Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2012-6422

The kernel in Samsung Galaxy S2, Galaxy Note 2, MEIZU MX, and possibly other Android devices, when running an Exynos 4210 or 4412 processor, uses weak permissions (0666) for /dev/exynos-mem, which allows attackers to read or write arbitrary physical memory and gain privileges via a crafted application, as demonstrated by ExynosAbuse.

Published

2012-12-18T00:55:04.197

Last Modified

2025-04-11T00:51:21.963

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 9.3 (HIGH)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: COMPLETE
Integrity Impact: COMPLETE
Availability Impact: COMPLETE

Exploitability Score

8.6

Impact Score

10.0

Weaknesses

Type: Primary
CWE-264

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Hardware	meizu	mx	-	Yes
Hardware	samsung	galaxy_note_2	-	Yes
Hardware	samsung	galaxy_s2	-	Yes

References

http://arstechnica.com/security/2012/12/developer-warns-of-critical-vulnerability-in-many-samsung-smartphones/ ([email protected])
http://forum.xda-developers.com/showthread.php?p=35469999 Exploit ([email protected])
http://forum.xda-developers.com/showthread.php?t=2051290 ([email protected])
http://osvdb.org/88467 ([email protected])
http://project-voodoo.org/articles/instant-fix-app-for-exynos-mem-abuse-vulnerability-no-root-required-reversible ([email protected])
http://www.sammobile.com/2012/12/16/major-vulnerability-found-on-exynos-4-devices/ ([email protected])
http://www.securityweek.com/new-vulnerability-exposed-samsungs-android-devices ([email protected])
http://arstechnica.com/security/2012/12/developer-warns-of-critical-vulnerability-in-many-samsung-smartphones/ (af854a3a-2127-422b-91ae-364da2661108)
http://forum.xda-developers.com/showthread.php?p=35469999 Exploit (af854a3a-2127-422b-91ae-364da2661108)
http://forum.xda-developers.com/showthread.php?t=2051290 (af854a3a-2127-422b-91ae-364da2661108)
http://osvdb.org/88467 (af854a3a-2127-422b-91ae-364da2661108)
http://project-voodoo.org/articles/instant-fix-app-for-exynos-mem-abuse-vulnerability-no-root-required-reversible (af854a3a-2127-422b-91ae-364da2661108)
http://www.sammobile.com/2012/12/16/major-vulnerability-found-on-exynos-4-devices/ (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityweek.com/new-vulnerability-exposed-samsungs-android-devices (af854a3a-2127-422b-91ae-364da2661108)