CVE-2018-14745 - OpenCVE

Buffer overflow in prot_get_ring_space in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allows an attacker (who has obtained code execution on the Wi-Fi chip) to overwrite kernel memory due to improper validation of the ring buffer read pointer. The Samsung ID is SVE-2018-12029.

No CVSS v3.1

Attack Vector Adjacent Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Access Vector Adjacent Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:A/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Samsung	Galaxy S6 Firmware Galaxy S6

Configuration 1 [-]

AND

cpe:2.3:o:samsung:galaxy_s6_firmware:g920fxxu5eqh7:*:*:*:*:*:*:*

cpe:2.3:h:samsung:galaxy_s6:-:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/securesystemslab/periscope/blob/master/bugs-found/CVE-2018-14745.md	Exploit Third Party Advisory
https://pastebin.com/tmFrECnZ	Exploit Third Party Advisory
https://security.samsungmobile.com/securityUpdate.smsb	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2019-03-15T22:00:00

Updated: 2019-03-21T20:12:57

Reserved: 2018-07-29T00:00:00

Link: CVE-2018-14745

JSON object: View

NVD Information

Status : Analyzed

Published: 2019-03-21T16:00:20.890

Modified: 2019-04-01T14:00:08.520

Link: CVE-2018-14745

JSON object: View

Redhat Information

No data.

CWE

CWE-119

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2018-07-26T00:00:00", "descriptions": [{"lang": "en", "value": "Buffer overflow in prot_get_ring_space in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allows an attacker (who has obtained code execution on the Wi-Fi chip) to overwrite kernel memory due to improper validation of the ring buffer read pointer. The Samsung ID is SVE-2018-12029."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-03-21T20:12:57", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://pastebin.com/tmFrECnZ"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.samsungmobile.com/securityUpdate.smsb"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/securesystemslab/periscope/blob/master/bugs-found/CVE-2018-14745.md"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2018-14745", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Buffer overflow in prot_get_ring_space in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allows an attacker (who has obtained code execution on the Wi-Fi chip) to overwrite kernel memory due to improper validation of the ring buffer read pointer. The Samsung ID is SVE-2018-12029."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://pastebin.com/tmFrECnZ", "refsource": "MISC", "url": "https://pastebin.com/tmFrECnZ"}, {"name": "https://security.samsungmobile.com/securityUpdate.smsb", "refsource": "CONFIRM", "url": "https://security.samsungmobile.com/securityUpdate.smsb"}, {"name": "https://github.com/securesystemslab/periscope/blob/master/bugs-found/CVE-2018-14745.md", "refsource": "MISC", "url": "https://github.com/securesystemslab/periscope/blob/master/bugs-found/CVE-2018-14745.md"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2018-14745", "datePublished": "2019-03-15T22:00:00", "dateReserved": "2018-07-29T00:00:00", "dateUpdated": "2019-03-21T20:12:57", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:samsung:galaxy_s6_firmware:g920fxxu5eqh7:*:*:*:*:*:*:*", "matchCriteriaId": "AF74385F-4A92-4925-8C16-B23422A35E0E", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:h:samsung:galaxy_s6:-:*:*:*:*:*:*:*", "matchCriteriaId": "E9C84354-75A3-4E55-A2D0-C0783AF36B37", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Buffer overflow in prot_get_ring_space in the bcmdhd4358 Wi-Fi driver on the Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 allows an attacker (who has obtained code execution on the Wi-Fi chip) to overwrite kernel memory due to improper validation of the ring buffer read pointer. The Samsung ID is SVE-2018-12029."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer en prot_get_ring_space en el controlador Wi-Fi bcmdhd4358 en Samsung Galaxy S6 SM-G920F G920FXXU5EQH7 permite que un atacante (que ha obtenido la ejecuci\u00f3n de c\u00f3digo en el chip Wi-Fi) sobrescriba la memoria del kernel debido a la validaci\u00f3n incorrecta del puntero de lectura del anillo del b\u00fafer. El ID de Samsung es SVE-2018-12029."}], "id": "CVE-2018-14745", "lastModified": "2019-04-01T14:00:08.520", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "ADJACENT_NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:A/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 6.5, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-03-21T16:00:20.890", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/securesystemslab/periscope/blob/master/bugs-found/CVE-2018-14745.md"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://pastebin.com/tmFrECnZ"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://security.samsungmobile.com/securityUpdate.smsb"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}