PT-2017-7991 · Samsung · Samsung Kernel

Aristide Fattori

Published

2017-04-13

Updated

2017-04-25

CVE-2016-2036

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Samsung kernel for Android versions on SM-N9005 build N9005XXUGBOB6 and SM-G920F build G920FXXU2COH2

Description The issue concerns a NULL pointer dereference that can be triggered via a "GET HTTP/1.1" request. This is related to the getURL function in drivers/secfilter/urlparser.c in secfilter.

Recommendations For SM-N9005 build N9005XXUGBOB6, consider disabling the getURL function in drivers/secfilter/urlparser.c until a patch is available. For SM-G920F build G920FXXU2COH2, restrict access to the secfilter module to minimize the risk of exploitation.

Exploit

Fix

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476

Related Identifiers

CVE-2016-2036

Affected Products

Samsung Kernel

PT-2017-7991 · Samsung · Samsung Kernel

CVE-2016-2036

Weakness Enumeration

Related Identifiers

Affected Products

References · 3