Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Thu, 8 Sep 2016 13:39:25 +0800
From: 0xr0ot <0xr0ot.sec@...il.com>
To: oss-security@...ts.openwall.com, fulldisclosure@...lists.org
Subject: Fwd: [scr231911] SVE-2016-6248: SystemUI Security issue

---------- Forwarded message ----------
From: <cve-request@...re.org>
Date: 2016-09-08 13:34 GMT+08:00
Subject: Re: [scr231911] SVE-2016-6248: SystemUI Security issue
To: 0xr0ot.sec@...il.com
Cc: cve-request@...re.org


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> The vulnerability exists due to a null pointer dereference on fimg2d
> driver. The patch verifies if the object is null before dereferencing
> it.
>
> ------------------------------------------
>
> [VulnerabilityType Other]
> Null Pointer Dereference
>
> ------------------------------------------
>
> [Affected Product Code Base]
> Samsung Mobile - L(5.0/5.1), M(6.0) devices with Exynos7420 chipset
>
> ------------------------------------------
>
> [Affected Component]
> SystemUI Security issue,L(5.0/5.1), M(6.0) devices with Exynos7420
> chipset
>
> ------------------------------------------
>
> [Attack Type]
> Local
>
> ------------------------------------------
>
> [Impact Denial of Service]
> true
>
> ------------------------------------------
>
> [Reference]
> http://security.samsungmobile.com/smrupdate.html#SMR-SEP-2016
>
> SVE-2016-6248: SystemUI Security issue

Use CVE-2016-7160.

- --
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJX0PgNAAoJEHb/MwWLVhi2paUP/0v/GUG5AWUFg6tUgN7g1i0O
uRypo3e1aM9OHq3BznGaqBKWUNcbOI8wqcddvQ/9OBNSGxWP393CzxA1qv49HdTd
q2Uz/5en+sapcNQLG397HCDqaYEo5XskPkMHhro/mhjKHrHPgXkLRjGZirjmOAdS
0BWAF75iLZKPG6MCIGFMdu5pGYSkGHPGVQ0gSDGaxRxQG77ZmdmfXRkHktGI0+LG
qL08nISmUddbvr/EhQyHo8mx+v1M2Bo0htOv/Xc2W4JUPKqopYJQpLjJ14eZwxbK
qPFPr+5nFJH/Vqv6DX19sxsczcykIch5RG7JiwZ4Zchm1RqPFEn14FWVeRW0RBv/
crl3+QYo3bEzBK8UNulLYhopJ3yHzoASbsbOuCSzIRshMdbV8sXadWfIZQajGNyp
4bCwcCZ3xdeGilrbXq2Q9ANvYFdmpO5Sp9FLSx6JpCOBfyO+fn812n/y8OskNLBl
3P0A570RcxcUUDMbeJj39jFj2M1aJTC4RzyjSKFnu8sjtUyhRwXMHUsstp76Y4VS
OdauchtnREtY3F7FxIXbP2ROZLKVdWvc/08QW2NoY/j/eLJChu1J3NNrHgTOgAI2
zRBV/kPt50oV06VJADf+Tw4jEdAAZFmgN5ZroWrGiYjNIc9eNt0tpuBPL+qhK7KC
GmNvf2YbCpAd6YInIhVp
=x9Z8
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.