CVE-2016-6604 - OpenCVE

NULL pointer dereference in Samsung Exynos fimg2d driver for Android L(5.0/5.1) and M(6.0) allows attackers to have unspecified impact via unknown vectors. The Samsung ID is SVE-2016-6382.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

AV:N/AC:L/Au:N/C:C/I:C/A:C

Vendors & Products
CPE Configurations

Vendors	Products
Google	Android
Samsung	Exynos Fimg2d

Configuration 1 [-]

AND

cpe:2.3:a:samsung:exynos_fimg2d:-:*:*:*:*:*:*:*

OR	cpe:2.3:o:google:android:5.0:::::::*
	cpe:2.3:o:google:android:5.0.1:::::::*
	cpe:2.3:o:google:android:5.0.2:::::::*
	cpe:2.3:o:google:android:5.1:::::::*
	cpe:2.3:o:google:android:5.1.0:::::::*
	cpe:2.3:o:google:android:5.1.1:::::::*
	cpe:2.3:o:google:android:6.0:::::::*
	cpe:2.3:o:google:android:6.0.1:::::::*

References

Link	Resource
http://security.samsungmobile.com/smrupdate.html#SMR-AUG-2016	Vendor Advisory
http://www.openwall.com/lists/oss-security/2016/08/05/3	Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/08/18/10	Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2017-01-30T22:00:00

Updated: 2020-04-07T14:26:14

Reserved: 2016-08-05T00:00:00

Link: CVE-2016-6604

JSON object: View

NVD Information

Status : Modified

Published: 2017-01-30T22:59:00.700

Modified: 2020-04-07T16:15:14.807

Link: CVE-2016-6604

JSON object: View

Redhat Information

No data.

CWE

CWE-476

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2016-08-05T00:00:00", "descriptions": [{"lang": "en", "value": "NULL pointer dereference in Samsung Exynos fimg2d driver for Android L(5.0/5.1) and M(6.0) allows attackers to have unspecified impact via unknown vectors. The Samsung ID is SVE-2016-6382."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-04-07T14:26:14", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://security.samsungmobile.com/smrupdate.html#SMR-AUG-2016"}, {"name": "[oss-security] 20160817 Re: CVE Request - Samsung Exynos fimg2d NULL Pointer Dereference", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2016/08/18/10"}, {"name": "[oss-security] 20160805 CVE Request - Samsung Exynos fimg2d NULL Pointer Dereference", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2016/08/05/3"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2016-6604", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "NULL pointer dereference in Samsung Exynos fimg2d driver for Android L(5.0/5.1) and M(6.0) allows attackers to have unspecified impact via unknown vectors. The Samsung ID is SVE-2016-6382."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://security.samsungmobile.com/smrupdate.html#SMR-AUG-2016", "refsource": "CONFIRM", "url": "http://security.samsungmobile.com/smrupdate.html#SMR-AUG-2016"}, {"name": "[oss-security] 20160817 Re: CVE Request - Samsung Exynos fimg2d NULL Pointer Dereference", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/08/18/10"}, {"name": "[oss-security] 20160805 CVE Request - Samsung Exynos fimg2d NULL Pointer Dereference", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2016/08/05/3"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2016-6604", "datePublished": "2017-01-30T22:00:00", "dateReserved": "2016-08-05T00:00:00", "dateUpdated": "2020-04-07T14:26:14", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:samsung:exynos_fimg2d:-:*:*:*:*:*:*:*", "matchCriteriaId": "387A48A2-82A6-4F0B-9A5C-3F7CF03B654F", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:google:android:5.0:*:*:*:*:*:*:*", "matchCriteriaId": "7C4E6353-B77A-464F-B7DE-932704003B33", "vulnerable": false}, {"criteria": "cpe:2.3:o:google:android:5.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "77125688-2CCA-4990-ABB2-551D47CB0CDD", "vulnerable": false}, {"criteria": "cpe:2.3:o:google:android:5.0.2:*:*:*:*:*:*:*", "matchCriteriaId": "E9915371-C730-41F7-B86E-7E4DE0DF5385", "vulnerable": false}, {"criteria": "cpe:2.3:o:google:android:5.1:*:*:*:*:*:*:*", "matchCriteriaId": "E7A8EC00-266C-409B-AD43-18E8DFCD6FE3", "vulnerable": false}, {"criteria": "cpe:2.3:o:google:android:5.1.0:*:*:*:*:*:*:*", "matchCriteriaId": "B846C63A-7261-481E-B4A4-0D8C79E0D8A7", "vulnerable": false}, {"criteria": "cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "B1D94CDD-DE7B-444E-A3AE-AE9C9A779374", "vulnerable": false}, {"criteria": "cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*", "matchCriteriaId": "E70C6D8D-C9C3-4D92-8DFC-71F59E068295", "vulnerable": false}, {"criteria": "cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "691FA41B-C2CE-413F-ABB1-0B22CB322807", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "NULL pointer dereference in Samsung Exynos fimg2d driver for Android L(5.0/5.1) and M(6.0) allows attackers to have unspecified impact via unknown vectors. The Samsung ID is SVE-2016-6382."}, {"lang": "es", "value": "La desreferencia de puntero NULL en el controlador Samsung Exynos fimg2d para Android L (5.0/5.1) y M(6.0) permite a los atacantes tener un impacto no especificado mediante vectores desconocidos. La ID de Samsung es SVE-2016-6382."}], "id": "CVE-2016-6604", "lastModified": "2020-04-07T16:15:14.807", "metrics": {"cvssMetricV2": [{"acInsufInfo": true, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-01-30T22:59:00.700", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://security.samsungmobile.com/smrupdate.html#SMR-AUG-2016"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2016/08/05/3"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2016/08/18/10"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "nvd@nist.gov", "type": "Primary"}]}