Date: Thu, 5 May 2016 21:11:44 +0800 (CST) From: Vinc3nt4H <pengdawei521@....com> To: "oss-security@...ts.openwall.com" <oss-security@...ts.openwall.com> Subject: CVE request - samsumg android phone TvoutService_C binder service DoS Hi, Description of the potential vulnerability: When a app send a evil data to com. TvoutService_C service by service command (Android system command) , can cause to TvoutService_C service crash. Steps to reproduce the issue: 1 A PC connect S6 device; 2 Input command: adb shell; 3 Android Input command: service call TvoutService_C 22 i32 1090056453 i32 1428574234 i32 836766018 i32 779588542 Affected versions: KK(4.4), L(5.0/5.1), M(6.0) Fix: http://security.samsungmobile.com/smrupdate.html#SMR-FEB-2016 SVE-2016-5134: TvoutService_C service DoS We report this to samsung, samsung reply to us if we want to get CVE request it by ourself. Best regards, Vinc3nt4H of Alibaba Mobile Security Team
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.