Details of VAR-201702-0012

ID

VAR-201702-0012

CVE

CVE-2016-4038

TITLE

With certain Qualcomm chipsets Android Equipped with Samsung Device vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2016-007853

DESCRIPTION

Array index error in the msm_sensor_config function in kernel/SM-G9008V_CHN_KK_Opensource/Kernel/drivers/media/platform/msm/camera_v2/sensor/msm_sensor.c in Samsung devices with Android KK(4.4) or L and an APQ8084, MSM8974, or MSM8974pro chipset allows local users to have unspecified impact via the gpio_config.gpio_name value. Samsumgandroidphone is a series of mobile phones based on the Android platform developed by South Korea's Samsung. There is a memory corruption vulnerability in the smsm_sensor_config' function in the v4l-subdev driver of samsumgandroidphone. This vulnerability is caused by the failure to perform boundary checking when the program writes gpio_config.gpio_name as an index to the buffer. An attacker could exploit this vulnerability to cause memory corruption. Samsung is prone to a remote memory-corruption vulnerability. Attackers can exploit this issue to execute arbitrary code in the context of the user running the affected applications. Failed exploit attempts will likely cause a denial-of-service condition

Trust: 2.43

sources: NVD: CVE-2016-4038 // JVNDB: JVNDB-2016-007853 // CNVD: CNVD-2016-02627 // BID: 86366

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2016-02627

AFFECTED PRODUCTS

vendor:	samsung	model:	mobile	scope:	eq	version:	5.1	Trust: 1.6
vendor:	samsung	model:	mobile	scope:	eq	version:	4.4	Trust: 1.6
vendor:	samsung	model:	mobile	scope:	eq	version:	5.0	Trust: 1.6
vendor:	qualcomm	model:	apq8084	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	msm8974	scope:	-	version:	-	Trust: 0.8
vendor:	qualcomm	model:	msm8974pro	scope:	-	version:	-	Trust: 0.8
vendor:	samsung	model:	mobile	scope:	-	version:	-	Trust: 0.8
vendor:	samsung	model:	samsumg android phone	scope:	-	version:	-	Trust: 0.6

sources: CNVD: CNVD-2016-02627 // JVNDB: JVNDB-2016-007853 // CNNVD: CNNVD-201604-370 // NVD: CVE-2016-4038

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2016-4038
value:	HIGH
Trust: 1.0
NVD:	CVE-2016-4038
value:	HIGH
Trust: 0.8
CNVD:	CNVD-2016-02627
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201604-370
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2016-4038
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2016-02627
severity:	HIGH
baseScore:	9.3
vectorString:	AV:N/AC:M/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	8.6
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2016-4038
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2016-02627 // JVNDB: JVNDB-2016-007853 // CNNVD: CNNVD-201604-370 // NVD: CVE-2016-4038

PROBLEMTYPE DATA

problemtype:

CWE-20

Trust: 1.8

sources: JVNDB: JVNDB-2016-007853 // NVD: CVE-2016-4038

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-201604-370

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-201604-370

CONFIGURATIONS

sources: JVNDB: JVNDB-2016-007853

PATCH

title:	SVE-2015-4958: msm_sensor_config security issues	url:	http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2016	Trust: 0.8
title:	Samsumgandroidphonev4l-subdev driver memory corruption vulnerability patch	url:	https://www.cnvd.org.cn/patchInfo/show/74785	Trust: 0.6

sources: CNVD: CNVD-2016-02627 // JVNDB: JVNDB-2016-007853

EXTERNAL IDS

db:	NVD	id:	CVE-2016-4038	Trust: 3.3
db:	OPENWALL	id:	OSS-SECURITY/2016/04/18/8	Trust: 3.0
db:	OPENWALL	id:	OSS-SECURITY/2016/04/17/2	Trust: 1.6
db:	JVNDB	id:	JVNDB-2016-007853	Trust: 0.8
db:	CNVD	id:	CNVD-2016-02627	Trust: 0.6
db:	CNNVD	id:	CNNVD-201604-370	Trust: 0.6
db:	BID	id:	86366	Trust: 0.3

sources: CNVD: CNVD-2016-02627 // BID: 86366 // JVNDB: JVNDB-2016-007853 // CNNVD: CNNVD-201604-370 // NVD: CVE-2016-4038

REFERENCES

url:	http://www.openwall.com/lists/oss-security/2016/04/18/8	Trust: 3.0
url:	http://security.samsungmobile.com/smrupdate.html#smr-jan-2016	Trust: 1.6
url:	http://www.openwall.com/lists/oss-security/2016/04/17/2	Trust: 1.6
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2016-4038	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2016-4038	Trust: 0.8
url:	http://www.samsung.com/	Trust: 0.3

sources: CNVD: CNVD-2016-02627 // BID: 86366 // JVNDB: JVNDB-2016-007853 // CNNVD: CNNVD-201604-370 // NVD: CVE-2016-4038

CREDITS

Berry Cheng.

Trust: 0.3

sources: BID: 86366

SOURCES

db:	CNVD	id:	CNVD-2016-02627
db:	BID	id:	86366
db:	JVNDB	id:	JVNDB-2016-007853
db:	CNNVD	id:	CNNVD-201604-370
db:	NVD	id:	CVE-2016-4038

LAST UPDATE DATE

2024-11-23T22:49:09+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2016-02627	date:	2016-04-27T00:00:00
db:	BID	id:	86366	date:	2016-04-17T00:00:00
db:	JVNDB	id:	JVNDB-2016-007853	date:	2017-03-24T00:00:00
db:	CNNVD	id:	CNNVD-201604-370	date:	2017-02-06T00:00:00
db:	NVD	id:	CVE-2016-4038	date:	2024-11-21T02:51:12.880

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2016-02627	date:	2016-04-27T00:00:00
db:	BID	id:	86366	date:	2016-04-17T00:00:00
db:	JVNDB	id:	JVNDB-2016-007853	date:	2017-03-24T00:00:00
db:	CNNVD	id:	CNNVD-201604-370	date:	2016-04-19T00:00:00
db:	NVD	id:	CVE-2016-4038	date:	2017-02-01T15:59:00.223