PT-2017-3604 · Samsung · Samsung Mobile+1
Publicado
2017-09-22
·
Atualizado
2018-02-01
·
CVE-2017-18020
CVSS v3.1
8.4
Alta
| Vetor | AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Samsung Mobile devices with L(5.x) software
Samsung Mobile devices with M(6.x) software
Samsung Mobile devices with N(7.x) software
Description:
The issue exists due to insufficient input validation in the S Boot loader of the Samsung Mobile operating system. This allows an attacker to execute arbitrary code by exploiting the omission of a size check during the copy of ramfs data to memory.
Recommendations:
For Samsung Mobile devices with L(5.x) software, update to a version that includes the fix for this issue.
For Samsung Mobile devices with M(6.x) software, update to a version that includes the fix for this issue.
For Samsung Mobile devices with N(7.x) software, update to a version that includes the fix for this issue.
Correção
RCE
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Bootloader
Samsung Mobile