Mobile
CVEs (36)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2018-9139 | Cri | 0.64 | 9.8 | 0.02 | Mar 30, 2018 | On Samsung mobile devices with N(7.x) software, a buffer overflow in the vision service allows code execution in a privileged process via a large frame size, aka SVE-2017-11165. | ||
| CVE-2017-5538 | Cri | 0.64 | 9.8 | 0.03 | Mar 23, 2017 | The kbase_dispatch function in arm/t7xx/r5p0/mali_kbase_core_linux.c in the GPU driver on Samsung devices with M(6.0) and N(7.0) software and Exynos AP chipsets allows attackers to have unspecified impact via unknown vectors, which trigger an out-of-bounds read, aka… | ||
| CVE-2016-9967 | Cri | 0.64 | 9.8 | 0.02 | Dec 16, 2016 | Lack of appropriate exception handling in some receivers of the Telecom application on Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allows attackers to crash the system easily resulting in a possible DoS attack, or possibly gain privileges. The Samsung ID is… | ||
| CVE-2016-9966 | Cri | 0.64 | 9.8 | 0.02 | Dec 16, 2016 | Lack of appropriate exception handling in some receivers of the Telecom application on Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allows attackers to crash the system easily resulting in a possible DoS attack, or possibly gain privileges. The Samsung ID is… | ||
| CVE-2016-9965 | Cri | 0.64 | 9.8 | 0.02 | Dec 16, 2016 | Lack of appropriate exception handling in some receivers of the Telecom application on Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allows attackers to crash the system easily resulting in a possible DoS attack, or possibly gain privileges. The Samsung ID is… | ||
| CVE-2016-4038 | Hig | 0.51 | 7.8 | 0.00 | Feb 1, 2017 | Array index error in the msm_sensor_config function in kernel/SM-G9008V_CHN_KK_Opensource/Kernel/drivers/media/platform/msm/camera_v2/sensor/msm_sensor.c in Samsung devices with Android KK(4.4) or L and an APQ8084, MSM8974, or MSM8974pro chipset allows local users to have… | ||
| CVE-2016-6527 | Hig | 0.51 | 7.8 | 0.01 | Jan 18, 2017 | The SmartCall Activity component in Telecom application on Samsung Note device L(5.0/5.1) and M(6.0) allows attackers to cause a denial of service (crash and reboot) or possibly gain privileges via a malformed serializable object. | ||
| CVE-2016-6526 | Hig | 0.51 | 7.8 | 0.01 | Jan 18, 2017 | The SpamCall Activity component in Telecom application on Samsung Note device L(5.0/5.1) and M(6.0) allows attackers to cause a denial of service (crash and reboot) or possibly gain privileges via a malformed serializable object. | ||
| CVE-2015-7891 | Hig | 0.49 | 7.0 | 0.01 | Aug 2, 2017 | Race condition in the ioctl implementation in the Samsung Graphics 2D driver (aka /dev/fimg2d) in Samsung devices with Android L(5.0/5.1) allows local users to trigger memory errors by leveraging definition of g2d_lock and g2d_unlock lock macros as no-ops, aka SVE-2015-4598. | ||
| CVE-2017-7978 | Hig | 0.49 | 7.5 | 0.01 | Apr 19, 2017 | Samsung Android devices with L(5.0/5.1), M(6.0), and N(7.x) software allow attackers to obtain sensitive information by reading a world-readable log file after an unexpected reboot. The Samsung ID is SVE-2017-8290. | ||
| CVE-2016-4547 | Hig | 0.49 | 7.5 | 0.01 | Feb 13, 2017 | Samsung devices with Android KK(4.4), L(5.0/5.1), or M(6.0) allow attackers to cause a denial of service (system crash) via a crafted system call to TvoutService_C. | ||
| CVE-2017-5351 | Hig | 0.49 | 7.5 | 0.01 | Jan 12, 2017 | Samsung Note devices with KK(4.4), L(5.0/5.1), and M(6.0) software allow attackers to crash the system by creating an arbitrarily large number of active VR service threads. The Samsung ID is SVE-2016-7650. | ||
| CVE-2017-5350 | Hig | 0.49 | 7.5 | 0.01 | Jan 12, 2017 | Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allow attackers to crash systemUI by leveraging incomplete exception handling. The Samsung ID is SVE-2016-7122. | ||
| CVE-2016-9277 | Hig | 0.49 | 7.5 | 0.01 | Nov 11, 2016 | Integer overflow in SystemUI in KK(4.4) and L(5.0/5.1) on Samsung Note devices allows attackers to cause a denial of service (UI restart) via vectors involving APIs and an activity that computes an out-of-bounds array index, aka SVE-2016-6906. | ||
| CVE-2016-7160 | Hig | 0.49 | 7.5 | 0.01 | Nov 3, 2016 | A vulnerability on Samsung Mobile M(6.0) devices exists because external access to SystemUI activities is not properly restricted, leading to a SystemUI crash and device restart, aka SVE-2016-6248. | ||
| CVE-2015-7896 | Med | 0.46 | 6.5 | 0.07 | Aug 24, 2017 | LibQJpeg in the Samsung Galaxy S6 before the October 2015 MR allows remote attackers to cause a denial of service (memory corruption and SIGSEGV) via a crafted image file. | ||
| CVE-2015-7898 | Med | 0.39 | 5.5 | 0.01 | Jun 27, 2017 | Samsung Gallery in the Samsung Galaxy S6 allows local users to cause a denial of service (process crash). | ||
| CVE-2015-7895 | Med | 0.39 | 5.5 | 0.01 | Jun 27, 2017 | Samsung Gallery on the Samsung Galaxy S6 allows local users to cause a denial of service (process crash). | ||
| CVE-2016-4546 | Med | 0.36 | 5.5 | 0.00 | Feb 13, 2017 | Samsung devices with Android KK(4.4) or L(5.0/5.1) allow local users to cause a denial of service (IAndroidShm service crash) via crafted data in a service call. | ||
| CVE-2017-5217 | Med | 0.36 | 5.5 | 0.01 | Jan 9, 2017 | Installing a zero-permission Android application on certain Samsung Android devices with KK(4.4), L(5.0/5.1), and M(6.0) software can continually crash the system_server process in the Android OS. The zero-permission app will create an active install session for a separate app… |
- risk 0.64cvss 9.8epss 0.02
On Samsung mobile devices with N(7.x) software, a buffer overflow in the vision service allows code execution in a privileged process via a large frame size, aka SVE-2017-11165.
- risk 0.64cvss 9.8epss 0.03
The kbase_dispatch function in arm/t7xx/r5p0/mali_kbase_core_linux.c in the GPU driver on Samsung devices with M(6.0) and N(7.0) software and Exynos AP chipsets allows attackers to have unspecified impact via unknown vectors, which trigger an out-of-bounds read, aka…
- risk 0.64cvss 9.8epss 0.02
Lack of appropriate exception handling in some receivers of the Telecom application on Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allows attackers to crash the system easily resulting in a possible DoS attack, or possibly gain privileges. The Samsung ID is…
- risk 0.64cvss 9.8epss 0.02
Lack of appropriate exception handling in some receivers of the Telecom application on Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allows attackers to crash the system easily resulting in a possible DoS attack, or possibly gain privileges. The Samsung ID is…
- risk 0.64cvss 9.8epss 0.02
Lack of appropriate exception handling in some receivers of the Telecom application on Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allows attackers to crash the system easily resulting in a possible DoS attack, or possibly gain privileges. The Samsung ID is…
- risk 0.51cvss 7.8epss 0.00
Array index error in the msm_sensor_config function in kernel/SM-G9008V_CHN_KK_Opensource/Kernel/drivers/media/platform/msm/camera_v2/sensor/msm_sensor.c in Samsung devices with Android KK(4.4) or L and an APQ8084, MSM8974, or MSM8974pro chipset allows local users to have…
- risk 0.51cvss 7.8epss 0.01
The SmartCall Activity component in Telecom application on Samsung Note device L(5.0/5.1) and M(6.0) allows attackers to cause a denial of service (crash and reboot) or possibly gain privileges via a malformed serializable object.
- risk 0.51cvss 7.8epss 0.01
The SpamCall Activity component in Telecom application on Samsung Note device L(5.0/5.1) and M(6.0) allows attackers to cause a denial of service (crash and reboot) or possibly gain privileges via a malformed serializable object.
- risk 0.49cvss 7.0epss 0.01
Race condition in the ioctl implementation in the Samsung Graphics 2D driver (aka /dev/fimg2d) in Samsung devices with Android L(5.0/5.1) allows local users to trigger memory errors by leveraging definition of g2d_lock and g2d_unlock lock macros as no-ops, aka SVE-2015-4598.
- risk 0.49cvss 7.5epss 0.01
Samsung Android devices with L(5.0/5.1), M(6.0), and N(7.x) software allow attackers to obtain sensitive information by reading a world-readable log file after an unexpected reboot. The Samsung ID is SVE-2017-8290.
- risk 0.49cvss 7.5epss 0.01
Samsung devices with Android KK(4.4), L(5.0/5.1), or M(6.0) allow attackers to cause a denial of service (system crash) via a crafted system call to TvoutService_C.
- risk 0.49cvss 7.5epss 0.01
Samsung Note devices with KK(4.4), L(5.0/5.1), and M(6.0) software allow attackers to crash the system by creating an arbitrarily large number of active VR service threads. The Samsung ID is SVE-2016-7650.
- risk 0.49cvss 7.5epss 0.01
Samsung Note devices with L(5.0/5.1), M(6.0), and N(7.0) software allow attackers to crash systemUI by leveraging incomplete exception handling. The Samsung ID is SVE-2016-7122.
- risk 0.49cvss 7.5epss 0.01
Integer overflow in SystemUI in KK(4.4) and L(5.0/5.1) on Samsung Note devices allows attackers to cause a denial of service (UI restart) via vectors involving APIs and an activity that computes an out-of-bounds array index, aka SVE-2016-6906.
- risk 0.49cvss 7.5epss 0.01
A vulnerability on Samsung Mobile M(6.0) devices exists because external access to SystemUI activities is not properly restricted, leading to a SystemUI crash and device restart, aka SVE-2016-6248.
- risk 0.46cvss 6.5epss 0.07
LibQJpeg in the Samsung Galaxy S6 before the October 2015 MR allows remote attackers to cause a denial of service (memory corruption and SIGSEGV) via a crafted image file.
- risk 0.39cvss 5.5epss 0.01
Samsung Gallery in the Samsung Galaxy S6 allows local users to cause a denial of service (process crash).
- risk 0.39cvss 5.5epss 0.01
Samsung Gallery on the Samsung Galaxy S6 allows local users to cause a denial of service (process crash).
- risk 0.36cvss 5.5epss 0.00
Samsung devices with Android KK(4.4) or L(5.0/5.1) allow local users to cause a denial of service (IAndroidShm service crash) via crafted data in a service call.
- risk 0.36cvss 5.5epss 0.01
Installing a zero-permission Android application on certain Samsung Android devices with KK(4.4), L(5.0/5.1), and M(6.0) software can continually crash the system_server process in the Android OS. The zero-permission app will create an active install session for a separate app…
Page 1 of 2