88467
Trust: 1.6
db:JVNDBid:JVNDB-2012-005729
Trust: 0.8
db:CNVDid:CNVD-2012-7515
Trust: 0.6
db:CNNVDid:CNNVD-201212-232
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2012-7515 // 
            
            
            
            JVNDB: JVNDB-2012-005729 // 
            
            
            
            CNNVD: CNNVD-201212-232 // 
            
            
            
            NVD: CVE-2012-6422

REFERENCES
url:http://www.securityweek.com/new-vulnerability-exposed-samsungs-android-devices
Trust: 1.6
url:http://www.sammobile.com/2012/12/16/major-vulnerability-found-on-exynos-4-devices/
Trust: 1.6
url:http://project-voodoo.org/articles/instant-fix-app-for-exynos-mem-abuse-vulnerability-no-root-required-reversible
Trust: 1.6
url:http://osvdb.org/88467
Trust: 1.6
url:http://forum.xda-developers.com/showthread.php?t=2051290
Trust: 1.6
url:http://forum.xda-developers.com/showthread.php?p=35469999
Trust: 1.6
url:http://arstechnica.com/security/2012/12/developer-warns-of-critical-vulnerability-in-many-samsung-smartphones/
Trust: 1.6
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-6422
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2012-6422
Trust: 0.8
url:http://forum.xda-developers.com/showthread.php?t=2048511
Trust: 0.6
sources:
            
            
            CNVD: CNVD-2012-7515 // 
            
            
            
            JVNDB: JVNDB-2012-005729 // 
            
            
            
            CNNVD: CNNVD-201212-232 // 
            
            
            
            NVD: CVE-2012-6422

SOURCES
db:CNVDid:CNVD-2012-7515
db:JVNDBid:JVNDB-2012-005729
db:CNNVDid:CNNVD-201212-232
db:NVDid:CVE-2012-6422

LAST UPDATE DATE
2024-11-23T22:49:35.726000+00:00

SOURCES UPDATE DATE
db:CNVDid:CNVD-2012-7515date:2012-12-19T00:00:00
db:JVNDBid:JVNDB-2012-005729date:2012-12-25T00:00:00
db:CNNVDid:CNNVD-201212-232date:2012-12-18T00:00:00
db:NVDid:CVE-2012-6422date:2024-11-21T01:46:05.800

SOURCES RELEASE DATE
db:CNVDid:CNVD-2012-7515date:2012-12-19T00:00:00
db:JVNDBid:JVNDB-2012-005729date:2012-12-19T00:00:00
db:CNNVDid:CNNVD-201212-232date:2012-12-18T00:00:00
db:NVDid:CVE-2012-6422date:2012-12-18T00:55:04.197