CVE-2015-7891 : Race condition in the ioctl implementation in the Samsung Graphics 2D driver (ak

Race condition in the ioctl implementation in the Samsung Graphics 2D driver (aka /dev/fimg2d) in Samsung devices with Android L(5.0/5.1) allows local users to trigger memory errors by leveraging definition of g2d_lock and g2d_unlock lock macros as no-ops, aka SVE-2015-4598.

Published 2017-08-02 19:29:01

Updated 2017-08-04 16:21:28

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2015-7891

Samsung » Samsung Mobile » Version: 5.0
cpe:2.3:o:samsung:samsung_mobile:5.0:*:*:*:*:*:*:*
Matching versions
Samsung » Samsung Mobile » Version: 5.1
cpe:2.3:o:samsung:samsung_mobile:5.1:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2015-7891

EPSS FAQ

0.17%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 35 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2015-7891

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
4.4	MEDIUM	AV:L/AC:M/Au:N/C:P/I:P/A:P	3.4	6.4	NIST
Access Vector: Local Access Complexity: Medium Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial
7.0	HIGH	CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H	1.0	5.9	NIST
Attack Vector: Local Attack Complexity: High Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2015-7891

CWE-362 Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition')

The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2015-7891

http://www.securityfocus.com/bid/77335

Samsung Fimg2d CVE-2015-7891 Local Race Condition Security Bypass Vulnerability
Third Party Advisory;VDB Entry
http://security.samsungmobile.com/smrupdate.html#SMR-OCT-2015

Error Message | SAMSUNG Mobile Security
Vendor Advisory
https://bugs.chromium.org/p/project-zero/issues/detail?id=492

492 - Samsung fimg2d FIMG2D_BITBLT_BLIT ioctl concurrency flaw - project-zero - Monorail
Issue Tracking;Third Party Advisory
http://packetstormsecurity.com/files/134107/Samsung-Fimg2d-FIMG2D_BITBLT_BLIT-Ioctl-Concurrency-Flaw.html

Samsung Fimg2d FIMG2D_BITBLT_BLIT Ioctl Concurrency Flaw ≈ Packet Storm
Exploit;Third Party Advisory;VDB Entry
https://www.exploit-db.com/exploits/38557/

Samsung fimg2d - FIMG2D_BITBLT_BLIT ioctl Concurrency Flaw
Exploit;Third Party Advisory;VDB Entry

Jump to

Vulnerability Details : CVE-2015-7891

Products affected by CVE-2015-7891

Exploit prediction scoring system (EPSS) score for CVE-2015-7891

CVSS scores for CVE-2015-7891

CWE ids for CVE-2015-7891

References for CVE-2015-7891