Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Date: Thu, 8 Sep 2016 13:39:25 +0800
From: 0xr0ot <0xr0ot.sec@...il.com>
To: oss-security@...ts.openwall.com, fulldisclosure@...lists.org
Subject: Fwd: [scr231911] SVE-2016-6248: SystemUI Security issue

---------- Forwarded message ----------
From: <cve-request@...re.org>
Date: 2016-09-08 13:34 GMT+08:00
Subject: Re: [scr231911] SVE-2016-6248: SystemUI Security issue
To: 0xr0ot.sec@...il.com
Cc: cve-request@...re.org


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> The vulnerability exists due to a null pointer dereference on fimg2d
> driver. The patch verifies if the object is null before dereferencing
> it.
>
> ------------------------------------------
>
> [VulnerabilityType Other]
> Null Pointer Dereference
>
> ------------------------------------------
>
> [Affected Product Code Base]
> Samsung Mobile - L(5.0/5.1), M(6.0) devices with Exynos7420 chipset
>
> ------------------------------------------
>
> [Affected Component]
> SystemUI Security issue,L(5.0/5.1), M(6.0) devices with Exynos7420
> chipset
>
> ------------------------------------------
>
> [Attack Type]
> Local
>
> ------------------------------------------
>
> [Impact Denial of Service]
> true
>
> ------------------------------------------
>
> [Reference]
> http://security.samsungmobile.com/smrupdate.html#SMR-SEP-2016
>
> SVE-2016-6248: SystemUI Security issue

Use CVE-2016-7160.

- --
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJX0PgNAAoJEHb/MwWLVhi2paUP/0v/GUG5AWUFg6tUgN7g1i0O
uRypo3e1aM9OHq3BznGaqBKWUNcbOI8wqcddvQ/9OBNSGxWP393CzxA1qv49HdTd
q2Uz/5en+sapcNQLG397HCDqaYEo5XskPkMHhro/mhjKHrHPgXkLRjGZirjmOAdS
0BWAF75iLZKPG6MCIGFMdu5pGYSkGHPGVQ0gSDGaxRxQG77ZmdmfXRkHktGI0+LG
qL08nISmUddbvr/EhQyHo8mx+v1M2Bo0htOv/Xc2W4JUPKqopYJQpLjJ14eZwxbK
qPFPr+5nFJH/Vqv6DX19sxsczcykIch5RG7JiwZ4Zchm1RqPFEn14FWVeRW0RBv/
crl3+QYo3bEzBK8UNulLYhopJ3yHzoASbsbOuCSzIRshMdbV8sXadWfIZQajGNyp
4bCwcCZ3xdeGilrbXq2Q9ANvYFdmpO5Sp9FLSx6JpCOBfyO+fn812n/y8OskNLBl
3P0A570RcxcUUDMbeJj39jFj2M1aJTC4RzyjSKFnu8sjtUyhRwXMHUsstp76Y4VS
OdauchtnREtY3F7FxIXbP2ROZLKVdWvc/08QW2NoY/j/eLJChu1J3NNrHgTOgAI2
zRBV/kPt50oV06VJADf+Tw4jEdAAZFmgN5ZroWrGiYjNIc9eNt0tpuBPL+qhK7KC
GmNvf2YbCpAd6YInIhVp
=x9Z8
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.