Sign-up

ID

VAR-202002-0727


CVE

CVE-2015-7890


TITLE

Samsung S6 Edge Classic buffer overflow vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2015-008581

DESCRIPTION

Multiple buffer overflows in the esa_write function in /dev/seirenin the Exynos Seiren Audio driver, as used in Samsung S6 Edge, allow local users to cause a denial of service (memory corruption) via a large (1) buffer or (2) size parameter. Samsung S6 Edge Exists in a classic buffer overflow vulnerability.Service operation interruption (DoS) It may be put into a state. Samsung Sieren Kernel Driver is prone to a local buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. An attacker may exploit this issue to execute arbitrary code within the context of the application. Failed exploit attempts will likely cause denial-of-service conditions

Trust: 1.89

sources: NVD: CVE-2015-7890 // JVNDB: JVNDB-2015-008581 // BID: 77336

AFFECTED PRODUCTS

vendor:samsungmodel:galaxy s6 edgescope:eqversion: -

Trust: 1.0

vendor:samsungmodel:galaxy s6 edgescope:eqversion:1.16.00

Trust: 0.8

vendor:samsungmodel:seiren kernel driverscope:eqversion:0

Trust: 0.3

sources: BID: 77336 // JVNDB: JVNDB-2015-008581 // NVD: CVE-2015-7890

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2015-7890
value: MEDIUM

Trust: 1.0

NVD: JVNDB-2015-008581
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-201511-048
value: MEDIUM

Trust: 0.6

nvd@nist.gov: CVE-2015-7890
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: 3.9
impactScore: 6.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

NVD: JVNDB-2015-008581
severity: MEDIUM
baseScore: 4.9
vectorString: AV:L/AC:L/AU:N/C:N/I:N/A:C
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: COMPLETE
exploitabilityScore: NONE
impactScore: NONE
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.8

nvd@nist.gov: CVE-2015-7890
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: JVNDB-2015-008581
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: JVNDB: JVNDB-2015-008581 // CNNVD: CNNVD-201511-048 // NVD: CVE-2015-7890

PROBLEMTYPE DATA

problemtype:CWE-120

Trust: 1.8

sources: JVNDB: JVNDB-2015-008581 // NVD: CVE-2015-7890

THREAT TYPE

local

Trust: 0.9

sources: BID: 77336 // CNNVD: CNNVD-201511-048

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-201511-048

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2015-008581

PATCH
title:Top Pageurl:https://www.samsung.com/us/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2015-008581

EXTERNAL IDS
db:NVDid:CVE-2015-7890
Trust: 2.8
db:PACKETSTORMid:134106
Trust: 1.7
db:EXPLOIT-DBid:38556
Trust: 1.6
db:JVNDBid:JVNDB-2015-008581
Trust: 0.8
db:CNNVDid:CNNVD-201511-048
Trust: 0.6
db:BIDid:77336
Trust: 0.3
sources:
            
            
            BID: 77336 // 
            
            
            
            JVNDB: JVNDB-2015-008581 // 
            
            
            
            PACKETSTORM: 134106 // 
            
            
            
            CNNVD: CNNVD-201511-048 // 
            
            
            
            NVD: CVE-2015-7890

REFERENCES
url:http://packetstormsecurity.com/files/134106/samsung-seiren-kernel-driver-buffer-overflow.html
Trust: 1.6
url:https://code.google.com/p/google-security-research/issues/detail?id=491
Trust: 1.6
url:https://www.exploit-db.com/exploits/38556/
Trust: 1.6
url:https://nvd.nist.gov/vuln/detail/cve-2015-7890
Trust: 1.5
url:https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-7890
Trust: 0.8
url:https://bugs.chromium.org/p/project-zero/issues/detail?id=491&redir=1
Trust: 0.8
url:http://www.samsung.com/
Trust: 0.3
sources:
            
            
            BID: 77336 // 
            
            
            
            JVNDB: JVNDB-2015-008581 // 
            
            
            
            PACKETSTORM: 134106 // 
            
            
            
            CNNVD: CNNVD-201511-048 // 
            
            
            
            NVD: CVE-2015-7890

CREDITS
ianbeer
Trust: 0.9
sources:
            
            
            BID: 77336 // 
            
            
            
            CNNVD: CNNVD-201511-048

SOURCES
db:BIDid:77336
db:JVNDBid:JVNDB-2015-008581
db:PACKETSTORMid:134106
db:CNNVDid:CNNVD-201511-048
db:NVDid:CVE-2015-7890

LAST UPDATE DATE
2024-11-23T22:21:20.065000+00:00

SOURCES UPDATE DATE
db:BIDid:77336date:2015-10-28T00:00:00
db:JVNDBid:JVNDB-2015-008581date:2020-03-03T00:00:00
db:CNNVDid:CNNVD-201511-048date:2020-02-19T00:00:00
db:NVDid:CVE-2015-7890date:2024-11-21T02:37:36.820

SOURCES RELEASE DATE
db:BIDid:77336date:2015-10-28T00:00:00
db:JVNDBid:JVNDB-2015-008581date:2020-03-03T00:00:00
db:PACKETSTORMid:134106date:2015-10-28T00:03:40
db:CNNVDid:CNNVD-201511-048date:2015-10-28T00:00:00
db:NVDid:CVE-2015-7890date:2020-02-12T15:15:11.820