QwikSec

Security Database

CVE

CWE

Training

CVE-2012-6422

Published: Dec 18, 2012

Modified: Sep 16, 2024

PUBLISHED

Description

The kernel in Samsung Galaxy S2, Galaxy Note 2, MEIZU MX, and possibly other Android devices, when running an Exynos 4210 or 4412 processor, uses weak permissions (0666) for /dev/exynos-mem, which allows attackers to read or write arbitrary physical memory and gain privileges via a crafted application, as demonstrated by ExynosAbuse.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://www.securityweek.com/new-vulnerability-exposed-samsungs-android-devices

x_refsource_MISC

http://project-voodoo.org/articles/instant-fix-app-for-exynos-mem-abuse-vulnerability-no-root-required-reversible

x_refsource_MISC

http://forum.xda-developers.com/showthread.php?p=35469999

x_refsource_MISC

http://arstechnica.com/security/2012/12/developer-warns-of-critical-vulnerability-in-many-samsung-smartphones/

x_refsource_MISC

http://forum.xda-developers.com/showthread.php?t=2051290

x_refsource_MISC

http://www.sammobile.com/2012/12/16/major-vulnerability-found-on-exynos-4-devices/

x_refsource_MISC

vdb-entry

x_refsource_OSVDB

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.