Details of VAR-201701-1095

ID

VAR-201701-1095

CVE

CVE-2016-9279

TITLE

Samsung Exynos With a specific chipset Android for Exynos fimg2d Vulnerabilities in which important information is obtained in drivers

Trust: 0.8

sources: JVNDB: JVNDB-2016-006970

DESCRIPTION

Use-after-free vulnerability in the Samsung Exynos fimg2d driver for Android with Exynos 5433, 54xx, or 7420 chipsets allows attackers to obtain sensitive information via unspecified vectors. The Samsung ID is SVE-2016-6853. Samsung MobilePhone is a smartphone released by South Korea's Samsung. An information disclosure vulnerability and a denial of service vulnerability exist in Samsung MobilePhone. An attacker could exploit these vulnerabilities to gain denial of service or access to unauthorized information

Trust: 2.43

sources: NVD: CVE-2016-9279 // JVNDB: JVNDB-2016-006970 // CNVD: CNVD-2016-11378 // BID: 94283

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2016-11378

AFFECTED PRODUCTS

vendor:	samsung	model:	exynos fimg2d driver	scope:	eq	version:	-	Trust: 1.6
vendor:	samsung	model:	exynos	scope:	eq	version:	5400	Trust: 0.9
vendor:	samsung	model:	exynos	scope:	eq	version:	5433	Trust: 0.9
vendor:	samsung	model:	exynos	scope:	eq	version:	7420	Trust: 0.9
vendor:	samsung	model:	exynos fimg2d driver	scope:	-	version:	-	Trust: 0.8
vendor:	samsung	model:	mobile	scope:	-	version:	-	Trust: 0.6
vendor:	samsung	model:	mobile	scope:	eq	version:	-	Trust: 0.3

sources: CNVD: CNVD-2016-11378 // BID: 94283 // JVNDB: JVNDB-2016-006970 // CNNVD: CNNVD-201611-372 // NVD: CVE-2016-9279

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-9279
value:	HIGH
Trust: 1.0
NVD:	CVE-2016-9279
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2016-11378
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-201611-372
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2016-9279
severity:	MEDIUM
baseScore:	5.0
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:N
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	10.0
impactScore:	2.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2016-11378
severity:	MEDIUM
baseScore:	6.4
vectorString:	AV:N/AC:L/AU:N/C:P/I:N/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	NONE
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	4.9
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2016-9279
baseSeverity:	HIGH
baseScore:	7.5
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	3.6
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2016-11378 // JVNDB: JVNDB-2016-006970 // CNNVD: CNNVD-201611-372 // NVD: CVE-2016-9279

PROBLEMTYPE DATA

problemtype:

CWE-416

Trust: 1.8

sources: JVNDB: JVNDB-2016-006970 // NVD: CVE-2016-9279

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201611-372

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201611-372

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-006970

PATCH

title:	SMR-NOV-2016 (SVE-2016-6853: Use After Free in /dev/fimg2d)	url:	http://security.samsungmobile.com/smrupdate.html#SMR-NOV-2016	Trust: 0.8
title:	Samsung MobilePhones has multiple bugs (CNVD-2016-11378) patch	url:	https://www.cnvd.org.cn/patchInfo/show/84149	Trust: 0.6
title:	Samsung Mobile Phone Fixes for information disclosure vulnerabilities and denial of service vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=65731	Trust: 0.6

sources: CNVD: CNVD-2016-11378 // JVNDB: JVNDB-2016-006970 // CNNVD: CNNVD-201611-372

EXTERNAL IDS

db:	NVD	id:	CVE-2016-9279	Trust: 3.3
db:	BID	id:	94283	Trust: 2.5
db:	OPENWALL	id:	OSS-SECURITY/2016/11/11/11	Trust: 1.6
db:	OPENWALL	id:	OSS-SECURITY/2016/11/09/3	Trust: 1.6
db:	JVNDB	id:	JVNDB-2016-006970	Trust: 0.8
db:	CNVD	id:	CNVD-2016-11378	Trust: 0.6
db:	CNNVD	id:	CNNVD-201611-372	Trust: 0.6

sources: CNVD: CNVD-2016-11378 // BID: 94283 // JVNDB: JVNDB-2016-006970 // CNNVD: CNNVD-201611-372 // NVD: CVE-2016-9279

REFERENCES

url:	http://www.securityfocus.com/bid/94283	Trust: 2.2
url:	http://www.openwall.com/lists/oss-security/2016/11/11/11	Trust: 1.6
url:	http://security.samsungmobile.com/smrupdate.html#smr-nov-2016	Trust: 1.6
url:	http://www.openwall.com/lists/oss-security/2016/11/09/3	Trust: 1.6
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-9279	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-9279	Trust: 0.8
url:	http://www.samsung.com/	Trust: 0.3
url:	http://security.samsungmobile.com/smrupdate.html#smr-sep-2016	Trust: 0.3

sources: CNVD: CNVD-2016-11378 // BID: 94283 // JVNDB: JVNDB-2016-006970 // CNNVD: CNNVD-201611-372 // NVD: CVE-2016-9279

CREDITS

James Fang and Anthony LAOU HINE TSUEI of Tencent Keen Lab.

Trust: 0.9

sources: BID: 94283 // CNNVD: CNNVD-201611-372

SOURCES

db:	CNVD	id:	CNVD-2016-11378
db:	BID	id:	94283
db:	JVNDB	id:	JVNDB-2016-006970
db:	CNNVD	id:	CNNVD-201611-372
db:	NVD	id:	CVE-2016-9279

LAST UPDATE DATE

2024-11-23T22:52:33.943000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2016-11378	date:	2016-11-22T00:00:00
db:	BID	id:	94283	date:	2016-11-24T01:09:00
db:	JVNDB	id:	JVNDB-2016-006970	date:	2017-01-31T00:00:00
db:	CNNVD	id:	CNNVD-201611-372	date:	2017-01-19T00:00:00
db:	NVD	id:	CVE-2016-9279	date:	2024-11-21T03:00:54.257

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2016-11378	date:	2016-11-22T00:00:00
db:	BID	id:	94283	date:	2016-11-09T00:00:00
db:	JVNDB	id:	JVNDB-2016-006970	date:	2017-01-31T00:00:00
db:	CNNVD	id:	CNNVD-201611-372	date:	2016-11-18T00:00:00
db:	NVD	id:	CVE-2016-9279	date:	2017-01-18T17:59:01.263