oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE request - samsumg android phone msm_sensor_config function write some range kernel address with any value

From: cve-assign () mitre org
Date: Mon, 18 Apr 2016 12:12:41 -0400 (EDT)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256


            The v4l-subdev driver provides an ioctl system call
interface to user space clients for communication. When processing
this communication, the msm_sensor_config function uses the
user-supplied value gpio_config.gpio_name as an index to a buffer for
write operations without any boundary checks.

kernel/SM-G9008V_CHN_KK_Opensource/Kernel/drivers/media/platform/msm/camera_v2/sensor/msm_sensor.c

msm_sensor_config

             fix:
             http://security.samsungmobile.com/smrupdate.html#SMR-JAN-2016
             SVE-2015-4958: msm_sensor_config security issues



A vulnerability using without checking the boundary of buffers can
lead to memory corruption. The applied patch avoids an illegal access
to memory by checking the boundary.


Use CVE-2016-4038.

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJXFQcVAAoJEHb/MwWLVhi29+4QAJqIKrKg3nHrIRLo3As2XVYk
XRR2wf3C5QNOiUxF9O8GNmjY7AFsmKt7PiqRJ2wlHhz1zk/+eTuun3DTaGvE16Ni
ouaNJ+4CQExCOrXKaVfjvbIvg7eWKfh6BZpF0aimIF2I6YhDC8ndc9zT/1HZhwkM
u44A+HlJWuS9a0msUImOatTr3HKpE1bmaFDmUwH9GkhHYm/6juypbXLXVeeyKS+1
P7qyzF5pTl9ODwtY7zIu+wfL0x3oDkxg9Gi/JU1XIpfixxIeLmtp6UOFfE9+8Wgo
HR9hITU61KLtjd/db+5l24KyqpTOQkhOCfxi1tm1bX5EozlfCGReLQMBK6toloKL
isxDO1oUREc2gmoT2GXvMzqkqaVV5J5qZ69bKBX/Y2BPIZ+U7woVE7Ctdj0TTX1v
Y5cLdude4R02gqmIEopW0EgkAW34pU2izlur5V006O01HuKpywPwdNAEJbAcbcT8
fagMDmE+eQsyfjbrualJv/BfxlnmxMdhAzsUPzZbRVXnxGmwDlE/mtFvKsc1K4hc
KrFCurxRAGufI1nXXZT1YY6DRStFKts2gSxJJbYoip49T8f8B+cUfD7rdDyBLGjr
80f4dof6KZFXr9aoq6Dfn4c1+DtfSZUx59+nb8Dv1hK2cYQiP/ZfYFG3bPZ30jfu
2Ha3vXCFz5R/FR0vUywf
=pyJr
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: