PT-2017-3604 · Samsung · Samsung Mobile+1
Published
2017-09-22
·
Updated
2018-02-01
·
CVE-2017-18020
CVSS v3.1
8.4
High
| Vector | AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
Samsung Mobile devices with L(5.x) software
Samsung Mobile devices with M(6.x) software
Samsung Mobile devices with N(7.x) software
Description:
The issue exists due to insufficient input validation in the S Boot loader of the Samsung Mobile operating system. This allows an attacker to execute arbitrary code by exploiting the omission of a size check during the copy of ramfs data to memory.
Recommendations:
For Samsung Mobile devices with L(5.x) software, update to a version that includes the fix for this issue.
For Samsung Mobile devices with M(6.x) software, update to a version that includes the fix for this issue.
For Samsung Mobile devices with N(7.x) software, update to a version that includes the fix for this issue.
Fix
RCE
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Bootloader
Samsung Mobile